Merge branch 'main' into feature/CCM-12963-E2ETests

Author: Namitha-Prabhu

.github/actions/build-oas-spec/action.yml

@@ -46,18 +46,24 @@ runs:
       run: npm ci
       shell: bash
 
-    - name: Build ${{ inputs.apimEnv }} oas
+    - name: Build OAS File
       working-directory: .
       env:
         APIM_ENV: ${{ inputs.apimEnv }}
       shell: bash
       run: |
         if [ ${{ env.APIM_ENV }} == "internal-dev-sandbox" ] && [ ${{ inputs.buildSandbox }} == true ]
         then
-          echo "Building sandbox OAS spec"
+          echo "Building JSON sandbox OAS spec"
           make build-json-oas-spec APIM_ENV=sandbox
+
+          echo "Building YML sandbox OAS spec"
+          make build-yml-oas-spec APIM_ENV=sandbox
         else
-          echo "Building env specific OAS spec"
+          echo "Building env specific JSON OAS spec"
+          make build-json-oas-spec APIM_ENV=${{ env.APIM_ENV }}
+
+          echo "Building env specific YML OAS spec"
           make build-yml-oas-spec APIM_ENV=${{ env.APIM_ENV }}
         fi
 

.github/actions/trivy-iac/action.yaml

@@ -8,7 +8,8 @@ runs:
       run: |
         components_exit_code=0
         modules_exit_code=0
-
+        asdf plugin add trivy || true
+        asdf install trivy || true
         ./scripts/terraform/trivy-scan.sh --mode iac ./infrastructure/terraform/components || components_exit_code=$?
         ./scripts/terraform/trivy-scan.sh --mode iac ./infrastructure/terraform/modules || modules_exit_code=$?
 

.github/actions/trivy-package/action.yaml

@@ -7,7 +7,8 @@ runs:
       shell: bash
       run: |
         exit_code=0
-
+        asdf plugin add trivy || true
+        asdf install trivy || true
         ./scripts/terraform/trivy-scan.sh --mode package . || exit_code=$?
 
         if [ $exit_code -ne 0 ]; then

.github/workflows/release_created.yaml

@@ -2,7 +2,14 @@ name: Github Release Created
 
 on:
   release:
-    types: ["published"] # Inherits all input defaults
+    types: ["released"] # Inherits all input defaults
+  workflow_dispatch:
+    inputs:
+      releaseVersion:
+        description: Release, tag, branch, or commit ID to be used for deployment
+        required: false
+        default: "main"
+        type: string
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -27,7 +34,7 @@ jobs:
           APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
         run: |
           bash .github/scripts/dispatch_internal_repo_workflow.sh \
-            --releaseVersion "${{ github.event.release.tag_name }}" \
+            --releaseVersion "${{ github.event.release.tag_name || inputs.releaseVersion }}" \
             --targetWorkflow "dispatch-deploy-static-notify-supplier-api-env.yaml" \
             --targetEnvironment "main" \
             --targetAccountGroup "nhs-notify-supplier-api-nonprod" \
@@ -58,5 +65,5 @@ jobs:
           environment: "main"
           apimEnv: "int"
           runId: "${{ github.run_id }}"
-          releaseVersion: "${{ github.event.release.tag_name }}"
+          releaseVersion: "${{ github.event.release.tag_name || inputs.releaseVersion }}"
           isRelease: true

.github/workflows/stage-1-commit.yaml

@@ -169,13 +169,6 @@ jobs:
         uses: actions/checkout@v4
       - name: "Setup ASDF"
         uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302
-      - name: "Repo setup"
-        uses: ./.github/actions/node-install
-        with:
-          node-version: ${{ inputs.nodejs_version }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: "Perform Setup"
-        uses: ./.github/actions/setup
       - name: "Trivy IaC Scan"
         uses: ./.github/actions/trivy-iac
   trivy-package:
@@ -191,13 +184,6 @@ jobs:
         uses: actions/checkout@v4
       - name: "Setup ASDF"
         uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302
-      - name: "Repo setup"
-        uses: ./.github/actions/node-install
-        with:
-          node-version: ${{ inputs.nodejs_version }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: "Perform Setup"
-        uses: ./.github/actions/setup
       - name: "Trivy Package Scan"
         uses: ./.github/actions/trivy-package
   count-lines-of-code:

.github/workflows/stage-2-test.yaml

@@ -75,6 +75,8 @@ jobs:
     name: "Unit tests"
     runs-on: ubuntu-latest
     timeout-minutes: 5
+    env:
+      NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
@@ -149,6 +151,8 @@ jobs:
     name: "Linting"
     runs-on: ubuntu-latest
     timeout-minutes: 5
+    env:
+      NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
@@ -180,6 +184,8 @@ jobs:
     name: "Typecheck"
     runs-on: ubuntu-latest
     timeout-minutes: 5
+    env:
+      NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5

docs/package.json

@@ -15,6 +15,7 @@
     "debug": "JEKYLL_ENV=development BUNDLE_GEMFILE=Gemfile bundle exec jekyll serve --config _config.yml,_config.dev.yml,_config.version.yml --limit_posts 100 --trace",
     "generate-includes": "./generate-includes.sh",
     "lint": "echo \"Documentation module has no code to lint\"",
+    "lint:fix": "echo \"Documentation module has no code to lint\"",
     "test:unit": "echo \"Documentation module has no unit tests\"",
     "typecheck": "echo \"Documentation module has no typescript to typecheck\""
   },

infrastructure/terraform/components/api/README.md

@@ -52,6 +52,7 @@ No requirements.
 | <a name="module_letter_status_updates_queue"></a> [letter\_status\_updates\_queue](#module\_letter\_status\_updates\_queue) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
 | <a name="module_letter_updates_transformer"></a> [letter\_updates\_transformer](#module\_letter\_updates\_transformer) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_logging_bucket"></a> [logging\_bucket](#module\_logging\_bucket) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-s3bucket.zip | n/a |
+| <a name="module_mi_updates_transformer"></a> [mi\_updates\_transformer](#module\_mi\_updates\_transformer) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip | n/a |
 | <a name="module_patch_letter"></a> [patch\_letter](#module\_patch\_letter) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_post_letters"></a> [post\_letters](#module\_post\_letters) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_post_mi"></a> [post\_mi](#module\_post\_mi) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |

infrastructure/terraform/components/api/event_source_mapping_mi_updates.tf

@@ -0,0 +1,11 @@
+resource "aws_lambda_event_source_mapping" "mi_updates_transformer_kinesis" {
+  event_source_arn                     = aws_kinesis_stream.mi_change_stream.arn
+  function_name                        = module.mi_updates_transformer.function_arn
+  starting_position                    = "LATEST"
+  batch_size                           = 10
+  maximum_batching_window_in_seconds   = 1
+
+  depends_on = [
+    module.mi_updates_transformer    # ensures updates transformer exists
+  ]
+}

infrastructure/terraform/components/api/kinesis_mi_change_stream.tf

@@ -0,0 +1,11 @@
+resource "aws_kinesis_stream" "mi_change_stream" {
+  name             = "${local.csi}-mi-change-stream"
+  shard_count      = 1
+  retention_period = 24
+}
+
+resource "aws_dynamodb_kinesis_streaming_destination" "mi_streaming_destination" {
+  stream_arn                               = aws_kinesis_stream.mi_change_stream.arn
+  table_name                               = aws_dynamodb_table.mi.name
+  approximate_creation_date_time_precision = "MILLISECOND"
+}