Merge branch 'main' into old_hapi

anthony-nhs · web-flow · commit 92e9e99412eb · 2025-08-20T15:38:55.000+01:00
diff --git a/.github/scripts/release_code.sh b/.github/scripts/release_code.sh
@@ -14,4 +14,29 @@ LATEST_TRUSTSTORE_VERSION=$(aws s3api list-object-versions --bucket "${TRUSTSTOR
 export LATEST_TRUSTSTORE_VERSION
 
 cd ../../ || exit
-make sam-deploy-package
+
+REPO=eps-FHIR-validator-lambda
+CFN_DRIFT_DETECTION_GROUP="fhir-validator"
+if [[ "$STACK_NAME" =~ -pr-[0-9]+$ ]]; then
+  CFN_DRIFT_DETECTION_GROUP="fhir-validator-pull-request"
+fi
+
+
+sam deploy \
+    --template-file "$TEMPLATE_FILE" \
+    --stack-name "$STACK_NAME" \
+    --capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \
+    --region eu-west-2 \
+    --s3-bucket "$artifact_bucket" \
+    --s3-prefix "$ARTIFACT_BUCKET_PREFIX" \
+    --config-file samconfig_package_and_deploy.toml \
+    --no-fail-on-empty-changeset \
+    --role-arn "$cloud_formation_execution_role" \
+    --no-confirm-changeset \
+    --force-upload \
+    --tags "version=$VERSION_NUMBER stack=$STACK_NAME repo=$REPO cfnDriftDetectionGroup=$CFN_DRIFT_DETECTION_GROUP" \
+    --parameter-overrides \
+            EnableSplunk=true \
+            LogLevel="$LOG_LEVEL" \
+            LogRetentionDays="$LOG_RETENTION_DAYS" \
+            EnableAlerts="$ENABLE_ALERTS"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -9,7 +9,7 @@ env:
 
 jobs:
   quality_checks:
-    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.5
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.1.0
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
     with:
@@ -32,7 +32,7 @@ jobs:
       version_tag: ${{steps.output_version_tag.outputs.VERSION_TAG}}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ env.BRANCH_NAME }}
           fetch-depth: 0
diff --git a/.github/workflows/delete_old_cloudformation_stacks.yml b/.github/workflows/delete_old_cloudformation_stacks.yml
@@ -19,7 +19,7 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       - name: Checkout local github scripts
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ env.BRANCH_NAME }}
           sparse-checkout: |
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -9,7 +9,7 @@ env:
 
 jobs:
   quality_checks:
-    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.5
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.1.0
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
     with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -8,7 +8,7 @@ env:
 
 jobs:
   quality_checks:
-    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.5
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.1.0
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
     with:
@@ -31,7 +31,7 @@ jobs:
       version_tag: ${{steps.output_version_tag.outputs.VERSION_TAG}}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ env.BRANCH_NAME }}
           fetch-depth: 0
diff --git a/.github/workflows/sam_package_code.yml b/.github/workflows/sam_package_code.yml
@@ -16,7 +16,7 @@ jobs:
           java-version: '21'
           distribution: 'adopt'
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ env.BRANCH_NAME }}
 
diff --git a/.github/workflows/sam_release_code.yml b/.github/workflows/sam_release_code.yml
@@ -64,7 +64,7 @@ jobs:
 
     steps:
       - name: Checkout local github actions
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ env.BRANCH_NAME }}
           fetch-depth: 0
@@ -91,7 +91,7 @@ jobs:
           role-session-name: fhir-validator-lambda-release-code
 
       - name: download build artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: ${{ inputs.BUILD_ARTIFACT }}
           path: .
@@ -100,13 +100,13 @@ jobs:
         shell: bash
         working-directory: .github/scripts
         env:
-          artifact_bucket_prefix: fhir_validator/${{ inputs.ARTIFACT_BUCKET_PREFIX }}
+          ARTIFACT_BUCKET_PREFIX: fhir_validator/${{ inputs.ARTIFACT_BUCKET_PREFIX }}
           COMMIT_ID: ${{ inputs.COMMIT_ID }}
           LOG_LEVEL: ${{ inputs.LOG_LEVEL }}
           LOG_RETENTION_DAYS: ${{ inputs.LOG_RETENTION_DAYS }}
-          stack_name: ${{ inputs.STACK_NAME }}
+          STACK_NAME: ${{ inputs.STACK_NAME }}
           TARGET_ENVIRONMENT: ${{ inputs.TARGET_ENVIRONMENT }}
-          template_file: template.yaml
+          TEMPLATE_FILE: template.yaml
           VERSION_NUMBER: ${{ inputs.VERSION_NUMBER }}
           ENABLE_ALERTS: ${{ inputs.ENABLE_ALERTS }}
         run: ./release_code.sh
@@ -141,7 +141,7 @@ jobs:
           DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
 
       - name: Checkout gh-pages
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: gh-pages
           path: gh-pages
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -13,7 +13,7 @@
     "devDependencies": {
         "@semantic-release/changelog": "^6.0.3",
         "@semantic-release/release-notes-generator": "^14.0.3",
-        "semantic-release": "^24.2.6"
+        "semantic-release": "^24.2.7"
     },
     "dependencies": {
         "conventional-changelog-eslint": "^6.0.0"
diff --git a/pom.xml b/pom.xml
@@ -21,7 +21,7 @@
         <legacy.fhir.version>5.4.2</legacy.fhir.version>
         <current.fhir.version>7.6.1</current.fhir.version>
         <log4j.version>2.24.3</log4j.version>
-        <fasterxml.version>2.19.1</fasterxml.version>
+        <fasterxml.version>2.19.2</fasterxml.version>
         <sonar.organization>nhsdigital</sonar.organization>
         <sonar.host.url>https://sonarcloud.io</sonar.host.url>
         <sonar.projectKey>NHSDigital_eps-FHIR-validator-lambda</sonar.projectKey>
@@ -32,7 +32,7 @@
             <dependency>
                 <groupId>org.junit</groupId>
                 <artifactId>junit-bom</artifactId>
-                <version>5.13.2</version>
+                <version>5.13.4</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -61,7 +61,7 @@
         <dependency>
             <groupId>com.amazonaws</groupId>
             <artifactId>aws-lambda-java-events</artifactId>
-            <version>3.16.0</version>
+            <version>3.16.1</version>
         </dependency>
         <dependency>
             <groupId>com.amazonaws</groupId>
@@ -132,7 +132,7 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>5.18.0</version>
+            <version>5.19.0</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
