CCM-7465: implement backend api PT.2

.github/actions/create-lines-of-code-report/action.yaml

@@ -32,7 +32,7 @@ runs:
       run: zip lines-of-code-report.json.zip lines-of-code-report.json
     - name: "Upload CLOC report as an artefact"
       if: ${{ !env.ACT }}
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: lines-of-code-report.json.zip
         path: ./lines-of-code-report.json.zip

.github/actions/scan-dependencies/action.yaml

@@ -32,7 +32,7 @@ runs:
       run: zip sbom-repository-report.json.zip sbom-repository-report.json
     - name: "Upload SBOM report as an artefact"
       if: ${{ !env.ACT }}
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: sbom-repository-report.json.zip
         path: ./sbom-repository-report.json.zip
@@ -47,7 +47,7 @@ runs:
       run: zip vulnerabilities-repository-report.json.zip vulnerabilities-repository-report.json
     - name: "Upload vulnerabilities report as an artefact"
       if: ${{ !env.ACT }}
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: vulnerabilities-repository-report.json.zip
         path: ./vulnerabilities-repository-report.json.zip

.github/workflows/stage-4-acceptance.yaml

@@ -40,37 +40,9 @@ permissions:
   contents: read  # This is required for actions/checkout
 
 jobs:
-  environment-set-up:
-    name: "Environment set up"
-    runs-on: ubuntu-latest
-    environment: dev
-    timeout-minutes: 15
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v4
-      - name: "Repo setup"
-        run: |
-          npm ci
-      - name: "Generate dependencies"
-        run: |
-          npm run generate-dependencies --workspaces --if-present
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ASSUME_ROLE_NAME }}
-          role-session-name: deployInfra
-          aws-region: ${{ env.AWS_REGION }}
-      - name: "Create Amplify sandbox"
-        run: |
-          ./scripts/create_amplify_sandbox.sh
-      - uses: actions/upload-artifact@v4
-        with:
-          name: amplify_outputs.json
-          path: frontend/amplify_outputs.json
-
   sandbox-set-up:
     name: "Sandbox set up"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     environment: dev
     timeout-minutes: 15
     steps:
@@ -92,11 +64,10 @@ jobs:
         with:
           name: sandbox_tf_outputs.json
           path: sandbox_tf_outputs.json
-
   test-security:
     name: "Security test"
-    runs-on: ubuntu-latest
-    needs: [environment-set-up, sandbox-set-up]
+    runs-on: ubuntu-22.04
+    needs: [sandbox-set-up]
     timeout-minutes: 10
     steps:
       - name: "Checkout code"
@@ -109,17 +80,19 @@ jobs:
           echo "Nothing to save"
   test-accessibility:
     name: "Accessibility test"
-    runs-on: ubuntu-latest
-    needs: [environment-set-up, sandbox-set-up]
+    runs-on: ubuntu-22.04
+    needs: [sandbox-set-up]
     environment: dev
+    env:
+      INCLUDE_AUTH_PAGES: 'true'
     timeout-minutes: 10
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
       - uses: actions/download-artifact@v4
         with:
-          name: amplify_outputs.json
-          path: frontend/
+          name: sandbox_tf_outputs.json
+          path: ./
       - name: "Repo setup"
         run: |
           npm ci
@@ -133,25 +106,29 @@ jobs:
           role-session-name: deployInfra
           aws-region: eu-west-2
       - name: "Run accessibility test"
-        run: make test-accessibility
+        run: |
+          npm run create-amplify-outputs file
+          make test-accessibility
       - name: Archive accessibility results
         uses: actions/upload-artifact@v4
         with:
           name: accessibility
           path: ".reports/accessibility"
   test-ui-component:
     name: "UI Component test"
-    runs-on: ubuntu-latest
-    needs: [environment-set-up, sandbox-set-up]
+    runs-on: ubuntu-22.04
+    needs: [sandbox-set-up]
     environment: dev
+    env:
+      INCLUDE_AUTH_PAGES: 'true'
     timeout-minutes: 10
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
       - uses: actions/download-artifact@v4
         with:
-          name: amplify_outputs.json
-          path: frontend/
+          name: sandbox_tf_outputs.json
+          path: ./
       - name: "Repo setup"
         run: |
           npm ci
@@ -168,45 +145,19 @@ jobs:
           aws-region: eu-west-2
       - name: "Run ui component test"
         run: |
+          npm run create-amplify-outputs file
           cd tests/test-team
           npm run test:local-ui
       - name: Archive component test results
+        if: success() || failure()
         uses: actions/upload-artifact@v4
         with:
           name: component test report
           path: "tests/test-team/playwright-report"
-  environment-tear-down:
-    name: "Environment tear down"
-    if: success() || failure()
-    runs-on: ubuntu-latest
-    needs: [test-accessibility, test-ui-component]
-    environment: dev
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
-        with:
-          name: amplify_outputs.json
-          path: frontend/
-      - name: "Repo setup"
-        run: |
-          npm ci
-      - name: "Generate dependencies"
-        run: |
-          npm run generate-dependencies --workspaces --if-present
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ASSUME_ROLE_NAME }}
-          role-session-name: deployInfra
-          aws-region: eu-west-2
-      - name: "Destroy Amplify sandbox"
-        run: |
-          (cd frontend && npm run destroy-sandbox -- --identifier "wf-${GITHUB_RUN_ID}")
   sandbox-tear-down:
     name: "Sandbox tear down"
     if: success() || failure()
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     needs: [test-accessibility, test-ui-component]
     environment: dev
     steps:

.gitignore

@@ -82,3 +82,4 @@ sandbox_cognito_auth_token.json
 
 frontend/public/testing
 .vscode/launch.json
+auth.json

amplify.yml

@@ -10,8 +10,8 @@ applications:
             - nvm use 20.13.1
             - npm ci --cache .npm --prefer-offline
             - npm run generate-dependencies --workspaces --if-present
+            - npm run create-amplify-outputs env
             - cd frontend
-            - npx ampx pipeline-deploy --branch $AWS_BRANCH --app-id $AWS_APP_ID
     frontend:
       phases:
         build:

frontend/.env.template

@@ -0,0 +1,2 @@
+# Includes auth pages when building web frontend in production mode.
+INCLUDE_AUTH_PAGES=''

frontend/amplify/backend.ts

@@ -1,28 +1 @@
-import { defineBackend } from '@aws-amplify/backend';
-import { PolicyStatement, Effect } from 'aws-cdk-lib/aws-iam';
-import { auth } from './auth/resource';
-import { data } from './data/resource';
-import { sendEmail } from './functions/send-email/resource';
-
-const backend = defineBackend({
-  auth,
-  data,
-  sendEmail,
-});
-
-const sendEmailLambda = backend.sendEmail.resources.lambda;
-
-const attachPolicy = new PolicyStatement({
-  sid: 'AmplifySendEmail',
-  effect: Effect.ALLOW,
-  actions: ['ses:SendRawEmail'],
-  resources: [`arn:aws:ses:eu-west-2:${process.env.ACCOUNT_ID}:identity/*`],
-});
-
-sendEmailLambda.addToRolePolicy(attachPolicy);
-
-backend.data.resources.cfnResources.amplifyDynamoDbTables.TemplateStorage.timeToLiveAttribute =
-  {
-    attributeName: 'ttl',
-    enabled: true,
-  };
+/* eslint-disable unicorn/no-empty-file */

frontend/next.config.js

@@ -1,17 +1,21 @@
 /** @type {import('next').NextConfig} */
 
 const { PHASE_DEVELOPMENT_SERVER } = require('next/constants');
+const amplifyConfig = require('./amplify_outputs.json');
 
 const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? '/templates';
 const domain = process.env.NOTIFY_DOMAIN_NAME ?? 'localhost:3000';
 
 const nextConfig = (phase) => {
   const isDevServer = phase === PHASE_DEVELOPMENT_SERVER;
+  const includeAuthPages =
+    process.env.INCLUDE_AUTH_PAGES === 'true' || isDevServer;
 
   return {
     basePath,
     env: {
       basePath,
+      BACKEND_API_URL: amplifyConfig?.meta?.backend_api_url,
     },
 
     experimental: {
@@ -32,7 +36,7 @@ const nextConfig = (phase) => {
     },
 
     async rewrites() {
-      if (isDevServer) {
+      if (includeAuthPages) {
         return [
           {
             source: '/auth/signout',
@@ -52,7 +56,7 @@ const nextConfig = (phase) => {
 
     // pages with e.g. .dev.tsx extension are only included when running locally
     pageExtensions: ['ts', 'tsx', 'js', 'jsx'].flatMap((extension) => {
-      return isDevServer ? [`dev.${extension}`, extension] : [extension];
+      return includeAuthPages ? [`dev.${extension}`, extension] : [extension];
     }),
   };
 };

frontend/package.json

@@ -6,9 +6,9 @@
     "dev": "next dev",
     "build": "next build",
     "start": "next start",
-    "lint": "next lint --dir .",
-    "lint:fix": "next lint  --dir . --fix",
-    "test:unit": "jest",
+    "lint": "npm run mock-amplify-outputs && next lint --dir .",
+    "lint:fix": "npm run lint -- --fix",
+    "test:unit": "npm run mock-amplify-outputs && jest",
     "app:start": "pm2 start npm -- start",
     "app:wait": "wait-on -l http://localhost:3000/templates/create-and-submit-templates",
     "app:stop": "pm2 kill",
@@ -29,6 +29,7 @@
     "next": "14.2.13",
     "nhs-notify-web-template-management-amplify": "*",
     "nhs-notify-web-template-management-utils": "*",
+    "nhs-notify-backend-client": "*",
     "nhsuk-frontend": "^8.3.0",
     "nhsuk-react-components": "^4.1.1",
     "path": "^0.12.7",

frontend/src/__tests__/components/forms/DeleteTemplate/server-action.test.ts

@@ -29,13 +29,10 @@ test('calls form action and redirects', async () => {
 
   await deleteTemplateAction(mockTemplate);
 
-  expect(mockSaveTemplate).toHaveBeenCalledWith(
-    {
-      ...mockTemplate,
-      templateStatus: TemplateStatus.DELETED,
-    },
-    1_643_619_600
-  );
+  expect(mockSaveTemplate).toHaveBeenCalledWith({
+    ...mockTemplate,
+    templateStatus: TemplateStatus.DELETED,
+  });
 
   expect(mockRedirect).toHaveBeenCalledWith(
     '/manage-templates',

frontend/src/__tests__/components/forms/SubmitTemplate/server-action.test.ts

@@ -92,12 +92,7 @@ describe('submitTemplate', () => {
 
     await submitTemplate('submit-route', formData);
 
-    expect(sendEmailMock).toHaveBeenCalledWith(
-      mockNhsAppTemplate.id,
-      mockNhsAppTemplate.name,
-      mockNhsAppTemplate.message,
-      null
-    );
+    expect(sendEmailMock).toHaveBeenCalledWith(mockNhsAppTemplate.id);
 
     expect(redirectMock).toHaveBeenCalledWith('/submit-route/1', 'push');
   });
@@ -120,11 +115,6 @@ describe('submitTemplate', () => {
 
     await submitTemplate('submit-route', formData);
 
-    expect(sendEmailMock).toHaveBeenCalledWith(
-      mockEmailTemplate.id,
-      mockEmailTemplate.name,
-      mockEmailTemplate.message,
-      mockEmailTemplate.subject
-    );
+    expect(sendEmailMock).toHaveBeenCalledWith(mockEmailTemplate.id);
   });
 });