Merge branch 'main' into feature/andys_bcss_test_branch

Author: Andyg79

.editorconfig

@@ -19,3 +19,11 @@ indent_size = 4
 
 [{Makefile,*.mk,go.mod,go.sum,*.go,.gitmodules}]
 indent_style = tab
+
+[{axe.js,axe.min.js}]
+charset = unset
+end_of_line = unset
+insert_final_newline = unset
+trim_trailing_whitespace = unset
+indent_style = unset
+indent_size = unset

.github/actions/check-axe-version/action.yaml

@@ -0,0 +1,42 @@
+name: "Check axe-core version"
+description: "Checks if our copy of axe-core is up to date"
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Create dependency update branch
+        run: |
+          git checkout -b axe-dependency-check
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+      - name: Install Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 'latest'
+      - name: Install axe-core in temp dir
+        run: |
+          cd utils/resouces
+          mkdir temp
+          cd temp
+          npm install axe-core
+      - name: Retrieve axe.js file
+        run: |
+          cd node_modules/axe-core
+          mv axe.js ../../../
+      - name: Remove temp directory
+        run: |
+          cd ../../../
+          rm -rf temp
+      - name: Stage & commit file
+        run: |
+          git stage axe.js
+          git diff-index --quiet HEAD || (git commit -a -m "axe.js scheduled update" --allow-empty)
+      - name: Push changes to branch
+        uses: ad-m/github-push-action@v0.6.0
+        with:
+          github_token: ${{ secrets.PUSH_TOKEN }}
+          branch: axe-dependency-check

.github/workflows/axe-dependency-check.yaml

@@ -0,0 +1,40 @@
+name: Run Axe Dependency Check
+
+on: [workflow_dispatch]
+
+jobs:
+  axe-dependency-check:
+    name: "Axe Version Check"
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - run: |
+          git checkout ${{ github.head_ref || github.ref_name }}
+      - name: Install Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 'latest'
+      - name: Install axe-core in temp dir
+        run: |
+          cd utils/resources
+          mkdir temp
+          cd temp
+          npm install axe-core
+      - name: Retrieve axe.js file
+        run: |
+          cd utils/resources/temp/node_modules/axe-core
+          mv axe.js ../../../
+      - name: Remove temp directory
+        run: |
+          cd utils/resources
+          rm -rf temp
+      - name: Commit to axe-dependency-check branch
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git add utils/resources/axe.js
+          git commit -m "axe-core automated update"
+          git push

.github/workflows/cicd-1-pull-request.yaml

@@ -88,7 +88,7 @@ jobs:
       version: "${{ needs.metadata.outputs.version }}"
     secrets: inherit
   build-stage: # Recommended maximum execution time is 3 minutes
-    name: "Build stage"
+    name: "Build & Assurance stage"
     needs: [metadata, test-stage]
     uses: ./.github/workflows/stage-3-build.yaml
     if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))
@@ -100,16 +100,16 @@ jobs:
       python_version: "${{ needs.metadata.outputs.python_version }}"
       version: "${{ needs.metadata.outputs.version }}"
     secrets: inherit
-  acceptance-stage: # Recommended maximum execution time is 10 minutes
-    name: "Acceptance stage"
-    needs: [metadata, build-stage]
-    uses: ./.github/workflows/stage-4-acceptance.yaml
-    if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))
-    with:
-      build_datetime: "${{ needs.metadata.outputs.build_datetime }}"
-      build_timestamp: "${{ needs.metadata.outputs.build_timestamp }}"
-      build_epoch: "${{ needs.metadata.outputs.build_epoch }}"
-      nodejs_version: "${{ needs.metadata.outputs.nodejs_version }}"
-      python_version: "${{ needs.metadata.outputs.python_version }}"
-      version: "${{ needs.metadata.outputs.version }}"
-    secrets: inherit
+  # acceptance-stage: # Recommended maximum execution time is 10 minutes
+  #   name: "Acceptance stage"
+  #   needs: [metadata, build-stage]
+  #   uses: ./.github/workflows/stage-4-acceptance.yaml
+  #   if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))
+  #   with:
+  #     build_datetime: "${{ needs.metadata.outputs.build_datetime }}"
+  #     build_timestamp: "${{ needs.metadata.outputs.build_timestamp }}"
+  #     build_epoch: "${{ needs.metadata.outputs.build_epoch }}"
+  #     nodejs_version: "${{ needs.metadata.outputs.nodejs_version }}"
+  #     python_version: "${{ needs.metadata.outputs.python_version }}"
+  #     version: "${{ needs.metadata.outputs.version }}"
+  #   secrets: inherit

.github/workflows/cicd-2-publish.yaml

@@ -76,20 +76,20 @@ jobs:
       #     asset_path: ./*
       #     asset_name: repository-template-${{ needs.metadata.outputs.version }}.tar.gz
       #     asset_content_type: "application/gzip"
-  success:
-    name: "Success notification"
-    runs-on: ubuntu-latest
-    needs: [publish]
-    steps:
-      - name: "Check prerequisites for notification"
-        id: check
-        run: echo "secret_exist=${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL != '' }}" >> $GITHUB_OUTPUT
-      - name: "Notify on publishing packages"
-        if: steps.check.outputs.secret_exist == 'true'
-        uses: nhs-england-tools/notify-msteams-action@v1.0.0
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          teams-webhook-url: ${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL }}
-          message-title: "Notification title"
-          message-text: "This is a notification body"
-          link: ${{ github.event.pull_request.html_url }}
+  # success:
+  #   name: "Success notification"
+  #   runs-on: ubuntu-latest
+  #   needs: [publish]
+  #   steps:
+  #     - name: "Check prerequisites for notification"
+  #       id: check
+  #       run: echo "secret_exist=${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL != '' }}" >> $GITHUB_OUTPUT
+  #     - name: "Notify on publishing packages"
+  #       if: steps.check.outputs.secret_exist == 'true'
+  #       uses: nhs-england-tools/notify-msteams-action@v1.0.0
+  #       with:
+  #         github-token: ${{ secrets.GITHUB_TOKEN }}
+  #         teams-webhook-url: ${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL }}
+  #         message-title: "Notification title"
+  #         message-text: "This is a notification body"
+  #         link: ${{ github.event.pull_request.html_url }}

.github/workflows/stage-3-build.yaml

@@ -1,4 +1,4 @@
-name: "Build stage"
+name: "Build & Assurance stage"
 
 on:
   workflow_call:
@@ -29,37 +29,29 @@ on:
         type: string
 
 jobs:
-  artefact-1:
-    name: "Artefact 1"
+  run-tests:
+    name: "Run Util & Example Tests"
     runs-on: ubuntu-latest
     timeout-minutes: 3
     steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v4
-      - name: "Build artefact 1"
+      - uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+      - name: Install dependencies
         run: |
-          echo "Building artefact 1 ..."
-      - name: "Check artefact 1"
-        run: |
-          echo "Checking artefact 1 ..."
-      - name: "Upload artefact 1"
-        run: |
-          echo "Uploading artefact 1 ..."
-          # TODO: Use either action/cache or action/upload-artifact
-  artefact-2:
-    name: "Artefact 2"
-    runs-on: ubuntu-latest
-    timeout-minutes: 3
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v4
-      - name: "Build artefact 2"
-        run: |
-          echo "Building artefact 2 ..."
-      - name: "Check artefact 2"
-        run: |
-          echo "Checking artefact 2 ..."
-      - name: "Upload artefact 2"
-        run: |
-          echo "Uploading artefact 2 ..."
-          # TODO: Use either action/cache or action/upload-artifact
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+      - name: Ensure browsers are installed
+        run: python -m playwright install --with-deps
+      - name: Run util tests
+        run: pytest -m "utils" --ignore=tests/
+      - name: Run example tests
+        run: pytest
+      - uses: actions/upload-artifact@v4
+        if: ${{ !cancelled() }}
+        with:
+          name: result-output
+          path: test-results/
+          retention-days: 5

.gitignore

@@ -17,3 +17,4 @@ __pycache__/
 test-results/
 /tests/examples/
 /.idea/
+axe-reports/

.gitleaks.toml

@@ -0,0 +1,7 @@
+# This allows for the ignoring of secret scanning against axe-core, as whilst it is in our code base we don't control it
+
+[allowlist]
+description = "global allow list"
+paths = [
+  '''(.*?)(axe.js|axe.min.js)'''
+]