Chore: [AEA-0000] - sync copilot (#490)

anthony-nhs · web-flow · commit 8c6c181dc460 · 2026-04-01T14:47:46.000+01:00
## Summary

- Routine Change

### Details

- sync copilot
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -64,6 +64,5 @@
   "remoteEnv": {
     "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}"
   },
-  "postAttachCommand": "git-secrets --register-aws; git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt",
   "features": {}
 }
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -24,7 +24,7 @@ updates:
     commit-message:
       prefix: "Upgrade: [dependabot] - "
     cooldown:
-      default-days: 3
+      default-days: 7
   - package-ecosystem: "github-actions"
     # Workflow files stored in the
     # default location of `.github/workflows`
@@ -37,7 +37,7 @@ updates:
     commit-message:
       prefix: "Upgrade: [dependabot] - "
     cooldown:
-      default-days: 3
+      default-days: 7
   ###################################
   # NPM workspace  ##################
   ###################################
@@ -54,7 +54,7 @@ updates:
     registries:
       - npm-github
     cooldown:
-      default-days: 3
+      default-days: 7
   ###################################
   # Java workspace  ##################
   ###################################
@@ -69,5 +69,5 @@ updates:
     commit-message:
       prefix: "Upgrade: [dependabot] - "
     cooldown:
-      default-days: 3
+      default-days: 7
   
diff --git a/.github/workflows/sync_copilot.yml b/.github/workflows/sync_copilot.yml
@@ -0,0 +1,22 @@
+name: Sync Copilot Instructions
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 6 * * 1'
+
+jobs:
+  sync-copilot-instructions:
+    runs-on: ubuntu-22.04
+    environment: create_pull_request
+    permissions:
+      contents: read
+
+    steps:
+      - name: Sync shared instructions
+        uses: NHSDigital/eps-copilot-instructions@a7849a16aabd5c1edef13e29467a480fa08555f8
+        with:
+          copilot_instructions_ref: main
+          calling_repo_base_branch: main
+          CREATE_PULL_REQUEST_APP_ID: ${{ secrets.CREATE_PULL_REQUEST_APP_ID }}
+          CREATE_PULL_REQUEST_PEM: ${{ secrets.CREATE_PULL_REQUEST_PEM }}
diff --git a/.github/workflows/update_dev_container_version.yml b/.github/workflows/update_dev_container_version.yml
@@ -1,19 +1,23 @@
-name: Update Devcontainer Version
+name: Update devcontainer version
 
 on:
   workflow_dispatch:
   schedule:
-    - cron: "0 18 * * 4"
+    - cron: '0 6 * * 4'
+permissions: {}
 
 jobs:
-  update_devcontainer_version:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/update-dev-container-version.yml@23342d86a245c076937abd6aecdd0ce06446b1e6
+  update-devcontainer-version:
+    runs-on: ubuntu-22.04
+    environment: create_pull_request
     permissions:
       contents: read
       packages: read
-      pull-requests: write
-    with:
-      base_branch: main
-    secrets:
-      CREATE_PULL_REQUEST_APP_ID: ${{ secrets.CREATE_PULL_REQUEST_APP_ID }}
-      CREATE_PULL_REQUEST_PEM: ${{ secrets.CREATE_PULL_REQUEST_PEM }}
+
+    steps:
+      - name: Update devcontainer version
+        uses: NHSDigital/eps-update-devcontainer@dc3a8c5f11e7226ee4f5f2bb35bd0d1265092306
+        with:
+          calling_repo_base_branch: main
+          CREATE_PULL_REQUEST_APP_ID: ${{ secrets.CREATE_PULL_REQUEST_APP_ID }}
+          CREATE_PULL_REQUEST_PEM: ${{ secrets.CREATE_PULL_REQUEST_PEM }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -23,6 +23,26 @@ repos:
 
   - repo: local
     hooks:
+      - id: check-commit-signing
+        name: Check commit signing
+        description: Ensures that commits are GPG signed
+        entry: bash
+        args:
+          - -c
+          - |
+            if ! git config --get commit.gpgsign | grep -q "true" > /dev/null 2>&1; then
+              echo "Error: Commit signing is not enabled."
+              echo "Please enable commit signing with:"
+              echo "  git config commit.gpgsign true"
+              echo ""
+              echo "For more information, see: https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits"
+              exit 1
+            fi
+            echo "Commit signing is properly configured."
+        language: system
+        pass_filenames: false
+        always_run: true
+
       - id: git-secrets
         name: Git Secrets
         description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,5 @@`
`64`	`64`	`"remoteEnv": {`
`65`	`65`	`"LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}"`
`66`	`66`	`},`
`67`		`- "postAttachCommand": "git-secrets --register-aws; git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt",`
`68`	`67`	`"features": {}`
`69`	`68`	`}`