Merge dependabot/npm_and_yarn/nhsuk-react-components-4.1.3 into depen…

…dabotCombined

.eslintrc.json

@@ -0,0 +1,72 @@
+{
+  "extends": [
+    "airbnb",
+    "eslint:recommended",
+    "next",
+    "next/core-web-vitals",
+    "plugin:@typescript-eslint/recommended",
+    "plugin:jest/recommended",
+    "plugin:jsx-a11y/recommended",
+    "plugin:prettier/recommended",
+    "plugin:react-hooks/recommended",
+    "plugin:react/recommended",
+    "plugin:security/recommended-legacy",
+    "plugin:sonarjs/recommended-legacy",
+    "plugin:unicorn/recommended"
+  ],
+  "plugins": [
+    "@typescript-eslint",
+    "html",
+    "import",
+    "jest",
+    "jsx-a11y",
+    "prettier",
+    "react",
+    "react-hooks",
+    "security",
+    "sonarjs",
+    "unicorn"
+  ],
+  "rules": {
+    "react/display-name": "off",
+    "no-restricted-syntax": "off",
+    "consistent-return": "off",
+    "prettier/prettier": "error",
+    "unicorn/prevent-abbreviations": "off",
+    "unicorn/filename-case": [
+      "error", {
+        "case": "kebabCase",
+        "ignore": [
+          ".tsx"
+        ]
+      }
+    ],
+    "react/react-in-jsx-scope": "off",
+    "react/jsx-filename-extension": "off",
+    "react/jsx-props-no-spreading": "off",
+    "react/function-component-definition": "off",
+    "react/jsx-no-useless-fragment": ["error", { "allowExpressions": true }],
+    "import/prefer-default-export": "off",
+    "import/extensions": "off",
+    "no-shadow": "off",
+    "@typescript-eslint/no-shadow": "error",
+    "@typescript-eslint/no-unused-vars": [
+      "error",
+      {
+        "ignoreRestSiblings": true,
+        "argsIgnorePattern": "^_",
+        "varsIgnorePattern": "^_"
+      }
+    ],
+    "security/detect-object-injection": "off",
+    "sonarjs/no-duplicate-string": "off",
+    "react/no-danger": "off",
+    "no-param-reassign": "off",
+    "react/require-default-props": "off"
+  },
+  "settings": {
+    "import/resolver": {
+      "typescript": {} // this loads <rootdir>/tsconfig.json to eslint
+    }
+  }
+}

.github/CODEOWNERS

@@ -0,0 +1,84 @@
+# NHS Notify Code Owners
+
+*                         @NHSDigital/nhs-notify-iam-webauth
+
+/.github/                 @NHSDigital/nhs-notify-iam-admins
+*.code-workspace          @NHSDigital/nhs-notify-iam-admins
+/docs/                    @NHSDigital/nhs-notify-iam-webauth
+/docs/testing/            @NHSDigital/nhs-notify-iam-webauth-testers
+/tests/test-team/         @NHSDigital/nhs-notify-iam-webauth-testers
+
+# Codeowners must be final check
+/.github/CODEOWNERS       @NHSDigital/nhs-notify-code-owners
+/CODEOWNERS               @NHSDigital/nhs-notify-code-owners
+
+
+# Each NHS Notify repository should have clear code owners set.
+# Do not use GitHub team names, instead use the GitHub usernames
+# of the people who are responsible for the code maintenance.
+
+# This is a comment.
+# Each line is a file pattern followed by one or more owners.
+
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+# @global-owner1 and @global-owner2 will be requested for
+# review when someone opens a pull request.
+# *       @global-owner1 @global-owner2
+
+# Order is important; the last matching pattern takes the most
+# precedence. When someone opens a pull request that only
+# modifies JS files, only @js-owner and not the global
+# owner(s) will be requested for a review.
+# *.js    @js-owner #This is an inline comment.
+
+# You can also use email addresses if you prefer. They'll be
+# used to look up users just like we do for commit author
+# emails.
+# *.go [email protected]
+
+# Teams can be specified as code owners as well. Teams should
+# be identified in the format @org/team-name. Teams must have
+# explicit write access to the repository. In this example,
+# the octocats team in the octo-org organization owns all .txt files.
+# *.txt @octo-org/octocats
+
+# In this example, @doctocat owns any files in the build/logs
+# directory at the root of the repository and any of its
+# subdirectories.
+# /build/logs/ @doctocat
+
+# The `docs/*` pattern will match files like
+# `docs/getting-started.md` but not further nested files like
+# `docs/build-app/troubleshooting.md`.
+# docs/*  [email protected]
+
+# In this example, @octocat owns any file in an apps directory
+# anywhere in your repository.
+# apps/ @octocat
+
+# In this example, @doctocat owns any file in the `/docs`
+# directory in the root of your repository and any of its
+# subdirectories.
+# /docs/ @doctocat
+
+# In this example, any change inside the `/scripts` directory
+# will require approval from @doctocat or @octocat.
+# /scripts/ @doctocat @octocat
+
+# In this example, @octocat owns any file in a `/logs` directory such as
+# `/build/logs`, `/scripts/logs`, and `/deeply/nested/logs`. Any changes
+# in a `/logs` directory will require approval from @octocat.
+# **/logs @octocat
+
+# In this example, @octocat owns any file in the `/apps`
+# directory in the root of your repository except for the `/apps/github`
+# subdirectory, as its owners are left empty.
+# /apps/ @octocat
+# /apps/github
+
+# In this example, @octocat owns any file in the `/apps`
+# directory in the root of your repository except for the `/apps/github`
+# subdirectory, as this subdirectory has its own owner @doctocat
+# /apps/ @octocat
+# /apps/github @doctocat

.github/actions/setup/action.yaml

@@ -0,0 +1,10 @@
+name: Make Config Action
+description: Install dependencies and execute make config
+
+runs:
+  using: composite
+  steps:
+    - name: Install dependencies and execute make config
+      shell: bash
+      run: |
+        scripts/setup/setup.sh

.github/actions/tfsec/action.yaml

@@ -0,0 +1,17 @@
+name: "TFSec Scan"
+description: "Scan HCL using TFSec"
+runs:
+  using: "composite"
+  steps:
+    - name: "TFSec Scan - Components"
+      shell: bash
+      run: |
+        for component in $(find infrastructure/terraform/components -mindepth 1 -type d); do
+          scripts/terraform/tfsec.sh $component
+        done
+    - name: "TFSec Scan - Modules"
+      shell: bash
+      run: |
+        for module in $(find infrastructure/terraform/modules -mindepth 1 -type d); do
+          scripts/terraform/tfsec.sh $module
+        done

.github/workflows/cicd-1-pull-request.yaml

@@ -110,7 +110,6 @@ jobs:
     name: "Acceptance stage"
     needs: [metadata, build-stage]
     uses: ./.github/workflows/stage-4-acceptance.yaml
-    if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))
     with:
       build_datetime: "${{ needs.metadata.outputs.build_datetime }}"
       build_timestamp: "${{ needs.metadata.outputs.build_timestamp }}"

.github/workflows/manual-combine-dependabot-prs.yaml

@@ -0,0 +1,24 @@
+name: Combine Dependabot PRs
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+  checks: read
+
+jobs:
+  combine-prs:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: combine-prs
+        id: combine-prs
+        uses: github/[email protected]
+        with:
+          ci_required: false
+          labels: dependencies
+          pr_title: Combined Dependabot PRs
+          combine_branch_name: dependabotCombined
+          pr_body_header: Combined Dependabot PRs

.github/workflows/playwright.yml

@@ -0,0 +1,28 @@
+name: Playwright Tests
+on:
+  push:
+    branches:
+      - 'test/**'
+  pull_request:
+    types: [opened, reopened, edited]
+jobs:
+  test:
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-node@v4
+      with:
+        node-version: lts/*
+    - name: Install dependencies
+      run: npm ci
+    - name: Install Playwright Browsers
+      run: npx playwright install --with-deps
+    - name: Run Playwright tests
+      run: npm run test:story --prefix tests/test-team/
+    - uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: playwright-report
+        path: playwright-report/
+        retention-days: 30

.github/workflows/pr_create_dynamic_env.yaml

@@ -0,0 +1,49 @@
+name: PR Create Environment
+
+on:
+  pull_request:
+    types: [labeled, opened, synchronize, reopened, unlabeled, edited]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  create-dynamic-environment:
+    name: Create Dynamic Environment
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Trigger nhs-notify-internal dynamic environment workflow
+        shell: bash
+        run: |
+          set -x
+          this_repo_name=$(echo ${{ github.repository }} | cut -d'/' -f2)
+
+          DISPATCH_EVENT=$(jq -ncM \
+            --arg infraRepoName "${this_repo_name}" \
+            --arg releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \
+            --arg targetEnvironment "pr${{ github.event.number }}" \
+            --arg targetAccountGroup "nhs-notify-iam-dev" \
+            --arg targetComponent "branch" \
+            --arg terraformAction "apply" \
+            --arg overrides "branch_name=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \
+            '{ "ref": "main",
+              "inputs": {
+                "infraRepoName": $infraRepoName,
+                "releaseVersion", $releaseVersion,
+                "targetEnvironment", $targetEnvironment,
+                "targetAccountGroup", $targetAccountGroup,
+                "targetComponent", $targetComponent,
+                "terraformAction", $terraformAction,
+                "overrides", $overrides,
+              }
+            }')
+
+          curl -L \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/dispatch-deploy-dynamic-env.yaml/dispatches \
+            -d "${DISPATCH_EVENT}"

.github/workflows/pr_merge.yaml

@@ -0,0 +1,85 @@
+name: PR Merged
+
+on:
+  pull_request:
+    types: [closed]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  destroy-dynamic-environment:
+    name: Destroy Dynamic Environment
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Trigger nhs-notify-internal dynamic environment workflow
+        shell: bash
+        run: |
+          set -x
+          this_repo_name=$(echo ${{ github.repository }} | cut -d'/' -f2)
+
+          DISPATCH_EVENT=$(jq -ncM \
+            --arg infraRepoName "${this_repo_name}" \
+            --arg releaseVersion "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \
+            --arg targetEnvironment "pr${{ github.event.number }}" \
+            --arg targetAccountGroup "nhs-notify-iam-dev" \
+            --arg targetComponent "branch" \
+            --arg terraformAction "destroy" \
+            --arg overrides "branch_name=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" \
+            '{ "ref": "main",
+              "inputs": {
+                "infraRepoName": $infraRepoName,
+                "releaseVersion", $releaseVersion,
+                "targetEnvironment", $targetEnvironment,
+                "targetAccountGroup", $targetAccountGroup,
+                "targetComponent", $targetComponent,
+                "terraformAction", $terraformAction,
+                "overrides", $overrides,
+              }
+            }')
+
+          curl -L \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/dispatch-deploy-dynamic-env.yaml/dispatches \
+            -d "${DISPATCH_EVENT}"
+
+  deploy-main:
+    name: Deploy changes to main
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger nhs-notify-internal static environment workflow deployment
+        shell: bash
+        run: |
+          set -x
+          this_repo_name=$(echo ${{ github.repository }} | cut -d'/' -f2)
+
+          DISPATCH_EVENT=$(jq -ncM \
+            --arg infraRepoName "${this_repo_name}" \
+            --arg releaseVersion "main" \
+            --arg targetEnvironment "main" \
+            --arg targetAccountGroup "nhs-notify-iam-dev" \
+            --arg targetComponent "app" \
+            --arg terraformAction "apply" \
+            '{ "ref": "main",
+              "inputs": {
+                "infraRepoName": $infraRepoName,
+                "releaseVersion", $releaseVersion,
+                "targetEnvironment", $targetEnvironment,
+                "targetAccountGroup", $targetAccountGroup,
+                "targetComponent", $targetComponent,
+                "terraformAction", $terraformAction
+              }
+            }')
+
+          curl -L \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.PR_TRIGGER_PAT }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/NHSDigital/nhs-notify-internal/actions/workflows/dispatch-deploy-static-env.yaml/dispatches \
+            -d "${DISPATCH_EVENT}"