From b0405358ed9a933edab1baef7ec8e60593d29cef Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 5 Dec 2025 10:20:44 +0000 Subject: [PATCH 01/14] Add GitHub NPM registry configuration to .npmrc --- .npmrc | 1 + 1 file changed, 1 insertion(+) create mode 100644 .npmrc diff --git a/.npmrc b/.npmrc new file mode 100644 index 000000000..15cc47357 --- /dev/null +++ b/.npmrc @@ -0,0 +1 @@ +@nhsdigital:registry=https://npm.pkg.github.com From ffb8d5c5f61eae863ed412e5659394391357122d Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 5 Dec 2025 10:27:29 +0000 Subject: [PATCH 02/14] Add version check and Node.js setup to CI workflow --- .github/workflows/stage-1-commit.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index d1c137b14..15c1fdf5c 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -272,6 +272,7 @@ jobs: runs-on: ubuntu-latest permissions: contents: read + packages: read steps: - name: Checkout code uses: actions/checkout@v4 @@ -290,3 +291,25 @@ jobs: echo "Error: Event Schema package has changed, but new version ($local_version) is not a valid increment from latest version on main branch ($main_version)." exit 1 fi + + - name: Setup NodeJS + uses: actions/setup-node@v4 + with: + node-version: ${{ inputs.nodejs_version }} + + - name: Check if local version differs from latest published version + id: check-version + run: | + published_version=$(npm view @nhsdigital/nhs-notify-event-schemas-supplier-api --json 2>/dev/null | jq -r '.["dist-tags"].latest // "null"') + echo "Published version: $published_version" + + local_version=$(jq -r '.version' internal/events/package.json) + echo "Local version: $local_version" + + if [[ $local_version = $published_version ]]; then + echo "Local version is the same as the latest published version - skipping publish" + echo "version_changed=false" >> $GITHUB_OUTPUT + else + echo "Local version is different to the latest published version - publishing new version" + echo "version_changed=true" >> $GITHUB_OUTPUT + fi From c307fc981ff307d95ebacca29abcb37781f7bef0 Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 5 Dec 2025 10:32:27 +0000 Subject: [PATCH 03/14] TO REVERT AFTER TEST: conditional check for event schema version update --- .github/workflows/stage-1-commit.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index 15c1fdf5c..a464f734e 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -268,7 +268,7 @@ jobs: check-schema-version-change: name: Check event schema version has been updated needs: detect-event-schema-package-changes - if: needs.detect-event-schema-package-changes.outputs.changed == 'true' + #if: needs.detect-event-schema-package-changes.outputs.changed == 'true' #REVERT runs-on: ubuntu-latest permissions: contents: read From 46c8402e96c98b556d8be25f66f60dc40bce5643 Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 5 Dec 2025 10:39:39 +0000 Subject: [PATCH 04/14] Refactor event schema version checks in CI workflow --- .github/workflows/stage-1-commit.yaml | 52 ++++++++++----------------- 1 file changed, 19 insertions(+), 33 deletions(-) diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index a464f734e..0a4094b60 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -237,42 +237,13 @@ jobs: echo "Detected package version $version in main branch" echo "main_version=$version" >> $GITHUB_OUTPUT -# check-schemas-generated: -# name: Check event schemas have been regenerated -# needs: detect-event-schema-package-changes -# if: needs.detect-event-schema-package-changes.outputs.changed == 'true' -# runs-on: ubuntu-latest -# permissions: -# contents: read -# steps: -# - name: "Checkout code" -# uses: actions/checkout@v4 -# -# - name: "Cache node_modules" -# uses: actions/cache@v4 -# with: -# path: | -# **/node_modules -# key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }} -# restore-keys: | -# ${{ runner.os }}-node-${{ inputs.nodejs_version }}- -# -# - name: "Re-generate schemas" -# run: | -# npm ci -# npm --workspace internal/events run gen:jsonschema -# -# - name: Check for schema changes -# run: git diff --quiet internal/events/schemas - check-schema-version-change: name: Check event schema version has been updated needs: detect-event-schema-package-changes - #if: needs.detect-event-schema-package-changes.outputs.changed == 'true' #REVERT + if: needs.detect-event-schema-package-changes.outputs.changed == 'true' runs-on: ubuntu-latest permissions: contents: read - packages: read steps: - name: Checkout code uses: actions/checkout@v4 @@ -292,12 +263,26 @@ jobs: exit 1 fi + check-event-schemas-version-change: + name: Check for event schemas package version change + needs: detect-event-schema-package-changes + # if: needs.detect-event-schema-package-changes.outputs.changed == 'true' + outputs: + version_changed: ${{ steps.check-version.outputs.version_changed }} + runs-on: ubuntu-latest + permissions: + contents: read + packages: read + steps: + - name: Checkout code + uses: actions/checkout@v5.0.0 + - name: Setup NodeJS uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} - - name: Check if local version differs from latest published version + - name: check if local version differs from latest published version id: check-version run: | published_version=$(npm view @nhsdigital/nhs-notify-event-schemas-supplier-api --json 2>/dev/null | jq -r '.["dist-tags"].latest // "null"') @@ -307,9 +292,10 @@ jobs: echo "Local version: $local_version" if [[ $local_version = $published_version ]]; then - echo "Local version is the same as the latest published version - skipping publish" + echo "ERROR: Local version is the same as the latest published version, but event schemas have changed" echo "version_changed=false" >> $GITHUB_OUTPUT + exit 1 else - echo "Local version is different to the latest published version - publishing new version" + echo "Local version is different to the latest published version - a new version will be published" echo "version_changed=true" >> $GITHUB_OUTPUT fi From f1444fd68bf5166167e11d042843bcacc4fcb784 Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 5 Dec 2025 10:44:29 +0000 Subject: [PATCH 05/14] Add GitHub NPM registry URL to Node.js setup in workflows --- .github/actions/build-docs/action.yml | 1 + .github/actions/build-libraries/action.yml | 1 + .github/actions/build-proxies/action.yml | 1 + .github/actions/build-sandbox/action.yml | 1 + .github/actions/build-sdk/action.yml | 1 + .github/actions/build-server/action.yml | 1 + .github/workflows/pr_closed.yaml | 2 ++ .github/workflows/stage-1-commit.yaml | 1 + 8 files changed, 9 insertions(+) diff --git a/.github/actions/build-docs/action.yml b/.github/actions/build-docs/action.yml index 68d873e06..937c5ce80 100644 --- a/.github/actions/build-docs/action.yml +++ b/.github/actions/build-docs/action.yml @@ -12,6 +12,7 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 + registry-url: 'https://npm.pkg.github.com' - name: Npm cli install working-directory: . run: npm ci diff --git a/.github/actions/build-libraries/action.yml b/.github/actions/build-libraries/action.yml index 84a25b11d..cfd082d73 100644 --- a/.github/actions/build-libraries/action.yml +++ b/.github/actions/build-libraries/action.yml @@ -12,6 +12,7 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 + registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . diff --git a/.github/actions/build-proxies/action.yml b/.github/actions/build-proxies/action.yml index f1cc48595..d2227bfe8 100644 --- a/.github/actions/build-proxies/action.yml +++ b/.github/actions/build-proxies/action.yml @@ -38,6 +38,7 @@ runs: - uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} + registry-url: 'https://npm.pkg.github.com' - name: "Cache node_modules" uses: actions/cache@v4 diff --git a/.github/actions/build-sandbox/action.yml b/.github/actions/build-sandbox/action.yml index 5023383ce..8d25938f6 100644 --- a/.github/actions/build-sandbox/action.yml +++ b/.github/actions/build-sandbox/action.yml @@ -13,6 +13,7 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 + registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . diff --git a/.github/actions/build-sdk/action.yml b/.github/actions/build-sdk/action.yml index 944bdd006..e0b95d703 100644 --- a/.github/actions/build-sdk/action.yml +++ b/.github/actions/build-sdk/action.yml @@ -12,6 +12,7 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 + registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . diff --git a/.github/actions/build-server/action.yml b/.github/actions/build-server/action.yml index fa2213fe2..c11e2c61a 100644 --- a/.github/actions/build-server/action.yml +++ b/.github/actions/build-server/action.yml @@ -12,6 +12,7 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 + registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . diff --git a/.github/workflows/pr_closed.yaml b/.github/workflows/pr_closed.yaml index 1c6c8c1e6..ab6a353d8 100644 --- a/.github/workflows/pr_closed.yaml +++ b/.github/workflows/pr_closed.yaml @@ -83,6 +83,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} + registry-url: 'https://npm.pkg.github.com' - name: check if local version differs from latest published version id: check-version @@ -116,6 +117,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} + registry-url: 'https://npm.pkg.github.com' - name: "Install dependencies" run: npm ci - name: "Run provider contract tests" diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index 0a4094b60..a45b86d2e 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -281,6 +281,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} + registry-url: 'https://npm.pkg.github.com' - name: check if local version differs from latest published version id: check-version From 59d8846742b829e55e8685e052c5f59a85e8688f Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 5 Dec 2025 10:57:31 +0000 Subject: [PATCH 06/14] Log npm response --- .github/workflows/stage-1-commit.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index a45b86d2e..5ba825c59 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -286,6 +286,7 @@ jobs: - name: check if local version differs from latest published version id: check-version run: | + npm view @nhsdigital/nhs-notify-event-schemas-supplier-api --json published_version=$(npm view @nhsdigital/nhs-notify-event-schemas-supplier-api --json 2>/dev/null | jq -r '.["dist-tags"].latest // "null"') echo "Published version: $published_version" From d7a665c08a13326930f72f469fb5b351fcb27e31 Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 5 Dec 2025 12:08:39 +0000 Subject: [PATCH 07/14] Add NODE_AUTH_TOKEN to GitHub Actions environment for NPM access --- .github/workflows/stage-1-commit.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index 5ba825c59..a900ab400 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -273,6 +273,8 @@ jobs: permissions: contents: read packages: read + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - name: Checkout code uses: actions/checkout@v5.0.0 From 5741a86f4b10bfeeef7004734f2b829150400c55 Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 5 Dec 2025 12:12:16 +0000 Subject: [PATCH 08/14] Revert "Add GitHub NPM registry URL to Node.js setup in workflows" This reverts commit f1444fd68bf5166167e11d042843bcacc4fcb784. --- .github/actions/build-docs/action.yml | 1 - .github/actions/build-libraries/action.yml | 1 - .github/actions/build-proxies/action.yml | 1 - .github/actions/build-sandbox/action.yml | 1 - .github/actions/build-sdk/action.yml | 1 - .github/actions/build-server/action.yml | 1 - .github/workflows/pr_closed.yaml | 2 -- .github/workflows/stage-1-commit.yaml | 1 - 8 files changed, 9 deletions(-) diff --git a/.github/actions/build-docs/action.yml b/.github/actions/build-docs/action.yml index 937c5ce80..68d873e06 100644 --- a/.github/actions/build-docs/action.yml +++ b/.github/actions/build-docs/action.yml @@ -12,7 +12,6 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 - registry-url: 'https://npm.pkg.github.com' - name: Npm cli install working-directory: . run: npm ci diff --git a/.github/actions/build-libraries/action.yml b/.github/actions/build-libraries/action.yml index cfd082d73..84a25b11d 100644 --- a/.github/actions/build-libraries/action.yml +++ b/.github/actions/build-libraries/action.yml @@ -12,7 +12,6 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 - registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . diff --git a/.github/actions/build-proxies/action.yml b/.github/actions/build-proxies/action.yml index d2227bfe8..f1cc48595 100644 --- a/.github/actions/build-proxies/action.yml +++ b/.github/actions/build-proxies/action.yml @@ -38,7 +38,6 @@ runs: - uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} - registry-url: 'https://npm.pkg.github.com' - name: "Cache node_modules" uses: actions/cache@v4 diff --git a/.github/actions/build-sandbox/action.yml b/.github/actions/build-sandbox/action.yml index 8d25938f6..5023383ce 100644 --- a/.github/actions/build-sandbox/action.yml +++ b/.github/actions/build-sandbox/action.yml @@ -13,7 +13,6 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 - registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . diff --git a/.github/actions/build-sdk/action.yml b/.github/actions/build-sdk/action.yml index e0b95d703..944bdd006 100644 --- a/.github/actions/build-sdk/action.yml +++ b/.github/actions/build-sdk/action.yml @@ -12,7 +12,6 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 - registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . diff --git a/.github/actions/build-server/action.yml b/.github/actions/build-server/action.yml index c11e2c61a..fa2213fe2 100644 --- a/.github/actions/build-server/action.yml +++ b/.github/actions/build-server/action.yml @@ -12,7 +12,6 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 - registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . diff --git a/.github/workflows/pr_closed.yaml b/.github/workflows/pr_closed.yaml index ab6a353d8..1c6c8c1e6 100644 --- a/.github/workflows/pr_closed.yaml +++ b/.github/workflows/pr_closed.yaml @@ -83,7 +83,6 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} - registry-url: 'https://npm.pkg.github.com' - name: check if local version differs from latest published version id: check-version @@ -117,7 +116,6 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} - registry-url: 'https://npm.pkg.github.com' - name: "Install dependencies" run: npm ci - name: "Run provider contract tests" diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index a900ab400..d2c8f6a03 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -283,7 +283,6 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} - registry-url: 'https://npm.pkg.github.com' - name: check if local version differs from latest published version id: check-version From c427d03828d2893698c990b1092be0e6bc5f6ede Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 5 Dec 2025 12:24:34 +0000 Subject: [PATCH 09/14] Move NODE_AUTH_TOKEN to npm view step in CI workflow --- .github/workflows/stage-1-commit.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index d2c8f6a03..f91425bd5 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -273,8 +273,6 @@ jobs: permissions: contents: read packages: read - env: - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - name: Checkout code uses: actions/checkout@v5.0.0 @@ -286,7 +284,10 @@ jobs: - name: check if local version differs from latest published version id: check-version + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | + cat .npmrc npm view @nhsdigital/nhs-notify-event-schemas-supplier-api --json published_version=$(npm view @nhsdigital/nhs-notify-event-schemas-supplier-api --json 2>/dev/null | jq -r '.["dist-tags"].latest // "null"') echo "Published version: $published_version" From 8981a44857318c33a3b9073b7d816ae2b3e035d1 Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 5 Dec 2025 12:25:32 +0000 Subject: [PATCH 10/14] Reapply "Add GitHub NPM registry URL to Node.js setup in workflows" This reverts commit 5741a86f4b10bfeeef7004734f2b829150400c55. --- .github/actions/build-docs/action.yml | 1 + .github/actions/build-libraries/action.yml | 1 + .github/actions/build-proxies/action.yml | 1 + .github/actions/build-sandbox/action.yml | 1 + .github/actions/build-sdk/action.yml | 1 + .github/actions/build-server/action.yml | 1 + .github/workflows/pr_closed.yaml | 2 ++ .github/workflows/stage-1-commit.yaml | 1 + 8 files changed, 9 insertions(+) diff --git a/.github/actions/build-docs/action.yml b/.github/actions/build-docs/action.yml index 68d873e06..937c5ce80 100644 --- a/.github/actions/build-docs/action.yml +++ b/.github/actions/build-docs/action.yml @@ -12,6 +12,7 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 + registry-url: 'https://npm.pkg.github.com' - name: Npm cli install working-directory: . run: npm ci diff --git a/.github/actions/build-libraries/action.yml b/.github/actions/build-libraries/action.yml index 84a25b11d..cfd082d73 100644 --- a/.github/actions/build-libraries/action.yml +++ b/.github/actions/build-libraries/action.yml @@ -12,6 +12,7 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 + registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . diff --git a/.github/actions/build-proxies/action.yml b/.github/actions/build-proxies/action.yml index f1cc48595..d2227bfe8 100644 --- a/.github/actions/build-proxies/action.yml +++ b/.github/actions/build-proxies/action.yml @@ -38,6 +38,7 @@ runs: - uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} + registry-url: 'https://npm.pkg.github.com' - name: "Cache node_modules" uses: actions/cache@v4 diff --git a/.github/actions/build-sandbox/action.yml b/.github/actions/build-sandbox/action.yml index 5023383ce..8d25938f6 100644 --- a/.github/actions/build-sandbox/action.yml +++ b/.github/actions/build-sandbox/action.yml @@ -13,6 +13,7 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 + registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . diff --git a/.github/actions/build-sdk/action.yml b/.github/actions/build-sdk/action.yml index 944bdd006..e0b95d703 100644 --- a/.github/actions/build-sdk/action.yml +++ b/.github/actions/build-sdk/action.yml @@ -12,6 +12,7 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 + registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . diff --git a/.github/actions/build-server/action.yml b/.github/actions/build-server/action.yml index fa2213fe2..c11e2c61a 100644 --- a/.github/actions/build-server/action.yml +++ b/.github/actions/build-server/action.yml @@ -12,6 +12,7 @@ runs: - uses: actions/setup-node@v4 with: node-version: 22 + registry-url: 'https://npm.pkg.github.com' - name: Npm install working-directory: . diff --git a/.github/workflows/pr_closed.yaml b/.github/workflows/pr_closed.yaml index 1c6c8c1e6..ab6a353d8 100644 --- a/.github/workflows/pr_closed.yaml +++ b/.github/workflows/pr_closed.yaml @@ -83,6 +83,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} + registry-url: 'https://npm.pkg.github.com' - name: check if local version differs from latest published version id: check-version @@ -116,6 +117,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} + registry-url: 'https://npm.pkg.github.com' - name: "Install dependencies" run: npm ci - name: "Run provider contract tests" diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index f91425bd5..0fd93e7bb 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -281,6 +281,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ inputs.nodejs_version }} + registry-url: 'https://npm.pkg.github.com' - name: check if local version differs from latest published version id: check-version From fbf2e9df69c9328c6006bbfa6be35353b1be5c40 Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 5 Dec 2025 12:31:45 +0000 Subject: [PATCH 11/14] Add NODE_AUTH_TOKEN to NPM install steps in workflows --- .github/actions/build-docs/action.yml | 2 ++ .github/actions/build-libraries/action.yml | 2 ++ .github/actions/build-proxies/action.yml | 2 ++ .github/actions/build-sandbox/action.yml | 2 ++ .github/actions/build-sdk/action.yml | 2 ++ .github/actions/build-server/action.yml | 2 ++ .github/workflows/manual-proxy-environment-deploy.yaml | 2 ++ .github/workflows/pr_closed.yaml | 4 ++++ .github/workflows/stage-1-commit.yaml | 2 -- .github/workflows/stage-2-test.yaml | 8 ++++++++ 10 files changed, 26 insertions(+), 2 deletions(-) diff --git a/.github/actions/build-docs/action.yml b/.github/actions/build-docs/action.yml index 937c5ce80..d78ad6313 100644 --- a/.github/actions/build-docs/action.yml +++ b/.github/actions/build-docs/action.yml @@ -15,6 +15,8 @@ runs: registry-url: 'https://npm.pkg.github.com' - name: Npm cli install working-directory: . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: npm ci shell: bash - name: Setup Ruby diff --git a/.github/actions/build-libraries/action.yml b/.github/actions/build-libraries/action.yml index cfd082d73..87bf5d204 100644 --- a/.github/actions/build-libraries/action.yml +++ b/.github/actions/build-libraries/action.yml @@ -16,6 +16,8 @@ runs: - name: Npm install working-directory: . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: npm ci shell: bash diff --git a/.github/actions/build-proxies/action.yml b/.github/actions/build-proxies/action.yml index d2227bfe8..882c79b7a 100644 --- a/.github/actions/build-proxies/action.yml +++ b/.github/actions/build-proxies/action.yml @@ -51,6 +51,8 @@ runs: - name: Npm install working-directory: . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: npm ci shell: bash diff --git a/.github/actions/build-sandbox/action.yml b/.github/actions/build-sandbox/action.yml index 8d25938f6..a913705e8 100644 --- a/.github/actions/build-sandbox/action.yml +++ b/.github/actions/build-sandbox/action.yml @@ -17,6 +17,8 @@ runs: - name: Npm install working-directory: . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: npm ci shell: bash diff --git a/.github/actions/build-sdk/action.yml b/.github/actions/build-sdk/action.yml index e0b95d703..3c8d743ab 100644 --- a/.github/actions/build-sdk/action.yml +++ b/.github/actions/build-sdk/action.yml @@ -16,6 +16,8 @@ runs: - name: Npm install working-directory: . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: npm ci shell: bash diff --git a/.github/actions/build-server/action.yml b/.github/actions/build-server/action.yml index c11e2c61a..ad9c179c5 100644 --- a/.github/actions/build-server/action.yml +++ b/.github/actions/build-server/action.yml @@ -16,6 +16,8 @@ runs: - name: Npm install working-directory: . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: npm ci shell: bash diff --git a/.github/workflows/manual-proxy-environment-deploy.yaml b/.github/workflows/manual-proxy-environment-deploy.yaml index dfbcb43a7..57fbd10a7 100644 --- a/.github/workflows/manual-proxy-environment-deploy.yaml +++ b/.github/workflows/manual-proxy-environment-deploy.yaml @@ -36,6 +36,8 @@ jobs: - name: Npm install working-directory: . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: npm ci shell: bash diff --git a/.github/workflows/pr_closed.yaml b/.github/workflows/pr_closed.yaml index ab6a353d8..00d9fba66 100644 --- a/.github/workflows/pr_closed.yaml +++ b/.github/workflows/pr_closed.yaml @@ -119,6 +119,8 @@ jobs: node-version: ${{ inputs.nodejs_version }} registry-url: 'https://npm.pkg.github.com' - name: "Install dependencies" + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: npm ci - name: "Run provider contract tests" run: make test-contract @@ -147,6 +149,8 @@ jobs: registry-url: 'https://npm.pkg.github.com' - name: Install dependencies + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: npm ci - name: Publish to GitHub Packages diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index 0fd93e7bb..c9bef1299 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -288,8 +288,6 @@ jobs: env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - cat .npmrc - npm view @nhsdigital/nhs-notify-event-schemas-supplier-api --json published_version=$(npm view @nhsdigital/nhs-notify-event-schemas-supplier-api --json 2>/dev/null | jq -r '.["dist-tags"].latest // "null"') echo "Published version: $published_version" diff --git a/.github/workflows/stage-2-test.yaml b/.github/workflows/stage-2-test.yaml index 29c5cd0c3..b41f6b9dc 100644 --- a/.github/workflows/stage-2-test.yaml +++ b/.github/workflows/stage-2-test.yaml @@ -57,6 +57,8 @@ jobs: restore-keys: | ${{ runner.os }}-node-${{ inputs.nodejs_version }}- - name: "Repo setup" + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | npm ci - name: "Generate dependencies" @@ -79,6 +81,8 @@ jobs: restore-keys: | ${{ runner.os }}-node-${{ inputs.nodejs_version }}- - name: "Repo setup" + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | npm ci - name: "Generate dependencies" @@ -115,6 +119,8 @@ jobs: restore-keys: | ${{ runner.os }}-node-${{ inputs.nodejs_version }}- - name: "Repo setup" + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | npm ci - name: "Generate dependencies" @@ -139,6 +145,8 @@ jobs: restore-keys: | ${{ runner.os }}-node-${{ inputs.nodejs_version }}- - name: "Repo setup" + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | npm ci - name: "Generate dependencies" From 113bbe512535c21f78007cc12e0a5c56d4eecf09 Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 5 Dec 2025 12:35:27 +0000 Subject: [PATCH 12/14] Re-enable conditional check on published package check --- .github/workflows/stage-1-commit.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index c9bef1299..44921ed9c 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -266,7 +266,7 @@ jobs: check-event-schemas-version-change: name: Check for event schemas package version change needs: detect-event-schema-package-changes - # if: needs.detect-event-schema-package-changes.outputs.changed == 'true' + if: needs.detect-event-schema-package-changes.outputs.changed == 'true' outputs: version_changed: ${{ steps.check-version.outputs.version_changed }} runs-on: ubuntu-latest From 032e48f8ee64c232555963ecd0e8cd021d2fa148 Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 5 Dec 2025 12:53:22 +0000 Subject: [PATCH 13/14] Add NODE_AUTH_TOKEN input for GitHub package registry access in workflows --- .github/actions/build-docs/action.yml | 5 ++++- .github/actions/build-proxies/action.yml | 3 +++ .github/actions/build-sandbox/action.yml | 6 +++++- .github/actions/build-sdk/action.yml | 5 ++++- .github/workflows/manual-proxy-environment-deploy.yaml | 1 + .github/workflows/stage-3-build.yaml | 3 +++ 6 files changed, 20 insertions(+), 3 deletions(-) diff --git a/.github/actions/build-docs/action.yml b/.github/actions/build-docs/action.yml index d78ad6313..8b887bf34 100644 --- a/.github/actions/build-docs/action.yml +++ b/.github/actions/build-docs/action.yml @@ -4,6 +4,9 @@ inputs: version: description: "Version number" required: true + NODE_AUTH_TOKEN: + description: "Token for access to github package registry" + required: true runs: using: "composite" steps: @@ -16,7 +19,7 @@ runs: - name: Npm cli install working-directory: . env: - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} run: npm ci shell: bash - name: Setup Ruby diff --git a/.github/actions/build-proxies/action.yml b/.github/actions/build-proxies/action.yml index 882c79b7a..3198cfe72 100644 --- a/.github/actions/build-proxies/action.yml +++ b/.github/actions/build-proxies/action.yml @@ -28,6 +28,9 @@ inputs: nodejs_version: description: "Node.js version, set by the CI/CD pipeline workflow" required: true + NODE_AUTH_TOKEN: + description: "Token for access to github package registry" + required: true runs: using: composite diff --git a/.github/actions/build-sandbox/action.yml b/.github/actions/build-sandbox/action.yml index a913705e8..5bcef84c2 100644 --- a/.github/actions/build-sandbox/action.yml +++ b/.github/actions/build-sandbox/action.yml @@ -4,6 +4,10 @@ inputs: version: description: "Version number" required: true + + NODE_AUTH_TOKEN: + description: "Token for access to github package registry" + required: true runs: using: composite @@ -18,7 +22,7 @@ runs: - name: Npm install working-directory: . env: - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} run: npm ci shell: bash diff --git a/.github/actions/build-sdk/action.yml b/.github/actions/build-sdk/action.yml index 3c8d743ab..1231b2c25 100644 --- a/.github/actions/build-sdk/action.yml +++ b/.github/actions/build-sdk/action.yml @@ -4,6 +4,9 @@ inputs: version: description: "Version number" required: true + NODE_AUTH_TOKEN: + description: "Token for access to github package registry" + required: true runs: using: "composite" steps: @@ -17,7 +20,7 @@ runs: - name: Npm install working-directory: . env: - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} run: npm ci shell: bash diff --git a/.github/workflows/manual-proxy-environment-deploy.yaml b/.github/workflows/manual-proxy-environment-deploy.yaml index 57fbd10a7..03399d5dd 100644 --- a/.github/workflows/manual-proxy-environment-deploy.yaml +++ b/.github/workflows/manual-proxy-environment-deploy.yaml @@ -89,3 +89,4 @@ jobs: runId: "${{ github.run_id }}" buildSandbox: ${{ inputs.build_sandbox }} releaseVersion: ${{ github.ref_name }} + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index e21d72864..5e6cdf5d3 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -51,6 +51,7 @@ jobs: uses: ./.github/actions/build-docs with: version: "${{ inputs.version }}" + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} artefact-sdks: name: "Build SDKs" @@ -63,6 +64,7 @@ jobs: uses: ./.github/actions/build-sdk with: version: "${{ inputs.version }}" + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Take out for now - might add again in the future # artefact-servers: @@ -133,3 +135,4 @@ jobs: buildSandbox: true releaseVersion: ${{ github.head_ref || github.ref_name }} nodejs_version: ${{ inputs.nodejs_version }} + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} From f24f37a43cf68055029eeb10367a6014682c6b5e Mon Sep 17 00:00:00 2001 From: Mike Houston Date: Fri, 5 Dec 2025 13:00:26 +0000 Subject: [PATCH 14/14] Add packages:read to permissions --- .github/actions/build-libraries/action.yml | 5 ++++- .github/actions/build-proxies/action.yml | 2 +- .github/actions/build-server/action.yml | 5 ++++- .github/workflows/manual-proxy-environment-deploy.yaml | 1 + .github/workflows/stage-2-test.yaml | 1 + .github/workflows/stage-3-build.yaml | 2 ++ 6 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/actions/build-libraries/action.yml b/.github/actions/build-libraries/action.yml index 87bf5d204..14ac5231d 100644 --- a/.github/actions/build-libraries/action.yml +++ b/.github/actions/build-libraries/action.yml @@ -4,6 +4,9 @@ inputs: version: description: "Version number" required: true + NODE_AUTH_TOKEN: + description: "Token for access to github package registry" + required: true runs: using: "composite" steps: @@ -17,7 +20,7 @@ runs: - name: Npm install working-directory: . env: - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} run: npm ci shell: bash diff --git a/.github/actions/build-proxies/action.yml b/.github/actions/build-proxies/action.yml index 3198cfe72..5dcb872d1 100644 --- a/.github/actions/build-proxies/action.yml +++ b/.github/actions/build-proxies/action.yml @@ -55,7 +55,7 @@ runs: - name: Npm install working-directory: . env: - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} run: npm ci shell: bash diff --git a/.github/actions/build-server/action.yml b/.github/actions/build-server/action.yml index ad9c179c5..c077fa3bc 100644 --- a/.github/actions/build-server/action.yml +++ b/.github/actions/build-server/action.yml @@ -4,6 +4,9 @@ inputs: version: description: "Version number" required: true + NODE_AUTH_TOKEN: + description: "Token for access to github package registry" + required: true runs: using: "composite" steps: @@ -17,7 +20,7 @@ runs: - name: Npm install working-directory: . env: - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ inputs.NODE_AUTH_TOKEN }} run: npm ci shell: bash diff --git a/.github/workflows/manual-proxy-environment-deploy.yaml b/.github/workflows/manual-proxy-environment-deploy.yaml index 03399d5dd..c8ca20fe2 100644 --- a/.github/workflows/manual-proxy-environment-deploy.yaml +++ b/.github/workflows/manual-proxy-environment-deploy.yaml @@ -21,6 +21,7 @@ on: permissions: contents: read + packages: read jobs: deploy-environment: diff --git a/.github/workflows/stage-2-test.yaml b/.github/workflows/stage-2-test.yaml index b41f6b9dc..d8646f201 100644 --- a/.github/workflows/stage-2-test.yaml +++ b/.github/workflows/stage-2-test.yaml @@ -39,6 +39,7 @@ env: permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout + packages: read # This is required for downloading from GitHub Package Registry jobs: check-generated-dependencies: diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 5e6cdf5d3..474b90944 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -39,6 +39,8 @@ on: permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout + packages: read # This is required for downloading from GitHub Package Registry + jobs: artefact-jekyll-docs: name: "Build Docs"