diff --git a/.github/workflows/base-cypress-build.yml b/.github/workflows/base-cypress-build.yml index f9afe7536..0374ce984 100644 --- a/.github/workflows/base-cypress-build.yml +++ b/.github/workflows/base-cypress-build.yml @@ -1,13 +1,14 @@ -# .github/workflows/terraform-dev -name: 'Z-BASE Cypress Build: Run a cypress build job' +name: "Z-BASE Cypress Build: Run a cypress build job" + +run-name: "${{ github.event.inputs.build_branch }}" on: workflow_call: inputs: build_branch: - description: 'Branch with smoke tests.' + description: "Branch with smoke tests." required: true - type: 'string' + type: "string" permissions: pull-requests: write @@ -22,13 +23,13 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: - repository: 'NHSDigital/national-document-repository' + repository: "NHSDigital/national-document-repository" ref: ${{ github.event.inputs.build_branch }} - name: Cypress install run: npm install --legacy-peer-deps working-directory: ./app - + - name: Configure React environment vars env: ENDPOINT_DOC_STORE_API: http://localhost:3000 @@ -37,7 +38,7 @@ jobs: IDENTITY_PROVIDER_POOL_ID: not provided yet MONITOR_ACCOUNT_ID: not provided yet BUILD_ENV: development - IMAGE_VERSION: 'not-required' + IMAGE_VERSION: "not-required" run: | ./react-environment-config.sh working-directory: ./app diff --git a/.github/workflows/base-cypress-smoketest.yml b/.github/workflows/base-cypress-smoketest.yml index 1121d5db0..be8c1dcb3 100644 --- a/.github/workflows/base-cypress-smoketest.yml +++ b/.github/workflows/base-cypress-smoketest.yml @@ -1,6 +1,7 @@ -# .github/workflows/terraform-dev name: "Z-BASE Cypress Smoketest: Smoketest shared actions for running" +run-name: "${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.environment }} | ${{ github.event.inputs.sandbox }}" + on: workflow_call: inputs: diff --git a/.github/workflows/base-cypress-test-all-env.yml b/.github/workflows/base-cypress-test-all-env.yml index e92c195d3..784c90f7f 100644 --- a/.github/workflows/base-cypress-test-all-env.yml +++ b/.github/workflows/base-cypress-test-all-env.yml @@ -1,5 +1,7 @@ name: "Z-BASE Cypress Test: Run a cypress test job against all browsers" +run-name: "${{ github.event.inputs.cypress_base_url }} | ${{ github.event.inputs.build_branch }}" + on: workflow_call: inputs: @@ -21,7 +23,7 @@ jobs: view_action_parameters: name: View input params runs-on: ubuntu-latest - steps: + steps: - name: Display client passed variables run: | echo Build Branch: ${{ inputs.build_branch }} diff --git a/.github/workflows/base-cypress-test.yml b/.github/workflows/base-cypress-test.yml index 5372ba0d3..413cdc1d5 100644 --- a/.github/workflows/base-cypress-test.yml +++ b/.github/workflows/base-cypress-test.yml @@ -1,21 +1,22 @@ -# .github/workflows/terraform-dev -name: 'Z-BASE Cypress Test Base: Run a cypress test job against a specific browser' +name: "Z-BASE Cypress Test Base: Run a cypress test job against a specific browser" + +run-name: "${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.cypress_base_url }} | ${{ github.event.inputs.cypress_browser }}" on: workflow_call: inputs: build_branch: - description: 'Branch with smoke tests.' + description: "Branch with smoke tests." required: true - type: 'string' + type: "string" cypress_base_url: - description: 'Base URL to run tests against' + description: "Base URL to run tests against" required: true - type: 'string' + type: "string" cypress_browser: - description: 'what browser to run against' + description: "what browser to run against" required: true - type: 'string' + type: "string" permissions: pull-requests: write @@ -39,7 +40,7 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: - repository: 'NHSDigital/national-document-repository' + repository: "NHSDigital/national-document-repository" ref: ${{ inputs.build_branch }} - name: Download the build folder @@ -69,7 +70,7 @@ jobs: working-directory: ./app env: CYPRESS_BASE_URL: ${{ inputs.cypress_base_url }} - CYPRESS_grepTags: 'regression' + CYPRESS_grepTags: "regression" - uses: actions/upload-artifact@v5 if: failure() diff --git a/.github/workflows/base-data-collection.yml b/.github/workflows/base-data-collection.yml index 4ffead6fe..6257f74de 100644 --- a/.github/workflows/base-data-collection.yml +++ b/.github/workflows/base-data-collection.yml @@ -1,5 +1,7 @@ name: "Z-BASE Deploy Data Collection: Build data collection image" +run-name: "${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.environment }} | ${{ github.event.inputs.sandbox }}" + on: workflow_call: inputs: @@ -32,9 +34,9 @@ jobs: steps: - uses: actions/checkout@v6 with: - repository: 'NHSDigital/national-document-repository' + repository: "NHSDigital/national-document-repository" ref: ${{ inputs.build_branch }} - fetch-depth: '0' + fetch-depth: "0" - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v5 diff --git a/.github/workflows/base-deploy-ui.yml b/.github/workflows/base-deploy-ui.yml index b4c1e53f0..61e1d4d35 100644 --- a/.github/workflows/base-deploy-ui.yml +++ b/.github/workflows/base-deploy-ui.yml @@ -1,6 +1,7 @@ -# .github/workflows/terraform-dev name: "Z-BASE Deploy UI: Run a deploy job for the UI" +run-name: "${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.environment }} | ${{ github.event.inputs.sandbox }}" + on: workflow_call: inputs: @@ -21,7 +22,7 @@ on: required: true permissions: - actions: read # Required for anchore/sbom-action + actions: read # Required for anchore/sbom-action contents: write # Required for anchore/sbom-action id-token: write # This is required for requesting the JWT pull-requests: write @@ -37,9 +38,9 @@ jobs: steps: - uses: actions/checkout@v6 with: - repository: 'NHSDigital/national-document-repository' + repository: "NHSDigital/national-document-repository" ref: ${{ inputs.build_branch }} - fetch-depth: '0' + fetch-depth: "0" - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v5 @@ -48,10 +49,10 @@ jobs: role-skip-session-tagging: true aws-region: ${{ vars.AWS_REGION }} mask-aws-account-id: true - + - name: Get SSM parameters id: ssm-parameters - run: | + run: | doc_store_api_endpoint=$(aws ssm get-parameter --name "/ndr/${{ inputs.sandbox }}/api_endpoint" --with-decryption --query "Parameter.Value" --output text) echo "::add-mask::$doc_store_api_endpoint" echo "ENDPOINT_DOC_STORE_API=$doc_store_api_endpoint" >> $GITHUB_ENV @@ -65,7 +66,7 @@ jobs: cloudfront_domain_name=$(aws cloudfront list-distributions --query "DistributionList.Items[?starts_with(Origins.Items[0].DomainName, '${{ inputs.sandbox }}')].DomainName" --output text) echo "Cloudfront domain name found for environment: $cloudfront_domain_name" echo "CLOUDFRONT_DOMAIN_NAME=$cloudfront_domain_name" >> $GITHUB_ENV - + - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2 @@ -86,16 +87,16 @@ jobs: --query "AppMonitorSummaries[?starts_with(Name, '${{ inputs.sandbox }}')].Id" \ --output text) echo "::add-mask::$app_monitor_id" - echo "MONITOR_ACCOUNT_ID=$app_monitor_id" >> $GITHUB_OUTPUT + echo "MONITOR_ACCOUNT_ID=$app_monitor_id" >> $GITHUB_OUTPUT - name: Configure React environment vars env: AWS_REGION: ${{ vars.AWS_REGION }} OIDC_PROVIDER_ID: not provided yet - IDENTITY_PROVIDER_POOL_ID: ${{ steps.cognito-identity-pool.outputs.IDENTITY_PROVIDER_POOL_ID }} - MONITOR_ACCOUNT_ID: ${{ steps.rum-app-monitor.outputs.MONITOR_ACCOUNT_ID }} + IDENTITY_PROVIDER_POOL_ID: ${{ steps.cognito-identity-pool.outputs.IDENTITY_PROVIDER_POOL_ID }} + MONITOR_ACCOUNT_ID: ${{ steps.rum-app-monitor.outputs.MONITOR_ACCOUNT_ID }} BUILD_ENV: ${{ inputs.environment }} - IMAGE_VERSION: 'ndr-${{ inputs.sandbox }}-app:${{ github.sha }}' + IMAGE_VERSION: "ndr-${{ inputs.sandbox }}-app:${{ github.sha }}" run: | ./react-environment-config.sh diff --git a/.github/workflows/base-e2e-backendtest.yml b/.github/workflows/base-e2e-backendtest.yml index b482216c7..537955857 100644 --- a/.github/workflows/base-e2e-backendtest.yml +++ b/.github/workflows/base-e2e-backendtest.yml @@ -1,6 +1,7 @@ -# .github/workflows/terraform-dev name: "Z-BASE E2e Test: E2e shared actions for running tests on the NDR Backend" +run-name: "${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.environment }} | ${{ github.event.inputs.sandbox }}" + on: workflow_call: inputs: diff --git a/.github/workflows/base-e2e-fhir-backendtest.yml b/.github/workflows/base-e2e-fhir-backendtest.yml index 8aa9e8831..a91f2d77e 100644 --- a/.github/workflows/base-e2e-fhir-backendtest.yml +++ b/.github/workflows/base-e2e-fhir-backendtest.yml @@ -1,6 +1,7 @@ -# .github/workflows/terraform-dev name: "Z-BASE FHIR API E2E Test: E2e shared actions for running FHIR API tests on the NDR Backend" +run-name: "${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.environment }} | ${{ github.event.inputs.sandbox }}" + on: workflow_call: inputs: diff --git a/.github/workflows/base-lambda-layer-reusable-publish-all.yml b/.github/workflows/base-lambda-layer-reusable-publish-all.yml index 7b5877c88..be97edb37 100644 --- a/.github/workflows/base-lambda-layer-reusable-publish-all.yml +++ b/.github/workflows/base-lambda-layer-reusable-publish-all.yml @@ -1,4 +1,6 @@ -name: 'ZBASE Lambda Layers: Deploy all required Lambda layers' +name: "ZBASE Lambda Layers: Deploy all required Lambda layers" + +run-name: "${{ github.event.inputs.environment }} | ${{ github.event.inputs.python_version }} | ${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.sandbox }}" on: workflow_call: @@ -10,13 +12,13 @@ on: required: true type: string build_branch: - description: 'Feature branch to push to test?' + description: "Feature branch to push to test?" required: true - type: 'string' + type: "string" sandbox: - description: 'Which Sandbox to push to' + description: "Which Sandbox to push to" required: true - type: 'string' + type: "string" secrets: AWS_ASSUME_ROLE: required: true @@ -84,4 +86,4 @@ jobs: sandbox: ${{ inputs.sandbox }} lambda_layer_name: alerting_lambda_layer secrets: - AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} \ No newline at end of file + AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} diff --git a/.github/workflows/base-lambda-layer-reusable-publish.yml b/.github/workflows/base-lambda-layer-reusable-publish.yml index 0f287b8a5..5d257bbe6 100644 --- a/.github/workflows/base-lambda-layer-reusable-publish.yml +++ b/.github/workflows/base-lambda-layer-reusable-publish.yml @@ -1,4 +1,6 @@ -name: 'Z-BASE Lambda Layer: action to deploy a single lambda layer' +name: "Z-BASE Lambda Layer: action to deploy a single lambda layer" + +run-name: "${{ github.event.inputs.environment }} | ${{ github.event.inputs.python_version }} | ${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.sandbox }} | ${{ github.event.inputs.lambda_layer_name }}" on: workflow_call: @@ -47,9 +49,9 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: - repository: 'NHSDigital/national-document-repository' + repository: "NHSDigital/national-document-repository" ref: ${{ inputs.build_branch }} - fetch-depth: '0' + fetch-depth: "0" - name: Set up Python ${{ inputs.python_version }} uses: actions/setup-python@v6 diff --git a/.github/workflows/base-lambdas-check-packages.yml b/.github/workflows/base-lambdas-check-packages.yml index 3b656acb1..aec3e8fb5 100644 --- a/.github/workflows/base-lambdas-check-packages.yml +++ b/.github/workflows/base-lambdas-check-packages.yml @@ -1,5 +1,7 @@ name: "Z-BASE Lambdas: Lambda check packages runner" +run-name: "${{ github.event.inputs.environment }} | ${{ github.event.inputs.python_version }} | ${{ github.event.inputs.build_branch }}" + on: workflow_call: inputs: @@ -24,7 +26,6 @@ jobs: name: View input params runs-on: ubuntu-latest steps: - - name: Display client passed variables run: | echo Python Version: ${{ inputs.python_version }} @@ -40,7 +41,7 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: - repository: 'NHSDigital/national-document-repository' + repository: "NHSDigital/national-document-repository" ref: ${{ inputs.build_branch }} - name: Set up Python ${{ inputs.python_version }} @@ -49,7 +50,7 @@ jobs: python-version: ${{ inputs.python_version }} - name: Make virtual environment - run: | + run: | make env - name: Start virtual environment @@ -59,4 +60,4 @@ jobs: - name: Check packages with pip-audit run: | - make check-packages \ No newline at end of file + make check-packages diff --git a/.github/workflows/base-lambdas-edge-deploy.yml b/.github/workflows/base-lambdas-edge-deploy.yml index 6a6c58e62..35560691f 100644 --- a/.github/workflows/base-lambdas-edge-deploy.yml +++ b/.github/workflows/base-lambdas-edge-deploy.yml @@ -1,4 +1,6 @@ -name: 'Z-BASE Lambdas: action to deploy a single lambda' +name: "Z-BASE Lambdas: action to deploy a single lambda" + +run-name: "${{ github.event.inputs.environment }} | ${{ github.event.inputs.python_version }} | ${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.sandbox }} | ${{ github.event.inputs.lambda_handler_name }} | ${{ github.event.inputs.lambda_aws_name }}" on: workflow_call: @@ -51,9 +53,9 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: - repository: 'NHSDigital/national-document-repository' + repository: "NHSDigital/national-document-repository" ref: ${{ inputs.build_branch }} - fetch-depth: '0' + fetch-depth: "0" - name: Set up Python ${{ inputs.python_version }} uses: actions/setup-python@v6 @@ -68,7 +70,7 @@ jobs: with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} role-skip-session-tagging: true - aws-region: 'us-east-1' + aws-region: "us-east-1" mask-aws-account-id: true - name: Create release package for Lambda ${{ inputs.lambda_aws_name }} @@ -86,7 +88,7 @@ jobs: LAMBDA_VERSION=$(echo $RESPONSE | jq -r '.Version') echo "Lambda function updated to version: $LAMBDA_VERSION" - + LAMBDA_ARN=$(echo $RESPONSE | jq -r '.FunctionArn') echo "LAMBDA_ARN=$LAMBDA_ARN" >> $GITHUB_ENV @@ -104,5 +106,5 @@ jobs: run: | ./lambdas/venv/bin/python3 lambdas/scripts/update_cloudfront.py env: - AWS_REGION: 'us-east-1' - LAMBDA_ARN: ${{ env.LAMBDA_ARN }} \ No newline at end of file + AWS_REGION: "us-east-1" + LAMBDA_ARN: ${{ env.LAMBDA_ARN }} diff --git a/.github/workflows/base-lambdas-reusable-deploy-all.yml b/.github/workflows/base-lambdas-reusable-deploy-all.yml index 068ae6fc3..d92a3893a 100644 --- a/.github/workflows/base-lambdas-reusable-deploy-all.yml +++ b/.github/workflows/base-lambdas-reusable-deploy-all.yml @@ -1,5 +1,7 @@ name: "ZBASE Lambdas: Deploy all required Lambda functions" +run-name: "${{ github.event.inputs.environment }} | ${{ github.event.inputs.python_version }} | ${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.sandbox }} | ${{ github.event.inputs.is_sandbox }} | ${{ github.event.inputs.mock_login_enabled }}" + on: workflow_call: inputs: diff --git a/.github/workflows/base-lambdas-reusable-deploy.yml b/.github/workflows/base-lambdas-reusable-deploy.yml index 714eb9a93..4ad5801b1 100644 --- a/.github/workflows/base-lambdas-reusable-deploy.yml +++ b/.github/workflows/base-lambdas-reusable-deploy.yml @@ -1,4 +1,6 @@ -name: 'Z-BASE Lambdas: action to deploy a single lambda' +name: "Z-BASE Lambdas: action to deploy a single lambda" + +run-name: "${{ github.event.inputs.environment }} | ${{ github.event.inputs.python_version }} | ${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.sandbox }} | ${{ github.event.inputs.lambda_handler_name }} | ${{ github.event.inputs.lambda_handler_path }} | ${{ github.event.inputs.lambda_aws_name }} | ${{ github.event.inputs.lambda_layer_names }}" on: workflow_call: @@ -27,7 +29,7 @@ on: required: true type: string lambda_layer_names: - description: 'Comma-separated list of Lambda Layer names' + description: "Comma-separated list of Lambda Layer names" required: true type: string secrets: @@ -59,9 +61,9 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: - repository: 'NHSDigital/national-document-repository' + repository: "NHSDigital/national-document-repository" ref: ${{ inputs.build_branch }} - fetch-depth: '0' + fetch-depth: "0" - name: Set up Python ${{ inputs.python_version }} uses: actions/setup-python@v6 diff --git a/.github/workflows/base-lambdas-reusable-test.yml b/.github/workflows/base-lambdas-reusable-test.yml index 214abe2fc..ca5f980f6 100644 --- a/.github/workflows/base-lambdas-reusable-test.yml +++ b/.github/workflows/base-lambdas-reusable-test.yml @@ -1,5 +1,7 @@ name: "Z-BASE Lambdas: Lambda test runner" +run-name: "${{ github.event.inputs.python_version }} | ${{ github.event.inputs.build_branch }}" + on: workflow_call: inputs: @@ -20,8 +22,7 @@ jobs: view_action_parameters: name: View input params runs-on: ubuntu-latest - steps: - + steps: - name: Display client passed variables run: | echo Python Version: ${{ inputs.python_version }} @@ -35,7 +36,7 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: - repository: 'NHSDigital/national-document-repository' + repository: "NHSDigital/national-document-repository" ref: ${{ inputs.build_branch }} - name: Set up Python ${{ inputs.python_version }} @@ -44,9 +45,9 @@ jobs: python-version: ${{ inputs.python_version }} - name: Make virtual environment - run: | + run: | make env - + - name: Start virtual environment run: | source ./lambdas/venv/bin/activate @@ -58,4 +59,4 @@ jobs: - name: Test with pytest run: | - make test-unit \ No newline at end of file + make test-unit diff --git a/.github/workflows/base-run-bulk-upload.yml b/.github/workflows/base-run-bulk-upload.yml index da35c9ba8..dfcc732ec 100644 --- a/.github/workflows/base-run-bulk-upload.yml +++ b/.github/workflows/base-run-bulk-upload.yml @@ -1,5 +1,7 @@ name: "Base Bulk Upload - Execute a Bulk Upload" +run-name: "${{ github.event.inputs.sandbox }} | ${{ github.event.inputs.base_branch }} | ${{ github.event.inputs.environment }} | ${{ github.event.inputs.combi_settings }} | ${{ github.event.inputs.file_count }}" + permissions: pull-requests: write id-token: write # This is required for requesting the JWT diff --git a/.github/workflows/base-run-disable-pds-stub.yml b/.github/workflows/base-run-disable-pds-stub.yml index 3d6503bf2..27337e367 100644 --- a/.github/workflows/base-run-disable-pds-stub.yml +++ b/.github/workflows/base-run-disable-pds-stub.yml @@ -1,5 +1,7 @@ name: "Base PDS - Disable PDS Stub" +run-name: "${{ github.event.inputs.sandbox }} | ${{ github.event.inputs.base_branch }} | ${{ github.event.inputs.environment }}" + permissions: pull-requests: write id-token: write # This is required for requesting the JWT diff --git a/.github/workflows/base-vitest-test.yml b/.github/workflows/base-vitest-test.yml index 2886f4b63..140c298c4 100644 --- a/.github/workflows/base-vitest-test.yml +++ b/.github/workflows/base-vitest-test.yml @@ -1,13 +1,14 @@ -# .github/workflows/terraform-dev -name: 'Z-BASE Vitest Test: Run a vitest test job' +name: "Z-BASE Vitest Test: Run a vitest test job" + +run-name: "${{ github.event.inputs.build_branch }}" on: workflow_call: inputs: build_branch: - description: 'Branch with smoke tests.' + description: "Branch with smoke tests." required: true - type: 'string' + type: "string" permissions: pull-requests: write @@ -25,9 +26,9 @@ jobs: steps: - uses: actions/checkout@v6 with: - repository: 'NHSDigital/national-document-repository' + repository: "NHSDigital/national-document-repository" ref: ${{ github.event.inputs.build_branch }} - fetch-depth: '0' + fetch-depth: "0" - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 @@ -40,9 +41,9 @@ jobs: AWS_REGION: test region OIDC_PROVIDER_ID: not provided yet IDENTITY_PROVIDER_POOL_ID: not provided yet - MONITOR_ACCOUNT_ID: not provided yet + MONITOR_ACCOUNT_ID: not provided yet BUILD_ENV: development - IMAGE_VERSION: 'ndr-not-required' + IMAGE_VERSION: "ndr-not-required" run: | ./react-environment-config.sh working-directory: app diff --git a/.github/workflows/bulk-upload-300-test.yml b/.github/workflows/bulk-upload-300-test.yml index 278efe25d..777dc64f3 100644 --- a/.github/workflows/bulk-upload-300-test.yml +++ b/.github/workflows/bulk-upload-300-test.yml @@ -1,6 +1,7 @@ -# .github/workflows/terraform-dev name: "Test: Bulk Upload Validator - 300 patients 3 files" +run-name: "${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.environment }} | ${{ github.event.inputs.sandbox }}" + on: workflow_dispatch: inputs: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c1342e146..a2b9637d9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -2,9 +2,9 @@ name: "CodeQL Advanced" on: push: - branches: [ "main" ] + branches: ["main"] pull_request: - branches: [ "main" ] + branches: ["main"] jobs: analyze: @@ -30,28 +30,27 @@ jobs: fail-fast: false matrix: include: - - language: actions - build-mode: none - - language: javascript-typescript - build-mode: none - - language: python - build-mode: none - + - language: actions + build-mode: none + - language: javascript-typescript + build-mode: none + - language: python + build-mode: none + steps: - - name: Checkout repository - uses: actions/checkout@v6 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - config: | - paths-ignore: - - app/public - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}" - \ No newline at end of file + - name: Checkout repository + uses: actions/checkout@v6 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + config: | + paths-ignore: + - app/public + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/data-collection-deploy-to-sandbox.yml b/.github/workflows/data-collection-deploy-to-sandbox.yml index 237653760..52755012a 100644 --- a/.github/workflows/data-collection-deploy-to-sandbox.yml +++ b/.github/workflows/data-collection-deploy-to-sandbox.yml @@ -1,4 +1,6 @@ -name: 'SANDBOX Data Collection - Publish Data Collection Image to ECR' +name: "SANDBOX Data Collection - Publish Data Collection Image to ECR" + +run-name: "${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.sandbox }} | ${{ github.event.inputs.environment }}" on: workflow_dispatch: @@ -53,4 +55,4 @@ jobs: environment: ${{ inputs.environment }} sandbox: ${{ inputs.sandbox }} secrets: - AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} \ No newline at end of file + AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} diff --git a/.github/workflows/full-deploy-to-pre-prod.yml b/.github/workflows/full-deploy-to-pre-prod.yml index 859c17dd2..51e97fea3 100644 --- a/.github/workflows/full-deploy-to-pre-prod.yml +++ b/.github/workflows/full-deploy-to-pre-prod.yml @@ -1,5 +1,7 @@ name: "PRE PROD Full - Deploy to Pre-Prod" +run-name: "${{ github.event.inputs.branch_or_tag }} | ${{ github.event.inputs.mock_login_enabled }}" + on: workflow_dispatch: inputs: @@ -15,7 +17,7 @@ on: default: false permissions: - actions: read # Required for anchore/sbom-action + actions: read # Required for anchore/sbom-action contents: write # Required for anchore/sbom-action pull-requests: write id-token: write # This is required for requesting the JWT @@ -67,25 +69,25 @@ jobs: permissions: write-all steps: - - name: Checkout main - if: ${{ github.event.inputs.branch_or_tag == 'main' }} - uses: actions/checkout@v6 - with: - ref: main - fetch-depth: '0' - - - name: Bump version and push tag - if: ${{ github.event.inputs.branch_or_tag == 'main' }} - id: versioning - uses: anothrNick/github-tag-action@1.64.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - WITH_V: false - DEFAULT_BUMP: patch - - - name: View outputs - run: | - echo Deploying branch or tagged version to pre-prod: ${{ steps.versioning.outputs.tag || github.event.inputs.branch_or_tag }} + - name: Checkout main + if: ${{ github.event.inputs.branch_or_tag == 'main' }} + uses: actions/checkout@v6 + with: + ref: main + fetch-depth: "0" + + - name: Bump version and push tag + if: ${{ github.event.inputs.branch_or_tag == 'main' }} + id: versioning + uses: anothrNick/github-tag-action@1.64.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + WITH_V: false + DEFAULT_BUMP: patch + + - name: View outputs + run: | + echo Deploying branch or tagged version to pre-prod: ${{ steps.versioning.outputs.tag || github.event.inputs.branch_or_tag }} publish_all_lambda_layers: name: Publish all Lambda Layers diff --git a/.github/workflows/full-deploy-to-prod.yml b/.github/workflows/full-deploy-to-prod.yml index 53ebd9afc..b9dae923e 100644 --- a/.github/workflows/full-deploy-to-prod.yml +++ b/.github/workflows/full-deploy-to-prod.yml @@ -1,5 +1,7 @@ name: "PROD Full - Deploy tagged version to Prod" +run-name: "${{ github.event.inputs.tag_version }}" + on: workflow_dispatch: inputs: @@ -9,7 +11,7 @@ on: type: "string" permissions: - actions: read # Required for anchore/sbom-action + actions: read # Required for anchore/sbom-action contents: write # Required for anchore/sbom-action pull-requests: write id-token: write # This is required for requesting the JWT @@ -24,7 +26,7 @@ jobs: view_action_parameters: name: View input params runs-on: ubuntu-latest - steps: + steps: - name: Display client passed variables run: | echo Build Branch: ${{ inputs.tag_version }} @@ -53,7 +55,7 @@ jobs: python_version: "3.11" secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - + deploy_ui: name: Deploy UI uses: ./.github/workflows/base-deploy-ui.yml diff --git a/.github/workflows/full-deploy-to-sandbox.yml b/.github/workflows/full-deploy-to-sandbox.yml index e87905361..e841991f0 100644 --- a/.github/workflows/full-deploy-to-sandbox.yml +++ b/.github/workflows/full-deploy-to-sandbox.yml @@ -1,5 +1,7 @@ name: "SANDBOX Full- Deploy feature branch to sandbox" +run-name: "${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.sandbox }} | ${{ github.event.inputs.environment }} | ${{ github.event.inputs.bulk_upload }} | ${{ github.event.inputs.disable_pds }} | ${{ github.event.inputs.mock_login_enabled }}" + on: workflow_dispatch: inputs: diff --git a/.github/workflows/git-rename-tag.yml b/.github/workflows/git-rename-tag.yml index 616eb3cf3..0ffd9241c 100644 --- a/.github/workflows/git-rename-tag.yml +++ b/.github/workflows/git-rename-tag.yml @@ -1,16 +1,18 @@ -name: 'Git - Rename Tag' +name: "Git - Rename Tag" + +run-name: "${{ github.event.inputs.old_tag }} | ${{ github.event.inputs.new_tag }}" on: workflow_dispatch: inputs: old_tag: - description: 'Numerical only e.g. 1.0.0' + description: "Numerical only e.g. 1.0.0" required: true - type: 'string' + type: "string" new_tag: - description: 'Numerical only e.g. 1.1.0' + description: "Numerical only e.g. 1.1.0" required: true - type: 'string' + type: "string" permissions: pull-requests: write @@ -23,22 +25,21 @@ jobs: permissions: write-all steps: - - name: Checkout uses: actions/checkout@v6 with: ref: ${{ github.event.inputs.old_tag }} fetch-depth: 0 - + - name: Check SHA id: get-sha run: | echo "BRANCH_SHA=$(git log -1 '--format=format:%H')">> $GITHUB_OUTPUT - + - name: Check SHA value run: | echo Branch SHA: ${{steps.get-sha.outputs.BRANCH_SHA}} - + - name: Create tag uses: actions/github-script@v8 with: diff --git a/.github/workflows/lambdas-deploy-feature-to-sandbox.yml b/.github/workflows/lambdas-deploy-feature-to-sandbox.yml index 8659f2241..fc85ccbd9 100644 --- a/.github/workflows/lambdas-deploy-feature-to-sandbox.yml +++ b/.github/workflows/lambdas-deploy-feature-to-sandbox.yml @@ -1,5 +1,7 @@ name: "SANDBOX Lambdas - Deploy Feature Branch to Sandbox" +run-name: "${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.sandbox }} | ${{ github.event.inputs.environment }} | ${{ github.event.inputs.mock_login_enabled }}" + on: workflow_dispatch: inputs: diff --git a/.github/workflows/lambdas-deploy-to-pre-prod.yml b/.github/workflows/lambdas-deploy-to-pre-prod.yml index 374815a68..2f68fb87c 100644 --- a/.github/workflows/lambdas-deploy-to-pre-prod.yml +++ b/.github/workflows/lambdas-deploy-to-pre-prod.yml @@ -1,5 +1,7 @@ name: "PRE PROD Lambdas - Deploy to Pre-Prod" +run-name: "${{ github.event.inputs.branch_or_tag }}" + on: workflow_dispatch: inputs: @@ -20,7 +22,7 @@ jobs: with: python_version: "3.11" build_branch: main - + tag_and_release: needs: ["run_tests"] runs-on: ubuntu-latest @@ -33,25 +35,25 @@ jobs: permissions: write-all steps: - - name: Checkout main - if: ${{ github.event.inputs.branch_or_tag == 'main' }} - uses: actions/checkout@v6 - with: - ref: main - fetch-depth: '0' + - name: Checkout main + if: ${{ github.event.inputs.branch_or_tag == 'main' }} + uses: actions/checkout@v6 + with: + ref: main + fetch-depth: "0" + + - name: Bump version and push tag + if: ${{ github.event.inputs.branch_or_tag == 'main' }} + id: versioning + uses: anothrNick/github-tag-action@1.64.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + WITH_V: false + DEFAULT_BUMP: patch - - name: Bump version and push tag - if: ${{ github.event.inputs.branch_or_tag == 'main' }} - id: versioning - uses: anothrNick/github-tag-action@1.64.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - WITH_V: false - DEFAULT_BUMP: patch - - - name: View outputs - run: | - echo Deploying branch or tagged version to pre-prod lambdas: ${{ steps.versioning.outputs.tag || github.event.inputs.branch_or_tag }} + - name: View outputs + run: | + echo Deploying branch or tagged version to pre-prod lambdas: ${{ steps.versioning.outputs.tag || github.event.inputs.branch_or_tag }} deploy_all: name: Deploy all Lambdas @@ -63,4 +65,3 @@ jobs: environment: pre-prod secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - \ No newline at end of file diff --git a/.github/workflows/lambdas-deploy-to-prod.yml b/.github/workflows/lambdas-deploy-to-prod.yml index 313f8dd77..4daf6e1e8 100644 --- a/.github/workflows/lambdas-deploy-to-prod.yml +++ b/.github/workflows/lambdas-deploy-to-prod.yml @@ -1,5 +1,7 @@ name: "PROD Lambdas - Deploy tagged version to Prod" +run-name: "${{ github.event.inputs.tag_version }}" + on: workflow_dispatch: inputs: diff --git a/.github/workflows/lambdas-deploy-to-test.yml b/.github/workflows/lambdas-deploy-to-test.yml index 1f28348cb..70b5a949f 100644 --- a/.github/workflows/lambdas-deploy-to-test.yml +++ b/.github/workflows/lambdas-deploy-to-test.yml @@ -1,5 +1,7 @@ name: "TEST Lambdas - Deploy Feature Branch to Test" +run-name: "${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.mock_login_enabled }}" + on: workflow_dispatch: inputs: @@ -48,7 +50,3 @@ jobs: mock_login_enabled: ${{ inputs.mock_login_enabled }} secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - - - - \ No newline at end of file diff --git a/.github/workflows/lambdas-dev-to-main-ci.yml b/.github/workflows/lambdas-dev-to-main-ci.yml index c9270e7fd..f67055b17 100644 --- a/.github/workflows/lambdas-dev-to-main-ci.yml +++ b/.github/workflows/lambdas-dev-to-main-ci.yml @@ -84,7 +84,14 @@ jobs: name: Notify Slack on Failure runs-on: ubuntu-latest environment: development - needs: [check_packages, run_tests, publish_all_lambda_layers, deploy_all_lambdas, deploy_data_collection] + needs: + [ + check_packages, + run_tests, + publish_all_lambda_layers, + deploy_all_lambdas, + deploy_data_collection, + ] if: failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' steps: - name: Configure AWS Credentials @@ -94,14 +101,14 @@ jobs: role-skip-session-tagging: true aws-region: ${{ vars.AWS_REGION }} mask-aws-account-id: true - + - name: Get slack bot token from SSM parameter store id: ssm-parameters run: | slack_bot_token=$(aws ssm get-parameter --name "/ndr/alerting/slack/bot_token" --with-decryption --query "Parameter.Value" --output text) echo "::add-mask::$slack_bot_token" echo "SLACK_BOT_TOKEN=$slack_bot_token" >> $GITHUB_ENV - + - name: Send Slack Notification uses: slackapi/slack-github-action@v2.1.1 with: diff --git a/.github/workflows/ndr-e2e-backend-test-ci.yml b/.github/workflows/ndr-e2e-backend-test-ci.yml index 3558969c8..5f08ccf1b 100644 --- a/.github/workflows/ndr-e2e-backend-test-ci.yml +++ b/.github/workflows/ndr-e2e-backend-test-ci.yml @@ -1,10 +1,9 @@ -# .github/workflows/terraform-dev name: "Merge to main: E2e Tests Backend" on: workflow_run: workflows: - - 'CI Lambdas - CI Feature to Main' + - "CI Lambdas - CI Feature to Main" types: - completed branches: @@ -24,7 +23,7 @@ jobs: sandbox: ndr-dev secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - + services-fhir-api-e2etest: uses: ./.github/workflows/base-e2e-fhir-backendtest.yml with: @@ -33,7 +32,7 @@ jobs: sandbox: ndr-dev secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - + notify-slack: name: Notify Slack on Failure runs-on: ubuntu-latest @@ -48,14 +47,14 @@ jobs: role-skip-session-tagging: true aws-region: ${{ vars.AWS_REGION }} mask-aws-account-id: true - + - name: Get slack bot token from SSM parameter store id: ssm-parameters run: | slack_bot_token=$(aws ssm get-parameter --name "/ndr/alerting/slack/bot_token" --with-decryption --query "Parameter.Value" --output text) echo "::add-mask::$slack_bot_token" echo "SLACK_BOT_TOKEN=$slack_bot_token" >> $GITHUB_ENV - + - name: Send Slack Notification uses: slackapi/slack-github-action@v2.1.1 with: @@ -110,4 +109,4 @@ jobs: ] } ] - } \ No newline at end of file + } diff --git a/.github/workflows/ndr-e2e-test-sandbox.yml b/.github/workflows/ndr-e2e-test-sandbox.yml index 7f05df261..458de390f 100644 --- a/.github/workflows/ndr-e2e-test-sandbox.yml +++ b/.github/workflows/ndr-e2e-test-sandbox.yml @@ -1,6 +1,7 @@ -# .github/workflows/terraform-dev name: "SANDBOX: E2e Tests Backend" +run-name: "${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.sandbox }} | ${{ github.event.inputs.environment }}" + on: workflow_dispatch: inputs: @@ -40,4 +41,4 @@ jobs: environment: ${{ inputs.environment }} sandbox: ${{ inputs.sandbox }} secrets: - AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} \ No newline at end of file + AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} diff --git a/.github/workflows/ndr-smoketest-ui-test-ci.yml b/.github/workflows/ndr-smoketest-ui-test-ci.yml index f18e42c32..90a90cd07 100644 --- a/.github/workflows/ndr-smoketest-ui-test-ci.yml +++ b/.github/workflows/ndr-smoketest-ui-test-ci.yml @@ -1,12 +1,11 @@ -# .github/workflows/terraform-dev name: "Cypress Smoketest CI to Main: Smoketest shared actions checking CI deployments" on: workflow_run: workflows: [ - 'CI UI - Development CI Feature Branch to Main', - 'CI Lambdas - CI Feature to Main' + "CI UI - Development CI Feature Branch to Main", + "CI Lambdas - CI Feature to Main", ] types: - completed @@ -101,4 +100,4 @@ jobs: ] } ] - } \ No newline at end of file + } diff --git a/.github/workflows/performance-base-run-bulk-upload.yml b/.github/workflows/performance-base-run-bulk-upload.yml index 374780bd5..a4387cb39 100644 --- a/.github/workflows/performance-base-run-bulk-upload.yml +++ b/.github/workflows/performance-base-run-bulk-upload.yml @@ -1,5 +1,7 @@ name: "Z-BASE: Performance Base Bulk Upload - Execute a Bulk Upload" +run-name: "${{ github.event.inputs.sandbox }} | ${{ github.event.inputs.base_branch }} | ${{ github.event.inputs.environment }} | ${{ github.event.inputs.num_patients }} | ${{ github.event.inputs.file_count }} | ${{ github.event.inputs.file_size }} | ${{ github.event.inputs.use_bulk_upload_metadata_processor }}" + permissions: pull-requests: write id-token: write # This is required for requesting the JWT @@ -99,4 +101,4 @@ jobs: --environment "${{ inputs.sandbox }}" \ --start-bulk-upload\ "${BULK_UPLOAD_METADATA_PROCESSOR_FLAG}" - working-directory: ./tests/bulk-upload/scripts \ No newline at end of file + working-directory: ./tests/bulk-upload/scripts diff --git a/.github/workflows/performance-run-bulk-upload-test.yml b/.github/workflows/performance-run-bulk-upload-test.yml index c8192046a..67f9b947d 100644 --- a/.github/workflows/performance-run-bulk-upload-test.yml +++ b/.github/workflows/performance-run-bulk-upload-test.yml @@ -1,5 +1,7 @@ name: Performance Run Bulk Upload - Test +run-name: "${{ github.event.inputs.sandbox }} | ${{ github.event.inputs.num_patients }} | ${{ github.event.inputs.file_count }} | ${{ github.event.inputs.file_size }} | ${{ github.event.inputs.use_bulk_upload_metadata_processor }}" + permissions: pull-requests: write id-token: write # This is required for requesting the JWT @@ -45,4 +47,4 @@ jobs: file_size: "${{ inputs.file_size }}" use_bulk_upload_metadata_processor: "${{ inputs.use_bulk_upload_metadata_processor }}" secrets: - AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} \ No newline at end of file + AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} diff --git a/.github/workflows/run-bulk-upload-dev.yml b/.github/workflows/run-bulk-upload-dev.yml index 22ca4bbff..02732631a 100644 --- a/.github/workflows/run-bulk-upload-dev.yml +++ b/.github/workflows/run-bulk-upload-dev.yml @@ -1,5 +1,7 @@ name: Run Bulk Upload - Dev +run-name: "${{ github.event.inputs.sandbox }} | ${{ github.event.inputs.combi_settings }} | ${{ github.event.inputs.file_count }}" + permissions: pull-requests: write id-token: write # This is required for requesting the JWT diff --git a/.github/workflows/run-bulk-upload-pre-prod.yml b/.github/workflows/run-bulk-upload-pre-prod.yml index 9bf0210da..a388d5a75 100644 --- a/.github/workflows/run-bulk-upload-pre-prod.yml +++ b/.github/workflows/run-bulk-upload-pre-prod.yml @@ -1,5 +1,7 @@ name: Run Bulk Upload - Pre-prod +run-name: "${{ github.event.inputs.combi_settings }} | ${{ github.event.inputs.file_count }}" + permissions: pull-requests: write id-token: write # This is required for requesting the JWT diff --git a/.github/workflows/run-bulk-upload-test.yml b/.github/workflows/run-bulk-upload-test.yml index 6cace5822..f481c9785 100644 --- a/.github/workflows/run-bulk-upload-test.yml +++ b/.github/workflows/run-bulk-upload-test.yml @@ -1,5 +1,7 @@ name: Run Bulk Upload - Test +run-name: "${{ github.event.inputs.combi_settings }} | ${{ github.event.inputs.file_count }}" + permissions: pull-requests: write id-token: write # This is required for requesting the JWT diff --git a/.github/workflows/sonarcloud-analysis.yml b/.github/workflows/sonarcloud-analysis.yml index 2e8bf0cc6..0af70be55 100644 --- a/.github/workflows/sonarcloud-analysis.yml +++ b/.github/workflows/sonarcloud-analysis.yml @@ -1,4 +1,5 @@ name: SonarCloud-Analysis + on: push: branches: @@ -17,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v6 with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Use Node.js 24.x uses: actions/setup-node@v4 @@ -30,9 +31,9 @@ jobs: AWS_REGION: test region OIDC_PROVIDER_ID: not provided yet IDENTITY_PROVIDER_POOL_ID: not provided yet - MONITOR_ACCOUNT_ID: not provided yet + MONITOR_ACCOUNT_ID: not provided yet BUILD_ENV: development - IMAGE_VERSION: 'ndr-${{ vars.BUILD_ENV }}-app:${{ github.sha }}' + IMAGE_VERSION: "ndr-${{ vars.BUILD_ENV }}-app:${{ github.sha }}" run: | ./react-environment-config.sh working-directory: ./app @@ -47,9 +48,9 @@ jobs: python-version: 3.11 - name: Make virtual environment - run: | + run: | make env - + - name: Start virtual environment run: | source ./lambdas/venv/bin/activate @@ -65,5 +66,5 @@ jobs: - name: SonarCloud Scan uses: SonarSource/sonarqube-scan-action@v6 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/subscribe-to-mns.yml b/.github/workflows/subscribe-to-mns.yml index 037a2c921..d0abf18ea 100644 --- a/.github/workflows/subscribe-to-mns.yml +++ b/.github/workflows/subscribe-to-mns.yml @@ -1,5 +1,7 @@ name: Subscribe to MNS +run-name: "${{ github.event.inputs.sandbox }} | ${{ github.event.inputs.environment }}" + on: workflow_dispatch: inputs: @@ -46,8 +48,8 @@ jobs: - name: Set up Python uses: actions/setup-python@v6 with: - python-version: '3.11' - cache: 'pip' + python-version: "3.11" + cache: "pip" - name: Install dependencies run: | diff --git a/.github/workflows/ui-deploy-feature-to-sandbox-manual.yml b/.github/workflows/ui-deploy-feature-to-sandbox-manual.yml index fb46749f0..874643db2 100644 --- a/.github/workflows/ui-deploy-feature-to-sandbox-manual.yml +++ b/.github/workflows/ui-deploy-feature-to-sandbox-manual.yml @@ -1,4 +1,6 @@ -name: 'SANDBOX UI - Deploy Feature Branch to Sandbox' +name: "SANDBOX UI - Deploy Feature Branch to Sandbox" + +run-name: "${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.sandbox }} | ${{ github.event.inputs.environment }}" on: workflow_dispatch: @@ -40,13 +42,12 @@ on: required: true permissions: - actions: read # Required for anchore/sbom-action + actions: read # Required for anchore/sbom-action contents: write # Required for anchore/sbom-action pull-requests: write id-token: write # This is required for requesting the JWT jobs: - react_testing_job: name: Run UI Unit Tests uses: ./.github/workflows/base-vitest-test.yml @@ -61,4 +62,4 @@ jobs: environment: ${{ inputs.environment }} sandbox: ${{ inputs.sandbox }} secrets: - AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} \ No newline at end of file + AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} diff --git a/.github/workflows/ui-deploy-to-pre-prod-manual.yml b/.github/workflows/ui-deploy-to-pre-prod-manual.yml index 1b9c634fb..2d1d156a2 100644 --- a/.github/workflows/ui-deploy-to-pre-prod-manual.yml +++ b/.github/workflows/ui-deploy-to-pre-prod-manual.yml @@ -1,4 +1,6 @@ -name: 'PRE PROD UI - Deploy to Pre-Prod' +name: "PRE PROD UI - Deploy to Pre-Prod" + +run-name: "${{ github.event.inputs.branch_or_tag }}" on: workflow_dispatch: @@ -10,7 +12,7 @@ on: default: main permissions: - actions: read # Required for anchore/sbom-action + actions: read # Required for anchore/sbom-action contents: write # Required for anchore/sbom-action pull-requests: write id-token: write # This is required for requesting the JWT @@ -27,7 +29,7 @@ jobs: uses: ./.github/workflows/base-cypress-build.yml with: build_branch: main - + cypress_test_job: name: Run Cypress E2E Tests needs: [cypress_build_job] @@ -44,25 +46,25 @@ jobs: permissions: write-all steps: - - name: Checkout main - if: ${{ github.event.inputs.branch_or_tag == 'main' }} - uses: actions/checkout@v6 - with: - ref: main - fetch-depth: '0' + - name: Checkout main + if: ${{ github.event.inputs.branch_or_tag == 'main' }} + uses: actions/checkout@v6 + with: + ref: main + fetch-depth: "0" + + - name: Bump version and push tag + if: ${{ github.event.inputs.branch_or_tag == 'main' }} + id: versioning + uses: anothrNick/github-tag-action@1.64.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + WITH_V: false + DEFAULT_BUMP: patch - - name: Bump version and push tag - if: ${{ github.event.inputs.branch_or_tag == 'main' }} - id: versioning - uses: anothrNick/github-tag-action@1.64.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - WITH_V: false - DEFAULT_BUMP: patch - - - name: View outputs - run: | - echo Deploying branch or tagged version to pre-prod UI: ${{ steps.versioning.outputs.tag || github.event.inputs.branch_or_tag }} + - name: View outputs + run: | + echo Deploying branch or tagged version to pre-prod UI: ${{ steps.versioning.outputs.tag || github.event.inputs.branch_or_tag }} deploy_ui: name: Deploy UI diff --git a/.github/workflows/ui-deploy-to-prod-manual.yml b/.github/workflows/ui-deploy-to-prod-manual.yml index 16cab77d1..7291d97c8 100644 --- a/.github/workflows/ui-deploy-to-prod-manual.yml +++ b/.github/workflows/ui-deploy-to-prod-manual.yml @@ -1,15 +1,17 @@ -name: 'PROD UI - Deploy tagged version to Prod' +name: "PROD UI - Deploy tagged version to Prod" + +run-name: "${{ github.event.inputs.tag_version }}" on: workflow_dispatch: inputs: tag_version: - description: 'Which tagged version do you want to push to prod?' + description: "Which tagged version do you want to push to prod?" required: true - type: 'string' + type: "string" permissions: - actions: read # Required for anchore/sbom-action + actions: read # Required for anchore/sbom-action contents: write # Required for anchore/sbom-action pull-requests: write id-token: write # This is required for requesting the JWT @@ -23,4 +25,4 @@ jobs: environment: prod sandbox: prod secrets: - AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} \ No newline at end of file + AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} diff --git a/.github/workflows/ui-deploy-to-test-manual.yml b/.github/workflows/ui-deploy-to-test-manual.yml index a3e5b4fc5..d72f2490e 100644 --- a/.github/workflows/ui-deploy-to-test-manual.yml +++ b/.github/workflows/ui-deploy-to-test-manual.yml @@ -1,16 +1,17 @@ -# .github/workflows/terraform-dev -name: 'TEST UI - Deploy Main to Test' +name: "TEST UI - Deploy Main to Test" + +run-name: "${{ github.event.inputs.build_branch }}" on: workflow_dispatch: inputs: build_branch: - description: 'Feature branch to push to test?' + description: "Feature branch to push to test?" required: true - type: 'string' + type: "string" permissions: - actions: read # Required for anchore/sbom-action + actions: read # Required for anchore/sbom-action contents: write # Required for anchore/sbom-action pull-requests: write id-token: write # This is required for requesting the JWT @@ -27,7 +28,7 @@ jobs: uses: ./.github/workflows/base-cypress-build.yml with: build_branch: ${{ inputs.build_branch }} - + cypress_test_job: name: Run Cypress E2E Tests needs: [cypress_build_job] @@ -35,7 +36,7 @@ jobs: with: cypress_base_url: ${{ vars.CYPRESS_BASE_URL }} build_branch: ${{ inputs.build_branch }} - + deploy_ui: name: Deploy UI uses: ./.github/workflows/base-deploy-ui.yml diff --git a/.github/workflows/ui-dev-to-main-ci.yml b/.github/workflows/ui-dev-to-main-ci.yml index ada861985..9cc5a2e7a 100644 --- a/.github/workflows/ui-dev-to-main-ci.yml +++ b/.github/workflows/ui-dev-to-main-ci.yml @@ -1,4 +1,3 @@ -# .github/workflows/terraform-dev name: "CI UI - Development CI Feature Branch to Main" on: @@ -22,7 +21,7 @@ on: required: true permissions: - actions: read # Required for anchore/sbom-action + actions: read # Required for anchore/sbom-action contents: write # Required for anchore/sbom-action pull-requests: write id-token: write # This is required for requesting the JWT @@ -131,4 +130,4 @@ jobs: ] } ] - } \ No newline at end of file + } diff --git a/.github/workflows/ui-smoketest.yml b/.github/workflows/ui-smoketest.yml index c5ead4d49..68f63cd7a 100644 --- a/.github/workflows/ui-smoketest.yml +++ b/.github/workflows/ui-smoketest.yml @@ -1,24 +1,25 @@ -# .github/workflows/terraform-dev -name: 'SANDBOX - UI Smoke Test' +name: "SANDBOX - UI Smoke Test" + +run-name: "${{ github.event.inputs.build_branch }} | ${{ github.event.inputs.environment }} | ${{ github.event.inputs.sandbox }}" on: workflow_dispatch: inputs: build_branch: - description: 'Branch with smoke tests.' + description: "Branch with smoke tests." required: true - type: 'string' - default: 'main' + type: "string" + default: "main" environment: - description: 'Which Environment type are we using' + description: "Which Environment type are we using" required: true - type: 'string' - default: 'development' + type: "string" + default: "development" sandbox: - description: 'Sandbox to run the smoke tests on.' + description: "Sandbox to run the smoke tests on." required: true - type: 'string' - default: 'ndr' + type: "string" + default: "ndr" permissions: pull-requests: write