Move to communal qc

Lint script

Update pr-link.yml

Signed-off-by: Jim Wild <wild.james343@gmail.com>

Add empty makefile target

Move to communal QC

Move to communal QC

Add gitallowed

Add secret scanning pre-commit hook

Bump version

Update allowed

Upgrade: [dependabot] - bump semantic-release from 24.1.2 to 24.1.3 (#170)

Bumps
[semantic-release](https://github.com/semantic-release/semantic-release)
from 24.1.2 to 24.1.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/semantic-release/semantic-release/releases">semantic-release's
releases</a>.</em></p>
<blockquote>
<h2>v24.1.3</h2>
<h2><a
href="https://github.com/semantic-release/semantic-release/compare/v24.1.2...v24.1.3">24.1.3</a>
(2024-10-18)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>branch-naming:</strong> prevent non-range versions from
being identified as maintenance branches (<a
href="https://github.com/semantic-release/semantic-release/commit/07f2672e25626b7f8c7329216496bfa962b3c6e9">07f2672</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/9d4e47fbb2be1a17068f7daab6e080b9fd3a5be7"><code>9d4e47f</code></a>
Merge pull request <a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3479">#3479</a>
from abichinger/fix/maintenance-filter</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/07f2672e25626b7f8c7329216496bfa962b3c6e9"><code>07f2672</code></a>
fix(branch-naming): prevent non-range versions from being identified as
maint...</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/f0ceaa7abb35bef91f3e197556c9d9b0beed0241"><code>f0ceaa7</code></a>
chore(deps): update dependency npm-run-all2 to v6.2.4 (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3480">#3480</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/c87596ee1603840d50822e002cea837209b3a243"><code>c87596e</code></a>
chore(deps): lock file maintenance (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3477">#3477</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/45bf9d601591bf7649926e54a9459c643136b485"><code>45bf9d6</code></a>
ci(action): update actions/upload-artifact action to v4.4.3 (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3474">#3474</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/e1bebc39c8d347ba7cc6e212de0c6376b7d9b654"><code>e1bebc3</code></a>
chore(deps): update dependency got to v14.4.3 (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3473">#3473</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/b7f35bd21029334b4dd12dd8e5409cbe905aa543"><code>b7f35bd</code></a>
ci(action): update actions/upload-artifact action to v4.4.2 (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3472">#3472</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/f937ed10cf080e201d85fcb8aa3aa92508996562"><code>f937ed1</code></a>
ci(action): update actions/upload-artifact action to v4.4.1 (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3469">#3469</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/b466dbc0fe2d504f64a3e78b58a4cbe794887680"><code>b466dbc</code></a>
ci(action): update actions/checkout action to v4.2.1 (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3468">#3468</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/1a88cc065a8da4ed2809e14bd2f2921c8792b4ce"><code>1a88cc0</code></a>
chore(deps): lock file maintenance (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3467">#3467</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/semantic-release/semantic-release/compare/v24.1.2...v24.1.3">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=semantic-release&package-manager=npm_and_yarn&previous-version=24.1.2&new-version=24.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Upgrade: [dependabot] - bump semantic-release from 24.1.3 to 24.2.0 (#173)

Bumps
[semantic-release](https://github.com/semantic-release/semantic-release)
from 24.1.3 to 24.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/semantic-release/semantic-release/releases">semantic-release's
releases</a>.</em></p>
<blockquote>
<h2>v24.2.0</h2>
<h1><a
href="https://github.com/semantic-release/semantic-release/compare/v24.1.3...v24.2.0">24.2.0</a>
(2024-10-25)</h1>
<h3>Features</h3>
<ul>
<li>clarify branch existence requirement in error messages (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3462">#3462</a>)
(<a
href="https://github.com/semantic-release/semantic-release/commit/05a2ea9a060e6508abf92087e8c8cc4a7a85604f">05a2ea9</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/05a2ea9a060e6508abf92087e8c8cc4a7a85604f"><code>05a2ea9</code></a>
feat: clarify branch existence requirement in error messages (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3462">#3462</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/8940f32ccce455a01a4e32c101bb0f4a809ab00d"><code>8940f32</code></a>
ci(action): update actions/setup-node action to v4.1.0 (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3489">#3489</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/789ac43192fa789f160d3bd96e75ede3a91ab70c"><code>789ac43</code></a>
chore(deps): update dependency publint to v0.2.12 (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3488">#3488</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/3ba76aeb0d9d8712b08de346e394dffd4dfc0dba"><code>3ba76ae</code></a>
ci(action): update actions/checkout action to v4.2.2 (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3486">#3486</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/8612ff146683886fc3fed8e8c257945aa2750fd6"><code>8612ff1</code></a>
chore(deps): update dependency npm-run-all2 to v7.0.1 (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3487">#3487</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/e29a8925ebdfb92b9996e36c878553f42295e676"><code>e29a892</code></a>
ci(action): update github/codeql-action action to v3.27.0 (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3485">#3485</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/98d606e8f069f2fc8d7ed39a7684ab8cfb56acac"><code>98d606e</code></a>
chore(deps): update dependency npm-run-all2 to v7 (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3483">#3483</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/55938c355cc5e254e3adbc2f5a3f9fa90583a4aa"><code>55938c3</code></a>
docs(plugins): community plugin <code>semantic-release-kaniko</code> (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3450">#3450</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/2b4c86cf118d837964385b74deb39ef9e9de8906"><code>2b4c86c</code></a>
chore(deps): lock file maintenance (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3481">#3481</a>)</li>
<li><a
href="https://github.com/semantic-release/semantic-release/commit/41c95020fecb8b4dde156c65d2f503eb85b36a9f"><code>41c9502</code></a>
ci(action): update github/codeql-action action to v3.26.13 (<a
href="https://redirect.github.com/semantic-release/semantic-release/issues/3424">#3424</a>)</li>
<li>See full diff in <a
href="https://github.com/semantic-release/semantic-release/compare/v24.1.3...v24.2.0">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=semantic-release&package-manager=npm_and_yarn&previous-version=24.1.3&new-version=24.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Fix: [AEA-0000] - upgrade tests to work with later validator versions (#172)

- Routine Change

- upgrade fhir tests so they work with later validator versions
- remove hard coded dates
- add allure to dev container and add instructions on how to get results
locally

---------

Co-authored-by: Sean Steberis <103416906+seansteberisal@users.noreply.github.com>

Build: [AEA-4506] - Move to communal qc (#168)

- 🤖 Operational or Infrastructure Change

Replace the `quality-checks.yml` file in the repo with the communal one
shared across all EPS projects

---------

Signed-off-by: Jim Wild <wild.james343@gmail.com>
Co-authored-by: Sean Steberis <103416906+seansteberisal@users.noreply.github.com>
Co-authored-by: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com>

Upgrade: [AEA-4432] -regression tests for split eps endpoints (#169)

Created new tests, feature files and placeholder endpoint names for new
split endpoints for EPS prescribing and dispensing

- ✨ New Feature

---------

Co-authored-by: Sean Steberis <103416906+seansteberisal@users.noreply.github.com>
Co-authored-by: SeanSteberis <sean.steberis@airelogic.com>

Update: [AEA-0000] - exclude messages folder from code duplication checks (#174)

- Routine Change

Fix: [AEA-0000] - Fix EPS Fhir URL logic (#176)

- Routine Change

reversed logic to only apply split endpoints when product is NOT
"EPS-FHIR-DISPENSING" and "EPS-FHIR-PRESCRIBING"

New: [AEA-4607] - Amendments to test report history (#175)

- Routine Change

only trigger report building if there are test failures

Author: wildjames

.devcontainer/Dockerfile

@@ -25,8 +25,9 @@ ENV PATH="$PATH:/home/vscode/.asdf/bin/"
 RUN asdf plugin add python; \
     asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git; \
     asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git; \
-    asdf plugin add nodejs;\
-    asdf plugin add actionlint;
+    asdf plugin add nodejs; \
+    asdf plugin add actionlint; \
+    asdf plugin add allure
 
 WORKDIR /workspaces/electronic-prescription-service-api-regression-tests
 ADD .tool-versions /workspaces/electronic-prescription-service-api-regression-tests/.tool-versions

.devcontainer/devcontainer.json

@@ -18,7 +18,8 @@
         "version": "latest",
         "moby": "true",
         "installDockerBuildx": "true"
-      }
+      },
+      "ghcr.io/devcontainers/features/github-cli:1": {}
     },
     "customizations": {
       "vscode": {
@@ -58,7 +59,8 @@
         }
       }
     },
-    "postCreateCommand": "rm -f ~/.docker/config.json; git config --global --add safe.directory /workspaces/electronic-prescription-service-api-regression-tests; make install"
+    "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" },
+    "postCreateCommand": "rm -f ~/.docker/config.json; git config --global --add safe.directory /workspaces/electronic-prescription-service-api-regression-tests; make install; docker build -f https://raw.githubusercontent.com/NHSDigital/eps-workflow-quality-checks/refs/heads/main/dockerfiles/nhsd-git-secrets.dockerfile -t git-secrets ."
     // "features": {},
     // Use 'forwardPorts' to make a list of ports inside the container available locally.
     // "forwardPorts": [],

.gitallowed

@@ -0,0 +1,15 @@
+char\[\] password = System\.getenv\("MVNW_PASSWORD"\)\.toCharArray\(\);
+wget --http-user=\$MVNW_USERNAME --http-.*
+<version>1\.8\.0\.1<\/version>
+github-token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
+"code": "1\.2\.840\.10065\.1\.12\.1\.1"
+java corretto-21\.0\.2\.14\.1
+CidrIp: "0\.0\.0\.0\/0"
+CidrBlock:\s?"?10\.0\.\d+\.\d+\/\d+"
+.*cloudfront\/IOPSValidation\.yaml.*
+.*tcp:\/\/0\.0\.0\.0:8888.*
+.*\.gitallowed.*
+.*steps\.generate-token\.outputs\.token.*
+.*token_response\[\"access_token\"\].*
+.*password=None.*
+.*secrets.REGRESSION_TESTS_PAT.*

.github/workflows/ci.yml

@@ -9,7 +9,7 @@ env:
 
 jobs:
   quality_checks:
-    uses: ./.github/workflows/quality_checks.yml
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.2
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.github/workflows/pr-link.yml

@@ -1,5 +1,5 @@
 name: PR Link ticket
-on:
+on: 
   pull_request:
     types: [opened]
 jobs:
@@ -9,23 +9,38 @@ jobs:
       REF: ${{ github.event.pull_request.head.ref }}
     steps:
       - name: Check ticket name conforms to requirements
-        run: echo "$REF" | grep -i -E -q "(aea-[0-9]+)|(dependabot\/)"
+        run: echo "$REF" | grep -i -E -q "(aea-[0-9]+)|(apm-[0-9]+)|(apmspii-[0-9]+)|(adz-[0-9]+)|(amb-[0-9]+)|(dependabot\/)"
         continue-on-error: true
 
       - name: Grab ticket name
-        if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-')
-        run: echo name=TICKET_NAME::"$(echo "$REF" | grep -i -o '\(aea-[0-9]\+\)' | tr '[:lower:]' '[:upper:]')" >> "$GITHUB_ENV"
+        if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-') || contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'apmspii-') || contains(github.event.pull_request.head.ref, 'APMSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-')
         continue-on-error: true
-        env:
-          ACTIONS_ALLOW_UNSECURE_COMMANDS: true
+        run: |
+          # Match ticket name patterns
+          REGEX='
+            (aea-[0-9]+)|
+            (apm-[0-9]+)|
+            (apmspii-[0-9]+)|
+            (adz-[0-9]+)|
+            (amb-[0-9]+)
+          '
+
+          # Remove whitespace and newlines from the regex
+          REGEX=$(echo "$REGEX" | tr -d '[:space:]')
+
+          # Extract the ticket name and convert to uppercase
+          TICKET_NAME=$(echo "$REF" | grep -i -E -o "$REGEX" | tr '[:lower:]' '[:upper:]')
+
+          # Set the environment variable
+          echo "TICKET_NAME=$TICKET_NAME" >> "$GITHUB_ENV"
 
       - name: Comment on PR with link to JIRA ticket
-        if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-')
+        if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-') || contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'apmspii-') || contains(github.event.pull_request.head.ref, 'APMSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-')
         continue-on-error: true
-        uses: unsplash/comment-on-pr@master
+        uses: unsplash/comment-on-pr@b5610c6125a7197eaec80072ea35ef53e1fc6035
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           msg: |
-            This branch is work on a ticket in the NHS England AEA JIRA Project. Here's a handy link to the ticket:
+            This branch is work on a ticket in an NHS Digital JIRA Project. Here's a handy link to the ticket:
             # [${{ env.TICKET_NAME }}](https://nhsd-jira.digital.nhs.uk/browse/${{ env.TICKET_NAME }})

.github/workflows/pull_request.yml

@@ -9,10 +9,9 @@ env:
 
 jobs:
   quality_checks:
-    uses: ./.github/workflows/quality_checks.yml
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.2
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-    
 
   pr_title_format_check:
     uses: ./.github/workflows/pr_title_check.yml

.github/workflows/quality_checks.yml

@@ -17,6 +17,8 @@ on:
         type: choice
         options:
           - EPS-FHIR
+          - EPS-FHIR-PRESCRIBING
+          - EPS-FHIR-DISPENSING
           - PFP-APIGEE
           - PFP-AWS
           - PSU
@@ -128,13 +130,10 @@ jobs:
           owner: "NHSDigital"
           repositories: "electronic-prescription-service-api-regression-tests,eps-test-reports"
 
-      - name: Send Results
-        run: |
-          poetry run python scripts/send_test_results.py --token=${{ steps.generate-token.outputs.token }} --run_id ${{GITHUB.RUN_ID}}
-
       - name: Report failure on test failure
         if: steps.tests.outcome != 'success'
         run: |
+          poetry run python scripts/send_test_results.py --token=${{ steps.generate-token.outputs.token }} --run_id ${{GITHUB.RUN_ID}}
           echo The regression tests step failed, this likely means there are test failures.
-          echo The report will be generated shortly
+          echo A test report will be generated shortly and can be viewed at: https://nhsdigital.github.io/eps-test-reports
           exit 1

.github/workflows/regression_tests.yml

@@ -8,7 +8,7 @@ env:
 
 jobs:
   quality_checks:
-    uses: ./.github/workflows/quality_checks.yml
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.2
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.github/workflows/release.yml

@@ -47,7 +47,17 @@ repos:
       entry: flake8
       language: system
       types: [python]
-
+        
+  - repo: local
+    hooks:
+      - id: git-secrets
+        name: Git Secrets
+        description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
+        entry: bash
+        args:
+          - -c
+          - 'docker run -v "$LOCAL_WORKSPACE_FOLDER:/src" git-secrets --pre_commit_hook'
+        language: system
 
 fail_fast: false
 default_stages: [pre-commit, commit]