Skip to content

Commit 09f80f1

Browse files
wildjameswildjames
committed
Merge changes
2 parents f03ed61 + 9a1dda8 commit 09f80f1

36 files changed

Lines changed: 1299 additions & 2009 deletions

File tree

.github/workflows/ci.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ jobs:
2727
echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT"
2828
2929
quality_checks:
30-
uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@67fef01ddbbab2c46778278f93d0a65ab47fd38d
30+
uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@5ccebbf821beef2de6abdce9e392b3cbeb4999e3
3131
needs: [get_asdf_version]
3232
with:
3333
asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
@@ -46,7 +46,7 @@ jobs:
4646
4747
tag_release:
4848
needs: [quality_checks, get_commit_id, get_asdf_version]
49-
uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml@e31e25273fb87450be4ef763ddbed4f531c45f8e
49+
uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml@5ccebbf821beef2de6abdce9e392b3cbeb4999e3
5050
with:
5151
dry_run: true
5252
asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}

.github/workflows/delete_old_cloudformation_stacks.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ jobs:
2323
fetch-depth: 0
2424

2525
- name: Configure AWS Credentials
26-
uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708
26+
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
2727
with:
2828
aws-region: eu-west-2
2929
role-to-assume: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -50,7 +50,7 @@ jobs:
5050
fetch-depth: 0
5151

5252
- name: Configure AWS Credentials
53-
uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708
53+
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
5454
with:
5555
aws-region: eu-west-2
5656
role-to-assume: ${{ secrets.PROXYGEN_PTL_ROLE }}

.github/workflows/pull_request.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ env:
1010
jobs:
1111
dependabot-auto-approve-and-merge:
1212
needs: quality_checks
13-
uses: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml@e31e25273fb87450be4ef763ddbed4f531c45f8e
13+
uses: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml@5ccebbf821beef2de6abdce9e392b3cbeb4999e3
1414
secrets:
1515
AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
1616
AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
@@ -32,15 +32,15 @@ jobs:
3232
TAG_FORMAT=$(yq '.TAG_FORMAT' .github/cfg/settings.yml)
3333
echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT"
3434
quality_checks:
35-
uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@67fef01ddbbab2c46778278f93d0a65ab47fd38d
35+
uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@5ccebbf821beef2de6abdce9e392b3cbeb4999e3
3636
needs: [get_asdf_version]
3737
with:
3838
asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
3939
secrets:
4040
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
4141

4242
pr_title_format_check:
43-
uses: NHSDigital/eps-common-workflows/.github/workflows/pr_title_check.yml@e31e25273fb87450be4ef763ddbed4f531c45f8e
43+
uses: NHSDigital/eps-common-workflows/.github/workflows/pr_title_check.yml@5ccebbf821beef2de6abdce9e392b3cbeb4999e3
4444

4545
get_issue_number:
4646
runs-on: ubuntu-22.04
@@ -71,7 +71,7 @@ jobs:
7171

7272
tag_release:
7373
needs: [get_asdf_version]
74-
uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml@e31e25273fb87450be4ef763ddbed4f531c45f8e
74+
uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml@5ccebbf821beef2de6abdce9e392b3cbeb4999e3
7575
with:
7676
dry_run: true
7777
asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}

.github/workflows/release.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ jobs:
2525
TAG_FORMAT=$(yq '.TAG_FORMAT' .github/cfg/settings.yml)
2626
echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT"
2727
quality_checks:
28-
uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@67fef01ddbbab2c46778278f93d0a65ab47fd38d
28+
uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@5ccebbf821beef2de6abdce9e392b3cbeb4999e3
2929
needs: [get_asdf_version]
3030
with:
3131
asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
@@ -44,7 +44,7 @@ jobs:
4444
4545
tag_release:
4646
needs: [quality_checks, get_commit_id, get_asdf_version]
47-
uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml@e31e25273fb87450be4ef763ddbed4f531c45f8e
47+
uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml@5ccebbf821beef2de6abdce9e392b3cbeb4999e3
4848
with:
4949
dry_run: false
5050
asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}

.github/workflows/run_release_code_and_api.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -173,7 +173,7 @@ jobs:
173173
DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
174174

175175
- name: Configure AWS Credentials
176-
uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708
176+
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
177177
with:
178178
aws-region: eu-west-2
179179
role-to-assume: ${{ secrets.CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -249,7 +249,7 @@ jobs:
249249
AWS_MAX_ATTEMPTS: 20
250250

251251
- name: Configure AWS Credentials for api release
252-
uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708
252+
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
253253
with:
254254
aws-region: eu-west-2
255255
role-to-assume: ${{ secrets.PROXYGEN_ROLE }}

.trivyignore.yaml

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,5 @@ vulnerabilities:
33
statement: fast-xml-parser vulnerability accepted as risk - dependency of aws-sdk/client-dynamodb
44
expired_at: 2026-03-01
55
- id: CVE-2026-25547
6-
paths:
7-
- "package-lock.json"
8-
statement: downstream dependency of @isaacs/brace-expansion
9-
expired_at: 2026-06-01
6+
statement: isaacs/brace-expansion vulnerability accepted as risk - dependency of aws-sdk/client-dynamodb
7+
expired_at: 2026-03-01

Makefile

Lines changed: 50 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,20 +31,68 @@ sam-sync: guard-AWS_DEFAULT_PROFILE guard-stack_name compile
3131
--stack-name $$stack_name \
3232
--watch \
3333
--template-file SAMtemplates/main_template.yaml \
34+
--capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \
3435
--parameter-overrides \
36+
TruststoreVersion=$${TRUSTSTORE_VERSION:-none} \
37+
EnableMutualTLS=$${ENABLE_MUTUAL_TLS:-false} \
3538
EnableSplunk=false \
39+
EnableDynamoDBAutoScaling=$${DYNAMODB_AUTOSCALE:-true} \
40+
VersionNumber=$${VERSION_NUMBER:-dev} \
41+
CommitId=$${COMMIT_ID:-local} \
42+
LogLevel=$${LOG_LEVEL:-INFO} \
43+
LogRetentionInDays=$${LOG_RETENTION_DAYS:-30} \
3644
DeployCheckPrescriptionStatusUpdate=true \
3745
DeployNotificationsReporting=true \
38-
EnableAlerts=false
46+
EnableAlerts=false \
47+
Environment=$$AWS_ENVIRONMENT \
48+
StateMachineLogLevel=$${STATE_MACHINE_LOG_LEVEL:-ALL} \
49+
RequireApplicationName=$${REQUIRE_APPLICATION_NAME:-false} \
50+
ForwardCsocLogs=$${FORWARD_CSOC_LOGS:-false} \
51+
TestPresciptionsParamValue1=$${TEST_PRESCRIPTIONS_1:-PLACEHOLDER} \
52+
TestPresciptionsParamValue2=$${TEST_PRESCRIPTIONS_2:-PLACEHOLDER} \
53+
TestPresciptionsParamValue3=$${TEST_PRESCRIPTIONS_3:-PLACEHOLDER} \
54+
TestPresciptionsParamValue4=$${TEST_PRESCRIPTIONS_4:-PLACEHOLDER} \
55+
"EnabledSystemsValue=$${ENABLED_SYSTEMS:-Internal Test System}" \
56+
"EnabledSiteODSCodesValue=$${ENABLED_SITE_ODS_CODES:-A83008,FA565}" \
57+
BlockedSiteODSCodesValue=$${BLOCKED_SITE_ODS_CODES:-XXXXX} \
58+
NotifyRoutingPlanIDValue=$${NOTIFY_ROUTING_PLAN_ID:-e57fe5cc-0567-4854-abe2-b7dd9014a50c} \
59+
NotifyAPIBaseURLValue=$${NOTIFY_API_BASE_URL:-https://int.api.service.nhs.uk} \
60+
EnableNotificationsInternal=$${ENABLE_NOTIFICATIONS_INTERNAL:-true} \
61+
EnableNotificationsExternal=$${ENABLE_NOTIFICATIONS_EXTERNAL:-false} \
62+
EnableBackup=$${ENABLE_BACKUP:-False}
3963

4064
sam-deploy: guard-AWS_DEFAULT_PROFILE guard-stack_name
4165
sam deploy \
4266
--stack-name $$stack_name \
67+
--capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \
4368
--parameter-overrides \
69+
TruststoreVersion=$${TRUSTSTORE_VERSION:-none} \
70+
EnableMutualTLS=$${ENABLE_MUTUAL_TLS:-false} \
4471
EnableSplunk=false \
72+
EnableDynamoDBAutoScaling=$${DYNAMODB_AUTOSCALE:-true} \
73+
VersionNumber=$${VERSION_NUMBER:-dev} \
74+
CommitId=$${COMMIT_ID:-local} \
75+
LogLevel=$${LOG_LEVEL:-INFO} \
76+
LogRetentionInDays=$${LOG_RETENTION_DAYS:-30} \
4577
DeployCheckPrescriptionStatusUpdate=true \
4678
DeployNotificationsReporting=true \
47-
EnableAlerts=false
79+
EnableAlerts=false \
80+
Environment=$$AWS_ENVIRONMENT \
81+
StateMachineLogLevel=$${STATE_MACHINE_LOG_LEVEL:-ALL} \
82+
RequireApplicationName=$${REQUIRE_APPLICATION_NAME:-false} \
83+
ForwardCsocLogs=$${FORWARD_CSOC_LOGS:-false} \
84+
TestPresciptionsParamValue1=$${TEST_PRESCRIPTIONS_1:-PLACEHOLDER} \
85+
TestPresciptionsParamValue2=$${TEST_PRESCRIPTIONS_2:-PLACEHOLDER} \
86+
TestPresciptionsParamValue3=$${TEST_PRESCRIPTIONS_3:-PLACEHOLDER} \
87+
TestPresciptionsParamValue4=$${TEST_PRESCRIPTIONS_4:-PLACEHOLDER} \
88+
"EnabledSystemsValue=$${ENABLED_SYSTEMS:-Internal Test System}" \
89+
"EnabledSiteODSCodesValue=$${ENABLED_SITE_ODS_CODES:-A83008,FA565}" \
90+
BlockedSiteODSCodesValue=$${BLOCKED_SITE_ODS_CODES:-XXXXX} \
91+
NotifyRoutingPlanIDValue=$${NOTIFY_ROUTING_PLAN_ID:-e57fe5cc-0567-4854-abe2-b7dd9014a50c} \
92+
NotifyAPIBaseURLValue=$${NOTIFY_API_BASE_URL:-https://int.api.service.nhs.uk} \
93+
EnableNotificationsInternal=$${ENABLE_NOTIFICATIONS_INTERNAL:-true} \
94+
EnableNotificationsExternal=$${ENABLE_NOTIFICATIONS_EXTERNAL:-false} \
95+
EnableBackup=$${ENABLE_BACKUP:-False}
4896

4997
sam-delete: guard-AWS_DEFAULT_PROFILE guard-stack_name
5098
sam delete --stack-name $$stack_name

SAMtemplates/functions/main.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -602,7 +602,7 @@ Resources:
602602
Type: ScheduleV2
603603
Properties:
604604
Name: !Sub ${StackName}-PostDatedNotifySchedule
605-
ScheduleExpression: "rate(2 minutes)" # TODO: Increase to 15 minutes
605+
ScheduleExpression: "rate(15 minutes)"
606606
RoleArn: !GetAtt PostDatedNotifyLambdaScheduleEventRole.Arn
607607
Metadata:
608608
BuildMethod: esbuild

SAMtemplates/main_template.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,10 @@ Parameters:
9292

9393
StateMachineLogLevel:
9494
Type: String
95+
AllowedValues: # OFF is not valid for state machine type EXPRESS
96+
- ALL
97+
- ERROR
98+
- FATAL
9599

96100
EnableBackup:
97101
Type: String

0 commit comments

Comments
 (0)