From 974f1505569562b756da2c980607398adaf01e03 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 13:22:04 +0000 Subject: [PATCH 1/4] Upgrade: [dependabot] - bump NHSDigital/eps-workflow-quality-checks Bumps [NHSDigital/eps-workflow-quality-checks](https://github.com/nhsdigital/eps-workflow-quality-checks) from 4.1.3 to 5.1.3. - [Release notes](https://github.com/nhsdigital/eps-workflow-quality-checks/releases) - [Commits](https://github.com/nhsdigital/eps-workflow-quality-checks/compare/v4.1.3...v5.1.3) --- updated-dependencies: - dependency-name: NHSDigital/eps-workflow-quality-checks dependency-version: 5.1.3 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- .github/workflows/pull_request.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6b50e8d6..c296e8f0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.1.3 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v5.1.3 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index cb2a4917..ff532e7b 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.1.3 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v5.1.3 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c2f8b123..9615722f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,7 +8,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.1.3 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v5.1.3 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From bd27b819ecb6da55d1b004145403e2cc5265856f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Oct 2025 13:27:19 +0000 Subject: [PATCH 2/4] Upgrade: [dependabot] - bump NHSDigital/eps-workflow-quality-checks Bumps [NHSDigital/eps-workflow-quality-checks](https://github.com/nhsdigital/eps-workflow-quality-checks) from 4.1.3 to 5.1.3. - [Release notes](https://github.com/nhsdigital/eps-workflow-quality-checks/releases) - [Commits](https://github.com/nhsdigital/eps-workflow-quality-checks/compare/v4.1.3...v5.1.3) --- updated-dependencies: - dependency-name: NHSDigital/eps-workflow-quality-checks dependency-version: 5.1.3 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- .github/workflows/pull_request.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6b50e8d6..c296e8f0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.1.3 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v5.1.3 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index cb2a4917..ff532e7b 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.1.3 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v5.1.3 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c2f8b123..9615722f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,7 +8,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.1.3 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v5.1.3 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From 1690b6d1ae53ae5ab2919a8afeb5bf6b8d82c49a Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Wed, 29 Oct 2025 13:29:11 +0000 Subject: [PATCH 3/4] new stuff --- .github/workflows/ci.yml | 33 +++++++------ .../dependabot_auto_approve_and_merge.yml | 49 ------------------- .github/workflows/pr-link.yml | 31 ------------ .github/workflows/pull_request.yml | 45 ++++++++++------- .github/workflows/release.yml | 33 +++++++------ 5 files changed, 63 insertions(+), 128 deletions(-) delete mode 100644 .github/workflows/dependabot_auto_approve_and_merge.yml delete mode 100644 .github/workflows/pr-link.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c296e8f0..2c864b55 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,21 +8,6 @@ env: BRANCH_NAME: ${{ github.event.ref.BRANCH_NAME }} jobs: - quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v5.1.3 - secrets: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - get_commit_id: - runs-on: ubuntu-22.04 - outputs: - commit_id: ${{ steps.commit_id.outputs.commit_id }} - steps: - - name: Get Commit ID - id: commit_id - run: | - echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" - get_asdf_version: runs-on: ubuntu-22.04 outputs: @@ -41,6 +26,24 @@ jobs: TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" + quality_checks: + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@2eb8f078b68454b53e83a62b4a6422c0f7aae6b3 + needs: [get_asdf_version] + with: + asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + get_commit_id: + runs-on: ubuntu-22.04 + outputs: + commit_id: ${{ steps.commit_id.outputs.commit_id }} + steps: + - name: Get Commit ID + id: commit_id + run: | + echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" + tag_release: needs: [quality_checks, get_commit_id, get_asdf_version] uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@dfe382696a37973eeb78ada43e3117fde9f1b875 diff --git a/.github/workflows/dependabot_auto_approve_and_merge.yml b/.github/workflows/dependabot_auto_approve_and_merge.yml deleted file mode 100644 index 152af500..00000000 --- a/.github/workflows/dependabot_auto_approve_and_merge.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: Dependabot auto-approve -on: pull_request - -permissions: - pull-requests: write - contents: write - -jobs: - dependabot: - runs-on: ubuntu-22.04 - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Get token from Github App - id: get_app_token - uses: actions/create-github-app-token@v2 - with: - app-id: ${{ secrets.AUTOMERGE_APP_ID }} - private-key: ${{ secrets.AUTOMERGE_PEM }} - - name: Dependabot metadata - id: dependabot-metadata - uses: dependabot/fetch-metadata@v2 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Approve patch and minor updates - if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}} - run: gh pr review "$PR_URL" --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} - - name: Approve major updates of development dependencies - if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:development'}} - run: gh pr review "$PR_URL" --approve -b "I'm **approving** this pull request because **it includes a major update of a dependency used only in development**" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} - - name: Comment on major updates of non-development dependencies - if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:production'}} - run: | - gh pr comment "$PR_URL" --body "I'm **not approving** this PR because **it includes a major update of a dependency used in production**" - gh pr edit "$PR_URL" --add-label "requires-manual-qa" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} - # enable auto merge on all dependabot prs - - name: Enable auto-merge for Dependabot PRs - run: gh pr merge --auto --squash "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} diff --git a/.github/workflows/pr-link.yml b/.github/workflows/pr-link.yml deleted file mode 100644 index 34f5dd4c..00000000 --- a/.github/workflows/pr-link.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: PR Link ticket -on: - pull_request: - types: [opened] -jobs: - link-ticket: - runs-on: ubuntu-22.04 - env: - REF: ${{ github.event.pull_request.head.ref }} - steps: - - name: Check ticket name conforms to requirements - run: echo "$REF" | grep -i -E -q "(aea-[0-9]+)|(apm-[0-9]+)|(apmspii-[0-9]+)|(adz-[0-9]+)|(amb-[0-9]+)|(dependabot\/)" - continue-on-error: true - - - name: Grab ticket name - if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-') || contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'apmspii-') || contains(github.event.pull_request.head.ref, 'APMSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') - run: echo name=TICKET_NAME::"$(echo "$REF" | grep -i -o '\(aea-[0-9]\+\)\|\(apm-[0-9]\+\)\|\(apmspii-[0-9]\+\)\|\(adz-[0-9]\+\)|\(amb-[0-9]\+\)' | tr '[:lower:]' '[:upper:]')" >> "$GITHUB_ENV" - continue-on-error: true - env: - ACTIONS_ALLOW_UNSECURE_COMMANDS: true - - - name: Comment on PR with link to JIRA ticket - if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-') || contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'apmspii-') || contains(github.event.pull_request.head.ref, 'APMSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') - continue-on-error: true - uses: unsplash/comment-on-pr@b5610c6125a7197eaec80072ea35ef53e1fc6035 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - msg: | - This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket: - # [${{ env.TICKET_NAME }}](https://nhsd-jira.digital.nhs.uk/browse/${{ env.TICKET_NAME }}) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index ff532e7b..6031d06b 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -8,8 +8,34 @@ env: BRANCH_NAME: ${{ github.event.pull_request.head.ref }} jobs: + dependabot-auto-approve-and-merge: + uses: NHSDigital/eps-workflow-dependabot/.github/workflows/dependabot-auto-approve-and-merge.yml@7bc662bb5f6528a429920af5ba74bda99f1f5d2e + secrets: + AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }} + AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }} + get_asdf_version: + runs-on: ubuntu-22.04 + outputs: + asdf_version: ${{ steps.asdf-version.outputs.version }} + tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }} + steps: + - name: Checkout code + uses: actions/checkout@v5 + + - name: Get asdf version + id: asdf-version + run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT" + - name: Load config value + id: load-config + run: | + TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) + echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" + quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v5.1.3 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@2eb8f078b68454b53e83a62b4a6422c0f7aae6b3 + needs: [get_asdf_version] + with: + asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} @@ -41,23 +67,6 @@ jobs: ).data[0].number; } result-encoding: string - get_asdf_version: - runs-on: ubuntu-22.04 - outputs: - asdf_version: ${{ steps.asdf-version.outputs.version }} - tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }} - steps: - - name: Checkout code - uses: actions/checkout@v5 - - - name: Get asdf version - id: asdf-version - run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT" - - name: Load config value - id: load-config - run: | - TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) - echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" tag_release: needs: [get_asdf_version] diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9615722f..54765ca5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,21 +7,6 @@ env: BRANCH_NAME: ${{ github.event.ref.BRANCH_NAME }} jobs: - quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v5.1.3 - secrets: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - get_commit_id: - runs-on: ubuntu-22.04 - outputs: - commit_id: ${{ steps.commit_id.outputs.commit_id }} - steps: - - name: Get Commit ID - id: commit_id - run: | - echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" - get_asdf_version: runs-on: ubuntu-22.04 outputs: @@ -40,6 +25,24 @@ jobs: TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" + quality_checks: + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@2eb8f078b68454b53e83a62b4a6422c0f7aae6b3 + needs: [get_asdf_version] + with: + asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + get_commit_id: + runs-on: ubuntu-22.04 + outputs: + commit_id: ${{ steps.commit_id.outputs.commit_id }} + steps: + - name: Get Commit ID + id: commit_id + run: | + echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" + tag_release: needs: [quality_checks, get_commit_id, get_asdf_version] uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@dfe382696a37973eeb78ada43e3117fde9f1b875 From b48488cc4e4d87493ad3bd97ac7c129a3ab7bd2a Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Wed, 29 Oct 2025 13:34:26 +0000 Subject: [PATCH 4/4] use latest tag --- .github/workflows/ci.yml | 2 +- .github/workflows/pull_request.yml | 4 ++-- .github/workflows/release.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2c864b55..baf01293 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,7 +46,7 @@ jobs: tag_release: needs: [quality_checks, get_commit_id, get_asdf_version] - uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@dfe382696a37973eeb78ada43e3117fde9f1b875 + uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@361957c147279f5f0f68b64fde9927833363d5f7 with: dry_run: true asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 6031d06b..27cdab31 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -40,7 +40,7 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} pr_title_format_check: - uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/pr_title_check.yml@dfe382696a37973eeb78ada43e3117fde9f1b875 + uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/pr_title_check.yml@361957c147279f5f0f68b64fde9927833363d5f7 get_issue_number: runs-on: ubuntu-22.04 @@ -70,7 +70,7 @@ jobs: tag_release: needs: [get_asdf_version] - uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@dfe382696a37973eeb78ada43e3117fde9f1b875 + uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@361957c147279f5f0f68b64fde9927833363d5f7 with: dry_run: true asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 54765ca5..e0ea3c20 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -45,7 +45,7 @@ jobs: tag_release: needs: [quality_checks, get_commit_id, get_asdf_version] - uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@dfe382696a37973eeb78ada43e3117fde9f1b875 + uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@361957c147279f5f0f68b64fde9927833363d5f7 with: dry_run: false asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}