Fix: [AEA-0000] - create typescript function cdk construct (#288)

## Summary

- Routine Change

### Details

- create typescript function cdk construct
- create weekly release workflows and modify ci pipeline to not tag a
release
- update check_ecr_image_scan_results to use inspector2 api
- move to common workflows for 
- - pr title format check
- - dependabot auto approve and merge

Author: anthony-nhs

.github/workflows/ci.yml

@@ -1,4 +1,4 @@
-name: merge to main workflow
+name: release workflow
 
 on:
   push:
@@ -55,29 +55,29 @@ jobs:
     needs: [quality_checks, get_commit_id, get_asdf_version]
     uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@361957c147279f5f0f68b64fde9927833363d5f7
     with:
-      dry_run: false
+      dry_run: true
       asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
       branch_name: main
-      publish_package: false
+      publish_package: true
       tag_format: ${{ needs.get_asdf_version.outputs.tag_format }}
     secrets: inherit
 
   package_code:
     needs: [tag_release, quality_checks, get_commit_id]
     uses: ./.github/workflows/docker_image_build.yml
     with:
-      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      VERSION_NUMBER: pre-release-${{ needs.get_commit_id.outputs.sha_short }}
       COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
 
   release_dev:
     needs: [tag_release, package_code, get_commit_id]
     uses: ./.github/workflows/docker_image_upload.yml
     with:
       AWS_ENVIRONMENT: dev
-      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      VERSION_NUMBER: pre-release-${{ needs.get_commit_id.outputs.sha_short }}
       COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
-      TAG_LATEST: true
-      DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}}
+      TAG_LATEST: false
+      DOCKER_IMAGE_TAG: pre-release-${{ needs.get_commit_id.outputs.sha_short }}
     secrets:
       CDK_PUSH_IMAGE_ROLE: ${{ secrets.DEV_CDK_PUSH_IMAGE_ROLE }}
 
@@ -86,10 +86,10 @@ jobs:
     uses: ./.github/workflows/docker_image_upload.yml
     with:
       AWS_ENVIRONMENT: qa
-      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      VERSION_NUMBER: pre-release-${{ needs.get_commit_id.outputs.sha_short }}
       COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
-      TAG_LATEST: true
-      DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}}
+      TAG_LATEST: false
+      DOCKER_IMAGE_TAG: pre-release-${{ needs.get_commit_id.outputs.sha_short }}
     secrets:
       CDK_PUSH_IMAGE_ROLE: ${{ secrets.QA_CDK_PUSH_IMAGE_ROLE }}
 
@@ -98,33 +98,13 @@ jobs:
     uses: ./.github/workflows/docker_image_upload.yml
     with:
       AWS_ENVIRONMENT: ref
-      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      VERSION_NUMBER: pre-release-${{ needs.get_commit_id.outputs.sha_short }}
       COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
-      TAG_LATEST: true
-      DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}}
+      TAG_LATEST: false
+      DOCKER_IMAGE_TAG: pre-release-${{ needs.get_commit_id.outputs.sha_short }}
     secrets:
       CDK_PUSH_IMAGE_ROLE: ${{ secrets.REF_CDK_PUSH_IMAGE_ROLE }}
 
-  release_int:
-    needs: [tag_release, release_qa, package_code, get_commit_id]
-    uses: ./.github/workflows/docker_image_upload.yml
-    with:
-      AWS_ENVIRONMENT: int
-      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
-      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
-      TAG_LATEST: true
-      DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}}
-    secrets:
-      CDK_PUSH_IMAGE_ROLE: ${{ secrets.INT_CDK_PUSH_IMAGE_ROLE }}
-
-  release_prod:
-    needs: [tag_release, release_int, package_code, get_commit_id]
-    uses: ./.github/workflows/docker_image_upload.yml
-    with:
-      AWS_ENVIRONMENT: prod
-      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
-      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
-      TAG_LATEST: true
-      DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}}
-    secrets:
-      CDK_PUSH_IMAGE_ROLE: ${{ secrets.PROD_CDK_PUSH_IMAGE_ROLE }}
+  package_npm_code:
+    needs: [quality_checks, get_commit_id]
+    uses: ./.github/workflows/package_npm_code.yml

.github/workflows/dependabot_auto_approve_and_merge.yml

@@ -0,0 +1,68 @@
+name: docker image build
+
+on:
+    workflow_call:
+
+jobs:
+    get_asdf_version:
+        runs-on: ubuntu-22.04
+        outputs:
+            asdf_version: ${{ steps.asdf-version.outputs.version }}
+            tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }}
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v5
+
+            - name: Get asdf version
+              id: asdf-version
+              run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT"
+            - name: Load config value
+              id: load-config
+              run: |
+                  TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml)
+                  echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT"
+    package_npm_code:
+        runs-on: ubuntu-22.04
+        needs: [get_asdf_version]
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v5
+              with:
+                  ref: ${{ env.BRANCH_NAME }}
+
+            # using git commit sha for version of action to ensure we have stable version
+            - name: Install asdf
+              uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302
+              with:
+                  asdf_version: ${{ needs.get_asdf_version.outputs.asdf_version }}
+
+            - name: Cache asdf
+              uses: actions/cache@v4
+              with:
+                  path: |
+                      ~/.asdf
+                  key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+                  restore-keys: |
+                      ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+
+            - name: Install asdf dependencies in .tool-versions
+              uses: asdf-vm/actions/install@1902764435ca0dd2f3388eea723a4f92a4eb8302
+              with:
+                  asdf_version: ${{ needs.get_asdf_version.outputs.asdf_version }}
+              env:
+                  PYTHON_CONFIGURE_OPTS: --enable-shared
+
+            - name: Install dependencies
+              run: |
+                  make install
+
+            - name: Package code
+              run: |
+                  make package
+
+            - uses: actions/upload-artifact@v4
+              name: Upload packaged code
+              with:
+                  name: nhsdigital-eps-cdk-constructs-1.0.0.tgz
+                  path: |
+                      lib/nhsdigital-eps-cdk-constructs-1.0.0.tgz

.github/workflows/package_npm_code.yml

@@ -8,6 +8,12 @@ env:
   BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
 
 jobs:
+  dependabot-auto-approve-and-merge:
+    needs: quality_checks
+    uses: NHSDigital/eps-workflow-dependabot/.github/workflows/dependabot-auto-approve-and-merge.yml@5b176f0bba32ef623dee7d134391160c0058402d
+    secrets:
+      AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
+      AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
   get_asdf_version:
     runs-on: ubuntu-22.04
     outputs:
@@ -78,15 +84,19 @@ jobs:
           echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT"
           echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
 
-  package_code:
+  package_docker_image:
     needs: [get_issue_number, quality_checks, get_commit_id]
     uses: ./.github/workflows/docker_image_build.yml
     with:
       VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }}
       COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
 
-  release_code:
-    needs: [get_issue_number, package_code, get_commit_id]
+  package_npm_code:
+    needs: [quality_checks, get_commit_id]
+    uses: ./.github/workflows/package_npm_code.yml
+
+  release_docker_image:
+    needs: [get_issue_number, package_docker_image, get_commit_id]
     uses: ./.github/workflows/docker_image_upload.yml
     with:
       AWS_ENVIRONMENT: dev
@@ -96,3 +106,14 @@ jobs:
       DOCKER_IMAGE_TAG: PR-${{ needs.get_issue_number.outputs.issue_number }}-${{ needs.get_commit_id.outputs.sha_short }}
     secrets:
       CDK_PUSH_IMAGE_ROLE: ${{ secrets.DEV_CDK_PUSH_IMAGE_ROLE }}
+
+  tag_release:
+    needs: [get_commit_id, get_asdf_version]
+    uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@7c0d0e06afc120ec47372b479aa147ff9b453bca
+    with:
+      dry_run: true
+      asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
+      branch_name: ${{ github.event.pull_request.head.ref }}
+      publish_package: true
+      tag_format: ${{ needs.get_asdf_version.outputs.tag_format }}
+    secrets: inherit

.github/workflows/pull_request.yml

@@ -0,0 +1,131 @@
+name: release workflow
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 8 * * 3"
+
+env:
+  BRANCH_NAME: ${{ github.ref_name }}
+
+jobs:
+  get_commit_id:
+    runs-on: ubuntu-22.04
+    outputs:
+      commit_id: ${{ steps.commit_id.outputs.commit_id }}
+      sha_short: ${{ steps.commit_id.outputs.sha_short }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+
+      - name: Get Commit ID
+        id: commit_id
+        run: |
+          #  echo "commit_id=${{ github.sha }}" >> "$GITHUB_ENV"
+          echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT"
+          echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
+  get_asdf_version:
+    runs-on: ubuntu-22.04
+    outputs:
+      asdf_version: ${{ steps.asdf-version.outputs.version }}
+      tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Get asdf version
+        id: asdf-version
+        run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT"
+      - name: Load config value
+        id: load-config
+        run: |
+          TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml)
+          echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT"
+  quality_checks:
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@4a6d03ad51516eddc448daf454805f85fe2025b9
+    needs: [get_asdf_version, get_commit_id]
+    with:
+      asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  tag_release:
+    needs: [quality_checks, get_commit_id, get_asdf_version]
+    uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@7c0d0e06afc120ec47372b479aa147ff9b453bca
+    with:
+      dry_run: false
+      asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
+      branch_name: main
+      publish_package: true
+      tag_format: ${{ needs.get_asdf_version.outputs.tag_format }}
+    secrets: inherit
+
+  package_code:
+    needs: [tag_release, quality_checks, get_commit_id]
+    uses: ./.github/workflows/docker_image_build.yml
+    with:
+      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
+
+  release_dev:
+    needs: [tag_release, package_code, get_commit_id]
+    uses: ./.github/workflows/docker_image_upload.yml
+    with:
+      AWS_ENVIRONMENT: dev
+      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
+      TAG_LATEST: true
+      DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}}
+    secrets:
+      CDK_PUSH_IMAGE_ROLE: ${{ secrets.DEV_CDK_PUSH_IMAGE_ROLE }}
+
+  release_qa:
+    needs: [tag_release, release_dev, package_code, get_commit_id]
+    uses: ./.github/workflows/docker_image_upload.yml
+    with:
+      AWS_ENVIRONMENT: qa
+      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
+      TAG_LATEST: true
+      DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}}
+    secrets:
+      CDK_PUSH_IMAGE_ROLE: ${{ secrets.QA_CDK_PUSH_IMAGE_ROLE }}
+
+  release_ref:
+    needs: [tag_release, release_dev, package_code, get_commit_id]
+    uses: ./.github/workflows/docker_image_upload.yml
+    with:
+      AWS_ENVIRONMENT: ref
+      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
+      TAG_LATEST: true
+      DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}}
+    secrets:
+      CDK_PUSH_IMAGE_ROLE: ${{ secrets.REF_CDK_PUSH_IMAGE_ROLE }}
+
+  release_int:
+    needs: [tag_release, release_qa, package_code, get_commit_id]
+    uses: ./.github/workflows/docker_image_upload.yml
+    with:
+      AWS_ENVIRONMENT: int
+      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
+      TAG_LATEST: true
+      DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}}
+    secrets:
+      CDK_PUSH_IMAGE_ROLE: ${{ secrets.INT_CDK_PUSH_IMAGE_ROLE }}
+
+  release_prod:
+    needs: [tag_release, release_int, package_code, get_commit_id]
+    uses: ./.github/workflows/docker_image_upload.yml
+    with:
+      AWS_ENVIRONMENT: prod
+      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
+      TAG_LATEST: true
+      DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}}
+    secrets:
+      CDK_PUSH_IMAGE_ROLE: ${{ secrets.PROD_CDK_PUSH_IMAGE_ROLE }}

.github/workflows/release.yml

@@ -0,0 +1,2 @@
+//npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}
+@nhsdigital:registry=https://npm.pkg.github.com

.npmrc

@@ -41,5 +41,14 @@ repos:
         types_or: [sh, shell]
         pass_filenames: false
 
+      - id: lint-cdkConstructs
+        name: Lint cdkConstructs
+        entry: npm
+        args: ["run", "--prefix=packages/cdkConstructs", "lint"]
+        language: system
+        files: ^packages\/cdkConstructs
+        types_or: [ts, tsx, javascript, jsx, json]
+        pass_filenames: false
+
 fail_fast: true
 default_stages: [pre-commit]