Skip to content

Commit a744055

Browse files
Merge pull request #1154 from NHSDigital/feature/made14-NRL-1922-refixup-sonarqube
[NRL-1922] Fix up some Sonarqube issues
2 parents 771918e + eb96865 commit a744055

File tree

68 files changed

+203
-625
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

68 files changed

+203
-625
lines changed

.github/workflows/activate-stack.yml

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -15,16 +15,15 @@ on:
1515
required: true
1616
type: string
1717

18-
permissions:
19-
id-token: write
20-
contents: read
21-
actions: write
22-
2318
jobs:
2419
activate-stack:
2520
name: Activate ${{ inputs.stack_name }} for ${{ inputs.environment }}
2621
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
2722
environment: ${{ inputs.environment }}
23+
permissions:
24+
contents: read
25+
id-token: write
26+
actions: write
2827

2928
steps:
3029
- name: Git clone - ${{ github.ref }}

.github/workflows/deploy-account-wide-infra.yml

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,11 +13,6 @@ on:
1313
description: Branch to deploy
1414
required: true
1515

16-
permissions:
17-
id-token: write
18-
contents: read
19-
actions: write
20-
2116
jobs:
2217
check-selected-environment:
2318
name: Check Workflow Env
@@ -39,6 +34,10 @@ jobs:
3934
environment: ${{ inputs.environment }}
4035
needs: [check-selected-environment]
4136
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
37+
permissions:
38+
contents: read
39+
id-token: write
40+
actions: write
4241

4342
steps:
4443
- name: Git clone - ${{ inputs.branch_name }}
@@ -116,6 +115,10 @@ jobs:
116115
needs: [terraform-plan]
117116
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
118117
environment: ${{ inputs.environment }}
118+
permissions:
119+
contents: read
120+
id-token: write
121+
actions: write
119122

120123
steps:
121124
- name: Git clone - ${{ inputs.branch_name }}

.github/workflows/persistent-environment.yml

Lines changed: 22 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -14,15 +14,14 @@ on:
1414
description: Branch to deploy
1515
required: true
1616

17-
permissions:
18-
id-token: write
19-
contents: read
20-
actions: write
21-
2217
jobs:
2318
build:
2419
name: Build - ${{ inputs.branch_name }}
2520
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
21+
permissions:
22+
id-token: write
23+
contents: read
24+
actions: write
2625

2726
steps:
2827
- name: Git clone - ${{ inputs.branch_name }}
@@ -78,6 +77,10 @@ jobs:
7877
needs: [build]
7978
environment: ${{ inputs.environment }}
8079
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
80+
permissions:
81+
contents: read
82+
id-token: write
83+
actions: write
8184

8285
steps:
8386
- name: Git clone - ${{ inputs.branch_name }}
@@ -151,6 +154,10 @@ jobs:
151154
needs: [terraform-plan]
152155
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
153156
environment: ${{ inputs.environment }}
157+
permissions:
158+
contents: read
159+
id-token: write
160+
actions: write
154161

155162
steps:
156163
- name: Git clone - ${{ inputs.branch_name }}
@@ -227,6 +234,10 @@ jobs:
227234
needs: [terraform-apply]
228235
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
229236
environment: ${{ inputs.environment }}
237+
permissions:
238+
contents: read
239+
id-token: write
240+
actions: write
230241

231242
steps:
232243
- name: Git clone - ${{ inputs.branch_name }}
@@ -258,6 +269,9 @@ jobs:
258269
needs: [activate-stack]
259270
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
260271
environment: ${{ inputs.environment }}
272+
permissions:
273+
contents: read
274+
id-token: write
261275

262276
steps:
263277
- name: Git clone - ${{ inputs.branch_name }}
@@ -289,6 +303,9 @@ jobs:
289303
if: always() && ( needs.post-release-verify.result == 'failure' )
290304
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
291305
environment: ${{ inputs.environment }}
306+
permissions:
307+
contents: read
308+
id-token: write
292309

293310
steps:
294311
- name: Git clone - ${{ inputs.branch_name }}

.github/workflows/pr-env-deploy.yml

Lines changed: 24 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -9,13 +9,6 @@ concurrency:
99
group: environment-${{ github.event.pull_request.number }}
1010
cancel-in-progress: false
1111

12-
permissions:
13-
id-token: write
14-
contents: read
15-
actions: write
16-
issues: write
17-
pull-requests: write
18-
1912
jobs:
2013
set-environment-id:
2114
name: Set Environment ID
@@ -48,6 +41,13 @@ jobs:
4841
name: Build Application
4942
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
5043
environment: pull-request
44+
permissions:
45+
id-token: write
46+
contents: read
47+
actions: write
48+
issues: write
49+
pull-requests: write
50+
5151
steps:
5252
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
5353
uses: actions/checkout@v4
@@ -110,6 +110,12 @@ jobs:
110110
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
111111
environment: pull-request
112112
needs: [set-environment-id, build]
113+
permissions:
114+
id-token: write
115+
contents: read
116+
actions: write
117+
issues: write
118+
pull-requests: write
113119

114120
steps:
115121
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
@@ -194,6 +200,9 @@ jobs:
194200
needs: [set-environment-id, deploy]
195201
environment: pull-request
196202
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
203+
permissions:
204+
id-token: write
205+
contents: read
197206

198207
steps:
199208
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
@@ -232,6 +241,10 @@ jobs:
232241
needs: [set-environment-id, integration-test]
233242
environment: pull-request
234243
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
244+
permissions:
245+
id-token: write
246+
contents: read
247+
235248
steps:
236249
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
237250
uses: actions/checkout@v4
@@ -266,6 +279,10 @@ jobs:
266279
needs: [set-environment-id, integration-test]
267280
environment: pull-request
268281
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
282+
permissions:
283+
id-token: write
284+
contents: read
285+
actions: write
269286

270287
steps:
271288
- name: Git Clone - ${{ github.event.pull_request.head.ref }}

.github/workflows/pr-env-destroy.yml

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -10,13 +10,6 @@ concurrency:
1010
group: environment-${{ github.event.pull_request.number }}
1111
cancel-in-progress: true
1212

13-
permissions:
14-
id-token: write
15-
contents: read
16-
actions: write
17-
issues: write
18-
pull-requests: write
19-
2013
jobs:
2114
set-environment-id:
2215
name: Set Environment ID
@@ -50,6 +43,11 @@ jobs:
5043
needs: [set-environment-id]
5144
environment: pull-request
5245
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
46+
permissions:
47+
id-token: write
48+
contents: read
49+
issues: write
50+
pull-requests: write
5351

5452
steps:
5553
- name: Git Clone - ${{ github.event.pull_request.head.ref }}

.github/workflows/release.yml

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,22 @@
11
name: Release Published
22
run-name: Release NRL ${{ github.event.release.name }}
3-
permissions:
4-
id-token: write
5-
contents: write
6-
actions: write
73

84
env:
95
SYFT_VERSION: "1.27.1"
106

117
on:
128
release:
139
types: [published]
14-
# push:
15-
# tags:
16-
# - v*
1710
workflow_dispatch:
1811

1912
jobs:
2013
sbom:
2114
name: Generate Software Bill of Materials - ${{ github.event.release.name }}
2215
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
16+
permissions:
17+
id-token: write
18+
contents: write
19+
actions: write
2320

2421
steps:
2522
- name: Git clone - ${{ github.ref }}

.github/workflows/rollback-stack.yml

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,16 +10,15 @@ on:
1010
default: "dev"
1111
type: environment
1212

13-
permissions:
14-
id-token: write
15-
contents: read
16-
actions: write
17-
1813
jobs:
1914
rollback-stack:
2015
name: Rollback to inactive stack for ${{ inputs.environment }}
2116
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
2217
environment: ${{ inputs.environment }}
18+
permissions:
19+
id-token: write
20+
contents: read
21+
actions: write
2322

2423
steps:
2524
- name: Git clone - ${{ github.ref }}

.github/workflows/update-lambda-permissions.yml

Lines changed: 19 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -21,15 +21,13 @@ on:
2121
type: boolean
2222
default: true
2323

24-
permissions:
25-
id-token: write
26-
contents: read
27-
actions: write
28-
2924
jobs:
3025
check-versions:
3126
name: Check versions
3227
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
28+
permissions:
29+
id-token: write
30+
contents: read
3331

3432
steps:
3533
- name: Git clone - ${{ github.ref }}
@@ -80,6 +78,10 @@ jobs:
8078
name: Build permissions
8179
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
8280
environment: ${{ inputs.environment }}
81+
permissions:
82+
id-token: write
83+
contents: read
84+
actions: write
8385

8486
needs: [check-versions]
8587

@@ -119,8 +121,11 @@ jobs:
119121
name: Pull deployed lambdas
120122
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
121123
environment: ${{ inputs.environment }}
122-
123124
needs: [check-versions]
125+
permissions:
126+
id-token: write
127+
contents: read
128+
actions: write
124129

125130
steps:
126131
- name: Git clone - ${{ github.ref }}
@@ -161,8 +166,11 @@ jobs:
161166
name: Plan changes
162167
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
163168
environment: ${{ inputs.environment }}
164-
165169
needs: [build-permissions, pull-deployed-lambdas]
170+
permissions:
171+
id-token: write
172+
contents: read
173+
actions: write
166174

167175
steps:
168176
- name: Git clone - ${{ github.ref }}
@@ -227,8 +235,11 @@ jobs:
227235
name: Apply permissions
228236
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
229237
environment: ${{ inputs.environment }}
230-
231238
needs: terraform-plan
239+
permissions:
240+
id-token: write
241+
contents: read
242+
actions: read
232243

233244
steps:
234245
- name: Git clone - ${{ github.ref }}

.pre-commit-config.yaml

Lines changed: 1 addition & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ repos:
3535
- flake8-print
3636
args:
3737
- "--select=T201,F401,F402,F403"
38-
- "--exclude=.git,__pycache__,dist,.venv,scripts/*,packages/feature_documentation/*,layer/psycopg2/*,changelog/scripts/changelog.py"
38+
- "--exclude=.git,__pycache__,dist,.venv,scripts/*"
3939

4040
- repo: https://github.com/psf/black
4141
rev: 24.3.0
@@ -70,28 +70,3 @@ repos:
7070
args:
7171
- --args=-write=true
7272
- --args=-recursive
73-
74-
# - repo: local
75-
# hooks:
76-
# - id: forbid_json_loads
77-
# name: Don't use json.loads - use json_loads instead
78-
# entry: json\.loads
79-
# language: pygrep
80-
# types: [python]
81-
# exclude: layer/nrlf/nrlf/core/validators.py|layer/psycopg2/.*|mi/.*
82-
83-
# - repo: local
84-
# hooks:
85-
# - id: forbid_json_load
86-
# name: Don't use json.load - use json_load instead
87-
# entry: json\.load
88-
# language: pygrep
89-
# types: [python]
90-
# exclude: layer/nrlf/nrlf/core/validators.py|layer/psycopg2/.*|mi/.*
91-
92-
- repo: local
93-
hooks:
94-
- id: create_changelog
95-
name: Create changelog from changelog files
96-
entry: changelog/scripts/changelog-pre-commit.sh
97-
language: python

0 commit comments

Comments
 (0)