From 363c13250b4f69156b01d5d46fc09122c6510683 Mon Sep 17 00:00:00 2001 From: SeanSteberis <103416906+seansteberisal@users.noreply.github.com> Date: Fri, 19 Sep 2025 01:33:08 +0100 Subject: [PATCH 1/9] attempt to assume role for dev --- .github/workflows/regression_tests.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/regression_tests.yml b/.github/workflows/regression_tests.yml index 0c3febbc..8fca09df 100644 --- a/.github/workflows/regression_tests.yml +++ b/.github/workflows/regression_tests.yml @@ -98,6 +98,12 @@ jobs: if: steps.cache-venv.outputs.cache-hit != 'true' run: make install + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v5.0.0 + with: + aws-region: eu-west-2 + role-to-assume: arn:aws:iam::448049830832:role/Eligibility-Signposting-API-E2E-Regression-Tests + - name: Regression Tests id: tests continue-on-error: true From f1f84dbccb2053d8e1b2a69303eb25e5c30d3ca1 Mon Sep 17 00:00:00 2001 From: SeanSteberis <103416906+seansteberisal@users.noreply.github.com> Date: Fri, 19 Sep 2025 01:50:56 +0100 Subject: [PATCH 2/9] update to pr-link which should start linking the jira ticket --- .github/pull_request_template.md | 4 ++-- .github/workflows/pr-link.yml | 17 +++++++++++------ 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index c18f0bef..643cd94a 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -17,7 +17,7 @@ Add any summary information of what is in the change. **Remove this line if you Pull requests should be named using the following format: ```text -Tag: [AEA-NNNN] - Short description +Tag: [ELI-NNNN] - Short description ``` Tag can be one of: @@ -45,7 +45,7 @@ The description of your pull request will be used as the commit message for the If you need to rename your pull request, you can restart the checks by either: - Closing and reopening the pull request -- pushing an empty commit +- pushing an empty commit ```bash git commit --allow-empty -m 'trigger build' git push diff --git a/.github/workflows/pr-link.yml b/.github/workflows/pr-link.yml index 83dbaf9c..6d77bd87 100644 --- a/.github/workflows/pr-link.yml +++ b/.github/workflows/pr-link.yml @@ -7,6 +7,8 @@ jobs: runs-on: ubuntu-22.04 env: REF: ${{ github.event.pull_request.head.ref }} + permissions: + pull-requests: write steps: - name: Check ticket name conforms to requirements run: echo "$REF" | grep -i -E -q "(eli-[0-9]+)|(dependabot\/)" @@ -31,10 +33,13 @@ jobs: - name: Comment on PR with link to JIRA ticket if: contains(github.event.pull_request.head.ref, 'eli-') continue-on-error: true - uses: unsplash/comment-on-pr@b5610c6125a7197eaec80072ea35ef53e1fc6035 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: actions/github-script@v6 with: - msg: | - This branch is work on a ticket in an NHS England JIRA Project. Here's a handy link to the ticket: - # [${{ env.TICKET_NAME }}](https://nhsd-jira.digital.nhs.uk/browse/${{ env.TICKET_NAME }}) + script: | + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: 'This branch is work on a ticket in an NHS England JIRA Project. Here's a handy link to the ticket: + # [${{ env.TICKET_NAME }}](https://nhsd-jira.digital.nhs.uk/browse/${{ env.TICKET_NAME }})' + }) From b66c588d8475c326861d41b0437b5a0249d35476 Mon Sep 17 00:00:00 2001 From: SeanSteberis <103416906+seansteberisal@users.noreply.github.com> Date: Fri, 19 Sep 2025 01:54:44 +0100 Subject: [PATCH 3/9] update github-script action version --- .github/workflows/pr-link.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-link.yml b/.github/workflows/pr-link.yml index 6d77bd87..680f1c8e 100644 --- a/.github/workflows/pr-link.yml +++ b/.github/workflows/pr-link.yml @@ -33,7 +33,7 @@ jobs: - name: Comment on PR with link to JIRA ticket if: contains(github.event.pull_request.head.ref, 'eli-') continue-on-error: true - uses: actions/github-script@v6 + uses: actions/github-script@v8 with: script: | github.rest.issues.createComment({ From b9b2a666b32bb2e7aadbdaefc9197a08737519a5 Mon Sep 17 00:00:00 2001 From: SeanSteberis <103416906+seansteberisal@users.noreply.github.com> Date: Fri, 19 Sep 2025 01:58:31 +0100 Subject: [PATCH 4/9] Syntax error --- .github/workflows/pr-link.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-link.yml b/.github/workflows/pr-link.yml index 680f1c8e..56cc9235 100644 --- a/.github/workflows/pr-link.yml +++ b/.github/workflows/pr-link.yml @@ -1,7 +1,7 @@ name: PR Link ticket on: pull_request: - types: [opened] + types: [ opened ] jobs: link-ticket: runs-on: ubuntu-22.04 @@ -40,6 +40,6 @@ jobs: issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, - body: 'This branch is work on a ticket in an NHS England JIRA Project. Here's a handy link to the ticket: + body: 'This branch is work on a ticket in an NHS England JIRA Project. Here is a handy link to the ticket: # [${{ env.TICKET_NAME }}](https://nhsd-jira.digital.nhs.uk/browse/${{ env.TICKET_NAME }})' }) From 78c4172b9ed3504b8b41f671f314b7b43b28a584 Mon Sep 17 00:00:00 2001 From: SeanSteberis <103416906+seansteberisal@users.noreply.github.com> Date: Fri, 19 Sep 2025 02:06:21 +0100 Subject: [PATCH 5/9] remove the permissions object to see if that's causing an issue --- .github/workflows/pr-link.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr-link.yml b/.github/workflows/pr-link.yml index 56cc9235..0a9bdf25 100644 --- a/.github/workflows/pr-link.yml +++ b/.github/workflows/pr-link.yml @@ -7,8 +7,6 @@ jobs: runs-on: ubuntu-22.04 env: REF: ${{ github.event.pull_request.head.ref }} - permissions: - pull-requests: write steps: - name: Check ticket name conforms to requirements run: echo "$REF" | grep -i -E -q "(eli-[0-9]+)|(dependabot\/)" @@ -40,6 +38,6 @@ jobs: issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, - body: 'This branch is work on a ticket in an NHS England JIRA Project. Here is a handy link to the ticket: - # [${{ env.TICKET_NAME }}](https://nhsd-jira.digital.nhs.uk/browse/${{ env.TICKET_NAME }})' + body: "This branch is work on a ticket in an NHS England JIRA Project. Here is a handy link to the ticket: + # [${{ env.TICKET_NAME }}](https://nhsd-jira.digital.nhs.uk/browse/${{ env.TICKET_NAME }})" }) From 91fa418e7e80ff56a8ac2513668bd745e0378221 Mon Sep 17 00:00:00 2001 From: SeanSteberis <103416906+seansteberisal@users.noreply.github.com> Date: Fri, 19 Sep 2025 02:09:40 +0100 Subject: [PATCH 6/9] set the permission correctly this time --- .github/workflows/pr-link.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pr-link.yml b/.github/workflows/pr-link.yml index 0a9bdf25..8e0eda5e 100644 --- a/.github/workflows/pr-link.yml +++ b/.github/workflows/pr-link.yml @@ -7,6 +7,8 @@ jobs: runs-on: ubuntu-22.04 env: REF: ${{ github.event.pull_request.head.ref }} + permissions: + id-token: write steps: - name: Check ticket name conforms to requirements run: echo "$REF" | grep -i -E -q "(eli-[0-9]+)|(dependabot\/)" From e9a72c5f5a9a8f1029b8e16a2dd73df8c2f879a6 Mon Sep 17 00:00:00 2001 From: SeanSteberis <103416906+seansteberisal@users.noreply.github.com> Date: Fri, 19 Sep 2025 02:16:21 +0100 Subject: [PATCH 7/9] trying to specifically provide the github token --- .github/workflows/pr-link.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pr-link.yml b/.github/workflows/pr-link.yml index 8e0eda5e..256c1a05 100644 --- a/.github/workflows/pr-link.yml +++ b/.github/workflows/pr-link.yml @@ -35,6 +35,7 @@ jobs: continue-on-error: true uses: actions/github-script@v8 with: + github-token: ${{ secrets.GITHUB_TOKEN }} script: | github.rest.issues.createComment({ issue_number: context.issue.number, From e17958940ea030409ad78426bcc23ef84f6363fe Mon Sep 17 00:00:00 2001 From: SeanSteberis <103416906+seansteberisal@users.noreply.github.com> Date: Fri, 19 Sep 2025 02:18:01 +0100 Subject: [PATCH 8/9] add issues: write and pull-requests: write permission --- .github/workflows/regression_tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/regression_tests.yml b/.github/workflows/regression_tests.yml index 8fca09df..f20e1f98 100644 --- a/.github/workflows/regression_tests.yml +++ b/.github/workflows/regression_tests.yml @@ -29,6 +29,8 @@ jobs: regression_tests: permissions: id-token: write + issues: write + pull-requests: write runs-on: ubuntu-22.04 environment: ${{ inputs.environment }} steps: From 2c417ca3f25a1e940c112c1cf7e321454a96568d Mon Sep 17 00:00:00 2001 From: SeanSteberis <103416906+seansteberisal@users.noreply.github.com> Date: Fri, 19 Sep 2025 02:21:07 +0100 Subject: [PATCH 9/9] Syntax error --- .github/workflows/pr-link.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/pr-link.yml b/.github/workflows/pr-link.yml index 256c1a05..cc47cfc6 100644 --- a/.github/workflows/pr-link.yml +++ b/.github/workflows/pr-link.yml @@ -43,4 +43,3 @@ jobs: repo: context.repo.repo, body: "This branch is work on a ticket in an NHS England JIRA Project. Here is a handy link to the ticket: # [${{ env.TICKET_NAME }}](https://nhsd-jira.digital.nhs.uk/browse/${{ env.TICKET_NAME }})" - })