Skip to content

Commit a78c49f

Browse files
Ian-HodgesIan-Hodges
committed
Merge branch 'main' into feature/CCM-13768_print-analyser
2 parents a9c3aa3 + f74d4da commit a78c49f

72 files changed

Lines changed: 3916 additions & 36 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/actions/acceptance-tests/action.yaml

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -25,16 +25,23 @@ runs:
2525
using: "composite"
2626

2727
steps:
28+
- name: Get Node version
29+
id: nodejs_version
30+
shell: bash
31+
run: |
32+
echo "nodejs_version=$(grep "^nodejs\s" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
33+
- uses: ./.github/actions/node-install
34+
with:
35+
node-version: ${{ steps.nodejs_version.outputs.nodejs_version }}
36+
GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}
2837
- name: "Repo setup"
2938
shell: bash
3039
run: |
3140
npm ci
32-
3341
- name: "Generate dependencies"
3442
shell: bash
3543
run: |
3644
npm run generate-dependencies
37-
3845
- name: Run test - ${{ inputs.testType }}
3946
shell: bash
4047
run: |
@@ -51,7 +58,6 @@ runs:
5158
env:
5259
TEST_TYPE: ${{ inputs.testType }}
5360
ENVIRONMENT: ${{ inputs.targetEnvironment }}
54-
5561
- name: Archive integration test results
5662
if: ${{ inputs.testType == 'integration' }}
5763
uses: actions/upload-artifact@v4

.github/actions/build-docs/action.yml

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,21 @@ inputs:
44
version:
55
description: "Version number"
66
required: true
7+
node-version:
8+
description: 'Node.js version'
9+
required: true
10+
GITHUB_TOKEN:
11+
description: "Token for access to github package registry"
12+
required: true
713
runs:
814
using: "composite"
915
steps:
1016
- name: Checkout
1117
uses: actions/checkout@v5
12-
- uses: actions/setup-node@v6
18+
- uses: ./.github/actions/node-install
1319
with:
14-
node-version: 24
20+
node-version: ${{ inputs.node-version }}
21+
GITHUB_TOKEN: ${{ inputs.GITHUB_TOKEN }}
1522
- name: Npm cli install
1623
working-directory: ./docs
1724
run: npm ci

.github/actions/node-install/action.yaml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
name: 'Node install and setup'
2+
description: 'Setup node and authenticate github package repository'
3+
4+
inputs:
5+
node-version:
6+
description: 'Node.js version'
7+
required: true
8+
GITHUB_TOKEN:
9+
description: "Token for access to github package registry"
10+
required: true
11+
12+
runs:
13+
using: 'composite'
14+
steps:
15+
- name: 'Use Node.js'
16+
uses: actions/setup-node@v6
17+
with:
18+
node-version: '${{ inputs.node-version }}'
19+
20+
- name: "Configure npm for GitHub Packages"
21+
shell: bash
22+
env:
23+
GITHUB_TOKEN: ${{ inputs.GITHUB_TOKEN }}
24+
run: |
25+
scripts/set-github-token.sh

.github/workflows/cicd-1-pull-request.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,12 +15,15 @@ on:
1515
permissions:
1616
id-token: write
1717
contents: write
18+
packages: read
1819

1920
jobs:
2021
metadata:
2122
name: "Set CI/CD metadata"
2223
runs-on: ubuntu-latest
2324
timeout-minutes: 1
25+
permissions:
26+
contents: read
2427
outputs:
2528
build_datetime_london: ${{ steps.variables.outputs.build_datetime_london }}
2629
build_datetime: ${{ steps.variables.outputs.build_datetime }}
@@ -152,6 +155,9 @@ jobs:
152155
name: Trigger dynamic environment creation
153156
needs: [metadata, build-stage]
154157
runs-on: ubuntu-latest
158+
permissions:
159+
contents: read
160+
id-token: write
155161
if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))
156162
steps:
157163
- uses: actions/checkout@v5.0.0

.github/workflows/stage-1-commit.yaml

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -152,12 +152,15 @@ jobs:
152152
uses: ./.github/actions/lint-terraform
153153
trivy-iac:
154154
name: "Trivy IaC Scan"
155-
permissions:
156-
contents: read
157155
runs-on: ubuntu-latest
158156
timeout-minutes: 10
159157
needs: detect-terraform-changes
160158
if: needs.detect-terraform-changes.outputs.terraform_changed == 'true'
159+
permissions:
160+
contents: read
161+
packages: read
162+
env:
163+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
161164
steps:
162165
- name: "Checkout code"
163166
uses: actions/checkout@v4
@@ -168,10 +171,13 @@ jobs:
168171
trivy-package:
169172
if: ${{ !inputs.skip_trivy_package }}
170173
name: "Trivy Package Scan"
171-
permissions:
172-
contents: read
173174
runs-on: ubuntu-latest
174175
timeout-minutes: 10
176+
permissions:
177+
contents: read
178+
packages: read
179+
env:
180+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
175181
steps:
176182
- name: "Checkout code"
177183
uses: actions/checkout@v4

.github/workflows/stage-2-test.yaml

Lines changed: 28 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -40,21 +40,21 @@ env:
4040
AWS_REGION: eu-west-2
4141
TERM: xterm-256color
4242

43-
permissions:
44-
id-token: write # This is required for requesting the JWT
45-
contents: read # This is required for actions/checkout
46-
4743
jobs:
4844
check-generated-dependencies:
4945
name: "Check generated dependencies"
5046
runs-on: ubuntu-latest
5147
timeout-minutes: 5
48+
permissions:
49+
contents: read
50+
packages: read
5251
steps:
5352
- name: "Checkout code"
5453
uses: actions/checkout@v5
55-
- uses: actions/setup-node@v6
54+
- uses: ./.github/actions/node-install
5655
with:
57-
node-version: 24.10.0
56+
node-version: ${{ inputs.nodejs_version }}
57+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
5858
- name: "Repo setup"
5959
run: |
6060
npm ci
@@ -66,12 +66,16 @@ jobs:
6666
name: "Unit tests"
6767
runs-on: ubuntu-latest
6868
timeout-minutes: 5
69+
permissions:
70+
contents: read
71+
packages: read
6972
steps:
7073
- name: "Checkout code"
7174
uses: actions/checkout@v5
72-
- uses: actions/setup-node@v6
75+
- uses: ./.github/actions/node-install
7376
with:
74-
node-version: 24.10.0
77+
node-version: ${{ inputs.nodejs_version }}
78+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
7579
- name: "Setup Python"
7680
uses: actions/setup-python@v6
7781
with:
@@ -103,29 +107,39 @@ jobs:
103107
name: "Linting"
104108
runs-on: ubuntu-latest
105109
timeout-minutes: 5
110+
permissions:
111+
contents: read
112+
packages: read
106113
steps:
107114
- name: "Checkout code"
108115
uses: actions/checkout@v5
109116
- name: "Setup Python"
110117
uses: actions/setup-python@v6
111118
with:
112119
python-version: ${{ inputs.python_version }}
113-
- uses: actions/setup-node@v6
120+
- uses: ./.github/actions/node-install
114121
with:
115-
node-version: 24.10.0
122+
node-version: ${{ inputs.nodejs_version }}
123+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
116124
- name: "Run linting"
117125
run: |
118126
make test-lint
119127
test-typecheck:
120128
name: "Typecheck"
121129
runs-on: ubuntu-latest
122130
timeout-minutes: 5
131+
permissions:
132+
contents: read
133+
packages: read
134+
env:
135+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
123136
steps:
124137
- name: "Checkout code"
125138
uses: actions/checkout@v5
126-
- uses: actions/setup-node@v6
139+
- uses: ./.github/actions/node-install
127140
with:
128-
node-version: 24.10.0
141+
node-version: ${{ inputs.nodejs_version }}
142+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
129143
- name: "Run typecheck"
130144
run: |
131145
make test-typecheck
@@ -134,6 +148,8 @@ jobs:
134148
needs: [test-unit]
135149
runs-on: ubuntu-latest
136150
timeout-minutes: 5
151+
permissions:
152+
contents: read
137153
steps:
138154
- name: "Checkout code"
139155
uses: actions/checkout@v5

.github/workflows/stage-3-build.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,3 +44,5 @@ jobs:
4444
uses: ./.github/actions/build-docs
4545
with:
4646
version: "${{ inputs.version }}"
47+
node-version: ${{ inputs.nodejs_version }}
48+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.npmrc

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
# Package is scoped under @org, set registry for that scope
2+
@nhsdigital:registry=https://npm.pkg.github.com

Makefile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ dependencies:: # Install dependencies needed to build and test the project @Pipe
1717
$(MAKE) -C utils/metric-publishers install
1818
$(MAKE) -C utils/event-publisher-py install
1919
$(MAKE) -C utils/py-mock-mesh install
20+
./scripts/set-github-token.sh
2021
npm install --workspaces
2122
$(MAKE) generate
2223

infrastructure/terraform/components/dl/README.md

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,10 +11,11 @@ No requirements.
1111
|------|-------------|------|---------|:--------:|
1212
| <a name="input_apim_auth_token_schedule"></a> [apim\_auth\_token\_schedule](#input\_apim\_auth\_token\_schedule) | Schedule to renew the APIM auth token | `string` | `"rate(9 minutes)"` | no |
1313
| <a name="input_apim_auth_token_url"></a> [apim\_auth\_token\_url](#input\_apim\_auth\_token\_url) | URL to generate an APIM auth token | `string` | `"https://int.api.service.nhs.uk/oauth2/token"` | no |
14-
| <a name="input_apim_base_url"></a> [apim\_base\_url](#input\_apim\_base\_url) | The URL used to send requests to Notify and PDM | `string` | `"https://int.api.service.nhs.uk"` | no |
14+
| <a name="input_apim_base_url"></a> [apim\_base\_url](#input\_apim\_base\_url) | The URL used to send requests to PDM | `string` | `"https://int.api.service.nhs.uk"` | no |
1515
| <a name="input_apim_keygen_schedule"></a> [apim\_keygen\_schedule](#input\_apim\_keygen\_schedule) | Schedule to refresh key pairs if necessary | `string` | `"cron(0 14 * * ? *)"` | no |
1616
| <a name="input_aws_account_id"></a> [aws\_account\_id](#input\_aws\_account\_id) | The AWS Account ID (numeric) | `string` | n/a | yes |
1717
| <a name="input_component"></a> [component](#input\_component) | The variable encapsulating the name of this component | `string` | `"dl"` | no |
18+
| <a name="input_core_notify_url"></a> [core\_notify\_url](#input\_core\_notify\_url) | The URL used to send requests to Notify | `string` | `"https://sandbox.api.service.nhs.uk"` | no |
1819
| <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | A map of default tags to apply to all taggable resources within the component | `map(string)` | `{}` | no |
1920
| <a name="input_enable_dynamodb_delete_protection"></a> [enable\_dynamodb\_delete\_protection](#input\_enable\_dynamodb\_delete\_protection) | Enable DynamoDB Delete Protection on all Tables | `bool` | `true` | no |
2021
| <a name="input_enable_mock_mesh"></a> [enable\_mock\_mesh](#input\_enable\_mock\_mesh) | Enable mock mesh access (dev only). Grants lambda permission to read mock-mesh prefix in non-pii bucket. | `bool` | `false` | no |
@@ -40,6 +41,7 @@ No requirements.
4041

4142
| Name | Source | Version |
4243
|------|--------|---------|
44+
| <a name="module_core_notifier"></a> [core\_notifier](#module\_core\_notifier) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
4345
| <a name="module_kms"></a> [kms](#module\_kms) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-kms.zip | n/a |
4446
| <a name="module_lambda_apim_key_generation"></a> [lambda\_apim\_key\_generation](#module\_lambda\_apim\_key\_generation) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
4547
| <a name="module_lambda_lambda_apim_refresh_token"></a> [lambda\_lambda\_apim\_refresh\_token](#module\_lambda\_lambda\_apim\_refresh\_token) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
@@ -49,17 +51,20 @@ No requirements.
4951
| <a name="module_pdm_poll"></a> [pdm\_poll](#module\_pdm\_poll) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
5052
| <a name="module_pdm_uploader"></a> [pdm\_uploader](#module\_pdm\_uploader) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
5153
| <a name="module_print_analyser"></a> [print\_analyser](#module\_print\_analyser) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
54+
| <a name="module_print_status_handler"></a> [print\_status\_handler](#module\_print\_status\_handler) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
5255
| <a name="module_s3bucket_cf_logs"></a> [s3bucket\_cf\_logs](#module\_s3bucket\_cf\_logs) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
5356
| <a name="module_s3bucket_file_safe"></a> [s3bucket\_file\_safe](#module\_s3bucket\_file\_safe) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
5457
| <a name="module_s3bucket_letters"></a> [s3bucket\_letters](#module\_s3bucket\_letters) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
5558
| <a name="module_s3bucket_non_pii_data"></a> [s3bucket\_non\_pii\_data](#module\_s3bucket\_non\_pii\_data) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
5659
| <a name="module_s3bucket_pii_data"></a> [s3bucket\_pii\_data](#module\_s3bucket\_pii\_data) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
5760
| <a name="module_s3bucket_static_assets"></a> [s3bucket\_static\_assets](#module\_s3bucket\_static\_assets) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
61+
| <a name="module_sqs_core_notifier"></a> [sqs\_core\_notifier](#module\_sqs\_core\_notifier) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
5862
| <a name="module_sqs_event_publisher_errors"></a> [sqs\_event\_publisher\_errors](#module\_sqs\_event\_publisher\_errors) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
5963
| <a name="module_sqs_mesh_download"></a> [sqs\_mesh\_download](#module\_sqs\_mesh\_download) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
6064
| <a name="module_sqs_pdm_poll"></a> [sqs\_pdm\_poll](#module\_sqs\_pdm\_poll) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
6165
| <a name="module_sqs_pdm_uploader"></a> [sqs\_pdm\_uploader](#module\_sqs\_pdm\_uploader) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
6266
| <a name="module_sqs_print_analyser"></a> [sqs\_print\_analyser](#module\_sqs\_print\_analyser) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.30/terraform-sqs.zip | n/a |
67+
| <a name="module_sqs_print_status_handler"></a> [sqs\_print\_status\_handler](#module\_sqs\_print\_status\_handler) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.30/terraform-sqs.zip | n/a |
6368
| <a name="module_sqs_ttl"></a> [sqs\_ttl](#module\_sqs\_ttl) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
6469
| <a name="module_sqs_ttl_handle_expiry_errors"></a> [sqs\_ttl\_handle\_expiry\_errors](#module\_sqs\_ttl\_handle\_expiry\_errors) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
6570
| <a name="module_ttl_create"></a> [ttl\_create](#module\_ttl\_create) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |

0 commit comments

Comments
 (0)