Upgrade: [dependabot] - bump NHSDigital/eps-workflow-quality-checks f…

…rom 3.0.0 to 4.0.4 (#275) Bumps [NHSDigital/eps-workflow-quality-checks](https://github.com/nhsdigital/eps-workflow-quality-checks) from 3.0.0 to 4.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nhsdigital/eps-workflow-quality-checks/releases">NHSDigital/eps-workflow-quality-checks's releases</a>.</em></p> <blockquote> <h2>v4.0.4</h2> <h2><a href="https://github.com/NHSDigital/eps-workflow-quality-checks/compare/v4.0.3...v4.0.4">4.0.4</a> (2024-11-19)</h2> <h3>Fix</h3> <ul> <li>[AEA-0000] - add step to run make lint (<a href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/12">#12</a>) (<a href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/a83f03a3b0b7c60a71c60d0d66c15f912f95d39b">a83f03a</a>)</li> </ul> <h2>Info</h2> <p><a href="https://github.com/NHSDigital/eps-workflow-quality-checks/compare/3738e977da71...a83f03a3b0b7">See code diff</a> <a href="https://github.com/NHSDigital/eps-workflow-quality-checks/actions/runs/11909924652">Release workflow run</a></p> <p>It was initialized by <a href="https://github.com/wildjames">wildjames</a></p> <h2>v4.0.3</h2> <h2><a href="https://github.com/NHSDigital/eps-workflow-quality-checks/compare/v4.0.2...v4.0.3">4.0.3</a> (2024-11-12)</h2> <h3>Docs</h3> <ul> <li>[AEA-0000] - Tweak the README (<a href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/11">#11</a>) (<a href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/3738e977da717f372a3c9c71c7f6b7c0c5f6fbf0">3738e97</a>)</li> </ul> <h2>Info</h2> <p><a href="https://github.com/NHSDigital/eps-workflow-quality-checks/compare/18c2e693bdb3...3738e977da71">See code diff</a> <a href="https://github.com/NHSDigital/eps-workflow-quality-checks/actions/runs/11801648133">Release workflow run</a></p> <p>It was initialized by <a href="https://github.com/wildjames">wildjames</a></p> <h2>v4.0.2</h2> <h2><a href="https://github.com/NHSDigital/eps-workflow-quality-checks/compare/v4.0.1...v4.0.2">4.0.2</a> (2024-11-06)</h2> <h3>Fix</h3> <ul> <li>[AEA-0000] - Fix typo in java sonar (<a href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/10">#10</a>) (<a href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/18c2e693bdb32442cea577821e20443a4b9a7632">18c2e69</a>)</li> </ul> <h2>Info</h2> <p><a href="https://github.com/NHSDigital/eps-workflow-quality-checks/compare/e3120b3268d1...18c2e693bdb3">See code diff</a> <a href="https://github.com/NHSDigital/eps-workflow-quality-checks/actions/runs/11706309014">Release workflow run</a></p> <p>It was initialized by <a href="https://github.com/wildjames">wildjames</a></p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/a83f03a3b0b7c60a71c60d0d66c15f912f95d39b"><code>a83f03a</code></a> Fix: [AEA-0000] - add step to run make lint (<a href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/12">#12</a>)</li> <li><a href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/3738e977da717f372a3c9c71c7f6b7c0c5f6fbf0"><code>3738e97</code></a> Docs: [AEA-0000] - Tweak the README (<a href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/11">#11</a>)</li> <li><a href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/18c2e693bdb32442cea577821e20443a4b9a7632"><code>18c2e69</code></a> Fix: [AEA-0000] - Fix typo in java sonar (<a href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/10">#10</a>)</li> <li><a href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/e3120b3268d127a97ac50cdffebbbf71878c24fb"><code>e3120b3</code></a> Fix: [AEA-0000] - Fix sonar for java. Fix release tagging flow (<a href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/9">#9</a>)</li> <li><a href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/017c8a016bbe4aa32b06a5afaf09c2c8d07889db"><code>017c8a0</code></a> New: [AEA-4540] - Add secret scanning (<a href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/5">#5</a>)</li> <li><a href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/5bc62f51ac3446971ddf3d451ead18e4a22f1786"><code>5bc62f5</code></a> Fix: [AEA-0000] - Fix URL (<a href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/8">#8</a>)</li> <li><a href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/b93ce1817002aa9b674d905f96b7c0f697ef5bfa"><code>b93ce18</code></a> Chore: [AEA-4183] - Add semantic release (<a href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/7">#7</a>)</li> <li><a href="https://github.com/NHSDigital/eps-workflow-quality-checks/commit/a05d7a26ae903940e93f585533bbfbf070005a03"><code>a05d7a2</code></a> Fix: [AEA-0000] - Add ignores to check-licenses (<a href="https://redirect.github.com/nhsdigital/eps-workflow-quality-checks/issues/6">#6</a>)</li> <li>See full diff in <a href="https://github.com/nhsdigital/eps-workflow-quality-checks/compare/v3.0.0...v4.0.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=NHSDigital/eps-workflow-quality-checks&package-manager=github_actions&previous-version=3.0.0&new-version=4.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Brown <[email protected]>
NHSDigital · Nov 28, 2024 · dc1f1d0 · dc1f1d0
1 parent 3b825ea
commit dc1f1d0
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 3 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -8,6 +8,13 @@
     "context": "..",
     "args": {}
   },
+  "features": {
+    "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
+      "version": "latest",
+      "moby": "true",
+      "installDockerBuildx": "true"
+    }
+  },
   "mounts": [
     "source=${env:HOME}${env:USERPROFILE}/.ssh,target=/home/vscode/.ssh,type=bind",
     "source=${env:HOME}${env:USERPROFILE}/.gnupg,target=/home/vscode/.gnupg,type=bind"
@@ -52,5 +59,6 @@
       }
     }
   },
+  "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" },
   "postCreateCommand": "rm -f ~/.docker/config.json; git config --global --add safe.directory /workspaces/nhs-eps-spine-client; make install; direnv allow ."
 }
diff --git a/.gitallowed b/.gitallowed
@@ -0,0 +1,18 @@
+token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
+github-token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
+token: ?"?\$\{\{\s*secrets\.DEPENDABOT_TOKEN\s*\}\}"?
+id-token: write
+--token=\$\{\{\s*steps\.generate-token\.outputs\.token\s*\}\}
+--token=\$GITHUB-TOKEN
+--token="\$GITHUB-TOKEN"
+.*Gemfile\.lock.*
+.*\.gitallowed.*
+.*nhsd-rules-deny.txt.*
+.*\.venv.*
+.*node_modules.*
+.:src/resources/clinical_content_view.*root=*
+.:src/resources/clinical_content_view.*codeSystem=*
+.:src/resources/prescription_search.*root=*
+.:src/live-spine-client.*root=*
+0ba20a521167058a74f3b6e65c42d732054e5753:docs.*
+0ba20a521167058a74f3b6e65c42d732054e5753:scripts/.*
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -6,7 +6,7 @@ on:
 
 jobs:
   quality_checks:
-    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.4
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -6,7 +6,7 @@ on:
 
 jobs:
   quality_checks:
-    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.4
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   quality_checks:
-    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.4
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -40,5 +40,15 @@ repos:
         types_or: [yaml]
         pass_filenames: false
 
+  - repo: local
+    hooks:
+      - id: git-secrets
+        name: Git Secrets
+        description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
+        entry: bash
+        args:
+          - -c
+          - 'docker run -v "$LOCAL_WORKSPACE_FOLDER:/src" git-secrets --pre_commit_hook'
+        language: system
 fail_fast: true
 default_stages: [commit]