CCM-14149: Letter Preview Placeholder

Author: jamesthompson26-nhs

infrastructure/terraform/components/app/module_letter_preview_renderer_lambda.tf

@@ -14,7 +14,7 @@ module "letter_preview_renderer_lambda" {
   kms_key_arn = module.kms.key_arn
 
   package_type           = "Image"
-  image_uri              = "${var.aws_account_id}.dkr.ecr.${var.region}.amazonaws.com/${var.letter_preview_renderer_ecr_repo}:main-${substr(var.commit_id, 0, 7)}"
+  image_uri              = "${var.aws_account_id}.dkr.ecr.${var.region}.amazonaws.com/${var.letter_preview_renderer_ecr_repo}:${local.csi}-latest"
   image_repository_names = [var.letter_preview_renderer_ecr_repo]
 
   memory  = 1024

infrastructure/terraform/components/app/pre.sh

@@ -13,6 +13,9 @@ npm run generate-dependencies --workspaces --if-present
 export AWS_REGION="${AWS_REGION:-${TF_VAR_region:-}}"
 export AWS_ACCOUNT_ID="${AWS_ACCOUNT_ID:-${TF_VAR_aws_account_id:-}}"
 export ECR_REPO="${ECR_REPO:-${TF_VAR_letter_preview_renderer_ecr_repo:-nhs-notify-main-acct}}"
+export CSI="${CSI:-${TF_VAR_project:-}-${TF_VAR_environment:-}-${TF_VAR_component:-}}"
+CSI="${CSI//_/}"
+export CSI
 
 npm run lambda-build --workspaces --if-present
 

infrastructure/terraform/components/sandbox/pre.sh

@@ -25,6 +25,13 @@ if [ "${ACTION}" == "apply" ]; then
 
     npm run generate-dependencies --workspaces --if-present
 
+    export AWS_REGION="${AWS_REGION:-${TF_VAR_region:-}}"
+    export AWS_ACCOUNT_ID="${AWS_ACCOUNT_ID:-${TF_VAR_aws_account_id:-}}"
+    export ECR_REPO="${ECR_REPO:-${TF_VAR_letter_preview_renderer_ecr_repo:-nhs-notify-main-acct}}"
+    export CSI="${CSI:-${TF_VAR_project:-}-${TF_VAR_environment:-}-${TF_VAR_component:-}}"
+    CSI="${CSI//_/}"
+    export CSI
+
     npm run lambda-build --workspaces --if-present
 
     lambdas/layers/pdfjs/build.sh

lambdas/letter-preview-renderer/docker.sh

@@ -10,6 +10,7 @@ set -euo pipefail
 : "${AWS_ACCOUNT_ID:?AWS_ACCOUNT_ID is required}"
 : "${AWS_REGION:?AWS_REGION is required}"
 : "${ECR_REPO:?ECR_REPO is required}"
+: "${CSI:?CSI is required}"
 
 # Authenticate Docker with AWS ECR using an ephemeral login token.
 aws ecr get-login-password --region "${AWS_REGION}" | docker login --username AWS --password-stdin "${AWS_ACCOUNT_ID}".dkr.ecr."${AWS_REGION}".amazonaws.com
@@ -19,16 +20,17 @@ if [ -n "${GHCR_LOGIN_USER:-}" ] && [ -n "${GHCR_LOGIN_TOKEN:-}" ]; then
   echo "${GHCR_LOGIN_TOKEN}" | docker login ghcr.io --username "${GHCR_LOGIN_USER}" --password-stdin
 fi
 
-# Resolve the image tag: prefer a GitHub tag, otherwise use main-<short-sha>.
+# Resolve git references for image tags.
 GIT_SHA=$(git rev-parse --short HEAD)
-if [ "${GITHUB_REF_TYPE:-}" = "tag" ] && [ -n "${GITHUB_REF_NAME:-}" ]; then
-  IMAGE_TAG="${GITHUB_REF_NAME}"
-else
-  IMAGE_TAG="main-${GIT_SHA}"
-fi
 
-# Compose the full ECR image reference.
-ECR_IMAGE="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${ECR_REPO}:${IMAGE_TAG}"
+# Namespace tags by CSI to avoid cross-environment collisions.
+IMAGE_TAG_LATEST="${CSI}-latest"
+IMAGE_TAG_COMMIT="${CSI}-${GIT_SHA}"
+
+# Compose the full ECR image references.
+ECR_REPO_URI="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${ECR_REPO}"
+ECR_IMAGE_LATEST="${ECR_REPO_URI}:${IMAGE_TAG_LATEST}"
+ECR_IMAGE_COMMIT="${ECR_REPO_URI}:${IMAGE_TAG_COMMIT}"
 
 # Allow an override for the base image used in the Docker build.
 BASE_IMAGE_ARG=${BASE_IMAGE:-ghcr.io/nhsdigital/nhs-notify/letter-renderer-node-22:latest}
@@ -37,8 +39,12 @@ BASE_IMAGE_ARG=${BASE_IMAGE:-ghcr.io/nhsdigital/nhs-notify/letter-renderer-node-
 docker build \
   -f docker/lambda/Dockerfile \
   --build-arg BASE_IMAGE="${BASE_IMAGE_ARG}" \
-  -t "${ECR_IMAGE}" \
+  -t "${ECR_IMAGE_LATEST}" \
   .
 
-# Push the image to ECR.
-docker push "${ECR_IMAGE}"
+# Apply additional tag containing the commit identifier.
+docker tag "${ECR_IMAGE_LATEST}" "${ECR_IMAGE_COMMIT}"
+
+# Push the image tags to ECR.
+docker push "${ECR_IMAGE_LATEST}"
+docker push "${ECR_IMAGE_COMMIT}"