Add preview environment configuration and variables for provider and … (#95)

neil-sproston · web-flow · commit f9e5838f84e0 · 2026-03-04T12:16:38.000Z
## Description Creates the required configuration option to be passed to the container in ECS pointing them to the appropiate endpoints.  ## Context  This is required so the container will access the required endpoints - or mock stubs as required. ## Type of changes  - [ ] Refactoring (non-breaking change) - [x] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would change existing functionality) - [ ] Bug fix (non-breaking change which fixes an issue) ## Checklist  - [x] I have followed the code style of the project - [ ] I have added tests to cover my changes - [ ] I have updated the documentation accordingly - [ ] This PR is a result of pair or mob programming - [ ] Exceptions/Exclusions to coding standards (e.g. #noqa or #NOSONAR) are included within this Pull Request. --- ## Sensitive Information Declaration To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including [PII (Personal Identifiable Information) / PID (Personal Identifiable Data)](https://digital.nhs.uk/data-and-information/keeping-data-safe-and-benefitting-the-public) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter. - [x] I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.
diff --git a/.github/workflows/preview-env.yml b/.github/workflows/preview-env.yml
@@ -134,6 +134,7 @@ jobs:
           TF_VAR_alb_rule_priority: ${{ steps.meta.outputs.alb_rule_priority }}
         run: |
           terraform apply \
+            -var-file="preview.tfvars" \
             -auto-approve
 
       - name: Capture preview TF outputs
@@ -213,7 +214,9 @@ jobs:
           TF_VAR_image_tag: ${{ steps.meta.outputs.branch_name }}
           TF_VAR_alb_rule_priority: ${{ steps.meta.outputs.alb_rule_priority }}
         run: |
-          terraform destroy -auto-approve
+          terraform destroy \
+            -var-file="preview.tfvars" \
+            -auto-approve
 
       # ---------- Wait on AWS tasks and notify ----------
       - name: Await deployment completion
@@ -397,7 +400,7 @@ jobs:
         id: check-integration
         if: always()
         run: |
-            [ -f "gateway-api/test-artefacts/integration-tests.xml" ] && echo "exists=true" >> "$GITHUB_OUTPUT" || echo "exists=false" >> "$GITHUB_OUTPUT"
+          [ -f "gateway-api/test-artefacts/integration-tests.xml" ] && echo "exists=true" >> "$GITHUB_OUTPUT" || echo "exists=false" >> "$GITHUB_OUTPUT"
 
       - name: Publish integration test results to summary
         if: ${{ always() && steps.check-integration.outputs.exists == 'true' }}
@@ -522,4 +525,3 @@ jobs:
         with:
           image-ref: ${{steps.meta.outputs.ecr_url}}:${{steps.meta.outputs.branch_name}}
           artifact-name: trivy-sbom-${{ steps.meta.outputs.branch_name }}
-
diff --git a/infrastructure/.gitignore b/infrastructure/.gitignore
@@ -18,6 +18,9 @@ crash.*.log
 *.tfvars
 *.tfvars.json
 
+# Allow checked-in preview tfvars containing non-sensitive values and secret references only
+!environments/preview/preview.tfvars
+
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
 override.tf
diff --git a/infrastructure/environments/preview/main.tf b/infrastructure/environments/preview/main.tf
@@ -238,6 +238,52 @@ resource "aws_ecs_task_definition" "branch" {
           "awslogs-stream-prefix" = local.branch_safe
         }
       }
+      environment = [
+        {
+          name  = "ENVIRONMENT"
+          value = "preview"
+        },
+        {
+          name  = "BRANCH_NAME"
+          value = var.branch_name
+        },
+        {
+          name  = "SDS_URL"
+          value = var.sds_url
+        },
+        {
+          name  = "SDS_API_TOKEN"
+          value = var.sds_api_token
+        },
+        {
+          name  = "PDS_URL"
+          value = var.pds_url
+        },
+        {
+          name  = "PDS_API_TOKEN"
+          value = var.pds_api_token
+        },
+        {
+          name  = "PDS_API_SECRET"
+          value = var.pds_api_secret
+        },
+        {
+          name  = "PDS_API_KID"
+          value = var.pds_api_kid
+        },
+        {
+          name  = "PROVIDER_URL"
+          value = var.provider_url
+        },
+        {
+          name  = "PROVIDER_MTLS_CERT"
+          value = var.provider_mtls_cert
+        },
+        {
+          name  = "PROVIDER_MTLS_KEY"
+          value = var.provider_mtls_key
+        }
+      ]
     }
   ])
 
diff --git a/infrastructure/environments/preview/preview.tfvars b/infrastructure/environments/preview/preview.tfvars
@@ -0,0 +1,11 @@
+provider_url       = "stub"
+provider_mtls_cert = "stub"
+provider_mtls_key  = "stub"
+
+sds_url       = "stub"
+sds_api_token = "stub"
+
+pds_url        = "stub"
+pds_api_token  = "stub"
+pds_api_secret = "stub"
+pds_api_kid    = "stub"
diff --git a/infrastructure/environments/preview/variables.tf b/infrastructure/environments/preview/variables.tf
@@ -55,3 +55,57 @@ variable "log_kms_key_id" {
   type        = string
   default     = null
 }
+
+variable "provider_url" {
+  description = "The URL of the provider service to connect to."
+  type        = string
+  default     = "https://provider.dev.endpoints.clinical-data-gateway.national.nhs.uk"
+}
+
+variable "provider_mtls_cert" {
+  description = "Name of the secret containing the client certificate for mTLS authentication with the provider."
+  type        = string
+  default     = null
+}
+
+variable "provider_mtls_key" {
+  description = "Name of the secret containing the private key for mTLS authentication with the provider."
+  type        = string
+  default     = null
+}
+
+variable "sds_url" {
+  description = "The URL of the SDS service to connect to."
+  type        = string
+  default     = null
+}
+
+variable "sds_api_token" {
+  description = "API token used to authenticate with SDS."
+  type        = string
+  default     = null
+}
+
+variable "pds_url" {
+  description = "The URL of the PDS service to connect to."
+  type        = string
+  default     = null
+}
+
+variable "pds_api_token" {
+  description = "API token used to authenticate with PDS."
+  type        = string
+  default     = null
+}
+
+variable "pds_api_secret" {
+  description = "API secret key used to authenticate with PDS."
+  type        = string
+  default     = null
+}
+
+variable "pds_api_kid" {
+  description = "API key ID used to authenticate with PDS."
+  type        = string
+  default     = null
+}
