From 8a186d096c2f3881e22dcd5e5f86aede0e7bc9f8 Mon Sep 17 00:00:00 2001
From: Nat Dean-Lewis <94526761+natdeanlewissoftwire@users.noreply.github.com>
Date: Wed, 11 Mar 2026 09:36:17 +0000
Subject: [PATCH] CLDC-4236: trigger review app deploys manually (#3216)

* CLDC-4236: make review deploy manual

* CLDC-4236: use pr comment trigger

* CLDC-4236: refactor

* CLDC-4236: add workflow permissions block

* CLDC-4236: add manual worflow dispatch method back in

* CLDC-4236: clarify workflow dispatch description

* CLDC-4236: rename pull_request_id input -> pr_number for consistency
---
 .github/workflows/review_app_prompt.yml | 24 ++++++++
 .github/workflows/review_pipeline.yml   | 73 +++++++++++++++++--------
 2 files changed, 74 insertions(+), 23 deletions(-)
 create mode 100644 .github/workflows/review_app_prompt.yml

diff --git a/.github/workflows/review_app_prompt.yml b/.github/workflows/review_app_prompt.yml
new file mode 100644
index 000000000..9c795cfa9
--- /dev/null
+++ b/.github/workflows/review_app_prompt.yml
@@ -0,0 +1,24 @@
+name: Review app deploy prompt
+
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  prompt:
+    name: Add review app deploy instructions
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+
+    steps:
+      - name: Comment with deploy instructions
+        uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: 'To deploy a review app for this PR, comment `/deploy-review`.',
+            });
diff --git a/.github/workflows/review_pipeline.yml b/.github/workflows/review_pipeline.yml
index b31f81e23..307aa0381 100644
--- a/.github/workflows/review_pipeline.yml
+++ b/.github/workflows/review_pipeline.yml
@@ -1,57 +1,84 @@
 name: Review app pipeline
 
-concurrency:
-  group: review-${{ github.event.pull_request.number }}
-
 on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
+  issue_comment:
+    types: [created]
   workflow_dispatch:
+    inputs:
+      pr_number:
+        required: true
+        type: string
+        description: "The number of the PR for which to deploy a review app. Note: this is NOT the ticket number"
 
-defaults:
-  run:
-    shell: bash
+permissions: {}
 
 jobs:
+  get_pr_details:
+    name: Get PR details
+    if: github.event_name == 'workflow_dispatch' || (github.event.issue.pull_request && startsWith(github.event.comment.body, '/deploy-review'))
+    runs-on: ubuntu-latest
+    outputs:
+      pr_number: ${{ steps.get_pr_details.outputs.pr_number }}
+    steps:
+      - name: Get PR number
+        id: get_pr_details
+        uses: actions/github-script@v7
+        with:
+          script: |
+            if (context.eventName === 'workflow_dispatch') {
+              core.setOutput('pr_number', '${{ inputs.pr_number }}');
+            } else {
+              core.setOutput('pr_number', context.issue.number.toString());
+            }
+
   infra:
     name: Deploy review app infrastructure
+    needs: [get_pr_details]
     uses: communitiesuk/submit-social-housing-lettings-and-sales-data-infrastructure/.github/workflows/create_review_app_infra.yml@main
     with:
-      key: ${{ github.event.pull_request.number }}
+      key: ${{ needs.get_pr_details.outputs.pr_number }}
       app_repo_role: arn:aws:iam::815624722760:role/core-application-repo
     permissions:
       id-token: write
 
   code:
     name: Deploy review app code
-    needs: [infra]
+    needs: [get_pr_details, infra]
     uses: ./.github/workflows/aws_deploy.yml
     with:
       aws_account_id: 837698168072
       aws_role_prefix: core-dev
-      aws_task_prefix: core-review-${{ github.event.pull_request.number }}
-      concurrency_tag: ${{ github.event.pull_request.number }}
+      aws_task_prefix: core-review-${{ needs.get_pr_details.outputs.pr_number }}
+      concurrency_tag: ${{ needs.get_pr_details.outputs.pr_number }}
       environment: review
     permissions:
       id-token: write
 
   comment:
     name: Add link to PR
-    needs: [code]
+    needs: [get_pr_details, code]
     runs-on: ubuntu-latest
     permissions:
-      issues: write
       pull-requests: write
 
     steps:
       - name: Comment on PR with URL
-        uses: unsplash/comment-on-pr@v1.3.0
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        uses: actions/github-script@v7
         with:
-          msg: "Created review app at https://review.submit-social-housing-data.communities.gov.uk/${{ github.event.pull_request.number }}. Note that the review app will be automatically deprovisioned after 30 days and will need the review app pipeline running again."
-          check_for_duplicate_msg: true
-          duplicate_msg_pattern: Created review app at*
+          script: |
+            const prNumber = ${{ needs.get_pr_details.outputs.pr_number }};
+            const body = `Created review app at https://review.submit-social-housing-data.communities.gov.uk/${prNumber}. Note that the review app will be automatically deprovisioned after 30 days and will need the review app pipeline running again.`;
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: prNumber,
+            });
+            const duplicate = comments.find(c => c.body.startsWith('Created review app at'));
+            if (!duplicate) {
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: prNumber,
+                body: body,
+              });
+            }