Merge pull request #16 from NHSDigital/feature/CCM-13764_init

CCM-13764: Init

Author: sidnhs

.github/CODEOWNERS

@@ -1,10 +1,10 @@
 # NHS Notify Code Owners
 
 # Notify default owners
-*                           @NHSDigital/nhs-notify-repository-template
+*                           @NHSDigital/nhs-notify-client-callbacks
 
-/.github/                   @NHSDigital/nhs-notify-repository-template-admins
-*.code-workspace            @NHSDigital/nhs-notify-repository-template-admins
+/.github/                   @NHSDigital/nhs-notify-admins
+*.code-workspace            @NHSDigital/nhs-notify-admins
 /infrastructure/terraform/  @NHSDigital/nhs-notify-platform
 
 # Root level AGENTS.md owned by platform.

.github/workflows/cicd-1-pull-request.yaml

@@ -11,6 +11,12 @@ on:
     branches:
       - main
 
+permissions:
+  id-token: write
+  contents: write
+  packages: read
+
+
 jobs:
   metadata:
     name: "Set CI/CD metadata"
@@ -142,6 +148,30 @@ jobs:
       terraform_version: "${{ needs.metadata.outputs.terraform_version }}"
       version: "${{ needs.metadata.outputs.version }}"
     secrets: inherit
+  pr-create-dynamic-environment:
+    name: Create Dynamic Environment
+    needs: [metadata, build-stage]
+    runs-on: ubuntu-latest
+    if: needs.metadata.outputs.does_pull_request_exist == 'true' && github.ref != 'refs/heads/main'
+    env:
+      APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
+      APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
+    steps:
+      - uses: actions/checkout@v5.0.0
+      - name: Trigger dynamic environment creation
+        shell: bash
+        run: |
+          .github/scripts/dispatch_internal_repo_workflow.sh \
+            --infraRepoName "$(echo ${{ github.repository }} | cut -d'/' -f2)" \
+            --releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \
+            --targetWorkflow "dispatch-deploy-dynamic-env.yaml" \
+            --targetEnvironment "pr${{ needs.metadata.outputs.pr_number }}" \
+            --targetComponent "callbacks" \
+            --targetAccountGroup "nhs-notify-client-callbacks-dev" \
+            --terraformAction "apply" \
+            --overrideProjectName "nhs" \
+            --overrideRoleName "nhs-main-acct-client-callbacks-github-deploy" \
+            --overrides "branch_name=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}"
   acceptance-stage: # Recommended maximum execution time is 10 minutes
     name: "Acceptance stage"
     needs: [metadata, build-stage]
@@ -155,4 +185,5 @@ jobs:
       python_version: "${{ needs.metadata.outputs.python_version }}"
       terraform_version: "${{ needs.metadata.outputs.terraform_version }}"
       version: "${{ needs.metadata.outputs.version }}"
+      target_environment: "pr${{ needs.metadata.outputs.pr_number }}"
     secrets: inherit

.github/workflows/pr_closed.disabled .github/workflows/pr_closed.yml.github/workflows/pr_closed.disabled renamed to .github/workflows/pr_closed.yml

@@ -46,7 +46,7 @@ jobs:
     strategy:
       max-parallel: 1
       matrix:
-        component: [acct, app]
+        component: [callbacks]
 
     steps:
       - name: Checkout repository
@@ -59,8 +59,8 @@ jobs:
         run: |
           bash .github/scripts/dispatch_internal_repo_workflow.sh \
             --releaseVersion "main" \
-            --targetWorkflow "dispatch-deploy-static-notify-bounded-context-env.yaml" ## Replace with correct targetWorkflow \
+            --targetWorkflow "dispatch-deploy-static-notify-client-callbacks-env.yaml" \
             --targetEnvironment "main" \
-            --targetAccountGroup "nhs-notify-bounded-context-dev" ## Replace with correct targetAccountGroup \
+            --targetAccountGroup "nhs-notify-client-callbacks-dev" \
             --targetComponent "${{ matrix.component }}" \
             --terraformAction "apply"

.github/workflows/pr_create_dynamic_env.disabled

@@ -28,8 +28,8 @@ jobs:
             --arg infraRepoName "${this_repo_name}" \
             --arg releaseVersion "main" \
             --arg targetEnvironment "pr${{ github.event.number }}" \
-            --arg targetAccountGroup "nhs-notify-bounded-context-dev" \ ## Replace with correct targetAccountGroup
-            --arg targetComponent "component" \ ## Replace with correct targetComponent
+            --arg targetAccountGroup "nhs-notify-client-callbacks-dev" \
+            --arg targetComponent "callbacks" \
             --arg terraformAction "destroy" \
             '{ "ref": "main",
               "inputs": {

…orkflows/pr_destroy_dynamic_env.disabled …hub/workflows/pr_destroy_dynamic_env.yml.github/workflows/pr_destroy_dynamic_env.disabled renamed to .github/workflows/pr_destroy_dynamic_env.yml .github/workflows/pr_destroy_dynamic_env.disabled renamed to .github/workflows/pr_destroy_dynamic_env.yml

@@ -22,7 +22,7 @@ jobs:
     strategy:
       max-parallel: 1
       matrix:
-        component: [component1, component2] ## Replace with correct components
+        component: [callbacks]
 
     steps:
       - name: Checkout repository
@@ -35,8 +35,8 @@ jobs:
         run: |
           bash .github/scripts/dispatch_internal_repo_workflow.sh \
             --releaseVersion "${{ github.event.release.tag_name }}" \
-            --targetWorkflow "dispatch-deploy-static-notify-bounded-context-env.yaml" ## Replace with correct targetWorkflow \
+            --targetWorkflow "dispatch-deploy-static-notify-client-callbacks-env.yaml" \
             --targetEnvironment "main" \
-            --targetAccountGroup "nhs-notify-bounded-context-nonprod" ## Replace with correct targetAccountGroup \
+            --targetAccountGroup "nhs-notify-client-callbacks-nonprod" \
             --targetComponent "${{ matrix.component }}" \
             --terraformAction "apply"

…ithub/workflows/release_created.disabled .github/workflows/release_created.yml.github/workflows/release_created.disabled renamed to .github/workflows/release_created.yml .github/workflows/release_created.disabled renamed to .github/workflows/release_created.yml

@@ -31,6 +31,10 @@ on:
         description: "Version of the software, set by the CI/CD pipeline workflow"
         required: true
         type: string
+      target_environment:
+        description: "Environment to run acceptance tests with"
+        required: true
+        type: string
 
 jobs:
   environment-set-up:

.github/workflows/stage-4-acceptance.yaml

@@ -599,7 +599,6 @@ readonly backend_config="terraform {
     region         = \"${region}\"
     bucket         = \"${bucket}\"
     key            = \"${backend_key}\"
-    dynamodb_table = \"${bucket}\"
     use_lockfile   = true
   }
 }";

infrastructure/terraform/bin/terraform.sh

@@ -0,0 +1 @@
+terraform 1.10.1

infrastructure/terraform/components/callbacks/.tool-versions

@@ -0,0 +1,44 @@
+<!-- BEGIN_TF_DOCS -->
+<!-- markdownlint-disable -->
+<!-- vale off -->
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.10.1 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 6.13 |
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_account_id"></a> [aws\_account\_id](#input\_aws\_account\_id) | The AWS Account ID (numeric) | `string` | n/a | yes |
+| <a name="input_clients"></a> [clients](#input\_clients) | n/a | <pre>list(object({<br/>    connection_name                  = string<br/>    destination_name                 = string<br/>    invocation_endpoint              = string<br/>    invocation_rate_limit_per_second = optional(number, 10)<br/>    http_method                      = optional(string, "POST")<br/>    header_name                      = optional(string, "x-api-key")<br/>    header_value                     = string<br/>    client_detail                    = list(string)<br/>  }))</pre> | `[]` | no |
+| <a name="input_component"></a> [component](#input\_component) | The variable encapsulating the name of this component | `string` | `"callbacks"` | no |
+| <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | A map of default tags to apply to all taggable resources within the component | `map(string)` | `{}` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes |
+| <a name="input_force_lambda_code_deploy"></a> [force\_lambda\_code\_deploy](#input\_force\_lambda\_code\_deploy) | If the lambda package in s3 has the same commit id tag as the terraform build branch, the lambda will not update automatically. Set to True if making changes to Lambda code from on the same commit for example during development | `bool` | `false` | no |
+| <a name="input_group"></a> [group](#input\_group) | The group variables are being inherited from (often synonmous with account short-name) | `string` | n/a | yes |
+| <a name="input_kms_deletion_window"></a> [kms\_deletion\_window](#input\_kms\_deletion\_window) | When a kms key is deleted, how long should it wait in the pending deletion state? | `string` | `"30"` | no |
+| <a name="input_log_level"></a> [log\_level](#input\_log\_level) | The log level to be used in lambda functions within the component. Any log with a lower severity than the configured value will not be logged: https://docs.python.org/3/library/logging.html#levels | `string` | `"INFO"` | no |
+| <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
+| <a name="input_parent_acct_environment"></a> [parent\_acct\_environment](#input\_parent\_acct\_environment) | Name of the environment responsible for the acct resources used, affects things like DNS zone. Useful for named dev environments | `string` | `"main"` | no |
+| <a name="input_pipe_event_patterns"></a> [pipe\_event\_patterns](#input\_pipe\_event\_patterns) | value | `list(string)` | `[]` | no |
+| <a name="input_pipe_sqs_input_batch_size"></a> [pipe\_sqs\_input\_batch\_size](#input\_pipe\_sqs\_input\_batch\_size) | n/a | `number` | `1` | no |
+| <a name="input_pipe_sqs_max_batch_window"></a> [pipe\_sqs\_max\_batch\_window](#input\_pipe\_sqs\_max\_batch\_window) | n/a | `number` | `2` | no |
+| <a name="input_project"></a> [project](#input\_project) | The name of the tfscaffold project | `string` | n/a | yes |
+| <a name="input_region"></a> [region](#input\_region) | The AWS Region | `string` | n/a | yes |
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_client_destination"></a> [client\_destination](#module\_client\_destination) | ../../modules/client-destination | n/a |
+| <a name="module_client_transform_filter_lambda"></a> [client\_transform\_filter\_lambda](#module\_client\_transform\_filter\_lambda) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/lambda | v2.0.29 |
+| <a name="module_kms"></a> [kms](#module\_kms) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-kms.zip | n/a |
+| <a name="module_sqs_inbound_event"></a> [sqs\_inbound\_event](#module\_sqs\_inbound\_event) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-sqs.zip | n/a |
+## Outputs
+
+No outputs.
+<!-- vale on -->
+<!-- markdownlint-enable -->
+<!-- END_TF_DOCS -->