From 53873be7b113952d138aa8802c24ccf20edfb9f9 Mon Sep 17 00:00:00 2001
From: srh-sloan <srh-sloan@users.noreply.github.com>
Date: Thu, 19 Oct 2023 15:05:28 +0100
Subject: [PATCH 01/19] Fixing language bug for yes/no fields (#169)

---
 scripts/all_questions/metadata_utils.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/all_questions/metadata_utils.py b/scripts/all_questions/metadata_utils.py
index 8a7cea39..132fd214 100644
--- a/scripts/all_questions/metadata_utils.py
+++ b/scripts/all_questions/metadata_utils.py
@@ -406,6 +406,7 @@ def build_components_from_page(
                         condition_value,
                         list_name=c["list"] if "list" in c else None,
                         form_lists=form_lists,
+                        lang=lang,
                     )
                     text.append(
                         f"If '{condition_text}', go to <strong>{destination}</strong>"

From 36fd8071fa5625d8e3ee92731f922050b32958f3 Mon Sep 17 00:00:00 2001
From: Adam Wallace <adam.wallace@communities.gov.uk>
Date: Fri, 20 Oct 2023 14:31:47 +0100
Subject: [PATCH 02/19] add url and script to ammend in place (#171)

---
 README.md                                     | 97 ++++++++++++-------
 config/fund_loader_config/cyp/cyp_r1.py       |  7 +-
 .../patch_cypr1_guidance_201023.py            | 33 +++++++
 3 files changed, 101 insertions(+), 36 deletions(-)
 create mode 100644 scripts/data_updates/patch_cypr1_guidance_201023.py

diff --git a/README.md b/README.md
index 92de6866..fcbb4ff5 100644
--- a/README.md
+++ b/README.md
@@ -18,63 +18,78 @@ Clone the repository.
 
 ### Create a Virtual environment
 
+```bash
     python3 -m venv .venv
+```
 
 ### Enter the virtual environment
 
 ...either macOS using bash:
 
+```bash
     source .venv/bin/activate
+```
 
 ...or if on Windows using Command Prompt:
 
+```bash
     .venv\Scripts\activate.bat
+```
 
 ### Install dependencies
 From the top-level directory enter the command to install pip and the dependencies of the project
 
+```bash
     python3 -m pip install --upgrade pip && pip install -r requirements-dev.txt
-
+```
 NOTE: requirements-dev.txt and requirements.txt are updated using [pip-tools pip-compile](https://github.com/jazzband/pip-tools)
 To update requirements please manually add the dependencies in the .in files (not the requirements.txt files)
 Then run:
 
+```bash
     pip-compile requirements.in
 
     pip-compile requirements-dev.in
+```
 
 ## How to use
 Enter the virtual environment as described above, then:
 
+```bash
     flask run
-
+```
 ### Run with Gunicorn
 
 In deployed environments the service is run with gunicorn. You can run the service locally with gunicorn to test
 
 First set the FLASK_ENV environment you wish to test eg:
 
+```bash
     export FLASK_ENV=dev
-
+```
 Then run gunicorn using the following command:
 
+```bash
     gunicorn wsgi:app -c run/gunicorn/local.py
-
+```
 ### Setting up for database development
 This service is designed to use PostgreSQL as a database, via SqlAlchemy
 When running the service (eg. `flask run`) you need to set the DATABASE_URL environment variable to the URL of the database you want to test with.
 
 Initialise the database:
-
+```bash
     flask db init
+```
 
 Then run existing migrations:
-
+```bash
     flask db upgrade
+```
 
 Whenever you make changes to database models, please run:
-
+```bash
     flask db migrate
+```
 
 This will create the migration files for your changes in /db/migrations.
 Please then commit and push these to github so that the migrations will be run in the pipelines to correctly
@@ -83,58 +98,66 @@ upgrade the deployed db instances with your changes.
 # Database on Paas
 Create db service with:
 
+```bash
     cf create-service postgres medium-13 fund-store-dev-db
+```
 
 Ensure the following elements are present in your `manifest.yml`. The `run_migrations_paas.py` is what initialises the database, and the `services` element binds the application to the database service.
 
+```yaml
     command: scripts/run_migrations_paas.py && gunicorn wsgi:app -c run/gunicorn/devtest.py
 
     services:
         - fund-store-dev-db
+```
 
 # Seeding Fund Data
 To seed fund & round data to db for a specific fund-round (example):
 
-```
-docker exec -ti $(docker ps -qf "name=fund-store") python -m scripts.fund_round_loaders.load_cof_r2
+```bash
+    docker exec -ti $(docker ps -qf "name=fund-store") python -m scripts.fund_round_loaders.load_cof_r2
 ```
 
 To seed all fund-round data to db:
 
-```
-docker exec -ti $(docker ps -qf "name=fund-store") python -m scripts.load_all_fund_rounds
+```bash
+    docker exec -ti $(docker ps -qf "name=fund-store") python -m scripts.load_all_fund_rounds
 ```
 
 To load on an environment via cloudfoundry (modify appropriately):
 
 ```bash
-cf run-task funding-service-design-fund-store[-dev|-test] --command "python -m scripts.load_all_fund_rounds"
+    cf run-task funding-service-design-fund-store[-dev|-test] --command "python -m scripts.load_all_fund_rounds"
 ```
 
 To amend the round dates
-```
-docker exec -ti $(docker ps -qf "name=fund-store") python -m scripts.amend_round_dates --round_id c603d114-5364-4474-a0c4-c41cbf4d3bbd --deadline_date "2023-03-30 12:00:00"
 
-```
-```
-docker exec -ti $(docker ps -qf "name=fund-store") python -m scripts.amend_round_dates --round_id c603d114-5364-4474-a0c4-c41cbf4d3bbd --opens_date "2022-10-04 12:00:00" --deadline_date "2022-12-14 11:59:00" --assessment_deadline_date "2023-03-30 12:00:00"
+```bash
+    docker exec -ti $(docker ps -qf "name=fund-store") python -m scripts.amend_round_dates --round_id c603d114-5364-4474-a0c4-c41cbf4d3bbd --deadline_date "2023-03-30 12:00:00"
 
+
+    docker exec -ti $(docker ps -qf "name=fund-store") python -m scripts.amend_round_dates --round_id c603d114-5364-4474-a0c4-c41cbf4d3bbd --opens_date "2022-10-04 12:00:00" --deadline_date "2022-12-14 11:59:00" --assessment_deadline_date "2023-03-30 12:00:00"
 ```
+
 To truncate data before re-loading it run
 
+```bash
     docker exec -it $(docker ps -qf "name=fund-store") inv truncate-data
+```
 
 ### Create and seed local DB
 - Make sure your local `DATABASE_URL` env var is set to your local postgres db (this doesn't need to actually exist yet), eg:
 
-        ```
-        # pragma: allowlist nextline secret
-        DATABASE_URL=postgresql://postgres:postgres@127.0.0.1:5432/fsd_fund_store
-        ```
+```bash
+    # pragma: allowlist nextline secret
+    DATABASE_URL=postgresql://postgres:postgres@127.0.0.1:5432/fsd_fund_store
+```
 
 - Create and seed using the following scripts:
 
+```bash
         python -m scripts.fund_round_loaders.{load_config_script}
+```
 
 ### Build with Paketo
 
@@ -142,30 +165,31 @@ To truncate data before re-loading it run
 
 [Paketo buildpacks](https://paketo.io/)
 
-```pack build <name your image> --builder paketobuildpacks/builder:base```
+```bash
+    pack build <name your image> --builder paketobuildpacks/builder:base
+```
 
 Example:
 
-```
-[~/work/repos/funding-service-design-fund-store] pack build paketo-demofsd-app --builder paketobuildpacks/builder:base
-***
-Successfully built image paketo-demofsd-app
-```
+    [~/work/repos/funding-service-design-fund-store] pack build paketo-demofsd-app --builder paketobuildpacks/builder:base
+    ***
+    Successfully built image paketo-demofsd-app
+
 
 You can then use that image with docker to run a container
 
-```
-docker run -d -p 8080:8080 --env PORT=8080 --env FLASK_ENV=dev [envs] paketo-demofsd-app
+```bash
+    docker run -d -p 8080:8080 --env PORT=8080 --env FLASK_ENV=dev [envs] paketo-demofsd-app
 ```
 
 `envs` needs to include values for each of:
 SENTRY_DSN
 GITHUB_SHA
 
-```
-docker ps -a
-CONTAINER ID   IMAGE                       COMMAND                  CREATED          STATUS                    PORTS                    NAMES
-42633142c619   paketo-demofsd-app          "/cnb/process/web"       8 seconds ago    Up 7 seconds              0.0.0.0:8080->8080/tcp   peaceful_knuth
+```bash
+    docker ps -a
+    CONTAINER ID   IMAGE                       COMMAND                  CREATED          STATUS                    PORTS                    NAMES
+    42633142c619   paketo-demofsd-app          "/cnb/process/web"       8 seconds ago    Up 7 seconds              0.0.0.0:8080->8080/tcp   peaceful_knuth
 ```
 
 # Pipelines
@@ -180,17 +204,20 @@ Place brief descriptions of Pipelines here
 ## Unit
 
 To run all tests in a development environment run:
-
+```bash
     pytest
+```
 
 # Extras
 
 This repo comes with a .pre-commit-config.yaml, if you wish to use this do
 the following while in your virtual enviroment:
 
+```bash
     pip install pre-commit black
 
     pre-commit install
+```
 
 Once the above is done you will have autoformatting and pep8 compliance built
 into your workflow. You will be notified of any pep8 errors during commits.
@@ -206,7 +233,7 @@ For each AWS account, these commands will need to be run _once_ to initialise th
 
 `copilot app init pre-award` - this links the pre-award app with the current service, and associates the next commands with the service. Essentially, this provides context for the service to run under
 
-```
+```bash
     copilot init \
     --name fsd-fund-store \
     --app pre-award \
diff --git a/config/fund_loader_config/cyp/cyp_r1.py b/config/fund_loader_config/cyp/cyp_r1.py
index 89222e7e..4806d0aa 100644
--- a/config/fund_loader_config/cyp/cyp_r1.py
+++ b/config/fund_loader_config/cyp/cyp_r1.py
@@ -171,7 +171,12 @@
         "feedback_link": "",
         "project_name_field_id": "bsUoNG",
         "application_guidance": CYP_APPLICATION_GUIDANCE,
-        "guidance_url": "",  # todo, fill in once we have, and re-run import script.
+        "guidance_url": (
+            "https://www.gov.uk/government/publications/"
+            "the-children-and-young-peoples-resettlement-"
+            "fund-prospectus/the-children-and-young-peoples-"
+            "resettlement-fund-prospectus#scoring-criteria"
+        ),
         "all_uploaded_documents_section_available": False,
         "application_fields_download_available": False,
         "display_logo_on_pdf_exports": False,
diff --git a/scripts/data_updates/patch_cypr1_guidance_201023.py b/scripts/data_updates/patch_cypr1_guidance_201023.py
new file mode 100644
index 00000000..c6e17154
--- /dev/null
+++ b/scripts/data_updates/patch_cypr1_guidance_201023.py
@@ -0,0 +1,33 @@
+import config.fund_loader_config.cyp.cyp_r1 as cyp_r1
+from db import db
+from db.models.round import Round
+from flask import current_app
+from sqlalchemy import update
+
+
+def update_round_guidance(round_config):
+    current_app.logger.info(
+        f"Round: {round_config['short_name']}, id: {round_config['id']}"
+    )
+    current_app.logger.info("\t\tUpdating round guidance")
+    stmt = (
+        update(Round)
+        .where(Round.id == round_config["id"])
+        .values(guidance_url=round_config["guidance_url"])
+    )
+
+    db.session.execute(stmt)
+    db.session.commit()
+
+
+def main() -> None:
+    current_app.logger.info("Updating guidance url for CYP R1")
+    update_round_guidance(cyp_r1.round_config[0])
+    current_app.logger.info("Updates complete")
+
+
+if __name__ == "__main__":
+    from app import app
+
+    with app.app_context():
+        main()

From aecc0ffc1f2b8545a90033a37d2a2ce2996e5dcb Mon Sep 17 00:00:00 2001
From: Thomas <117724519+tferns@users.noreply.github.com>
Date: Mon, 23 Oct 2023 13:41:17 +0100
Subject: [PATCH 03/19] FS-3657: Add CYP flag allocation config (#172)

---
 api/routes.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/api/routes.py b/api/routes.py
index c71f67f1..af1fa5ec 100644
--- a/api/routes.py
+++ b/api/routes.py
@@ -149,6 +149,7 @@ def get_available_flag_allocations(fund_id, round_id):
     from config.fund_loader_config.cof.cof_r2 import COF_ROUND_2_WINDOW_3_ID
     from config.fund_loader_config.night_shelter.ns_r2 import NIGHT_SHELTER_ROUND_2_ID
     from config.fund_loader_config.night_shelter.ns_r2 import NIGHT_SHELTER_FUND_ID
+    from config.fund_loader_config.cyp.cyp_r1 import CYP_FUND_ID, CYP_ROUND_1_ID
 
     cof_teams = [
         {"key": "ASSESSOR", "value": "Assessor"},
@@ -166,7 +167,12 @@ def get_available_flag_allocations(fund_id, round_id):
         {"key": "RS_ADVISORS", "value": "RS Advisors"},
     ]
 
-    if fund_id == COF_FUND_ID and round_id == COF_ROUND_2_WINDOW_2_ID:
+    cyp_teams = [
+        {"key": "COMMERCIAL_ASSESSOR", "value": "Commercial Assessor"},
+        {"key": "LEAD_ASSESSOR", "value": "Lead Assessor"},
+    ]
+
+    if fund_id == COF_FUND_ID and round_id in COF_ROUND_2_WINDOW_2_ID:
         return cof_teams
     elif fund_id == COF_FUND_ID and round_id == COF_ROUND_2_WINDOW_3_ID:
         return cof_teams
@@ -176,5 +182,7 @@ def get_available_flag_allocations(fund_id, round_id):
         return cof_teams
     elif fund_id == NIGHT_SHELTER_FUND_ID and round_id == NIGHT_SHELTER_ROUND_2_ID:
         return nstf_teams
+    elif fund_id == CYP_FUND_ID and round_id == CYP_ROUND_1_ID:
+        return cyp_teams
     else:
         abort(404)

From 882854db351754ee09e1133acff2949274b11c16 Mon Sep 17 00:00:00 2001
From: srh-sloan <srh-sloan@users.noreply.github.com>
Date: Fri, 27 Oct 2023 13:34:36 +0100
Subject: [PATCH 04/19] fs-3704 fixing max words by adding more field types
 (#173)

* fs-3704 fixing max words by adding more field types

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
---
 scripts/all_questions/metadata_utils.py | 9 ++++++---
 tests/test_generate_all_questions.py    | 3 ++-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/scripts/all_questions/metadata_utils.py b/scripts/all_questions/metadata_utils.py
index 132fd214..7461829a 100644
--- a/scripts/all_questions/metadata_utils.py
+++ b/scripts/all_questions/metadata_utils.py
@@ -14,6 +14,8 @@
 from scripts.all_questions.read_forms import remove_lowest_in_hierarchy
 from scripts.all_questions.read_forms import strip_leading_numbers
 
+FIELD_TYPES_WITH_MAX_WORDS = ["freetextfield", "multilinetextfield"]
+
 
 def get_all_child_nexts(page: dict, child_nexts: list, all_pages: dict):
     """Recursively builds a list of everything that could come next from this page,
@@ -298,7 +300,7 @@ def determine_title_and_text_for_component(
             child_title, child_text = determine_title_and_text_for_component(
                 child, include_html_components, form_lists, is_child=True
             )
-            if child["type"].casefold() == "multilinetextfield":
+            if child["type"].casefold() in FIELD_TYPES_WITH_MAX_WORDS:
                 first_column_title = component["options"]["columnTitles"][0].casefold()
                 text.append(
                     f"{child_title} (Max {child['options']['maxWords']} words per"
@@ -325,8 +327,9 @@ def determine_title_and_text_for_component(
         text = []
         extract_from_html(soup, text)
         update_wording_for_multi_input_fields(text)
-        if component["type"].casefold() == "multilinetextfield" and not is_child:
-            text.append(f"(Max {component['options']['maxWords']} words)")
+
+    if component["type"].casefold() in FIELD_TYPES_WITH_MAX_WORDS and not is_child:
+        text.append(f"(Max {component['options']['maxWords']} words)")
 
     if "list" in component:
         # include available options for lists
diff --git a/tests/test_generate_all_questions.py b/tests/test_generate_all_questions.py
index a720e72f..f6fabd35 100644
--- a/tests/test_generate_all_questions.py
+++ b/tests/test_generate_all_questions.py
@@ -404,7 +404,8 @@ def test_build_components_bullets_in_hint():
     )
     components = build_components_from_page(page_json, include_html_components=False)
     assert len(components) == 1
-    assert len(components[0]["text"]) == 2
+    assert len(components[0]["text"]) == 3
+    assert components[0]["text"][2] == "(Max 250 words)"
     assert len(components[0]["text"][1]) == 3
 
 

From dfb981b001685ece0cf276c5a9d9f7e83563d6cc Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 2 Nov 2023 08:45:31 +0000
Subject: [PATCH 05/19] FS-3627 - Amend workflow for copilot

---
 .github/workflows/copilot.yml        |  59 -----------
 .github/workflows/copilot_deploy.yml | 145 +++++++++++++++++++++++++++
 .github/workflows/deploy.yml         |  58 -----------
 3 files changed, 145 insertions(+), 117 deletions(-)
 delete mode 100644 .github/workflows/copilot.yml
 create mode 100644 .github/workflows/copilot_deploy.yml

diff --git a/.github/workflows/copilot.yml b/.github/workflows/copilot.yml
deleted file mode 100644
index c365e9ef..00000000
--- a/.github/workflows/copilot.yml
+++ /dev/null
@@ -1,59 +0,0 @@
-name: Copilot Workflows
-on:
-  push:
-    branches:
-      - main
-  workflow_dispatch:
-    inputs:
-        environment:
-          description:  Which AWS Account to use
-          type: choice
-          required: true
-          options:
-          - test
-        # Shared workflow consideration
-        # application:
-        #   description:  Application Name
-        #   type: string/choice
-        # - notification
-        #   required: true
-        init:
-          description: Initialise the application?
-          type: boolean
-          default: false
-        service:
-          description: Service Name
-          type: string
-          required: true
-          default: 'funding-service-design-fund-store'
-        port:
-          description: Access port
-          type: string
-          default: '80'
-        type:
-          description: Type of service to deploy
-          type: choice
-          options:
-          - 'Backend Service'
-          - 'Load Balanced Web Service'
-          - 'Request-Driven Web Service'
-          - 'Scheduled Job'
-          - 'Worker Service'
-          default: 'Backend Service'
-
-
-jobs:
-  deployment:
-    concurrency: deploy-${{ inputs.environment || 'test' }} # Forces only one workflow at a time can run on the environment
-    permissions:
-      id-token: write # This is required for requesting the JWT
-      contents: read  # This is required for actions/checkout
-    runs-on: ubuntu-latest
-    environment: ${{ inputs.environment || 'test' }}
-    steps:
-      - name: Git clone the repository
-        uses: actions/checkout@v3
-
-      - name: Get current date
-        id: currentdatetime
-        run: echo "::set-output name=datetime::$(date +'%Y%m%d%H%M%S')"
diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
new file mode 100644
index 00000000..ee946bff
--- /dev/null
+++ b/.github/workflows/copilot_deploy.yml
@@ -0,0 +1,145 @@
+name: Deploy to AWS
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description:  Which AWS Account to use
+        type: choice
+        required: true
+        options:
+        - dev
+        - test
+        - uat
+        - production
+      run_performance_tests:
+        required: false
+        default: false
+        type: boolean
+        description: Run performance tests
+      run_e2e_tests:
+        required: false
+        default: true
+        type: boolean
+        description: Run e2e tests
+  push:
+    # Ignore README markdown
+    # Only automatically deploy when something in the app or tests folder has changed
+    paths:
+      - '!**/README.md'
+      - 'app/**'
+      - 'tests/**'
+
+jobs:
+  paketo_build:
+    permissions:
+      packages: write
+    uses: communitiesuk/funding-service-design-workflows/.github/workflows/package.yml@main
+    with:
+      version_to_build: $(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+      owner: ${{ github.repository_owner }}
+      application: funding-service-design-fund-store
+  pre_deploy_tests:
+    secrets:
+      E2E_PAT: ${{secrets.E2E_PAT}}
+    uses: communitiesuk/funding-service-design-workflows/.github/workflows/pre-deploy.yml@main
+    with:
+      # Note - no db-name, so defaults to postgres_db
+      postgres_unit_testing: true
+  copilot_deploy_dev:
+    if: inputs.environment == 'dev' || inputs.environment == ''
+    needs: [pre_deploy_tests, paketo_build]
+    concurrency: deploy-dev
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    runs-on: ubuntu-latest
+    environment: 'dev'
+    steps:
+    - name: Git clone the repository
+      uses: actions/checkout@v3
+
+    - name: Get current date
+      id: currentdatetime
+      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
+
+    - name: configure aws credentials
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
+        role-session-name: NOTIFICATION_DEV_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        aws-region: eu-west-2
+
+    - name: Install AWS Copilot CLI
+      run: |
+        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
+
+    - name: Inject Git SHA into manifest
+      run: |
+        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-fund-store/manifest.yml
+
+    - name: Inject replacement image into manifest
+      run: |
+        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"'  copilot/fsd-fund-store/manifest.yml
+
+    - name: Run database migrations
+      run: scripts/migration-task-script.py dev 'fsd-fund-store'
+
+    - name: Copilot deploy dev
+      id: dev_build
+      run: |
+        copilot svc deploy --env dev
+
+  copilot_deploy_test:
+    if: inputs.environment == 'test' || inputs.environment == ''
+    needs: [pre_deploy_tests, paketo_build]
+    concurrency: deploy-test
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    runs-on: ubuntu-latest
+    environment: 'test'
+    steps:
+    - name: Git clone the repository
+      uses: actions/checkout@v3
+
+    - name: Get current date
+      id: currentdatetime
+      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
+
+    - name: configure aws credentials
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
+        role-session-name: NOTIFICATION_TEST_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        aws-region: eu-west-2
+
+    - name: Install AWS Copilot CLI
+      run: |
+        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
+
+    - name: Inject Git SHA into manifest
+      run: |
+        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-fund-store/manifest.yml
+
+    - name: Inject replacement image into manifest
+      run: |
+        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"'  copilot/fsd-fund-store/manifest.yml
+
+    - name: Run database migrations
+      run: scripts/migration-task-script.py test 'fsd-fund-store'
+
+    - name: Copilot deploy test
+      id: test_build
+      run: |
+        copilot svc deploy --env test
+
+  # Can we realistically run E2E at this stage, or just plump for application on the grounds it checks fund-store is operational?
+  post_deploy_tests:
+      needs: copilot_deploy_test
+      secrets:
+        E2E_PAT: ${{secrets.E2E_PAT}}
+      uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main
+      with:
+        run_performance_tests: ${{ inputs.run_performance_tests }}
+        run_e2e_tests: ${{ inputs.run_e2e_tests }}
+        app_name: application
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 8ecf52ac..e6311c14 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -42,61 +42,3 @@ jobs:
       CF_USER: ${{secrets.CF_USERNAME}}
       CF_PASSWORD: ${{secrets.CF_PASSWORD}}
       E2E_PAT: ${{secrets.E2E_PAT}}
-  paketo_build:
-    permissions:
-      packages: write
-    uses: communitiesuk/funding-service-design-workflows/.github/workflows/package.yml@main
-    with:
-      version_to_build: $(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-      owner: ${{ github.repository_owner }}
-      application: funding-service-design-fund-store
-  pre_deploy_tests:
-    if: ${{github.event.inputs.copilot == 'true'}}
-    secrets:
-      E2E_PAT: ${{secrets.E2E_PAT}}
-    uses: communitiesuk/funding-service-design-workflows/.github/workflows/pre-deploy.yml@main
-    with:
-      # Note - no db-name, so defaults to postgres_db
-      postgres_unit_testing: true
-  copilot_build:
-    if: ${{github.event.inputs.copilot == 'true'}}
-    needs: [pre_deploy_tests, paketo_build]
-    concurrency: deploy-${{ inputs.environment || 'test' }}
-    permissions:
-      id-token: write # This is required for requesting the JWT
-      contents: read  # This is required for actions/checkout
-    runs-on: ubuntu-latest
-    environment: ${{ inputs.environment || 'test' }}
-    steps:
-    - name: Git clone the repository
-      uses: actions/checkout@v3
-
-    - name: Get current date
-      id: currentdatetime
-      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
-
-    - name: configure aws credentials
-      uses: aws-actions/configure-aws-credentials@v2
-      with:
-        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
-        role-session-name: FUNDSTORE_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
-        aws-region: eu-west-2
-
-    - name: Install AWS Copilot CLI
-      run: |
-        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
-
-    - name: Inject Git SHA into manifest
-      run: |
-        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-fund-store/manifest.yml
-
-    - name: Inject replacement image into manifest
-      run: |
-        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"'  copilot/fsd-fund-store/manifest.yml
-
-    - name: Run database migrations
-      run: scripts/migration-task-script.py ${{ inputs.environment || 'test' }} 'fsd-fund-store'
-
-    - name: Copilot deploy
-      run: |
-        copilot svc deploy --env ${{ inputs.environment || 'test' }}

From eb7c13c4ce718bc484c2e3e89101ec0aab161cca Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 2 Nov 2023 08:48:38 +0000
Subject: [PATCH 06/19] Allow deploy for any change for testing

---
 .github/workflows/copilot_deploy.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index ee946bff..bb9730b9 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -24,10 +24,10 @@ on:
   push:
     # Ignore README markdown
     # Only automatically deploy when something in the app or tests folder has changed
-    paths:
-      - '!**/README.md'
-      - 'app/**'
-      - 'tests/**'
+#    paths:
+#      - '!**/README.md'
+#      - 'app/**'
+#      - 'tests/**'
 
 jobs:
   paketo_build:

From 6ad8acb2ed3e7147bfb81850680e09b91de5e0ab Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 2 Nov 2023 08:54:35 +0000
Subject: [PATCH 07/19] Try deploying first without DB migrations

---
 .github/workflows/copilot_deploy.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index bb9730b9..640f94c3 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -81,8 +81,9 @@ jobs:
       run: |
         yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"'  copilot/fsd-fund-store/manifest.yml
 
-    - name: Run database migrations
-      run: scripts/migration-task-script.py dev 'fsd-fund-store'
+#Remove once so the deploy has happened first???  Surely not the way...
+#    - name: Run database migrations
+#      run: scripts/migration-task-script.py dev 'fsd-fund-store'
 
     - name: Copilot deploy dev
       id: dev_build

From 18adea18943dc9e6e6d02b82680af2ff593c5ae6 Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 2 Nov 2023 08:56:32 +0000
Subject: [PATCH 08/19] Remove copilot reference from cloudfoundry deploy

---
 .github/workflows/deploy.yml | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index e6311c14..0bada2f1 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -3,18 +3,6 @@ name: Deploy fsd-fund-store to Gov PaaS
 on:
   workflow_dispatch:
     inputs:
-      environment:
-        description:  Which AWS Account to use
-        type: choice
-        required: true
-        options:
-        - test
-        - uat
-      copilot:
-        description: Whether to deploy to AWS?
-        type: boolean
-        required: false
-        default: false
       deploy_to_dev:
         required: false
         default: false
@@ -26,7 +14,6 @@ on:
 
 jobs:
   test_and_deploy:
-    if: ${{github.event.inputs.copilot != 'true'}}
     uses: communitiesuk/funding-service-design-workflows/.github/workflows/deploy.yml@main
     with:
       app_name: ${{ github.event.repository.name }}

From 5c1677589e6cf11449fabf5aa06fffe311942c5d Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 2 Nov 2023 09:18:38 +0000
Subject: [PATCH 09/19] Add bastion SG

---
 .github/workflows/copilot_deploy.yml                     | 7 +++----
 copilot/fsd-fund-store/addons/fsd-fund-store-cluster.yml | 2 ++
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index 640f94c3..fa3b284b 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -81,15 +81,14 @@ jobs:
       run: |
         yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"'  copilot/fsd-fund-store/manifest.yml
 
-#Remove once so the deploy has happened first???  Surely not the way...
-#    - name: Run database migrations
-#      run: scripts/migration-task-script.py dev 'fsd-fund-store'
-
     - name: Copilot deploy dev
       id: dev_build
       run: |
         copilot svc deploy --env dev
 
+    - name: Run database migrations
+      run: scripts/migration-task-script.py dev 'fsd-fund-store'
+
   copilot_deploy_test:
     if: inputs.environment == 'test' || inputs.environment == ''
     needs: [pre_deploy_tests, paketo_build]
diff --git a/copilot/fsd-fund-store/addons/fsd-fund-store-cluster.yml b/copilot/fsd-fund-store/addons/fsd-fund-store-cluster.yml
index 068b4516..2774eb11 100644
--- a/copilot/fsd-fund-store/addons/fsd-fund-store-cluster.yml
+++ b/copilot/fsd-fund-store/addons/fsd-fund-store-cluster.yml
@@ -21,6 +21,8 @@ Mappings:
       "DBMinCapacity": 0.5 # AllowedValues: from 0.5 through 128
       "DBMaxCapacity": 8   # AllowedValues: from 0.5 through 128
   BastionMap:
+    dev:
+      "SecurityGroup": "sg-0b6c7aabb95bf14a9"
     test:
       "SecurityGroup": "sg-0cf75a004dbade7b8"
 

From 1df2372eaea0b7e43d1eee44a503f86dc45d5cb4 Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 2 Nov 2023 09:26:12 +0000
Subject: [PATCH 10/19] Move test db migration

---
 .github/workflows/copilot_deploy.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index fa3b284b..60a8878d 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -125,14 +125,14 @@ jobs:
       run: |
         yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"'  copilot/fsd-fund-store/manifest.yml
 
-    - name: Run database migrations
-      run: scripts/migration-task-script.py test 'fsd-fund-store'
-
     - name: Copilot deploy test
       id: test_build
       run: |
         copilot svc deploy --env test
 
+    - name: Run database migrations
+      run: scripts/migration-task-script.py test 'fsd-fund-store'
+
   # Can we realistically run E2E at this stage, or just plump for application on the grounds it checks fund-store is operational?
   post_deploy_tests:
       needs: copilot_deploy_test

From 67b7725d16e6812e358c9d88057a47305942249f Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 2 Nov 2023 09:37:50 +0000
Subject: [PATCH 11/19] Add UAT SG

---
 copilot/fsd-fund-store/addons/fsd-fund-store-cluster.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/copilot/fsd-fund-store/addons/fsd-fund-store-cluster.yml b/copilot/fsd-fund-store/addons/fsd-fund-store-cluster.yml
index 2774eb11..bcfa5791 100644
--- a/copilot/fsd-fund-store/addons/fsd-fund-store-cluster.yml
+++ b/copilot/fsd-fund-store/addons/fsd-fund-store-cluster.yml
@@ -25,6 +25,8 @@ Mappings:
       "SecurityGroup": "sg-0b6c7aabb95bf14a9"
     test:
       "SecurityGroup": "sg-0cf75a004dbade7b8"
+    uat:
+      "SecurityGroup": "sg-04017abfef2079894"
 
 Resources:
   fsdfundstoreclusterDBSubnetGroup:

From 033852c7bfdab49ce3ef3ef72cd039a14cba05e9 Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 2 Nov 2023 09:45:35 +0000
Subject: [PATCH 12/19] Just trigger another build

---
 .github/workflows/copilot_deploy.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index 60a8878d..f6b18ecc 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -24,6 +24,7 @@ on:
   push:
     # Ignore README markdown
     # Only automatically deploy when something in the app or tests folder has changed
+# Temp removed
 #    paths:
 #      - '!**/README.md'
 #      - 'app/**'

From 014ebe6023468523e986892791b4bddca4abb60b Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 2 Nov 2023 10:24:38 +0000
Subject: [PATCH 13/19] Put the correct paths back

---
 .github/workflows/copilot_deploy.yml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index f6b18ecc..b2c71fd4 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -24,11 +24,10 @@ on:
   push:
     # Ignore README markdown
     # Only automatically deploy when something in the app or tests folder has changed
-# Temp removed
-#    paths:
-#      - '!**/README.md'
-#      - 'app/**'
-#      - 'tests/**'
+    paths:
+      - '!**/README.md'
+      - 'app/**'
+      - 'tests/**'
 
 jobs:
   paketo_build:

From 59dd0a97764ffc9722f8d88edf988ef613837439 Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 2 Nov 2023 13:02:51 +0000
Subject: [PATCH 14/19] FS-3718 - Add other environments and auto-deply to
 dev/test

---
 .github/workflows/copilot_deploy.yml | 107 +++++++--------------------
 .github/workflows/environment.yml    |  46 ++++++++++++
 2 files changed, 73 insertions(+), 80 deletions(-)
 create mode 100644 .github/workflows/environment.yml

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index b2c71fd4..b8fd72cd 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -24,10 +24,10 @@ on:
   push:
     # Ignore README markdown
     # Only automatically deploy when something in the app or tests folder has changed
-    paths:
-      - '!**/README.md'
-      - 'app/**'
-      - 'tests/**'
+#    paths:
+#      - '!**/README.md'
+#      - 'app/**'
+#      - 'tests/**'
 
 jobs:
   paketo_build:
@@ -45,93 +45,40 @@ jobs:
     with:
       # Note - no db-name, so defaults to postgres_db
       postgres_unit_testing: true
+
   copilot_deploy_dev:
     if: inputs.environment == 'dev' || inputs.environment == ''
     needs: [pre_deploy_tests, paketo_build]
     concurrency: deploy-dev
-    permissions:
-      id-token: write # This is required for requesting the JWT
-      contents: read  # This is required for actions/checkout
-    runs-on: ubuntu-latest
-    environment: 'dev'
-    steps:
-    - name: Git clone the repository
-      uses: actions/checkout@v3
-
-    - name: Get current date
-      id: currentdatetime
-      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
-
-    - name: configure aws credentials
-      uses: aws-actions/configure-aws-credentials@v2
-      with:
-        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
-        role-session-name: NOTIFICATION_DEV_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
-        aws-region: eu-west-2
-
-    - name: Install AWS Copilot CLI
-      run: |
-        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
-
-    - name: Inject Git SHA into manifest
-      run: |
-        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-fund-store/manifest.yml
-
-    - name: Inject replacement image into manifest
-      run: |
-        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"'  copilot/fsd-fund-store/manifest.yml
-
-    - name: Copilot deploy dev
-      id: dev_build
-      run: |
-        copilot svc deploy --env dev
-
-    - name: Run database migrations
-      run: scripts/migration-task-script.py dev 'fsd-fund-store'
+    uses: ./.github/workflows/environment.yml
+    with:
+      workspace: 'dev'
 
   copilot_deploy_test:
     if: inputs.environment == 'test' || inputs.environment == ''
     needs: [pre_deploy_tests, paketo_build]
     concurrency: deploy-test
-    permissions:
-      id-token: write # This is required for requesting the JWT
-      contents: read  # This is required for actions/checkout
-    runs-on: ubuntu-latest
-    environment: 'test'
-    steps:
-    - name: Git clone the repository
-      uses: actions/checkout@v3
-
-    - name: Get current date
-      id: currentdatetime
-      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
-
-    - name: configure aws credentials
-      uses: aws-actions/configure-aws-credentials@v2
-      with:
-        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
-        role-session-name: NOTIFICATION_TEST_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
-        aws-region: eu-west-2
-
-    - name: Install AWS Copilot CLI
-      run: |
-        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
-
-    - name: Inject Git SHA into manifest
-      run: |
-        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-fund-store/manifest.yml
-
-    - name: Inject replacement image into manifest
-      run: |
-        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"'  copilot/fsd-fund-store/manifest.yml
+    uses: ./.github/workflows/environment.yml
+    with:
+      workspace: 'test'
 
-    - name: Copilot deploy test
-      id: test_build
-      run: |
-        copilot svc deploy --env test
+  # Allow the capability to override UAT with another branch, but ideally uat and production should be in sync as much as possible
+  copilot_deploy_uat:
+    if: inputs.environment == 'uat' || inputs.environment == ''
+    needs: [pre_deploy_tests, paketo_build]
+    concurrency: deploy-uat
+    uses: ./.github/workflows/environment.yml
+    with:
+      workspace: 'uat'
 
-    - name: Run database migrations
-      run: scripts/migration-task-script.py test 'fsd-fund-store'
+  # Only run this if the branch being deployed is main
+  copilot_deploy_production:
+    if: (inputs.environment == 'production' || inputs.environment == '') && github.ref == 'refs/heads/main'
+    needs: [pre_deploy_tests, paketo_build]
+    concurrency: deploy-production
+    uses: ./.github/workflows/environment.yml
+    with:
+      workspace: 'production'
 
   # Can we realistically run E2E at this stage, or just plump for application on the grounds it checks fund-store is operational?
   post_deploy_tests:
diff --git a/.github/workflows/environment.yml b/.github/workflows/environment.yml
new file mode 100644
index 00000000..85bf1f26
--- /dev/null
+++ b/.github/workflows/environment.yml
@@ -0,0 +1,46 @@
+name: Environment Deployment
+on:
+  workflow_call:
+    inputs:
+      workspace:
+        required: true
+        type: string
+
+jobs:
+  copilot_deploy:
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.workspace }}
+    steps:
+    - name: Git clone the repository
+      uses: actions/checkout@v3
+
+    - name: Get current date
+      id: currentdatetime
+      run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
+
+    - name: configure aws credentials
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
+        role-session-name: NOTIFICATION_${{ inputs.workspace }}_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        aws-region: eu-west-2
+
+    - name: Install AWS Copilot CLI
+      run: |
+        curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot
+
+    - name: Inject Git SHA into manifest
+      run: |
+        yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"'  copilot/fsd-fund-store/manifest.yml
+
+    - name: Inject replacement image into manifest
+      run: |
+        yq -i '.image.location = "ghcr.io/communitiesuk/funding-service-design-fund-store:${{ github.ref_name == 'main' && 'latest' || github.ref_name }}"'  copilot/fsd-fund-store/manifest.yml
+
+    - name: Copilot ${{ inputs.workspace }} deploy
+      id: deploy_build
+      run: |
+        copilot svc deploy --env ${{ inputs.workspace }}

From aadce2f37ddfbb9172919a5f108104a5c23c16d8 Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 2 Nov 2023 13:39:48 +0000
Subject: [PATCH 15/19] Permissions

---
 .github/workflows/copilot_deploy.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index b8fd72cd..739428b8 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -51,6 +51,9 @@ jobs:
     needs: [pre_deploy_tests, paketo_build]
     concurrency: deploy-dev
     uses: ./.github/workflows/environment.yml
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
     with:
       workspace: 'dev'
 
@@ -59,6 +62,9 @@ jobs:
     needs: [pre_deploy_tests, paketo_build]
     concurrency: deploy-test
     uses: ./.github/workflows/environment.yml
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
     with:
       workspace: 'test'
 
@@ -68,6 +74,9 @@ jobs:
     needs: [pre_deploy_tests, paketo_build]
     concurrency: deploy-uat
     uses: ./.github/workflows/environment.yml
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
     with:
       workspace: 'uat'
 
@@ -77,6 +86,9 @@ jobs:
     needs: [pre_deploy_tests, paketo_build]
     concurrency: deploy-production
     uses: ./.github/workflows/environment.yml
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
     with:
       workspace: 'production'
 

From 353db6bd9c711d19cddda5f6e9fd57a26a1846ad Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 2 Nov 2023 16:33:40 +0000
Subject: [PATCH 16/19] Remove testing

---
 .github/workflows/copilot_deploy.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index 739428b8..68fee0a1 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -24,10 +24,10 @@ on:
   push:
     # Ignore README markdown
     # Only automatically deploy when something in the app or tests folder has changed
-#    paths:
-#      - '!**/README.md'
-#      - 'app/**'
-#      - 'tests/**'
+    paths:
+      - '!**/README.md'
+      - 'app/**'
+      - 'tests/**'
 
 jobs:
   paketo_build:

From 0435b0e0edaced6cb05eac094bcb907f0c21225a Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 2 Nov 2023 16:37:54 +0000
Subject: [PATCH 17/19] Swap order of words to make clearer

---
 .github/workflows/copilot_deploy.yml | 18 +++++++++++++-----
 .github/workflows/environment.yml    |  3 +++
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/copilot_deploy.yml b/.github/workflows/copilot_deploy.yml
index 68fee0a1..db127fc5 100644
--- a/.github/workflows/copilot_deploy.yml
+++ b/.github/workflows/copilot_deploy.yml
@@ -46,10 +46,12 @@ jobs:
       # Note - no db-name, so defaults to postgres_db
       postgres_unit_testing: true
 
-  copilot_deploy_dev:
+  dev_copilot_deploy:
     if: inputs.environment == 'dev' || inputs.environment == ''
     needs: [pre_deploy_tests, paketo_build]
     concurrency: deploy-dev
+    secrets:
+      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
     uses: ./.github/workflows/environment.yml
     permissions:
       id-token: write # This is required for requesting the JWT
@@ -57,10 +59,12 @@ jobs:
     with:
       workspace: 'dev'
 
-  copilot_deploy_test:
+  test_copilot_deploy:
     if: inputs.environment == 'test' || inputs.environment == ''
     needs: [pre_deploy_tests, paketo_build]
     concurrency: deploy-test
+    secrets:
+      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
     uses: ./.github/workflows/environment.yml
     permissions:
       id-token: write # This is required for requesting the JWT
@@ -69,10 +73,12 @@ jobs:
       workspace: 'test'
 
   # Allow the capability to override UAT with another branch, but ideally uat and production should be in sync as much as possible
-  copilot_deploy_uat:
+  uat_copilot_deploy:
     if: inputs.environment == 'uat' || inputs.environment == ''
     needs: [pre_deploy_tests, paketo_build]
     concurrency: deploy-uat
+    secrets:
+      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
     uses: ./.github/workflows/environment.yml
     permissions:
       id-token: write # This is required for requesting the JWT
@@ -81,10 +87,12 @@ jobs:
       workspace: 'uat'
 
   # Only run this if the branch being deployed is main
-  copilot_deploy_production:
+  production_copilot_deploy:
     if: (inputs.environment == 'production' || inputs.environment == '') && github.ref == 'refs/heads/main'
     needs: [pre_deploy_tests, paketo_build]
     concurrency: deploy-production
+    secrets:
+      AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
     uses: ./.github/workflows/environment.yml
     permissions:
       id-token: write # This is required for requesting the JWT
@@ -94,7 +102,7 @@ jobs:
 
   # Can we realistically run E2E at this stage, or just plump for application on the grounds it checks fund-store is operational?
   post_deploy_tests:
-      needs: copilot_deploy_test
+      needs: test_copilot_deploy
       secrets:
         E2E_PAT: ${{secrets.E2E_PAT}}
       uses: communitiesuk/funding-service-design-workflows/.github/workflows/post-deploy.yml@main
diff --git a/.github/workflows/environment.yml b/.github/workflows/environment.yml
index 85bf1f26..c78440bc 100644
--- a/.github/workflows/environment.yml
+++ b/.github/workflows/environment.yml
@@ -5,6 +5,9 @@ on:
       workspace:
         required: true
         type: string
+    secrets:
+      AWS_ACCOUNT:
+        required: true
 
 jobs:
   copilot_deploy:

From e9b00945dee64d2295807dc8482523c28f91a6bb Mon Sep 17 00:00:00 2001
From: Robert Kibble <robert.kibble@version1.com>
Date: Thu, 2 Nov 2023 16:55:28 +0000
Subject: [PATCH 18/19] Session name change

---
 .github/workflows/environment.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/environment.yml b/.github/workflows/environment.yml
index c78440bc..62c021a7 100644
--- a/.github/workflows/environment.yml
+++ b/.github/workflows/environment.yml
@@ -28,7 +28,7 @@ jobs:
       uses: aws-actions/configure-aws-credentials@v2
       with:
         role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy
-        role-session-name: NOTIFICATION_${{ inputs.workspace }}_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
+        role-session-name: FUND_STORE_${{ inputs.workspace }}_COPILOT_${{ steps.currentdatetime.outputs.datetime }}
         aws-region: eu-west-2
 
     - name: Install AWS Copilot CLI

From d9fe9229518ec37c8486e5e6db7a658d92eec5e0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Nov 2023 16:59:35 +0000
Subject: [PATCH 19/19] Bump actions/download-artifact from 2 to 3

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/manual-dev-deploy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/manual-dev-deploy.yml b/.github/workflows/manual-dev-deploy.yml
index 35b29834..0f9b6583 100644
--- a/.github/workflows/manual-dev-deploy.yml
+++ b/.github/workflows/manual-dev-deploy.yml
@@ -20,7 +20,7 @@
         - name: install dependencies
           run: source .venv/bin/activate && python -m pip install --upgrade pip && pip install -r requirements.txt
         - name: download previous build
-          uses: actions/download-artifact@v2
+          uses: actions/download-artifact@v3
         - name: Deploy to Gov PaaS
           uses: citizen-of-planet-earth/cf-cli-action@v2
           with: