Merge remote-tracking branch 'origin/main' into wip-lambda-tutorial

.github/actions/check-file-format/action.yaml

@@ -7,4 +7,4 @@ runs:
       shell: bash
       run: |
         export BRANCH_NAME=origin/${{ github.event.repository.default_branch }}
-        ./scripts/githooks/check-file-format.sh
+        check=branch ./scripts/githooks/check-file-format.sh

.github/actions/cloc-repository/action.yaml

@@ -31,6 +31,7 @@ runs:
       shell: bash
       run: zip cloc-report.json.zip cloc-report.json
     - name: "Upload CLOC report as an artefact"
+      if: ${{ !env.ACT }}
       uses: actions/upload-artifact@v3
       with:
         name: cloc-report.json.zip

.github/actions/scan-dependencies/action.yaml

@@ -31,6 +31,7 @@ runs:
       shell: bash
       run: zip sbom-repository-report.json.zip sbom-repository-report.json
     - name: "Upload SBOM report as an artefact"
+      if: ${{ !env.ACT }}
       uses: actions/upload-artifact@v3
       with:
         name: sbom-repository-report.json.zip
@@ -45,6 +46,7 @@ runs:
       shell: bash
       run: zip vulnerabilities-repository-report.json.zip vulnerabilities-repository-report.json
     - name: "Upload vulnerabilities report as an artefact"
+      if: ${{ !env.ACT }}
       uses: actions/upload-artifact@v3
       with:
         name: vulnerabilities-repository-report.json.zip

.github/workflows/cicd-1-pull-request.yaml

@@ -11,6 +11,7 @@ on:
 
 jobs:
   metadata:
+    name: "Set CI/CD metadata"
     runs-on: ubuntu-latest
     timeout-minutes: 1
     outputs:
@@ -66,6 +67,7 @@ jobs:
           export DOES_PULL_REQUEST_EXIST="${{ steps.pr_exists.outputs.does_pull_request_exist }}"
           make list-variables
   commit-stage: # Recommended maximum execution time is 2 minutes
+    name: "Commit stage"
     needs: [metadata]
     uses: ./.github/workflows/stage-1-commit.yaml
     with:
@@ -78,6 +80,7 @@ jobs:
       version: "${{ needs.metadata.outputs.version }}"
     secrets: inherit
   test-stage: # Recommended maximum execution time is 5 minutes
+    name: "Test stage"
     needs: [metadata, commit-stage]
     uses: ./.github/workflows/stage-2-test.yaml
     with:
@@ -90,6 +93,7 @@ jobs:
       version: "${{ needs.metadata.outputs.version }}"
     secrets: inherit
   build-stage: # Recommended maximum execution time is 3 minutes
+    name: "Build stage"
     needs: [metadata, test-stage]
     uses: ./.github/workflows/stage-3-build.yaml
     if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))
@@ -103,6 +107,7 @@ jobs:
       version: "${{ needs.metadata.outputs.version }}"
     secrets: inherit
   acceptance-stage: # Recommended maximum execution time is 10 minutes
+    name: "Acceptance stage"
     needs: [metadata, build-stage]
     uses: ./.github/workflows/stage-4-acceptance.yaml
     if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))

.github/workflows/cicd-2-publish.yaml

@@ -8,6 +8,7 @@ on:
 
 jobs:
   metadata:
+    name: "Set CI/CD metadata"
     runs-on: ubuntu-latest
     if: github.event.pull_request.merged == true
     timeout-minutes: 1
@@ -45,6 +46,7 @@ jobs:
           export VERSION="${{ steps.variables.outputs.version }}"
           make list-variables
   publish:
+    name: "Publish packages"
     runs-on: ubuntu-latest
     needs: [metadata]
     if: github.event.pull_request.merged == true
@@ -78,13 +80,14 @@ jobs:
       #     asset_name: repository-template-${{ needs.metadata.outputs.version }}.tar.gz
       #     asset_content_type: "application/gzip"
   success:
+    name: "Success notification"
     runs-on: ubuntu-latest
     needs: [publish]
     steps:
       - name: "Check prerequisites for notification"
         id: check
         run: echo "secret_exist=${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL != '' }}" >> $GITHUB_OUTPUT
-      - name: "Notify on build completion"
+      - name: "Notify on publishing packages"
         if: steps.check.outputs.secret_exist == 'true'
         uses: nhs-england-tools/[email protected]
         with:

.github/workflows/cicd-3-deploy.yaml

@@ -10,6 +10,7 @@ on:
 
 jobs:
   metadata:
+    name: "Set CI/CD metadata"
     runs-on: ubuntu-latest
     timeout-minutes: 1
     outputs:
@@ -49,6 +50,7 @@ jobs:
           export TAG="${{ steps.variables.outputs.tag }}"
           make list-variables
   deploy:
+    name: "Deploy to an environment"
     runs-on: ubuntu-latest
     needs: [metadata]
     timeout-minutes: 10
@@ -57,13 +59,14 @@ jobs:
         uses: actions/checkout@v4
   # TODO: More jobs or/and steps here
   # success:
+  #   name: "Success notification"
   #   runs-on: ubuntu-latest
   #   needs: [deploy]
   #   steps:
   #     - name: "Check prerequisites for notification"
   #       id: check
   #       run: echo "secret_exist=${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL != '' }}" >> $GITHUB_OUTPUT
-  #     - name: "Notify on build completion"
+  #     - name: "Notify on deployment to an environment"
   #       if: steps.check.outputs.secret_exist == 'true'
   #       uses: nhs-england-tools/[email protected]
   #       with:

.github/workflows/stage-1-commit.yaml

@@ -34,9 +34,9 @@ on:
 
 jobs:
   scan-secrets:
+    name: "Scan secrets"
     runs-on: ubuntu-latest
     timeout-minutes: 2
-    name: "Scan secrets"
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
@@ -45,9 +45,9 @@ jobs:
       - name: "Scan secrets"
         uses: ./.github/actions/scan-secrets
   check-file-format:
+    name: "Check file format"
     runs-on: ubuntu-latest
     timeout-minutes: 2
-    name: "Check file format"
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
@@ -56,9 +56,9 @@ jobs:
       - name: "Check file format"
         uses: ./.github/actions/check-file-format
   check-markdown-format:
+    name: "Check markdown format"
     runs-on: ubuntu-latest
     timeout-minutes: 2
-    name: "Check markdown format"
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
@@ -67,21 +67,21 @@ jobs:
       - name: "Check markdown format"
         uses: ./.github/actions/check-markdown-format
   lint-terraform:
+    name: "Lint Terraform"
     runs-on: ubuntu-latest
     timeout-minutes: 2
-    name: "Lint Terraform"
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
       - name: "Lint Terraform"
         uses: ./.github/actions/lint-terraform
   cloc-repository:
+    name: "Count lines of code"
     runs-on: ubuntu-latest
     permissions:
       id-token: write
       contents: read
     timeout-minutes: 2
-    name: "Count lines of code"
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
@@ -95,12 +95,12 @@ jobs:
           idp_aws_report_upload_role_name: "${{ secrets.IDP_AWS_REPORT_UPLOAD_ROLE_NAME }}"
           idp_aws_report_upload_bucket_endpoint: "${{ secrets.IDP_AWS_REPORT_UPLOAD_BUCKET_ENDPOINT }}"
   scan-dependencies:
+    name: "Scan dependencies"
     runs-on: ubuntu-latest
     permissions:
       id-token: write
       contents: read
     timeout-minutes: 2
-    name: "Scan dependencies"
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4

.github/workflows/stage-2-test.yaml

@@ -34,6 +34,7 @@ on:
 
 jobs:
   test-unit:
+    name: "Unit tests"
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
@@ -46,6 +47,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-lint:
+    name: "Linting"
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
@@ -58,6 +60,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-coverage:
+    name: "Test coverage"
     needs: [test-unit]
     runs-on: ubuntu-latest
     timeout-minutes: 5
@@ -71,13 +74,13 @@ jobs:
         run: |
           echo "Nothing to save"
   perform-static-analysis:
+    name: "Perform static analysis"
     needs: [test-unit]
     runs-on: ubuntu-latest
     permissions:
       id-token: write
       contents: read
     timeout-minutes: 5
-    name: "Perform static analysis"
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4

.github/workflows/stage-3-build.yaml

@@ -34,6 +34,7 @@ on:
 
 jobs:
   artefact-1:
+    name: "Artefact 1"
     runs-on: ubuntu-latest
     timeout-minutes: 3
     steps:
@@ -50,6 +51,7 @@ jobs:
           echo "Uploading artefact 1 ..."
           # TODO: Use either action/cache or action/upload-artifact
   artefact-2:
+    name: "Artefact 2"
     runs-on: ubuntu-latest
     timeout-minutes: 3
     steps:

.github/workflows/stage-4-acceptance.yaml

@@ -34,6 +34,7 @@ on:
 
 jobs:
   environment-set-up:
+    name: "Environment set up"
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
@@ -49,6 +50,7 @@ jobs:
         run: |
           echo "Deploying application..."
   test-contract:
+    name: "Contract test"
     runs-on: ubuntu-latest
     needs: environment-set-up
     timeout-minutes: 10
@@ -62,6 +64,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-security:
+    name: "Security test"
     runs-on: ubuntu-latest
     needs: environment-set-up
     timeout-minutes: 10
@@ -75,6 +78,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-ui:
+    name: "UI test"
     runs-on: ubuntu-latest
     needs: environment-set-up
     timeout-minutes: 10
@@ -88,6 +92,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-ui-performance:
+    name: "UI performance test"
     runs-on: ubuntu-latest
     needs: environment-set-up
     timeout-minutes: 10
@@ -101,6 +106,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-integration:
+    name: "Integration test"
     runs-on: ubuntu-latest
     needs: environment-set-up
     timeout-minutes: 10
@@ -114,6 +120,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-accessibility:
+    name: "Accessibility test"
     runs-on: ubuntu-latest
     needs: environment-set-up
     timeout-minutes: 10
@@ -127,6 +134,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-load:
+    name: "Load test"
     runs-on: ubuntu-latest
     needs: environment-set-up
     timeout-minutes: 10
@@ -140,6 +148,7 @@ jobs:
         run: |
           echo "Nothing to save"
   environment-tear-down:
+    name: "Environment tear down"
     runs-on: ubuntu-latest
     needs:
       [

.gitignore

@@ -1,9 +1,10 @@
 # WARNING: Please, DO NOT edit this section of the file! It is maintained in the repository template.
 
 .scannerwork
-*cloc-report*.json
+*cloc*report*.json
 *sbom*report*.json
 *vulnerabilities*report*.json
+*report*json.zip
 .version
 
 *.code-workspace

.tool-versions

@@ -1,20 +1,11 @@
-nodejs 18.17.1 # Always check AWS and Azure runtime support
-python 3.11.4 # Always check AWS and Azure runtime support
-terraform 1.5.6
-pre-commit 3.3.3
+# This file is for you! Please, updated to the versions agreed by your team.
+
+terraform 1.5.7
+pre-commit 3.4.0
 
 # ==============================================================================
 # The section below is reserved for Docker image versions.
 
-# alpine, SEE: https://hub.docker.com/_/alpine/tags
-# docker/alpine 3.18.3@sha256:c5c5fda71656f28e49ac9c5416b3643eaa6a108a8093151d6d1afc9463be8e33
-
-# nodejs, SEE: https://hub.docker.com/_/node/tags
-# docker/node 18.17.1-alpine3.18@sha256:982b5b6f07cd9241c9ebb163829067deac8eaefc57cfa8f31927f4b18943d971
-
-# python, SEE: https://hub.docker.com/_/python/tags
-# docker/python 3.11.4-alpine3.18@sha256:0135ae6442d1269379860b361760ad2cf6ab7c403d21935a8015b48d5bf78a86
-
 # terraform, SEE: https://hub.docker.com/r/hashicorp/terraform/tags
 # docker/hashicorp/terraform 1.5.6@sha256:180a7efa983386a27b43657ed610e9deed9e6c3848d54f9ea9b6cb8a5c8c25f5
 
@@ -23,3 +14,6 @@ pre-commit 3.3.3
 
 # hadolint, SEE: https://hub.docker.com/r/hadolint/hadolint/tags
 # docker/hadolint/hadolint 2.12.0-alpine@sha256:7dba9a9f1a0350f6d021fb2f6f88900998a4fb0aaf8e4330aa8c38544f04db42
+
+# ghcr.io/nhs-england-tools/github-runner-image, SEE: https://github.com/nhs-england-tools/github-runner-image/pkgs/container/github-runner-image
+# docker/ghcr.io/nhs-england-tools/github-runner-image 20230909-321fd1e-rt@sha256:ce4fd6035dc450a50d3cbafb4986d60e77cb49a71ab60a053bb1b9518139a646