VED-808 (Child of VED-720) Refactor quality check pipeline

.github/workflows/continuous-integration.yml → .github/workflows/create-release-tag.yml

@@ -1,11 +1,13 @@
-name: Create Release
-on: push
+name: Create Release Tag
+on:
+  push:
+    branches:
+      - master
 
 jobs:
   create_release:
-    name: build
+    name: Create Release
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/master'
     steps:
       - name: Checkout
         uses: actions/checkout@v5
@@ -40,4 +42,4 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           tag_name: ${{ env.SPEC_VERSION }}
-          release_name: ${{ env.SPEC_VERSION }}
+          release_name: ${{ env.SPEC_VERSION }}

.github/workflows/pr-lint.yaml → .github/workflows/pr-jira-link.yaml

@@ -1,27 +1,29 @@
-name: PR Quality Check
+name: Create PR JIRA Link
 on:
   pull_request:
     types: [opened]
 
 jobs:
   link-ticket:
     runs-on: ubuntu-latest
+    env:
+      BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
     steps:
       - name: Check ticket name conforms to requirements
-        run: echo ${{ github.event.pull_request.head.ref }} | grep -i -E -q "(amb-[0-9]+)|(ambspii-[0-9]+)|(adz-[0-9]+)|(ved-[0-9]+)|(dependabot\/)"
+        run: echo $BRANCH_NAME | grep -i -E -q "(amb-[0-9]+)|(ambspii-[0-9]+)|(adz-[0-9]+)|(ved-[0-9]+)|(dependabot\/)"
         continue-on-error: true
 
       - name: Grab ticket name
         if: contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') || contains(github.event.pull_request.head.ref, 'ambspii-') || contains(github.event.pull_request.head.ref, 'AMBSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'ved-') || contains(github.event.pull_request.head.ref, 'VED-')
-        run: echo "TICKET_NAME=$(echo ${{ github.event.pull_request.head.ref }} | grep -i -o '\(amb-[0-9]\+\)\|\(ambspii-[0-9]\+\)\|\(adz-[0-9]\+\)\|\(ved-[0-9]\+\)' | tr '[:lower:]' '[:upper:]')" >> $GITHUB_ENV
+        run: echo "TICKET_NAME=$(echo $BRANCH_NAME | grep -i -o '\(amb-[0-9]\+\)\|\(ambspii-[0-9]\+\)\|\(adz-[0-9]\+\)\|\(ved-[0-9]\+\)' | tr '[:lower:]' '[:upper:]')" >> $GITHUB_ENV
         continue-on-error: true
         env:
           ACTIONS_ALLOW_UNSECURE_COMMANDS: true
 
       - name: Comment on PR with link to JIRA ticket
         if: contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') || contains(github.event.pull_request.head.ref, 'ambspii-') || contains(github.event.pull_request.head.ref, 'AMBSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'ved-') || contains(github.event.pull_request.head.ref, 'VED-')
         continue-on-error: true
-        uses: unsplash/comment-on-pr@master
+        uses: unsplash/comment-on-pr@b5610c6125a7197eaec80072ea35ef53e1fc6035
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

.github/workflows/sonarcloud.yml → .github/workflows/quality-checks.yml

@@ -1,4 +1,4 @@
-name: SonarCloud
+name: Quality Checks
 
 on:
   push:
@@ -12,14 +12,40 @@ env:
   LAMBDA_PATH: ${{ github.workspace }}/lambdas
 
 jobs:
-  sonarcloud:
-    name: SonarCloud
+  lint:
+    name: Lint specification and Python projects
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v5
+
+      - name: Install poetry
+        run: pip install poetry==2.1.4
+
+      # Base linting requires 3.8 due to APIM package dependencies. See root README for details under linting.
+      # Consider upgrading this and poetry deps if we move away from Azure DevOps to using the Proxygen tool.
+      - uses: actions/setup-python@v5
+        with:
+          python-version: 3.8
+          cache: 'poetry'
+
+      - uses: actions/setup-node@v5
         with:
-          fetch-depth: 0
+          node-version: '23.11.0'
+          cache: 'npm'
+
+      - name: Install linting dependencies
+        run: make install-node && poetry install --no-root
+
+      - name: Lint
+        run: make lint
+
+  testcoverage_and_sonarcloud:
+    name: Test Coverage and SonarCloud
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v5
 
       - name: Install poetry
         run: pip install poetry==2.1.4
@@ -184,7 +210,7 @@ jobs:
           fi
 
       - name: SonarCloud Scan
-        uses: SonarSource/sonarqube-scan-action@master
+        uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

README.md

@@ -175,7 +175,7 @@ It is not necessary to activate the virtual environment (using `source .venv/bin
 The root-level virtual environment is primarily used for linting, as we create separate virtual environments for each folder that contains Lambda functions.
 Steps: 
 1. Follow instructions above to [install dependencies](#install-dependencies) & [set up a virtual environment](#setting-up-a-virtual-environment-with-poetry). 
-**Note: While this project uses Python 3.10 (e.g. for Lambdas), the NHSDigital/api-management-utils repository — which orchestrates setup and linting — defaults to Python 3.8.
+**Note: While this project uses Python 3.11 (e.g. for Lambdas), the NHSDigital/api-management-utils repository — which orchestrates setup and linting — defaults to Python 3.8.
 The linting command is executed from within that repo but calls the Makefile in this project, so be aware of potential Python version mismatches when running or debugging locally or in the pipeline.**
 2. Run `make lint`. This will:
     - Check the linting of the API specification yaml.

README.specification.md

@@ -102,8 +102,8 @@ To get started developing your API use this template repo alongside guidance pro
 This folder contains templates that can be customised for items such as opening pull requests or issues within the repo
 
 `/.github/workflows`: This folder contains templates for github action workflows such as:
-- `pr-lint.yaml`: This workflow template shows how to link Pull Request's to Jira tickets and runs when a pull request is opened.
-- `continuous-integration.yml`: This workflow template shows how to publish a Github release when pushing to master.
+- `pr-jira-link.yaml`: This workflow template links Pull Requests to Jira tickets and runs when a pull request is opened.
+- `create-release-tag.yml`: This workflow template shows how to publish a Github release when pushing to master.
 
 #### `/azure`:
 

pyproject.toml

@@ -1,4 +1,5 @@
 [project]
+name = "immunisation-fhir-api"
 python = "^3.8"
 
 [tool.poetry]