[PRMP-739] Restore branch to match 6ec104b

Author: PedroSoaresNHS

.github/actions/tf-plan-apply/action.yml

@@ -6,14 +6,6 @@ inputs:
     description: "AWS IAM Role to assume"
     required: true
 
-  bucket_prefix:
-    description: "One of dev, test, pre-prod, prod"
-    required: true
-
-  aws_account_id:
-    description: "AWS Account ID"
-    required: true
-
   aws_region:
     description: "AWS Region to use"
     required: true
@@ -22,7 +14,11 @@ inputs:
   terraform_version:
     description: "Terraform version to use"
     required: false
-    default: "1.14.3"
+    default: "1.13.3"
+
+  backend_conf:
+    description: "Terraform backend config file"
+    required: true
 
   working_directory:
     description: "Terraform working directory"
@@ -42,11 +38,6 @@ inputs:
     required: false
     default: ""
 
-  tf_lock_timeout:
-    description: "Time to wait for Terraform state lock (e.g., 20m)"
-    required: false
-    default: "20m"
-
   do_apply:
     description: "Whether to run 'terraform apply' after 'terraform plan'"
     required: false
@@ -70,7 +61,7 @@ runs:
         terraform_wrapper: false
 
     - name: Initialise Terraform
-      run: terraform init -backend-config=bucket=ndr-${{ inputs.bucket_prefix }}-terraform-state-${{ inputs.aws_account_id }}
+      run: terraform init -backend-config=${{ inputs.backend_conf }}
       working-directory: ${{ inputs.working_directory }}
       shell: bash
 
@@ -86,12 +77,12 @@ runs:
 
     - name: Run Terraform Plan
       run: |
-        terraform plan -lock-timeout="${{ inputs.tf_lock_timeout }}" -input=false -no-color -var-file="${{ inputs.tf_vars_file }}" ${{ inputs.tf_extra_args }} -out tf.plan
+        terraform plan -input=false -no-color -var-file="${{ inputs.tf_vars_file }}" ${{ inputs.tf_extra_args }} -out tf.plan
       working-directory: ${{ inputs.working_directory }}
       shell: bash
 
     - name: Run Terraform Apply
       if: ${{ inputs.do_apply == 'true' }}
-      run: terraform apply -lock-timeout="${{ inputs.tf_lock_timeout }}" -auto-approve -input=false tf.plan
+      run: terraform apply -auto-approve -input=false tf.plan
       working-directory: ${{ inputs.working_directory }}
       shell: bash

.github/workflows/automated-deploy-dev.yml

@@ -13,41 +13,15 @@ permissions:
   actions: read   # This is required for Plan comment
   id-token: write # This is required for requesting the JWT
   contents: write # This is required for SBOM action
-
+    
 jobs:
-
-  # Terraform apply of base_iam will only occur on a push (merge request completion)
-  terraform_plan_apply_base_iam:
-    if: github.ref == 'refs/heads/main'
-    name: Terraform Plan/Apply (base_iam)
-    runs-on: ubuntu-latest
-    environment: development
-    steps:
-      - name: Checkout branch
-        uses: actions/checkout@v6
-
-      - name: Apply base_iam
-        uses: ./.github/actions/tf-plan-apply
-        with:
-          aws_assume_role: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/dev-github-bootstrap
-          bucket_prefix: "dev"
-          aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
-          aws_region: ${{ vars.AWS_REGION }}
-          working_directory: "./base_iam"  # Use separate base_iam directory
-          workspace: ${{ secrets.AWS_WORKSPACE }}
-          tf_vars_file: ${{ vars.TF_VARS_FILE }}
-          tf_extra_args: "-var aws_account_id=${{ secrets.AWS_ACCOUNT_ID }}"
-
   terraform_plan_apply:
     name: Terraform Plan/Apply (ndr-dev)
     runs-on: ubuntu-latest
-    needs: terraform_plan_apply_base_iam
-    # Will run when terraform_plan_apply_base_iam completes or is skipped
-    if: always() && (needs.terraform_plan_apply_base_iam.result == 'skipped' || needs.terraform_plan_apply_base_iam.result == 'success')
     environment: development
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v5
@@ -60,7 +34,7 @@ jobs:
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.14.3
+          terraform_version: 1.13.3
           terraform_wrapper: true
 
       - name: Initialise Terraform
@@ -99,7 +73,7 @@ jobs:
               echo "::add-mask::$cert_block"
             fi
           done || echo "No certificate blocks found to mask."
-
+          
           # Mask sensitive URLs in the Terraform Plan output
           grep -Eo 'https://[a-zA-Z0-9.-]+\.execute-api\.[a-zA-Z0-9.-]+\.amazonaws\.com/[a-zA-Z0-9/._-]*' tfplan.txt | while read -r api_url; do
             if [ -n "$api_url" ]; then
@@ -123,7 +97,6 @@ jobs:
 
           # Mask GitHub secrets
           echo "::add-mask::${{ secrets.AWS_ASSUME_ROLE }}"
-          echo "::add-mask::arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_WORKSPACE }}-github-actions-role"
           echo "::add-mask::${{ secrets.GITHUB_TOKEN }}"
 
           # Mask Terraform variables
@@ -180,7 +153,7 @@ jobs:
 
             // 2. Prepare format of the comment
             const output = `### Report for environment: ndr-dev
-
+            
             #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
             <details><summary>Initialization Output</summary>
 
@@ -218,7 +191,7 @@ jobs:
                 body: output
               })
             }
-
+            
             github.rest.issues.createComment({
               issue_number: context.issue.number,
               owner: context.repo.owner,

.github/workflows/automated-pr-validator.yml

@@ -17,7 +17,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -130,7 +130,7 @@ jobs:
       contents: read
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v6
+      uses: actions/checkout@v5
 
     - name: Set up Python 3.11
       uses: actions/setup-python@v6

.github/workflows/automated-sonarqube-cloud-analysis.yml

@@ -17,12 +17,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v7
+        uses: SonarSource/sonarqube-scan-action@v6
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/base-cleanup-lambda-edge.yml

@@ -31,7 +31,7 @@ jobs:
     environment: ${{ inputs.environment }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           repository: 'NHSDigital/national-document-repository-infrastructure'
           ref: ${{ inputs.git_ref }}

.github/workflows/base-cleanup-workspace.yml

@@ -31,7 +31,7 @@ jobs:
     environment: ${{ inputs.environment }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           repository: 'NHSDigital/national-document-repository-infrastructure'
           ref: ${{ inputs.git_ref }}

.github/workflows/cron-daily-health-check.yml

@@ -28,7 +28,7 @@ jobs:
     needs: ['set_workspace']
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           ref: main
 
@@ -43,7 +43,7 @@ jobs:
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.14.3
+          terraform_version: 1.13.3
           terraform_wrapper: false
 
       - name: Initialise Terraform
@@ -91,7 +91,7 @@ jobs:
     runs-on: ubuntu-latest 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           repository: NHSDigital/national-document-repository
 
@@ -113,7 +113,7 @@ jobs:
         working-directory: ./app
 
       - name: Cypress Build
-        uses: cypress-io/github-action@v7
+        uses: cypress-io/github-action@v6
         with:
           install: false
           runTests: false
@@ -128,7 +128,7 @@ jobs:
         run: npm install serve -g
 
       - name: Run Cypress Tests (Chrome)
-        uses: cypress-io/github-action@v7
+        uses: cypress-io/github-action@v6
         with:
           install: false
           start: serve -s dist
@@ -139,15 +139,15 @@ jobs:
           CYPRESS_grepTags: 'regression'
 
       - name: Upload Artifacts (Screenshots)
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v4
         if: failure()
         with:
           name: cypress-screenshots-chrome
           path: /home/runner/work/national-document-repository/national-document-repository/app/cypress/screenshots
           if-no-files-found: ignore
 
       - name: Upload Artifacts (Videos)
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v4
         if: failure()
         with:
           name: cypress-videos-chrome

.github/workflows/cron-tear-down-sandbox.yml

@@ -2,7 +2,7 @@ name: 'Z-CRON: Tear down - Sandboxes'
 
 on:
   schedule:
-    - cron: 59 18,20,22 * * 1-5 # utc time
+    - cron: 59 18-21 * * 1-5 # utc time
 
 permissions:
   pull-requests: write
@@ -16,7 +16,7 @@ jobs:
     environment: development
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           ref: main
 

.github/workflows/cron-tear-down-test.yml

@@ -41,7 +41,7 @@ jobs:
         sandbox-name: [ndr-test]
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           ref: main
 
@@ -56,7 +56,7 @@ jobs:
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.14.3
+          terraform_version: 1.13.3
           terraform_wrapper: false
 
       - name: Initialise Terraform