CCM-15866: Address Sonar Findings - Lots more

Author: jamesthompson26-nhs

.github/scripts/dispatch_internal_repo_workflow.sh

@@ -50,6 +50,7 @@ Usage:
     [--overrideProjectName <name>] \
     [--overrideRoleName <name>]
 EOF
+  return 0
 }
 
 require_arg() {
@@ -61,6 +62,8 @@ require_arg() {
     usage
     exit 1
   fi
+
+  return 0
 }
 
 while [[ $# -gt 0 ]]; do
@@ -110,7 +113,7 @@ while [[ $# -gt 0 ]]; do
       shift 2
       ;;
     *)
-    echo "[ERROR] Unknown argument: $1"
+    echo "[ERROR] Unknown argument: $1" >&2
       exit 1
       ;;
   esac
@@ -124,20 +127,23 @@ require_arg "--targetComponent" "${targetComponent:-}"
 require_arg "--targetAccountGroup" "${targetAccountGroup:-}"
 
 if [[ -z "$APP_PEM_FILE" ]]; then
-  echo "[ERROR] PEM_FILE environment variable is not set or is empty."
+  echo "[ERROR] PEM_FILE environment variable is not set or is empty." >&2
   exit 1
 fi
 
 if [[ -z "$APP_CLIENT_ID" ]]; then
-  echo "[ERROR] CLIENT_ID environment variable is not set or is empty."
+  echo "[ERROR] CLIENT_ID environment variable is not set or is empty." >&2
   exit 1
 fi
 
 now=$(date +%s)
 iat=$((${now} - 60)) # Issues 60 seconds in the past
 exp=$((${now} + 600)) # Expires 10 minutes in the future
 
-b64enc() { openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n'; }
+b64enc() {
+  openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n'
+  return 0
+}
 
 header_json='{
     "typ":"JWT",
@@ -178,7 +184,7 @@ PR_TRIGGER_PAT=$(curl --request POST \
 
 # Set default values if not provided
 if [[ -z "$PR_TRIGGER_PAT" ]]; then
-  echo "[ERROR] PR_TRIGGER_PAT environment variable is not set or is empty."
+  echo "[ERROR] PR_TRIGGER_PAT environment variable is not set or is empty." >&2
   exit 1
 fi
 
@@ -244,7 +250,7 @@ trigger_response=$(curl -s -L \
   -d "$DISPATCH_EVENT" 2>&1)
 
 if [[ $? -ne 0 ]]; then
-  echo "[ERROR] Failed to trigger workflow. Response: $trigger_response"
+  echo "[ERROR] Failed to trigger workflow. Response: $trigger_response" >&2
   exit 1
 fi
 
@@ -264,8 +270,8 @@ for _ in {1..18}; do
     "https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/runs?event=workflow_dispatch")
 
   if ! echo "$response" | jq empty 2>/dev/null; then
-    echo "[ERROR] Invalid JSON response from GitHub API during workflow polling:"
-    echo "$response"
+    echo "[ERROR] Invalid JSON response from GitHub API during workflow polling:" >&2
+    echo "$response" >&2
     exit 1
   fi
 
@@ -303,7 +309,7 @@ for _ in {1..18}; do
 done
 
 if [[ -z "$workflow_run_url" || "$workflow_run_url" == null ]]; then
-  echo "[ERROR] Failed to get the workflow run url. Exiting."
+  echo "[ERROR] Failed to get the workflow run url. Exiting." >&2
   exit 1
 fi
 
@@ -332,7 +338,7 @@ while true; do
       echo "[SUCCESS] Workflow completed successfully!"
       exit 0
     else
-      echo "[FAIL] Workflow failed with conclusion: $conclusion"
+      echo "[FAIL] Workflow failed with conclusion: $conclusion" >&2
       exit 1
     fi
   fi

containers/example-app/src/server.ts

@@ -1,5 +1,5 @@
 // Placeholder HTTP server for AppRunner. Replace with real application code.
-import http from 'http';
+import http from 'node:http';
 
 export const createRequestHandler = () => {
   return (_req: http.IncomingMessage, res: http.ServerResponse) => {

scripts/docker/dgoss.sh

@@ -15,6 +15,7 @@ CONTAINER_RUNTIME="${CONTAINER_RUNTIME:-docker}"
 
 info() {
     echo -e "INFO: $*" >&2;
+    return 0
 }
 error() {
     echo -e "ERROR: $*" >&2;
@@ -32,6 +33,7 @@ cleanup() {
         info "Deleting container"
         $CONTAINER_RUNTIME rm -vf "$id" > /dev/null
     fi
+    return 0
 }
 
 run(){
@@ -67,6 +69,7 @@ run(){
     $CONTAINER_RUNTIME logs -f "$id" > "$tmp_dir/docker_output.log" 2>&1 &
     log_pid=$!
     info "Container ID: ${id:0:8}"
+    return 0
 }
 
 get_docker_file() {
@@ -79,6 +82,7 @@ get_docker_file() {
         $CONTAINER_RUNTIME cp "${cid}:${src}" "${dst}"
         info "Copied '${src}' from container to '${dst}'"
     fi
+    return 0
 }
 
 # Main

scripts/docker/docker.lib.sh

@@ -53,6 +53,8 @@ function docker-build() {
     docker tag "${DOCKER_IMAGE}:$(_get-effective-version)" "${DOCKER_IMAGE}:${version}"
   done
   docker rmi --force "$(docker images | grep "<none>" | awk '{print $3}')" 2> /dev/null ||:
+
+  return 0
 }
 
 # Check test Docker image.
@@ -71,6 +73,8 @@ function docker-check-test() {
     "${DOCKER_IMAGE}:$(_get-effective-version)" 2>/dev/null \
     ${cmd:-} \
   | grep -q "${check}" && echo PASS || echo FAIL
+
+  return 0
 }
 
 # Run Docker image.
@@ -87,6 +91,8 @@ function docker-run() {
     ${args:-} \
     "${DOCKER_IMAGE}:$(dir="$dir" _get-effective-version)" \
     ${cmd:-}
+
+  return 0
 }
 
 # Push Docker image.
@@ -100,6 +106,8 @@ function docker-push() {
   for version in $(dir="$dir" _get-all-effective-versions) latest; do
     docker push "${DOCKER_IMAGE}:${version}"
   done
+
+  return 0
 }
 
 # Remove Docker resources.
@@ -123,6 +131,8 @@ function docker-clean() {
   rm -f \
     .version \
     Dockerfile.effective
+
+  return 0
 }
 
 # Create effective version from the VERSION file.
@@ -147,6 +157,8 @@ function version-create-effective-file() {
       sed "s/\(\${hash}\|\$hash\)/$(git rev-parse --short HEAD)/g" \
     > "$dir/.version"
   fi
+
+  return 0
 }
 
 # ==============================================================================
@@ -203,6 +215,8 @@ function docker-get-image-version-and-pull() {
   fi
 
   echo "${name}:${version}"
+
+  return 0
 }
 
 # ==============================================================================
@@ -218,6 +232,8 @@ function _create-effective-dockerfile() {
   cp "${dir}/Dockerfile" "${dir}/Dockerfile.effective"
   _replace-image-latest-by-specific-version
   _append-metadata
+
+  return 0
 }
 
 # Replace image:latest by a specific version.
@@ -258,6 +274,8 @@ function _replace-image-latest-by-specific-version() {
 
   # Do not ignore the issue if 'latest' is used in the effective image
   sed -Ei "/# hadolint ignore=DL3007$/d" "${dir}/Dockerfile.effective"
+
+  return 0
 }
 
 # Append metadata to the end of Dockerfile.
@@ -272,6 +290,8 @@ function _append-metadata() {
     "$(git rev-parse --show-toplevel)/scripts/docker/Dockerfile.metadata" \
   > "$dir/Dockerfile.effective.tmp"
   mv "$dir/Dockerfile.effective.tmp" "$dir/Dockerfile.effective"
+
+  return 0
 }
 
 # Print top Docker image version.
@@ -282,6 +302,8 @@ function _get-effective-version() {
   local dir=${dir:-$PWD}
 
   head -n 1 "${dir}/.version" 2> /dev/null ||:
+
+  return 0
 }
 
 # Print all Docker image versions.
@@ -292,6 +314,8 @@ function _get-all-effective-versions() {
   local dir=${dir:-$PWD}
 
   cat "${dir}/.version" 2> /dev/null ||:
+
+  return 0
 }
 
 # Print Git branch name. Check the GitHub variables first and then the local Git
@@ -308,6 +332,8 @@ function _get-git-branch-name() {
   fi
 
   echo "$branch_name"
+
+  return 0
 }
 
 # ==============================================================================
@@ -327,6 +353,8 @@ function docker-get-git-version-suffix() {
   else
     echo "sha-${short_sha}"
   fi
+
+  return 0
 }
 
 # Authenticate Docker with AWS ECR.
@@ -349,6 +377,8 @@ function docker-ecr-login() {
   aws ecr get-login-password --region "${AWS_REGION}" | \
     docker login --username AWS --password-stdin \
     "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com"
+
+  return 0
 }
 
 # Authenticate Docker with GitHub Container Registry.
@@ -374,6 +404,8 @@ function docker-ghcr-login() {
 
   echo "Authenticating Docker with GitHub Container Registry..."
   echo "${GITHUB_TOKEN}" | docker login ghcr.io --username "${ghcr_username}" --password-stdin
+
+  return 0
 }
 
 # Build container image.
@@ -428,6 +460,8 @@ function docker-build-container() {
     .
 
   cd "$current_dir"
+
+  return 0
 }
 
 # Push container image to ECR.
@@ -450,6 +484,8 @@ function docker-push-container() {
     echo "PUBLISH_CONTAINER_IMAGE is false. Skipping push."
     echo "Built image is available locally as: ${DOCKER_IMAGE}"
   fi
+
+  return 0
 }
 
 # Calculate and print Docker image name for NHS Notify containers.
@@ -480,4 +516,6 @@ function docker-calculate-image-name() {
   local image_tag="${CONTAINER_IMAGE_PREFIX}-${container_name}"
   local ecr_repo_uri="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${ecr_repo}"
   echo "${ecr_repo_uri}:${image_tag}-${image_suffix}"
+
+  return 0
 }

scripts/docker/dockerfile-linter.sh

@@ -27,6 +27,8 @@ function main() {
   else
     file="$file" run-hadolint-in-docker
   fi
+
+  return 0
 }
 
 # Run hadolint natively.
@@ -36,6 +38,8 @@ function run-hadolint-natively() {
 
   # shellcheck disable=SC2001
   hadolint "$(echo "$file" | sed "s#$PWD#.#")"
+
+  return 0
 }
 
 # Run hadolint in a Docker container.
@@ -56,13 +60,16 @@ function run-hadolint-in-docker() {
       hadolint \
         --config /workdir/scripts/config/hadolint.yaml \
         "/workdir/$(echo "$file" | sed "s#$PWD#.#")"
+
+  return 0
 }
 
 # ==============================================================================
 
 function is-arg-true() {
+  local arg="$1"
 
-  if [[ "$1" =~ ^(true|yes|y|on|1|TRUE|YES|Y|ON)$ ]]; then
+  if [[ "$arg" =~ ^(true|yes|y|on|1|TRUE|YES|Y|ON)$ ]]; then
     return 0
   else
     return 1

scripts/githooks/check-english-usage.sh

@@ -52,6 +52,8 @@ function main() {
   else
     filter="$filter" run-vale-in-docker
   fi
+
+  return 0
 }
 
 # Run Vale natively.
@@ -63,6 +65,8 @@ function run-vale-natively() {
   vale \
     --config "$PWD/scripts/config/vale/vale.ini" \
     $($filter)
+
+  return 0
 }
 
 # Run Vale in a Docker container.
@@ -86,13 +90,16 @@ function run-vale-in-docker() {
     "$image" \
       --config /workdir/scripts/config/vale/vale.ini \
       $($filter) /dev/null
+
+  return 0
 }
 
 # ==============================================================================
 
 function is-arg-true() {
+  local arg="$1"
 
-  if [[ "$1" =~ ^(true|yes|y|on|1|TRUE|YES|Y|ON)$ ]]; then
+  if [[ "$arg" =~ ^(true|yes|y|on|1|TRUE|YES|Y|ON)$ ]]; then
     return 0
   else
     return 1