Re-enable end-to-end tests, sourcing status endpoint from github secret, rather than fetching from APIM

Author: stevebux

.env.template

@@ -18,6 +18,7 @@ PROXY_NAME=
 export NON_PROD_API_KEY=xxx
 export INTEGRATION_API_KEY=xxx
 export PRODUCTION_API_KEY=xxx
+export STATUS_ENDPOINT_API_KEY=xxx
 
 # Private Keys
 # ============

.github/actions/acceptance-tests-component/action.yml

@@ -0,0 +1,43 @@
+name: Acceptance tests - component
+description: "Run component acceptance tests for this repo"
+
+inputs:
+  testType:
+    description: Type of test to run
+    required: true
+
+  targetEnvironment:
+    description: Name of the environment under test
+    required: true
+
+  targetComponent:
+    description: Name of the component under test
+    required: true
+
+runs:
+  using: "composite"
+
+  steps:
+
+    - name: Repo setup
+      uses: ./.github/actions/node-install
+      with:
+        GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}
+
+    - name: Fetch terraform output
+      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
+      with:
+        name: terraform-output-${{ inputs.targetComponent }}
+
+    - name: Get Node version
+      id: nodejs_version
+      shell: bash
+      run: |
+        echo "nodejs_version=$(grep "^nodejs\s" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
+
+    - name: Run test - ${{ inputs.testType }}
+      shell: bash
+      env:
+        TARGET_ENVIRONMENT: ${{ inputs.targetEnvironment }}
+      run: |
+        make test-${{ inputs.testType }}

.github/actions/acceptance-tests-e2e/action.yml

@@ -0,0 +1,84 @@
+name: Acceptance tests - e2e
+description: "Run e2e acceptance tests for this repo"
+
+inputs:
+  targetEnvironment:
+    description: Name of the environment under test
+    required: true
+
+runs:
+  using: "composite"
+
+  steps:
+    - name: "Set PR NUMBER"
+      id: set_pr_number
+      shell: bash
+      run: |
+        env="${{ inputs.targetEnvironment }}"
+        if [[ "$env" == main ]]; then
+          echo "pr_number=" >> $GITHUB_OUTPUT
+        elif [[ "$env" == pr* ]]; then
+          echo "pr_number=${env#pr}" >> $GITHUB_OUTPUT
+        else
+          echo "pr_number=$env" >> $GITHUB_OUTPUT
+        fi
+
+    - name: Determine if proxy has been deployed
+      id: check_proxy_deployed
+      env:
+        GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}
+        PR_NUMBER: ${{ steps.set_pr_number.outputs.pr_number }}
+      shell: bash
+      run: |
+        if [[ -z "$PR_NUMBER" ]]; then
+          echo "No pull request detected; proxy was deployed."
+          echo "proxy_deployed=true" >> $GITHUB_OUTPUT
+          exit 0
+        fi
+
+        branch_name=${GITHUB_HEAD_REF:-$(echo $GITHUB_REF | sed 's#refs/heads/##')}
+
+        labels=$(gh pr view "$PR_NUMBER" --json labels --jq '.labels[].name')
+        echo "Labels on PR #$PR_NUMBER: $labels"
+
+        if echo "$labels" | grep -Fxq 'deploy-proxy'; then
+          echo "proxy_deployed=true" >> $GITHUB_OUTPUT
+        else
+          echo "proxy_deployed=false" >> $GITHUB_OUTPUT
+        fi
+
+    - name: Repo setup
+      if: ${{ steps.check_proxy_deployed.outputs.proxy_deployed == 'true' }}
+      uses: ./.github/actions/node-install
+      with:
+        GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}
+
+    - name: Install poetry and e2e test dependencies
+      shell: bash
+      run: |
+        pipx install poetry
+        cd tests/e2e-tests && poetry install
+
+    - name: Run tests
+      if: ${{ steps.check_proxy_deployed.outputs.proxy_deployed == 'true' }}
+      shell: bash
+      env:
+        TARGET_ENVIRONMENT: ${{ inputs.targetEnvironment }}
+        PR_NUMBER: ${{ steps.set_pr_number.outputs.pr_number }}
+      run: |
+        echo "$SUPPLIER_API_PRIVATE_KEY" > "${GITHUB_WORKSPACE}/internal-dev-test-1.pem"
+        chmod 600 "${GITHUB_WORKSPACE}/internal-dev-test-1.pem"
+        BASE_PROXY_NAME=nhs-notify-supplier--internal-dev--nhs-notify-supplier
+
+        export API_ENVIRONMENT=internal-dev
+        if [[ -z "$PR_NUMBER" ]]; then
+          export PROXY_NAME="${BASE_PROXY_NAME}"
+          export NON_PROD_API_KEY="${SUPPLIER_API_APIM_API_KEY}"
+        else
+          export PROXY_NAME="${BASE_PROXY_NAME}-PR-${PR_NUMBER}"
+          export NON_PROD_API_KEY="${SUPPLIER_API_APIM_PR_API_KEY}"
+        fi
+
+        export STATUS_ENDPOINT_API_KEY="${SUPPLIER_API_APIM_STATUS_API_KEY}"
+        export NON_PROD_PRIVATE_KEY="${GITHUB_WORKSPACE}/internal-dev-test-1.pem"
+        make .internal-dev-test

.github/actions/acceptance-tests/action.yml

@@ -23,28 +23,17 @@ runs:
   using: "composite"
 
   steps:
-    - name: Fetch terraform output
-      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
-      with:
-        name: terraform-output-${{ inputs.targetComponent }}
-
-    - name: Get Node version
-      id: nodejs_version
-      shell: bash
-      run: |
-        echo "nodejs_version=$(grep "^nodejs\s" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
 
-    - name: "Repo setup"
-      uses: ./.github/actions/node-install
+    - name: Run component tests
+      if: ${{ inputs.testType != 'e2e' }}
+      uses: ./.github/actions/acceptance-tests-component
       with:
-        GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}
+        testType: ${{ inputs.testType }}
+        targetEnvironment: ${{ inputs.targetEnvironment }}
+        targetComponent: ${{ inputs.targetComponent }}
 
-    - name: "Set PR NUMBER"
-      shell: bash
-      run: |
-          echo "PR_NUMBER=${{ inputs.targetEnvironment }}" >> $GITHUB_ENV
-
-    - name: Run test - ${{ inputs.testType }}
-      shell: bash
-      run: |
-        make test-${{ inputs.testType }}
+    - name: Run e2e tests
+      if: ${{ inputs.testType == 'e2e' && inputs.targetEnvironment == 'main' }}
+      uses: ./.github/actions/acceptance-tests-e2e
+      with:
+        targetEnvironment: ${{ inputs.targetEnvironment }}

.github/actions/e2e-tests/action.yml

@@ -1,4 +1,5 @@
 [
   "component",
+  "e2e",
   "sandbox"
 ]

.github/actions/test-types.json

@@ -17,7 +17,11 @@
 #     --overrideRoleName <name>
 
 #
-# All arguments are required except terraformAction, and internalRef.
+# Required arguments are:
+# infraRepoName, releaseVersion, targetWorkflow, targetEnvironment, targetComponent, targetAccountGroup.
+#
+# All other arguments are optional.
+#
 # Example:
 #   ./dispatch_internal_repo_workflow.sh \
 #     --infraRepoName "nhs-notify-web-template-management" \
@@ -30,7 +34,9 @@
 #     --internalRef "main" \
 #     --overrides "tf_var=someString" \
 #     --overrideProjectName nhs \
-#     --overrideRoleName nhs-service-iam-role
+#     --overrideRoleName nhs-service-iam-role \
+#     --extraSecretNames '["MY_API_KEY"]'
+
 
 set -e
 
@@ -104,6 +110,10 @@ while [[ $# -gt 0 ]]; do
       version="$2"
       shift 2
       ;;
+    --extraSecretNames) # JSON array of secret names to fetch in the internal repo (optional)
+      extraSecretNames="$2"
+      shift 2
+      ;;
     *)
     echo "[ERROR] Unknown argument: $1"
       exit 1
@@ -202,6 +212,10 @@ if [[ -z "$version" ]]; then
   version=""
 fi
 
+if [[ -z "$extraSecretNames" ]]; then
+  extraSecretNames=""
+fi
+
 echo "==================== Workflow Dispatch Parameters ===================="
 echo "  infraRepoName:      $infraRepoName"
 echo "  releaseVersion:     $releaseVersion"
@@ -240,6 +254,7 @@ DISPATCH_EVENT=$(jq -ncM \
   --arg boundedContext "$boundedContext" \
   --arg targetDomain "$targetDomain" \
   --arg version "$version" \
+  --argjson extraSecretNames "${extraSecretNames:-null}" \
   '{
     "ref": "'"$internalRef"'",
     "inputs": (
@@ -255,6 +270,7 @@ DISPATCH_EVENT=$(jq -ncM \
       (if $boundedContext != "" then { "boundedContext": $boundedContext } else {} end) +
       (if $targetDomain != "" then { "targetDomain": $targetDomain } else {} end) +
       (if $version != "" then { "version": $version } else {} end) +
+      (if $extraSecretNames != null then { "extraSecretNames": ($extraSecretNames | tojson) } else {} end) +
       (if $targetAccountGroup != "" then { "targetAccountGroup": $targetAccountGroup } else {} end) +
       {
         "releaseVersion": $releaseVersion,

.github/scripts/dispatch_internal_repo_workflow.sh

@@ -59,8 +59,8 @@ jobs:
           version: "${{ inputs.version }}"
           NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-  artefact-oas-spec:
-    name: "Build OAS spec (${{ matrix.apimEnv }})"
+  artefact-oas-spec-main:
+    name: "Build OAS spec for main"
     if: (github.event_name == 'push' && github.ref == 'refs/heads/main')
     runs-on: ubuntu-latest
     needs: [artefact-jekyll-docs]
@@ -80,6 +80,24 @@ jobs:
           nodejs_version: ${{ inputs.nodejs_version }}
           NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+  artefact-oas-spec-pr:
+    name: "Build OAS spec for PR"
+    if: (inputs.pr_number != '')
+    runs-on: ubuntu-latest
+    needs: [artefact-jekyll-docs]
+    timeout-minutes: 10
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
+      - name: "Build OAS spec"
+        uses: ./.github/actions/build-oas-spec
+        with:
+          version: "${{ inputs.version }}"
+          apimEnv: internal-dev-pr
+          buildSandbox: false
+          nodejs_version: ${{ inputs.nodejs_version }}
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
   artefact-oas-spec-sandbox:
     name: "Build OAS spec for sandbox"
     runs-on: ubuntu-latest
@@ -97,9 +115,18 @@ jobs:
           nodejs_version: ${{ inputs.nodejs_version }}
           NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+  artefact-oas-spec:
+    name: "OAS spec ready"
+    runs-on: ubuntu-latest
+    needs: [artefact-oas-spec-pr, artefact-oas-spec-main]
+    if: always() && !failure()
+    steps:
+      - run: echo "OAS spec build complete"
+
   artefact-sdks:
     name: "Build SDKs"
     runs-on: ubuntu-latest
+    if: always() && !failure()
     needs: [artefact-oas-spec]
     timeout-minutes: 10
     steps:
@@ -165,8 +192,8 @@ jobs:
   artefact-proxies:
     name: "Build proxies"
     runs-on: ubuntu-latest
-    if: inputs.deploy_proxy == 'true'
-    needs: [artefact-oas-spec-sandbox, pr-create-dynamic-environment]
+    if: always() && !failure() && inputs.deploy_proxy == 'true'
+    needs: [artefact-oas-spec, pr-create-dynamic-environment]
     timeout-minutes: 10
     env:
       PROXYGEN_API_NAME: nhs-notify-supplier
@@ -180,7 +207,7 @@ jobs:
         with:
           version: "${{ inputs.version }}"
           environment: ${{ needs.pr-create-dynamic-environment.outputs.environment_name }}
-          apimEnv: "internal-dev-sandbox"
+          apimEnv: "${{ inputs.pr_number == '' && 'internal-dev' || 'internal-dev-pr' }}"
           runId: "${{ github.run_id }}"
           buildSandbox: true
           releaseVersion: ${{ github.head_ref || github.ref_name }}

.github/workflows/stage-3-build.yaml

@@ -80,21 +80,5 @@ jobs:
             --overrideProjectName "nhs" \
             --targetEnvironment "$ENVIRONMENT" \
             --targetAccountGroup "nhs-notify-supplier-api-dev" \
-            --targetComponent "api"
-
-  run-e2e-tests:
-    name: Run End-to-End Tests
-    runs-on: ubuntu-latest
-    if: inputs.proxy_deployed == 'true'
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: "Run e2e tests"
-        #uses: ./.github/actions/e2e-tests
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NON_PROD_API_KEY: ${{ secrets.NON_PROD_API_KEY }}
-          INTERNAL_DEV_TEST_PEM: ${{ secrets.INTERNAL_DEV_TEST_PEM }}
-        shell: bash
-        run: |
-          echo "E2E tests are currently disabled. See CCM-14778"
+            --targetComponent "api" \
+            --extraSecretNames '["SUPPLIER_API_PRIVATE_KEY","SUPPLIER_API_APIM_API_KEY","SUPPLIER_API_APIM_PR_API_KEY", "SUPPLIER_API_APIM_STATUS_API_KEY"]'

.github/workflows/stage-4-acceptance.yaml

@@ -25,3 +25,9 @@ debc75a97cfe551a69fd1e8694be483213322a9d:pact-contracts/pacts/letter-rendering/s
 4fa1923947bbff2387218d698d766cbb7c121a0f:pact-contracts/pacts/letter-rendering/supplier-api-letter-request-prepared.json:generic-api-key:10
 d005112adcfd286c3bef076214836dbb2fe8d0b5:.npmrc:npm-access-token:9
 d005112adcfd286c3bef076214836dbb2fe8d0b5:.npmrc:github-pat:7
+ff889d4c3f29da4468ecf1f05f467fe84d35b2a1:lambdas/supplier-mock/.aws-sam/build/SupplierMockFunction/index.js.map:ipv4:4
+ff889d4c3f29da4468ecf1f05f467fe84d35b2a1:lambdas/supplier-mock/.aws-sam/build/SupplierMockFunction/index.js:ipv4:63
+ff889d4c3f29da4468ecf1f05f467fe84d35b2a1:lambdas/supplier-mock/.aws-sam/build/SupplierMockFunction/index.js:ipv4:62
+ff889d4c3f29da4468ecf1f05f467fe84d35b2a1:lambdas/supplier-mock/.aws-sam/build/SupplierMockFunction/index.js:ipv4:60
+ff889d4c3f29da4468ecf1f05f467fe84d35b2a1:lambdas/supplier-mock/.aws-sam/build/SupplierMockFunction/index.js:ipv4:59
+ff889d4c3f29da4468ecf1f05f467fe84d35b2a1:lambdas/supplier-mock/.aws-sam/build/SupplierMockFunction/index.js:ipv4:24