Conversation
stevebux
added
the
deploy-proxy
stevebux
force-pushed
the
feature/CCM-14778-Fix-E2E-Tests
branch
4 times, most recently
from
2487732 to
7d97b6c
Compare
There was a problem hiding this comment.
Pull request overview
This PR updates the repository’s end-to-end testing and CI wiring to make the e2e suite more reliable by (a) seeding letters via the shared letter-test-data utility and (b) supporting API-key auth for PR proxies and the /_status endpoint.
Changes:
- Add Python e2e helpers to seed PENDING letters via the shared Node CLI and to poll until letters are visible.
- Update e2e auth/header generation to support both bearer tokens and API-key auth (status + PR proxies).
- Restructure GitHub Actions acceptance testing to include an
e2etest type and add support for passing extra secrets to internal workflow dispatches.
Reviewed changes
Copilot reviewed 26 out of 26 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/e2e-tests/lib/secret.py | Extend Secret to carry an auth_type for header generation. |
| tests/e2e-tests/lib/letters.py | New helper to create letter test data via CLI and fetch pending IDs with retry. |
| tests/e2e-tests/lib/generators.py | Update header generation to support API-key vs bearer auth. |
| tests/e2e-tests/lib/fixtures.py | Replace bearer-token fixture with auth “secret” fixtures for /letters and /_status. |
| tests/e2e-tests/lib/authentication.py | Support API-key auth for /_status and PR proxies; path-based auth selection. |
| tests/e2e-tests/api/test_endpoint.py | Update endpoint smoke tests to use new fixtures/header generation. |
| tests/e2e-tests/api/letters/test_update_letter_status.py | Seed/poll for PENDING letters before updating status. |
| tests/e2e-tests/api/letters/test_multiple_letter_status.py | Seed/poll for multiple letters before batch status updates. |
| tests/e2e-tests/api/letters/test_get_list_of_letters.py | Switch to helper that ensures at least one letter is available. |
| tests/e2e-tests/api/letters/test_get_letter_status.py | Switch to helper to obtain a valid letter ID before GET-by-id. |
| tests/e2e-tests/api/letters/conftest.py | New autouse session fixture to seed letters for this test directory. |
| tests/e2e-tests/api/headers/test_x_request_id.py | Update fixtures used for auth in X-Request-ID tests. |
| tests/e2e-tests/api/data/test_get_letter_data.py | Switch to helper to obtain a valid letter ID before fetching letter data. |
| tests/e2e-tests/README.md | Update local e2e setup docs (proxy name + API keys). |
| tests/constants/api-constants.ts | Use TARGET_ENVIRONMENT instead of PR_NUMBER for environment naming. |
| Makefile | Pass STATUS_ENDPOINT_API_KEY into the pytest invocation environment. |
| .gitleaksignore | Add ignore entries for detected IP-like strings in built SAM artefacts. |
| .github/workflows/stage-4-acceptance.yaml | Pass extra secret names to internal workflow dispatch. |
| .github/workflows/stage-3-build.yaml | Split OAS spec artefact jobs (main vs PR) and adjust job dependencies/conditions. |
| .github/scripts/dispatch_internal_repo_workflow.sh | Add --extraSecretNames support for dispatch payload construction. |
| .github/actions/test-types.json | Add e2e to the allowed acceptance test types. |
| .github/actions/e2e-tests/action.yml | Remove legacy composite action for e2e tests. |
| .github/actions/acceptance-tests/action.yml | Route to component vs e2e acceptance sub-actions based on testType. |
| .github/actions/acceptance-tests-e2e/action.yml | New composite action to run the Python e2e suite in CI. |
| .github/actions/acceptance-tests-component/action.yml | New composite action encapsulating component acceptance test execution. |
| .env.template | Add STATUS_ENDPOINT_API_KEY to local env template. |
stevebux
force-pushed
the
feature/CCM-14778-Fix-E2E-Tests
branch
from
83c95f9 to
48052c5
Compare
stevebux
removed
the
deploy-proxy
stevebux
force-pushed
the
feature/CCM-14778-Fix-E2E-Tests
branch
2 times, most recently
from
9980950 to
adee573
Compare
| --infraRepoName "nhs-notify-supplier-api" \ | ||
| --releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \ | ||
| --overrideProjectName "nhs" \ | ||
| --internalRef "feature/CCM-14778" \ |
There was a problem hiding this comment.
Yep, I'm going to revert this once the internal repo change has merged
stevebux
added
the
deploy-proxy
stevebux
force-pushed
the
feature/CCM-14778-Fix-E2E-Tests
branch
from
284fe83 to
adee573
Compare
…et, rather than fetching from APIM
stevebux
force-pushed
the
feature/CCM-14778-Fix-E2E-Tests
branch
from
adee573 to
d11890c
Compare
stevebux
force-pushed
the
feature/CCM-14778-Fix-E2E-Tests
branch
from
d11890c to
53a5d23
Compare
| run: | | ||
| echo "$DEV_E2E_KEYS_PRIVATE" > "${GITHUB_WORKSPACE}/internal-dev-test-1.pem" | ||
| chmod 600 "${GITHUB_WORKSPACE}/internal-dev-test-1.pem" | ||
| BASE_PROXY_NAME=nhs-notify-supplier--internal-dev--nhs-notify-supplier |
There was a problem hiding this comment.
It would be great if we could also run these tests in nonprod / int. If it's too complicated to add them now, maybe worth raising a ticket to it, it would make the release process a lot easier!
There was a problem hiding this comment.
I'm reluctant to make this ticket any bigger than it is, but it's a good suggestion - the tests themselves have been written to support nonprod and int, so hopefully wouldn't need to change. I'll raise a ticket
| run: | | ||
| make test-${{ inputs.testType }} | ||
| - name: Run e2e tests | ||
| if: ${{ inputs.testType == 'e2e' && inputs.targetEnvironment == 'main' }} |
There was a problem hiding this comment.
Can we not run these against PR envs? The acceptance-tests-e2e action has some logic for PR envs
There was a problem hiding this comment.
The blocker is that after running the build, we need to do a manual step to add the PR environment to the APIM application. I tried to automate that step but gave up and raised a follow up ticket to do it (CCM-17012). I left the PR logic in the tests so that they can be easily re-enabled once we complete that ticket.
There was a problem hiding this comment.
Can't figure out where these are set:
DEV_E2E_KEYS_APIM_PR
DEV_E2E_KEYS_APIM_MAIN
DEV_E2E_KEYS_PRIVATE
There was a problem hiding this comment.
Ah yes, it would help to read this is conjunction with the internal repo PR (https://github.com/NHSDigital/nhs-notify-internal/pull/630/changes). Basically the idea is that we store these secrets in the SSM parameter store in the dev supplier API AWS instance. We pass the names of the parameters we want to retrieve to the internal workflow, then when the tests run it has fetched them for us and put them in the environment. This is still subject to approval by Aiden BTW
| else | ||
| echo "ENVIRONMENT=main" >> $GITHUB_ENV | ||
| fi | ||
| echo "ENVIRONMENT=main" >> $GITHUB_ENV |
There was a problem hiding this comment.
Would this need to support PR env as well?
There was a problem hiding this comment.
This is left over from my testing - I need to remove it before merging
|
|
||
| get_message_response = requests.get(f"{url}/{LETTERS_ENDPOINT}?limit=1", headers=headers) | ||
|
|
||
| ErrorHandler.handle_retry(get_message_response) |
There was a problem hiding this comment.
Will we lose some kind of retry ability by taking this off?
There was a problem hiding this comment.
I'm not sure this line adds anything - it blows the test up on certain HTTP error codes, but then the next line fails the test anyway if the status code is anything other than 200. The retry will happen regardless. The get_pending_letter_ids function I've added does a similar job by calling response.raise_for_status()
There was a problem hiding this comment.
Ah wait, that's not true. In the Makefile, pytest is configured to only rerun on the errors thrown by ErrorHandler.handle_retry(get_message_response). I'll add it to get_pending_letter_ids to avoid changing behaviour unnecessarily.
Description
Context
Type of changes
Checklist
DT3-Specific Checklist
Sensitive Information Declaration
To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.