Skip to content

Upgrade: [dependabot] - bump boto3 from 1.35.17 to 1.35.18 (#1275) #73

Upgrade: [dependabot] - bump boto3 from 1.35.17 to 1.35.18 (#1275)

Upgrade: [dependabot] - bump boto3 from 1.35.17 to 1.35.18 (#1275) #73

Workflow file for this run

name: merge to main workflow
on:
push:
branches: [main]
env:
BRANCH_NAME: ${{ github.ref_name }}
jobs:
quality_checks:
uses: ./.github/workflows/quality_checks.yml
secrets:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
get_commit_id:
runs-on: ubuntu-latest
outputs:
commit_id: ${{ steps.commit_id.outputs.commit_id }}
steps:
- name: Get Commit ID
id: commit_id
run: |
echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT"
tag_release:
needs: quality_checks
runs-on: ubuntu-latest
outputs:
version_tag: ${{steps.output_version_tag.outputs.VERSION_TAG}}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ env.BRANCH_NAME }}
fetch-depth: 0
# using git commit sha for version of action to ensure we have stable version
- name: Install asdf
uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
with:
asdf_branch: v0.11.3
- name: Cache asdf
uses: actions/cache@v4
with:
path: |
~/.asdf
key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
restore-keys: |
${{ runner.os }}-asdf-
- name: Install asdf dependencies in .tool-versions
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
with:
asdf_branch: v0.11.3
env:
PYTHON_CONFIGURE_OPTS: --enable-shared
- name: Setting up .npmrc
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc
echo "@NHSDigital:registry=https://npm.pkg.github.com" >> ~/.npmrc
- name: Install node packages
run: |
make install-node
- name: Set VERSION_TAG env var to be short git SHA and get next tag version
id: output_version_tag
run: |
VERSION_TAG=$(git rev-parse --short HEAD)
npx semantic-release --dry-run > semantic-release-output.log
NEXT_VERSION=$(grep -i 'The next release version is' semantic-release-output.log | sed -E 's/.* ([[:digit:].]+)$/\1/')
if [ -z "${NEXT_VERSION}" ]
then
echo "Could not get next tag. Here is the log from semantic-release"
cat semantic-release-output.log
exit 1
fi
tagFormat=$(node -e "const config=require('./release.config.js'); console.log(config.tagFormat)")
if [ "${tagFormat}" = "null" ]
then
tagFormat="v\${version}"
fi
# disabling shellcheck as replace does not work
# shellcheck disable=SC2001
NEW_VERSION_TAG=$(echo "$tagFormat" | sed "s/\${version}/$NEXT_VERSION/")
echo "## VERSION TAG : ${VERSION_TAG}" >> "$GITHUB_STEP_SUMMARY"
echo "## NEXT TAG WILL BE : ${NEW_VERSION_TAG}" >> "$GITHUB_STEP_SUMMARY"
echo "VERSION_TAG=${VERSION_TAG}" >> "$GITHUB_OUTPUT"
echo "VERSION_TAG=${VERSION_TAG}" >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ github.token }}
package_code:
needs: tag_release
uses: ./.github/workflows/sam_package_code.yml
release_dev:
needs: [tag_release, package_code, get_commit_id]
uses: ./.github/workflows/sam_release_code.yml
with:
ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}}
STACK_NAME: pfp
TARGET_ENVIRONMENT: dev
APIGEE_ENVIRONMENT: internal-dev
ENABLE_MUTUAL_TLS: true
BUILD_ARTIFACT: packaged_code
TRUSTSTORE_FILE: pfp-truststore.pem
VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
LOG_LEVEL: DEBUG
LOG_RETENTION_DAYS: 30
CREATE_INT_RELEASE_NOTES: true
CREATE_PROD_RELEASE_NOTES: true
TOGGLE_GET_STATUS_UPDATES: true
secrets:
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
TARGET_SPINE_SERVER: ${{ secrets.DEV_TARGET_SPINE_SERVER }}
TARGET_SERVICE_SEARCH_SERVER: ${{ secrets.DEV_TARGET_SERVICE_SEARCH_SERVER }}
DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
INT_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
release_dev_sandbox:
needs: [tag_release, package_code, get_commit_id]
uses: ./.github/workflows/sam_release_code.yml
with:
ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}}
STACK_NAME: pfp-sandbox
TARGET_ENVIRONMENT: dev
APIGEE_ENVIRONMENT: internal-dev-sandbox
ENABLE_MUTUAL_TLS: true
BUILD_ARTIFACT: packaged_sandbox_code
TRUSTSTORE_FILE: pfp-sandbox-truststore.pem
VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
LOG_LEVEL: DEBUG
LOG_RETENTION_DAYS: 30
DOMAIN_NAME_EXPORT: eps-route53-resources:EPS-domain
ZONE_ID_EXPORT: eps-route53-resources:EPS-ZoneID
secrets:
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
TARGET_SPINE_SERVER: sandbox
TARGET_SERVICE_SEARCH_SERVER: sandbox
release_qa:
needs:
[
tag_release,
release_dev,
release_dev_sandbox,
package_code,
get_commit_id,
]
uses: ./.github/workflows/sam_release_code.yml
with:
ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}}
STACK_NAME: pfp
TARGET_ENVIRONMENT: qa
APIGEE_ENVIRONMENT: internal-qa
ENABLE_MUTUAL_TLS: true
BUILD_ARTIFACT: packaged_code
TRUSTSTORE_FILE: pfp-truststore.pem
VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
LOG_LEVEL: DEBUG
LOG_RETENTION_DAYS: 30
TOGGLE_GET_STATUS_UPDATES: true
secrets:
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}
TARGET_SPINE_SERVER: ${{ secrets.QA_TARGET_SPINE_SERVER }}
TARGET_SERVICE_SEARCH_SERVER: ${{ secrets.QA_TARGET_SERVICE_SEARCH_SERVER }}