From 7696e1caa919a2d7d35b131b197cdbacbea54822 Mon Sep 17 00:00:00 2001 From: oliverbeumkes-nhs Date: Thu, 19 Mar 2026 15:08:32 +0000 Subject: [PATCH 01/10] [PRM-691] Add temp debugging --- .github/workflows/tool-create-release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/tool-create-release.yml b/.github/workflows/tool-create-release.yml index 228ab584..f38381f2 100644 --- a/.github/workflows/tool-create-release.yml +++ b/.github/workflows/tool-create-release.yml @@ -49,6 +49,8 @@ jobs: git config user.email "github-actions[bot]@users.noreply.github.com" git tag $tag git push origin $tag + echo "Debugging: List all files in the current directory" + ls -la - name: Full Deployment uses: ./.github/workflows/full-deployment.yml From 39e92a7ea5cb22a12465c9fdc9efca1e824bdebb Mon Sep 17 00:00:00 2001 From: oliverbeumkes-nhs Date: Thu, 19 Mar 2026 15:12:25 +0000 Subject: [PATCH 02/10] Removed external reference to self on checkout --- .github/workflows/tool-create-release.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/tool-create-release.yml b/.github/workflows/tool-create-release.yml index f38381f2..91c45e8e 100644 --- a/.github/workflows/tool-create-release.yml +++ b/.github/workflows/tool-create-release.yml @@ -39,9 +39,6 @@ jobs: - name: Checkout uses: actions/checkout@v6 - with: - fetch-depth: 0 - repository: NHSDigital/orphaned-record-continuity - name: Create GitHub Tag run: | From b59899f03fb2b361a6066b251d100eaa6a24cdf4 Mon Sep 17 00:00:00 2001 From: oliverbeumkes-nhs Date: Thu, 19 Mar 2026 15:16:22 +0000 Subject: [PATCH 03/10] [PRM-691] Add temp debugging --- .github/workflows/tool-create-release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/tool-create-release.yml b/.github/workflows/tool-create-release.yml index 91c45e8e..a86707ff 100644 --- a/.github/workflows/tool-create-release.yml +++ b/.github/workflows/tool-create-release.yml @@ -48,6 +48,9 @@ jobs: git push origin $tag echo "Debugging: List all files in the current directory" ls -la + cd .github/workflows + echo "Debugging: List all files in the .github/workflows directory" + ls -la - name: Full Deployment uses: ./.github/workflows/full-deployment.yml From 3e3b985bacc09f32d70dd9013508cb12dfb1354d Mon Sep 17 00:00:00 2001 From: oliverbeumkes-nhs Date: Thu, 19 Mar 2026 15:35:30 +0000 Subject: [PATCH 04/10] [PRM-691] Refactored into 3 separate jobs=] --- .github/workflows/tool-create-release.yml | 32 ++++++++++++++--------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/.github/workflows/tool-create-release.yml b/.github/workflows/tool-create-release.yml index a86707ff..1d0d0abf 100644 --- a/.github/workflows/tool-create-release.yml +++ b/.github/workflows/tool-create-release.yml @@ -28,15 +28,6 @@ jobs: exit 1 fi - - name: Configure AWS Credentials - id: credentials - uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 - with: - role-to-assume: ${{ secrets.IAM_ROLE }} - aws-region: ${{ vars.AWS_REGION }} - role-skip-session-tagging: true - mask-aws-account-id: true - - name: Checkout uses: actions/checkout@v6 @@ -51,10 +42,25 @@ jobs: cd .github/workflows echo "Debugging: List all files in the .github/workflows directory" ls -la - - - name: Full Deployment - uses: ./.github/workflows/full-deployment.yml - + full-deployment: + name: Full Deployment + uses: ./.github/workflows/full-deployment.yml + re-tag-services: + name: Re-tag Services with Release Tag + needs: full-deployment + runs-on: ubuntu-latest + environment: dev + env: + tag: ${{ inputs.tag }} + steps: + - name: Configure AWS Credentials + id: credentials + uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 + with: + role-to-assume: ${{ secrets.IAM_ROLE }} + aws-region: ${{ vars.AWS_REGION }} + role-skip-session-tagging: true + mask-aws-account-id: true - name: Login to Amazon ECR id: ecr-login uses: aws-actions/amazon-ecr-login@v2 From 33936d2b36378828481c63913dd20ab8a8eaef66 Mon Sep 17 00:00:00 2001 From: oliverbeumkes-nhs Date: Thu, 19 Mar 2026 15:37:19 +0000 Subject: [PATCH 05/10] [PRM-691] Added additional needs to full deployment and spacing --- .github/workflows/tool-create-release.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tool-create-release.yml b/.github/workflows/tool-create-release.yml index 1d0d0abf..5b5d8f1b 100644 --- a/.github/workflows/tool-create-release.yml +++ b/.github/workflows/tool-create-release.yml @@ -43,8 +43,9 @@ jobs: echo "Debugging: List all files in the .github/workflows directory" ls -la full-deployment: - name: Full Deployment - uses: ./.github/workflows/full-deployment.yml + needs: create_release + name: Full Deployment + uses: ./.github/workflows/full-deployment.yml re-tag-services: name: Re-tag Services with Release Tag needs: full-deployment From 33a3e3069baf228900fda10b2e0eb030f94777fe Mon Sep 17 00:00:00 2001 From: oliverbeumkes-nhs Date: Thu, 19 Mar 2026 15:40:09 +0000 Subject: [PATCH 06/10] [PRM-691] Added additional for full deployment job --- .github/workflows/tool-create-release.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/tool-create-release.yml b/.github/workflows/tool-create-release.yml index 5b5d8f1b..0eac0205 100644 --- a/.github/workflows/tool-create-release.yml +++ b/.github/workflows/tool-create-release.yml @@ -45,7 +45,12 @@ jobs: full-deployment: needs: create_release name: Full Deployment + permissions: + contents: write + id-token: write + pull-requests: write uses: ./.github/workflows/full-deployment.yml + re-tag-services: name: Re-tag Services with Release Tag needs: full-deployment From be9e3dd30a317e183c115fed9cfee51c5ab80bdb Mon Sep 17 00:00:00 2001 From: oliverbeumkes-nhs Date: Thu, 19 Mar 2026 15:43:36 +0000 Subject: [PATCH 07/10] [PRM-691] Pass in the secrets to the workflow being called --- .github/workflows/tool-create-release.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tool-create-release.yml b/.github/workflows/tool-create-release.yml index 0eac0205..38fd5e90 100644 --- a/.github/workflows/tool-create-release.yml +++ b/.github/workflows/tool-create-release.yml @@ -50,7 +50,8 @@ jobs: id-token: write pull-requests: write uses: ./.github/workflows/full-deployment.yml - + secrets: inherit + re-tag-services: name: Re-tag Services with Release Tag needs: full-deployment From 36c8124365d779df8c86585bf273c55d37748b33 Mon Sep 17 00:00:00 2001 From: oliverbeumkes-nhs Date: Thu, 19 Mar 2026 16:01:08 +0000 Subject: [PATCH 08/10] [PRM-691] Updated list in the bash script to match bash syntax --- .github/workflows/tool-create-release.yml | 31 +++++++++++++---------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/.github/workflows/tool-create-release.yml b/.github/workflows/tool-create-release.yml index 38fd5e90..ca3ec5c9 100644 --- a/.github/workflows/tool-create-release.yml +++ b/.github/workflows/tool-create-release.yml @@ -76,18 +76,21 @@ jobs: env: IMAGE_SHA: ${{ github.sha }} run: | - repo-list=['deductions/ehr-out-service', - 'deductions/ehr-repo', - 'deductions/ehr-transfer-service', - 'deductions/gp2gp-messenger', - 'deductions/mesh-forwarder', - 'deductions/nems-event-processor', - 'deductions/pds-adaptor', - 'repo/re-registration-service', - 'repo/suspension-service'] - for repo in "${repo-list[@]}"; do - repo=${{ steps.credentials.outputs.aws-account-id }}.dkr.ecr.eu-west-2.amazonaws.com/$repo - docker pull $repo:$IMAGE_SHA - docker tag $repo:$IMAGE_SHA $repo:$tag - docker push $repo:$tag + repo_list=("deductions/ehr-out-service" + "deductions/ehr-repo" + "deductions/ehr-transfer-service" + "deductions/gp2gp-messenger" + "deductions/mesh-forwarder" + "deductions/nems-event-processor" + "deductions/pds-adaptor" + "repo/re-registration-service" + "repo/suspension-service" + ) + + for repo in "${repo_list[@]}"; do + full_repo="${{ steps.credentials.outputs.aws-account-id }}.dkr.ecr.eu-west-2.amazonaws.com/${repo}" + + docker pull "${full_repo}:${IMAGE_SHA}" + docker tag "${full_repo}:${IMAGE_SHA}" "${full_repo}:${tag}" + docker push "${full_repo}:${tag}" done From 5ab1283b8ba1415e6aa807b6fb265a156068b856 Mon Sep 17 00:00:00 2001 From: chrisbloe Date: Fri, 20 Mar 2026 08:54:30 +0000 Subject: [PATCH 09/10] Just some formatting --- .github/workflows/tool-create-release.yml | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/.github/workflows/tool-create-release.yml b/.github/workflows/tool-create-release.yml index ca3ec5c9..9f668625 100644 --- a/.github/workflows/tool-create-release.yml +++ b/.github/workflows/tool-create-release.yml @@ -6,18 +6,19 @@ on: workflow_dispatch: inputs: tag: - description: 'Release Tag (format: X.Y.Z, e.g. 1.0.0)' + description: "Release Tag (format: X.Y.Z, e.g. 1.0.0)" required: true -permissions: - id-token: write - contents: write +permissions: {} jobs: create_release: name: Run Full Deployment and Re-tag Services runs-on: ubuntu-latest environment: dev + permissions: + id-token: write + contents: write env: tag: ${{ inputs.tag }} steps: @@ -42,10 +43,11 @@ jobs: cd .github/workflows echo "Debugging: List all files in the .github/workflows directory" ls -la + full-deployment: - needs: create_release name: Full Deployment - permissions: + needs: create_release + permissions: contents: write id-token: write pull-requests: write @@ -57,7 +59,10 @@ jobs: needs: full-deployment runs-on: ubuntu-latest environment: dev - env: + permissions: + id-token: write + contents: write + env: tag: ${{ inputs.tag }} steps: - name: Configure AWS Credentials @@ -68,6 +73,7 @@ jobs: aws-region: ${{ vars.AWS_REGION }} role-skip-session-tagging: true mask-aws-account-id: true + - name: Login to Amazon ECR id: ecr-login uses: aws-actions/amazon-ecr-login@v2 From d644fb9f9bedb21453a64ed024ef2ed07647823c Mon Sep 17 00:00:00 2001 From: chrisbloe Date: Fri, 20 Mar 2026 08:56:50 +0000 Subject: [PATCH 10/10] Remove debugging bit --- .github/workflows/tool-create-release.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/tool-create-release.yml b/.github/workflows/tool-create-release.yml index 9f668625..6cb3c8a5 100644 --- a/.github/workflows/tool-create-release.yml +++ b/.github/workflows/tool-create-release.yml @@ -38,11 +38,6 @@ jobs: git config user.email "github-actions[bot]@users.noreply.github.com" git tag $tag git push origin $tag - echo "Debugging: List all files in the current directory" - ls -la - cd .github/workflows - echo "Debugging: List all files in the .github/workflows directory" - ls -la full-deployment: name: Full Deployment @@ -95,7 +90,6 @@ jobs: for repo in "${repo_list[@]}"; do full_repo="${{ steps.credentials.outputs.aws-account-id }}.dkr.ecr.eu-west-2.amazonaws.com/${repo}" - docker pull "${full_repo}:${IMAGE_SHA}" docker tag "${full_repo}:${IMAGE_SHA}" "${full_repo}:${tag}" docker push "${full_repo}:${tag}"