From a1609e8b19b79cbd6a9a360485349592be09eea8 Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Wed, 29 Nov 2023 15:32:03 +0000
Subject: [PATCH 1/8] FS-3797 Workflow changes following review

---
 .github/workflows/copilot_deploy.yml | 183 +++++++++++++++++++++++----
 1 file changed, 157 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index 330af6c4..2f8b6958 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -141,10 +141,10 @@ jobs:
       run: |
         copilot svc deploy --env ${{ matrix.value }} --app pre-award
 
-  sandbox_deploy:
+  dev_deploy:
     if: ${{ needs.copilot_environments_workflow_setup.outputs.pre_matrix != '' && toJson(fromJson(needs.copilot_environments_workflow_setup.outputs.pre_matrix)) != '[]' }}
     concurrency:
-      group: 'fsd-preaward-copilot-sandbox-${{ matrix.value }}'
+      group: 'fsd-preaward-copilot-dev'
       cancel-in-progress: false
     permissions:
       id-token: write # This is required for requesting the JWT
@@ -157,7 +157,7 @@ jobs:
       matrix:
         value: ${{ fromJSON(needs.copilot_environments_workflow_setup.outputs.pre_matrix) }}
       fail-fast: false
-    environment: ${{ matrix.value }}
+    environment: dev
     steps:
     - name: Git clone the repository
       uses: actions/checkout@v4
@@ -171,7 +171,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v4
       with:
         role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
-        role-session-name: FUND_STORE_${{ matrix.value }}_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        role-session-name: FUND_STORE_DEV_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
         aws-region: eu-west-2
 
     - name: Install AWS Copilot CLI
@@ -182,7 +182,7 @@ jobs:
     - name: confirm copilot env
       shell: bash
       run: |
-        if [ $(copilot env ls) != "${{ matrix.value }}" ]; then
+        if [ $(copilot env ls) != "dev" ]; then
           echo $(copilot env ls)
           exit 1
         fi
@@ -196,16 +196,83 @@ jobs:
         yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || needs.tag_version.outputs.version_to_tag }}"'  copilot/fsd-fund-store/manifest.yml
 
     - name: Run database migrations
-      run: scripts/migration-task-script.py ${{ matrix.value }} fsd-fund-store
+      run: scripts/migration-task-script.py dev fsd-fund-store
 
-    - name: Copilot ${{ matrix.value }} deploy
+    - name: Copilot dev deploy
       id: deploy_build
       run: |
-        copilot svc deploy --env ${{ matrix.value }} --app pre-award
+        copilot svc deploy --env dev --app pre-award
 
-  post_deploy_tests:
-    needs: sandbox_deploy
-    if: inputs.environment == 'test' || inputs.environment == 'dev' || inputs.environment == ''
+  post_dev_deploy_tests:
+    needs: dev_deploy
+    secrets:
+      FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }}
+      FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }}
+    uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main
+    with:
+      run_performance_tests: ${{ inputs.run_performance_tests || true }}
+      run_e2e_tests: ${{ inputs.run_e2e_tests || false }}
+      environment: dev
+
+  test_deploy:
+    if: ${{ needs.copilot_environments_workflow_setup.outputs.pre_matrix != '' && toJson(fromJson(needs.copilot_environments_workflow_setup.outputs.pre_matrix)) != '[]' }}
+    concurrency:
+      group: 'fsd-preaward-copilot-test'
+      cancel-in-progress: false
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    needs: [ tag_version, pre_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    environment: test
+    steps:
+    - name: Git clone the repository
+      uses: actions/checkout@v4
+
+    - name: Get current date
+      shell: bash
+      id: currentdatetime
+      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
+
+    - name: configure aws credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
+        role-session-name: FUND_STORE_TEST_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        aws-region: eu-west-2
+
+    - name: Install AWS Copilot CLI
+      shell: bash
+      run: |
+        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
+
+    - name: confirm copilot env
+      shell: bash
+      run: |
+        if [ $(copilot env ls) != "test" ]; then
+          echo $(copilot env ls)
+          exit 1
+        fi
+
+    - name: Inject Git SHA into manifest
+      run: |
+        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-fund-store/manifest.yml
+
+    - name: Inject replacement image into manifest
+      run: |
+        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || needs.tag_version.outputs.version_to_tag }}"'  copilot/fsd-fund-store/manifest.yml
+
+    - name: Run database migrations
+      run: scripts/migration-task-script.py test fsd-fund-store
+
+    - name: Copilot test deploy
+      id: deploy_build
+      run: |
+        copilot svc deploy --env test --app pre-award
+
+  post_test_deploy_tests:
+    needs: test_deploy
     secrets:
       FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }}
       FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }}
@@ -214,25 +281,89 @@ jobs:
       run_performance_tests: ${{ inputs.run_performance_tests || false }}
       run_e2e_tests: ${{ inputs.run_e2e_tests || true }}
       app_name: application
-      environment: ${{ inputs.environment == '' && 'test' || inputs.environment }}
+      environment: test
 
-  release_deploy:
+  uat_deploy:
+    if: ${{ needs.copilot_environments_workflow_setup.outputs.pre_matrix != '' && toJson(fromJson(needs.copilot_environments_workflow_setup.outputs.pre_matrix)) != '[]' }}
+    concurrency:
+      group: 'fsd-preaward-copilot-uat'
+      cancel-in-progress: false
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    needs: [ tag_version, pre_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    environment: uat
+    steps:
+    - name: Git clone the repository
+      uses: actions/checkout@v4
+
+    - name: Get current date
+      shell: bash
+      id: currentdatetime
+      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
+
+    - name: configure aws credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
+        role-session-name: FUND_STORE_UAT_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        aws-region: eu-west-2
+
+    - name: Install AWS Copilot CLI
+      shell: bash
+      run: |
+        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
+
+    - name: confirm copilot env
+      shell: bash
+      run: |
+        if [ $(copilot env ls) != "uat" ]; then
+          echo $(copilot env ls)
+          exit 1
+        fi
+
+    - name: Inject Git SHA into manifest
+      run: |
+        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-fund-store/manifest.yml
+
+    - name: Inject replacement image into manifest
+      run: |
+        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || needs.tag_version.outputs.version_to_tag }}"'  copilot/fsd-fund-store/manifest.yml
+
+    - name: Run database migrations
+      run: scripts/migration-task-script.py uat fsd-fund-store
+
+    - name: Copilot test deploy
+      id: deploy_build
+      run: |
+        copilot svc deploy --env uat --app pre-award
+
+  post_uat_deploy_tests:
+    needs: uat_deploy
+    secrets:
+      FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }}
+      FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }}
+    uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main
+    with:
+      run_performance_tests: ${{ inputs.run_performance_tests || false }}
+      run_e2e_tests: ${{ inputs.run_e2e_tests || true }}
+      app_name: application
+      environment: uat
+
+  production_deploy:
     if: ${{ needs.copilot_environments_workflow_setup.outputs.post_matrix != '' && toJson(fromJson(needs.copilot_environments_workflow_setup.outputs.post_matrix)) != '[]' }}
     concurrency:
-      group: 'fsd-preaward-copilot-release-${{ matrix.value }}'
+      group: 'fsd-preaward-copilot-production'
       cancel-in-progress: false
     permissions:
       id-token: write # This is required for requesting the JWT
       contents: read  # This is required for actions/checkout
-    needs: [ tag_version, post_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
+    needs: [ tag_version, post_uat_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
     runs-on: ubuntu-latest
     continue-on-error: true
-    strategy:
-      max-parallel: 1
-      matrix:
-        value: ${{ fromJSON(needs.copilot_environments_workflow_setup.outputs.post_matrix) }}
-      fail-fast: false
-    environment: ${{ matrix.value }}
+    environment: production
     steps:
     - name: Git clone the repository
       uses: actions/checkout@v4
@@ -246,7 +377,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v4
       with:
         role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
-        role-session-name: FUND_STORE_${{ matrix.value }}_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        role-session-name: FUND_STORE_PRODUCTION_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
         aws-region: eu-west-2
 
     - name: Install AWS Copilot CLI
@@ -257,7 +388,7 @@ jobs:
     - name: confirm copilot env
       shell: bash
       run: |
-        if [ $(copilot env ls) != "${{ matrix.value }}" ]; then
+        if [ $(copilot env ls) != "production" ]; then
           echo $(copilot env ls)
           exit 1
         fi
@@ -271,9 +402,9 @@ jobs:
         yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || needs.tag_version.outputs.version_to_tag }}"'  copilot/fsd-fund-store/manifest.yml
 
     - name: Run database migrations
-      run: scripts/migration-task-script.py ${{ matrix.value }} fsd-fund-store
+      run: scripts/migration-task-script.py production fsd-fund-store
 
-    - name: Copilot ${{ matrix.value }} deploy
+    - name: Copilot production deploy
       id: deploy_build
       run: |
-        copilot svc deploy --env ${{ matrix.value }} --app pre-award
+        copilot svc deploy --env production --app pre-award

From 5e5745ed151f1aea36c4fbea2e9109a6d0e119fe Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Wed, 29 Nov 2023 15:34:35 +0000
Subject: [PATCH 2/8] Correct order

---
 .github/workflows/copilot_deploy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index 2f8b6958..84276fc7 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -222,7 +222,7 @@ jobs:
     permissions:
       id-token: write # This is required for requesting the JWT
       contents: read  # This is required for actions/checkout
-    needs: [ tag_version, pre_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
+    needs: [ tag_version, post_dev_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
     runs-on: ubuntu-latest
     continue-on-error: true
     environment: test
@@ -291,7 +291,7 @@ jobs:
     permissions:
       id-token: write # This is required for requesting the JWT
       contents: read  # This is required for actions/checkout
-    needs: [ tag_version, pre_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
+    needs: [ tag_version, post_test_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
     runs-on: ubuntu-latest
     continue-on-error: true
     environment: uat

From f612dd18996be9d4a0473a6c5aa3e595ecfddfd7 Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Wed, 29 Nov 2023 15:54:01 +0000
Subject: [PATCH 3/8] Remove matrix completely

---
 .github/workflows/copilot_deploy.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index 84276fc7..3d6fc426 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -152,11 +152,6 @@ jobs:
     needs: [ tag_version, pre_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
     runs-on: ubuntu-latest
     continue-on-error: true
-    strategy:
-      max-parallel: 1
-      matrix:
-        value: ${{ fromJSON(needs.copilot_environments_workflow_setup.outputs.pre_matrix) }}
-      fail-fast: false
     environment: dev
     steps:
     - name: Git clone the repository

From 5f5acba8da137f8aa5d08e3ab4bf4dcd0500ce1c Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Wed, 29 Nov 2023 16:08:32 +0000
Subject: [PATCH 4/8] Remove unneeded app_name

---
 .github/workflows/copilot_deploy.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index 3d6fc426..96b60326 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -344,7 +344,6 @@ jobs:
     with:
       run_performance_tests: ${{ inputs.run_performance_tests || false }}
       run_e2e_tests: ${{ inputs.run_e2e_tests || true }}
-      app_name: application
       environment: uat
 
   production_deploy:

From d8efd73efbdd4d7e395860119367c4547f6b0fa5 Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Wed, 29 Nov 2023 16:12:39 +0000
Subject: [PATCH 5/8] Remove unneeded app_name

---
 .github/workflows/copilot_deploy.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index 96b60326..6b4a3ce8 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -275,7 +275,6 @@ jobs:
     with:
       run_performance_tests: ${{ inputs.run_performance_tests || false }}
       run_e2e_tests: ${{ inputs.run_e2e_tests || true }}
-      app_name: application
       environment: test
 
   uat_deploy:

From 45d48d6cb8dfa84101f88637ae170b1653cb7c5f Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Wed, 29 Nov 2023 16:51:23 +0000
Subject: [PATCH 6/8] Test

---
 .github/workflows/copilot_deploy.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index 6b4a3ce8..85b57975 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -219,7 +219,6 @@ jobs:
       contents: read  # This is required for actions/checkout
     needs: [ tag_version, post_dev_deploy_tests, paketo_build, copilot_environments_workflow_setup ]
     runs-on: ubuntu-latest
-    continue-on-error: true
     environment: test
     steps:
     - name: Git clone the repository

From 64886efd87b83f6ac30ef42b0998546a94c373a8 Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 30 Nov 2023 07:39:34 +0000
Subject: [PATCH 7/8] Wrong matrix

---
 .github/workflows/copilot_deploy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index 85b57975..7385ff88 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -277,7 +277,7 @@ jobs:
       environment: test
 
   uat_deploy:
-    if: ${{ needs.copilot_environments_workflow_setup.outputs.pre_matrix != '' && toJson(fromJson(needs.copilot_environments_workflow_setup.outputs.pre_matrix)) != '[]' }}
+    if: ${{ needs.copilot_environments_workflow_setup.outputs.post_matrix != '' && toJson(fromJson(needs.copilot_environments_workflow_setup.outputs.post_matrix)) != '[]' }}
     concurrency:
       group: 'fsd-preaward-copilot-uat'
       cancel-in-progress: false

From 1e8f4a363c2d322284daf16113c0365df2eb218c Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 30 Nov 2023 08:58:24 +0000
Subject: [PATCH 8/8] Block concurrency on post-deploy testing

---
 .github/workflows/copilot_deploy.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index 7385ff88..72259fb5 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -200,6 +200,9 @@ jobs:
 
   post_dev_deploy_tests:
     needs: dev_deploy
+    concurrency:
+      group: 'fsd-preaward-test-dev'
+      cancel-in-progress: false
     secrets:
       FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }}
       FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }}
@@ -267,6 +270,9 @@ jobs:
 
   post_test_deploy_tests:
     needs: test_deploy
+    concurrency:
+      group: 'fsd-preaward-test-test'
+      cancel-in-progress: false
     secrets:
       FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }}
       FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }}
@@ -335,6 +341,9 @@ jobs:
 
   post_uat_deploy_tests:
     needs: uat_deploy
+    concurrency:
+      group: 'fsd-preaward-test-uat'
+      cancel-in-progress: false
     secrets:
       FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }}
       FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }}