From 0e8e0617b3ae5fac17732282f719f8f2eb266df0 Mon Sep 17 00:00:00 2001 From: Matthew Elwell Date: Thu, 22 Jan 2026 12:12:57 +0000 Subject: [PATCH 1/3] Remove permissions section --- .github/workflows/api-deploy-production-ecs.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/api-deploy-production-ecs.yml b/.github/workflows/api-deploy-production-ecs.yml index 6a1da1afc225..6528e2adbadc 100644 --- a/.github/workflows/api-deploy-production-ecs.yml +++ b/.github/workflows/api-deploy-production-ecs.yml @@ -1,8 +1,5 @@ name: API Deploy to Production ECS -permissions: - contents: read - on: push: tags: From 26faab209b488147a4d18e06e26df8b50872bea6 Mon Sep 17 00:00:00 2001 From: Matthew Elwell Date: Thu, 22 Jan 2026 12:14:09 +0000 Subject: [PATCH 2/3] temp: run deploy job to validate syntax --- .github/workflows/.reusable-deploy-ecs.yml | 140 +++++++++--------- .../workflows/api-deploy-production-ecs.yml | 2 + 2 files changed, 72 insertions(+), 70 deletions(-) diff --git a/.github/workflows/.reusable-deploy-ecs.yml b/.github/workflows/.reusable-deploy-ecs.yml index 7c5645766b49..6f13645efb7d 100644 --- a/.github/workflows/.reusable-deploy-ecs.yml +++ b/.github/workflows/.reusable-deploy-ecs.yml @@ -67,73 +67,73 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - deploy: - needs: docker-build-saas-api - environment: ${{ inputs.environment }} - runs-on: depot-ubuntu-latest - steps: - - name: Cloning repo - uses: actions/checkout@v5 - - - name: Deploy API to ${{ inputs.environment }} - id: deploy-api - uses: ./.github/actions/api-deploy-ecs - with: - aws_access_key_id: ${{ vars.AWS_ACCESS_KEY_ID }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws_ecs_cluster_name: ${{ vars.AWS_ECS_CLUSTER_NAME }} - aws_ecs_cluster_arn: ${{ vars.AWS_ECS_CLUSTER_ARN }} - aws_ecs_service_name: ${{ vars.AWS_ECS_SERVICE_NAME }} - aws_ecs_sdk_service_name: ${{ vars.AWS_ECS_SDK_SERVICE_NAME }} - aws_vpc_subnet_id: ${{ vars.AWS_VPC_SUBNET_ID }} - aws_ecs_security_group_id: ${{ vars.AWS_ECS_SECURITY_GROUP_ID }} - aws_identity_migration_event_bus_name: ${{ vars.AWS_IDENTITY_MIGRATION_EVENT_BUS_NAME }} - aws_identity_migration_event_bus_rule_id: ${{ vars.AWS_IDENTITY_MIGRATION_EVENT_BUS_RULE_ID }} - aws_identity_migration_task_role_arn: ${{ vars.AWS_IDENTITY_MIGRATION_TASK_ROLE_ARN }} - aws_task_definitions_directory_path: infrastructure/aws/${{ inputs.environment }} - api_ecr_image_url: ${{ needs.docker-build-saas-api.outputs.image-url }} - - - name: Deploy Task processor to ${{ inputs.environment }} - uses: ./.github/actions/task-processor-deploy-ecs - with: - aws_access_key_id: ${{ vars.AWS_ACCESS_KEY_ID }} - aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws_ecs_cluster_name: ${{ vars.AWS_ECS_CLUSTER_NAME }} - aws_ecs_service_name: ${{ vars.AWS_ECS_TASK_PROCESSOR_SERVICE_NAME }} - aws_task_definitions_directory_path: infrastructure/aws/${{ inputs.environment }} - api_ecr_image_url: ${{ needs.docker-build-saas-api.outputs.image-url }} - - run-tests: - needs: deploy - runs-on: depot-ubuntu-latest - name: Run E2E Tests - environment: ${{ inputs.environment }} - concurrency: - group: e2e-tests-${{ inputs.environment }} - cancel-in-progress: true - - steps: - - name: Cloning repo - uses: actions/checkout@v5 - - # Temporarily install Firefox 143.0 to avoid test failures as superior versions cause frontend e2e tests to hang - # To be removed once upstream issue correctly resolved - - name: Install Firefox 143.0 - run: | - sudo apt-get remove -y firefox || true - sudo rm -rf /usr/bin/firefox /usr/lib/firefox* - - ARCH=$(uname -m) - wget -O /tmp/firefox.tar.xz "https://ftp.mozilla.org/pub/firefox/releases/143.0/linux-${ARCH}/en-US/firefox-143.0.tar.xz" - sudo tar -xJf /tmp/firefox.tar.xz -C /opt - sudo ln -s /opt/firefox/firefox /usr/local/bin/firefox - rm /tmp/firefox.tar.xz - - firefox --version - - - name: Run E2E tests against ${{ inputs.environment }} - uses: ./.github/actions/e2e-tests - with: - e2e_test_token: ${{ secrets.E2E_TEST_TOKEN }} - slack_token: ${{ secrets.SLACK_TOKEN }} - environment: ${{ inputs.environment }} +# deploy: +# needs: docker-build-saas-api +# environment: ${{ inputs.environment }} +# runs-on: depot-ubuntu-latest +# steps: +# - name: Cloning repo +# uses: actions/checkout@v5 +# +# - name: Deploy API to ${{ inputs.environment }} +# id: deploy-api +# uses: ./.github/actions/api-deploy-ecs +# with: +# aws_access_key_id: ${{ vars.AWS_ACCESS_KEY_ID }} +# aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} +# aws_ecs_cluster_name: ${{ vars.AWS_ECS_CLUSTER_NAME }} +# aws_ecs_cluster_arn: ${{ vars.AWS_ECS_CLUSTER_ARN }} +# aws_ecs_service_name: ${{ vars.AWS_ECS_SERVICE_NAME }} +# aws_ecs_sdk_service_name: ${{ vars.AWS_ECS_SDK_SERVICE_NAME }} +# aws_vpc_subnet_id: ${{ vars.AWS_VPC_SUBNET_ID }} +# aws_ecs_security_group_id: ${{ vars.AWS_ECS_SECURITY_GROUP_ID }} +# aws_identity_migration_event_bus_name: ${{ vars.AWS_IDENTITY_MIGRATION_EVENT_BUS_NAME }} +# aws_identity_migration_event_bus_rule_id: ${{ vars.AWS_IDENTITY_MIGRATION_EVENT_BUS_RULE_ID }} +# aws_identity_migration_task_role_arn: ${{ vars.AWS_IDENTITY_MIGRATION_TASK_ROLE_ARN }} +# aws_task_definitions_directory_path: infrastructure/aws/${{ inputs.environment }} +# api_ecr_image_url: ${{ needs.docker-build-saas-api.outputs.image-url }} +# +# - name: Deploy Task processor to ${{ inputs.environment }} +# uses: ./.github/actions/task-processor-deploy-ecs +# with: +# aws_access_key_id: ${{ vars.AWS_ACCESS_KEY_ID }} +# aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} +# aws_ecs_cluster_name: ${{ vars.AWS_ECS_CLUSTER_NAME }} +# aws_ecs_service_name: ${{ vars.AWS_ECS_TASK_PROCESSOR_SERVICE_NAME }} +# aws_task_definitions_directory_path: infrastructure/aws/${{ inputs.environment }} +# api_ecr_image_url: ${{ needs.docker-build-saas-api.outputs.image-url }} +# +# run-tests: +# needs: deploy +# runs-on: depot-ubuntu-latest +# name: Run E2E Tests +# environment: ${{ inputs.environment }} +# concurrency: +# group: e2e-tests-${{ inputs.environment }} +# cancel-in-progress: true +# +# steps: +# - name: Cloning repo +# uses: actions/checkout@v5 +# +# # Temporarily install Firefox 143.0 to avoid test failures as superior versions cause frontend e2e tests to hang +# # To be removed once upstream issue correctly resolved +# - name: Install Firefox 143.0 +# run: | +# sudo apt-get remove -y firefox || true +# sudo rm -rf /usr/bin/firefox /usr/lib/firefox* +# +# ARCH=$(uname -m) +# wget -O /tmp/firefox.tar.xz "https://ftp.mozilla.org/pub/firefox/releases/143.0/linux-${ARCH}/en-US/firefox-143.0.tar.xz" +# sudo tar -xJf /tmp/firefox.tar.xz -C /opt +# sudo ln -s /opt/firefox/firefox /usr/local/bin/firefox +# rm /tmp/firefox.tar.xz +# +# firefox --version +# +# - name: Run E2E tests against ${{ inputs.environment }} +# uses: ./.github/actions/e2e-tests +# with: +# e2e_test_token: ${{ secrets.E2E_TEST_TOKEN }} +# slack_token: ${{ secrets.SLACK_TOKEN }} +# environment: ${{ inputs.environment }} diff --git a/.github/workflows/api-deploy-production-ecs.yml b/.github/workflows/api-deploy-production-ecs.yml index 6528e2adbadc..64bbf77d18bc 100644 --- a/.github/workflows/api-deploy-production-ecs.yml +++ b/.github/workflows/api-deploy-production-ecs.yml @@ -4,6 +4,8 @@ on: push: tags: - '*' + branches: + - ci/fix-workflow-syntax paths: - api/** - .github/** From c5617faa7db7b8750cba70c74a2de250969154a3 Mon Sep 17 00:00:00 2001 From: Matthew Elwell Date: Thu, 22 Jan 2026 12:15:06 +0000 Subject: [PATCH 3/3] Revert "temp: run deploy job to validate syntax" This reverts commit 26faab209b488147a4d18e06e26df8b50872bea6. --- .github/workflows/.reusable-deploy-ecs.yml | 140 +++++++++--------- .../workflows/api-deploy-production-ecs.yml | 2 - 2 files changed, 70 insertions(+), 72 deletions(-) diff --git a/.github/workflows/.reusable-deploy-ecs.yml b/.github/workflows/.reusable-deploy-ecs.yml index 6f13645efb7d..7c5645766b49 100644 --- a/.github/workflows/.reusable-deploy-ecs.yml +++ b/.github/workflows/.reusable-deploy-ecs.yml @@ -67,73 +67,73 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} -# deploy: -# needs: docker-build-saas-api -# environment: ${{ inputs.environment }} -# runs-on: depot-ubuntu-latest -# steps: -# - name: Cloning repo -# uses: actions/checkout@v5 -# -# - name: Deploy API to ${{ inputs.environment }} -# id: deploy-api -# uses: ./.github/actions/api-deploy-ecs -# with: -# aws_access_key_id: ${{ vars.AWS_ACCESS_KEY_ID }} -# aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} -# aws_ecs_cluster_name: ${{ vars.AWS_ECS_CLUSTER_NAME }} -# aws_ecs_cluster_arn: ${{ vars.AWS_ECS_CLUSTER_ARN }} -# aws_ecs_service_name: ${{ vars.AWS_ECS_SERVICE_NAME }} -# aws_ecs_sdk_service_name: ${{ vars.AWS_ECS_SDK_SERVICE_NAME }} -# aws_vpc_subnet_id: ${{ vars.AWS_VPC_SUBNET_ID }} -# aws_ecs_security_group_id: ${{ vars.AWS_ECS_SECURITY_GROUP_ID }} -# aws_identity_migration_event_bus_name: ${{ vars.AWS_IDENTITY_MIGRATION_EVENT_BUS_NAME }} -# aws_identity_migration_event_bus_rule_id: ${{ vars.AWS_IDENTITY_MIGRATION_EVENT_BUS_RULE_ID }} -# aws_identity_migration_task_role_arn: ${{ vars.AWS_IDENTITY_MIGRATION_TASK_ROLE_ARN }} -# aws_task_definitions_directory_path: infrastructure/aws/${{ inputs.environment }} -# api_ecr_image_url: ${{ needs.docker-build-saas-api.outputs.image-url }} -# -# - name: Deploy Task processor to ${{ inputs.environment }} -# uses: ./.github/actions/task-processor-deploy-ecs -# with: -# aws_access_key_id: ${{ vars.AWS_ACCESS_KEY_ID }} -# aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} -# aws_ecs_cluster_name: ${{ vars.AWS_ECS_CLUSTER_NAME }} -# aws_ecs_service_name: ${{ vars.AWS_ECS_TASK_PROCESSOR_SERVICE_NAME }} -# aws_task_definitions_directory_path: infrastructure/aws/${{ inputs.environment }} -# api_ecr_image_url: ${{ needs.docker-build-saas-api.outputs.image-url }} -# -# run-tests: -# needs: deploy -# runs-on: depot-ubuntu-latest -# name: Run E2E Tests -# environment: ${{ inputs.environment }} -# concurrency: -# group: e2e-tests-${{ inputs.environment }} -# cancel-in-progress: true -# -# steps: -# - name: Cloning repo -# uses: actions/checkout@v5 -# -# # Temporarily install Firefox 143.0 to avoid test failures as superior versions cause frontend e2e tests to hang -# # To be removed once upstream issue correctly resolved -# - name: Install Firefox 143.0 -# run: | -# sudo apt-get remove -y firefox || true -# sudo rm -rf /usr/bin/firefox /usr/lib/firefox* -# -# ARCH=$(uname -m) -# wget -O /tmp/firefox.tar.xz "https://ftp.mozilla.org/pub/firefox/releases/143.0/linux-${ARCH}/en-US/firefox-143.0.tar.xz" -# sudo tar -xJf /tmp/firefox.tar.xz -C /opt -# sudo ln -s /opt/firefox/firefox /usr/local/bin/firefox -# rm /tmp/firefox.tar.xz -# -# firefox --version -# -# - name: Run E2E tests against ${{ inputs.environment }} -# uses: ./.github/actions/e2e-tests -# with: -# e2e_test_token: ${{ secrets.E2E_TEST_TOKEN }} -# slack_token: ${{ secrets.SLACK_TOKEN }} -# environment: ${{ inputs.environment }} + deploy: + needs: docker-build-saas-api + environment: ${{ inputs.environment }} + runs-on: depot-ubuntu-latest + steps: + - name: Cloning repo + uses: actions/checkout@v5 + + - name: Deploy API to ${{ inputs.environment }} + id: deploy-api + uses: ./.github/actions/api-deploy-ecs + with: + aws_access_key_id: ${{ vars.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws_ecs_cluster_name: ${{ vars.AWS_ECS_CLUSTER_NAME }} + aws_ecs_cluster_arn: ${{ vars.AWS_ECS_CLUSTER_ARN }} + aws_ecs_service_name: ${{ vars.AWS_ECS_SERVICE_NAME }} + aws_ecs_sdk_service_name: ${{ vars.AWS_ECS_SDK_SERVICE_NAME }} + aws_vpc_subnet_id: ${{ vars.AWS_VPC_SUBNET_ID }} + aws_ecs_security_group_id: ${{ vars.AWS_ECS_SECURITY_GROUP_ID }} + aws_identity_migration_event_bus_name: ${{ vars.AWS_IDENTITY_MIGRATION_EVENT_BUS_NAME }} + aws_identity_migration_event_bus_rule_id: ${{ vars.AWS_IDENTITY_MIGRATION_EVENT_BUS_RULE_ID }} + aws_identity_migration_task_role_arn: ${{ vars.AWS_IDENTITY_MIGRATION_TASK_ROLE_ARN }} + aws_task_definitions_directory_path: infrastructure/aws/${{ inputs.environment }} + api_ecr_image_url: ${{ needs.docker-build-saas-api.outputs.image-url }} + + - name: Deploy Task processor to ${{ inputs.environment }} + uses: ./.github/actions/task-processor-deploy-ecs + with: + aws_access_key_id: ${{ vars.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws_ecs_cluster_name: ${{ vars.AWS_ECS_CLUSTER_NAME }} + aws_ecs_service_name: ${{ vars.AWS_ECS_TASK_PROCESSOR_SERVICE_NAME }} + aws_task_definitions_directory_path: infrastructure/aws/${{ inputs.environment }} + api_ecr_image_url: ${{ needs.docker-build-saas-api.outputs.image-url }} + + run-tests: + needs: deploy + runs-on: depot-ubuntu-latest + name: Run E2E Tests + environment: ${{ inputs.environment }} + concurrency: + group: e2e-tests-${{ inputs.environment }} + cancel-in-progress: true + + steps: + - name: Cloning repo + uses: actions/checkout@v5 + + # Temporarily install Firefox 143.0 to avoid test failures as superior versions cause frontend e2e tests to hang + # To be removed once upstream issue correctly resolved + - name: Install Firefox 143.0 + run: | + sudo apt-get remove -y firefox || true + sudo rm -rf /usr/bin/firefox /usr/lib/firefox* + + ARCH=$(uname -m) + wget -O /tmp/firefox.tar.xz "https://ftp.mozilla.org/pub/firefox/releases/143.0/linux-${ARCH}/en-US/firefox-143.0.tar.xz" + sudo tar -xJf /tmp/firefox.tar.xz -C /opt + sudo ln -s /opt/firefox/firefox /usr/local/bin/firefox + rm /tmp/firefox.tar.xz + + firefox --version + + - name: Run E2E tests against ${{ inputs.environment }} + uses: ./.github/actions/e2e-tests + with: + e2e_test_token: ${{ secrets.E2E_TEST_TOKEN }} + slack_token: ${{ secrets.SLACK_TOKEN }} + environment: ${{ inputs.environment }} diff --git a/.github/workflows/api-deploy-production-ecs.yml b/.github/workflows/api-deploy-production-ecs.yml index 64bbf77d18bc..6528e2adbadc 100644 --- a/.github/workflows/api-deploy-production-ecs.yml +++ b/.github/workflows/api-deploy-production-ecs.yml @@ -4,8 +4,6 @@ on: push: tags: - '*' - branches: - - ci/fix-workflow-syntax paths: - api/** - .github/**