diff --git a/.github/actions/build-docs/action.yml b/.github/actions/build-docs/action.yml index 68d873e06..8b887bf34 100644 --- a/.github/actions/build-docs/action.yml +++ b/.github/actions/build-docs/action.yml @@ -4,6 +4,9 @@ inputs: version: description: "Version number" required: true + NODE_AUTH_TOKEN: + description: "Token for access to github package registry" + required: true runs: using: "composite" steps: @@ -12,8 +15,11 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 + registry-url: 'https://npm.pkg.github.com' - name: Npm cli install working-directory: . + env: + NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} run: npm ci shell: bash - name: Setup Ruby diff --git a/.github/actions/build-libraries/action.yml b/.github/actions/build-libraries/action.yml index 84a25b11d..14ac5231d 100644 --- a/.github/actions/build-libraries/action.yml +++ b/.github/actions/build-libraries/action.yml @@ -4,6 +4,9 @@ inputs: version: description: "Version number" required: true + NODE_AUTH_TOKEN: + description: "Token for access to github package registry" + required: true runs: using: "composite" steps: @@ -12,9 +15,12 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 + registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . + env: + NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} run: npm ci shell: bash diff --git a/.github/actions/build-proxies/action.yml b/.github/actions/build-proxies/action.yml index f1cc48595..5dcb872d1 100644 --- a/.github/actions/build-proxies/action.yml +++ b/.github/actions/build-proxies/action.yml @@ -28,6 +28,9 @@ inputs: nodejs_version: description: "Node.js version, set by the CI/CD pipeline workflow" required: true + NODE_AUTH_TOKEN: + description: "Token for access to github package registry" + required: true runs: using: composite @@ -38,6 +41,7 @@ runs: - uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} + registry-url: 'https://npm.pkg.github.com' - name: "Cache node_modules" uses: actions/cache@v4 @@ -50,6 +54,8 @@ runs: - name: Npm install working-directory: . + env: + NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} run: npm ci shell: bash diff --git a/.github/actions/build-sandbox/action.yml b/.github/actions/build-sandbox/action.yml index 5023383ce..5bcef84c2 100644 --- a/.github/actions/build-sandbox/action.yml +++ b/.github/actions/build-sandbox/action.yml @@ -4,6 +4,10 @@ inputs: version: description: "Version number" required: true + + NODE_AUTH_TOKEN: + description: "Token for access to github package registry" + required: true runs: using: composite @@ -13,9 +17,12 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 + registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . + env: + NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} run: npm ci shell: bash diff --git a/.github/actions/build-sdk/action.yml b/.github/actions/build-sdk/action.yml index 944bdd006..1231b2c25 100644 --- a/.github/actions/build-sdk/action.yml +++ b/.github/actions/build-sdk/action.yml @@ -4,6 +4,9 @@ inputs: version: description: "Version number" required: true + NODE_AUTH_TOKEN: + description: "Token for access to github package registry" + required: true runs: using: "composite" steps: @@ -12,9 +15,12 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 + registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . + env: + NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} run: npm ci shell: bash diff --git a/.github/actions/build-server/action.yml b/.github/actions/build-server/action.yml index fa2213fe2..c077fa3bc 100644 --- a/.github/actions/build-server/action.yml +++ b/.github/actions/build-server/action.yml @@ -4,6 +4,9 @@ inputs: version: description: "Version number" required: true + NODE_AUTH_TOKEN: + description: "Token for access to github package registry" + required: true runs: using: "composite" steps: @@ -12,9 +15,12 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 + registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . + env: + NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} run: npm ci shell: bash diff --git a/.github/workflows/manual-proxy-environment-deploy.yaml b/.github/workflows/manual-proxy-environment-deploy.yaml index dfbcb43a7..c8ca20fe2 100644 --- a/.github/workflows/manual-proxy-environment-deploy.yaml +++ b/.github/workflows/manual-proxy-environment-deploy.yaml @@ -21,6 +21,7 @@ on: permissions: contents: read + packages: read jobs: deploy-environment: @@ -36,6 +37,8 @@ jobs: - name: Npm install working-directory: . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: npm ci shell: bash @@ -87,3 +90,4 @@ jobs: runId: "${{ github.run_id }}" buildSandbox: ${{ inputs.build_sandbox }} releaseVersion: ${{ github.ref_name }} + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pr_closed.yaml b/.github/workflows/pr_closed.yaml index ebaeaf0d4..026ac9700 100644 --- a/.github/workflows/pr_closed.yaml +++ b/.github/workflows/pr_closed.yaml @@ -81,6 +81,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} + registry-url: 'https://npm.pkg.github.com' - name: check if local version differs from latest published version id: check-version @@ -114,7 +115,10 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} + registry-url: 'https://npm.pkg.github.com' - name: "Install dependencies" + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: npm ci - name: "Run provider contract tests" run: make test-contract @@ -143,6 +147,8 @@ jobs: registry-url: 'https://npm.pkg.github.com' - name: Install dependencies + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: npm ci - name: Publish to GitHub Packages diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index d1c137b14..44921ed9c 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -237,34 +237,6 @@ jobs: echo "Detected package version $version in main branch" echo "main_version=$version" >> $GITHUB_OUTPUT -# check-schemas-generated: -# name: Check event schemas have been regenerated -# needs: detect-event-schema-package-changes -# if: needs.detect-event-schema-package-changes.outputs.changed == 'true' -# runs-on: ubuntu-latest -# permissions: -# contents: read -# steps: -# - name: "Checkout code" -# uses: actions/checkout@v4 -# -# - name: "Cache node_modules" -# uses: actions/cache@v4 -# with: -# path: | -# **/node_modules -# key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }} -# restore-keys: | -# ${{ runner.os }}-node-${{ inputs.nodejs_version }}- -# -# - name: "Re-generate schemas" -# run: | -# npm ci -# npm --workspace internal/events run gen:jsonschema -# -# - name: Check for schema changes -# run: git diff --quiet internal/events/schemas - check-schema-version-change: name: Check event schema version has been updated needs: detect-event-schema-package-changes @@ -290,3 +262,43 @@ jobs: echo "Error: Event Schema package has changed, but new version ($local_version) is not a valid increment from latest version on main branch ($main_version)." exit 1 fi + + check-event-schemas-version-change: + name: Check for event schemas package version change + needs: detect-event-schema-package-changes + if: needs.detect-event-schema-package-changes.outputs.changed == 'true' + outputs: + version_changed: ${{ steps.check-version.outputs.version_changed }} + runs-on: ubuntu-latest + permissions: + contents: read + packages: read + steps: + - name: Checkout code + uses: actions/checkout@v5.0.0 + + - name: Setup NodeJS + uses: actions/setup-node@v4 + with: + node-version: ${{ inputs.nodejs_version }} + registry-url: 'https://npm.pkg.github.com' + + - name: check if local version differs from latest published version + id: check-version + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + published_version=$(npm view @nhsdigital/nhs-notify-event-schemas-supplier-api --json 2>/dev/null | jq -r '.["dist-tags"].latest // "null"') + echo "Published version: $published_version" + + local_version=$(jq -r '.version' internal/events/package.json) + echo "Local version: $local_version" + + if [[ $local_version = $published_version ]]; then + echo "ERROR: Local version is the same as the latest published version, but event schemas have changed" + echo "version_changed=false" >> $GITHUB_OUTPUT + exit 1 + else + echo "Local version is different to the latest published version - a new version will be published" + echo "version_changed=true" >> $GITHUB_OUTPUT + fi diff --git a/.github/workflows/stage-2-test.yaml b/.github/workflows/stage-2-test.yaml index 29c5cd0c3..d8646f201 100644 --- a/.github/workflows/stage-2-test.yaml +++ b/.github/workflows/stage-2-test.yaml @@ -39,6 +39,7 @@ env: permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout + packages: read # This is required for downloading from GitHub Package Registry jobs: check-generated-dependencies: @@ -57,6 +58,8 @@ jobs: restore-keys: | ${{ runner.os }}-node-${{ inputs.nodejs_version }}- - name: "Repo setup" + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | npm ci - name: "Generate dependencies" @@ -79,6 +82,8 @@ jobs: restore-keys: | ${{ runner.os }}-node-${{ inputs.nodejs_version }}- - name: "Repo setup" + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | npm ci - name: "Generate dependencies" @@ -115,6 +120,8 @@ jobs: restore-keys: | ${{ runner.os }}-node-${{ inputs.nodejs_version }}- - name: "Repo setup" + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | npm ci - name: "Generate dependencies" @@ -139,6 +146,8 @@ jobs: restore-keys: | ${{ runner.os }}-node-${{ inputs.nodejs_version }}- - name: "Repo setup" + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | npm ci - name: "Generate dependencies" diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index e21d72864..474b90944 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -39,6 +39,8 @@ on: permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout + packages: read # This is required for downloading from GitHub Package Registry + jobs: artefact-jekyll-docs: name: "Build Docs" @@ -51,6 +53,7 @@ jobs: uses: ./.github/actions/build-docs with: version: "${{ inputs.version }}" + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} artefact-sdks: name: "Build SDKs" @@ -63,6 +66,7 @@ jobs: uses: ./.github/actions/build-sdk with: version: "${{ inputs.version }}" + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Take out for now - might add again in the future # artefact-servers: @@ -133,3 +137,4 @@ jobs: buildSandbox: true releaseVersion: ${{ github.head_ref || github.ref_name }} nodejs_version: ${{ inputs.nodejs_version }} + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.npmrc b/.npmrc new file mode 100644 index 000000000..15cc47357 --- /dev/null +++ b/.npmrc @@ -0,0 +1 @@ +@nhsdigital:registry=https://npm.pkg.github.com