Fix: [AEA-0000] - use sementic-version for release numbering (#44)

## Summary

- Routine Change

### Details

- switch to using sementic-version to manage versions

Author: anthony-nhs

.devcontainer/Dockerfile

@@ -9,7 +9,7 @@ RUN apt-get update \
     openjdk-8-jdk jq apt-transport-https ca-certificates gnupg-agent \
     software-properties-common bash-completion python3-pip make libbz2-dev \
     libreadline-dev libsqlite3-dev wget llvm libncurses5-dev libncursesw5-dev \
-    xz-utils tk-dev liblzma-dev netcat
+    xz-utils tk-dev liblzma-dev netcat ruby-full build-essential zlib1g-dev
 
 # install aws stuff
 RUN wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" && \
@@ -29,7 +29,10 @@ USER vscode
 # Install ASDF
 RUN git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.11.3; \
     echo '. $HOME/.asdf/asdf.sh' >> ~/.bashrc; \
-    echo '. $HOME/.asdf/completions/asdf.bash' >> ~/.bashrc;
+    echo '. $HOME/.asdf/completions/asdf.bash' >> ~/.bashrc; \
+    echo '# Install Ruby Gems to ~/gems' >> ~/.bashrc; \
+    echo 'export GEM_HOME="$HOME/gems"' >> ~/.bashrc; \
+    echo 'export PATH="$HOME/gems/bin:$PATH"' >> ~/.bashrc;
 
 ENV PATH="$PATH:/home/vscode/.asdf/bin/"
 
@@ -41,7 +44,8 @@ RUN asdf plugin add python; \
     asdf plugin-add java; \
     asdf plugin-add maven; \
     asdf plugin add direnv; \
-    asdf plugin add actionlint;
+    asdf plugin add actionlint; \
+    asdf plugin add nodejs;
 
 WORKDIR /workspaces/validation-service-fhir-r4
 ADD .tool-versions /workspaces/validation-service-fhir-r4/.tool-versions

.devcontainer/devcontainer.json

@@ -62,7 +62,7 @@
         }
       }
     },
-    "postCreateCommand": "rm -f ~/.docker/config.json; git config --global --add safe.directory /workspaces/validation-service-fhir-r4; make install"
+    "postCreateCommand": "rm -f ~/.docker/config.json; git config --global --add safe.directory /workspaces/eps-FHIR-validator-lambda; make install"
     // "features": {},
     // Use 'forwardPorts' to make a list of ports inside the container available locally.
     // "forwardPorts": [],

.github/dependabot.yml

@@ -10,7 +10,7 @@
 # rebase-strategy is set to 'disabled', as automated rebasing was causing
 # too many CI environments to be created, reducing available capacity for
 # us and other teams as well.
-######################################################################### 
+#########################################################################
 
 version: 2
 updates:
@@ -20,7 +20,9 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
-  
+    commit-message:
+      prefix: "Upgrade: [dependabot] - "
+
   ###################################
   # Java workspace  ##################
   ###################################
@@ -30,6 +32,8 @@ updates:
     schedule:
       interval: "daily"
     open-pull-requests-limit: 20
+    commit-message:
+      prefix: "Upgrade: [dependabot] - "
 
   ###################################
   # Poetry  #########################
@@ -39,3 +43,5 @@ updates:
     schedule:
       interval: "daily"
     versioning-strategy: increase
+    commit-message:
+      prefix: "Upgrade: [dependabot] - "

.github/pull_request_template.md

@@ -11,3 +11,41 @@
 ### Details
 
 Add any summary information of what is in the change. **Remove this line if you have nothing to add.**
+
+**Remove the sections below this line once you have named your PR**
+
+## Pull Request Naming
+
+Pull requests should be named using the following format:
+
+```text
+Tag: [AEA-NNNN] - Short description
+```
+
+Tag can be one of:
+
+- `Fix` - for a bug fix. (Patch release)
+- `Update` - either for a backwards-compatible enhancement or for a rule change that adds reported problems. (Patch release)
+- `New` - implemented a new feature. (Minor release)
+- `Breaking` - for a backwards-incompatible enhancement or feature. (Major release)
+- `Docs` - changes to documentation only. (Patch release)
+- `Build` - changes to build process only. (No release)
+- `Upgrade` - for a dependency upgrade. (Patch release)
+- `Chore` - for refactoring, adding tests, etc. (anything that isn't user-facing). (Patch release)
+
+Correct tagging is necessary for our automated versioning and release process ([Release](./RELEASE.md)).
+
+The description of your pull request will be used as the commit message for the merge, and also be included in the changelog. Please ensure that your title is sufficiently descriptive.
+
+### Rerunning Checks
+
+If you need to rename your pull request, you can restart the checks by either:
+
+- Closing and reopening the pull request
+- Amend your last commit and force push to the branch
+  ```bash
+  git commit --amend --no-edit
+  git push --force
+  ```
+
+Rerunning the checks from within the pull request will not use the updated title.

.github/workflows/ci.yml

@@ -0,0 +1,122 @@
+name: merge to main workflow
+
+on:
+  push:
+    branches: [main]
+
+env:
+  BRANCH_NAME: ${{ github.event.ref.BRANCH_NAME }}
+
+jobs:
+  quality_checks:
+    uses: ./.github/workflows/quality_checks.yml
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  get_commit_id:
+    runs-on: ubuntu-latest
+    outputs:
+      commit_id: ${{ steps.commit_id.outputs.commit_id }}
+    steps:
+      - name: Get Commit ID
+        id: commit_id
+        run: |
+          echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT"
+
+  tag_release:
+    needs: quality_checks
+    runs-on: ubuntu-latest
+    outputs:
+      spec_version: ${{steps.output_spec_version.outputs.SPEC_VERSION}}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+          fetch-depth: 0
+
+      # using git commit sha for version of action to ensure we have stable version
+      - name: Install asdf
+        uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        with:
+          asdf_branch: v0.11.3
+  
+      - name: Cache asdf
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.asdf
+          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-asdf-
+
+      - name: Install asdf dependencies in .tool-versions
+        uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        with:
+          asdf_branch: v0.11.3
+        env:
+          PYTHON_CONFIGURE_OPTS: --enable-shared 
+  
+      - name: Install node packages
+        run: |
+          make install-node
+
+      - name: Set SPEC_VERSION env var to be short git SHA and get next tag varsion
+        id: output_spec_version
+        run: |
+          SPEC_VERSION=$(git rev-parse --short HEAD)
+          NEXT_VERSION=$(npx semantic-release --dry-run | grep -i 'The next release version is' | sed -E 's/.* ([[:digit:].]+)$/\1/')
+          tagFormat=$(jq -r .tagFormat .releaserc)
+          if [ "${tagFormat}" = "null" ]
+          then
+            tagFormat="v\${version}"
+          fi
+          # disabling shellcheck as replace does not work
+          # shellcheck disable=SC2001
+          NEW_SPEC_VERSION=$(echo "$tagFormat" | sed "s/\${version}/$NEXT_VERSION/")
+          echo "## SPEC VERSION :** ${SPEC_VERSION}" >> "$GITHUB_STEP_SUMMARY"
+          echo "## NEXT TAG WILL BE :** ${NEW_SPEC_VERSION}" >> "$GITHUB_STEP_SUMMARY"
+          echo "SPEC_VERSION=${SPEC_VERSION }" >> "$GITHUB_OUTPUT"
+          echo "SPEC_VERSION=${SPEC_VERSION}" >> "$GITHUB_ENV"
+        env:
+          GITHUB_TOKEN: ${{ github.token }}         
+
+  package_code:
+    needs: tag_release
+    uses: ./.github/workflows/sam_package_code.yml
+
+  release_dev:
+    needs: [tag_release, package_code, get_commit_id]
+    uses: ./.github/workflows/sam_release_code.yml
+    with:
+      ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.spec_version}}
+      STACK_NAME: fhir-validator
+      TARGET_ENVIRONMENT: dev
+      BUILD_ARTIFACT: packaged_code
+      VERSION_NUMBER: ${{needs.tag_release.outputs.spec_version}}
+      COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
+      LOG_LEVEL: INFO
+      LOG_RETENTION_DAYS: 30
+      CREATE_INT_RELEASE_NOTES: true
+      CREATE_PROD_RELEASE_NOTES: true
+    secrets:
+      CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
+      DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      INT_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
+      DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
+
+  release_qa:
+    needs: [tag_release, release_dev, package_code, get_commit_id]
+    uses: ./.github/workflows/sam_release_code.yml
+    with:
+      ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.spec_version}}
+      STACK_NAME: fhir-validator
+      TARGET_ENVIRONMENT: qa
+      BUILD_ARTIFACT: packaged_code
+      VERSION_NUMBER: ${{needs.tag_release.outputs.spec_version}}
+      COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
+      LOG_LEVEL: INFO
+      LOG_RETENTION_DAYS: 30
+    secrets:
+      CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}

.github/workflows/pr_title_check.yml

@@ -0,0 +1,34 @@
+name: PR Title Check
+
+on:
+  workflow_call:
+
+jobs:
+  pr_title_format_check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check PR Title is Prefixed with Change Type
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+        run: |
+          if [[ "$PR_TITLE" =~ ^(Fix|Update|New|Breaking|Docs|Build|Upgrade|Chore):.*$ ]]; then
+            echo "PR title is prefixed with change type."
+          else
+            echo "PR title is not prefixed with change type."
+            echo "Please prefix your PR title with a change type (Fix, Update, New, Breaking, Docs, Build, Upgrade, Chore)."
+            echo "See the contributing guide for more details:"
+            echo "https://github.com/NHSDigital/nhs-fhir-middy-error-handler/blob/main/CONTRIBUTING.md"
+            exit 1
+          fi
+
+      - name: Check PR Title contains Ticket/Dependabot Reference
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+        run: |
+          if [[ "$PR_TITLE" =~ ^.*:.*\[([A-Z]+-[0-9]+|dependabot)\].*-.*$ ]]; then
+            echo "PR title contains ticket or dependabot reference."
+          else
+            echo "PR title does not contain ticket or dependabot reference."
+            echo "Please ensure PR title contains a ticket (eg. 'Fix: [AEA-####] - ...', or 'Chore: [dependabot] - ...')."
+            exit 1
+          fi

.github/workflows/pull_request.yml

@@ -13,6 +13,9 @@ jobs:
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
+  pr_title_format_check:
+    uses: ./.github/workflows/pr_title_check.yml
+
   get_issue_number:
     runs-on: ubuntu-latest
     needs: quality_checks

.github/workflows/release.yml

@@ -1,9 +1,7 @@
-name: release workflow
+name: release to environments
 
 on:
-  push:
-    branches: [main]
-    tags: [v**]
+  workflow_dispatch:
 
 env:
   BRANCH_NAME: ${{ github.event.ref.BRANCH_NAME }}
@@ -58,43 +56,56 @@ jobs:
         env:
           PYTHON_CONFIGURE_OPTS: --enable-shared 
 
-      - name: Install python packages
+      - name: Install node packages
         run: |
-          make install-python
+          make install-node
 
-      - name: Set SPEC_VERSION env var for merges to main
-        run: echo "SPEC_VERSION=$(poetry run python scripts/calculate_version.py)" >> "$GITHUB_ENV"
-        if: github.ref == 'refs/heads/main'
-
-      - name: Set SPEC_VERSION env var for tags
-        run: echo "SPEC_VERSION=${{ github.ref_name }}" >> "$GITHUB_ENV"
-        if: github.ref != 'refs/heads/main'
-
-      - name: Create release (tags and main)
-        id: create-release
-        # using commit hash for version v1.13.0
-        uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5
-        continue-on-error: true
+      - name: Set SPEC_VERSION to be next tag varsion
+        id: output_spec_version
+        run: |
+          NEXT_VERSION=$(npx semantic-release --dry-run | grep -i 'The next release version is' | sed -E 's/.* ([[:digit:].]+)$/\1/')
+          tagFormat=$(jq -r .tagFormat .releaserc)
+          if [ "${tagFormat}" = "null" ]
+          then
+            tagFormat="v\${version}"
+          fi
+          # disabling shellcheck as replace does not work
+          # shellcheck disable=SC2001
+          SPEC_VERSION=$(echo "$tagFormat" | sed "s/\${version}/$NEXT_VERSION/")
+          echo "## SPEC VERSION :** ${SPEC_VERSION}" >> "$GITHUB_STEP_SUMMARY"
+          echo "SPEC_VERSION=${SPEC_VERSION }" >> "$GITHUB_OUTPUT"
+          echo "SPEC_VERSION=${SPEC_VERSION}" >> "$GITHUB_ENV"
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+  
+      - name: tag release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          npx semantic-release
+
+      - name: Get release for editing
+        id: get_release
+        # version 1.2.4
+        uses: cardinalby/git-get-release-action@cedef2faf69cb7c55b285bad07688d04430b7ada
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
         with:
           tag: ${{ env.SPEC_VERSION }}
-          commit: ${{  github.sha }}
+
+      - name: Edit Release
+        # version 1.2.0
+        uses: irongut/EditRelease@ccf529ad26dddf9996e7dd0f24ca5da4ea507cc2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          id: ${{ steps.get_release.outputs.id }}
           body: |
-            ## Commit message
-            ${{ github.event.head_commit.message }}
             ## Info
             [See code diff](${{ github.event.compare }})
             [Release workflow run](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
 
             It was initialized by [${{ github.event.sender.login }}](${{ github.event.sender.html_url }})
-
-      - name: output SPEC_VERSION
-        id: output_spec_version
-        run: |
-          echo "## RELEASE TAG :** ${{ env.SPEC_VERSION  }}" >> "$GITHUB_STEP_SUMMARY"
-          echo "SPEC_VERSION=${{ env.SPEC_VERSION }}" >> "$GITHUB_OUTPUT"
-
+            
   package_code:
     needs: tag_release
     uses: ./.github/workflows/sam_package_code.yml