Merge branch 'main' into dependabot/npm_and_yarn/ts-jest-29.4.4

Author: RossBugginsNHS

.devcontainer/devcontainer.json

@@ -59,11 +59,43 @@
       }
     }
   },
+  "features": {
+    "ghcr.io/azutake/devcontainer-features/go-packages-install:0": {
+      "PACKAGES": "github.com/asdf-vm/asdf/cmd/[email protected]"
+    },
+    "ghcr.io/devcontainers-extra/features/zsh-plugins:0": {
+      "omzPlugins": "https://github.com/zsh-users/zsh-autosuggestions.git https://github.com/zsh-users/zsh-syntax-highlighting.git",
+      "plugins": "zsh-autosuggestions zsh-syntax-highlighting"
+    },
+    "ghcr.io/devcontainers/features/common-utils": {
+      "configureZshAsDefaultShell": true,
+      "installOhMyZsh": true,
+      "installOhMyZshConfig": true,
+      "installZsh": true
+    },
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {
+      "azureDnsAutoDetection": true,
+      "dockerDashComposeVersion": "v2",
+      "installDockerBuildx": true,
+      "installDockerComposeSwitch": true,
+      "moby": true,
+      "version": "latest"
+    },
+    "ghcr.io/devcontainers/features/go:1": {},
+    "ghcr.io/devcontainers/features/python:1": {}
+  },
   "forwardPorts": [
     4000
   ],
   "image": "ghcr.io/nhsdigital/nhs-notify-template-repository:latest",
-  "name": "Jekyll",
+  "mounts": [
+    "source=${localEnv:HOME}/.gnupg,target=/home/vscode/.gnupg,type=bind,consistency=cached",
+    "source=${localEnv:HOME}/.ssh,target=/home/vscode/.ssh,type=bind,consistency=cached",
+    "source=/usr/local/share/ca-certificates,target=/home/ca-certificates,type=bind,consistency=cached"
+  ],
+  "name": "NHS Notify Digital Letters",
+  "postCreateCommand": "echo 'export GPG_TTY=$TTY' | cat - ~/.zshrc > temp && mv temp ~/.zshrc && /workspaces/nhs-notify-digital-letters/scripts/devcontainer/postcreatecommand.sh",
+  "postStartCommand": "/workspaces/nhs-notify-digital-letters/scripts/devcontainer/poststartcommand.sh",
   "runArgs": [
     "--platform=linux/amd64"
   ]

.github/CODEOWNERS

@@ -1,10 +1,11 @@
 # NHS Notify Code Owners
 
 # Notify default owners
-*                           @NHSDigital/nhs-notify-repository-template
+*                           @NHSDigital/nhs-notify-digital-letters
+/docs/
 
-/.github/                   @NHSDigital/nhs-notify-repository-template-admins
-*.code-workspace            @NHSDigital/nhs-notify-repository-template-admins
+/.github/                   @NHSDigital/nhs-notify-digital-letters-admins
+*.code-workspace            @NHSDigital/nhs-notify-digital-letters-admins
 /infrastructure/terraform/  @NHSDigital/nhs-notify-platform
 
 # Codeowners must be final check

.github/actions/build-schemas/action.yml

@@ -0,0 +1,30 @@
+name: "Build Schemas"
+description: "build schemas"
+inputs:
+  version:
+    description: "Version number"
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 18
+
+    - name: Make Config
+      working-directory: ./schemas
+      shell: bash
+      run: make config
+
+    - name: Make Build
+      working-directory: ./schemas
+      shell: bash
+      run: make build
+
+    - name: Upload artifact
+      uses: actions/upload-pages-artifact@v3
+      with:
+        path: "schemas/output/"
+        name: schemas-${{ inputs.version }}

.github/workflows/cicd-1-pull-request.yaml

@@ -29,7 +29,7 @@ jobs:
       does_pull_request_exist: ${{ steps.pr_exists.outputs.does_pull_request_exist }}
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: "Set CI/CD variables"
         id: variables
         run: |
@@ -127,3 +127,18 @@ jobs:
       terraform_version: "${{ needs.metadata.outputs.terraform_version }}"
       version: "${{ needs.metadata.outputs.version }}"
     secrets: inherit
+  publish-stage: # Recommended maximum execution time is 10 minutes
+    name: "Publish stage"
+    needs: [metadata, acceptance-stage]
+    uses: ./.github/workflows/stage-5-publish.yaml
+    if: (github.event_name == 'push' && github.ref == 'refs/heads/main')
+    with:
+      build_datetime: "${{ needs.metadata.outputs.build_datetime }}"
+      build_timestamp: "${{ needs.metadata.outputs.build_timestamp }}"
+      build_epoch: "${{ needs.metadata.outputs.build_epoch }}"
+      nodejs_version: "${{ needs.metadata.outputs.nodejs_version }}"
+      python_version: "${{ needs.metadata.outputs.python_version }}"
+      terraform_version: "${{ needs.metadata.outputs.terraform_version }}"
+      version: "${{ needs.metadata.outputs.version }}"
+      is_version_prerelease: "${{ needs.metadata.outputs.is_version_prerelease }}"
+    secrets: inherit

.github/workflows/cicd-3-deploy.yaml

@@ -1,6 +1,11 @@
 name: "2. Deploy docs to GitHub Pages"
 
 on:
+  workflow_run:
+      workflows: ["1. CI/CD pull request"]
+      types:
+        - completed
+      branches: [main]
   workflow_dispatch:
     inputs:
       include_prereleases:
@@ -15,7 +20,17 @@ on:
           default: latest
           description: "Install specific version"
 
-run-name: "Include prerelease: ${{ inputs.include_prereleases }} Version: ${{ inputs.version }} by @${{ github.actor }}"
+run-name: >-
+  ${{ (inputs.include_prereleases != null
+    && inputs.version != null
+    && format('Triggered Manually. Include prerelease: {0} Version: {1} By: @{2}',
+              inputs.include_prereleases,
+              inputs.version,
+              github.actor))
+    || format('Triggered by {0} ({1}). Include prerelease: true Version: latest',
+    github.event.workflow_run.name,
+    github.event.workflow_run.display_title) }}
+
 permissions:
   contents: read
   pages: write
@@ -37,7 +52,7 @@ jobs:
       # tag: ${{ steps.variables.outputs.tag }}
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: "Set CI/CD variables"
         id: variables
         run: |
@@ -70,15 +85,22 @@ jobs:
     needs: metadata
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Get version"
         id: get-asset-version
         shell: bash
         env:
           GH_TOKEN: ${{ github.token }}
         run: |
-          if [[ ${{inputs.include_prereleases}} == true ]]; then
+          INPUTS_INCLUDE_PRERELEASES=${{ inputs.include_prereleases }}
+          INPUTS_INCLUDE_PRERELEASES=${INPUTS_INCLUDE_PRERELEASES:-"true"}
+
+          INPUTS_VERSION=${{ inputs.version }}
+          INPUTS_VERSION=${INPUTS_VERSION:-"latest"}
+
+
+          if [[ $INPUTS_INCLUDE_PRERELEASES == true ]]; then
             json=$(gh release list --json tagName --limit 1 --exclude-drafts)
           else
             json=$(gh release list --json tagName --limit 1 --exclude-drafts --exclude-pre-releases)
@@ -89,10 +111,10 @@ jobs:
           release_version=$(echo $json | (jq -r '.[0].tagName'))
           if [[ $release_version == null ]]; then exit 1; else echo $release_version; fi
 
-          if [[ ${{inputs.version}} == latest ]]; then
+          if [[ $INPUTS_VERSION == latest ]]; then
             echo release_version=$(echo $release_version) >> $GITHUB_OUTPUT
           else
-            echo release_version=$(echo ${{inputs.version}}) >> $GITHUB_OUTPUT
+            echo release_version=$(echo $INPUTS_VERSION) >> $GITHUB_OUTPUT
           fi
 
       - name: "Get release version"

.github/workflows/scheduled-repository-template-sync.yaml

@@ -16,10 +16,10 @@ jobs:
 
     steps:
     - name: Check out the repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     - name: Check out external repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
       with:
         repository: NHSDigital/nhs-notify-repository-template
         path: nhs-notify-repository-template

.github/workflows/scorecard.yml

@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.2
         with:
           persist-credentials: false
 
@@ -68,6 +68,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19
+        uses: github/codeql-action/upload-sarif@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
         with:
           sarif_file: results.sarif

.github/workflows/stage-1-commit.yaml

@@ -39,7 +39,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0 # Full history is needed to scan all commits
       - name: "Scan secrets"
@@ -50,7 +50,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0 # Full history is needed to compare branches
       - name: "Check file format"
@@ -61,7 +61,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0 # Full history is needed to compare branches
       - name: "Check Markdown format"
@@ -75,7 +75,7 @@ jobs:
         contents: write
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0 # Full history is needed to compare branches
       - name: "Check to see if Terraform Docs are up-to-date"
@@ -96,7 +96,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0 # Full history is needed to compare branches
       - name: "Check English usage"
@@ -107,7 +107,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0 # Full history is needed to compare branches
       - name: "Check TODO usage"
@@ -119,7 +119,7 @@ jobs:
       terraform_changed: ${{ steps.check.outputs.terraform_changed }}
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: "Check for Terraform changes"
         id: check
@@ -143,7 +143,7 @@ jobs:
     if: needs.detect-terraform-changes.outputs.terraform_changed == 'true'
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: "Lint Terraform"
         uses: ./.github/actions/lint-terraform
   trivy:
@@ -154,7 +154,7 @@ jobs:
     if: needs.detect-terraform-changes.outputs.terraform_changed == 'true'
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: "Setup ASDF"
         uses: asdf-vm/actions/setup@v4
       - name: "Perform Setup"
@@ -170,7 +170,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: "Count lines of code"
         uses: ./.github/actions/create-lines-of-code-report
         with:
@@ -189,7 +189,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: "Scan dependencies"
         uses: ./.github/actions/scan-dependencies
         with:

.github/workflows/stage-2-test.yaml

@@ -47,7 +47,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: "Repo setup"
         run: |
           npm ci
@@ -61,7 +61,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: "Repo setup"
         run: |
           npm ci
@@ -89,7 +89,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: "Repo setup"
         run: |
           npm ci
@@ -105,7 +105,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: "Repo setup"
         run: |
           npm ci
@@ -122,7 +122,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: "Run test coverage check"
         run: |
           make test-coverage
@@ -139,7 +139,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0 # Full history is needed to improving relevancy of reporting
       - name: "Download coverage report for SONAR"