Upgrade: [dependabot] - Bump NHSDigital/eps-workflow-quality-checks from 3.0.0 to 4.0.5 (#1)

Bumps
[NHSDigital/eps-workflow-quality-checks](https://github.com/nhsdigital/eps-workflow-quality-checks)
from 3.0.0 to 4.0.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nhsdigital/eps-workflow-quality-checks/releases">NHSDigital/eps-workflow-quality-checks's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.4</h2>
<h2><a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/compare/v4.0.3...v4.0.4">4.0.4</a>
(2024-11-19)</h2>
<h3>Fix</h3>
<ul>
<li>[AEA-0000] - add step to run make lint (<a
href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/12">#12</a>)
(<a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/a83f03a3b0b7c60a71c60d0d66c15f912f95d39b">a83f03a</a>)</li>
</ul>
<h2>Info</h2>
<p><a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/compare/3738e977da71...a83f03a3b0b7">See
code diff</a>
<a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/actions/runs/11909924652">Release
workflow run</a></p>
<p>It was initialized by <a
href="https://github.com/wildjames">wildjames</a></p>
<h2>v4.0.3</h2>
<h2><a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/compare/v4.0.2...v4.0.3">4.0.3</a>
(2024-11-12)</h2>
<h3>Docs</h3>
<ul>
<li>[AEA-0000] - Tweak the README (<a
href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/11">#11</a>)
(<a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/3738e977da717f372a3c9c71c7f6b7c0c5f6fbf0">3738e97</a>)</li>
</ul>
<h2>Info</h2>
<p><a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/compare/18c2e693bdb3...3738e977da71">See
code diff</a>
<a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/actions/runs/11801648133">Release
workflow run</a></p>
<p>It was initialized by <a
href="https://github.com/wildjames">wildjames</a></p>
<h2>v4.0.2</h2>
<h2><a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/compare/v4.0.1...v4.0.2">4.0.2</a>
(2024-11-06)</h2>
<h3>Fix</h3>
<ul>
<li>[AEA-0000] - Fix typo in java sonar (<a
href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/10">#10</a>)
(<a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/18c2e693bdb32442cea577821e20443a4b9a7632">18c2e69</a>)</li>
</ul>
<h2>Info</h2>
<p><a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/compare/e3120b3268d1...18c2e693bdb3">See
code diff</a>
<a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/actions/runs/11706309014">Release
workflow run</a></p>
<p>It was initialized by <a
href="https://github.com/wildjames">wildjames</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/a83f03a3b0b7c60a71c60d0d66c15f912f95d39b"><code>a83f03a</code></a>
Fix: [AEA-0000] - add step to run make lint (<a
href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/12">#12</a>)</li>
<li><a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/3738e977da717f372a3c9c71c7f6b7c0c5f6fbf0"><code>3738e97</code></a>
Docs: [AEA-0000] - Tweak the README (<a
href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/11">#11</a>)</li>
<li><a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/18c2e693bdb32442cea577821e20443a4b9a7632"><code>18c2e69</code></a>
Fix: [AEA-0000] - Fix typo in java sonar (<a
href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/10">#10</a>)</li>
<li><a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/e3120b3268d127a97ac50cdffebbbf71878c24fb"><code>e3120b3</code></a>
Fix: [AEA-0000] - Fix sonar for java. Fix release tagging flow (<a
href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/9">#9</a>)</li>
<li><a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/017c8a016bbe4aa32b06a5afaf09c2c8d07889db"><code>017c8a0</code></a>
New: [AEA-4540] - Add secret scanning (<a
href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/5">#5</a>)</li>
<li><a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/5bc62f51ac3446971ddf3d451ead18e4a22f1786"><code>5bc62f5</code></a>
Fix: [AEA-0000] - Fix URL (<a
href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/8">#8</a>)</li>
<li><a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/b93ce1817002aa9b674d905f96b7c0f697ef5bfa"><code>b93ce18</code></a>
Chore: [AEA-4183] - Add semantic release (<a
href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/7">#7</a>)</li>
<li><a
href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/a05d7a26ae903940e93f585533bbfbf070005a03"><code>a05d7a2</code></a>
Fix: [AEA-0000] - Add ignores to check-licenses (<a
href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/6">#6</a>)</li>
<li>See full diff in <a
href="https://github.com/nhsdigital/eps-workflow-quality-checks/compare/v3.0.0...v4.0.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=NHSDigital/eps-workflow-quality-checks&package-manager=github_actions&previous-version=3.0.0&new-version=4.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: anthony-nhs <[email protected]>

Author: dependabot[bot]

.devcontainer/devcontainer.json

@@ -67,6 +67,7 @@
       }
     }
   },
+  "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" },
   "postCreateCommand": "rm -f ~/.docker/config.json; git config --global --add safe.directory /workspaces/eps-vpc-resources; make install; direnv allow ."
   // "features": {},
   // Use 'forwardPorts' to make a list of ports inside the container available locally.

.gitallowed

@@ -0,0 +1,18 @@
+token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
+github-token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
+token: ?"?\$\{\{\s*secrets\.DEPENDABOT_TOKEN\s*\}\}"?
+id-token: write
+self.token = token
+--token=\$\{\{\s*steps\.generate-token\.outputs\.token\s*\}\}
+--token=\$GITHUB-TOKEN
+--token="\$GITHUB-TOKEN"
+"accountId": "123456789012"
+accountId: "123456789012"
+console\.log\(`access token : \${access_token}`\)
+.*CidrBlock.*
+.*Gemfile\.lock.*
+.*\.gitallowed.*
+.*nhsd-rules-deny.txt.*
+.*\.venv.*
+.*node_modules.*
+ipAddresses: IpAddresses\.cidr\("10\.190\.0\.0\/16"\)

.github/workflows/ci.yml

@@ -9,7 +9,7 @@ env:
 
 jobs:
   quality_checks:
-    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.5
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.github/workflows/pull_request.yml

@@ -9,7 +9,7 @@ env:
 
 jobs:
   quality_checks:
-    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.5
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.github/workflows/release.yml

@@ -8,7 +8,7 @@ env:
 
 jobs:
   quality_checks:
-    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.5
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.pre-commit-config.yaml

@@ -59,5 +59,15 @@ repos:
         types_or: [sh, shell]
         pass_filenames: false
 
+  - repo: local
+    hooks:
+      - id: git-secrets
+        name: Git Secrets
+        description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
+        entry: bash
+        args:
+          - -c
+          - 'docker run -v "$LOCAL_WORKSPACE_FOLDER:/src" git-secrets --pre_commit_hook'
+        language: system
 fail_fast: true
 default_stages: [pre-commit]