From 45f9426793d2662614332833cb80a66733a7a8ff Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Mon, 21 Oct 2024 12:51:41 +0100 Subject: [PATCH 01/23] Add communal Qc. Fix pr-link --- .github/workflows/ci.yml | 2 +- .github/workflows/pr-link.yml | 23 +++++++-- .github/workflows/pull_request.yml | 2 +- .github/workflows/quality_checks.yml | 77 ---------------------------- .github/workflows/release.yml | 2 +- 5 files changed, 22 insertions(+), 84 deletions(-) delete mode 100644 .github/workflows/quality_checks.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2da038cb..f51ce296 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: ./.github/workflows/quality_checks.yml + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@main secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/pr-link.yml b/.github/workflows/pr-link.yml index 8d842123..51432f89 100644 --- a/.github/workflows/pr-link.yml +++ b/.github/workflows/pr-link.yml @@ -14,10 +14,25 @@ jobs: - name: Grab ticket name if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-') || contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'apmspii-') || contains(github.event.pull_request.head.ref, 'APMSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') - run: echo name=TICKET_NAME::"$(echo "$REF" | grep -i -o '\(aea-[0-9]\+\)\|\(apm-[0-9]\+\)\|\(apmspii-[0-9]\+\)\|\(adz-[0-9]\+\)|\(amb-[0-9]\+\)' | tr '[:lower:]' '[:upper:]')" >> "$GITHUB_ENV" continue-on-error: true - env: - ACTIONS_ALLOW_UNSECURE_COMMANDS: true + run: | + # Match ticket name patterns + REGEX=' + (aea-[0-9]+)| + (apm-[0-9]+)| + (apmspii-[0-9]+)| + (adz-[0-9]+)| + (amb-[0-9]+) + ' + + # Remove whitespace and newlines from the regex + REGEX=$(echo "$REGEX" | tr -d '[:space:]') + + # Extract the ticket name and convert to uppercase + TICKET_NAME=$(echo "$REF" | grep -i -E -o "$REGEX" | tr '[:lower:]' '[:upper:]') + + # Set the environment variable + echo "TICKET_NAME=$TICKET_NAME" >> "$GITHUB_ENV" - name: Comment on PR with link to JIRA ticket if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-') || contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'apmspii-') || contains(github.event.pull_request.head.ref, 'APMSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') @@ -27,5 +42,5 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: msg: | - This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket: + This branch is work on a ticket in an NHS Digital JIRA Project. Here's a handy link to the ticket: # [${{ env.TICKET_NAME }}](https://nhsd-jira.digital.nhs.uk/browse/${{ env.TICKET_NAME }}) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 62e96f24..a81f832a 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: ./.github/workflows/quality_checks.yml + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@main secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/quality_checks.yml b/.github/workflows/quality_checks.yml deleted file mode 100644 index 2552b20f..00000000 --- a/.github/workflows/quality_checks.yml +++ /dev/null @@ -1,77 +0,0 @@ -name: quality checks - -on: - workflow_call: - secrets: - SONAR_TOKEN: - required: true - -jobs: - quality_checks: - runs-on: ubuntu-latest - steps: - - uses: actions/setup-java@v4 - with: - java-version: '21' - distribution: 'corretto' - - name: Checkout code - uses: actions/checkout@v4 - with: - ref: ${{ env.BRANCH_NAME }} - fetch-depth: 0 - - # using git commit sha for version of action to ensure we have stable version - - name: Install asdf - uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 - with: - asdf_branch: v0.11.3 - - - name: Cache asdf - uses: actions/cache@v4 - with: - path: | - ~/.asdf - key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} - restore-keys: | - ${{ runner.os }}-asdf- - - - name: Install asdf dependencies in .tool-versions - uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 - with: - asdf_branch: v0.11.3 - env: - PYTHON_CONFIGURE_OPTS: --enable-shared - - - name: make install - run: | - make install - - - name: run check-licenses - run: make check-licenses - - - name: run lint - run: make lint - - - name: Run cfn-guard - run: make cfn-guard - - - name: show cfn-guard output - if: failure() - run: find cfn_guard_output -type f -print0 | xargs -0 cat - - - uses: actions/upload-artifact@v4 - name: upload cfn_guard_output - if: failure() - with: - name: cfn_guard_output - path: cfn_guard_output - - - name: run tests and Sonar scan - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - # shellcheck source=/dev/null - . ~/.asdf/plugins/java/set-java-home.bash - make download-dependencies - mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=NHSDigital_eps-FHIR-validator-lambda diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 374d11e5..2d0391ea 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,7 +8,7 @@ env: jobs: quality_checks: - uses: ./.github/workflows/quality_checks.yml + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@main secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From fccd40974aadfee3c72a1a19512f9a73098e9f1a Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Tue, 22 Oct 2024 10:54:30 +0100 Subject: [PATCH 02/23] Move to fixed QQC version --- .github/workflows/ci.yml | 2 +- .github/workflows/pull_request.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f51ce296..acd7cb43 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@main + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index a81f832a..689b02fd 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@main + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2d0391ea..7a490630 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,7 +8,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@main + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From c0448cf8a2b75963047f68b475b335c7cc94a11f Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 23 Oct 2024 10:31:02 +0100 Subject: [PATCH 03/23] Move to version with optional Java install --- .github/workflows/ci.yml | 4 +++- .github/workflows/pull_request.yml | 4 +++- .github/workflows/release.yml | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index acd7cb43..68c795b5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,9 +9,11 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-4540-secret-scanning secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + with: + install_java: true get_commit_id: runs-on: ubuntu-latest diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 689b02fd..5219620e 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -9,9 +9,11 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-4540-secret-scanning secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + with: + install_java: true pr_title_format_check: uses: ./.github/workflows/pr_title_check.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7a490630..e8ddbc93 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,9 +8,11 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-4540-secret-scanning secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + with: + install_java: true get_commit_id: runs-on: ubuntu-latest From e2c3894e1208f68267fdaeb02841972d818b416f Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 23 Oct 2024 10:36:53 +0100 Subject: [PATCH 04/23] Add ignore list for secret scanning --- .gitallowed | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .gitallowed diff --git a/.gitallowed b/.gitallowed new file mode 100644 index 00000000..5d7c8b56 --- /dev/null +++ b/.gitallowed @@ -0,0 +1,4 @@ +./pom.xml +./src/test +./.github/workflows +./.tool-versions From 12e1159ef41b44ac53181c57f3b81ff58ff6348b Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 23 Oct 2024 10:41:42 +0100 Subject: [PATCH 05/23] Missing ignore --- .gitallowed | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitallowed b/.gitallowed index 5d7c8b56..39de7049 100644 --- a/.gitallowed +++ b/.gitallowed @@ -2,3 +2,4 @@ ./src/test ./.github/workflows ./.tool-versions +./nhsd-rules-deny.txt From 095466124c66853e19057f3418f4d44e72c1ea64 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 23 Oct 2024 11:08:17 +0100 Subject: [PATCH 06/23] Bump --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 68c795b5..e60e79ad 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-4540-secret-scanning + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-4540-secret-scanning secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} with: From a1f336acb60179438520411c97c6ef52c6c71db6 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 23 Oct 2024 11:16:26 +0100 Subject: [PATCH 07/23] Bump --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e60e79ad..68c795b5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-4540-secret-scanning + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-4540-secret-scanning secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} with: From 8be487518b2ee1ba2758218e9a74898cdf284ff1 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 23 Oct 2024 11:28:38 +0100 Subject: [PATCH 08/23] Bump --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 68c795b5..e60e79ad 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-4540-secret-scanning + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-4540-secret-scanning secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} with: From 4e18dacd9c001811956b259e3d11b047904aa66d Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 23 Oct 2024 11:48:49 +0100 Subject: [PATCH 09/23] Add java sonar scanning --- .github/workflows/ci.yml | 4 ++++ .github/workflows/pull_request.yml | 4 ++++ .github/workflows/release.yml | 4 ++++ .github/workflows/sonar.yml | 21 +++++++++++++++++++++ sonar-project.properties | 14 ++++++++++++++ 5 files changed, 47 insertions(+) create mode 100644 .github/workflows/sonar.yml create mode 100644 sonar-project.properties diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e60e79ad..f0e61978 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,6 +15,10 @@ jobs: with: install_java: true + sonar_scan: + uses: ./.github/workflows/sonar.yml + needs: quality_checks + get_commit_id: runs-on: ubuntu-latest outputs: diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 5219620e..20cde41c 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -15,6 +15,10 @@ jobs: with: install_java: true + sonar_scan: + uses: ./.github/workflows/sonar.yml + needs: quality_checks + pr_title_format_check: uses: ./.github/workflows/pr_title_check.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e8ddbc93..c17e4fa2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,6 +14,10 @@ jobs: with: install_java: true + sonar_scan: + uses: ./.github/workflows/sonar.yml + needs: quality_checks + get_commit_id: runs-on: ubuntu-latest outputs: diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml new file mode 100644 index 00000000..52a76283 --- /dev/null +++ b/.github/workflows/sonar.yml @@ -0,0 +1,21 @@ +name: Run SonarCloud scan + +on: + workflow_call: + +env: + BRANCH_NAME: ${{ github.event.ref.BRANCH_NAME }} + +jobs: + run_sonar_scan: + runs-on: ubuntu-latest + steps: + - name: run tests and Sonar scan + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + # shellcheck source=/dev/null + . ~/.asdf/plugins/java/set-java-home.bash + make download-dependencies + mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=NHSDigital_eps-FHIR-validator-lambda diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 00000000..b6d4e47e --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,14 @@ +sonar.organization=nhsdigital +sonar.projectKey=NHSDigital_eps-FHIR-validator-lambda +sonar.sources=src/main +sonar.tests=src/test +sonar.java.binaries=target/classes +sonar.java.test.binaries=target/test-classes + +sonar.host.url=https://sonarcloud.io + +sonar.coverage.exclusions=src/test/** +sonar.cpd.exclusions=src/test/** + +sonar.java.coveragePlugin=jacoco +sonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml From ff7d360addb931711e97aca75d2908cbc148236c Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 23 Oct 2024 11:59:59 +0100 Subject: [PATCH 10/23] Fix sonar flow --- .github/workflows/sonar.yml | 54 ++++++++++++++++++++++++++++++------- 1 file changed, 45 insertions(+), 9 deletions(-) diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index 52a76283..49d86493 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -10,12 +10,48 @@ jobs: run_sonar_scan: runs-on: ubuntu-latest steps: - - name: run tests and Sonar scan - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - # shellcheck source=/dev/null - . ~/.asdf/plugins/java/set-java-home.bash - make download-dependencies - mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=NHSDigital_eps-FHIR-validator-lambda + - uses: actions/setup-java@v4 + with: + java-version: '21' + distribution: 'corretto' + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ env.BRANCH_NAME }} + fetch-depth: 0 + + # using git commit sha for version of action to ensure we have stable version + - name: Install asdf + uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + with: + asdf_branch: v0.11.3 + + - name: Cache asdf + uses: actions/cache@v4 + with: + path: | + ~/.asdf + key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} + restore-keys: | + ${{ runner.os }}-asdf- + + - name: Install asdf dependencies in .tool-versions + uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + with: + asdf_branch: v0.11.3 + env: + PYTHON_CONFIGURE_OPTS: --enable-shared + + - name: make install + run: | + make install + + - name: run tests and Sonar scan + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + # shellcheck source=/dev/null + . ~/.asdf/plugins/java/set-java-home.bash + make download-dependencies + mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=NHSDigital_eps-FHIR-validator-lambda From e27efdb150cd2317e67b42e83ed39cf8fa36e62d Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 23 Oct 2024 12:01:59 +0100 Subject: [PATCH 11/23] Fix workflow --- .github/workflows/sonar.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index 49d86493..a7632c04 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -31,8 +31,8 @@ jobs: with: path: | ~/.asdf - key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} - restore-keys: | + key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} + restore-keys: | ${{ runner.os }}-asdf- - name: Install asdf dependencies in .tool-versions From d8271f7280fa1fd42a042560237be36894015bff Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 23 Oct 2024 12:21:43 +0100 Subject: [PATCH 12/23] Remove extra sonar scan --- .github/workflows/ci.yml | 4 --- .github/workflows/pull_request.yml | 4 --- .github/workflows/release.yml | 4 --- .github/workflows/sonar.yml | 57 ------------------------------ 4 files changed, 69 deletions(-) delete mode 100644 .github/workflows/sonar.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f0e61978..e60e79ad 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,10 +15,6 @@ jobs: with: install_java: true - sonar_scan: - uses: ./.github/workflows/sonar.yml - needs: quality_checks - get_commit_id: runs-on: ubuntu-latest outputs: diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 20cde41c..5219620e 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -15,10 +15,6 @@ jobs: with: install_java: true - sonar_scan: - uses: ./.github/workflows/sonar.yml - needs: quality_checks - pr_title_format_check: uses: ./.github/workflows/pr_title_check.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c17e4fa2..e8ddbc93 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,10 +14,6 @@ jobs: with: install_java: true - sonar_scan: - uses: ./.github/workflows/sonar.yml - needs: quality_checks - get_commit_id: runs-on: ubuntu-latest outputs: diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml deleted file mode 100644 index a7632c04..00000000 --- a/.github/workflows/sonar.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: Run SonarCloud scan - -on: - workflow_call: - -env: - BRANCH_NAME: ${{ github.event.ref.BRANCH_NAME }} - -jobs: - run_sonar_scan: - runs-on: ubuntu-latest - steps: - - uses: actions/setup-java@v4 - with: - java-version: '21' - distribution: 'corretto' - - name: Checkout code - uses: actions/checkout@v4 - with: - ref: ${{ env.BRANCH_NAME }} - fetch-depth: 0 - - # using git commit sha for version of action to ensure we have stable version - - name: Install asdf - uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 - with: - asdf_branch: v0.11.3 - - - name: Cache asdf - uses: actions/cache@v4 - with: - path: | - ~/.asdf - key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} - restore-keys: | - ${{ runner.os }}-asdf- - - - name: Install asdf dependencies in .tool-versions - uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 - with: - asdf_branch: v0.11.3 - env: - PYTHON_CONFIGURE_OPTS: --enable-shared - - - name: make install - run: | - make install - - - name: run tests and Sonar scan - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - # shellcheck source=/dev/null - . ~/.asdf/plugins/java/set-java-home.bash - make download-dependencies - mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=NHSDigital_eps-FHIR-validator-lambda From cdebc39f7f4745c9a8495cbfdb370be1b2a27663 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 13:09:09 +0000 Subject: [PATCH 13/23] Upgrade: [dependabot] - bump fhir.version from 7.4.4 to 7.4.5 (#209) Bumps `fhir.version` from 7.4.4 to 7.4.5. Updates `ca.uhn.hapi.fhir:hapi-fhir-validation-resources-r4` from 7.4.4 to 7.4.5 Updates `ca.uhn.hapi.fhir:hapi-fhir-structures-r4` from 7.4.4 to 7.4.5 Updates `ca.uhn.hapi.fhir:hapi-fhir-validation` from 7.4.4 to 7.4.5 Updates `ca.uhn.hapi.fhir:hapi-fhir-caching-caffeine` from 7.4.4 to 7.4.5 Updates `ca.uhn.hapi.fhir:hapi-fhir-base` from 7.4.4 to 7.4.5 You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d13106e1..616208a8 100644 --- a/pom.xml +++ b/pom.xml @@ -18,7 +18,7 @@ 21 21 UTF-8 - 7.4.4 + 7.4.5 2.24.1 2.18.0 nhsdigital From 49cfb5ab371bc9b71f6e1c91a4212ceb06972ac3 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Fri, 25 Oct 2024 12:26:42 +0100 Subject: [PATCH 14/23] update gitallowed for secret scanning --- .gitallowed | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/.gitallowed b/.gitallowed index 39de7049..f064f9ab 100644 --- a/.gitallowed +++ b/.gitallowed @@ -1,5 +1,29 @@ -./pom.xml -./src/test -./.github/workflows -./.tool-versions -./nhsd-rules-deny.txt +# Allow GitHub workflow secrets and tokens +token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"? +github-token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"? +token: ?"?\$\{\{\s*secrets\.DEPENDABOT_TOKEN\s*\}\}"? +id-token: write +--token=\$\{\{\s*steps\.generate-token\.outputs\.token\s*\}\} +--token=\$GITHUB-TOKEN + +# Allow CIDR blocks in CloudFormation templates and related files +CidrBlock: "10\.\d{1,3}\.\d{1,3}\.\d{1,3}/\d{1,2}" +DestinationCidrBlock: "0\.0\.0\.0/0" + +# Java corretto is not a secret +.*java corretto.* + +# Allow standard code in JSON files for FHIR compliance testing +"code": "1\.2\.840\.10065\.1\.12\.1\.1" + +# Allow IP in X-Forwarded-For header in test files +.*\"X-Forwarded-For\": \"86\.5\.218\.71\".* + +# Allow version for AspectJ in pom.xml +1\.9\.22\.1 + +# General ones +.*\.gitallowed.* +.*nhsd-rules-deny.txt.* +.*\.venv.* +.*node_modules.* From d334236f469c6f3a6eb5b32a8373b0924cd0ffa1 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Fri, 25 Oct 2024 12:31:43 +0100 Subject: [PATCH 15/23] Redirect to QC version (TODO: BUMP TO v3.1.0) --- .github/workflows/ci.yml | 2 +- .github/workflows/pull_request.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e60e79ad..18dda458 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-4540-secret-scanning + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.1.0 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} with: diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 5219620e..055380fc 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-4540-secret-scanning + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.1.0 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e8ddbc93..330c8ce1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,7 +8,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-4540-secret-scanning + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.1.0 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} with: From 6021d8df357fa711b9ef991405567e1f0209e22e Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Fri, 25 Oct 2024 12:32:03 +0100 Subject: [PATCH 16/23] Redirect to QC version (TODO: BUMP TO v3.1.0) --- .github/workflows/ci.yml | 2 +- .github/workflows/pull_request.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 18dda458..416ace31 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.1.0 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} with: diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 055380fc..ba0fbf7d 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.1.0 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 330c8ce1..66dc11cb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,7 +8,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.1.0 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} with: From 23ce9498cbb4747dd77e0cac879be97b69ae6248 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 6 Nov 2024 11:42:35 +0000 Subject: [PATCH 17/23] Move to latest QC version --- .github/workflows/ci.yml | 2 +- .github/workflows/pull_request.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 416ace31..5264adcf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.0 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} with: diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index ba0fbf7d..d10a0a39 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.0 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 66dc11cb..58292724 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,7 +8,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v3.0.0 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.0 secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} with: From 8421eb93fd848b0e687b3b0ed3d4dde6f4fa8947 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 12:34:35 +0000 Subject: [PATCH 18/23] Upgrade: [dependabot] - bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.0 to 3.8.1 (#210) Bumps [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.8.0 to 3.8.1.
Commits
  • 954e44a [maven-release-plugin] prepare release maven-dependency-plugin-3.8.1
  • 842075d Bump org.apache.maven.reporting:maven-reporting-impl
  • 7e1aadc Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0
  • 188531c Fix SCM tag
  • 361058e Bump jettyVersion from 9.4.55.v20240627 to 9.4.56.v20240826
  • 38ab100 Bump org.codehaus.plexus:plexus-io from 3.5.0 to 3.5.1
  • cbac4a7 Bump commons-io:commons-io from 2.16.1 to 2.17.0
  • b19b7e0 [MDEP-930] Make test robust against platform default character sets (#448)
  • e347ef7 Delete obsolete commented code for issue that was won't fixed 10 years ago (#...
  • 7b137a1 [MDEP-946] Add analyze exclusions to list of goals
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-dependency-plugin&package-manager=maven&previous-version=3.8.0&new-version=3.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 616208a8..1c425d91 100644 --- a/pom.xml +++ b/pom.xml @@ -197,7 +197,7 @@ maven-dependency-plugin - 3.8.0 + 3.8.1 maven-compiler-plugin From 798ecd5b0b581a5a64639a60158bad9af87c0207 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 13:03:44 +0000 Subject: [PATCH 19/23] Upgrade: [dependabot] - bump semantic-release from 24.1.3 to 24.2.0 (#211) Bumps [semantic-release](https://github.com/semantic-release/semantic-release) from 24.1.3 to 24.2.0.
Release notes

Sourced from semantic-release's releases.

v24.2.0

24.2.0 (2024-10-25)

Features

  • clarify branch existence requirement in error messages (#3462) (05a2ea9)
Commits
  • 05a2ea9 feat: clarify branch existence requirement in error messages (#3462)
  • 8940f32 ci(action): update actions/setup-node action to v4.1.0 (#3489)
  • 789ac43 chore(deps): update dependency publint to v0.2.12 (#3488)
  • 3ba76ae ci(action): update actions/checkout action to v4.2.2 (#3486)
  • 8612ff1 chore(deps): update dependency npm-run-all2 to v7.0.1 (#3487)
  • e29a892 ci(action): update github/codeql-action action to v3.27.0 (#3485)
  • 98d606e chore(deps): update dependency npm-run-all2 to v7 (#3483)
  • 55938c3 docs(plugins): community plugin semantic-release-kaniko (#3450)
  • 2b4c86c chore(deps): lock file maintenance (#3481)
  • 41c9502 ci(action): update github/codeql-action action to v3.26.13 (#3424)
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=semantic-release&package-manager=npm_and_yarn&previous-version=24.1.3&new-version=24.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index fbe788bc..2407ed3b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,7 +14,7 @@ "devDependencies": { "@semantic-release/changelog": "^6.0.3", "@semantic-release/release-notes-generator": "^14.0.1", - "semantic-release": "^24.1.3" + "semantic-release": "^24.2.0" } }, "node_modules/@babel/code-frame": { @@ -6002,9 +6002,9 @@ } }, "node_modules/semantic-release": { - "version": "24.1.3", - "resolved": "https://registry.npmjs.org/semantic-release/-/semantic-release-24.1.3.tgz", - "integrity": "sha512-Cb0Pm3Ye15u8k/B+7EnusMUSIIucAIEBD3QDRmmclv53KVyqmg1Lb3XPx0AMNxfJZEI+ZT+M+IXDyTrudK6Rew==", + "version": "24.2.0", + "resolved": "https://registry.npmjs.org/semantic-release/-/semantic-release-24.2.0.tgz", + "integrity": "sha512-fQfn6e/aYToRtVJYKqneFM1Rg3KP2gh3wSWtpYsLlz6uaPKlISrTzvYAFn+mYWo07F0X1Cz5ucU89AVE8X1mbg==", "dev": true, "dependencies": { "@semantic-release/commit-analyzer": "^13.0.0-beta.1", diff --git a/package.json b/package.json index 207efdb3..219cb016 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,7 @@ "devDependencies": { "@semantic-release/changelog": "^6.0.3", "@semantic-release/release-notes-generator": "^14.0.1", - "semantic-release": "^24.1.3" + "semantic-release": "^24.2.0" }, "dependencies": { "conventional-changelog-eslint": "^6.0.0" From 2f5c652dba7d0ce8e6cb71ad028d35b895cc8c47 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 12:33:18 +0000 Subject: [PATCH 20/23] Upgrade: [dependabot] - bump cfn-lint from 1.18.1 to 1.18.2 (#212) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) from 1.18.1 to 1.18.2.
Release notes

Sourced from cfn-lint's releases.

Release v1.18.2

What's Changed

Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.18.1...v1.18.2

Changelog

Sourced from cfn-lint's changelog.

v1.18.2

What's Changed

Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.18.1...v1.18.2

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cfn-lint&package-manager=pip&previous-version=1.18.1&new-version=1.18.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 8 ++++---- pyproject.toml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/poetry.lock b/poetry.lock index bd718539..ab89cf4c 100644 --- a/poetry.lock +++ b/poetry.lock @@ -115,13 +115,13 @@ files = [ [[package]] name = "cfn-lint" -version = "1.18.1" +version = "1.18.2" description = "Checks CloudFormation templates for practices and behaviour that could potentially be improved" optional = false python-versions = ">=3.8" files = [ - {file = "cfn_lint-1.18.1-py3-none-any.whl", hash = "sha256:adee5d07a97acc4b9edf141553b9d3ece14eeb4aaf150bcfebc79103689c65e3"}, - {file = "cfn_lint-1.18.1.tar.gz", hash = "sha256:09139c4260897ada66034b57c9d9979cc2ec25856660d8f114f373dc4f70a34a"}, + {file = "cfn_lint-1.18.2-py3-none-any.whl", hash = "sha256:52097e8a13c896e7a2776af14116735476ac80e9570bf94c71584f4500a1e42c"}, + {file = "cfn_lint-1.18.2.tar.gz", hash = "sha256:9ee576db7804839a7f11a7509205bf39ec2663cea2d0c2c09f35c41e2bc03673"}, ] [package.dependencies] @@ -1133,4 +1133,4 @@ test = ["big-O", "jaraco.functools", "jaraco.itertools", "jaraco.test", "more-it [metadata] lock-version = "2.0" python-versions = "3.8.15" -content-hash = "7e84c96d6ea092b06101e2e4e442e28c64e105b7cb0ace96dc10f2fe32b53a86" +content-hash = "b0884a0140cb8f26a997362c526bd2e191956969cd45ea43fb98bc82f2627265" diff --git a/pyproject.toml b/pyproject.toml index da7a0d70..a8f21755 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -28,7 +28,7 @@ requests = "^2.32.3" flake8 = "^7.1.1" pip-licenses = "^4.5.1" pre-commit = "^3.5.0" -cfn-lint = "^1.18.1" +cfn-lint = "^1.18.2" [tool.poetry.scripts] From bb854177e414cdcbb492bebdad08556ed81ab465 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 13:12:03 +0000 Subject: [PATCH 21/23] Upgrade: [dependabot] - bump fasterxml.version from 2.18.0 to 2.18.1 (#213) Bumps `fasterxml.version` from 2.18.0 to 2.18.1. Updates `com.fasterxml.jackson.core:jackson-core` from 2.18.0 to 2.18.1
Commits
  • 0c1aff4 [maven-release-plugin] prepare release jackson-core-2.18.1
  • aaa23d0 Prepare for 2.18.1 release
  • 79ecea4 Update release notes
  • 1e7119b use fastdoubleparser 1.0.90 (#1353)
  • 047e631 Merge branch '2.17' into 2.18
  • 7db88c1 Fix infinite loop due to integer overflow when reading large strings (#1352)
  • cbedab7 Fix #1351: Improved Javadocs for StreamWriteFeature.USE_FAST_DOUBLE_WRITER
  • 686dd45 Tiny test fix (for manually run test)
  • 2b6e05c Back to snapshot dep
  • 54c7d70 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.18.0 to 2.18.1
Commits

Updates `com.fasterxml.jackson.core:jackson-annotations` from 2.18.0 to 2.18.1
Commits

You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 1c425d91..2f19fc1f 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ UTF-8 7.4.5 2.24.1 - 2.18.0 + 2.18.1 nhsdigital https://sonarcloud.io 1.9.22.1 From 7cf43186bdd174f4620b5bedf71a93985eabea44 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 6 Nov 2024 11:52:53 +0000 Subject: [PATCH 22/23] update patterns --- .gitallowed | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitallowed b/.gitallowed index f064f9ab..4f195e9a 100644 --- a/.gitallowed +++ b/.gitallowed @@ -22,6 +22,10 @@ DestinationCidrBlock: "0\.0\.0\.0/0" # Allow version for AspectJ in pom.xml 1\.9\.22\.1 +^.*pom\.xml:.*([^<]+).*$ +^.*Gemfile\.lock:.*$ +^.*\.java:.*"id":"([0-9a-f\-]+)".*$ + # General ones .*\.gitallowed.* .*nhsd-rules-deny.txt.* From d2c2c881c2ee18440b388e8adba73a60cb01a327 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 6 Nov 2024 11:55:38 +0000 Subject: [PATCH 23/23] Literal slashes --- .gitallowed | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitallowed b/.gitallowed index 4f195e9a..9f33d492 100644 --- a/.gitallowed +++ b/.gitallowed @@ -24,7 +24,7 @@ DestinationCidrBlock: "0\.0\.0\.0/0" ^.*pom\.xml:.*([^<]+).*$ ^.*Gemfile\.lock:.*$ -^.*\.java:.*"id":"([0-9a-f\-]+)".*$ +^.*\.java:.*\\"id\\":\\"([0-9a-f\-]+)\\".*$ # General ones .*\.gitallowed.*