feature/UI refresh (#1942)

* Fix Guacamole refresh token (#1785)

* Fixing Guacamole refresh token

* Fix aad tenant bug

Co-authored-by: Anat Balzam <[email protected]>

* Add Contributor to the Role permissions (#1781)

* Put it back to Owner during investigation

* Attempt to find correct permissions

* User Access Administrator

Co-authored-by: Marcus Robinson <[email protected]>

* Ignore Only Root index.html (#1800)

* fixes #1775

* remove unwanted cli prefix

* only ignore root index.html

* Gitea/Guacamole should be able to access AAD_TENANT_ID (#1798)

* Add auth-tenant-id to ws keyvault

* Bump versions

* linting

* re-instating the deploy/destroy files

* Linting

* Update deploy.sh

* Update destroy.sh

* shared services in pr bot and split out in tests (#1813)

* Resource Processor: Configure logging handler per process (#1784)

* Update TRE Developer doc for API (#1801)

* E2E work with scope_id from workspace properties (#1797)

* E2E work with local API

* Added scope identifier uri into tests

* Hangiver from previous method

* Try adding a sleep into the endpoint dns

* Bump the version

* Wait for the private endpoint

* Bump version

* Forgot to wait on teh sleep

* Bumped

* refactoring bug

* Purge Protection

* Bump version

* PR Comments

* More PR tweaks

* typo

* shell check comment

* Remove purge protection

* _get_app_auth_info

* Update docs on running End-to-end tests locally (#1829)

* Fix check order in pr-bot (#1850)

Only check user permissions if a command is detected
to avoid adding 'sorry, not allowed' comments in response to comments
that aren't commands

* Next available IP range calculator only considers active workspaces (#1849)

* Increase Azure CLI version (#1864)

* update all versions to 0.3 (#1754)

* Fix Firewall Logging (#1870)

* switch firewall away from dedicated log tables

* update TF lock

* fix liniting issue with firewall.tf

* Change how access properties in get_scope (#1882)

* added missing param for invoke-action (#1906)

* added missing param

* api version

* Add Bicep tools to devcontainer (#1848)

Co-authored-by: Marcus Robinson <[email protected]>

* E2E tests: Fix shared service and performance tests  (#1860)

* Fix tests

* WIP

* WIP: add a command to build a user resource

* Fix performance test

* fix gucacamole dev vm

* removed unused import

* Fix shared services test

* fix user resources command

* Revert Makefile changes

* fix tabs

* Update templates/workspaces/base/terraform/variables.tf

Co-authored-by: Ross Smith <[email protected]>

* Add .terraform in .dockerignore files (#1872)

* Bump pyjwt from 2.3.0 to 2.4.0 in /api_app (#1913)

* Add resource id var to shared services. (#1914)

* Add resource id var to shared services.

* Update gitea version.

* Fix linter version.

Co-authored-by: Liza Shakury <[email protected]>

* add tflint config (#1919)

* Update httpx package (#1917)

* update httpx package

* bump version number of API

* Improve documentation for Resource Processor (#1827)

* Re-host Nexus on vm (#1584)

* Initial commit

* Replaced webapp with vm

* Amended docker start commands

* Amended firewall

* Add nexus config to persistent volume

* Add private dns zone

* Corrected rg var

* Added Nexus letsencrypt cert gen

* Fixed linting

* Changed terraform.lock.hcl to previous version

* Removed leftover debug

* Typo fix

Co-authored-by: Stuart Leeks <[email protected]>

* File path amend

Co-authored-by: Stuart Leeks <[email protected]>

* Fix for cloudapp DNS resolution errors

* Docker running on Nexus VM

* Documented Letsencrypt process

* Permissions fix

* Typo fix

Co-authored-by: Stuart Leeks <[email protected]>

* Typo fix

Co-authored-by: Stuart Leeks <[email protected]>

* Typo fix

Co-authored-by: Stuart Leeks <[email protected]>

* Formatting changes

* Added reference to letsencrypt doc

* Added new page reference

* Moved password generation for nexus to tf

* Write script to fs first before execution

* Password reset finally working

* Make config nexus script runnable from any dir

* Added basic status info

* Fix recursive file loop

* Typo fix

* Updated docs

* renamed env file

* Fix typo

* Added new nexus fqdn to user resources

* Add vnet link to workspaces

* Bump versions

* Removed nexus properties file

* Updated execution permissions

* Get cert in tf

* Added az cli get cert

* Amended prune job

* Added msi id to login

* Amended msi and exported cert pwd

* Jetty configuration

* Escape jetty vars

* Password script fixes

* Amended networking to use module

* Use https in config script

* Removed res proc location variable

* Potential linting fix

* Linting fixes

* Linting directive positioning

* Gitea version bump

* Terraform format

* Reorder linting to workaround superlinter bug with Terraform

* Added nexus-cert to build and caching of letsencrypt

* Adopted new shared service deploy method

* Added cron job to renew nexus cert

* Removed location references

* And another

* Removed location refs and added az cli

* Fixed nexus-cert kv permissions

* Corrected outputs directory

* Fixed shared service deployment steps

* Updated docs and removed renew prompt

* version bump

* Increase bundle versions

* remote location from variables files

* Removed shared service make

* Removed docker prune

* Bash headers

* Layer clean

* Reduce layer

* Testing without kv role assignment

* Removed kv role assignment

* Adding firewall rule to allow letsencrypt from RP

* Genericised cert service and added letsencrypt action

* Fixed auth hook

* Removed make commands

* Certbot in bundle container

* Tidied naming

* Python base image

* Generate action successful

* Inject cert name to nexus bundle

* Implemented app gateway start/stop

* Separated cloudinit yaml into scripts

* Fixed new line issue

* Fixed bash casing

* Added local nexus repo config

* Added retry logic to config repos

* gitea bump

* Fixed status code

* terraform linting

* Added docs

* Lint fix

* Update docs/tre-developers/letsencrypt.md

* Update docs/tre-admins/setup-instructions/configuring-shared-services.md

* Update docs/tre-developers/letsencrypt.md

* Update docs/tre-developers/letsencrypt.md

* Update docs/tre-admins/setup-instructions/configuring-shared-services.md

Co-authored-by: Marcus Robinson <[email protected]>

* Fix firewall conflict

* Added note to docs for cert kv conflicts

* Renamed sonatype-nexus to nexus for new version

* Added old nexus service code

* Lint fix

* Renamed folder to be obvious as the nexus-vm

* Added docs for upgrade path

* Added data.azurerm rg core

* linting

* bash linting

* Require workspace of 0.2.14 or above

* Moved new version notes to section below config steps

* Removed give new cert name

* RP cert permissions

* tf format

* Added required params for certs and nexus tempalte schema

* Added cert import permissions

* Added certs delete permission

* App gateway az login

* Version bumps

* tf fmt

* Added missing az cred params to certs

* Add purge permission

* Bump tf versions to 3.4.0 & set purge to false

* Removed unsupported property from new provider

* Moved nexus private zone to core

* Amended location var

* Amended zone location

* Added upgrade flag for tf

* Remove tf lock

* Added new tf key

* Added key into uninstall

* Resolve firewall rule conflicts

* Var reference fix

* Fix for potential @ symbol in nexus admin password causing curl bug

* Added nexus_version variable to user resources for back compat

* Added docs for nexus_version

* downgrade superlinter

* revert superlinter to v4

* Remove lint aws plugin block

* Use superlinter latest

* Manually set tflint path

Co-authored-by: oliver7598 <[email protected]>
Co-authored-by: Stuart Leeks <[email protected]>
Co-authored-by: Ross Smith <[email protected]>
Co-authored-by: ross-p-smith <[email protected]>
Co-authored-by: Jamie D <[email protected]>
Co-authored-by: Stuart Leeks <[email protected]>
Co-authored-by: marrobi <[email protected]>

* Mandatory client-secret when creating a workspace (#1924)

* Mandatory client_secret when creating workspace

* Debugging settings

* azure rm version

* Update templates/workspaces/base/.env.sample

Co-authored-by: Marcus Robinson <[email protected]>

* Update templates/workspaces/base/.env.sample

Co-authored-by: Marcus Robinson <[email protected]>

* Update templates/workspaces/base/terraform/variables.tf

Co-authored-by: Marcus Robinson <[email protected]>

* disable app service's ftp (#1930)

* Airlock resources - tf scripts (#1843)

* Airlock resources - tf scripts

* reusing the existing sb + adding network rules
bug fixes

* Make etag required in API documentaiton, remove custom check (#1932)

* Make etag required in API documentaiton, remove custom check

* Update _version.py

* tests + remove string

Co-authored-by: sharon <[email protected]>

* Reimage Resource Processor Automatically (#1929)

* reimage resource processor automatically

* resource processor vm user docker permissions

* update hcl

* initial swa deploy

* Tag tre core services (#1916)

* tag core resources

Co-authored-by: Anat Balzam <[email protected]>
Co-authored-by: Anat Balzam <[email protected]>
Co-authored-by: Ross Smith <[email protected]>
Co-authored-by: Marcus Robinson <[email protected]>
Co-authored-by: Martin Peck <[email protected]>
Co-authored-by: tanya-borisova <[email protected]>
Co-authored-by: Stuart Leeks <[email protected]>
Co-authored-by: Tamir Kamara <[email protected]>
Co-authored-by: Sven Aelterman <[email protected]>
Co-authored-by: Sonali Rajput <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Liza Shakury <[email protected]>
Co-authored-by: Liza Shakury <[email protected]>
Co-authored-by: James Griffin <[email protected]>
Co-authored-by: oliver7598 <[email protected]>
Co-authored-by: Stuart Leeks <[email protected]>
Co-authored-by: ross-p-smith <[email protected]>
Co-authored-by: Jamie D <[email protected]>
Co-authored-by: Elad Iwanir <[email protected]>
Co-authored-by: Sharon Hart <[email protected]>
Co-authored-by: sharon <[email protected]>
Co-authored-by: Guy Bertental <[email protected]>

.devcontainer/Dockerfile

@@ -18,8 +18,8 @@ RUN bash /tmp/non-root-user.sh "${USERNAME}" "${USER_UID}" "${USER_GID}"
 # Set env for tracking that we're running in a devcontainer
 ENV DEVCONTAINER=true
 
-# [Option] Install Node.js
-ARG INSTALL_NODE="false"
+# [Option] Install Node.js for GH actions tests and UI
+ARG INSTALL_NODE="true"
 ARG NODE_VERSION="lts/*"
 RUN if [ "${INSTALL_NODE}" = "true" ]; then su $USERNAME -c "umask 0002 && . /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"; fi
 
@@ -75,7 +75,7 @@ COPY ["e2e_tests/requirements.txt", "/tmp/pip-tmp/e2e_tests/"]
 RUN pip3 --disable-pip-version-check --no-cache-dir install -r /tmp/pip-tmp/requirements.txt && rm -rf /tmp/pip-tmp
 
 # Install azure-cli
-ARG AZURE_CLI_VERSION=2.29.2-1~buster
+ARG AZURE_CLI_VERSION=2.36.0-1~buster
 COPY .devcontainer/scripts/azure-cli.sh /tmp/
 RUN export AZURE_CLI_VERSION=${AZURE_CLI_VERSION} \
     && /tmp/azure-cli.sh
@@ -95,3 +95,6 @@ RUN echo "export HISTFILE=$HOME/commandhistory/.bash_history" >> "$HOME/.bashrc"
 # Install github-cli
 COPY ./.devcontainer/scripts/gh.sh /tmp/
 RUN if [ "${INTERACTIVE}" = "true" ]; then /tmp/gh.sh; fi
+
+# install SWA CLI
+RUN if [ "${INSTALL_NODE}" = "true" ]; then npm install -g @azure/static-web-apps-cli; fi

.devcontainer/devcontainer.json

@@ -25,11 +25,11 @@
   ],
   "remoteUser": "vscode",
   "containerEnv": {
-    "DOCKER_BUILDKIT": "1",
+    "DOCKER_BUILDKIT": "1"
   },
   "remoteEnv": {
     // this is used for SuperLinter
-    "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}",
+    "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}"
   },
   // Set *default* container specific settings.json values on container create.
   "settings": {
@@ -91,6 +91,22 @@
             "false"
           ]
         },
+        {
+          "name": "E2E Shared Services",
+          "type": "python",
+          "request": "launch",
+          "module": "pytest",
+          "justMyCode": true,
+          "cwd": "${workspaceFolder}/e2e_tests/",
+          "preLaunchTask": "Copy_env_file_for_e2e_debug",
+          "envFile": "${workspaceFolder}/templates/core/private.env",
+          "args": [
+            "-m",
+            "shared_services",
+            "--verify",
+            "false"
+          ]
+        },
         {
           "name": "E2E Performance",
           "type": "python",
@@ -175,7 +191,7 @@
           },
           "command": "pytest",
           "args": [
-            "--ignore=e2e_tests",
+            "--ignore=e2e_tests"
           ]
         },
         {
@@ -189,7 +205,7 @@
             "-m",
             "pytest",
             "-m",
-            "smoke",
+            "smoke"
           ]
         }
       ]
@@ -207,6 +223,7 @@
     "mikestead.dotenv",
     "humao.rest-client",
     "timonwong.shellcheck",
+    "ms-azuretools.vscode-bicep"
   ],
   "forwardPorts": [
     8000

.github/linters/.tflint.hcl

@@ -0,0 +1,8 @@
+config {
+  module = true
+  force = false
+}
+
+plugin "azurerm" {
+    enabled = true
+}

.github/scripts/build.js

@@ -17,19 +17,6 @@ async function getCommandFromComment({ core, context, github }) {
   const runId = context.runId;
   const prAuthorUsername = context.payload.issue.user.login;
 
-  // only allow actions for users with write access
-  if (!await userHasWriteAccessToRepo({ core, github }, commentUsername, repoOwner, repoName)) {
-    core.notice("Command: none - user doesn't have write permission]");
-    await github.rest.issues.createComment({
-      owner: repoOwner,
-      repo: repoName,
-      issue_number: prNumber,
-      body: `Sorry, @${commentUsername}, only users with write access to the repo can run pr-bot commands.`
-    });
-    logAndSetOutput(core, "command", "none");
-    return "none";
-  }
-
   // Determine PR SHA etc
   const ciGitRef = getRefForPr(prNumber);
   logAndSetOutput(core, "ciGitRef", ciGitRef);
@@ -65,7 +52,20 @@ async function getCommandFromComment({ core, context, github }) {
   let command = "none";
   const trimmedFirstLine = commentFirstLine.trim();
   if (trimmedFirstLine[0] === "/") {
-    const parts = trimmedFirstLine.split(' ').filter(p=>p !== '');
+    // only allow actions for users with write access
+    if (!await userHasWriteAccessToRepo({ core, github }, commentUsername, repoOwner, repoName)) {
+      core.notice("Command: none - user doesn't have write permission]");
+      await github.rest.issues.createComment({
+        owner: repoOwner,
+        repo: repoName,
+        issue_number: prNumber,
+        body: `Sorry, @${commentUsername}, only users with write access to the repo can run pr-bot commands.`
+      });
+      logAndSetOutput(core, "command", "none");
+      return "none";
+    }
+
+    const parts = trimmedFirstLine.split(' ').filter(p => p !== '');
     const commandText = parts[0];
     switch (commandText) {
       case "/test":
@@ -95,6 +95,15 @@ async function getCommandFromComment({ core, context, github }) {
           break;
         }
 
+      case "/test-shared-services":
+        {
+          const runTests = await handleTestCommand({ core, github }, parts, "shared service tests", runId, { number: prNumber, authorUsername: prAuthorUsername, repoOwner, repoName, headSha: prHeadSha, refId: prRefId, details: pr }, { username: commentUsername, link: commentLink });
+          if (runTests) {
+            command = "run-tests-shared-services";
+          }
+          break;
+        }
+
       case "/test-force-approve":
         {
           command = "test-force-approve";
@@ -229,6 +238,7 @@ async function showHelp({ github }, repoOwner, repoName, prNumber, commentUser,
 You can use the following commands:
     /test - build, deploy and run smoke tests on a PR
     /test-extended - build, deploy and run smoke & extended tests on a PR
+    /test-shared-services - test the deployment of shared services on a PR build
     /test-force-approve - force approval of the PR tests (i.e. skip the deployment checks)
     /test-destroy-env - delete the validation environment for a PR (e.g. to enable testing a deployment from a clean start after previous tests)
     /help - show this help`;

.github/scripts/build.test.js

@@ -53,27 +53,49 @@ describe('getCommandFromComment', () => {
   }
 
   describe('with non-contributor', () => {
-    test(`for '/test' should return 'none'`, async () => {
-      const context = createCommentContext({
-        username: 'non-contributor',
-        body: '/test',
+    describe(`for '/test`, () => {
+      test(`should return 'none'`, async () => {
+        const context = createCommentContext({
+          username: 'non-contributor',
+          body: '/test',
+        });
+        const command = await getCommandFromComment({ core, context, github });
+        expect(outputFor(mockCoreSetOutput, 'command')).toBe('none');
       });
-      const command = await getCommandFromComment({ core, context, github });
-      expect(outputFor(mockCoreSetOutput, 'command')).toBe('none');
-    });
 
-    test(`should add a comment indicating that the user cannot run commands`, async () => {
-      const context = createCommentContext({
-        username: 'non-contributor',
-        body: '/test',
-        pullRequestNumber: PR_NUMBER.UPSTREAM_NON_DOCS_CHANGES,
+      test(`should add a comment indicating that the user cannot run commands`, async () => {
+        const context = createCommentContext({
+          username: 'non-contributor',
+          body: '/test',
+          pullRequestNumber: PR_NUMBER.UPSTREAM_NON_DOCS_CHANGES,
+        });
+        await getCommandFromComment({ core, context, github });
+        expect(mockGithubRestIssuesCreateComment).toHaveComment({
+          owner: 'someOwner',
+          repo: 'someRepo',
+          issue_number: PR_NUMBER.UPSTREAM_NON_DOCS_CHANGES,
+          bodyMatcher: /Sorry, @non-contributor, only users with write access to the repo can run pr-bot commands./
+        });
       });
-      await getCommandFromComment({ core, context, github });
-      expect(mockGithubRestIssuesCreateComment).toHaveComment({
-        owner: 'someOwner',
-        repo: 'someRepo',
-        issue_number: PR_NUMBER.UPSTREAM_NON_DOCS_CHANGES,
-        bodyMatcher: /Sorry, @non-contributor, only users with write access to the repo can run pr-bot commands./
+    });
+    describe(`for 'non-command`, () => {
+      test(`should return 'none'`, async () => {
+        const context = createCommentContext({
+          username: 'non-contributor',
+          body: 'non-command',
+        });
+        const command = await getCommandFromComment({ core, context, github });
+        expect(outputFor(mockCoreSetOutput, 'command')).toBe('none');
+      });
+
+      test(`should not add a comment`, async () => {
+        const context = createCommentContext({
+          username: 'non-contributor',
+          body: 'non-command',
+          pullRequestNumber: PR_NUMBER.UPSTREAM_NON_DOCS_CHANGES,
+        });
+        await getCommandFromComment({ core, context, github });
+        expect(mockGithubRestIssuesCreateComment).not.toHaveBeenCalled();
       });
     });
 
@@ -364,6 +386,32 @@ describe('getCommandFromComment', () => {
         });
       });
 
+      describe(`for '/test-shared-services'`, () => {
+        test(`should set command to 'run-tests-shared-services'`, async () => {
+          const context = createCommentContext({
+            username: 'admin',
+            body: '/test-shared-services',
+          });
+          await getCommandFromComment({ core, context, github });
+          expect(outputFor(mockCoreSetOutput, 'command')).toBe('run-tests-shared-services');
+        });
+
+        test(`should add comment with run link`, async () => {
+          const context = createCommentContext({
+            username: 'admin',
+            body: '/test-shared-services',
+            pullRequestNumber: PR_NUMBER.UPSTREAM_NON_DOCS_CHANGES,
+          });
+          await getCommandFromComment({ core, context, github });
+          expect(mockGithubRestIssuesCreateComment).toHaveComment({
+            owner: 'someOwner',
+            repo: 'someRepo',
+            issue_number: PR_NUMBER.UPSTREAM_NON_DOCS_CHANGES,
+            bodyMatcher: /Running shared service tests: https:\/\/github.com\/someOwner\/someRepo\/actions\/runs\/11112222 \(with refid `cbce50da`\)/,
+          });
+        });
+      });
+
       describe(`for '/test-extended' for external PR (i.e. without commit SHA specified)`, () => {
         test(`should set command to 'none'`, async () => {
           const context = createCommentContext({

.github/workflows/build_validation_develop.yml

@@ -42,14 +42,17 @@ jobs:
         if: ${{ steps.filter.outputs.terraform == 'true' }}
         run: |
           find . -type d -name 'terraform' -not -path '*cnab*' -print0 \
-          | xargs -0 -I{} sh -c 'echo "***** Validating: {} *****"; \
+          | xargs -0 -I{} sh -c 'echo "***** Validating: {} *****"; \https://github.com/github/super-linter/issues/2433
           terraform -chdir={} init -backend=false; terraform -chdir={} validate'
 
       - name: Lint code base
         # the slim image is 2GB smaller and we don't use the extra stuff
         # Moved this after the Terraform checks above due something similar to this issue: https://github.com/github/super-linter/issues/2433
-        uses: github/super-linter/slim@v4
+        uses: github/super-linter/slim@v4.9.3
         env:
+          # Until https://github.com/github/super-linter/commit/ec0662756da93f1e3aad4df049712df7d764d143 is released
+          # we need to set the correct plugin directory (which is incorrectly set to github/home/.tflint.d/plugins by default)
+          TFLINT_PLUGIN_DIR: "/root/.tflint.d/plugins"
           VALIDATE_ALL_CODEBASE: false
           DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/deploy_tre.yml

@@ -23,6 +23,7 @@ jobs:
     with:
       ciGitRef: ${{ github.ref }}
       runExtendedTests: true
+      runSharedServicesTests: true
     secrets:
       AAD_TENANT_ID: ${{ secrets.AAD_TENANT_ID }}
       ACR_NAME: ${{ secrets.ACR_NAME }}

.github/workflows/deploy_tre_branch.yml

@@ -14,6 +14,11 @@ on:  # yamllint disable-line rule:truthy
         type: boolean
         default: false
         required: false
+      runSharedServicesTests:
+        description: Run the shared services tests as part of the deployment?
+        type: boolean
+        default: false
+        required: false
 
 # This will prevent multiple runs of this entire workflow.
 # We should NOT cancel in progress runs as that can destabilize the environment.
@@ -51,6 +56,7 @@ jobs:
       ciGitRef: ${{ github.ref }}
       # testing input against string 'true' - see https://github.com/actions/runner/issues/1483
       runExtendedTests: ${{ github.event.inputs.runExtendedTests == 'true' }}
+      runSharedSevicesTests: ${{ github.event.inputs.runSharedServicesTests == 'true' }}
     secrets:
       AAD_TENANT_ID: ${{ secrets.AAD_TENANT_ID }}
       ACR_NAME: ${{ format('tre{0}', needs.prepare-not-main.outputs.refid) }}

.github/workflows/deploy_tre_reusable.yml

@@ -21,6 +21,11 @@ on:  # yamllint disable-line rule:truthy
         type: boolean
         default: false
         required: false
+      runSharedServicesTests:
+        description: Controls whether to run the shared services tests as part of the deployment
+        type: boolean
+        default: false
+        required: false
     secrets:
       AAD_TENANT_ID:
         description: ""
@@ -706,9 +711,61 @@ jobs:
         with:
           files: "./e2e_tests/pytest_e2e_extended.xml"
 
+  e2e_tests_shared_services:
+    name: "Run E2E Tests (Shared Services)"
+    if: ${{ inputs.runSharedServicesTests }}
+    runs-on: ubuntu-latest
+    environment: CICD
+    needs: [deploy_shared_services, build_additional_images]
+    timeout-minutes: 50
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          persist-credentials: false
+          # if the following values are missing (i.e. not triggered via comment workflow)
+          # then the default checkout will apply
+          ref: ${{ inputs.prRef }}
+
+      - name: Run E2E Tests (Shared Services)
+        uses: ./.github/actions/devcontainer_run_command
+        with:
+          COMMAND: "make test-e2e-shared-services"
+          ACTIONS_ACR_NAME: ${{ secrets.ACTIONS_ACR_NAME }}
+          ACTIONS_ACR_URI: ${{ secrets.ACTIONS_ACR_URI }}
+          ACTIONS_ACR_PASSWORD: ${{ secrets.ACTIONS_ACR_PASSWORD }}
+          ACTIONS_DEVCONTAINER_TAG: ${{ secrets.ACTIONS_DEVCONTAINER_TAG }}
+          ARM_TENANT_ID: "${{ secrets.ARM_TENANT_ID }}"
+          ARM_CLIENT_ID: "${{ secrets.ARM_CLIENT_ID }}"
+          ARM_CLIENT_SECRET: "${{ secrets.ARM_CLIENT_SECRET }}"
+          ARM_SUBSCRIPTION_ID: "${{ secrets.ARM_SUBSCRIPTION_ID }}"
+          LOCATION: "${{ secrets.LOCATION }}"
+          API_CLIENT_ID: "${{ secrets.API_CLIENT_ID }}"
+          AAD_TENANT_ID: "${{ secrets.AAD_TENANT_ID }}"
+          TEST_APP_ID: "${{ secrets.TEST_APP_ID }}"
+          TEST_WORKSPACE_APP_ID: "${{ secrets.TEST_WORKSPACE_APP_ID }}"
+          TEST_WORKSPACE_APP_SECRET: "${{ secrets.TEST_WORKSPACE_APP_SECRET }}"
+          TEST_ACCOUNT_CLIENT_ID: "${{ secrets.TEST_ACCOUNT_CLIENT_ID }}"
+          TEST_ACCOUNT_CLIENT_SECRET: "${{ secrets.TEST_ACCOUNT_CLIENT_SECRET }}"
+          TRE_ID: "${{ secrets.TRE_ID }}"
+          IS_API_SECURED: false
+
+      - name: Upload Test Results
+        if: always()
+        uses: actions/upload-artifact@v2
+        with:
+          name: E2E Test (Shared Services) Results
+          path: "./e2e_tests/pytest_e2e_shared_services.xml"
+
+      - name: Publish Test Results
+        if: always()
+        uses: EnricoMi/publish-unit-test-result-action@v1
+        with:
+          files: "./e2e_tests/pytest_e2e_shared_services.xml"
+
   summary:
     name: Summary Notification
-    needs: [e2e_tests_smoke, e2e_tests_extended]
+    needs: [e2e_tests_smoke, e2e_tests_extended, e2e_tests_shared_services]
     runs-on: ubuntu-latest
     if: ${{ always() && (github.ref == 'refs/heads/main' && inputs.prRef == '') }}
     environment: CICD