NHSDigital
diff --git a/‎.devcontainer/devcontainer.json‎
Lines changed: 3 additions & 0 deletions b/‎.devcontainer/devcontainer.json‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.editorconfig‎
Lines changed: 3 additions & 0 deletions b/‎.editorconfig‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/actions/build-sdk/action.yml‎
Lines changed: 0 additions & 8 deletions b/‎.github/actions/build-sdk/action.yml‎
Lines changed: 0 additions & 8 deletions
diff --git a/‎.github/workflows/pr_destroy_dynamic_env.yaml‎
Lines changed: 27 additions & 1 deletion b/‎.github/workflows/pr_destroy_dynamic_env.yaml‎
Lines changed: 27 additions & 1 deletion
diff --git a/‎.github/workflows/stage-1-commit.yaml‎
Lines changed: 92 additions & 0 deletions b/‎.github/workflows/stage-1-commit.yaml‎
Lines changed: 92 additions & 0 deletions
diff --git a/‎.github/workflows/stage-3-build.yaml‎
Lines changed: 24 additions & 59 deletions b/‎.github/workflows/stage-3-build.yaml‎
Lines changed: 24 additions & 59 deletions
@@ -76,6 +76,9 @@
       "installDockerComposeSwitch": true,
       "moby": true,
       "version": "latest"
+    },
+    "ghcr.io/devcontainers/features/dotnet:2.4.0": {
+      "version": "8.0"
     }
   },
   "mounts": [
 
@@ -67,3 +67,6 @@ trim_trailing_whitespace = unset
 indent_style = unset
 indent_size = unset
 generated_code = true
+
+[/internal/events/**/*.schema.json]
+insert_final_newline = unset
@@ -49,7 +49,6 @@ runs:
       run: |
         make build VERSION="${{ inputs.version }}"
 
-
     - name: Upload API OAS specification artifact
       uses: actions/upload-artifact@v4
       with:
@@ -86,13 +85,6 @@ runs:
         path: "sdk/csharp"
         name: sdk-csharp-${{ inputs.version }}
 
-    # - name: Upload artifact
-    #   # Automatically uploads an artifact from the './_site' directory by default
-    #   uses: actions/upload-pages-artifact@v3
-    #   with:
-    #     path: "docs/_site/"
-    #     name: jekyll-docs-${{ inputs.version }}
-
     - name: Upload artifact
       uses: actions/upload-pages-artifact@v3
       with:
 
@@ -8,8 +8,12 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: false
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
-  create-dynamic-environment:
+  destroy-dynamic-environment:
     name: Destroy Dynamic Environment
     runs-on: ubuntu-latest
 
@@ -32,3 +36,25 @@ jobs:
             --terraformAction "destroy" \
             --overrideProjectName "nhs" \
             --overrideRoleName "nhs-main-acct-supplier-api-github-deploy"
+
+  destroy-dynamic-proxy:
+    name: Destroy Dynamic Proxy
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Trigger dynamic proxy destruction
+        env:
+          APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
+          APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
+        shell: bash
+        run: |
+          .github/scripts/dispatch_internal_repo_workflow.sh \
+          --infraRepoName "nhs-notify-supplier-api" \
+          --releaseVersion "main" \
+          --targetComponent "api" \
+          --targetWorkflow "proxy-destroy.yaml" \
+          --targetEnvironment "pr${{ github.event.number }}" \
+          --apimEnvironment "internal-dev-sandbox" \
+          --boundedContext "notify-supplier"
@@ -199,3 +199,95 @@ jobs:
           idp_aws_report_upload_region: "${{ secrets.IDP_AWS_REPORT_UPLOAD_REGION }}"
           idp_aws_report_upload_role_name: "${{ secrets.IDP_AWS_REPORT_UPLOAD_ROLE_NAME }}"
           idp_aws_report_upload_bucket_endpoint: "${{ secrets.IDP_AWS_REPORT_UPLOAD_BUCKET_ENDPOINT }}"
+
+  detect-event-schema-package-changes:
+    name: "Check for changes to event schema package compared to main branch"
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    outputs:
+      changed: ${{ steps.check.outputs.changed }}
+      main_version: ${{ steps.check.outputs.main_version }}
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Detect package changes and current version
+        id: check
+        run: |
+          git fetch origin main
+
+          if git diff --quiet origin/main...HEAD -- internal/events; then
+            echo "No changes in event schemas package"
+            echo "changed=false" >> $GITHUB_OUTPUT
+          else
+            echo "Changes detected in event schemas"
+            echo "changed=true" >> $GITHUB_OUTPUT
+          fi
+
+          if content=$(git show origin/main:internal/events/schemas/package.json 2>/dev/null); then
+            version=$(jq -r .version <<< $content);
+          else
+            version=null;
+          fi
+
+          echo "Detected package version $version in main branch"
+          echo "main_version=$version" >> $GITHUB_OUTPUT
+
+  check-schemas-generated:
+    name: Check event schemas have been regenerated
+    needs: detect-event-schema-package-changes
+    if: needs.detect-event-schema-package-changes.outputs.changed == 'true'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+
+      # Simplified caching - template management has more complex caching of installed modules from another build step
+      - name: "Cache node_modules"
+        uses: actions/cache@v4
+        with:
+          path: |
+            **/node_modules
+          key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-${{ inputs.nodejs_version }}-
+
+      - name: "Re-generate schemas"
+        run: |
+          npm ci --workspace internal/events
+          npm --workspace internal/events run gen:jsonschema
+
+      - name: Check for schema changes
+        run: git diff --quiet internal/events/schemas
+
+  check-schema-version-change:
+    name: Check event schema version has been updated
+    needs: detect-event-schema-package-changes
+    if: needs.detect-event-schema-package-changes.outputs.changed == 'true'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Check schema versions
+        run: |
+          source scripts/is_valid_increment.sh
+
+          main_version="${{ needs.detect-event-schema-package-changes.outputs.main_version }}"
+          echo "Main version: ${{ needs.detect-event-schema-package-changes.outputs.main_version }}"
+
+          local_version=$(jq -r '.version' internal/events/package.json)
+          echo "Local version: $local_version"
+
+          if ! is_valid_increment "$main_version" "$local_version" ; then
+            echo "Error: Event Schema package has changed, but new version ($local_version) is not a valid increment from latest version on main branch ($main_version)."
+            exit 1
+          fi
@@ -38,7 +38,7 @@ on:
 
 permissions:
   id-token: write # This is required for requesting the JWT
-  contents: read  # This is required for actions/checkout
+  contents: read # This is required for actions/checkout
 jobs:
   artefact-jekyll-docs:
     name: "Build Docs"
@@ -64,29 +64,29 @@ jobs:
         with:
           version: "${{ inputs.version }}"
 
-  artefact-servers:
-    name: "Build servers"
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v5
-      - name: "Build servers"
-        uses: ./.github/actions/build-server
-        with:
-          version: "${{ inputs.version }}"
-
-  artefact-libs:
-    name: "Build libs"
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v5
-      - name: "Build servers"
-        uses: ./.github/actions/build-libraries
-        with:
-          version: "${{ inputs.version }}"
+  # Take out for now - might add again in the future
+  # artefact-servers:
+  #   name: "Build servers"
+  #   runs-on: ubuntu-latest
+  #   timeout-minutes: 10
+  #   steps:
+  #     - name: "Checkout code"
+  #       uses: actions/checkout@v5
+  #     - name: "Build servers"
+  #       uses: ./.github/actions/build-server
+  #       with:
+  #         version: "${{ inputs.version }}"
+  # artefact-libs:
+  #   name: "Build libs"
+  #   runs-on: ubuntu-latest
+  #   timeout-minutes: 10
+  #   steps:
+  #     - name: "Checkout code"
+  #       uses: actions/checkout@v5
+  #     - name: "Build servers"
+  #       uses: ./.github/actions/build-libraries
+  #       with:
+  #         version: "${{ inputs.version }}"
 
   artefact-proxies:
     name: "Build proxies"
@@ -109,38 +109,3 @@ jobs:
           runId: "${{ github.run_id }}"
           buildSandbox: true
           releaseVersion: ${{ github.head_ref || github.ref_name }}
-
-  # artefact-1:
-  #   name: "Artefact 1"
-  #   runs-on: ubuntu-latest
-  #   timeout-minutes: 3
-  #   steps:
-  #     - name: "Checkout code"
-  #       uses: actions/checkout@v5
-  #     - name: "Build artefact 1"
-  #       run: |
-  #         echo "Building artefact 1 ..."
-  #     - name: "Check artefact 1"
-  #       run: |
-  #         echo "Checking artefact 1 ..."
-  #     - name: "Upload artefact 1"
-  #       run: |
-  #         echo "Uploading artefact 1 ..."
-  #         # Use either action/cache or action/upload-artifact
-  # artefact-n:
-  #   name: "Artefact n"
-  #   runs-on: ubuntu-latest
-  #   timeout-minutes: 3
-  #   steps:
-  #     - name: "Checkout code"
-  #       uses: actions/checkout@v5
-  #     - name: "Build artefact n"
-  #       run: |
-  #         echo "Building artefact n ..."
-  #     - name: "Check artefact n"
-  #       run: |
-  #         echo "Checking artefact n ..."
-  #     - name: "Upload artefact n"
-  #       run: |
-  #         echo "Uploading artefact n ..."
-  #         # Use either action/cache or action/upload-artifact