Invoke test from internal repo, so secrets are not in public repo

Author: stevebux

.github/actions/test-types.json

@@ -1,4 +1,5 @@
 [
   "component",
+  "e2e",
   "sandbox"
 ]

.github/scripts/dispatch_internal_repo_workflow.sh

@@ -6,7 +6,10 @@
 #   ./dispatch_internal_repo_workflow.sh \
 #     --infraRepoName <repo> \
 #     --releaseVersion <version> \
-#     --targetWorkflow <workflow.yaml> \
+#     --targ  echo "  targetDomain:         $targetDomain"
+  echo "  version:              $version"
+
+DISPATCH_EVENT=$(jq -ncM \rkflow <workflow.yaml> \
 #     --targetEnvironment <env> \
 #     --targetComponent <component> \
 #     --targetAccountGroup <group> \
@@ -17,7 +20,11 @@
 #     --overrideRoleName <name>
 
 #
-# All arguments are required except terraformAction, and internalRef.
+# Required arguments are:
+# infraRepoName, releaseVersion, targetWorkflow, targetEnvironment, targetComponent, targetAccountGroup.
+#
+# All other arguments are optional.
+#
 # Example:
 #   ./dispatch_internal_repo_workflow.sh \
 #     --infraRepoName "nhs-notify-web-template-management" \
@@ -30,7 +37,9 @@
 #     --internalRef "main" \
 #     --overrides "tf_var=someString" \
 #     --overrideProjectName nhs \
-#     --overrideRoleName nhs-service-iam-role
+#     --overrideRoleName nhs-service-iam-role \
+#     --extraSecretNames '["MY_API_KEY"]'
+
 
 set -e
 
@@ -104,6 +113,14 @@ while [[ $# -gt 0 ]]; do
       version="$2"
       shift 2
       ;;
+    --extraSecretNames) # JSON array of secret names to fetch in the internal repo (optional)
+      extraSecretNames="$2"
+      shift 2
+      ;;
+    --testsToRun) # JSON array of test types to run, overriding test-types.json (optional)
+      testsToRun="$2"
+      shift 2
+      ;;
     *)
     echo "[ERROR] Unknown argument: $1"
       exit 1
@@ -202,6 +219,14 @@ if [[ -z "$version" ]]; then
   version=""
 fi
 
+if [[ -z "$extraSecretNames" ]]; then
+  extraSecretNames=""
+fi
+
+if [[ -z "$testsToRun" ]]; then
+  testsToRun=""
+fi
+
 echo "==================== Workflow Dispatch Parameters ===================="
 echo "  infraRepoName:      $infraRepoName"
 echo "  releaseVersion:     $releaseVersion"
@@ -240,6 +265,8 @@ DISPATCH_EVENT=$(jq -ncM \
   --arg boundedContext "$boundedContext" \
   --arg targetDomain "$targetDomain" \
   --arg version "$version" \
+  --argjson extraSecretNames "${extraSecretNames:-null}" \
+  --argjson testsToRun "${testsToRun:-null}" \
   '{
     "ref": "'"$internalRef"'",
     "inputs": (
@@ -255,6 +282,8 @@ DISPATCH_EVENT=$(jq -ncM \
       (if $boundedContext != "" then { "boundedContext": $boundedContext } else {} end) +
       (if $targetDomain != "" then { "targetDomain": $targetDomain } else {} end) +
       (if $version != "" then { "version": $version } else {} end) +
+      (if $extraSecretNames != null then { "extraSecretNames": ($extraSecretNames | tojson) } else {} end) +
+      (if $testsToRun != null then { "testsToRun": ($testsToRun | tojson) } else {} end) +
       (if $targetAccountGroup != "" then { "targetAccountGroup": $targetAccountGroup } else {} end) +
       {
         "releaseVersion": $releaseVersion,

.github/workflows/stage-4-acceptance.yaml

@@ -66,6 +66,15 @@ jobs:
             echo "ENVIRONMENT=main" >> $GITHUB_ENV
           fi
 
+      - name: "Set tests to run"
+        shell: bash
+        run: |
+          if [ "${{ inputs.proxy_deployed }}" == "true" ]; then
+            echo 'TESTS_TO_RUN=["component","e2e","sandbox"]' >> $GITHUB_ENV
+          else
+            echo 'TESTS_TO_RUN=["component","sandbox"]' >> $GITHUB_ENV
+          fi
+
       - name: Trigger Acceptance Tests
         shell: bash
         env:
@@ -80,19 +89,6 @@ jobs:
             --overrideProjectName "nhs" \
             --targetEnvironment "$ENVIRONMENT" \
             --targetAccountGroup "nhs-notify-supplier-api-dev" \
-            --targetComponent "api"
-
-  run-e2e-tests:
-    name: Run End-to-End Tests
-    runs-on: ubuntu-latest
-    if: inputs.proxy_deployed == 'true'
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: "Run e2e tests"
-        uses: ./.github/actions/e2e-tests
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NON_PROD_API_KEY: ${{ secrets.NON_PROD_API_KEY }}
-          INTERNAL_DEV_TEST_PEM: ${{ secrets.INTERNAL_DEV_TEST_PEM }}
-          STATUS_ENDPOINT_API_KEY: ${{ secrets.STATUS_ENDPOINT_API_KEY }}
+            --targetComponent "api" \
+            --extraSecretNames '["INTERNAL_DEV_TEST_PEM","NON_PROD_API_KEY","STATUS_ENDPOINT_API_KEY"]' \
+            --testsToRun "$TESTS_TO_RUN"

Makefile

@@ -107,6 +107,8 @@ test-component:
 test-sandbox:
 	(cd tests && npm install && npm run test:sandbox)
 
+test-e2e: .internal-dev-test
+
 test-performance:
 	(cd tests && npm install && npm run test:performance)