Merge branch 'main' into feature/CCM-12649

Author: masl2

.editorconfig

@@ -67,3 +67,6 @@ trim_trailing_whitespace = unset
 indent_style = unset
 indent_size = unset
 generated_code = true
+
+[/internal/events/**/*.schema.json]
+insert_final_newline = unset

.github/workflows/pr_destroy_dynamic_env.yaml

@@ -8,8 +8,12 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: false
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
-  create-dynamic-environment:
+  destroy-dynamic-environment:
     name: Destroy Dynamic Environment
     runs-on: ubuntu-latest
 
@@ -32,3 +36,25 @@ jobs:
             --terraformAction "destroy" \
             --overrideProjectName "nhs" \
             --overrideRoleName "nhs-main-acct-supplier-api-github-deploy"
+
+  destroy-dynamic-proxy:
+    name: Destroy Dynamic Proxy
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Trigger dynamic proxy destruction
+        env:
+          APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
+          APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
+        shell: bash
+        run: |
+          .github/scripts/dispatch_internal_repo_workflow.sh \
+          --infraRepoName "nhs-notify-supplier-api" \
+          --releaseVersion "main" \
+          --targetComponent "api" \
+          --targetWorkflow "proxy-destroy.yaml" \
+          --targetEnvironment "pr${{ github.event.number }}" \
+          --apimEnvironment "internal-dev-sandbox" \
+          --boundedContext "notify-supplier"

.github/workflows/scorecard.yml

@@ -68,6 +68,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
+        uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
         with:
           sarif_file: results.sarif

.github/workflows/stage-1-commit.yaml

@@ -199,3 +199,95 @@ jobs:
           idp_aws_report_upload_region: "${{ secrets.IDP_AWS_REPORT_UPLOAD_REGION }}"
           idp_aws_report_upload_role_name: "${{ secrets.IDP_AWS_REPORT_UPLOAD_ROLE_NAME }}"
           idp_aws_report_upload_bucket_endpoint: "${{ secrets.IDP_AWS_REPORT_UPLOAD_BUCKET_ENDPOINT }}"
+
+  detect-event-schema-package-changes:
+    name: "Check for changes to event schema package compared to main branch"
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    outputs:
+      changed: ${{ steps.check.outputs.changed }}
+      main_version: ${{ steps.check.outputs.main_version }}
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Detect package changes and current version
+        id: check
+        run: |
+          git fetch origin main
+
+          if git diff --quiet origin/main...HEAD -- internal/events; then
+            echo "No changes in event schemas package"
+            echo "changed=false" >> $GITHUB_OUTPUT
+          else
+            echo "Changes detected in event schemas"
+            echo "changed=true" >> $GITHUB_OUTPUT
+          fi
+
+          if content=$(git show origin/main:internal/events/schemas/package.json 2>/dev/null); then
+            version=$(jq -r .version <<< $content);
+          else
+            version=null;
+          fi
+
+          echo "Detected package version $version in main branch"
+          echo "main_version=$version" >> $GITHUB_OUTPUT
+
+  check-schemas-generated:
+    name: Check event schemas have been regenerated
+    needs: detect-event-schema-package-changes
+    if: needs.detect-event-schema-package-changes.outputs.changed == 'true'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+
+      # Simplified caching - template management has more complex caching of installed modules from another build step
+      - name: "Cache node_modules"
+        uses: actions/cache@v4
+        with:
+          path: |
+            **/node_modules
+          key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-${{ inputs.nodejs_version }}-
+
+      - name: "Re-generate schemas"
+        run: |
+          npm ci --workspace internal/events
+          npm --workspace internal/events run gen:jsonschema
+
+      - name: Check for schema changes
+        run: git diff --quiet internal/events/schemas
+
+  check-schema-version-change:
+    name: Check event schema version has been updated
+    needs: detect-event-schema-package-changes
+    if: needs.detect-event-schema-package-changes.outputs.changed == 'true'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Check schema versions
+        run: |
+          source scripts/is_valid_increment.sh
+
+          main_version="${{ needs.detect-event-schema-package-changes.outputs.main_version }}"
+          echo "Main version: ${{ needs.detect-event-schema-package-changes.outputs.main_version }}"
+
+          local_version=$(jq -r '.version' internal/events/package.json)
+          echo "Local version: $local_version"
+
+          if ! is_valid_increment "$main_version" "$local_version" ; then
+            echo "Error: Event Schema package has changed, but new version ($local_version) is not a valid increment from latest version on main branch ($main_version)."
+            exit 1
+          fi

.github/workflows/stage-2-test.yaml

@@ -143,7 +143,7 @@ jobs:
         with:
           fetch-depth: 0 # Full history is needed to improving relevancy of reporting
       - name: "Download coverage report for SONAR"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           name: code-coverage-report
       - name: "Perform static analysis"

.github/workflows/stage-5-publish.yaml

@@ -46,56 +46,56 @@ jobs:
         uses: actions/checkout@v5
 
       - name: "Get the artefacts 1"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/jekyll-docs-${{ inputs.version }}
           name: jekyll-docs-${{ inputs.version }}
 
       - name: "Get the artefacts 2"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/sdk-html-docs-${{ inputs.version }}
           name: sdk-html-docs-${{ inputs.version }}
 
       - name: "Get the artefacts 3"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/sdk-swagger-docs-${{ inputs.version }}
           name: sdk-swagger-docs-${{ inputs.version }}
 
       - name: "Get the artefacts 4"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/sdk-html-${{ inputs.version }}
           name: sdk-html-${{ inputs.version }}
 
       - name: "Get the artefacts 5"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/sdk-ts-${{ inputs.version }}
           name: sdk-ts-${{ inputs.version }}
 
       - name: "Get the artefacts 6"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/sdk-python-${{ inputs.version }}
           name: sdk-python-${{ inputs.version }}
 
       - name: "Get the artefacts 7"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/sdk-csharp-${{ inputs.version }}
           name: sdk-csharp-${{ inputs.version }}
 
       - name: "Get the artefacts 8"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/api-oas-specification-${{ inputs.version }}
           name: api-oas-specification-${{ inputs.version }}
 
       # Take out for now - might add again in the future
       # - name: "Get the artefacts 9"
-      #   uses: actions/download-artifact@v5
+      #   uses: actions/download-artifact@v6
       #   with:
       #     path: ./artifacts/server-csharp-${{ inputs.version }}
       #     name: server-csharp-${{ inputs.version }}
@@ -252,12 +252,12 @@ jobs:
   #       contents: read
   #     steps:
   #       - name: "Get the artefacts csharp docker"
-  #         uses: actions/download-artifact@v5
+  #         uses: actions/download-artifact@v6
   #         with:
   #           path: .
   #           name: server-csharp-docker-${{ inputs.version }}
   #       - name: "Get the artefacts csharp server"
-  #         uses: actions/download-artifact@v5
+  #         uses: actions/download-artifact@v6
   #         with:
   #           path: ./csharp-server
   #           name: server-csharp-${{ inputs.version }}
@@ -279,7 +279,7 @@ jobs:
       contents: read
     steps:
       - name: "Get the artefacts"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: .
           name: sdk-csharp-${{ inputs.version }}
@@ -335,7 +335,7 @@ jobs:
       contents: read
     steps:
       - name: "Get the artefacts"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: .
           name: sdk-ts-${{ inputs.version }}
@@ -439,7 +439,7 @@ jobs:
   #     contents: read
   #   steps:
   #     - name: "Get the artefacts"
-  #       uses: actions/download-artifact@v5
+  #       uses: actions/download-artifact@v6
   #       with:
   #         path: .
   #         name: libs-letter-${{ inputs.version }}

Makefile

@@ -30,9 +30,9 @@ clean:: # Clean-up project resources (main) @Operations
 # (cd src/server && make clean)
 
 guard-%:
-	@ if [ "${${*}}" = "" ]; then \
+	@if [ -z "$${$*}" ]; then \
 		echo "Variable $* not set"; \
-		echo "Usage: make <target> APIM_ENV=<env>"
+		echo "Usage: make <target> $*=<env>"; \
 		exit 1; \
 	fi
 serve:
@@ -59,6 +59,9 @@ set-security: guard-APIM_ENV
 	@ SECURITY=security-$$APIM_ENV.yml \
 	envsubst '$${SECURITY}' \
 	< specification/api/components/security/security-template.yml > specification/api/components/security/security.yml
+	@ SECURITY_SCHEMES=security-schemes-$$APIM_ENV.yml \
+	envsubst '$${SECURITY_SCHEMES}' \
+	< specification/api/components/security-schemes/security-schemes-template.yml > specification/api/components/security-schemes/security-schemes.yml
 
 construct-spec: guard-APIM_ENV
 	$(MAKE) set-target APIM_ENV=$$APIM_ENV

docs/assets/diagrams/types.md

@@ -1,4 +1,4 @@
-## Data Store Schemas
+# Data Store Schemas
 
 This document contains the mermaid diagrams for the data store schemas used in the application.
 
@@ -10,7 +10,7 @@ The schemas are generated from Zod definitions and provide a visual representati
 erDiagram
     Letter {
         string id
-        string status "enum: PENDING, ACCEPTED, REJECTED, PRINTED, ENCLOSED, CANCELLED, DISPATCHED, FAILED, RETURNED, DESTROYED, FORWARDED, DELIVERED"
+        string status "enum: PENDING, ACCEPTED, REJECTED, PRINTED, ENCLOSED, CANCELLED, DISPATCHED, FAILED, RETURNED, FORWARDED, DELIVERED"
         string specificationId
         string groupId
         number reasonCode

docs/collections/_consumers/integration.md

@@ -105,7 +105,7 @@ The mandatory statuses are: **ACCEPTED**, **REJECTED**, **FORWARDED**, **DISPATC
 - **CANCELLED:** The letter was cancelled following a request from the NHS Notify team
 
 **Optional statuses** - additional, non-mandatory updates that can provide greater operational insight.
-The optional statuses are: **PRINTED**, **ENCLOSED**, **DELIVERED**, and **DESTROYED**.
+The optional statuses are: **PRINTED**, **ENCLOSED**, and **DELIVERED**.
 These can be used if your internal workflow supports more granular reporting.
 
 - **PRINTED:** The letter has been printed.

docs/package.json

@@ -1,7 +1,7 @@
 {
   "author": "",
   "dependencies": {
-    "nhsuk-frontend": "^8.1.1"
+    "nhsuk-frontend": "^10.1.0"
   },
   "description": "",
   "devDependencies": {},