Merge remote-tracking branch 'origin/main' into cdk_construct

Author: anthony-nhs

.devcontainer/Dockerfile

@@ -1,5 +1,12 @@
 FROM mcr.microsoft.com/devcontainers/base:ubuntu
 
+
+ARG TARGETARCH
+ENV TARGETARCH=${TARGETARCH}
+
+ARG ASDF_VERSION
+COPY .tool-versions.asdf /tmp/.tool-versions.asdf
+
 RUN apt-get update \
     && export DEBIAN_FRONTEND=noninteractive \
     && apt-get -y dist-upgrade \
@@ -11,21 +18,41 @@ RUN apt-get update \
     libreadline-dev libsqlite3-dev wget llvm libncurses5-dev libncursesw5-dev \
     xz-utils tk-dev liblzma-dev netcat libyaml-dev
 
-    # install aws stuff
-RUN wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" && \
+
+# Download correct AWS CLI for arch
+RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
+      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \
+    else \
+      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \
+    fi && \
     unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \
     /tmp/aws-cli/aws/install && \
-    rm tmp/awscliv2.zip && \
-    rm -rf /tmp/aws-cli
+    rm /tmp/awscliv2.zip && rm -rf /tmp/aws-cli
 
-USER vscode
+# Download correct SAM CLI for arch
+RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
+      wget -O /tmp/aws-sam-cli.zip "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-arm64.zip"; \
+    else \
+      wget -O /tmp/aws-sam-cli.zip "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip"; \
+    fi && \
+    unzip /tmp/aws-sam-cli.zip -d /tmp/aws-sam-cli && \
+    /tmp/aws-sam-cli/install && \
+    rm /tmp/aws-sam-cli.zip && rm -rf /tmp/aws-sam-cli
 
 # Install ASDF
-RUN git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.14.1; \
-    echo '. $HOME/.asdf/asdf.sh' >> ~/.bashrc; \
-    echo '. $HOME/.asdf/completions/asdf.bash' >> ~/.bashrc;
+RUN ASDF_VERSION=$(awk '!/^#/ && NF {print $1; exit}' /tmp/.tool-versions.asdf) && \
+    if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then \
+        wget -O /tmp/asdf.tar.gz https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz; \
+    else \
+        wget -O /tmp/asdf.tar.gz https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz; \
+    fi && \
+    tar -xvzf /tmp/asdf.tar.gz && \
+    mv asdf /usr/bin
+
+
+USER vscode
 
-ENV PATH="$PATH:/home/vscode/.asdf/bin/:/workspaces/eps-cdk-utils/node_modules/.bin"
+ENV PATH="$PATH:/home/vscode/.asdf/shims/:/workspaces/eps-cdk-utils/node_modules/.bin"
 
 # Install ASDF plugins
 RUN asdf plugin add python; \
@@ -40,8 +67,5 @@ WORKDIR /workspaces/eps-workflow-quality-checks
 ADD .tool-versions /workspaces/eps-cdk-utils/.tool-versions
 ADD .tool-versions /home/vscode/.tool-versions
 
-RUN asdf install; \
-    asdf reshim python; \
-    asdf reshim poetry; \
-    asdf reshim nodejs; \
-    asdf direnv setup --shell bash --version 2.32.2;
+RUN asdf install python; \
+    asdf install

.github/config/settings.yml

@@ -0,0 +1 @@
+TAG_FORMAT: "v${version}"

.github/workflows/ci.yml

@@ -8,93 +8,59 @@ env:
   BRANCH_NAME: ${{ github.ref_name }}
 
 jobs:
-  quality_checks:
-    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.1.3
-    secrets:
-      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-
   get_commit_id:
     runs-on: ubuntu-22.04
     outputs:
       commit_id: ${{ steps.commit_id.outputs.commit_id }}
+      sha_short: ${{ steps.commit_id.outputs.sha_short }}
+
     steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+
       - name: Get Commit ID
         id: commit_id
         run: |
+          #  echo "commit_id=${{ github.sha }}" >> "$GITHUB_ENV"
           echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT"
-
-  tag_release:
-    needs: quality_checks
+          echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
+  get_asdf_version:
     runs-on: ubuntu-22.04
     outputs:
-      version_tag: ${{steps.output_version_tag.outputs.VERSION_TAG}}
+      asdf_version: ${{ steps.asdf-version.outputs.version }}
+      tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v5
-        with:
-          ref: ${{ env.BRANCH_NAME }}
-          fetch-depth: 0
-
-      # using git commit sha for version of action to ensure we have stable version
-      - name: Install asdf
-        uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302
-        with:
-          asdf_branch: v0.14.1
-
-      - name: Cache asdf
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.asdf
-          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
-          restore-keys: |
-            ${{ runner.os }}-asdf-
 
-      - name: Install asdf dependencies in .tool-versions
-        uses: asdf-vm/actions/install@1902764435ca0dd2f3388eea723a4f92a4eb8302
-        with:
-          asdf_branch: v0.14.1
-        env:
-          PYTHON_CONFIGURE_OPTS: --enable-shared
-
-      - name: Setting up .npmrc
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Get asdf version
+        id: asdf-version
+        run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT"
+      - name: Load config value
+        id: load-config
         run: |
-          echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc
-          echo "@NHSDigital:registry=https://npm.pkg.github.com" >> ~/.npmrc
-
-      - name: Install node packages
-        run: |
-          make install-node
+          TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml)
+          echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT"
+  quality_checks:
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@4a6d03ad51516eddc448daf454805f85fe2025b9
+    needs: [get_asdf_version, get_commit_id]
+    with:
+      asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
-      - name: Set VERSION_TAG env var to be short git SHA and get next tag version
-        id: output_version_tag
-        run: |
-          VERSION_TAG=$(git rev-parse --short HEAD)
-          npx semantic-release --dry-run > semantic-release-output.log
-          NEXT_VERSION=$(grep -i 'The next release version is' semantic-release-output.log | sed -E 's/.* ([[:digit:].]+)$/\1/')
-          if [ -z "${NEXT_VERSION}" ]
-          then
-            echo "Could not get next tag. Here is the log from semantic-release"
-            cat semantic-release-output.log
-            exit 1
-          fi
-          tagFormat=$(node -e "const config=require('./release.config.js'); console.log(config.tagFormat)")
-          if [ "${tagFormat}" = "null" ]
-          then
-            tagFormat="v\${version}"
-          fi
-          # disabling shellcheck as replace does not work
-          # shellcheck disable=SC2001
-          NEW_VERSION_TAG=$(echo "$tagFormat" | sed "s/\${version}/$NEXT_VERSION/")
-          echo "## VERSION TAG : ${VERSION_TAG}" >> "$GITHUB_STEP_SUMMARY"
-          echo "## NEXT TAG WILL BE : ${NEW_VERSION_TAG}" >> "$GITHUB_STEP_SUMMARY"
-          echo "VERSION_TAG=${VERSION_TAG}" >> "$GITHUB_OUTPUT"
-          echo "VERSION_TAG=${VERSION_TAG}" >> "$GITHUB_ENV"
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  tag_release:
+    needs: [quality_checks, get_commit_id, get_asdf_version]
+    uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@f80157cecce288dd175e61b477a1d2dbe9c88b99
+    with:
+      dry_run: false
+      asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
+      branch_name: main
+      publish_package: false
+      tag_format: ${{ needs.get_asdf_version.outputs.tag_format }}
+    secrets: inherit
 
   package_code:
     needs: [tag_release, quality_checks, get_commit_id]
@@ -141,3 +107,27 @@ jobs:
       DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}}
     secrets:
       CDK_PUSH_IMAGE_ROLE: ${{ secrets.REF_CDK_PUSH_IMAGE_ROLE }}
+
+  release_int:
+    needs: [tag_release, release_qa, package_code, get_commit_id]
+    uses: ./.github/workflows/docker_image_upload.yml
+    with:
+      AWS_ENVIRONMENT: int
+      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
+      TAG_LATEST: true
+      DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}}
+    secrets:
+      CDK_PUSH_IMAGE_ROLE: ${{ secrets.INT_CDK_PUSH_IMAGE_ROLE }}
+
+  release_prod:
+    needs: [tag_release, release_int, package_code, get_commit_id]
+    uses: ./.github/workflows/docker_image_upload.yml
+    with:
+      AWS_ENVIRONMENT: prod
+      VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
+      COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
+      TAG_LATEST: true
+      DOCKER_IMAGE_TAG: ${{needs.tag_release.outputs.version_tag}}
+    secrets:
+      CDK_PUSH_IMAGE_ROLE: ${{ secrets.PROD_CDK_PUSH_IMAGE_ROLE }}

.github/workflows/pull_request.yml

@@ -8,21 +8,33 @@ env:
   BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
 
 jobs:
-  pr_title_format_check:
-    uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/pr_title_check.yml@13024fccca97e125d448ca9bc4616cfd413197fe
+  get_asdf_version:
+    runs-on: ubuntu-22.04
+    outputs:
+      asdf_version: ${{ steps.asdf-version.outputs.version }}
+      tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
 
+      - name: Get asdf version
+        id: asdf-version
+        run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT"
+      - name: Load config value
+        id: load-config
+        run: |
+          TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml)
+          echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT"
+  pr_title_format_check:
+    uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/pr_title_check.yml@f80157cecce288dd175e61b477a1d2dbe9c88b99
   quality_checks:
-    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.1.3
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@4a6d03ad51516eddc448daf454805f85fe2025b9
+    needs: [get_asdf_version, get_commit_id]
+    with:
+      asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
-  dependabot-auto-approve-and-merge:
-    needs: quality_checks
-    uses: NHSDigital/eps-workflow-dependabot/.github/workflows/dependabot-auto-approve-and-merge.yml@5dd998ea44b2e412ea51544b565be3d67f54dc41
-    secrets:
-      AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
-      AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
-
   get_issue_number:
     runs-on: ubuntu-22.04
     outputs:

.tool-versions.asdf

@@ -0,0 +1,2 @@
+# define the .asdf-version to use here
+0.18.0