From 6698295d636f9238ecaa8e46f890ae04c3e9c390 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 18 Mar 2026 17:47:22 +0000 Subject: [PATCH] use newer workflow --- .github/actions/mark_jira_released/action.yml | 26 ------ .../actions/update_confluence_jira/action.yml | 89 ------------------- .github/scripts/call_mark_jira_released.sh | 14 --- .github/scripts/create_env_release_notes.sh | 18 ---- .../scripts/create_int_rc_release_notes.sh | 20 ----- .github/scripts/get_current_dev_tag.sh | 5 -- .github/scripts/get_target_deployed_tag.sh | 11 --- .github/workflows/ci.yml | 7 +- .github/workflows/pull_request.yml | 5 +- .github/workflows/release.yml | 17 ++-- .github/workflows/sam_release_code.yml | 53 ----------- 11 files changed, 17 insertions(+), 248 deletions(-) delete mode 100644 .github/actions/mark_jira_released/action.yml delete mode 100644 .github/actions/update_confluence_jira/action.yml delete mode 100755 .github/scripts/call_mark_jira_released.sh delete mode 100755 .github/scripts/create_env_release_notes.sh delete mode 100755 .github/scripts/create_int_rc_release_notes.sh delete mode 100755 .github/scripts/get_current_dev_tag.sh delete mode 100755 .github/scripts/get_target_deployed_tag.sh diff --git a/.github/actions/mark_jira_released/action.yml b/.github/actions/mark_jira_released/action.yml deleted file mode 100644 index c2f43ab3..00000000 --- a/.github/actions/mark_jira_released/action.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: "Create confluence release notes" -description: "Do release note actions in confluence and jira" -inputs: - RELEASE_TAG: - required: false - description: "The tag we are marking as released in jira" - DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: - required: true - description: "The role to assume to execute the release notes lambda" - -runs: - using: "composite" - steps: - - name: connect to dev account - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 - with: - aws-region: eu-west-2 - role-to-assume: ${{ inputs.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} - role-session-name: fhir-validator-lambda-release-notes-run-lambda - - - name: call markJiraReleased lambda - shell: bash - working-directory: .github/scripts - env: - RELEASE_TAG: ${{ inputs.RELEASE_TAG }} - run: ./call_mark_jira_released.sh diff --git a/.github/actions/update_confluence_jira/action.yml b/.github/actions/update_confluence_jira/action.yml deleted file mode 100644 index 41018125..00000000 --- a/.github/actions/update_confluence_jira/action.yml +++ /dev/null @@ -1,89 +0,0 @@ -name: "Create confluence release notes" -description: "Do release note actions in confluence and jira" -inputs: - TARGET_ENVIRONMENT: - required: true - description: "Target Environment" - RELEASE_TAG: - required: false - description: "The tag we are releasing - only used for create_rc_release_notes" - CONFLUENCE_PAGE_ID: - required: true - description: "The id of confluence page to update or create under" - CREATE_RC_RELEASE_NOTES: - required: true - description: "whether to create rc release notes page instead of normal release notes" - default: "false" - DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: - required: true - description: "The role to assume to execute the release notes lambda" - DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: - required: true - description: "The dev cloud formation deploy role" - TARGET_CLOUD_FORMATION_CHECK_VERSION_ROLE: - required: true - description: "The target cloud formation deploy role" - -runs: - using: "composite" - steps: - - name: connect to target account - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 - with: - aws-region: eu-west-2 - role-to-assume: ${{ inputs.TARGET_CLOUD_FORMATION_CHECK_VERSION_ROLE }} - role-session-name: fhir-validator-lambda-release-notes-target - - - name: Get deployed tag on target - shell: bash - working-directory: .github/scripts - env: - TARGET_ENVIRONMENT: ${{ inputs.TARGET_ENVIRONMENT }} - run: ./get_target_deployed_tag.sh - - - name: connect to dev account - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 - with: - aws-region: eu-west-2 - role-to-assume: ${{ inputs.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }} - role-session-name: fhir-validator-lambda-release-notes-dev - - - name: get current dev tag - shell: bash - working-directory: .github/scripts - run: ./get_current_dev_tag.sh - - - name: connect to dev account to run release notes lambda - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 - with: - aws-region: eu-west-2 - role-to-assume: ${{ inputs.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} - role-session-name: fhir-validator-lambda-release-notes-run-lambda - unset-current-credentials: true - - - name: create int release notes - shell: bash - working-directory: .github/scripts - if: inputs.TARGET_ENVIRONMENT == 'int' && inputs.CREATE_RC_RELEASE_NOTES == 'false' - env: - ENV: INT - PAGE_ID: ${{ inputs.CONFLUENCE_PAGE_ID }} - run: ./create_env_release_notes.sh - - - name: create int rc release notes - shell: bash - working-directory: .github/scripts - if: inputs.TARGET_ENVIRONMENT == 'int' && inputs.CREATE_RC_RELEASE_NOTES == 'true' - env: - RELEASE_TAG: ${{ inputs.RELEASE_TAG }} - PAGE_ID: ${{ inputs.CONFLUENCE_PAGE_ID }} - run: ./create_int_rc_release_notes.sh - - - name: create prod release notes - shell: bash - working-directory: .github/scripts - if: inputs.TARGET_ENVIRONMENT == 'prod' - env: - ENV: PROD - PAGE_ID: ${{ inputs.CONFLUENCE_PAGE_ID }} - run: ./create_env_release_notes.sh diff --git a/.github/scripts/call_mark_jira_released.sh b/.github/scripts/call_mark_jira_released.sh deleted file mode 100755 index fbf361ae..00000000 --- a/.github/scripts/call_mark_jira_released.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -echo "calling mark jira released" - -cat < payload.json -{ - "releaseVersion": "EPS-FHIR-Validator-$RELEASE_TAG" -} -EOF -cat payload.json - -function_arn=$(aws cloudformation list-exports --query "Exports[?Name=='release-notes:MarkJiraReleasedLambdaArn'].Value" --output text) -aws lambda invoke --function-name "${function_arn}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt -cat out.txt diff --git a/.github/scripts/create_env_release_notes.sh b/.github/scripts/create_env_release_notes.sh deleted file mode 100755 index fda44bf0..00000000 --- a/.github/scripts/create_env_release_notes.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/env bash - -cat < payload.json -{ - "currentTag": "$CURRENT_DEPLOYED_TAG", - "targetTag": "$DEV_TAG", - "repoName": "eps-FHIR-validator-lambda", - "targetEnvironment": "$ENV", - "productName": "EPS FHIR Validator lambda", - "releaseNotesPageId": "$PAGE_ID", - "releaseNotesPageTitle": "Current EPS FHIR Validator lambda - $ENV" -} -EOF -cat payload.json - -function_arn=$(aws cloudformation list-exports --query "Exports[?Name=='release-notes:CreateReleaseNotesLambdaArn'].Value" --output text) -aws lambda invoke --function-name "${function_arn}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt -cat out.txt diff --git a/.github/scripts/create_int_rc_release_notes.sh b/.github/scripts/create_int_rc_release_notes.sh deleted file mode 100755 index 765cc227..00000000 --- a/.github/scripts/create_int_rc_release_notes.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/env bash - -cat < payload.json -{ - "currentTag": "$CURRENT_DEPLOYED_TAG", - "targetTag": "$RELEASE_TAG", - "repoName": "eps-FHIR-validator-lambda", - "targetEnvironment": "INT", - "productName": "EPS FHIR Validator lambda", - "releaseNotesPageId": "$PAGE_ID", - "releaseNotesPageTitle": "EPS-FHIR-Validator-$RELEASE_TAG - Deployed to [INT] on $(date +'%d-%m-%y')", - "createReleaseCandidate": "true", - "releasePrefix": "EPS-FHIR-Validator-" -} -EOF -cat payload.json - -function_arn=$(aws cloudformation list-exports --query "Exports[?Name=='release-notes:CreateReleaseNotesLambdaArn'].Value" --output text) -aws lambda invoke --function-name "${function_arn}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt -cat out.txt diff --git a/.github/scripts/get_current_dev_tag.sh b/.github/scripts/get_current_dev_tag.sh deleted file mode 100755 index 2c36b69a..00000000 --- a/.github/scripts/get_current_dev_tag.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash - -dev_tag=$(aws cloudformation describe-stacks --stack-name fhir-validator --query "Stacks[0].Tags[?Key=='version'].Value" --output text) - -echo "DEV_TAG=${dev_tag}" >> "$GITHUB_ENV" diff --git a/.github/scripts/get_target_deployed_tag.sh b/.github/scripts/get_target_deployed_tag.sh deleted file mode 100755 index 8469c060..00000000 --- a/.github/scripts/get_target_deployed_tag.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env bash - -current_deployed_tag=$(aws cloudformation describe-stacks --stack-name fhir-validator --query "Stacks[0].Tags[?Key=='version'].Value" --output text) - - -if [ -z "$current_deployed_tag" ] -then - current_deployed_tag=v1.0.30-alpha -fi - -echo "CURRENT_DEPLOYED_TAG=${current_deployed_tag}" >> "$GITHUB_ENV" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9a11db5a..3a5079cd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,7 +32,10 @@ jobs: tag_release: needs: [quality_checks, get_commit_id, get_config_values] - uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@383f3f9eaf3cb553ebcd74897bfed4d5e387629e + uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@7a89b111ae752548e8e3f3fbaeb89bd6ecca0698 + permissions: + id-token: write + contents: write with: dry_run: true pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} @@ -59,8 +62,6 @@ jobs: COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}} LOG_LEVEL: INFO LOG_RETENTION_DAYS: 30 - CREATE_INT_RELEASE_NOTES: true - CREATE_PROD_RELEASE_NOTES: true ENABLE_ALERTS: true secrets: CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 9f6790fa..049540e3 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -58,7 +58,10 @@ jobs: tag_release: needs: [get_config_values] - uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@383f3f9eaf3cb553ebcd74897bfed4d5e387629e + uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@7a89b111ae752548e8e3f3fbaeb89bd6ecca0698 + permissions: + id-token: write + contents: write with: dry_run: true pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 18a7fdd5..0c9270b5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -31,13 +31,20 @@ jobs: tag_release: needs: [quality_checks, get_commit_id, get_config_values] - uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@383f3f9eaf3cb553ebcd74897bfed4d5e387629e + uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@7a89b111ae752548e8e3f3fbaeb89bd6ecca0698 + permissions: + id-token: write + contents: write with: dry_run: false pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} branch_name: main tag_format: ${{ needs.get_config_values.outputs.tag_format }} - secrets: inherit + update_jira: true + jira_release_prefix: "validator-lambda" + secrets: + EXECUTE_JIRA_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} + package_code: needs: [tag_release, get_config_values] @@ -58,8 +65,6 @@ jobs: COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}} LOG_LEVEL: INFO LOG_RETENTION_DAYS: 30 - CREATE_INT_RELEASE_NOTES: true - CREATE_PROD_RELEASE_NOTES: true ENABLE_ALERTS: true secrets: CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} @@ -115,8 +120,6 @@ jobs: COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}} LOG_LEVEL: INFO LOG_RETENTION_DAYS: 30 - CREATE_INT_RELEASE_NOTES: true - CREATE_INT_RC_RELEASE_NOTES: true ENABLE_ALERTS: true secrets: CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.INT_CLOUD_FORMATION_DEPLOY_ROLE }} @@ -138,8 +141,6 @@ jobs: COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}} LOG_LEVEL: INFO LOG_RETENTION_DAYS: 731 - MARK_JIRA_RELEASED: true - CREATE_PROD_RELEASE_NOTES: true ENABLE_ALERTS: true secrets: CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_DEPLOY_ROLE }} diff --git a/.github/workflows/sam_release_code.yml b/.github/workflows/sam_release_code.yml index 539ec21d..489f4562 100644 --- a/.github/workflows/sam_release_code.yml +++ b/.github/workflows/sam_release_code.yml @@ -27,18 +27,6 @@ on: LOG_RETENTION_DAYS: required: true type: string - CREATE_INT_RELEASE_NOTES: - type: boolean - default: false - CREATE_INT_RC_RELEASE_NOTES: - type: boolean - default: false - CREATE_PROD_RELEASE_NOTES: - type: boolean - default: false - MARK_JIRA_RELEASED: - type: boolean - default: false ENABLE_ALERTS: type: boolean default: true @@ -83,18 +71,6 @@ jobs: sparse-checkout: | .github - - name: create_int_rc_release_notes - uses: ./.github/actions/update_confluence_jira - if: ${{ inputs.CREATE_INT_RC_RELEASE_NOTES == true }} - with: - TARGET_ENVIRONMENT: int - RELEASE_TAG: ${{ inputs.VERSION_NUMBER }} - CONFLUENCE_PAGE_ID: "778783127" - CREATE_RC_RELEASE_NOTES: true - DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }} - TARGET_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }} - DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} - - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 with: @@ -123,35 +99,6 @@ jobs: ENABLE_ALERTS: ${{ inputs.ENABLE_ALERTS }} run: ./release_code.sh - - name: create_int_release_notes - uses: ./.github/actions/update_confluence_jira - if: ${{ inputs.CREATE_INT_RELEASE_NOTES == true && always() && !failure() && !cancelled() }} - with: - TARGET_ENVIRONMENT: int - CONFLUENCE_PAGE_ID: "778783122" - CREATE_RC_RELEASE_NOTES: false - DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }} - TARGET_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }} - DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} - - - name: create_prod_release_notes - uses: ./.github/actions/update_confluence_jira - if: ${{ inputs.CREATE_PROD_RELEASE_NOTES == true && always() && !failure() && !cancelled() }} - with: - TARGET_ENVIRONMENT: prod - CONFLUENCE_PAGE_ID: "778783125" - CREATE_RC_RELEASE_NOTES: false - DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }} - TARGET_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }} - DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} - - - name: mark_released_in_jira - uses: ./.github/actions/mark_jira_released - if: ${{ inputs.MARK_JIRA_RELEASED == true && always() && !failure() && !cancelled() }} - with: - RELEASE_TAG: ${{ inputs.VERSION_NUMBER }} - DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} - - name: Checkout gh-pages uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: