Chore: [AEA-5851] - simplify IaC, sync current ODS codes (#2287)

## Summary

- 🤖 Operational or Infrastructure Change

### Details

- Replace `if prod` logic with parameters
- Sync SSM param data to live (remove drift)

---------

Co-authored-by: Jim Wild <james.wild6@nhs.net>

Author: tstephen-nhs

.github/scripts/release_code.sh

@@ -65,4 +65,9 @@ sam deploy \
             StateMachineLogLevel="$STATE_MACHINE_LOG_LEVEL" \
             EnableNotificationsInternal="$ENABLE_NOTIFICATIONS_INTERNAL" \
             EnableNotificationsExternal="$ENABLE_NOTIFICATIONS_EXTERNAL" \
+            EnabledSiteODSCodesValue="$ENABLED_SITE_ODS_CODES" \
+            EnabledSystemsValue="$ENABLED_SYSTEMS" \
+            BlockedSiteODSCodesValue="$BLOCKED_SITE_ODS_CODES" \
+            NotifyRoutingPlanIDValue="$NOTIFY_ROUTING_PLAN_ID" \
+            NotifyAPIBaseURLValue="$NOTIFY_API_BASE_URL" \
             RequireApplicationName="$REQUIRE_APPLICATION_NAME"

.github/workflows/ci.yml

@@ -120,6 +120,11 @@ jobs:
       ENABLE_BACKUP: True
       ENABLE_NOTIFICATIONS_INTERNAL: true
       ENABLE_NOTIFICATIONS_EXTERNAL: false
+      ENABLED_SITE_ODS_CODES: "FA565,A83008"
+      ENABLED_SYSTEMS: "Internal Test System"
+      BLOCKED_SITE_ODS_CODES: "B3J1Z"
+      NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
+      NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
     secrets:
@@ -155,6 +160,11 @@ jobs:
       ENABLE_BACKUP: False
       ENABLE_NOTIFICATIONS_INTERNAL: false
       ENABLE_NOTIFICATIONS_EXTERNAL: false
+      ENABLED_SITE_ODS_CODES: "FA565,A83008"
+      ENABLED_SYSTEMS: "Internal Test System"
+      BLOCKED_SITE_ODS_CODES: "B3J1Z"
+      NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
+      NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
     secrets:
@@ -187,6 +197,11 @@ jobs:
       ENABLE_BACKUP: False
       ENABLE_NOTIFICATIONS_INTERNAL: false
       ENABLE_NOTIFICATIONS_EXTERNAL: false
+      ENABLED_SITE_ODS_CODES: "FA565,A83008"
+      ENABLED_SYSTEMS: "Internal Test System"
+      BLOCKED_SITE_ODS_CODES: "B3J1Z"
+      NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
+      NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
     secrets:

.github/workflows/ods-codes.txt

@@ -0,0 +1,4 @@
+FRT44
+FVQ48
+FX237
+FM623

.github/workflows/pull_request.yml

@@ -83,6 +83,11 @@ jobs:
       ENABLE_BACKUP: False
       ENABLE_NOTIFICATIONS_INTERNAL: true
       ENABLE_NOTIFICATIONS_EXTERNAL: false
+      ENABLED_SITE_ODS_CODES: "FA565,A83008"
+      ENABLED_SYSTEMS: "Internal Test System"
+      BLOCKED_SITE_ODS_CODES: "B3J1Z"
+      NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
+      NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: true
     secrets:
@@ -113,6 +118,11 @@ jobs:
       ENABLE_BACKUP: False
       ENABLE_NOTIFICATIONS_INTERNAL: false
       ENABLE_NOTIFICATIONS_EXTERNAL: false
+      ENABLED_SITE_ODS_CODES: "FA565,A83008"
+      ENABLED_SYSTEMS: "Internal Test System"
+      BLOCKED_SITE_ODS_CODES: "B3J1Z"
+      NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
+      NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: true
     secrets:

.github/workflows/release.yml

@@ -138,6 +138,11 @@ jobs:
       ENABLE_BACKUP: True
       ENABLE_NOTIFICATIONS_INTERNAL: false
       ENABLE_NOTIFICATIONS_EXTERNAL: false
+      ENABLED_SITE_ODS_CODES: "FA565,A83008"
+      ENABLED_SYSTEMS: "Internal Test System"
+      BLOCKED_SITE_ODS_CODES: "B3J1Z"
+      NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
+      NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
     secrets:
@@ -172,6 +177,11 @@ jobs:
       ENABLE_BACKUP: False
       ENABLE_NOTIFICATIONS_INTERNAL: false
       ENABLE_NOTIFICATIONS_EXTERNAL: false
+      ENABLED_SITE_ODS_CODES: "FA565,A83008"
+      ENABLED_SYSTEMS: "Internal Test System"
+      BLOCKED_SITE_ODS_CODES: "B3J1Z"
+      NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
+      NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
     secrets:
@@ -211,6 +221,11 @@ jobs:
       ENABLE_BACKUP: False
       ENABLE_NOTIFICATIONS_INTERNAL: false
       ENABLE_NOTIFICATIONS_EXTERNAL: false
+      ENABLED_SITE_ODS_CODES: "FA565,A83008"
+      ENABLED_SYSTEMS: "Internal Test System, Apotec Ltd - Apotec CRM - Production, CrxPatientApp, nhsPrescriptionApp, Titan PSU Prod"
+      BLOCKED_SITE_ODS_CODES: "B3J1Z"
+      NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
+      NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
     secrets:
@@ -250,6 +265,11 @@ jobs:
       ENABLE_BACKUP: False
       ENABLE_NOTIFICATIONS_INTERNAL: false
       ENABLE_NOTIFICATIONS_EXTERNAL: false
+      ENABLED_SITE_ODS_CODES: "FA565,A83008"
+      ENABLED_SYSTEMS: "Internal Test System, Apotec Ltd - Apotec CRM - Production, CrxPatientApp, nhsPrescriptionApp, Titan PSU Prod"
+      BLOCKED_SITE_ODS_CODES: "B3J1Z"
+      NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
+      NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
     secrets:
@@ -283,7 +303,12 @@ jobs:
       STATE_MACHINE_LOG_LEVEL: ALL
       ENABLE_BACKUP: True
       ENABLE_NOTIFICATIONS_INTERNAL: true
-      ENABLE_NOTIFICATIONS_EXTERNAL: false
+      ENABLE_NOTIFICATIONS_EXTERNAL: true
+      ENABLED_SITE_ODS_CODES: "FA565,A83008"
+      ENABLED_SYSTEMS: "Internal Test System, Apotec Ltd - Apotec CRM - Production, CrxPatientApp, nhsPrescriptionApp, Titan PSU Prod"
+      BLOCKED_SITE_ODS_CODES: "B3J1Z"
+      NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
+      NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
     secrets:
@@ -318,13 +343,31 @@ jobs:
       ENABLE_BACKUP: False
       ENABLE_NOTIFICATIONS_INTERNAL: false
       ENABLE_NOTIFICATIONS_EXTERNAL: false
+      ENABLED_SITE_ODS_CODES: "FA565,A83008"
+      ENABLED_SYSTEMS: "Internal Test System, Apotec Ltd - Apotec CRM - Production, CrxPatientApp, nhsPrescriptionApp, Titan PSU Prod"
+      BLOCKED_SITE_ODS_CODES: "B3J1Z"
+      NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c"
+      NOTIFY_API_BASE_URL: "https://int.api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.INT_CLOUD_FORMATION_DEPLOY_ROLE }}
       PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PROD_ROLE }}
       REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
 
+  read_ods_codes:
+    needs: quality_checks
+    runs-on: ubuntu-22.04
+    outputs:
+      ods_csv: ${{steps.read.outputs.ods_csv}}
+    steps:
+      - name: Read ODS codes and produce CSV
+        id: read
+        run: |
+          INPUT_FILE="./ods-codes.txt"
+          CSV=$(sed ':a;N;$!ba;s/\r\?\n/,/g;s/,$//' < "$INPUT_FILE")
+          echo "ods_csv=$CSV" >> "$GITHUB_OUTPUT"
+
   release_prod:
     needs:
       [
@@ -333,6 +376,7 @@ jobs:
         release_int_sandbox,
         package_code,
         get_commit_id,
+        read_ods_codes,
       ]
     uses: ./.github/workflows/run_release_code_and_api.yml
     with:
@@ -358,7 +402,12 @@ jobs:
       STATE_MACHINE_LOG_LEVEL: ERROR
       ENABLE_BACKUP: True
       ENABLE_NOTIFICATIONS_INTERNAL: true
-      ENABLE_NOTIFICATIONS_EXTERNAL: false
+      ENABLE_NOTIFICATIONS_EXTERNAL: true
+      ENABLED_SITE_ODS_CODES: ${{ needs.read_ods_codes.outputs.ods_csv }}
+      ENABLED_SYSTEMS: " "
+      BLOCKED_SITE_ODS_CODES: " "
+      NOTIFY_ROUTING_PLAN_ID: "e57fe5cc-0567-4854-abe2-b7dd9014a50c" # INT and PROD share a value
+      NOTIFY_API_BASE_URL: "https://api.service.nhs.uk"
       MTLS_KEY: psu-mtls-1
       IS_PULL_REQUEST: false
     secrets:

.github/workflows/run_release_code_and_api.yml

@@ -84,6 +84,21 @@ on:
         required: false
         type: boolean
         default: false
+      ENABLED_SITE_ODS_CODES:
+        required: true
+        type: string
+      ENABLED_SYSTEMS:
+        required: true
+        type: string
+      BLOCKED_SITE_ODS_CODES:
+        required: true
+        type: string
+      NOTIFY_ROUTING_PLAN_ID:
+        required: true
+        type: string
+      NOTIFY_API_BASE_URL:
+        required: true
+        type: string
       IS_PULL_REQUEST:
         type: boolean
         default: true
@@ -179,6 +194,11 @@ jobs:
           ENABLE_NOTIFICATIONS_INTERNAL: ${{ inputs.ENABLE_NOTIFICATIONS_INTERNAL }}
           ENABLE_NOTIFICATIONS_EXTERNAL: ${{ inputs.ENABLE_NOTIFICATIONS_EXTERNAL }}
           REQUIRE_APPLICATION_NAME: ${{ inputs.REQUIRE_APPLICATION_NAME }}
+          ENABLED_SITE_ODS_CODES: ${{ inputs.ENABLED_SITE_ODS_CODES }}
+          ENABLED_SYSTEMS: ${{ inputs.ENABLED_SYSTEMS }}
+          BLOCKED_SITE_ODS_CODES: ${{ inputs.BLOCKED_SITE_ODS_CODES }}
+          NOTIFY_ROUTING_PLAN_ID: ${{ inputs.NOTIFY_ROUTING_PLAN_ID }}
+          NOTIFY_API_BASE_URL: ${{ inputs.NOTIFY_API_BASE_URL }}
         run: ./release_code.sh
 
       - name: get mtls secrets

SAMtemplates/main_template.yaml

@@ -95,6 +95,7 @@ Parameters:
     AllowedValues:
       - True
       - False
+
   EnableNotificationsInternal:
     Type: String
     Default: false
@@ -109,6 +110,26 @@ Parameters:
       - true
       - false
 
+  EnabledSiteODSCodesValue:
+    Type: String
+    Default: " "
+
+  EnabledSystemsValue:
+    Type: String
+    Default: " "
+
+  BlockedSiteODSCodesValue:
+    Type: String
+    Default: " "
+
+  NotifyRoutingPlanIDValue:
+    Type: String
+    Default: " "
+
+  NotifyAPIBaseURLValue:
+    Type: String
+    Default: " "
+
   RequireApplicationName:
     Type: String
     Default: false
@@ -130,9 +151,13 @@ Resources:
       Location: parameters/main.yaml
       Parameters:
         StackName: !Ref AWS::StackName
-        Environment: !Ref Environment
         EnableNotificationsInternalValue: !Ref EnableNotificationsInternal
         EnableNotificationsExternalValue: !Ref EnableNotificationsExternal
+        EnabledSiteODSCodesValue: !Ref EnabledSiteODSCodesValue
+        EnabledSystemsValue: !Ref EnabledSystemsValue
+        BlockedSiteODSCodesValue: !Ref BlockedSiteODSCodesValue
+        NotifyRoutingPlanIDValue: !Ref NotifyRoutingPlanIDValue
+        NotifyAPIBaseURLValue: !Ref NotifyAPIBaseURLValue
 
   Tables:
     Type: AWS::Serverless::Application

SAMtemplates/parameters/main.yaml

@@ -6,9 +6,6 @@ Parameters:
   StackName:
     Type: String
 
-  Environment:
-    Type: String
-
   EnableNotificationsInternalValue:
     Type: String
     Default: false
@@ -23,8 +20,25 @@ Parameters:
       - true
       - false
 
-Conditions:
-  IsProd: !Equals [ !Ref Environment, prod ]
+  EnabledSiteODSCodesValue:
+    Type: String
+    Default: " "
+
+  EnabledSystemsValue:
+    Type: String
+    Default: " "
+
+  BlockedSiteODSCodesValue:
+    Type: String
+    Default: " "
+
+  NotifyRoutingPlanIDValue:
+    Type: String
+    Default: " "
+
+  NotifyAPIBaseURLValue:
+    Type: String
+    Default: " "
 
 Resources:
   EnabledSiteODSCodesParameter:
@@ -33,69 +47,39 @@ Resources:
       Name: !Sub ${StackName}-PSUNotifyEnabledSiteODSCodes
       Description: "List of site ODS codes for which notifications are enabled"
       Type: String
-      Value: !If
-        - IsProd
-        - > # Prod notification enabled
-          FA565
-        - > # Non-prod
-          FA565
+      Value: !Ref EnabledSiteODSCodesValue
 
   EnabledSystemsParameter:
     Type: AWS::SSM::Parameter
     Properties:
       Name: !Sub ${StackName}-PSUNotifyEnabledSystems
       Description: "List of application names for which notifications are enabled"
       Type: String
-      Value: !If
-        - IsProd
-        - > # Prod notification enabled
-          Apotec Ltd - Apotec CRM - Production,
-          CrxPatientApp,
-          nhsPrescriptionApp,
-          Titan PSU Prod
-        - > # Non-prod
-          Internal Test System,
-          Apotec Ltd - Apotec CRM - Production,
-          CrxPatientApp,
-          nhsPrescriptionApp,
-          Titan PSU Prod
+      Value: !Ref EnabledSystemsValue
 
   BlockedSiteODSCodesParameter:
     Type: AWS::SSM::Parameter
     Properties:
       Name: !Sub ${StackName}-PSUNotifyBlockedSiteODSCodes
       Description: "List of site ODS codes for which notifications are blocked"
       Type: String
-      Value: !If
-        - IsProd
-        - > # Prod notification disabled
-          B3J1Z
-        - > # Non-prod
-          B3J1Z
+      Value: !Ref BlockedSiteODSCodesValue
 
   NotifyRoutingPlanIDParameter:
     Type: AWS::SSM::Parameter
     Properties:
       Name: !Sub ${StackName}-PSUNotifyRoutingPlanID
       Description: "Notify Routing Plan ID"
       Type: String
-      Value: !If
-        - IsProd
-        - changeme
-        # Non-prod value (sandbox)
-        - b838b13c-f98c-4def-93f0-515d4e4f4ee1
+      Value: !Ref NotifyRoutingPlanIDValue
 
   NotifyAPIBaseURLParameter:
     Type: AWS::SSM::Parameter
     Properties:
       Name: !Sub ${StackName}-PSUNotifyApiBaseUrl
       Description: "Notify API Base URL"
       Type: String
-      Value: !If
-        - IsProd
-        - https://api.service.nhs.uk
-        # Non-prod API URL (sandbox) (INT environment: https://int.api.service.nhs.uk/comms)
-        - https://sandbox.api.service.nhs.uk
+      Value: !Ref NotifyAPIBaseURLValue
 
   EnableNotificationsExternal:
     Type: AWS::SSM::Parameter
@@ -104,7 +88,7 @@ Resources:
       Description: "Toggle on or off if we make real requests to the NHS notify service"
       Type: String
       Value: !Ref EnableNotificationsExternalValue
-      
+
   EnableNotificationsInternal:
     Type: AWS::SSM::Parameter
     Properties: