Improve quality checks pipeline. (#896)

Author: mfjarvis

.github/workflows/quality-checks.yml

@@ -17,9 +17,9 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
 
-      - uses: actions/setup-node@v5
+      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
         with:
           node-version: "23.11.0"
           cache: "npm"
@@ -30,17 +30,20 @@ jobs:
       - name: Lint
         run: make lint
 
+      - name: Check formatting
+        run: make format-check
+
   lint-python:
     name: Lint Python projects
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
 
       - name: Install poetry
         run: pip install poetry==2.1.4
 
-      - uses: actions/setup-python@v6
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c
         with:
           python-version: 3.11
           cache: "poetry"
@@ -57,17 +60,31 @@ jobs:
         run: poetry run make format-check
         working-directory: quality_checks
 
+  lint-terraform:
+    name: Lint Terraform projects
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+
+      - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
+        with:
+          terraform_version: "1.12.2"
+
+      - name: Check formatting
+        run: terraform fmt -check -recursive
+
   testcoverage_and_sonarcloud:
     name: Test Coverage and SonarCloud
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
 
       - name: Install poetry
         run: pip install poetry==2.1.4
 
-      - uses: actions/setup-python@v6
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c
         with:
           python-version: 3.11
           cache: "poetry"

Makefile

@@ -3,6 +3,8 @@ SHELL=/usr/bin/env bash -euo pipefail
 PYTHON_PROJECT_DIRS_WITH_UNIT_TESTS = backend batch_processor_filter delta_backend filenameprocessor mesh_processor recordprocessor lambdas/ack_backend lambdas/redis_sync lambdas/id_sync lambdas/mns_subscription lambdas/shared
 PYTHON_PROJECT_DIRS = e2e e2e_batch quality_checks $(PYTHON_PROJECT_DIRS_WITH_UNIT_TESTS)
 
+.PHONY: install-python install-node install lint format format-check clean publish build-proxy release initialise-all-python-venvs update-all-python-dependencies run-all-python-unit-tests build-all-docker-images
+
 #Installs dependencies using poetry.
 install-python:
 	poetry lock --no-update
@@ -19,6 +21,12 @@ install: install-node install-python
 lint:
 	npm run lint
 
+format:
+	npm run format
+
+format-check:
+	npm run format-check
+
 #Removes build/ + dist/ directories
 clean:
 	rm -rf build
@@ -39,7 +47,6 @@ build-proxy:
 # VED-811: remove everything except for proxy related files as we move to Github Actions for backend deployment
 _dist_include="pytest.ini poetry.lock poetry.toml pyproject.toml Makefile build/. specification sandbox terraform scripts"
 
-
 #Create /dist/ sub-directory and copy files into directory
 #Ensure full dir structure is preserved for Lambdas
 release: clean publish build-proxy
@@ -50,43 +57,6 @@ release: clean publish build-proxy
 	cp ecs-proxies-deploy.yml dist/ecs-deploy-internal-qa-sandbox.yml
 	cp ecs-proxies-deploy.yml dist/ecs-deploy-internal-dev-sandbox.yml
 
-#################
-# Test commands #
-#################
-
-TEST_CMD := @APIGEE_ACCESS_TOKEN=$(APIGEE_ACCESS_TOKEN) \
-		poetry run pytest -v \
-		--color=yes \
-		--api-name=immunisation-fhir-api \
-		--proxy-name=$(PROXY_NAME) \
-		-s
-
-PROD_TEST_CMD := $(TEST_CMD) \
-		--apigee-app-id=$(APIGEE_APP_ID) \
-		--status-endpoint-api-key=$(STATUS_ENDPOINT_API_KEY)
-
-#Command to run end-to-end smoketests post-deployment to verify the environment is working
-smoketest:
-	$(TEST_CMD) \
-	--junitxml=smoketest-report.xml \
-	-m smoketest
-
-test:
-	$(TEST_CMD) \
-	--junitxml=test-report.xml \
-
-smoketest-prod:
-	$(PROD_TEST_CMD) \
-	--junitxml=smoketest-report.xml \
-	-m smoketest
-
-test-prod:
-	$(PROD_CMD) \
-	--junitxml=test-report.xml \
-
-setup-python-envs:
-	scripts/setup-python-envs.sh
-
 initialise-all-python-venvs:
 	for dir in $(PYTHON_PROJECT_DIRS); do ( \
 		cd $$dir && \

README.md

@@ -57,18 +57,18 @@ See https://nhsd-confluence.digital.nhs.uk/display/APM/Glossary.
 | ----------- | ------------------------------------------------------------------------------------ |
 | `e2e`       | End-to-end tests executed during PR pipelines.                                       |
 | `e2e_batch` | E2E tests specifically for batch-related functionality, also run in the PR pipeline. |
-| `tests`     | Sample e2e test.                                                                     |
 
 ---
 
 ### Utilities
 
-| Folder          | Description                                                   |
-| --------------- | ------------------------------------------------------------- |
-| `devtools`      | Helper tools and utilities for local development              |
-| `scripts`       | Standalone or reusable scripts for development and automation |
-| `specification` | Specification files to document API and related definitions   |
-| `sandbox`       | Simple sandbox API                                            |
+| Folder           | Description                                                   |
+| ---------------- | ------------------------------------------------------------- |
+| `devtools`       | Helper tools and utilities for local development              |
+| `quality_checks` | Dependencies for linting and formatting Python code           |
+| `scripts`        | Standalone or reusable scripts for development and automation |
+| `specification`  | Specification files to document API and related definitions   |
+| `sandbox`        | Simple sandbox API                                            |
 
 ---
 

devtools/dynamodb.tf

@@ -1,63 +1,63 @@
 terraform {
-    required_providers {
-        aws = {
-            source  = "hashicorp/aws"
-            version = "~> 5"
-        }
-    }
-    backend "local" {
-        path = ".terraform/local.tfstate"
-    }
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5"
+    }
+  }
+  backend "local" {
+    path = ".terraform/local.tfstate"
+  }
 }
 
 provider "aws" {
-    region = "us-east-1"
-    skip_region_validation = true
+  region                 = "us-east-1"
+  skip_region_validation = true
 
-    endpoints {
-        sts      = "http://localhost:4566"
-        dynamodb = "http://localhost:4566"
-    }
+  endpoints {
+    sts      = "http://localhost:4566"
+    dynamodb = "http://localhost:4566"
+  }
 }
 
 locals {
-    short_prefix = "imms-default"
+  short_prefix = "imms-default"
 }
 
 resource "aws_dynamodb_table" "events-dynamodb-table" {
-    name         = "${local.short_prefix}-imms-events"
-    billing_mode = "PAY_PER_REQUEST"
-    hash_key     = "PK"
-    stream_enabled = true
-    stream_view_type  = "NEW_IMAGE"
+  name             = "${local.short_prefix}-imms-events"
+  billing_mode     = "PAY_PER_REQUEST"
+  hash_key         = "PK"
+  stream_enabled   = true
+  stream_view_type = "NEW_IMAGE"
 
-    attribute {
-        name = "PK"
-        type = "S"
-    }
-    attribute {
-        name = "PatientPK"
-        type = "S"
-    }
-    attribute {
-        name = "PatientSK"
-        type = "S"
-    }
-    attribute {
-        name = "IdentifierPK"
-        type = "S"
-    }
+  attribute {
+    name = "PK"
+    type = "S"
+  }
+  attribute {
+    name = "PatientPK"
+    type = "S"
+  }
+  attribute {
+    name = "PatientSK"
+    type = "S"
+  }
+  attribute {
+    name = "IdentifierPK"
+    type = "S"
+  }
 
-    global_secondary_index {
-        name               = "PatientGSI"
-        hash_key           = "PatientPK"
-        range_key          = "PatientSK"
-        projection_type    = "ALL"
-    }
-    
-    global_secondary_index {
-        name               = "IdentifierGSI"
-        hash_key           = "IdentifierPK"
-        projection_type    = "ALL"
-    }
+  global_secondary_index {
+    name            = "PatientGSI"
+    hash_key        = "PatientPK"
+    range_key       = "PatientSK"
+    projection_type = "ALL"
+  }
+
+  global_secondary_index {
+    name            = "IdentifierGSI"
+    hash_key        = "IdentifierPK"
+    projection_type = "ALL"
+  }
 }

grafana/non-prod/terraform/vpce/variables.tf

@@ -1,5 +1,5 @@
 variable "aws_region" {
-    description = "Destination AWS region"
+  description = "Destination AWS region"
 }
 
 variable "tags" {

grafana/non-prod/terraform/vpce/vpce.tf

@@ -2,54 +2,54 @@
 # VPCE alternative to NAT Gateway
 # VPC Endpoint for ECR API
 resource "aws_vpc_endpoint" "ecr_api" {
-    vpc_id            = var.vpc_id
-    service_name      = "com.amazonaws.${var.aws_region}.ecr.api"
-    vpc_endpoint_type = "Interface"
-    subnet_ids        = var.private_subnet_ids
-    security_group_ids = [aws_security_group.vpc_endpoints.id]
-    # allow for dns resolution
-    private_dns_enabled = true
-    tags = merge(var.tags, {
-        Name = "${var.prefix}-ecr-api-vpce"
-    })
+  vpc_id             = var.vpc_id
+  service_name       = "com.amazonaws.${var.aws_region}.ecr.api"
+  vpc_endpoint_type  = "Interface"
+  subnet_ids         = var.private_subnet_ids
+  security_group_ids = [aws_security_group.vpc_endpoints.id]
+  # allow for dns resolution
+  private_dns_enabled = true
+  tags = merge(var.tags, {
+    Name = "${var.prefix}-ecr-api-vpce"
+  })
 }
 
 # VPC Endpoint for ECR Docker
 resource "aws_vpc_endpoint" "ecr_docker" {
-    vpc_id            = var.vpc_id
-    service_name      = "com.amazonaws.${var.aws_region}.ecr.dkr"
-    vpc_endpoint_type = "Interface"
-    subnet_ids        = var.private_subnet_ids
-    security_group_ids = [aws_security_group.vpc_endpoints.id]
-    # allow for dns resolution
-    private_dns_enabled = true
-    tags = merge(var.tags, {
-        Name = "${var.prefix}-ecr-dkr-vpce"
-    })
+  vpc_id             = var.vpc_id
+  service_name       = "com.amazonaws.${var.aws_region}.ecr.dkr"
+  vpc_endpoint_type  = "Interface"
+  subnet_ids         = var.private_subnet_ids
+  security_group_ids = [aws_security_group.vpc_endpoints.id]
+  # allow for dns resolution
+  private_dns_enabled = true
+  tags = merge(var.tags, {
+    Name = "${var.prefix}-ecr-dkr-vpce"
+  })
 }
 
 # VPC Endpoint for CloudWatch Logs
 resource "aws_vpc_endpoint" "cloudwatch_logs" {
-    vpc_id            = var.vpc_id
-    service_name      = "com.amazonaws.${var.aws_region}.logs"
-    vpc_endpoint_type = "Interface"
-    subnet_ids        = var.private_subnet_ids
-    security_group_ids = [aws_security_group.vpc_endpoints.id]
-    private_dns_enabled = true
-    tags = merge(var.tags, {
-        Name = "${var.prefix}-cloudwatch-logs-vpce"
-    })
+  vpc_id              = var.vpc_id
+  service_name        = "com.amazonaws.${var.aws_region}.logs"
+  vpc_endpoint_type   = "Interface"
+  subnet_ids          = var.private_subnet_ids
+  security_group_ids  = [aws_security_group.vpc_endpoints.id]
+  private_dns_enabled = true
+  tags = merge(var.tags, {
+    Name = "${var.prefix}-cloudwatch-logs-vpce"
+  })
 }
 
 # VPC Endpoint for S3 as ECR stores image layers in S3
 resource "aws_vpc_endpoint" "s3" {
-    vpc_id            = var.vpc_id
-    service_name      = "com.amazonaws.${var.aws_region}.s3"
-    vpc_endpoint_type = "Gateway"
-    route_table_ids   = var.route_table_ids
-    tags = merge(var.tags, {
-        Name = "${var.prefix}-s3-vpce"
-    })
+  vpc_id            = var.vpc_id
+  service_name      = "com.amazonaws.${var.aws_region}.s3"
+  vpc_endpoint_type = "Gateway"
+  route_table_ids   = var.route_table_ids
+  tags = merge(var.tags, {
+    Name = "${var.prefix}-s3-vpce"
+  })
 }
 
 # Security group for VPC endpoints
@@ -59,10 +59,10 @@ resource "aws_security_group" "vpc_endpoints" {
   vpc_id      = var.vpc_id
 
   ingress {
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    security_groups = [var.ecs_sg_id] 
+    from_port       = 443
+    to_port         = 443
+    protocol        = "tcp"
+    security_groups = [var.ecs_sg_id]
   }
 
   egress {