CCM-13476 Process print supplier statuses (#174)

Author: Ian-Hodges

.github/actions/acceptance-tests/action.yaml

@@ -25,16 +25,23 @@ runs:
   using: "composite"
 
   steps:
+    - name: Get Node version
+      id: nodejs_version
+      shell: bash
+      run: |
+        echo "nodejs_version=$(grep "^nodejs\s" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
+    - uses: ./.github/actions/node-install
+      with:
+        node-version: ${{ steps.nodejs_version.outputs.nodejs_version }}
+        GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}
     - name: "Repo setup"
       shell: bash
       run: |
         npm ci
-
     - name: "Generate dependencies"
       shell: bash
       run: |
         npm run generate-dependencies
-
     - name: Run test - ${{ inputs.testType }}
       shell: bash
       run: |
@@ -51,7 +58,6 @@ runs:
       env:
         TEST_TYPE: ${{ inputs.testType }}
         ENVIRONMENT: ${{ inputs.targetEnvironment }}
-
     - name: Archive integration test results
       if: ${{ inputs.testType == 'integration' }}
       uses: actions/upload-artifact@v4

.github/actions/build-docs/action.yml

@@ -4,14 +4,21 @@ inputs:
   version:
     description: "Version number"
     required: true
+  node-version:
+    description: 'Node.js version'
+    required: true
+  GITHUB_TOKEN:
+    description: "Token for access to github package registry"
+    required: true
 runs:
   using: "composite"
   steps:
     - name: Checkout
       uses: actions/checkout@v5
-    - uses: actions/setup-node@v6
+    - uses: ./.github/actions/node-install
       with:
-        node-version: 24
+        node-version: ${{ inputs.node-version }}
+        GITHUB_TOKEN: ${{ inputs.GITHUB_TOKEN }}
     - name: Npm cli install
       working-directory: ./docs
       run: npm ci

.github/actions/node-install/action.yaml

@@ -0,0 +1,25 @@
+name: 'Node install and setup'
+description: 'Setup node and authenticate github package repository'
+
+inputs:
+  node-version:
+    description: 'Node.js version'
+    required: true
+  GITHUB_TOKEN:
+    description: "Token for access to github package registry"
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: 'Use Node.js'
+      uses: actions/setup-node@v6
+      with:
+        node-version: '${{ inputs.node-version }}'
+
+    - name: "Configure npm for GitHub Packages"
+      shell: bash
+      env:
+        GITHUB_TOKEN: ${{ inputs.GITHUB_TOKEN }}
+      run: |
+        scripts/set-github-token.sh

.github/workflows/cicd-1-pull-request.yaml

@@ -15,12 +15,15 @@ on:
 permissions:
   id-token: write
   contents: write
+  packages: read
 
 jobs:
   metadata:
     name: "Set CI/CD metadata"
     runs-on: ubuntu-latest
     timeout-minutes: 1
+    permissions:
+      contents: read
     outputs:
       build_datetime_london: ${{ steps.variables.outputs.build_datetime_london }}
       build_datetime: ${{ steps.variables.outputs.build_datetime }}
@@ -152,6 +155,9 @@ jobs:
     name: Trigger dynamic environment creation
     needs: [metadata, build-stage]
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))
     steps:
       - uses: actions/checkout@v5.0.0

.github/workflows/stage-1-commit.yaml

@@ -152,12 +152,15 @@ jobs:
         uses: ./.github/actions/lint-terraform
   trivy-iac:
     name: "Trivy IaC Scan"
-    permissions:
-      contents: read
     runs-on: ubuntu-latest
     timeout-minutes: 10
     needs: detect-terraform-changes
     if: needs.detect-terraform-changes.outputs.terraform_changed == 'true'
+    permissions:
+      contents: read
+      packages: read
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
@@ -168,10 +171,13 @@ jobs:
   trivy-package:
     if: ${{ !inputs.skip_trivy_package }}
     name: "Trivy Package Scan"
-    permissions:
-      contents: read
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    permissions:
+      contents: read
+      packages: read
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4

.github/workflows/stage-2-test.yaml

@@ -40,21 +40,21 @@ env:
   AWS_REGION: eu-west-2
   TERM: xterm-256color
 
-permissions:
-  id-token: write # This is required for requesting the JWT
-  contents: read  # This is required for actions/checkout
-
 jobs:
   check-generated-dependencies:
     name: "Check generated dependencies"
     runs-on: ubuntu-latest
     timeout-minutes: 5
+    permissions:
+      contents: read
+      packages: read
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
-      - uses: actions/setup-node@v6
+      - uses: ./.github/actions/node-install
         with:
-          node-version: 24.10.0
+          node-version: ${{ inputs.nodejs_version }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: "Repo setup"
         run: |
           npm ci
@@ -66,12 +66,16 @@ jobs:
     name: "Unit tests"
     runs-on: ubuntu-latest
     timeout-minutes: 5
+    permissions:
+      contents: read
+      packages: read
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
-      - uses: actions/setup-node@v6
+      - uses: ./.github/actions/node-install
         with:
-          node-version: 24.10.0
+          node-version: ${{ inputs.nodejs_version }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: "Setup Python"
         uses: actions/setup-python@v6
         with:
@@ -103,29 +107,39 @@ jobs:
     name: "Linting"
     runs-on: ubuntu-latest
     timeout-minutes: 5
+    permissions:
+      contents: read
+      packages: read
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
       - name: "Setup Python"
         uses: actions/setup-python@v6
         with:
           python-version: ${{ inputs.python_version }}
-      - uses: actions/setup-node@v6
+      - uses: ./.github/actions/node-install
         with:
-          node-version: 24.10.0
+          node-version: ${{ inputs.nodejs_version }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: "Run linting"
         run: |
           make test-lint
   test-typecheck:
     name: "Typecheck"
     runs-on: ubuntu-latest
     timeout-minutes: 5
+    permissions:
+      contents: read
+      packages: read
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
-      - uses: actions/setup-node@v6
+      - uses: ./.github/actions/node-install
         with:
-          node-version: 24.10.0
+          node-version: ${{ inputs.nodejs_version }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: "Run typecheck"
         run: |
           make test-typecheck
@@ -134,6 +148,8 @@ jobs:
     needs: [test-unit]
     runs-on: ubuntu-latest
     timeout-minutes: 5
+    permissions:
+      contents: read
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5

.github/workflows/stage-3-build.yaml

@@ -44,3 +44,5 @@ jobs:
         uses: ./.github/actions/build-docs
         with:
           version: "${{ inputs.version }}"
+          node-version: ${{ inputs.nodejs_version }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.npmrc

@@ -0,0 +1,2 @@
+# Package is scoped under @org, set registry for that scope
+@nhsdigital:registry=https://npm.pkg.github.com

Makefile

@@ -17,6 +17,7 @@ dependencies:: # Install dependencies needed to build and test the project @Pipe
 	$(MAKE) -C utils/metric-publishers install
 	$(MAKE) -C utils/event-publisher-py install
 	$(MAKE) -C utils/py-mock-mesh install
+	./scripts/set-github-token.sh
 	npm install --workspaces
 	$(MAKE) generate
 

infrastructure/terraform/components/dl/README.md

@@ -50,6 +50,7 @@ No requirements.
 | <a name="module_pdm_mock"></a> [pdm\_mock](#module\_pdm\_mock) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_pdm_poll"></a> [pdm\_poll](#module\_pdm\_poll) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_pdm_uploader"></a> [pdm\_uploader](#module\_pdm\_uploader) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
+| <a name="module_print_status_handler"></a> [print\_status\_handler](#module\_print\_status\_handler) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_s3bucket_cf_logs"></a> [s3bucket\_cf\_logs](#module\_s3bucket\_cf\_logs) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
 | <a name="module_s3bucket_letters"></a> [s3bucket\_letters](#module\_s3bucket\_letters) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
 | <a name="module_s3bucket_non_pii_data"></a> [s3bucket\_non\_pii\_data](#module\_s3bucket\_non\_pii\_data) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
@@ -60,6 +61,7 @@ No requirements.
 | <a name="module_sqs_mesh_download"></a> [sqs\_mesh\_download](#module\_sqs\_mesh\_download) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
 | <a name="module_sqs_pdm_poll"></a> [sqs\_pdm\_poll](#module\_sqs\_pdm\_poll) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
 | <a name="module_sqs_pdm_uploader"></a> [sqs\_pdm\_uploader](#module\_sqs\_pdm\_uploader) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
+| <a name="module_sqs_print_status_handler"></a> [sqs\_print\_status\_handler](#module\_sqs\_print\_status\_handler) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.30/terraform-sqs.zip | n/a |
 | <a name="module_sqs_ttl"></a> [sqs\_ttl](#module\_sqs\_ttl) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
 | <a name="module_sqs_ttl_handle_expiry_errors"></a> [sqs\_ttl\_handle\_expiry\_errors](#module\_sqs\_ttl\_handle\_expiry\_errors) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
 | <a name="module_ttl_create"></a> [ttl\_create](#module\_ttl\_create) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |