DO-1743: update CST endpoint format to use project key structure

Changed CST reporting to use correct endpoint format:
- Added cst-project-key input and CST_PROJECT_KEY workspace variable
- Constructs full URL as: {endpoint}/{project-key}/adobe-commerce
- Hardcoded adobe-commerce path as requested
- Updated documentation with new format and workspace variables section
- Added example using generic project key structure

Author: TheOrangePuff

.github/workflows/magento-cloud-deploy.yml

@@ -48,7 +48,12 @@ on:
 
       # CST Reporting Configuration
       cst-endpoint:
-        description: "CST endpoint URL (optional, overrides workspace variable)"
+        description: "CST endpoint base URL (optional, overrides workspace variable)"
+        type: string
+        required: false
+        default: ""
+      cst-project-key:
+        description: "CST project key (optional, overrides workspace variable)"
         type: string
         required: false
         default: ""
@@ -404,29 +409,38 @@ jobs:
             CST_ENDPOINT="${{ vars.CST_ENDPOINT }}"
           fi
           
+          # Determine CST project key - input overrides workspace variable
+          CST_PROJECT_KEY="${{ inputs.cst-project-key }}"
+          if [ -z "$CST_PROJECT_KEY" ]; then
+            CST_PROJECT_KEY="${{ vars.CST_PROJECT_KEY }}"
+          fi
+          
           # Determine CST reporting key - input overrides workspace secret
           CST_KEY="${{ inputs.cst-reporting-key }}"
           if [ -z "$CST_KEY" ]; then
             CST_KEY="${{ secrets.cst-reporting-token }}"
           fi
           
-          # Only run CST reporting if both endpoint and key are available
-          if [ -n "$CST_ENDPOINT" ] && [ -n "$CST_KEY" ]; then
+          # Only run CST reporting if endpoint, project key, and auth key are available
+          if [ -n "$CST_ENDPOINT" ] && [ -n "$CST_PROJECT_KEY" ] && [ -n "$CST_KEY" ]; then
             echo "📡 Reporting deployment to CST (Confidentiality and Security Team)..."
             
+            # Construct full CST URL: endpoint/project_key/adobe-commerce
+            CST_FULL_URL="${CST_ENDPOINT}/${CST_PROJECT_KEY}/adobe-commerce"
+            
             # Send composer.lock file contents to CST endpoint
             if [ -f "composer.lock" ]; then
-              curl -X POST "${CST_ENDPOINT}/deployments" \
+              curl -X POST "${CST_FULL_URL}" \
                 -H "Authorization: Bearer ${CST_KEY}" \
                 -H "Content-Type: application/octet-stream" \
                 --data-binary @composer.lock
               
-              echo "✅ Deployment reported to CST systems"
+              echo "✅ Deployment reported to CST systems at ${CST_FULL_URL}"
             else
               echo "⚠️ composer.lock not found, skipping CST reporting"
             fi
           else
-            echo "ℹ️ CST reporting skipped (no endpoint or key configured)"
+            echo "ℹ️ CST reporting skipped (missing endpoint, project key, or auth key)"
           fi
 
       - name: Create NewRelic deployment marker (complete)

README.md

@@ -61,7 +61,8 @@ A comprehensive Magento Cloud deployment workflow supporting multi-environment d
 | **Monitoring and Reporting** |
 | newrelic-app-id | ❌ | string | | NewRelic application ID for deployment markers (optional) |
 | **CST Reporting Configuration** |
-| cst-endpoint | ❌ | string | | CST endpoint URL (optional, overrides workspace variable) |
+| cst-endpoint | ❌ | string | | CST endpoint base URL (optional, overrides workspace variable) |
+| cst-project-key | ❌ | string | | CST project key (optional, overrides workspace variable) |
 | cst-reporting-key | ❌ | string | | CST reporting key (optional, overrides workspace secret) |
 | **Advanced Configuration** |
 | debug | ❌ | boolean | false | Enable verbose logging and debug output |
@@ -73,6 +74,12 @@ A comprehensive Magento Cloud deployment workflow supporting multi-environment d
 | newrelic-api-key | ❌ | NewRelic API key for deployment markers (optional) |
 | cst-reporting-token | ❌ | CST reporting token (workspace-level secret, optional) |
 
+#### **Workspace Variables (Optional)**
+| Name | Description |
+|------|-------------|
+| CST_ENDPOINT | CST endpoint base URL (e.g., `https://package.report.aligent.consulting`) |
+| CST_PROJECT_KEY | CST project identifier for your organization |
+
 #### **Outputs**
 | Name | Description |
 |------|-------------|
@@ -149,8 +156,9 @@ jobs:
     with:
       magento-cloud-project-id: abc123def456
       environment: staging
-      cst-endpoint: "https://cst.example.com"  # Overrides workspace variable
-      cst-reporting-key: "custom-key-123"      # Overrides workspace secret
+      cst-endpoint: "https://package.report.aligent.consulting"     # Overrides workspace variable
+      cst-project-key: "your-project-key"                          # Overrides workspace variable
+      cst-reporting-key: "custom-key-123"                           # Overrides workspace secret
     secrets:
       magento-cloud-cli-token: ${{ secrets.MAGENTO_CLOUD_CLI_TOKEN }}
 ```
@@ -160,16 +168,20 @@ jobs:
 The CST (Confidentiality and Security Team) reporting feature can be configured in two ways:
 
 1. **Workspace-level configuration (recommended):**
-   - Set `CST_ENDPOINT` as a repository/organization variable
+   - Set `CST_ENDPOINT` as a repository/organization variable (base URL, e.g., `https://package.report.aligent.consulting`)
+   - Set `CST_PROJECT_KEY` as a repository/organization variable (your project identifier)
    - Set `cst-reporting-token` as a repository/organization secret
    - The workflow will automatically use these when available
 
 2. **Input overrides (optional):**
-   - Use `cst-endpoint` input to override the workspace variable
+   - Use `cst-endpoint` input to override the workspace variable (base URL)
+   - Use `cst-project-key` input to override the workspace variable (project identifier)
    - Use `cst-reporting-key` input to override the workspace secret
    - Useful for testing or special deployments
 
-CST reporting only runs when both endpoint and key are configured. If either is missing, the step is skipped with an informational message.
+The workflow constructs the full CST URL as: `{endpoint}/{project-key}/adobe-commerce`
+
+CST reporting only runs when endpoint, project key, and auth key are all configured. If any are missing, the step is skipped with an informational message.
 
 ### Nx Serverless Deployment