From 8b7b14e1ca45f928fcfbda8281e24325ba58125e Mon Sep 17 00:00:00 2001 From: tstephen-nhs <231503406+tstephen-nhs@users.noreply.github.com> Date: Thu, 23 Apr 2026 10:57:06 +0000 Subject: [PATCH 1/9] ops: migrate ci and release workflows to CDK --- .github/workflows/cdk_release_code.yml | 9 ---- .github/workflows/ci.yml | 30 ++++++------ .github/workflows/release.yml | 66 ++++++++++++-------------- .github/workflows/sam_release_code.yml | 9 ---- zizmor.yml | 6 +-- 5 files changed, 49 insertions(+), 71 deletions(-) diff --git a/.github/workflows/cdk_release_code.yml b/.github/workflows/cdk_release_code.yml index 34bf16da2..1f1dd5576 100644 --- a/.github/workflows/cdk_release_code.yml +++ b/.github/workflows/cdk_release_code.yml @@ -39,15 +39,6 @@ on: LOG_RETENTION_DAYS: required: true type: string - CREATE_INT_RELEASE_NOTES: - type: boolean - default: false - CREATE_INT_RC_RELEASE_NOTES: - type: boolean - default: false - CREATE_PROD_RELEASE_NOTES: - type: boolean - default: false MARK_JIRA_RELEASED: type: boolean default: false diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6a92b58e7..5dc7dca2c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,6 +1,7 @@ name: merge to main workflow on: + workflow_dispatch: push: branches: [main] @@ -50,7 +51,7 @@ jobs: package_code: needs: [tag_release, get_config_values] - uses: ./.github/workflows/sam_package_code.yml + uses: ./.github/workflows/cdk_package_code.yml with: pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} permissions: @@ -60,25 +61,22 @@ jobs: release_dev: needs: [tag_release, package_code, get_commit_id, get_config_values] - uses: ./.github/workflows/sam_release_code.yml + uses: ./.github/workflows/cdk_release_code.yml permissions: contents: write id-token: write with: - ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}} - STACK_NAME: pfp + STACK_NAME: pfp-api TARGET_ENVIRONMENT: dev APIGEE_ENVIRONMENT: internal-dev ENABLE_MUTUAL_TLS: true MTLS_KEY: prescriptions-for-patients-mtls-1 - BUILD_ARTIFACT: packaged_code + BUILD_ARTIFACT: build_artifact TRUSTSTORE_FILE: pfp-truststore.pem VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}} LOG_LEVEL: DEBUG LOG_RETENTION_DAYS: 30 - CREATE_INT_RELEASE_NOTES: true - CREATE_PROD_RELEASE_NOTES: true TOGGLE_GET_STATUS_UPDATES: true ENABLE_ALERTS: true STATE_MACHINE_LOG_LEVEL: ALL @@ -98,21 +96,22 @@ jobs: PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }} DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }} + APIM_STATUS_API_KEY: ${{ secrets.APIM_STATUS_API_KEY }} release_dev_sandbox: needs: [tag_release, package_code, get_commit_id, get_config_values] - uses: ./.github/workflows/sam_release_code.yml + uses: ./.github/workflows/cdk_release_code.yml permissions: contents: write id-token: write with: - ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}} - STACK_NAME: pfp-sandbox + STACK_NAME: pfp-api-sandbox + CDK_APP_NAME: PfPApiSandboxApp TARGET_ENVIRONMENT: dev APIGEE_ENVIRONMENT: internal-dev-sandbox ENABLE_MUTUAL_TLS: true MTLS_KEY: prescriptions-for-patients-mtls-1 - BUILD_ARTIFACT: packaged_sandbox_code + BUILD_ARTIFACT: build_artifact TRUSTSTORE_FILE: pfp-sandbox-truststore.pem VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}} @@ -129,6 +128,7 @@ jobs: TARGET_SPINE_SERVER: sandbox TARGET_SERVICE_SEARCH_SERVER: sandbox PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }} + APIM_STATUS_API_KEY: ${{ secrets.APIM_STATUS_API_KEY }} release_qa: needs: @@ -140,18 +140,17 @@ jobs: package_code, get_commit_id, ] - uses: ./.github/workflows/sam_release_code.yml + uses: ./.github/workflows/cdk_release_code.yml permissions: contents: write id-token: write with: - ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}} - STACK_NAME: pfp + STACK_NAME: pfp-api TARGET_ENVIRONMENT: qa APIGEE_ENVIRONMENT: internal-qa ENABLE_MUTUAL_TLS: true MTLS_KEY: prescriptions-for-patients-mtls-1 - BUILD_ARTIFACT: packaged_code + BUILD_ARTIFACT: build_artifact TRUSTSTORE_FILE: pfp-truststore.pem VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}} @@ -172,3 +171,4 @@ jobs: TARGET_SPINE_SERVER: ${{ secrets.QA_TARGET_SPINE_SERVER }} TARGET_SERVICE_SEARCH_SERVER: ${{ secrets.QA_TARGET_SERVICE_SEARCH_SERVER }} PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }} + APIM_STATUS_API_KEY: ${{ secrets.APIM_STATUS_API_KEY }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3b869e6b3..103840d54 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,7 +53,7 @@ jobs: package_code: needs: [tag_release, get_config_values] - uses: ./.github/workflows/sam_package_code.yml + uses: ./.github/workflows/cdk_package_code.yml with: pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} permissions: @@ -63,25 +63,22 @@ jobs: release_dev: needs: [tag_release, package_code, get_commit_id, get_config_values] - uses: ./.github/workflows/sam_release_code.yml + uses: ./.github/workflows/cdk_release_code.yml permissions: contents: write id-token: write with: - ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}} - STACK_NAME: pfp + STACK_NAME: pfp-api TARGET_ENVIRONMENT: dev APIGEE_ENVIRONMENT: internal-dev ENABLE_MUTUAL_TLS: true MTLS_KEY: prescriptions-for-patients-mtls-1 - BUILD_ARTIFACT: packaged_code + BUILD_ARTIFACT: build_artifact TRUSTSTORE_FILE: pfp-truststore.pem VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}} LOG_LEVEL: DEBUG LOG_RETENTION_DAYS: 30 - CREATE_INT_RELEASE_NOTES: true - CREATE_PROD_RELEASE_NOTES: true TOGGLE_GET_STATUS_UPDATES: true ENABLE_ALERTS: true STATE_MACHINE_LOG_LEVEL: ALL @@ -104,20 +101,21 @@ jobs: PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }} DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }} + APIM_STATUS_API_KEY: ${{ secrets.APIM_STATUS_API_KEY }} release_dev_sandbox: needs: [tag_release, package_code, get_commit_id, get_config_values] - uses: ./.github/workflows/sam_release_code.yml + uses: ./.github/workflows/cdk_release_code.yml permissions: contents: write id-token: write with: - ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}} - STACK_NAME: pfp-sandbox + STACK_NAME: pfp-api-sandbox + CDK_APP_NAME: PfPApiSandboxApp TARGET_ENVIRONMENT: dev APIGEE_ENVIRONMENT: internal-dev-sandbox ENABLE_MUTUAL_TLS: true MTLS_KEY: prescriptions-for-patients-mtls-1 - BUILD_ARTIFACT: packaged_sandbox_code + BUILD_ARTIFACT: build_artifact TRUSTSTORE_FILE: pfp-sandbox-truststore.pem VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}} @@ -137,6 +135,7 @@ jobs: TARGET_SPINE_SERVER: sandbox TARGET_SERVICE_SEARCH_SERVER: sandbox PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }} + APIM_STATUS_API_KEY: ${{ secrets.APIM_STATUS_API_KEY }} release_ref: needs: @@ -148,18 +147,17 @@ jobs: get_commit_id, get_config_values, ] - uses: ./.github/workflows/sam_release_code.yml + uses: ./.github/workflows/cdk_release_code.yml permissions: contents: write id-token: write with: - ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}} - STACK_NAME: pfp + STACK_NAME: pfp-api TARGET_ENVIRONMENT: ref APIGEE_ENVIRONMENT: ref ENABLE_MUTUAL_TLS: false MTLS_KEY: prescriptions-for-patients-mtls-1 - BUILD_ARTIFACT: packaged_code + BUILD_ARTIFACT: build_artifact TRUSTSTORE_FILE: pfp-truststore.pem VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}} @@ -181,6 +179,7 @@ jobs: TARGET_SPINE_SERVER: ${{ secrets.REF_TARGET_SPINE_SERVER }} TARGET_SERVICE_SEARCH_SERVER: ${{ secrets.REF_TARGET_SERVICE_SEARCH_SERVER }} PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }} + APIM_STATUS_API_KEY: ${{ secrets.APIM_STATUS_API_KEY }} release_qa: needs: [ @@ -191,18 +190,17 @@ jobs: get_commit_id, get_config_values, ] - uses: ./.github/workflows/sam_release_code.yml + uses: ./.github/workflows/cdk_release_code.yml permissions: contents: write id-token: write with: - ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}} - STACK_NAME: pfp + STACK_NAME: pfp-api TARGET_ENVIRONMENT: qa APIGEE_ENVIRONMENT: internal-qa ENABLE_MUTUAL_TLS: true MTLS_KEY: prescriptions-for-patients-mtls-1 - BUILD_ARTIFACT: packaged_code + BUILD_ARTIFACT: build_artifact TRUSTSTORE_FILE: pfp-truststore.pem VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}} @@ -226,27 +224,25 @@ jobs: TARGET_SPINE_SERVER: ${{ secrets.QA_TARGET_SPINE_SERVER }} TARGET_SERVICE_SEARCH_SERVER: ${{ secrets.QA_TARGET_SERVICE_SEARCH_SERVER }} PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }} + APIM_STATUS_API_KEY: ${{ secrets.APIM_STATUS_API_KEY }} release_int: needs: [tag_release, release_qa, package_code, get_commit_id, get_config_values] - uses: ./.github/workflows/sam_release_code.yml + uses: ./.github/workflows/cdk_release_code.yml permissions: contents: write id-token: write with: - ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}} - STACK_NAME: pfp + STACK_NAME: pfp-api TARGET_ENVIRONMENT: int APIGEE_ENVIRONMENT: int ENABLE_MUTUAL_TLS: true MTLS_KEY: prescriptions-for-patients-mtls-1 - BUILD_ARTIFACT: packaged_code + BUILD_ARTIFACT: build_artifact TRUSTSTORE_FILE: pfp-truststore.pem VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}} LOG_LEVEL: DEBUG LOG_RETENTION_DAYS: 30 - CREATE_INT_RELEASE_NOTES: true - CREATE_INT_RC_RELEASE_NOTES: true TOGGLE_GET_STATUS_UPDATES: true ENABLE_ALERTS: true STATE_MACHINE_LOG_LEVEL: ALL @@ -269,20 +265,21 @@ jobs: PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }} DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PROD_ROLE }} + APIM_STATUS_API_KEY: ${{ secrets.APIM_STATUS_API_KEY }} release_sandbox: needs: [tag_release, release_qa, package_code, get_commit_id, get_config_values] - uses: ./.github/workflows/sam_release_code.yml + uses: ./.github/workflows/cdk_release_code.yml permissions: contents: write id-token: write with: - ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}} - STACK_NAME: pfp-sandbox + STACK_NAME: pfp-api-sandbox + CDK_APP_NAME: PfPApiSandboxApp TARGET_ENVIRONMENT: int APIGEE_ENVIRONMENT: sandbox ENABLE_MUTUAL_TLS: true MTLS_KEY: prescriptions-for-patients-mtls-1 - BUILD_ARTIFACT: packaged_sandbox_code + BUILD_ARTIFACT: build_artifact TRUSTSTORE_FILE: pfp-sandbox-truststore.pem VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}} @@ -299,29 +296,27 @@ jobs: TARGET_SPINE_SERVER: sandbox TARGET_SERVICE_SEARCH_SERVER: sandbox PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PROD_ROLE }} + APIM_STATUS_API_KEY: ${{ secrets.APIM_STATUS_API_KEY }} release_prod: needs: [tag_release, release_int, release_sandbox, package_code, get_commit_id, get_config_values] - uses: ./.github/workflows/sam_release_code.yml + uses: ./.github/workflows/cdk_release_code.yml permissions: contents: write id-token: write with: - ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}} - STACK_NAME: pfp + STACK_NAME: pfp-api TARGET_ENVIRONMENT: prod APIGEE_ENVIRONMENT: prod ENABLE_MUTUAL_TLS: true MTLS_KEY: prescriptions-for-patients-mtls-1 - BUILD_ARTIFACT: packaged_code + BUILD_ARTIFACT: build_artifact TRUSTSTORE_FILE: pfp-truststore.pem VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}} COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}} LOG_LEVEL: INFO LOG_RETENTION_DAYS: 731 - MARK_JIRA_RELEASED: true - CREATE_PROD_RELEASE_NOTES: true TOGGLE_GET_STATUS_UPDATES: true RUN_REGRESSION_TESTS: false ENABLE_ALERTS: true @@ -340,3 +335,4 @@ jobs: PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }} DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PROD_ROLE }} + APIM_STATUS_API_KEY: ${{ secrets.APIM_STATUS_API_KEY }} diff --git a/.github/workflows/sam_release_code.yml b/.github/workflows/sam_release_code.yml index b9f094408..b5c72c287 100644 --- a/.github/workflows/sam_release_code.yml +++ b/.github/workflows/sam_release_code.yml @@ -39,15 +39,6 @@ on: LOG_RETENTION_DAYS: required: true type: string - CREATE_INT_RELEASE_NOTES: - type: boolean - default: false - CREATE_INT_RC_RELEASE_NOTES: - type: boolean - default: false - CREATE_PROD_RELEASE_NOTES: - type: boolean - default: false MARK_JIRA_RELEASED: type: boolean default: false diff --git a/zizmor.yml b/zizmor.yml index c1b7cf686..8ed232839 100644 --- a/zizmor.yml +++ b/zizmor.yml @@ -2,12 +2,12 @@ rules: unpinned-images: # these workflows use unpinned images because they are using a full image passed in that contains the tag ignore: - - sam_release_code.yml:121:18 + - sam_release_code.yml:112:18 - sam_package_code.yml:15:18 - run_regression_tests.yml:31:18 - cdk_package_code.yml:16:18 - - cdk_release_code.yml:122:18 - - cdk_release_code.yml:264:7 + - cdk_release_code.yml:113:18 + - cdk_release_code.yml:255:18 secrets-outside-env: # these are ignored because they are using known secrets ignore: From f866515f4d0253c756c117f4740fd5168fed056a Mon Sep 17 00:00:00 2001 From: tstephen-nhs <231503406+tstephen-nhs@users.noreply.github.com> Date: Thu, 23 Apr 2026 14:36:23 +0000 Subject: [PATCH 2/9] ops: remove tmp workflow dispatch --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5dc7dca2c..0a31932f5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,7 +1,6 @@ name: merge to main workflow on: - workflow_dispatch: push: branches: [main] From dbc0662f652641f8fd1cbed01a6136144270dde4 Mon Sep 17 00:00:00 2001 From: tstephen-nhs <231503406+tstephen-nhs@users.noreply.github.com> Date: Fri, 24 Apr 2026 10:11:20 +0000 Subject: [PATCH 3/9] chore: correct APIGEE name, use const api name --- packages/cdk/bin/PfPApiApp.ts | 3 ++- packages/cdk/bin/PfPApiSandboxApp.ts | 3 ++- packages/cdk/constants.ts | 1 + packages/cdk/scripts/deleteMainStacks.ts | 5 +++-- packages/cdk/scripts/deletePrStacks.ts | 3 ++- packages/cdk/tsconfig.json | 2 +- 6 files changed, 11 insertions(+), 6 deletions(-) create mode 100644 packages/cdk/constants.ts diff --git a/packages/cdk/bin/PfPApiApp.ts b/packages/cdk/bin/PfPApiApp.ts index 79e7ef4be..93086b0de 100644 --- a/packages/cdk/bin/PfPApiApp.ts +++ b/packages/cdk/bin/PfPApiApp.ts @@ -6,6 +6,7 @@ import { getConfigFromEnvVar, getNumberConfigFromEnvVar } from "@nhsdigital/eps-cdk-constructs" +import {API_NAME} from "../constants" import {PfPApiStack} from "../stacks/PfPApiStack" function main() { @@ -13,7 +14,7 @@ function main() { productName: "Prescriptions for Patients API", appName: "PfPApiApp", repoName: "prescriptionsforpatients", - driftDetectionGroup: "pfp-api" + driftDetectionGroup: API_NAME }) const pfpApiStack = new PfPApiStack(app, "PfPApiStack", { diff --git a/packages/cdk/bin/PfPApiSandboxApp.ts b/packages/cdk/bin/PfPApiSandboxApp.ts index 28c4519f9..68b190b1b 100644 --- a/packages/cdk/bin/PfPApiSandboxApp.ts +++ b/packages/cdk/bin/PfPApiSandboxApp.ts @@ -5,6 +5,7 @@ import { getConfigFromEnvVar, getNumberConfigFromEnvVar } from "@nhsdigital/eps-cdk-constructs" +import {API_NAME} from "../constants" import {PfPApiSandboxStack} from "../stacks/PfPApiSandboxStack" function main() { @@ -12,7 +13,7 @@ function main() { productName: "Prescriptions for Patients API", appName: "PfPApiSandboxApp", repoName: "prescriptionsforpatients", - driftDetectionGroup: "pfp-api" + driftDetectionGroup: API_NAME }) return new PfPApiSandboxStack(app, "PfPApiSandboxStack", { diff --git a/packages/cdk/constants.ts b/packages/cdk/constants.ts new file mode 100644 index 000000000..357aa146f --- /dev/null +++ b/packages/cdk/constants.ts @@ -0,0 +1 @@ +export const API_NAME = "pfp-api" diff --git a/packages/cdk/scripts/deleteMainStacks.ts b/packages/cdk/scripts/deleteMainStacks.ts index dfb3b28a8..eaebb66ec 100644 --- a/packages/cdk/scripts/deleteMainStacks.ts +++ b/packages/cdk/scripts/deleteMainStacks.ts @@ -1,9 +1,10 @@ import {deleteUnusedMainStacks, getActiveApiVersions, getConfigFromEnvVar} from "@nhsdigital/eps-cdk-constructs" +import {API_NAME} from "../constants" const awsEnvironment = getConfigFromEnvVar("AWS_ENVIRONMENT", "") deleteUnusedMainStacks( - "pfp-api", - () => getActiveApiVersions("prescriptions-for-patients"), + API_NAME, + () => getActiveApiVersions("prescriptions-for-patients-v2"), `${awsEnvironment}.eps.national.nhs.uk.` ).catch((error) => { console.error(error) diff --git a/packages/cdk/scripts/deletePrStacks.ts b/packages/cdk/scripts/deletePrStacks.ts index 39977cbda..dc0448a1b 100644 --- a/packages/cdk/scripts/deletePrStacks.ts +++ b/packages/cdk/scripts/deletePrStacks.ts @@ -1,7 +1,8 @@ import {deleteUnusedPrStacks} from "@nhsdigital/eps-cdk-constructs" +import {API_NAME} from "../constants" deleteUnusedPrStacks( - "pfp-api", + API_NAME, "prescriptionsforpatients", "dev.eps.national.nhs.uk." ).catch((error) => { diff --git a/packages/cdk/tsconfig.json b/packages/cdk/tsconfig.json index 2b73af77d..e38887ad1 100644 --- a/packages/cdk/tsconfig.json +++ b/packages/cdk/tsconfig.json @@ -24,6 +24,6 @@ "../../node_modules/@types" ] }, - "include": ["resources/**/*", "constructs/**/*", "policies/**/*", "stacks/**/*", "tests/**/*", "scripts/**/*", "nagSuppressions.ts"], + "include": ["resources/**/*", "constructs/**/*", "policies/**/*", "stacks/**/*", "tests/**/*", "scripts/**/*", "nagSuppressions.ts", "constants.ts"], "exclude": ["node_modules", "cdk.out"] } From 00abd3a8a1c39ab96967aa19292c55a9a6f82f42 Mon Sep 17 00:00:00 2001 From: tstephen-nhs <231503406+tstephen-nhs@users.noreply.github.com> Date: Fri, 24 Apr 2026 10:26:50 +0000 Subject: [PATCH 4/9] ops: delete old pr stacks, latest common workflows --- .github/workflows/ci.yml | 6 +- .../delete_old_cloudformation_stacks.yml | 76 +++++++++++-------- .github/workflows/pull_request.yml | 8 +- .github/workflows/release.yml | 6 +- 4 files changed, 56 insertions(+), 40 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0a31932f5..d85c5ac15 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,7 +7,7 @@ on: permissions: {} jobs: get_config_values: - uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@e798d5aee897de6f7dc387dd5623fcd9ba4c8929 + uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@889349f9d93e4846a642f7973b7c26b180bec5aa with: verify_published_from_main_image: true permissions: @@ -15,7 +15,7 @@ jobs: contents: read packages: read quality_checks: - uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8399c1f015c1304e40771cbd8ccc24c7ed48fdbc + uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@889349f9d93e4846a642f7973b7c26b180bec5aa needs: [get_config_values] with: pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} @@ -37,7 +37,7 @@ jobs: tag_release: needs: [quality_checks, get_commit_id, get_config_values] - uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@e798d5aee897de6f7dc387dd5623fcd9ba4c8929 + uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@889349f9d93e4846a642f7973b7c26b180bec5aa permissions: id-token: write contents: write diff --git a/.github/workflows/delete_old_cloudformation_stacks.yml b/.github/workflows/delete_old_cloudformation_stacks.yml index 3bcfba094..f25cc79e5 100644 --- a/.github/workflows/delete_old_cloudformation_stacks.yml +++ b/.github/workflows/delete_old_cloudformation_stacks.yml @@ -1,72 +1,88 @@ -name: "Delete old cloudformation stacks" +name: "Delete old pull request deployments" on: workflow_dispatch: - inputs: - branch_name: - description: "Branch to run against, defaults to main" - required: false - default: "main" schedule: - cron: "0 0,12 * * *" - push: - branches: [main] -permissions: {} +permissions: {} jobs: + get_config_values: + uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@889349f9d93e4846a642f7973b7c26b180bec5aa + with: + verify_published_from_main_image: false + permissions: + attestations: read + contents: read + packages: read delete-old-cloudformation-stacks: + needs: [get_config_values] runs-on: ubuntu-22.04 - permissions: + container: + image: ${{ needs.get_config_values.outputs.pinned_image }} + options: --user 1001:1001 --group-add 128 + defaults: + run: + shell: bash + permissions: &common_permissions id-token: write contents: read + packages: read steps: - - name: Checkout local github scripts + - name: copy .tool-versions + run: | + cp /home/vscode/.tool-versions "$HOME/.tool-versions" + - &checkout + name: Checkout local github scripts uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: - ref: ${{ github.event.inputs.branch_name || github.ref_name }} + fetch-depth: 0 persist-credentials: false - sparse-checkout: | - .github/scripts + - &install_dependencies + name: install dependencies + uses: ./.github/actions/install_dependencies + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 with: aws-region: eu-west-2 role-to-assume: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} - role-session-name: aws-pfp-delete-old-stacks - name: delete stacks shell: bash - working-directory: .github/scripts - run: ./delete_stacks.sh + run: npm run delete-old-pr-stacks --workspace packages/cdk env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} delete-old-proxygen-deployments: + needs: [get_config_values] runs-on: ubuntu-22.04 - permissions: - id-token: write - contents: read + container: + image: ${{ needs.get_config_values.outputs.pinned_image }} + options: --user 1001:1001 --group-add 128 + defaults: + run: + shell: bash + permissions: *common_permissions steps: - - name: Checkout local code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - with: - ref: ${{ github.event.inputs.branch_name || github.ref_name }} - persist-credentials: false - fetch-depth: 0 + - name: copy .tool-versions + run: | + cp /home/vscode/.tool-versions "$HOME/.tool-versions" + - *checkout + - *install_dependencies - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 with: aws-region: eu-west-2 role-to-assume: ${{ secrets.PROXYGEN_PTL_ROLE }} - role-session-name: pfp-delete-old-proxygen - name: delete proxygen deployments shell: bash - working-directory: .github/scripts - run: ./delete_proxygen_deployments.sh + run: npm run delete-old-pr-deployments --workspace packages/specification env: - GITHUB_TOKEN: ${{ github.token }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 8757ee525..548ebb7ca 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -5,7 +5,7 @@ on: permissions: {} jobs: get_config_values: - uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@e798d5aee897de6f7dc387dd5623fcd9ba4c8929 + uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@889349f9d93e4846a642f7973b7c26b180bec5aa with: verify_published_from_main_image: false permissions: @@ -13,7 +13,7 @@ jobs: contents: read packages: read quality_checks: - uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8399c1f015c1304e40771cbd8ccc24c7ed48fdbc + uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@889349f9d93e4846a642f7973b7c26b180bec5aa needs: [get_config_values] with: pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} @@ -24,7 +24,7 @@ jobs: id-token: write packages: read pr_title_format_check: - uses: NHSDigital/eps-common-workflows/.github/workflows/pr_title_check.yml@e798d5aee897de6f7dc387dd5623fcd9ba4c8929 + uses: NHSDigital/eps-common-workflows/.github/workflows/pr_title_check.yml@889349f9d93e4846a642f7973b7c26b180bec5aa permissions: pull-requests: write get_issue_number: @@ -54,7 +54,7 @@ jobs: result-encoding: string tag_release: needs: [get_config_values] - uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@e798d5aee897de6f7dc387dd5623fcd9ba4c8929 + uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@889349f9d93e4846a642f7973b7c26b180bec5aa permissions: id-token: write contents: write diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 103840d54..3b6299832 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,7 +6,7 @@ permissions: {} jobs: get_config_values: - uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@e798d5aee897de6f7dc387dd5623fcd9ba4c8929 + uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@889349f9d93e4846a642f7973b7c26b180bec5aa with: verify_published_from_main_image: true permissions: @@ -14,7 +14,7 @@ jobs: contents: read packages: read quality_checks: - uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8399c1f015c1304e40771cbd8ccc24c7ed48fdbc + uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@889349f9d93e4846a642f7973b7c26b180bec5aa needs: [get_config_values] with: pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} @@ -36,7 +36,7 @@ jobs: tag_release: needs: [quality_checks, get_commit_id, get_config_values] - uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@e798d5aee897de6f7dc387dd5623fcd9ba4c8929 + uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@889349f9d93e4846a642f7973b7c26b180bec5aa permissions: id-token: write contents: write From f6cc8d3441f1627b532907331474e5c7de5d65cb Mon Sep 17 00:00:00 2001 From: tstephen-nhs <231503406+tstephen-nhs@users.noreply.github.com> Date: Fri, 24 Apr 2026 10:31:46 +0000 Subject: [PATCH 5/9] chore: npm audit fix --- package-lock.json | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index ff9c27029..3d113913b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1156,13 +1156,13 @@ } }, "node_modules/@aws-sdk/xml-builder": { - "version": "3.972.18", - "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.972.18.tgz", - "integrity": "sha512-BMDNVG1ETXRhl1tnisQiYBef3RShJ1kfZA7x7afivTFMLirfHNTb6U71K569HNXhSXbQZsweHvSDZ6euBw8hPA==", + "version": "3.972.19", + "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.972.19.tgz", + "integrity": "sha512-Cw8IOMdBUEIl8ZlhRC3Dc/E64D5B5/8JhV6vhPLiPfJwcRC84S6F8aBOIi/N4vR9ZyA4I5Cc0Ateb/9EHaJXeQ==", "license": "Apache-2.0", "dependencies": { "@smithy/types": "^4.14.1", - "fast-xml-parser": "5.5.8", + "fast-xml-parser": "5.7.1", "tslib": "^2.6.2" }, "engines": { @@ -2058,6 +2058,18 @@ "url": "https://paulmillr.com/funding/" } }, + "node_modules/@nodable/entities": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/@nodable/entities/-/entities-2.1.0.tgz", + "integrity": "sha512-nyT7T3nbMyBI/lvr6L5TyWbFJAI9FTgVRakNoBqCD+PmID8DzFrrNdLLtHMwMszOtqZa8PAOV24ZqDnQrhQINA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/nodable" + } + ], + "license": "MIT" + }, "node_modules/@opentelemetry/api": { "version": "1.9.1", "dev": true, @@ -5203,7 +5215,9 @@ "license": "BSD-3-Clause" }, "node_modules/fast-xml-builder": { - "version": "1.1.4", + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.5.tgz", + "integrity": "sha512-4TJn/8FKLeslLAH3dnohXqE3QSoxkhvaMzepOIZytwJXZO69Bfz0HBdDHzOTOon6G59Zrk6VQ2bEiv1t61rfkA==", "funding": [ { "type": "github", @@ -5216,7 +5230,9 @@ } }, "node_modules/fast-xml-parser": { - "version": "5.5.8", + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.7.1.tgz", + "integrity": "sha512-8Cc3f8GUGUULg34pBch/KGyPLglS+OFs05deyOlY7fL2MTagYPKrVQNmR1fLF/yJ9PH5ZSTd3YDF6pnmeZU+zA==", "funding": [ { "type": "github", @@ -5225,9 +5241,10 @@ ], "license": "MIT", "dependencies": { - "fast-xml-builder": "^1.1.4", - "path-expression-matcher": "^1.2.0", - "strnum": "^2.2.0" + "@nodable/entities": "^2.1.0", + "fast-xml-builder": "^1.1.5", + "path-expression-matcher": "^1.5.0", + "strnum": "^2.2.3" }, "bin": { "fxparser": "src/cli/cli.js" @@ -6503,6 +6520,8 @@ }, "node_modules/path-expression-matcher": { "version": "1.5.0", + "resolved": "https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.5.0.tgz", + "integrity": "sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ==", "funding": [ { "type": "github", From 5dae82c1b6a11612d6c682041d19d490f6e5c5cb Mon Sep 17 00:00:00 2001 From: tstephen-nhs <231503406+tstephen-nhs@users.noreply.github.com> Date: Fri, 24 Apr 2026 10:33:17 +0000 Subject: [PATCH 6/9] chore: rm trivy.yaml --- trivy.yaml | 1 - 1 file changed, 1 deletion(-) delete mode 100644 trivy.yaml diff --git a/trivy.yaml b/trivy.yaml deleted file mode 100644 index eb2433758..000000000 --- a/trivy.yaml +++ /dev/null @@ -1 +0,0 @@ -ignorefile: ".trivyignore.yaml" From e9725196262a604513547bf70ff1364b3373905c Mon Sep 17 00:00:00 2001 From: tstephen-nhs <231503406+tstephen-nhs@users.noreply.github.com> Date: Fri, 24 Apr 2026 13:44:19 +0000 Subject: [PATCH 7/9] chore: zizmor --- zizmor.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/zizmor.yml b/zizmor.yml index 8ed232839..b303c8775 100644 --- a/zizmor.yml +++ b/zizmor.yml @@ -8,6 +8,8 @@ rules: - cdk_package_code.yml:16:18 - cdk_release_code.yml:113:18 - cdk_release_code.yml:255:18 + - delete_old_cloudformation_stacks.yml:22:18 + - delete_old_cloudformation_stacks.yml:64:18 secrets-outside-env: # these are ignored because they are using known secrets ignore: From 5a9e0ae9057a34184d583ffa4e00747b383a4030 Mon Sep 17 00:00:00 2001 From: tstephen-nhs <231503406+tstephen-nhs@users.noreply.github.com> Date: Fri, 24 Apr 2026 14:36:40 +0000 Subject: [PATCH 8/9] ops: delete old proxygen --- package-lock.json | 382 +++++++++++------- packages/cdk/package.json | 2 +- .../deleteProxygenDeployments.ts | 11 + packages/specification/package.json | 5 +- 4 files changed, 252 insertions(+), 148 deletions(-) create mode 100644 packages/specification/deleteProxygenDeployments.ts diff --git a/package-lock.json b/package-lock.json index 3d113913b..9db12f8fa 100644 --- a/package-lock.json +++ b/package-lock.json @@ -364,6 +364,62 @@ "node": ">=20.0.0" } }, + "node_modules/@aws-sdk/client-lambda": { + "version": "3.1036.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-lambda/-/client-lambda-3.1036.0.tgz", + "integrity": "sha512-1JwkI5NXsYrwyEhtBWb441c87DJAn+JFa1/7i1xtizuWX1ibEq9jQBGiz+eQfUZNkVMRnpIGiGDOETJobj+i9w==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/core": "^3.974.5", + "@aws-sdk/credential-provider-node": "^3.972.36", + "@aws-sdk/middleware-host-header": "^3.972.10", + "@aws-sdk/middleware-logger": "^3.972.10", + "@aws-sdk/middleware-recursion-detection": "^3.972.11", + "@aws-sdk/middleware-user-agent": "^3.972.35", + "@aws-sdk/region-config-resolver": "^3.972.13", + "@aws-sdk/types": "^3.973.8", + "@aws-sdk/util-endpoints": "^3.996.8", + "@aws-sdk/util-user-agent-browser": "^3.972.10", + "@aws-sdk/util-user-agent-node": "^3.973.21", + "@smithy/config-resolver": "^4.4.17", + "@smithy/core": "^3.23.17", + "@smithy/eventstream-serde-browser": "^4.2.14", + "@smithy/eventstream-serde-config-resolver": "^4.3.14", + "@smithy/eventstream-serde-node": "^4.2.14", + "@smithy/fetch-http-handler": "^5.3.17", + "@smithy/hash-node": "^4.2.14", + "@smithy/invalid-dependency": "^4.2.14", + "@smithy/middleware-content-length": "^4.2.14", + "@smithy/middleware-endpoint": "^4.4.32", + "@smithy/middleware-retry": "^4.5.5", + "@smithy/middleware-serde": "^4.2.20", + "@smithy/middleware-stack": "^4.2.14", + "@smithy/node-config-provider": "^4.3.14", + "@smithy/node-http-handler": "^4.6.1", + "@smithy/protocol-http": "^5.3.14", + "@smithy/smithy-client": "^4.12.13", + "@smithy/types": "^4.14.1", + "@smithy/url-parser": "^4.2.14", + "@smithy/util-base64": "^4.3.2", + "@smithy/util-body-length-browser": "^4.2.2", + "@smithy/util-body-length-node": "^4.2.3", + "@smithy/util-defaults-mode-browser": "^4.3.49", + "@smithy/util-defaults-mode-node": "^4.2.54", + "@smithy/util-endpoints": "^3.4.2", + "@smithy/util-middleware": "^4.2.14", + "@smithy/util-retry": "^4.3.4", + "@smithy/util-stream": "^4.5.25", + "@smithy/util-utf8": "^4.2.2", + "@smithy/util-waiter": "^4.2.16", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=20.0.0" + } + }, "node_modules/@aws-sdk/client-route-53": { "version": "3.1035.0", "resolved": "https://registry.npmjs.org/@aws-sdk/client-route-53/-/client-route-53-3.1035.0.tgz", @@ -584,23 +640,23 @@ } }, "node_modules/@aws-sdk/core": { - "version": "3.974.4", - "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.974.4.tgz", - "integrity": "sha512-EbVgyzQ83/Lf6oh1O4vYY47tuYw3Aosthh865LNU77KyotKz+uvEBNmsl/bSVS/vG+IU39mCqcOHrnhmhF4lug==", + "version": "3.974.5", + "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.974.5.tgz", + "integrity": "sha512-lMPlYlYfQdNZhlkJgnkmESwrY+hNh3PljmZ+37oAqLNdJ6rnILAwFSyc6B3bJeDOtMORNnMQIej0aTRuOlDyhQ==", "license": "Apache-2.0", "dependencies": { "@aws-sdk/types": "^3.973.8", - "@aws-sdk/xml-builder": "^3.972.18", - "@smithy/core": "^3.23.16", + "@aws-sdk/xml-builder": "^3.972.19", + "@smithy/core": "^3.23.17", "@smithy/node-config-provider": "^4.3.14", "@smithy/property-provider": "^4.2.14", "@smithy/protocol-http": "^5.3.14", "@smithy/signature-v4": "^5.3.14", - "@smithy/smithy-client": "^4.12.12", + "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", "@smithy/util-base64": "^4.3.2", "@smithy/util-middleware": "^4.2.14", - "@smithy/util-retry": "^4.3.3", + "@smithy/util-retry": "^4.3.4", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" }, @@ -622,12 +678,12 @@ } }, "node_modules/@aws-sdk/credential-provider-env": { - "version": "3.972.30", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.972.30.tgz", - "integrity": "sha512-dHpeqa29a0cBYq/h59IC2EK3AphLY96nKy4F35kBtiz9GuKDc32UYRTgjZaF8uuJCnqgw9omUZKR+9myyDHC2A==", + "version": "3.972.31", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.972.31.tgz", + "integrity": "sha512-X/yGB73LmDW/6MdDJGCDzZBUXnM3ys4vs9l+5ZTJmiEswDdP1OjeoAFlFjVGS9o4KB2wZWQ9KOfdVNSSK6Ep3w==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.4", + "@aws-sdk/core": "^3.974.5", "@aws-sdk/types": "^3.973.8", "@smithy/property-provider": "^4.2.14", "@smithy/types": "^4.14.1", @@ -638,20 +694,20 @@ } }, "node_modules/@aws-sdk/credential-provider-http": { - "version": "3.972.32", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.972.32.tgz", - "integrity": "sha512-A+ZTT//Mswkf9DFEM6XlngwOtYdD8X4CUcoZ2wdpgI8cCs9mcGeuhgTwbGJvealub/MeONOaUr3FbRPMKmTDjg==", + "version": "3.972.33", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.972.33.tgz", + "integrity": "sha512-c0ZF+lwoWVvX5iCaGKL5T/4DnIw88CGqxA0BcBs3U86mIp5EZYPVg+KSPkMXOyokmADvNewiMUfSG2uFwjRp0g==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.4", + "@aws-sdk/core": "^3.974.5", "@aws-sdk/types": "^3.973.8", "@smithy/fetch-http-handler": "^5.3.17", - "@smithy/node-http-handler": "^4.6.0", + "@smithy/node-http-handler": "^4.6.1", "@smithy/property-provider": "^4.2.14", "@smithy/protocol-http": "^5.3.14", - "@smithy/smithy-client": "^4.12.12", + "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", - "@smithy/util-stream": "^4.5.24", + "@smithy/util-stream": "^4.5.25", "tslib": "^2.6.2" }, "engines": { @@ -659,19 +715,19 @@ } }, "node_modules/@aws-sdk/credential-provider-ini": { - "version": "3.972.34", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.972.34.tgz", - "integrity": "sha512-MoRc7tLnx3JpFkV2R826enEfBUVN8o9Cc7y3hnbMwiWzL/VJhgfxRQzHkEL9vWorMWP7tibltsRcLoid9fsVdw==", - "license": "Apache-2.0", - "dependencies": { - "@aws-sdk/core": "^3.974.4", - "@aws-sdk/credential-provider-env": "^3.972.30", - "@aws-sdk/credential-provider-http": "^3.972.32", - "@aws-sdk/credential-provider-login": "^3.972.34", - "@aws-sdk/credential-provider-process": "^3.972.30", - "@aws-sdk/credential-provider-sso": "^3.972.34", - "@aws-sdk/credential-provider-web-identity": "^3.972.34", - "@aws-sdk/nested-clients": "^3.997.2", + "version": "3.972.35", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.972.35.tgz", + "integrity": "sha512-jsU4u/cRkKFLKQS0k918FQ27fzXLG5ENiLWQMYE6581zLeI2hWh04ptlrvZMB3wJT/5d+vSzJk74X1CMFr4y8Q==", + "license": "Apache-2.0", + "dependencies": { + "@aws-sdk/core": "^3.974.5", + "@aws-sdk/credential-provider-env": "^3.972.31", + "@aws-sdk/credential-provider-http": "^3.972.33", + "@aws-sdk/credential-provider-login": "^3.972.35", + "@aws-sdk/credential-provider-process": "^3.972.31", + "@aws-sdk/credential-provider-sso": "^3.972.35", + "@aws-sdk/credential-provider-web-identity": "^3.972.35", + "@aws-sdk/nested-clients": "^3.997.3", "@aws-sdk/types": "^3.973.8", "@smithy/credential-provider-imds": "^4.2.14", "@smithy/property-provider": "^4.2.14", @@ -684,13 +740,13 @@ } }, "node_modules/@aws-sdk/credential-provider-login": { - "version": "3.972.34", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-login/-/credential-provider-login-3.972.34.tgz", - "integrity": "sha512-XVSklkRRQ/CQDmv3VVFdZRl5hTFgncFhZrLyi0Ai4LZk5o3jpY5HIfuTK7ad7tixPKa+iQmL9+vg9qNyYZB+nw==", + "version": "3.972.35", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-login/-/credential-provider-login-3.972.35.tgz", + "integrity": "sha512-5oa3j0cA50jPqgNhZ9XdJVopuzUf1klRb28/2MfLYWWiPi9DRVvbrBWT+DidbHTT36520VuXZJahQwR+YgSjrg==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.4", - "@aws-sdk/nested-clients": "^3.997.2", + "@aws-sdk/core": "^3.974.5", + "@aws-sdk/nested-clients": "^3.997.3", "@aws-sdk/types": "^3.973.8", "@smithy/property-provider": "^4.2.14", "@smithy/protocol-http": "^5.3.14", @@ -703,17 +759,17 @@ } }, "node_modules/@aws-sdk/credential-provider-node": { - "version": "3.972.35", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.972.35.tgz", - "integrity": "sha512-nVrY7AdGfzYgAa/jd9m06p3ES7QQDaB7zN9c+vXnVXxBRkAs9MjRDPB5AKogWuC6phddltfvHGFqLDJmyU9u/A==", + "version": "3.972.36", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.972.36.tgz", + "integrity": "sha512-4nT2T8Z7vH8KE9EdjEsuIlHpZSlcaK2PrKbQBjuUGU46BCCzF3WvP0u0Uiosni3Ykmmn4rWLVawoOCLotUtCbg==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/credential-provider-env": "^3.972.30", - "@aws-sdk/credential-provider-http": "^3.972.32", - "@aws-sdk/credential-provider-ini": "^3.972.34", - "@aws-sdk/credential-provider-process": "^3.972.30", - "@aws-sdk/credential-provider-sso": "^3.972.34", - "@aws-sdk/credential-provider-web-identity": "^3.972.34", + "@aws-sdk/credential-provider-env": "^3.972.31", + "@aws-sdk/credential-provider-http": "^3.972.33", + "@aws-sdk/credential-provider-ini": "^3.972.35", + "@aws-sdk/credential-provider-process": "^3.972.31", + "@aws-sdk/credential-provider-sso": "^3.972.35", + "@aws-sdk/credential-provider-web-identity": "^3.972.35", "@aws-sdk/types": "^3.973.8", "@smithy/credential-provider-imds": "^4.2.14", "@smithy/property-provider": "^4.2.14", @@ -726,12 +782,12 @@ } }, "node_modules/@aws-sdk/credential-provider-process": { - "version": "3.972.30", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.972.30.tgz", - "integrity": "sha512-McJPomNTSEo+C6UA3Zq6pFrcyTUaVsoPPBOvbOHAoIFPc8Z2CMLndqFJOnB+9bVFiBTWQLutlVGmrocBbvv4MQ==", + "version": "3.972.31", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.972.31.tgz", + "integrity": "sha512-eKeT4MXumpBJsrDLCYcSzIkFPVTFn/es7It2oogp2OhU/ic7P/+xzFpQx9ZhwtXS57Mc5S42BPWi7lHmvs/nYg==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.4", + "@aws-sdk/core": "^3.974.5", "@aws-sdk/types": "^3.973.8", "@smithy/property-provider": "^4.2.14", "@smithy/shared-ini-file-loader": "^4.4.9", @@ -743,14 +799,14 @@ } }, "node_modules/@aws-sdk/credential-provider-sso": { - "version": "3.972.34", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.972.34.tgz", - "integrity": "sha512-WngYb2K+/yhkDOmDfAOjoCa9Ja3he0DZiAraboKwgWoVRkajDIcDYBCVbUTxtTUldvQoe7VvHLTrBNxvftN1aQ==", + "version": "3.972.35", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.972.35.tgz", + "integrity": "sha512-bCuBdfnj0KGDMdLp6utMTLiJcFN2ek9EgZinxQZZSc3FxjJ/HSqeqab2cjbnoNfy8RM6suDCsRkmVY1izp9I+A==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.4", - "@aws-sdk/nested-clients": "^3.997.2", - "@aws-sdk/token-providers": "3.1035.0", + "@aws-sdk/core": "^3.974.5", + "@aws-sdk/nested-clients": "^3.997.3", + "@aws-sdk/token-providers": "3.1036.0", "@aws-sdk/types": "^3.973.8", "@smithy/property-provider": "^4.2.14", "@smithy/shared-ini-file-loader": "^4.4.9", @@ -762,13 +818,13 @@ } }, "node_modules/@aws-sdk/credential-provider-web-identity": { - "version": "3.972.34", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.972.34.tgz", - "integrity": "sha512-5KLUH+XmSNRj6amJiJSrPsCxU5l/PYDfxyqPa1MxWhHoQC3sxvGPrSib3IE+HQlfRA4e2kO0bnJy7HJdjvpuuA==", + "version": "3.972.35", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.972.35.tgz", + "integrity": "sha512-swW6Bwvl8lanyEMtZOWE/oR6yqcRQH4HTQZUVsnDVgoXvRjRywpYpLv2BWwjUFyjPrqsdX6FeTkf4tMSe/qFTQ==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.4", - "@aws-sdk/nested-clients": "^3.997.2", + "@aws-sdk/core": "^3.974.5", + "@aws-sdk/nested-clients": "^3.997.3", "@aws-sdk/types": "^3.973.8", "@smithy/property-provider": "^4.2.14", "@smithy/shared-ini-file-loader": "^4.4.9", @@ -911,23 +967,23 @@ } }, "node_modules/@aws-sdk/middleware-sdk-s3": { - "version": "3.972.33", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.972.33.tgz", - "integrity": "sha512-n8Eh/+kq3u/EodLr8n6sQupu03QGjf122RHXCTGLaHSkavz/2beSKpRlq2oDgfmJZNkAkWF113xbyaUmyOd+YA==", + "version": "3.972.34", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.972.34.tgz", + "integrity": "sha512-/UL96JKjsjdodcRRMKl99tLQvK6Oi9ptLC9iU1yiTF/ruaDX0mtBBtnLNZDxIZRJOCVOtB49ed1YaTadqygk8Q==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.4", + "@aws-sdk/core": "^3.974.5", "@aws-sdk/types": "^3.973.8", "@aws-sdk/util-arn-parser": "^3.972.3", - "@smithy/core": "^3.23.16", + "@smithy/core": "^3.23.17", "@smithy/node-config-provider": "^4.3.14", "@smithy/protocol-http": "^5.3.14", "@smithy/signature-v4": "^5.3.14", - "@smithy/smithy-client": "^4.12.12", + "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", "@smithy/util-config-provider": "^4.2.2", "@smithy/util-middleware": "^4.2.14", - "@smithy/util-stream": "^4.5.24", + "@smithy/util-stream": "^4.5.25", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" }, @@ -950,18 +1006,18 @@ } }, "node_modules/@aws-sdk/middleware-user-agent": { - "version": "3.972.34", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.972.34.tgz", - "integrity": "sha512-jrmJHyYlTQocR7H4VhvSFhaoedMb2rmlOTvFWD6tNBQ/EVQhTsrNfQUYFuPiOc2wUGxbm5LgCHtnvVmCPgODHw==", + "version": "3.972.35", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.972.35.tgz", + "integrity": "sha512-hOFWNOjVmOocpRlrU04nYxjMOeoe0Obu5AXEuhB8zblMCPl3cG1hdluQCZERRKFyhMQjwZnDbhSHjoMUjetFGw==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.4", + "@aws-sdk/core": "^3.974.5", "@aws-sdk/types": "^3.973.8", "@aws-sdk/util-endpoints": "^3.996.8", - "@smithy/core": "^3.23.16", + "@smithy/core": "^3.23.17", "@smithy/protocol-http": "^5.3.14", "@smithy/types": "^4.14.1", - "@smithy/util-retry": "^4.3.3", + "@smithy/util-retry": "^4.3.4", "tslib": "^2.6.2" }, "engines": { @@ -969,48 +1025,48 @@ } }, "node_modules/@aws-sdk/nested-clients": { - "version": "3.997.2", - "resolved": "https://registry.npmjs.org/@aws-sdk/nested-clients/-/nested-clients-3.997.2.tgz", - "integrity": "sha512-uGGQO08YetrqfInOKG5atRMrCDRQWRuZ9gGfKY6svPmuE4K7ac+XcbCkpWpjcA7yCYsBaKB/Nly4XKgPXUO1PA==", + "version": "3.997.3", + "resolved": "https://registry.npmjs.org/@aws-sdk/nested-clients/-/nested-clients-3.997.3.tgz", + "integrity": "sha512-SivE6GP228IVgfsrr2c/vqTg95X0Qj39Yw4uIrcddpkUzIltNMoNOR62leHOLhODfjv9K8X2mPTwS69A5kT0nQ==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/core": "^3.974.4", + "@aws-sdk/core": "^3.974.5", "@aws-sdk/middleware-host-header": "^3.972.10", "@aws-sdk/middleware-logger": "^3.972.10", "@aws-sdk/middleware-recursion-detection": "^3.972.11", - "@aws-sdk/middleware-user-agent": "^3.972.34", + "@aws-sdk/middleware-user-agent": "^3.972.35", "@aws-sdk/region-config-resolver": "^3.972.13", - "@aws-sdk/signature-v4-multi-region": "^3.996.21", + "@aws-sdk/signature-v4-multi-region": "^3.996.22", "@aws-sdk/types": "^3.973.8", "@aws-sdk/util-endpoints": "^3.996.8", "@aws-sdk/util-user-agent-browser": "^3.972.10", - "@aws-sdk/util-user-agent-node": "^3.973.20", + "@aws-sdk/util-user-agent-node": "^3.973.21", "@smithy/config-resolver": "^4.4.17", - "@smithy/core": "^3.23.16", + "@smithy/core": "^3.23.17", "@smithy/fetch-http-handler": "^5.3.17", "@smithy/hash-node": "^4.2.14", "@smithy/invalid-dependency": "^4.2.14", "@smithy/middleware-content-length": "^4.2.14", - "@smithy/middleware-endpoint": "^4.4.31", - "@smithy/middleware-retry": "^4.5.4", - "@smithy/middleware-serde": "^4.2.19", + "@smithy/middleware-endpoint": "^4.4.32", + "@smithy/middleware-retry": "^4.5.5", + "@smithy/middleware-serde": "^4.2.20", "@smithy/middleware-stack": "^4.2.14", "@smithy/node-config-provider": "^4.3.14", - "@smithy/node-http-handler": "^4.6.0", + "@smithy/node-http-handler": "^4.6.1", "@smithy/protocol-http": "^5.3.14", - "@smithy/smithy-client": "^4.12.12", + "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", "@smithy/url-parser": "^4.2.14", "@smithy/util-base64": "^4.3.2", "@smithy/util-body-length-browser": "^4.2.2", "@smithy/util-body-length-node": "^4.2.3", - "@smithy/util-defaults-mode-browser": "^4.3.48", - "@smithy/util-defaults-mode-node": "^4.2.53", + "@smithy/util-defaults-mode-browser": "^4.3.49", + "@smithy/util-defaults-mode-node": "^4.2.54", "@smithy/util-endpoints": "^3.4.2", "@smithy/util-middleware": "^4.2.14", - "@smithy/util-retry": "^4.3.3", + "@smithy/util-retry": "^4.3.4", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" }, @@ -1035,12 +1091,12 @@ } }, "node_modules/@aws-sdk/signature-v4-multi-region": { - "version": "3.996.21", - "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.996.21.tgz", - "integrity": "sha512-3EpT+C0QdmTMB5aVeJ5odWSLt9vg2oGzUXl1xvUazKGlkr9OBYnegNWqhhjGgZdv8RmSi5eS8nqqB+euNP2aqA==", + "version": "3.996.22", + "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.996.22.tgz", + "integrity": "sha512-/rXhMXteD+BqhFd0nYprAgcZ/KtU+963uftPqd3tiFcFfooHZINXUGtOmo2SQjRVauCTNqIEzkwuSETdZFqTTA==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/middleware-sdk-s3": "^3.972.33", + "@aws-sdk/middleware-sdk-s3": "^3.972.34", "@aws-sdk/types": "^3.973.8", "@smithy/protocol-http": "^5.3.14", "@smithy/signature-v4": "^5.3.14", @@ -1052,13 +1108,13 @@ } }, "node_modules/@aws-sdk/token-providers": { - "version": "3.1035.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.1035.0.tgz", - "integrity": "sha512-E6IO3Cn+OzBe6Sb5pnubd5Y8qSUMAsVKkD5QSwFfIx5fV1g5SkYwUDRDyPlm90RuIVcCo28wpMJU6W8wXH46Aw==", + "version": "3.1036.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.1036.0.tgz", + "integrity": "sha512-aNSJ6jjDYayxN9ZA1JpycVScX93Lx03kKZ1EXt3DGOTahcWVLJj3oLAlop0xKP+vP2Ga2t49p1tEaMkTbCCaZA==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.4", - "@aws-sdk/nested-clients": "^3.997.2", + "@aws-sdk/core": "^3.974.5", + "@aws-sdk/nested-clients": "^3.997.3", "@aws-sdk/types": "^3.973.8", "@smithy/property-provider": "^4.2.14", "@smithy/shared-ini-file-loader": "^4.4.9", @@ -1131,12 +1187,12 @@ } }, "node_modules/@aws-sdk/util-user-agent-node": { - "version": "3.973.20", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.973.20.tgz", - "integrity": "sha512-owEqyKr0z5hWwk+uHwudwNhyFMZ9f9eSWr/k/XD6yeDCI7hHyc56s4UOY1iBQmoramTbdAY4UCuLLEuKmjVXrg==", + "version": "3.973.21", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.973.21.tgz", + "integrity": "sha512-Av4UHTcAWgdvbN0IP9pbtf4Qa1+6LtJqQdZWj5pLn5J67w0pnJJAZZ+7JPPcj2KN3378zD2JDM9DwJKEyvyMTQ==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/middleware-user-agent": "^3.972.34", + "@aws-sdk/middleware-user-agent": "^3.972.35", "@aws-sdk/types": "^3.973.8", "@smithy/node-config-provider": "^4.3.14", "@smithy/types": "^4.14.1", @@ -2034,6 +2090,39 @@ "constructs": "^10.6.0" } }, + "node_modules/@nhsdigital/eps-deployment-utils": { + "version": "1.7.1", + "resolved": "https://npm.pkg.github.com/download/@nhsdigital/eps-deployment-utils/1.7.1/57ab673766f2037356bc311a333bb399470926ca", + "integrity": "sha512-+KTr2e44psyUtXh0UMBvTdULmy70OmBpny+6F1cEDE00vuIxO9F0goau8aJrPV64Yjx6qCfM1sSUmK7ZgXAt2g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@aws-sdk/client-cloudformation": "^3.1028.0", + "@aws-sdk/client-lambda": "^3.1028.0", + "json-schema-to-ts": "^3.1.1" + } + }, + "node_modules/@nhsdigital/eps-deployment-utils/node_modules/json-schema-to-ts": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/json-schema-to-ts/-/json-schema-to-ts-3.1.1.tgz", + "integrity": "sha512-+DWg8jCJG2TEnpy7kOm/7/AxaYoaRbjVB4LFZLySZlWn8exGs3A4OLJR966cVvU26N7X9TWxl+Jsw7dzAqKT6g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/runtime": "^7.18.3", + "ts-algebra": "^2.0.0" + }, + "engines": { + "node": ">=16" + } + }, + "node_modules/@nhsdigital/eps-deployment-utils/node_modules/ts-algebra": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ts-algebra/-/ts-algebra-2.0.0.tgz", + "integrity": "sha512-FPAhNPFMrkwz76P7cdjdmiShwMynZYN6SgOujD1urY4oNm80Ou9oMdmbR45LotcKOXoy7wSmHkRFE6Mxbrhefw==", + "dev": true, + "license": "MIT" + }, "node_modules/@nhsdigital/eps-spine-client": { "version": "2.1.85", "license": "MIT", @@ -2854,9 +2943,9 @@ } }, "node_modules/@smithy/core": { - "version": "3.23.16", - "resolved": "https://registry.npmjs.org/@smithy/core/-/core-3.23.16.tgz", - "integrity": "sha512-JStomOrINQA1VqNEopLsgcdgwd42au7mykKqVr30XFw89wLt9sDxJDi4djVPRwQmmzyTGy/uOvTc2ultMpFi1w==", + "version": "3.23.17", + "resolved": "https://registry.npmjs.org/@smithy/core/-/core-3.23.17.tgz", + "integrity": "sha512-x7BlLbUFL8NWCGjMF9C+1N5cVCxcPa7g6Tv9B4A2luWx3be3oU8hQ96wIwxe/s7OhIzvoJH73HAUSg5JXVlEtQ==", "license": "Apache-2.0", "dependencies": { "@smithy/protocol-http": "^5.3.14", @@ -2865,7 +2954,7 @@ "@smithy/util-base64": "^4.3.2", "@smithy/util-body-length-browser": "^4.2.2", "@smithy/util-middleware": "^4.2.14", - "@smithy/util-stream": "^4.5.24", + "@smithy/util-stream": "^4.5.25", "@smithy/util-utf8": "^4.2.2", "@smithy/uuid": "^1.1.2", "tslib": "^2.6.2" @@ -3072,13 +3161,13 @@ } }, "node_modules/@smithy/middleware-endpoint": { - "version": "4.4.31", - "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-4.4.31.tgz", - "integrity": "sha512-KJPdCIN2kOE2aGmqZd7eUTr4WQwOGgtLWgUkswGJggs7rBcQYQjcZMEDa3C0DwbOiXS9L8/wDoQHkfxBYLfiLw==", + "version": "4.4.32", + "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-4.4.32.tgz", + "integrity": "sha512-ZZkgyjnJppiZbIm6Qbx92pbXYi1uzenIvGhBSCDlc7NwuAkiqSgS75j1czAD25ZLs2FjMjYy1q7gyRVWG6JA0Q==", "license": "Apache-2.0", "dependencies": { - "@smithy/core": "^3.23.16", - "@smithy/middleware-serde": "^4.2.19", + "@smithy/core": "^3.23.17", + "@smithy/middleware-serde": "^4.2.20", "@smithy/node-config-provider": "^4.3.14", "@smithy/shared-ini-file-loader": "^4.4.9", "@smithy/types": "^4.14.1", @@ -3091,19 +3180,19 @@ } }, "node_modules/@smithy/middleware-retry": { - "version": "4.5.4", - "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-4.5.4.tgz", - "integrity": "sha512-/z7nIFK+ZRW3Ie/l3NEVGdy34LvmEOzBrtBAvgWZ/4PrKX0xP3kWm8pkfcwUk523SqxZhdbQP9JSXgjF77Uhpw==", + "version": "4.5.5", + "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-4.5.5.tgz", + "integrity": "sha512-wnYOpB5vATFKWrY2Z9Alb0KhjZI6AbzU6Fbz3Hq2GnURdRYWB4q+qWivQtSTwXcmWUA3MZ6krfwL6Cq5MAbxsA==", "license": "Apache-2.0", "dependencies": { - "@smithy/core": "^3.23.16", + "@smithy/core": "^3.23.17", "@smithy/node-config-provider": "^4.3.14", "@smithy/protocol-http": "^5.3.14", "@smithy/service-error-classification": "^4.3.0", - "@smithy/smithy-client": "^4.12.12", + "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", "@smithy/util-middleware": "^4.2.14", - "@smithy/util-retry": "^4.3.3", + "@smithy/util-retry": "^4.3.4", "@smithy/uuid": "^1.1.2", "tslib": "^2.6.2" }, @@ -3112,12 +3201,12 @@ } }, "node_modules/@smithy/middleware-serde": { - "version": "4.2.19", - "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-4.2.19.tgz", - "integrity": "sha512-Q6y+W9h3iYVMCKWDoVge+OC1LKFqbEKaq8SIWG2X2bWJRpd/6dDLyICcNLT6PbjH3Rr6bmg/SeDB25XFOFfeEw==", + "version": "4.2.20", + "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-4.2.20.tgz", + "integrity": "sha512-Lx9JMO9vArPtiChE3wbEZ5akMIDQpWQtlu90lhACQmNOXcGXRbaDywMHDzuDZ2OkZzP+9wQfZi3YJT9F67zTQQ==", "license": "Apache-2.0", "dependencies": { - "@smithy/core": "^3.23.16", + "@smithy/core": "^3.23.17", "@smithy/protocol-http": "^5.3.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" @@ -3155,9 +3244,9 @@ } }, "node_modules/@smithy/node-http-handler": { - "version": "4.6.0", - "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-4.6.0.tgz", - "integrity": "sha512-P734cAoTFtuGfWa/R3jgBnGlURt2w9bYEBwQNMKf58sRM9RShirB2mKwLsVP+jlG/wxpCu8abv8NxdUts8tdLA==", + "version": "4.6.1", + "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-4.6.1.tgz", + "integrity": "sha512-iB+orM4x3xrr57X3YaXazfKnntl0LHlZB1kcXSGzMV1Tt0+YwEjGlbjk/44qEGtBzXAz6yFDzkYTKSV6Pj2HUg==", "license": "Apache-2.0", "dependencies": { "@smithy/protocol-http": "^5.3.14", @@ -3267,17 +3356,17 @@ } }, "node_modules/@smithy/smithy-client": { - "version": "4.12.12", - "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-4.12.12.tgz", - "integrity": "sha512-daO7SJn4eM6ArbmrEs+/BTbH7af8AEbSL3OMQdcRvvn8tuUcR5rU2n6DgxIV53aXMS42uwK8NgKKCh5XgqYOPQ==", + "version": "4.12.13", + "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-4.12.13.tgz", + "integrity": "sha512-y/Pcj1V9+qG98gyu1gvftHB7rDpdh+7kIBIggs55yGm3JdtBV8GT8IFF3a1qxZ79QnaJHX9GXzvBG6tAd+czJA==", "license": "Apache-2.0", "dependencies": { - "@smithy/core": "^3.23.16", - "@smithy/middleware-endpoint": "^4.4.31", + "@smithy/core": "^3.23.17", + "@smithy/middleware-endpoint": "^4.4.32", "@smithy/middleware-stack": "^4.2.14", "@smithy/protocol-http": "^5.3.14", "@smithy/types": "^4.14.1", - "@smithy/util-stream": "^4.5.24", + "@smithy/util-stream": "^4.5.25", "tslib": "^2.6.2" }, "engines": { @@ -3364,13 +3453,13 @@ } }, "node_modules/@smithy/util-defaults-mode-browser": { - "version": "4.3.48", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-4.3.48.tgz", - "integrity": "sha512-hxVRVPYaRDWa6YQdse1aWX1qrksmLsvNyGBKdc32q4jFzSjxYVNWfstknAfR228TnzS4tzgswXRuYIbhXBuXFQ==", + "version": "4.3.49", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-4.3.49.tgz", + "integrity": "sha512-a5bNrdiONYB/qE2BuKegvUMd/+ZDwdg4vsNuuSzYE8qs2EYAdK9CynL+Rzn29PbPiUqoz/cbpRbcLzD5lEevHw==", "license": "Apache-2.0", "dependencies": { "@smithy/property-provider": "^4.2.14", - "@smithy/smithy-client": "^4.12.12", + "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" }, @@ -3379,16 +3468,16 @@ } }, "node_modules/@smithy/util-defaults-mode-node": { - "version": "4.2.53", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-4.2.53.tgz", - "integrity": "sha512-ybgCk+9JdBq8pYC8Y6U5fjyS8e4sboyAShetxPNL0rRBtaVl56GSFAxsolVBIea1tXR4LPIzL8i6xqmcf0+DCQ==", + "version": "4.2.54", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-4.2.54.tgz", + "integrity": "sha512-g1cvrJvOnzeJgEdf7AE4luI7gp6L8weE0y9a9wQUSGtjb8QRHDbCJYuE4Sy0SD9N8RrnNPFsPltAz/OSoBR9Zw==", "license": "Apache-2.0", "dependencies": { "@smithy/config-resolver": "^4.4.17", "@smithy/credential-provider-imds": "^4.2.14", "@smithy/node-config-provider": "^4.3.14", "@smithy/property-provider": "^4.2.14", - "@smithy/smithy-client": "^4.12.12", + "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" }, @@ -3434,9 +3523,9 @@ } }, "node_modules/@smithy/util-retry": { - "version": "4.3.3", - "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-4.3.3.tgz", - "integrity": "sha512-idjUvd4M9Jj6rXkhqw4H4reHoweuK4ZxYWyOrEp4N2rOF5VtaOlQGLDQJva/8WanNXk9ScQtsAb7o5UHGvFm4A==", + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-4.3.4.tgz", + "integrity": "sha512-FY1UQQ1VFmMwiYp1GVS4MeaGD5O0blLNYK0xCRHU+mJgeoH/hSY8Ld8sJWKQ6uznkh14HveRGQJncgPyNl9J+A==", "license": "Apache-2.0", "dependencies": { "@smithy/service-error-classification": "^4.3.0", @@ -3448,13 +3537,13 @@ } }, "node_modules/@smithy/util-stream": { - "version": "4.5.24", - "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-4.5.24.tgz", - "integrity": "sha512-na5vv2mBSDzXewLEEoWGI7LQQkfpmFEomBsmOpzLFjqGctm0iMwXY5lAwesY9pIaErkccW0qzEOUcYP+WKneXg==", + "version": "4.5.25", + "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-4.5.25.tgz", + "integrity": "sha512-/PFpG4k8Ze8Ei+mMKj3oiPICYekthuzePZMgZbCqMiXIHHf4n2aZ4Ps0aSRShycFTGuj/J6XldmC0x0DwednIA==", "license": "Apache-2.0", "dependencies": { "@smithy/fetch-http-handler": "^5.3.17", - "@smithy/node-http-handler": "^4.6.0", + "@smithy/node-http-handler": "^4.6.1", "@smithy/types": "^4.14.1", "@smithy/util-base64": "^4.3.2", "@smithy/util-buffer-from": "^4.2.2", @@ -8292,7 +8381,7 @@ "packages/cdk": { "version": "0.1.0", "dependencies": { - "@nhsdigital/eps-cdk-constructs": "^1.6.1", + "@nhsdigital/eps-cdk-constructs": "^1.6.2", "aws-cdk": "^2.1106.0", "aws-cdk-lib": "^2.239.0", "cdk-nag": "^2.37.55", @@ -8409,6 +8498,7 @@ "yaml": "^2.8.3" }, "devDependencies": { + "@nhsdigital/eps-deployment-utils": "^1.6.2", "@redocly/cli": "^2.28.1", "tsx": "4.21.0" }, diff --git a/packages/cdk/package.json b/packages/cdk/package.json index 6e69d5a4e..45ee04046 100644 --- a/packages/cdk/package.json +++ b/packages/cdk/package.json @@ -12,7 +12,7 @@ "test": "vitest run --coverage" }, "dependencies": { - "@nhsdigital/eps-cdk-constructs": "^1.6.1", + "@nhsdigital/eps-cdk-constructs": "^1.6.2", "aws-cdk": "^2.1106.0", "aws-cdk-lib": "^2.239.0", "cdk-nag": "^2.37.55", diff --git a/packages/specification/deleteProxygenDeployments.ts b/packages/specification/deleteProxygenDeployments.ts new file mode 100644 index 000000000..6b50c07ca --- /dev/null +++ b/packages/specification/deleteProxygenDeployments.ts @@ -0,0 +1,11 @@ +import {deleteProxygenDeployments} from "@nhsdigital/eps-deployment-utils" + +deleteProxygenDeployments( + "clinical-prescription-tracker", + "electronic-prescription-service-clinical-prescription-tracker", + "ClinicalTrackerProxygenPrivateKey", + "eps-clinical-tracker" +).catch((error) => { + console.error("Error deleting proxygen deployments:", error) + process.exit(1) +}) diff --git a/packages/specification/package.json b/packages/specification/package.json index 61bc118bb..b02f12572 100644 --- a/packages/specification/package.json +++ b/packages/specification/package.json @@ -13,9 +13,12 @@ "scripts": { "lint": "redocly lint --extends=recommended --config ./redocly.yaml", "compile": "node resolve-examples.js && redocly bundle prescriptions-for-patients.preprocessed.yaml -o dist/prescriptions-for-patients.resolved.json", - "clean": "rm -rf lib coverage prescriptions-for-patients.preprocessed.yaml" + "clean": "rm -rf lib coverage prescriptions-for-patients.preprocessed.yaml", + "delete-old-pr-deployments": "tsx ./scripts/deleteProxygenDeployments.ts", + "deploy-api": "tsx ./scripts/deploy_api.ts" }, "devDependencies": { + "@nhsdigital/eps-deployment-utils": "^1.6.2", "@redocly/cli": "^2.28.1", "tsx": "4.21.0" }, From a349685d70784a681dfb6c1945362d89c79d5545 Mon Sep 17 00:00:00 2001 From: tstephen-nhs <231503406+tstephen-nhs@users.noreply.github.com> Date: Fri, 24 Apr 2026 14:43:49 +0000 Subject: [PATCH 9/9] chore: zizmor --- zizmor.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/zizmor.yml b/zizmor.yml index b303c8775..f18a7289b 100644 --- a/zizmor.yml +++ b/zizmor.yml @@ -13,8 +13,7 @@ rules: secrets-outside-env: # these are ignored because they are using known secrets ignore: - - delete_old_cloudformation_stacks.yml:34:31 - - delete_old_cloudformation_stacks.yml:61:31 + - delete_old_cloudformation_stacks.yml:46:31 + - delete_old_cloudformation_stacks.yml:58:31 + - delete_old_cloudformation_stacks.yml:88:31 - run_regression_tests.yml:55:28 - - delete_old_cloudformation_stacks.yml:64:31 - - delete_old_cloudformation_stacks.yml:36:31