NHSDigital
diff --git a/‎.github/actions/e2e-tests/action.yml‎
Lines changed: 22 additions & 0 deletions b/‎.github/actions/e2e-tests/action.yml‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎.github/workflows/cicd-1-pull-request.yaml‎
Lines changed: 23 additions & 0 deletions b/‎.github/workflows/cicd-1-pull-request.yaml‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎.github/workflows/stage-3-build.yaml‎
Lines changed: 12 additions & 5 deletions b/‎.github/workflows/stage-3-build.yaml‎
Lines changed: 12 additions & 5 deletions
diff --git a/‎.github/workflows/stage-4-acceptance.yaml‎
Lines changed: 21 additions & 0 deletions b/‎.github/workflows/stage-4-acceptance.yaml‎
Lines changed: 21 additions & 0 deletions
@@ -0,0 +1,22 @@
+name: E2E tests
+description: "Run end-to-end tests for this repo"
+
+runs:
+  using: "composite"
+
+  steps:
+    - name: Install poetry and e2e test dependencies
+      shell: bash
+      run: |
+        pipx install poetry
+        cd tests/e2e-tests && poetry install
+
+    - name: Run e2e tests
+      shell: bash
+      run: |
+        echo "$INTERNAL_DEV_TEST_PEM" > "${GITHUB_WORKSPACE}/internal-dev-test-1.pem"
+        chmod 600 "${GITHUB_WORKSPACE}/internal-dev-test-1.pem"
+        export PROXY_NAME=nhs-notify-supplier--internal-dev--nhs-notify-supplier
+        export API_ENVIRONMENT=internal-dev
+        export NON_PROD_PRIVATE_KEY="${GITHUB_WORKSPACE}/internal-dev-test-1.pem"
+        make .internal-dev-test
@@ -29,6 +29,7 @@ jobs:
       does_pull_request_exist: ${{ steps.pr_exists.outputs.does_pull_request_exist }}
       pr_number: ${{ steps.pr_exists.outputs.pr_number }}
       skip_trivy_package: ${{ steps.skip_trivy.outputs.skip_trivy_package }}
+      deploy_proxy: ${{ steps.deploy_proxy.outputs.deploy_proxy }}
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
@@ -87,6 +88,26 @@ jobs:
           else
             echo "skip_trivy_package=false" >> $GITHUB_OUTPUT
           fi
+      - name: "Determine if proxy should be deployed"
+        id: deploy_proxy
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ steps.pr_exists.outputs.pr_number }}
+        run: |
+          if [[ -z "$PR_NUMBER" ]]; then
+            echo "No pull request detected; proxy deployment will run."
+            echo "deploy_proxy=true" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          labels=$(gh pr view "$PR_NUMBER" --json labels --jq '.labels[].name')
+          echo "Labels on PR #$PR_NUMBER: $labels"
+
+          if echo "$labels" | grep -Fxq 'deploy-proxy'; then
+            echo "deploy_proxy=true" >> $GITHUB_OUTPUT
+          else
+            echo "deploy_proxy=false" >> $GITHUB_OUTPUT
+          fi
       - name: "List variables"
         run: |
           export BUILD_DATETIME_LONDON="${{ steps.variables.outputs.build_datetime_london }}"
@@ -141,6 +162,7 @@ jobs:
       terraform_version: "${{ needs.metadata.outputs.terraform_version }}"
       version: "${{ needs.metadata.outputs.version }}"
       pr_number: "${{ needs.metadata.outputs.pr_number }}"
+      deploy_proxy: "${{ needs.metadata.outputs.deploy_proxy }}"
     secrets: inherit
   acceptance-stage: # Recommended maximum execution time is 10 minutes
     name: "Acceptance stage"
@@ -156,6 +178,7 @@ jobs:
       terraform_version: "${{ needs.metadata.outputs.terraform_version }}"
       version: "${{ needs.metadata.outputs.version }}"
       pr_number: ${{ needs.metadata.outputs.pr_number }}
+      proxy_deployed: "${{ needs.metadata.outputs.deploy_proxy }}"
     secrets: inherit
   publish-stage: # Recommended maximum execution time is 10 minutes
     name: "Publish stage"
 
@@ -35,6 +35,10 @@ on:
         description: "PR Number if it exists"
         required: false
         type: string
+      deploy_proxy:
+        description: "True if the APIM proxy should be deployed"
+        required: true
+        type: string
 
 permissions:
   id-token: write # This is required for requesting the JWT
@@ -133,9 +137,13 @@ jobs:
   pr-create-dynamic-environment:
     name: Create Dynamic Environment
     runs-on: ubuntu-latest
-    if: inputs.pr_number != ''
+    outputs:
+      environment_name: ${{ steps.set-environment.outputs.environment_name }}
     steps:
       - uses: actions/checkout@v5
+      - name: Set environment name
+        id: set-environment
+        run: echo "environment_name=${{ inputs.pr_number != '' && format('pr{0}', inputs.pr_number) || 'main' }}" >> $GITHUB_OUTPUT
       - name: Trigger dynamic environment creation
         env:
           APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
@@ -148,7 +156,7 @@ jobs:
             --infraRepoName "$(echo ${{ github.repository }} | cut -d'/' -f2)" \
             --releaseVersion ${{ github.head_ref || github.ref_name }} \
             --targetWorkflow "dispatch-deploy-dynamic-env.yaml" \
-            --targetEnvironment "pr${PR_NUMBER}" \
+            --targetEnvironment "${{ steps.set-environment.outputs.environment_name }}" \
             --targetComponent "api" \
             --targetAccountGroup "nhs-notify-supplier-api-dev" \
             --terraformAction "apply" \
@@ -157,12 +165,11 @@ jobs:
   artefact-proxies:
     name: "Build proxies"
     runs-on: ubuntu-latest
-    if: inputs.pr_number != ''
+    if: inputs.deploy_proxy == 'true'
     needs: [artefact-oas-spec-sandbox, pr-create-dynamic-environment]
     timeout-minutes: 10
     env:
       PROXYGEN_API_NAME: nhs-notify-supplier
-      PR_NUMBER: ${{ inputs.pr_number }}
       APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
       APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
     steps:
@@ -172,7 +179,7 @@ jobs:
         uses: ./.github/actions/build-proxies
         with:
           version: "${{ inputs.version }}"
-          environment: ${{ inputs.pr_number != '' && format('pr{0}', inputs.pr_number) || 'main' }}
+          environment: ${{ needs.pr-create-dynamic-environment.outputs.environment_name }}
           apimEnv: "internal-dev-sandbox"
           runId: "${{ github.run_id }}"
           buildSandbox: true
 
@@ -34,6 +34,10 @@ on:
       pr_number:
         required: true
         type: string
+      proxy_deployed:
+        description: "True if the APIM proxy was deployed"
+        required: true
+        type: string
 
 permissions:
   id-token: write
@@ -77,3 +81,20 @@ jobs:
             --targetEnvironment "$ENVIRONMENT" \
             --targetAccountGroup "nhs-notify-supplier-api-dev" \
             --targetComponent "api"
+
+  run-e2e-tests:
+    name: Run End-to-End Tests
+    runs-on: ubuntu-latest
+    if: inputs.proxy_deployed == 'true'
+    steps:
+      - uses: actions/checkout@v5.0.0
+
+      - name: "Run e2e tests"
+        #uses: ./.github/actions/e2e-tests
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NON_PROD_API_KEY: ${{ secrets.NON_PROD_API_KEY }}
+          INTERNAL_DEV_TEST_PEM: ${{ secrets.INTERNAL_DEV_TEST_PEM }}
+        shell: bash
+        run: |
+          echo "E2E tests are currently disabled. See CCM-14778"