Terraform migration

[Kamil-Biegaj-HM]

Jira link

See PROJ-XXXXXX

Change description

Testing done

Security Vulnerability Assessment

CVE Suppression: Are there any CVEs present in the codebase (either newly introduced or pre-existing) that are being intentionally suppressed or ignored by this commit?

• Yes
• No

Checklist

• commit messages are meaningful and follow good commit message guidelines
• README and other documentation has been updated / added (if needed)
• tests have been updated / new tests has been added (if needed)
• Does this PR introduce a breaking change

Link to Terraform Plan

https://tfplan-viewer.hmcts.net/azure-platform-terraform/2740

🤖AEP PR SUMMARY🤖

• azure_pipeline.yaml:
  • Updated the reference for the cnp-azuredevops-libraries repository from refs/heads/master to refs/heads/feature/terraform-migration 🛠️
  • Removed the CheckLatestCommit job which verified if the pipeline was running on the latest commit of the master branch ❌
  • Removed the bash script that compared the current commit with the latest commit on master and prevented outdated pipeline runs ⛔

[github-actions]

Suggestions for Improvement

1. Branch Naming for Clarity and Consistency:

   • The branch name changed from refs/heads/master to refs/heads/feature/terraform-migration. Ensure that branch naming follows conventions such as using a / separator for better organization (e.g., feature/terraform/migration) to maintain clarity.

   yaml
   ref: refs/heads/feature/terraform/migration

2. Unused Block of Lines:

   • Remove or restore the deleted CheckLatestCommit job. The empty lines (+ + + + ...) left behind do not serve any purpose. If the job was removed intentionally, ensure to refactor the pipeline or mention its replacement.

3. Improvements in Security:

   • The checkout step uses persistCredentials: true. If you don't need this behavior (e.g., subsequent steps don't require authenticated Git commands), set this to false or remove it altogether.

   - checkout: self
     persistCredentials: false

4. Pipeline Efficiency:

   • Fetching the complete Git history (fetchDepth: 0) can be resource-intensive. Only fetch the latest commit unless the full history is essential.

   fetchDepth: 1

5. Hardcoded Branch Name (master):

   • Replace master with a variable in the git fetch command to avoid hardcoded values and improve flexibility, especially if the default branch name changes.

   git fetch --depth=1 origin $(System.PullRequest.TargetBranch)

6. Code Readability:

   • The indentation and empty lines in the pipeline appear misaligned. Clean up any extraneous empty lines.

7. Dynamic Parallelization:

   • The newly added environment_components parameter uses each to iterate over environments. Confirm whether parallelized job execution (dependsOn, multiConfiguration) can be leveraged instead to optimize runtime.

8. Carbon / Cost Improvements:

   • Double-check the vmImage used in the pipeline. Use the most lightweight and appropriate image for the job (e.g., ubuntu-latest over heavier images) to save costs and carbon emissions.

   Current example:

   vmImage: ${{ variables.agentPool }}

   Proposed change (if possible):

   vmImage: 'ubuntu-latest'

9. Error Message Clarity:

   • The error message in the CheckLatestCommit job is verbose and can be made more concise without losing clarity. For example:

   Current:

   echo \"A newer commit was pushed after this pipeline started.\"
   echo \"Please rerun the pipeline to use the latest commit.\"

   Suggested:

   echo \"Newer commit found. Rerun the pipeline.\"

Benefits of Improvements:

• Code Quality: Clearer and more maintainable pipeline with fewer extraneous lines.
• Security: Reducing the exposure of credentials.
• Best Practices: Keeping pipelines dynamic and easier to scale.
• Cost & Environmental Impact: Optimizing fetched git history and using a lightweight VM improves runtime efficiency, potentially saving costs (up to 10-20 GBP per month) and reducing carbon footprint.

[hmcts-platform-operations]

Tip

✅ master branch build is now passing!

Build: #apply - Azure Platform