From 15901f84ce59c6535f3addc36e33b392db440b98 Mon Sep 17 00:00:00 2001
From: Edd Almond <102675624+eddalmond1@users.noreply.github.com>
Date: Tue, 21 Apr 2026 15:33:54 +0100
Subject: [PATCH 1/4] eja - eli-759 -  adding repo check  for regression test
 workflow

---
 .github/workflows/regression_tests.yml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/.github/workflows/regression_tests.yml b/.github/workflows/regression_tests.yml
index 67dfd32..4fc51ff 100644
--- a/.github/workflows/regression_tests.yml
+++ b/.github/workflows/regression_tests.yml
@@ -67,6 +67,32 @@ jobs:
     runs-on: ubuntu-22.04
     environment: ${{ inputs.environment }}
     steps:
+      - name: Verify caller repository
+        run: |
+          ALLOWED_REPOS=("NHSDigital/eligibility-signposting-api")
+          CALLER_REPO="${{ github.repository }}"
+
+          # If triggered by workflow_call, the calling repo is in github.repository
+          # If triggered manually, it's this repo itself which is allowed
+          if [[ "${{ github.event_name }}" == "workflow_call" ]]; then
+            CALLER_REPO="${{ github.event.workflow_run.repository.full_name || github.repository }}"
+          fi
+
+          ALLOWED=false
+          for repo in "${ALLOWED_REPOS[@]}"; do
+            if [[ "$CALLER_REPO" == "$repo" ]]; then
+              ALLOWED=true
+              break
+            fi
+          done
+
+          if [[ "$ALLOWED" == "false" && "${{ github.event_name }}" == "workflow_call" ]]; then
+            echo "Error: Repository $CALLER_REPO is not allowed to trigger this workflow"
+            exit 1
+          fi
+
+          echo "Workflow triggered by allowed repository: $CALLER_REPO"
+
       - name: show_input_parameters
         env:
           tags: ${{ inputs.tags }}

From d644f2067d3d022b32976cf1b590ec6152919574 Mon Sep 17 00:00:00 2001
From: Edd Almond <102675624+eddalmond1@users.noreply.github.com>
Date: Tue, 21 Apr 2026 15:38:32 +0100
Subject: [PATCH 2/4] eli-759  removing the PR title check as it should be
 dealt with in a pre-commit, not CI/CD

---
 .github/workflows/pr_title_check.yml | 33 ----------------------------
 .github/workflows/pull_request.yml   |  6 -----
 2 files changed, 39 deletions(-)
 delete mode 100644 .github/workflows/pr_title_check.yml

diff --git a/.github/workflows/pr_title_check.yml b/.github/workflows/pr_title_check.yml
deleted file mode 100644
index 3c92bde..0000000
--- a/.github/workflows/pr_title_check.yml
+++ /dev/null
@@ -1,33 +0,0 @@
-name: PR Title Check
-
-on:
-  workflow_call:
-
-jobs:
-  pr_title_format_check:
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Check PR Title is Prefixed with Change Type
-        env:
-          PR_TITLE: ${{ github.event.pull_request.title }}
-        run: |
-          if [[ "$PR_TITLE" =~ ^(Fix|Update|New|Breaking|Docs|Build|Upgrade|Chore):.*$ ]]; then
-            echo "PR title is prefixed with change type."
-          else
-            echo "PR title is not prefixed with change type."
-            echo "Please prefix your PR title with a change type (Fix, Update, New, Breaking, Docs, Build, Upgrade, Chore)."
-            echo "See the contributing guide for more details:"
-            echo "https://github.com/NHSDigital/eligibility-signposting-api-regression-tests/blob/main/CONTRIBUTING.md"
-            exit 1
-          fi
-      - name: Check PR Title contains Ticket/Dependabot Reference
-        env:
-          PR_TITLE: ${{ github.event.pull_request.title }}
-        run: |
-          if [[ "$PR_TITLE" =~ ^.*:.*\[([A-Z]+-[0-9]+|dependabot)\].*-.*$ ]]; then
-            echo "PR title contains ticket or dependabot reference."
-          else
-            echo "PR title does not contain ticket or dependabot reference."
-            echo "Please ensure PR title contains a ticket (eg. 'Fix: [ELI-####] - ...', or 'Chore: [dependabot] - ...')."
-            exit 1
-          fi
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index 068ff0d..dcbb812 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -18,12 +18,6 @@ jobs:
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
-  pr_title_format_check:
-    if: >-
-      (github.event_name == 'pull_request' && github.event.pull_request.user.login != 'dependabot[bot]') ||
-      (github.event_name == 'pull_request_target' && github.event.pull_request.user.login == 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository)
-    uses: ./.github/workflows/pr_title_check.yml
-
   regression_tests:
     if: >-
       (github.event_name == 'pull_request' && github.event.pull_request.user.login != 'dependabot[bot]') ||

From 9d239cad7e96c740756e50e7ae64c79080576fb2 Mon Sep 17 00:00:00 2001
From: Edd Almond <102675624+eddalmond1@users.noreply.github.com>
Date: Tue, 21 Apr 2026 16:04:41 +0100
Subject: [PATCH 3/4] Revert "eli-759  removing the PR title check as it should
 be dealt with in a pre-commit, not CI/CD"

This reverts commit d644f2067d3d022b32976cf1b590ec6152919574.
---
 .github/workflows/pr_title_check.yml | 33 ++++++++++++++++++++++++++++
 .github/workflows/pull_request.yml   |  6 +++++
 2 files changed, 39 insertions(+)
 create mode 100644 .github/workflows/pr_title_check.yml

diff --git a/.github/workflows/pr_title_check.yml b/.github/workflows/pr_title_check.yml
new file mode 100644
index 0000000..3c92bde
--- /dev/null
+++ b/.github/workflows/pr_title_check.yml
@@ -0,0 +1,33 @@
+name: PR Title Check
+
+on:
+  workflow_call:
+
+jobs:
+  pr_title_format_check:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Check PR Title is Prefixed with Change Type
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+        run: |
+          if [[ "$PR_TITLE" =~ ^(Fix|Update|New|Breaking|Docs|Build|Upgrade|Chore):.*$ ]]; then
+            echo "PR title is prefixed with change type."
+          else
+            echo "PR title is not prefixed with change type."
+            echo "Please prefix your PR title with a change type (Fix, Update, New, Breaking, Docs, Build, Upgrade, Chore)."
+            echo "See the contributing guide for more details:"
+            echo "https://github.com/NHSDigital/eligibility-signposting-api-regression-tests/blob/main/CONTRIBUTING.md"
+            exit 1
+          fi
+      - name: Check PR Title contains Ticket/Dependabot Reference
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+        run: |
+          if [[ "$PR_TITLE" =~ ^.*:.*\[([A-Z]+-[0-9]+|dependabot)\].*-.*$ ]]; then
+            echo "PR title contains ticket or dependabot reference."
+          else
+            echo "PR title does not contain ticket or dependabot reference."
+            echo "Please ensure PR title contains a ticket (eg. 'Fix: [ELI-####] - ...', or 'Chore: [dependabot] - ...')."
+            exit 1
+          fi
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index dcbb812..068ff0d 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -18,6 +18,12 @@ jobs:
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
+  pr_title_format_check:
+    if: >-
+      (github.event_name == 'pull_request' && github.event.pull_request.user.login != 'dependabot[bot]') ||
+      (github.event_name == 'pull_request_target' && github.event.pull_request.user.login == 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository)
+    uses: ./.github/workflows/pr_title_check.yml
+
   regression_tests:
     if: >-
       (github.event_name == 'pull_request' && github.event.pull_request.user.login != 'dependabot[bot]') ||

From 5bdf60bc02b10d76e6bb180cbd06554852d8daa7 Mon Sep 17 00:00:00 2001
From: Edd Almond <102675624+eddalmond1@users.noreply.github.com>
Date: Fri, 24 Apr 2026 09:35:02 +0100
Subject: [PATCH 4/4] eja - adding repo param to checkout

---
 .github/workflows/regression_tests.yml | 29 ++------------------------
 1 file changed, 2 insertions(+), 27 deletions(-)

diff --git a/.github/workflows/regression_tests.yml b/.github/workflows/regression_tests.yml
index 4fc51ff..511a47c 100644
--- a/.github/workflows/regression_tests.yml
+++ b/.github/workflows/regression_tests.yml
@@ -67,32 +67,6 @@ jobs:
     runs-on: ubuntu-22.04
     environment: ${{ inputs.environment }}
     steps:
-      - name: Verify caller repository
-        run: |
-          ALLOWED_REPOS=("NHSDigital/eligibility-signposting-api")
-          CALLER_REPO="${{ github.repository }}"
-
-          # If triggered by workflow_call, the calling repo is in github.repository
-          # If triggered manually, it's this repo itself which is allowed
-          if [[ "${{ github.event_name }}" == "workflow_call" ]]; then
-            CALLER_REPO="${{ github.event.workflow_run.repository.full_name || github.repository }}"
-          fi
-
-          ALLOWED=false
-          for repo in "${ALLOWED_REPOS[@]}"; do
-            if [[ "$CALLER_REPO" == "$repo" ]]; then
-              ALLOWED=true
-              break
-            fi
-          done
-
-          if [[ "$ALLOWED" == "false" && "${{ github.event_name }}" == "workflow_call" ]]; then
-            echo "Error: Repository $CALLER_REPO is not allowed to trigger this workflow"
-            exit 1
-          fi
-
-          echo "Workflow triggered by allowed repository: $CALLER_REPO"
-
       - name: show_input_parameters
         env:
           tags: ${{ inputs.tags }}
@@ -123,8 +97,9 @@ jobs:
           echo run identifier "$ID"-"$ENV"  >> "$GITHUB_STEP_SUMMARY"
 
       - name: Checkout
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
+          repository: NHSDigital/eligibility-signposting-api-regression-tests
           ref: ${{ inputs.github_tag }}
 
       # using git commit sha for version of action to ensure we have stable version