[PRM-481] Add deployment actions to prm-deductions-infra by jack-nhs · Pull Request #145 · NHSDigital/orphaned-record-continuity-infrastructure

jack-nhs · 2025-08-26T11:35:08Z

No description provided.

.github/workflows/build.yml

+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarqube-scan-action@v4
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}


To fix the problem, add an explicit permissions block specifying the minimum permissions necessary for the workflow to operate correctly. For a SonarCloud scan job, this generally means granting read access to contents and write access to pull requests (so that analysis results can be published as comments, if configured). Place the permissions block at the top-level of the workflow file to apply to all jobs, or within the specific sonarcloud job for a targeted approach. For simplicity and clarity, set it at the root of .github/workflows/build.yml (above jobs:), as it applies to all jobs unless overridden.

You only need to edit .github/workflows/build.yml: insert the following block after the workflow name::

permissions: contents: read pull-requests: write

This grants contents read access and pull request write access—which aligns with least privilege and the requirements for SonarCloud and GitHub PR integration.

…ge to main as well as manual deployment against other environments

github-actions · 2025-09-02T09:37:35Z

Report for environment: pre-prod

Terraform Format and Style 🖌``

Format Output

Terraform Initialization ⚙️`success`

Initialization Output


Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Upgrading modules...
- deductions-core in modules/deductions-core
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-core.vpc...
- deductions-core.vpc in .terraform/modules/deductions-core.vpc
- deductions-private in modules/deductions-private
- deductions-private.mq-admin in modules/deductions-private/mq-admin
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-private.vpc...
- deductions-private.vpc in .terraform/modules/deductions-private.vpc
Downloading registry.terraform.io/terraform-aws-modules/dynamodb-table/aws 4.0.0 for ehr_transfer_tracker_dynamodb_table...
- ehr_transfer_tracker_dynamodb_table in .terraform/modules/ehr_transfer_tracker_dynamodb_table
- repo in modules/mhs
- repo.cluster in modules/mhs/cluster-network
- test-harness in modules/mhs
- test-harness.cluster in modules/mhs/cluster-network
- utils in modules/utils
Initializing provider plugins...
- Finding latest version of hashicorp/archive...
- Finding hashicorp/aws versions matching ">= 5.20.0, >= 5.21.0, 5.37.0"...
- Installing hashicorp/archive v2.7.1...
- Installed hashicorp/archive v2.7.1 (signed by HashiCorp)
- Installing hashicorp/aws v5.37.0...
- Installed hashicorp/aws v5.37.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Terraform Validation 🤖`success`

Validation Output


Success! The configuration is valid.

Terraform Plan 📖`success`

Show Plan (1 to add, 3 to change, 0 to destroy)



Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place

Terraform will perform the following actions:

  # aws_lambda_function.alarm_notifications_lambda will be updated in-place
  ~ resource "aws_lambda_function" "alarm_notifications_lambda" {
        id                             = "pre-prod-alarm-notifications-lambda"
      ~ last_modified                  = "2025-02-28T16:49:22.000+0000" -> (known after apply)
      ~ source_code_hash               = "+VfNXvBg4fO9KaKIWqH2hHiR9vN6P7eSsrtg8UIbf8A=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "pre-prod"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # aws_lambda_function.generate_cost_report_lambda will be updated in-place
  ~ resource "aws_lambda_function" "generate_cost_report_lambda" {
        id                             = "pre-prod-generate-cost-report-lambda"
      ~ last_modified                  = "2025-02-28T16:49:29.000+0000" -> (known after apply)
      ~ source_code_hash               = "wDmay7MQAVUk2mB+vQzmM8e+/7JElFbxg6ZN7N+Z5VQ=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "pre-prod"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # aws_s3_bucket_policy.cost_usage_permit_developer_to_see_access_logs_policy[0] will be updated in-place
  ~ resource "aws_s3_bucket_policy" "cost_usage_permit_developer_to_see_access_logs_policy" {
        id     = "pre-prod-cost-and-usage-access-logs"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Action    = "s3:PutObject" -> [
                          + "s3:Get*",
                          + "s3:ListBucket",
                        ]
                      ~ Principal = {
                          + AWS     = "arn:aws:iam::108148468272:role/RepoDeveloper"
                          - Service = "logging.s3.amazonaws.com"
                        }
                      ~ Resource  = "arn:aws:s3:::pre-prod-cost-and-usage-access-logs/access-logs/*" -> [
                          + "arn:aws:s3:::pre-prod-cost-and-usage-access-logs",
                          + "arn:aws:s3:::pre-prod-cost-and-usage-access-logs/*",
                        ]
                      - Sid       = "S3ServerAccessLogsPolicy"
                        # (2 unchanged attributes hidden)
                    },
                  - {
                      - Action    = "s3:*"
                      - Condition = {
                          - Bool = {
                              - "aws:SecureTransport" = "false"
                            }
                        }
                      - Effect    = "Deny"
                      - Principal = "*"
                      - Resource  = [
                          - "arn:aws:s3:::pre-prod-cost-and-usage-access-logs",
                          - "arn:aws:s3:::pre-prod-cost-and-usage-access-logs/*",
                        ]
                      - Sid       = "S3EnforceHTTPSPolicy"
                    },
                ]
              ~ Version   = "2012-10-17" -> "2008-10-17"
            }
        )
        # (1 unchanged attribute hidden)
    }

  # module.deductions-private.aws_security_group_rule.vpn_to_mq_web_console[0] will be created
  + resource "aws_security_group_rule" "vpn_to_mq_web_console" {
      + description              = "Allow traffic from VPN to MQ Web Console"
      + from_port                = 8162
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = "sg-0dea2f7ced689bfd3"
      + security_group_rule_id   = (known after apply)
      + self                     = false
      + source_security_group_id = "sg-0fb81c4397e9bc16e"
      + to_port                  = 8162
      + type                     = "ingress"
    }

Plan: 1 to add, 3 to change, 0 to destroy.

github-actions · 2025-09-02T09:37:42Z

Report for environment: test

Terraform Format and Style 🖌``

Format Output

Terraform Initialization ⚙️`success`

Initialization Output


Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Upgrading modules...
- deductions-core in modules/deductions-core
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-core.vpc...
- deductions-core.vpc in .terraform/modules/deductions-core.vpc
- deductions-private in modules/deductions-private
- deductions-private.mq-admin in modules/deductions-private/mq-admin
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-private.vpc...
- deductions-private.vpc in .terraform/modules/deductions-private.vpc
Downloading registry.terraform.io/terraform-aws-modules/dynamodb-table/aws 4.0.0 for ehr_transfer_tracker_dynamodb_table...
- ehr_transfer_tracker_dynamodb_table in .terraform/modules/ehr_transfer_tracker_dynamodb_table
- repo in modules/mhs
- repo.cluster in modules/mhs/cluster-network
- test-harness in modules/mhs
- test-harness.cluster in modules/mhs/cluster-network
- utils in modules/utils
Initializing provider plugins...
- Finding hashicorp/aws versions matching ">= 5.20.0, >= 5.21.0, 5.37.0"...
- Finding latest version of hashicorp/archive...
- Installing hashicorp/archive v2.7.1...
- Installed hashicorp/archive v2.7.1 (signed by HashiCorp)
- Installing hashicorp/aws v5.37.0...
- Installed hashicorp/aws v5.37.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Terraform Validation 🤖`success`

Validation Output


Success! The configuration is valid.

Terraform Plan 📖`success`

Show Plan (1 to add, 2 to change, 0 to destroy)



Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place

Terraform will perform the following actions:

  # aws_lambda_function.alarm_notifications_lambda will be updated in-place
  ~ resource "aws_lambda_function" "alarm_notifications_lambda" {
        id                             = "test-alarm-notifications-lambda"
      ~ last_modified                  = "2025-02-28T16:42:29.000+0000" -> (known after apply)
      ~ source_code_hash               = "pDVl6cSVbYlRgZWOiVliSyq5WhVSB9d3GCWJzxJepXw=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "test"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # aws_lambda_function.generate_cost_report_lambda will be updated in-place
  ~ resource "aws_lambda_function" "generate_cost_report_lambda" {
        id                             = "test-generate-cost-report-lambda"
      ~ last_modified                  = "2025-02-28T16:42:36.000+0000" -> (known after apply)
      ~ source_code_hash               = "XJ7FARvX3/IQGBzV2tEQpTm+iedykrEyttRJayHhmgg=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "test"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.deductions-private.aws_security_group_rule.vpn_to_mq_web_console[0] will be created
  + resource "aws_security_group_rule" "vpn_to_mq_web_console" {
      + description              = "Allow traffic from VPN to MQ Web Console"
      + from_port                = 8162
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = "sg-06439d749d9770cbd"
      + security_group_rule_id   = (known after apply)
      + self                     = false
      + source_security_group_id = "sg-0bd411b5a8a92a193"
      + to_port                  = 8162
      + type                     = "ingress"
    }

Plan: 1 to add, 2 to change, 0 to destroy.

github-actions · 2025-09-02T09:37:43Z

Report for environment: prod

Terraform Format and Style 🖌``

Format Output

Terraform Initialization ⚙️`success`

Initialization Output


Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Upgrading modules...
- deductions-core in modules/deductions-core
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-core.vpc...
- deductions-core.vpc in .terraform/modules/deductions-core.vpc
- deductions-private in modules/deductions-private
- deductions-private.mq-admin in modules/deductions-private/mq-admin
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-private.vpc...
- deductions-private.vpc in .terraform/modules/deductions-private.vpc
Downloading registry.terraform.io/terraform-aws-modules/dynamodb-table/aws 4.0.0 for ehr_transfer_tracker_dynamodb_table...
- ehr_transfer_tracker_dynamodb_table in .terraform/modules/ehr_transfer_tracker_dynamodb_table
- repo in modules/mhs
- repo.cluster in modules/mhs/cluster-network
- test-harness in modules/mhs
- test-harness.cluster in modules/mhs/cluster-network
- utils in modules/utils
Initializing provider plugins...
- Finding hashicorp/aws versions matching ">= 5.20.0, >= 5.21.0, 5.37.0"...
- Finding latest version of hashicorp/archive...
- Installing hashicorp/aws v5.37.0...
- Installed hashicorp/aws v5.37.0 (signed by HashiCorp)
- Installing hashicorp/archive v2.7.1...
- Installed hashicorp/archive v2.7.1 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Terraform Validation 🤖`success`

Validation Output


Success! The configuration is valid.

Terraform Plan 📖`success`

Show Plan (0 to add, 4 to change, 0 to destroy)



Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_lambda_function.alarm_notifications_lambda will be updated in-place
  ~ resource "aws_lambda_function" "alarm_notifications_lambda" {
        id                             = "prod-alarm-notifications-lambda"
      ~ last_modified                  = "2025-08-13T15:27:07.000+0000" -> (known after apply)
      ~ source_code_hash               = "pIai6LpCjahr2OP7LM3xuKMiHZFiI4YCYc6jadDOa0Y=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "prod"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # aws_lambda_function.generate_cost_report_lambda will be updated in-place
  ~ resource "aws_lambda_function" "generate_cost_report_lambda" {
        id                             = "prod-generate-cost-report-lambda"
      ~ last_modified                  = "2025-08-13T15:27:14.000+0000" -> (known after apply)
      ~ source_code_hash               = "pDUzBvl1Ar3FlKNk7hYhmwt1DUmANm7HSimrEiyv5Co=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "prod"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # aws_s3_bucket_policy.cost_usage_permit_developer_to_see_access_logs_policy[0] will be updated in-place
  ~ resource "aws_s3_bucket_policy" "cost_usage_permit_developer_to_see_access_logs_policy" {
        id     = "prod-cost-and-usage-access-logs"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Action    = "s3:PutObject" -> [
                          + "s3:Get*",
                          + "s3:ListBucket",
                        ]
                      ~ Principal = {
                          + AWS     = "arn:aws:iam::535760944720:role/RepoDeveloper"
                          - Service = "logging.s3.amazonaws.com"
                        }
                      ~ Resource  = "arn:aws:s3:::prod-cost-and-usage-access-logs/access-logs/*" -> [
                          + "arn:aws:s3:::prod-cost-and-usage-access-logs",
                          + "arn:aws:s3:::prod-cost-and-usage-access-logs/*",
                        ]
                      - Sid       = "S3ServerAccessLogsPolicy"
                        # (2 unchanged attributes hidden)
                    },
                  - {
                      - Action    = "s3:*"
                      - Condition = {
                          - Bool = {
                              - "aws:SecureTransport" = "false"
                            }
                        }
                      - Effect    = "Deny"
                      - Principal = "*"
                      - Resource  = [
                          - "arn:aws:s3:::prod-cost-and-usage-access-logs",
                          - "arn:aws:s3:::prod-cost-and-usage-access-logs/*",
                        ]
                      - Sid       = "S3EnforceHTTPSPolicy"
                    },
                ]
              ~ Version   = "2012-10-17" -> "2008-10-17"
            }
        )
        # (1 unchanged attribute hidden)
    }

  # module.deductions-private.aws_security_group.gocd_to_mq will be updated in-place
  ~ resource "aws_security_group" "gocd_to_mq" {
        id                     = "sg-05349fdac523bd34c"
      ~ ingress                = (sensitive value)
        name                   = "prod-gocd-to-mq"
        tags                   = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "prod"
            "Name"        = "prod-gocd-to-deductions-private-sg"
        }
        # (8 unchanged attributes hidden)
    }

Plan: 0 to add, 4 to change, 0 to destroy.

github-actions · 2025-09-02T09:37:47Z

Report for environment: dev

Terraform Format and Style 🖌``

Format Output

Terraform Initialization ⚙️`success`

Initialization Output


Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Upgrading modules...
- deductions-core in modules/deductions-core
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-core.vpc...
- deductions-core.vpc in .terraform/modules/deductions-core.vpc
- deductions-private in modules/deductions-private
- deductions-private.mq-admin in modules/deductions-private/mq-admin
Downloading registry.terraform.io/terraform-aws-modules/vpc/aws 5.5.2 for deductions-private.vpc...
- deductions-private.vpc in .terraform/modules/deductions-private.vpc
Downloading registry.terraform.io/terraform-aws-modules/dynamodb-table/aws 4.0.0 for ehr_transfer_tracker_dynamodb_table...
- ehr_transfer_tracker_dynamodb_table in .terraform/modules/ehr_transfer_tracker_dynamodb_table
- repo in modules/mhs
- repo.cluster in modules/mhs/cluster-network
- test-harness in modules/mhs
- test-harness.cluster in modules/mhs/cluster-network
- utils in modules/utils
Initializing provider plugins...
- Finding hashicorp/aws versions matching ">= 5.20.0, >= 5.21.0, 5.37.0"...
- Finding latest version of hashicorp/archive...
- Installing hashicorp/aws v5.37.0...
- Installed hashicorp/aws v5.37.0 (signed by HashiCorp)
- Installing hashicorp/archive v2.7.1...
- Installed hashicorp/archive v2.7.1 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Terraform Validation 🤖`success`

Validation Output


Success! The configuration is valid.

Terraform Plan 📖`success`

Show Plan (1 to add, 3 to change, 0 to destroy)



Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place

Terraform will perform the following actions:

  # aws_lambda_function.alarm_notifications_lambda will be updated in-place
  ~ resource "aws_lambda_function" "alarm_notifications_lambda" {
        id                             = "dev-alarm-notifications-lambda"
      ~ last_modified                  = "2025-02-28T16:39:06.000+0000" -> (known after apply)
      ~ source_code_hash               = "N1A2BEgwBveveypJvkphN+dL54jvH0fFUfljcbInTL4=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "dev"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # aws_lambda_function.generate_cost_report_lambda will be updated in-place
  ~ resource "aws_lambda_function" "generate_cost_report_lambda" {
        id                             = "dev-generate-cost-report-lambda"
      ~ last_modified                  = "2025-02-28T16:39:13.000+0000" -> (known after apply)
      ~ source_code_hash               = "TBqV+Qp6jQ0Cw64ozRL9gi4AFxm9bPrSYo52+U//ThQ=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
        tags                           = {
            "CreatedBy"   = "prm-deductions-infra"
            "Environment" = "dev"
        }
        # (26 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # aws_s3_bucket_policy.alb_access_logs_policy will be updated in-place
  ~ resource "aws_s3_bucket_policy" "alb_access_logs_policy" {
        id     = "dev-repo-load-balancer-access-logs"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Principal = {
                          + AWS     = "arn:aws:iam::652711504416:root"
                          - Service = "logdelivery.elasticloadbalancing.amazonaws.com"
                        }
                        # (3 unchanged attributes hidden)
                    },
                    {
                        Action    = "s3:*"
                        Condition = {
                            Bool = {
                                "aws:SecureTransport" = "false"
                            }
                        }
                        Effect    = "Deny"
                        Principal = {
                            AWS = "*"
                        }
                        Resource  = [
                            "arn:aws:s3:::dev-repo-load-balancer-access-logs/*",
                            "arn:aws:s3:::dev-repo-load-balancer-access-logs",
                        ]
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        # (1 unchanged attribute hidden)
    }

  # module.deductions-private.aws_security_group_rule.vpn_to_mq_web_console[0] will be created
  + resource "aws_security_group_rule" "vpn_to_mq_web_console" {
      + description              = "Allow traffic from VPN to MQ Web Console"
      + from_port                = 8162
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = "sg-01680206fb7c54795"
      + security_group_rule_id   = (known after apply)
      + self                     = false
      + source_security_group_id = "sg-06df174eb101a7289"
      + to_port                  = 8162
      + type                     = "ingress"
    }

Plan: 1 to add, 3 to change, 0 to destroy.

jack-nhs added 2 commits August 22, 2025 15:09

Adds cicd and base deployment workflows

2f04997

Restore build workflow

d1a642e

jack-nhs temporarily deployed to test August 26, 2025 11:35 — with GitHub Actions Inactive

jack-nhs temporarily deployed to pre-prod August 26, 2025 11:35 — with GitHub Actions Inactive

jack-nhs temporarily deployed to dev August 26, 2025 11:35 — with GitHub Actions Inactive

jack-nhs temporarily deployed to prod August 26, 2025 11:35 — with GitHub Actions Inactive

github-advanced-security bot found potential problems Aug 26, 2025

View reviewed changes

Updated the base-deployment and its trigger to correctly apply on mer…

c5aaa41

…ge to main as well as manual deployment against other environments

oliverbeumkes-nhs temporarily deployed to prod September 2, 2025 09:10 — with GitHub Actions Inactive

oliverbeumkes-nhs temporarily deployed to test September 2, 2025 09:10 — with GitHub Actions Inactive

oliverbeumkes-nhs temporarily deployed to pre-prod September 2, 2025 09:10 — with GitHub Actions Inactive

oliverbeumkes-nhs temporarily deployed to dev September 2, 2025 09:10 — with GitHub Actions Inactive

Updated the pr and deploy scripts to include ehr-hard-deletion-lambda

bd4fedc

oliverbeumkes-nhs temporarily deployed to test September 2, 2025 09:36 — with GitHub Actions Inactive

oliverbeumkes-nhs temporarily deployed to pre-prod September 2, 2025 09:36 — with GitHub Actions Inactive

oliverbeumkes-nhs temporarily deployed to dev September 2, 2025 09:36 — with GitHub Actions Inactive

oliverbeumkes-nhs temporarily deployed to prod September 2, 2025 09:36 — with GitHub Actions Inactive

oliverbeumkes-nhs closed this Sep 24, 2025

oliverbeumkes-nhs deleted the PRM-481 branch September 24, 2025 14:01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[PRM-481] Add deployment actions to prm-deductions-infra#145

[PRM-481] Add deployment actions to prm-deductions-infra#145
jack-nhs wants to merge 4 commits intomainfrom
PRM-481

jack-nhs commented Aug 26, 2025

Uh oh!

Check warning

Copilot Autofix

github-actions bot commented Sep 2, 2025

Uh oh!

github-actions bot commented Sep 2, 2025

Uh oh!

github-actions bot commented Sep 2, 2025

Uh oh!

github-actions bot commented Sep 2, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

@@ -1,3 +1,6 @@
+            permissions:
+              contents: read
+              pull-requests: write
             name: Build
             on:
               push:

Conversation

jack-nhs commented Aug 26, 2025

Uh oh!

Check warning

Copilot Autofix

github-actions bot commented Sep 2, 2025

Report for environment: pre-prod

Terraform Format and Style 🖌``

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Terraform Plan 📖success

Uh oh!

github-actions bot commented Sep 2, 2025

Report for environment: test

Terraform Format and Style 🖌``

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Terraform Plan 📖success

Uh oh!

github-actions bot commented Sep 2, 2025

Report for environment: prod

Terraform Format and Style 🖌``

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Terraform Plan 📖success

Uh oh!

github-actions bot commented Sep 2, 2025

Report for environment: dev

Terraform Format and Style 🖌``

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Terraform Plan 📖success

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`