Skip to content

[PRM-726] Removal of end-of-transfer-service via terraform destroy #204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
oliverbeumkes-nhs wants to merge 12 commits into
base: main
Choose a base branch
from
Draft

[PRM-726] Removal of end-of-transfer-service via terraform destroy #204

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
3b0c0c1
[PRM-726] Reverted end-of-transfer to a point it will run against its…
oliverbeumkes-nhs Feb 26, 2026
a266cb0
[PRM-726] Reverted end-of-transfer to a point it will run against its…
oliverbeumkes-nhs Feb 26, 2026
dbb12ff
[PRM-726] Override for deploy stack and automated deploy stack to pla…
oliverbeumkes-nhs Feb 26, 2026
f71aad6
[PRM-726] Reintroduced workflow call for deploy stack
oliverbeumkes-nhs Feb 26, 2026
8a2728e
Removed un used tfvars files and updated plan to use env var
oliverbeumkes-nhs Mar 5, 2026
9ae4aec
Renamed deploy-stack to destroy-stack
oliverbeumkes-nhs Mar 5, 2026
58df7ca
Renamed deploy-stack to destroy-stack
oliverbeumkes-nhs Mar 5, 2026
0c204de
Renamed deploy-stack to destroy-stack
oliverbeumkes-nhs Mar 5, 2026
b403679
Renamed destroy-stack to deploy-stack
oliverbeumkes-nhs Mar 5, 2026
94bcb02
Renamed destroy-stack to deploy-stack
oliverbeumkes-nhs Mar 5, 2026
b73c25c
Updated deny_http to use sns_base_arns
oliverbeumkes-nhs Mar 5, 2026
c971cc1
Changing references to sns_arns just to get the destroy working
chrisbloe Mar 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
220 changes: 4 additions & 216 deletions .github/workflows/automated-deploy-stack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,239 +3,27 @@ name: "Z-AUTOMATED: Deploy - Stack"
on:
push:
branches: [main]
paths:
- "stacks/deductions/**"
- "stacks/deductions-cross-account/**"
- "stacks/deductions-dashboard/**"
- "stacks/mesh-forwarder/**"
- "stacks/pds-adaptor/**"
- "stacks/re-registration-service/**"
paths:
- "stacks/suspension-service/**"
- "stacks/nems-event-processor/**"
- "stacks/ehr-repo/**"
- "stacks/ehr-repo-db-roles/**"
- "stacks/ehr-out-service/**"
- "stacks/ehr-transfer-service/**"
- "stacks/gp2gp-messenger/**"
- "stacks/mhs/**"
- ".github/workflows/automated-deploy-stack.yml"
- ".github/workflows/base-deploy-stack.yml"

pull_request:
branches: [main]
paths:
- "stacks/deductions/**"
- "stacks/deductions-cross-account/**"
- "stacks/deductions-dashboard/**"
- "stacks/mesh-forwarder/**"
- "stacks/pds-adaptor/**"
- "stacks/re-registration-service/**"
- "stacks/suspension-service/**"
- "stacks/nems-event-processor/**"
- "stacks/ehr-repo/**"
- "stacks/ehr-repo-db-roles/**"
- "stacks/ehr-out-service/**"
- "stacks/ehr-transfer-service/**"
- "stacks/gp2gp-messenger/**"
- "stacks/mhs/**"
- ".github/workflows/automated-deploy-stack.yml"
- ".github/workflows/base-deploy-stack.yml"


permissions:
pull-requests: write
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

jobs:
get-changed-files:
runs-on: ubuntu-latest
outputs:
changed: ${{ steps.get-changed-files.outputs.changed }}
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0

- name: Get changed files
id: get-changed-files
env:
GITHUB_EVENT_NAME: ${{ github.event_name }}
run: |
if [ "$GITHUB_EVENT_NAME" == "push" ]; then
echo "DEBUG: Comparing ${{ github.event.before }} to ${{ github.event.after }}"
changed=$(git diff --name-only ${{ github.event.before }} ${{ github.event.after }} | tr '\n' ' ')
fi
if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then
changed=$(git diff --name-only origin/main... | tr '\n' ' ')
fi
echo "DEBUG: Changed files: '$changed'"
echo "changed=$changed" >> $GITHUB_OUTPUT

deductions-ci:
if: contains(needs.get-changed-files.outputs.changed, 'stacks/mesh-forwarder') || contains(needs.get-changed-files.outputs.changed, '.github/workflows/automated-deploy-stack.yml')
name: Deductions Infrastructure CI
uses: ./.github/workflows/deploy-stack.yml
needs: [get-changed-files]
with:
stack: deductions
backend_key_alias: deductions-infra-dev
environment: dev
is_deployment: ${{ github.ref == 'refs/heads/main' }}
lambdas_to_build: true
secrets: inherit

deductions-cross-account:
if: always() && (needs.deductions-ci.result == 'success' || needs.deductions-ci.result == 'skipped') && (contains(needs.get-changed-files.outputs.changed, 'stacks/deductions-cross-account') || contains(needs.get-changed-files.outputs.changed, '.github/workflows/automated-deploy-stack.yml'))
name: deductions-cross-account
uses: ./.github/workflows/deploy-stack.yml
needs: [get-changed-files, deductions-ci]
with:
stack: deductions-cross-account
environment: dev
is_deployment: ${{ github.ref == 'refs/heads/main' }}
backend_key_alias: deductions-infra-cross-account-dev
secrets: inherit

deductions-dashboard-ci:
if: contains(needs.get-changed-files.outputs.changed, 'stacks/deductions-dashboard') || contains(needs.get-changed-files.outputs.changed, '.github/workflows/automated-deploy-stack.yml')
name: Deductions Dashboard Infrastructure CI
uses: ./.github/workflows/deploy-stack.yml
needs: [get-changed-files, deductions-ci]
with:
stack: deductions-dashboard
backend_key_alias: deductions-infra-dashboard-dev
environment: dev
is_deployment: ${{ github.ref == 'refs/heads/main' }}
secrets: inherit

mesh-forwarder-ci:
if: contains(needs.get-changed-files.outputs.changed, 'stacks/mesh-forwarder') || contains(needs.get-changed-files.outputs.changed, '.github/workflows/automated-deploy-stack.yml')
name: MESH Forwarder Infrastructure
needs: [get-changed-files, deductions-ci, deductions-cross-account]
uses: ./.github/workflows/deploy-stack.yml
with:
stack: mesh-forwarder
ecr_alias: deductions/mesh-forwarder
environment: dev
is_deployment: ${{ github.ref == 'refs/heads/main' }}
secrets: inherit

pds-adaptor-ci:
if: contains(needs.get-changed-files.outputs.changed, 'stacks/pds-adaptor') || contains(needs.get-changed-files.outputs.changed, '.github/workflows/automated-deploy-stack.yml')
name: PDS Adaptor Infrastructure
needs: [get-changed-files, deductions-ci, deductions-cross-account]
uses: ./.github/workflows/deploy-stack.yml
with:
stack: pds-adaptor
ecr_alias: deductions/pds-adaptor
environment: dev
is_deployment: ${{ github.ref == 'refs/heads/main' }}
secrets: inherit

re-registration-service-ci:
if: contains(needs.get-changed-files.outputs.changed, 'stacks/re-registration-service') || contains(needs.get-changed-files.outputs.changed, '.github/workflows/automated-deploy-stack.yml')
name: Re-Registration Service Infrastructure
needs: [get-changed-files, deductions-ci, deductions-cross-account]
uses: ./.github/workflows/deploy-stack.yml
with:
stack: re-registration-service
ecr_alias: repo/re-registration-service
environment: dev
is_deployment: ${{ github.ref == 'refs/heads/main' }}
secrets: inherit

suspension-service-ci:
if: contains(needs.get-changed-files.outputs.changed, 'stacks/suspension-service') || contains(needs.get-changed-files.outputs.changed, '.github/workflows/automated-deploy-stack.yml')
name: Suspension Service Infrastructure
needs: [get-changed-files, deductions-ci, deductions-cross-account]
name: End of Transfer Infrastructure - Destroy plan
uses: ./.github/workflows/deploy-stack.yml
with:
stack: suspension-service
ecr_alias: repo/suspension-service
environment: dev
is_deployment: ${{ github.ref == 'refs/heads/main' }}
secrets: inherit

nems-event-processor-ci:
if: contains(needs.get-changed-files.outputs.changed, 'stacks/nems-event-processor') || contains(needs.get-changed-files.outputs.changed, '.github/workflows/automated-deploy-stack.yml')
name: NEMS Event Processor Infrastructure
needs: [get-changed-files, deductions-ci, deductions-cross-account]
uses: ./.github/workflows/deploy-stack.yml
with:
stack: nems-event-processor
ecr_alias: deductions/nems-event-processor
environment: dev
is_deployment: ${{ github.ref == 'refs/heads/main' }}
secrets: inherit

ehr-repo-ci:
if: contains(needs.get-changed-files.outputs.changed, 'stacks/ehr-repo') || contains(needs.get-changed-files.outputs.changed, '.github/workflows/automated-deploy-stack.yml')
name: EHR Repo Infrastructure CI
uses: ./.github/workflows/deploy-stack.yml
needs: [get-changed-files, deductions-ci, deductions-cross-account]
with:
stack: ehr-repo
ecr_alias: deductions/ehr-repo
environment: dev
is_deployment: ${{ github.ref == 'refs/heads/main' }}
secrets: inherit

ehr-repo-db-roles-ci:
if: contains(needs.get-changed-files.outputs.changed, 'stacks/ehr-repo') || contains(needs.get-changed-files.outputs.changed, 'stacks/ehr-repo-db-roles') || contains(needs.get-changed-files.outputs.changed, '.github/workflows/automated-deploy-stack.yml')
name: EHR Repo DB Roles Infrastructure CI
uses: ./.github/workflows/deploy-stack.yml
needs: [get-changed-files, deductions-ci, ehr-repo-ci]
with:
stack: ehr-repo-db-roles
environment: dev
backend_key_alias: ehr-repo-dev-db-roles
is_deployment: ${{ github.ref == 'refs/heads/main' }}
secrets: inherit

ehr-out-service-ci:
if: contains(needs.get-changed-files.outputs.changed, 'stacks/ehr-out-service') || contains(needs.get-changed-files.outputs.changed, '.github/workflows/automated-deploy-stack.yml')
name: EHR Out Service Infrastructure CI
uses: ./.github/workflows/deploy-stack.yml
needs: [get-changed-files, deductions-ci, deductions-cross-account]
with:
stack: ehr-out-service
ecr_alias: deductions/ehr-out-service
environment: dev
is_deployment: ${{ github.ref == 'refs/heads/main' }}
secrets: inherit

ehr-transfer-service-ci:
if: contains(needs.get-changed-files.outputs.changed, 'stacks/ehr-transfer-service') || contains(needs.get-changed-files.outputs.changed, '.github/workflows/automated-deploy-stack.yml')
name: EHR Transfer Service Infrastructure CI
uses: ./.github/workflows/deploy-stack.yml
needs: [get-changed-files, deductions-ci, deductions-cross-account]
with:
stack: ehr-transfer-service
ecr_alias: deductions/ehr-transfer-service
environment: dev
is_deployment: ${{ github.ref == 'refs/heads/main' }}
secrets: inherit

gp2gp-messenger-ci:
if: contains(needs.get-changed-files.outputs.changed, 'stacks/gp2gp-messenger') || contains(needs.get-changed-files.outputs.changed, '.github/workflows/automated-deploy-stack.yml')
name: GP2GP Messenger Infrastructure CI
uses: ./.github/workflows/deploy-stack.yml
needs: [get-changed-files, deductions-ci, deductions-cross-account]
with:
stack: gp2gp-messenger
ecr_alias: deductions/gp2gp-messenger
environment: dev
is_deployment: ${{ github.ref == 'refs/heads/main' }}
secrets: inherit

mhs-ci:
if: contains(needs.get-changed-files.outputs.changed, 'stacks/mhs') || contains(needs.get-changed-files.outputs.changed, '.github/workflows/automated-deploy-stack.yml')
name: MHS Infrastructure CI
uses: ./.github/workflows/deploy-stack.yml
needs: [get-changed-files, deductions-ci, deductions-cross-account]
with:
stack: mhs
backend_key_alias: mhs-dev-repo
environment: dev
is_deployment: ${{ github.ref == 'refs/heads/main' }}
is_deployment: false
secrets: inherit
Loading