Add workflow template

Author: wildjames

workflow-templates/quality-checks.properties.json

@@ -0,0 +1,15 @@
+{
+    "name": "Quality Checks Workflow",
+    "description": "A workflow template for running quality checks including linting, testing, and SBOM generation.",
+    "iconName": "octicon check",
+    "categories": [
+      "Continuous integration",
+      "Security"
+    ],
+    "filePatterns": [
+      "^Makefile$",
+      "^\\.tool-versions$",
+      "^package\\.json$"
+    ]
+  }
+  

workflow-templates/quality-checks.yml

@@ -0,0 +1,94 @@
+name: Quality Checks
+
+on:
+  workflow_call:
+    secrets:
+      SONAR_TOKEN:
+        required: true
+    inputs:
+      node_version:
+        description: The version of node used in this project.
+        required: true
+        type: number
+
+jobs:
+  quality_checks:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+          fetch-depth: 0
+
+      # Using a specific commit SHA for stability
+      - name: Install asdf
+        uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        with:
+          asdf_branch: v0.14.1
+
+      - name: Cache asdf
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.asdf
+          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-asdf-
+
+      - name: Install asdf dependencies in .tool-versions
+        uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        with:
+          asdf_branch: v0.14.1
+        env:
+          PYTHON_CONFIGURE_OPTS: --enable-shared
+
+      - name: Setting up .npmrc
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc
+          echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc
+
+      - name: Install dependencies
+        run: make install
+
+      - name: Generate and check SBOMs
+        uses: NHSDigital/eps-action-sbom@main
+        with:
+          node_version: {{ inputs.node_version }}
+
+      - name: Upload SBOMs
+        uses: actions/upload-artifact@v3
+        with:
+          name: SBOMS
+          path: '**/*sbom*.json'
+
+      - name: Check licenses
+        run: make check-licenses
+
+      - name: Run linting
+        run: make lint
+
+      - name: Run unit tests
+        run: make test
+
+      - name: Run cfn-guard
+        run: make cfn-guard
+
+      - name: Show cfn-guard output
+        if: failure()
+        run: find cfn_guard_output -type f -print0 | xargs -0 cat
+
+      - name: Upload cfn-guard output
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: cfn_guard_output
+          path: cfn_guard_output
+
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}