PLT-695: Update AB2D prod-test ECR tag to avoid overlap with prod (#1408

)

## 🎫 Ticket
[PLT-695](https://jira.cms.gov/browse/PLT-695)

## 🛠 Changes

promote workflow updated to tag prod-test env images with the
"ab2d-prod-test" prefix.

## ℹ️ Context

<!-- Why were these changes made? Add background context suitable for a
non-technical audience. -->

The current tagging of ab2d-east-prod and ab2d-east-prod-test images
causes issues. ECR lifecycle policies are based on prefixes.
Essentially, a policy on the ab2d-east-prod prefix will include
ab2d-east-prod-test images in its count and may delete all prod images
older than any new prod-test images.
<!-- If any of the following security implications apply, this PR must
not be merged without Stephen Walter's approval. Explain in this section
and add @SJWalter11 as a reviewer.
  - Adds a new software dependency or dependencies.
  - Modifies or invalidates one or more of our security controls.
  - Stores or transmits data that was not stored or transmitted before.
- Requires additional review of security implications for other reasons.
-->

## 🧪 Validation
Check Workflow Execution:
Confirm that the workflow ran successfully in GitHub Actions.
Confirm Image Tags:
Go to the Amazon ECR repository in the AWS console.
Verify that the images have new tags (e.g., ab2d-prod-test-latest,
ab2d-sbx-latest, etc., depending on the environment).
Run Deployment:
Trigger the deployment pipeline for the environment where this workflow
was tested.
Confirm that the deployment succeeds without errors.
Check Logs for Any Issues:
Review logs from GitHub Actions and AWS CloudWatch for any error
messages.
Verify Application Functionality:
Access the application (in the test or production environment as
appropriate) to ensure it’s working correctly with the newly tagged
images.

<!-- How were the changes verified? Did you fully test the acceptance
criteria in the ticket? Provide reproducible testing instructions and
screenshots if applicable. -->

---------

Co-authored-by: Maboh Christopher <[email protected]>

.github/workflows/promote.yml

@@ -38,9 +38,18 @@ jobs:
         with:
           aws-region: ${{ vars.AWS_REGION }}
           role-to-assume: arn:aws:iam::${{ secrets.MGMT_ACCOUNT_ID }}:role/delegatedadmin/developer/ab2d-mgmt-github-actions
-      - name: Retag images in ECR
+
+      - name: Set environment variables
         env:
           DEPLOYMENT_ENV: ${{ vars[format('{0}_DEPLOYMENT_ENV', inputs.environment)] }}
+        run: |
+          if [ "${{ inputs.environment }}" == "prod_test" ]; then
+            echo "TAG_PREFIX=ab2d-prod-test" >> $GITHUB_ENV
+          else
+            echo "TAG_PREFIX=ab2d-$DEPLOYMENT_ENV" >> $GITHUB_ENV
+
+      - name: Retag images in ECR
+        env:
           ECR_REPO_DOMAIN: ${{ secrets.MGMT_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com
           ECR_REPO: ab2d_${{ inputs.module }}
         run: |
@@ -51,10 +60,10 @@ jobs:
           echo "Getting the manifest of the image tagged main-$SHA_SHORT"
           MANIFEST="$(curl -sS -H "Authorization: Basic $TOKEN" -H "Accept: $CONTENT_TYPE" "https://$ECR_REPO_DOMAIN/v2/$ECR_REPO/manifests/main-$SHA_SHORT")"
 
-          SHA_TAG="ab2d-$DEPLOYMENT_ENV-$SHA_SHORT"
+          SHA_TAG="$TAG_PREFIX-$SHA_SHORT"
           echo "Adding the $SHA_TAG tag to main-$SHA_SHORT image"
           curl -sS -X PUT -H "Authorization: Basic $TOKEN" -H "Content-Type: $CONTENT_TYPE" -d "$MANIFEST" "https://$ECR_REPO_DOMAIN/v2/$ECR_REPO/manifests/$SHA_TAG"
 
-          LATEST_TAG="ab2d-$DEPLOYMENT_ENV-latest"
+          LATEST_TAG="$TAG_PREFIX-latest"
           echo "Adding the $LATEST_TAG tag to main-$SHA_SHORT image"
           curl -sS -X PUT -H "Authorization: Basic $TOKEN" -H "Content-Type: $CONTENT_TYPE" -d "$MANIFEST" "https://$ECR_REPO_DOMAIN/v2/$ECR_REPO/manifests/$LATEST_TAG"