NHSDigital · anthony-nhs · Jul 30, 2025 · Jul 15, 2025 · Jul 15, 2025 · Jul 15, 2025
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,12 +1,23 @@
 FROM mcr.microsoft.com/devcontainers/base:ubuntu
 
 # Install system dependencies
-RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
-  && apt-get -y install --no-install-recommends \
-     curl git build-essential libssl-dev zlib1g-dev \
-     libbz2-dev libreadline-dev libsqlite3-dev wget llvm \
-     libncurses5-dev libncursesw5-dev xz-utils tk-dev \
-     liblzma-dev python3-pip libffi-dev libyaml-dev
+RUN apt-get update \
+    && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -y dist-upgrade \
+    && apt-get -y install --no-install-recommends htop vim curl git build-essential \
+    libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev libbz2-dev \
+    zlib1g-dev unixodbc unixodbc-dev libsecret-1-0 libsecret-1-dev libsqlite3-dev \
+    jq apt-transport-https ca-certificates gnupg-agent \
+    software-properties-common bash-completion python3-pip make libbz2-dev \
+    libreadline-dev libsqlite3-dev wget llvm libncurses5-dev libncursesw5-dev \
+    xz-utils tk-dev liblzma-dev netcat-openbsd libyaml-dev
+
+# Install aws stuff
+RUN wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" && \
+    unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \
+    /tmp/aws-cli/aws/install && \
+    rm tmp/awscliv2.zip && \
+    rm -rf /tmp/aws-cli
 
 # Set user to vscode
 USER vscode
@@ -41,4 +52,5 @@ ADD .tool-versions /home/vscode/.tool-versions
 RUN asdf install; \
     asdf reshim python; \
     asdf reshim poetry; \
+    asdf reshim nodejs; \
     asdf direnv setup --shell bash --version 2.32.2;
diff --git a/.gitallowed b/.gitallowed
@@ -23,3 +23,6 @@ sha256:[a-f0-9]{64}
 .*=\s*"[><=!~^,0-9\s\.]+"
 app = App\(token=bot_token\)
 token=bot_token
+token: slackBotToken
+token: props\.slackBotToken
+secretValue: JSON\.stringify\(\{token: props\.slackBotToken\}\)
diff --git a/.github/workflows/cdk_package_code.yml b/.github/workflows/cdk_package_code.yml
@@ -3,6 +3,9 @@ name: cdk package code
 on:
   workflow_call:
     inputs:
+      STACK_NAME:
+        required: true
+        type: string
       VERSION_NUMBER:
         required: true
         type: string
@@ -56,6 +59,11 @@ jobs:
         run: |
           make install
 
+      - name: Build Python Lambda Functions
+        run: |
+          pip3 install -r packages/slackBotFunction/requirements.txt -t packages/slackBotFunction
+          pip3 install -r packages/createIndexFunction/requirements.txt -t packages/createIndexFunction
+
       - name: 'Tar files'
         run: |
           tar -rf artifact.tar \

diff --git a/.github/workflows/cdk_release_code.yml b/.github/workflows/cdk_release_code.yml
@@ -18,6 +18,9 @@ on:
       CDK_APP_NAME:
         required: true
         type: string
+      DEPLOY_CODE:
+        type: boolean
+        default: false
       LOG_RETENTION_IN_DAYS:
         required: true
         type: string
@@ -74,7 +77,7 @@ jobs:
         with:
           name: build_artifact
 
-      - name: extract build_artifact
+      - name: Extract build_artifact
         run: |
           mkdir -p .build
           tar -xf artifact.tar -C .build
@@ -106,6 +109,7 @@ jobs:
         run: |
           ./.github/scripts/fix_cdk_json.sh
         env:
+          ACCOUNT_ID: "${{ env.ACCOUNT_ID }}"
           STACK_NAME: "${{ inputs.STACK_NAME }}"
           VERSION_NUMBER: "${{ inputs.VERSION_NUMBER }}"
           COMMIT_ID: "${{ inputs.COMMIT_ID }}"
@@ -117,35 +121,29 @@ jobs:
       - name: Show diff
         run: |
           docker run \
-          -v "$(pwd)/.build":/home/cdkuser/workspace/ \
-          -e AWS_ACCESS_KEY_ID=${{ steps.connect-aws.outputs.aws-access-key-id }} \
-          -e AWS_SECRET_ACCESS_KEY=${{ steps.connect-aws.outputs.aws-secret-access-key }} \
-          -e AWS_SESSION_TOKEN=${{ steps.connect-aws.outputs.aws-session-token }} \
-          -e AWS_REGION="eu-west-2" \
-          -e stack_name="${{ inputs.STACK_NAME }}" \
-          -e VERSION_NUMBER="${{ inputs.VERSION_NUMBER}}" \
-          -e COMMIT_ID="${{ inputs.COMMIT_ID}}" \
-          -e SHOW_DIFF="true" \
-          -e DEPLOY_CODE="false" \
-          -e CDK_APP_PATH="packages/cdk/bin/EpsAssistMeApp.ts" \
-          cdk-utils-build-repo:latest
-        shell: bash
+            -v "$(pwd)/.build":/home/cdkuser/workspace/ \
+            -e AWS_ACCESS_KEY_ID=${{ steps.connect-aws.outputs.aws-access-key-id }} \
+            -e AWS_SECRET_ACCESS_KEY=${{ steps.connect-aws.outputs.aws-secret-access-key }} \
+            -e AWS_SESSION_TOKEN=${{ steps.connect-aws.outputs.aws-session-token }} \
+            -e AWS_REGION="eu-west-2" \
+            -e SHOW_DIFF="true" \
+            -e DEPLOY_CODE="false" \
+            -e CDK_APP_PATH="packages/cdk/bin/EpsAssistMeApp.ts" \
+            cdk-utils-build-repo:latest
 
       - name: Deploy code
+        if: ${{ inputs.DEPLOY_CODE == true }}
         run: |
           docker run \
-          -v "$(pwd)/.build":/home/cdkuser/workspace/ \
-          -e AWS_ACCESS_KEY_ID=${{ steps.connect-aws.outputs.aws-access-key-id }} \
-          -e AWS_SECRET_ACCESS_KEY=${{ steps.connect-aws.outputs.aws-secret-access-key }} \
-          -e AWS_SESSION_TOKEN=${{ steps.connect-aws.outputs.aws-session-token }} \
-          -e AWS_REGION="eu-west-2" \
-          -e stack_name="${{ inputs.STACK_NAME }}" \
-          -e VERSION_NUMBER="${{ inputs.VERSION_NUMBER}}" \
-          -e COMMIT_ID="${{ inputs.COMMIT_ID}}" \
-          -e SHOW_DIFF="false" \
-          -e DEPLOY_CODE="true" \
-          -e CDK_APP_PATH="packages/cdk/bin/EpsAssistMeApp.ts" \
-          cdk-utils-build-repo:latest
+            -v "$(pwd)/.build":/home/cdkuser/workspace/ \
+            -e AWS_ACCESS_KEY_ID=${{ steps.connect-aws.outputs.aws-access-key-id }} \
+            -e AWS_SECRET_ACCESS_KEY=${{ steps.connect-aws.outputs.aws-secret-access-key }} \
+            -e AWS_SESSION_TOKEN=${{ steps.connect-aws.outputs.aws-session-token }} \
+            -e AWS_REGION="eu-west-2" \
+            -e SHOW_DIFF="false" \
+            -e DEPLOY_CODE="true" \
+            -e CDK_APP_PATH="packages/cdk/bin/EpsAssistMeApp.ts" \
+            cdk-utils-build-repo:latest
         shell: bash
 
       - name: mark_released_in_jira
@@ -162,13 +160,6 @@ jobs:
           ref: gh-pages
           path: gh-pages
 
-      - name: Checkout gh-pages
-        if: ${{ !startsWith(inputs.STACK_NAME, 'lambda-resources-pr-') }}
-        uses: actions/checkout@v4
-        with:
-          ref: gh-pages
-          path: gh-pages
-
       - name: Update release tag in github pages
         if: ${{ !startsWith(inputs.STACK_NAME, 'epsam-pr-') }}
         run: |

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -98,6 +98,7 @@ jobs:
     needs: [get_commit_id, tag_release]
     uses: ./.github/workflows/cdk_package_code.yml
     with:
+      STACK_NAME: epsam
       VERSION_NUMBER: ${{ needs.tag_release.outputs.version_tag }}
       COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
 
@@ -110,6 +111,7 @@ jobs:
       VERSION_NUMBER: ${{ needs.tag_release.outputs.version_tag }}
       COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
       CDK_APP_NAME: EpsAssistMeApp
+      DEPLOY_CODE: true
       LOG_RETENTION_IN_DAYS: 30
       LOG_LEVEL: DEBUG
       MARK_JIRA_RELEASED: false

diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -56,21 +56,22 @@ jobs:
     needs: [get_issue_number, get_commit_id]
     uses: ./.github/workflows/cdk_package_code.yml
     with:
+      STACK_NAME: epsam
       VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }}
       COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
 
   release_code:
     needs: [get_issue_number, package_code, get_commit_id]
     uses: ./.github/workflows/cdk_release_code.yml
     with:
-      STACK_NAME: epsam-pr-${{needs.get_issue_number.outputs.issue_number}}
+      STACK_NAME: epsam
       TARGET_ENVIRONMENT: dev-pr
       VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }}
       COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
       CDK_APP_NAME: EpsAssistMeApp
+      DEPLOY_CODE: true
       LOG_RETENTION_IN_DAYS: 30
       LOG_LEVEL: DEBUG
-
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
       CDK_PULL_IMAGE_ROLE: ${{ secrets.DEV_CDK_PULL_IMAGE_ROLE }}

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -117,6 +117,7 @@ jobs:
     needs: [get_commit_id, tag_release]
     uses: ./.github/workflows/cdk_package_code.yml
     with:
+      STACK_NAME: epsam
       VERSION_NUMBER: ${{ needs.tag_release.outputs.version_tag }}
       COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
 
@@ -129,6 +130,7 @@ jobs:
       VERSION_NUMBER: ${{ needs.tag_release.outputs.version_tag }}
       COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
       CDK_APP_NAME: EpsAssistMeApp
+      DEPLOY_CODE: true
       LOG_RETENTION_IN_DAYS: 30
       LOG_LEVEL: DEBUG
     secrets:

diff --git a/.gitignore b/.gitignore
@@ -28,3 +28,4 @@ _site/
 vendor
 .npmrc
 cdk.out
+.build
diff --git a/.tool-versions b/.tool-versions
@@ -1,5 +1,5 @@
 nodejs 22.12.0
-python 3.12.7
+python 3.13.3
 poetry 1.8.3
 shellcheck 0.10.0
 direnv 2.32.2

diff --git a/.vscode/eps-assist-me.code-workspace b/.vscode/eps-assist-me.code-workspace
@@ -7,6 +7,14 @@
 		{
 			"name": "packages/cdk",
 			"path": "../packages/cdk"
+		},
+		{
+			"name": "packages/createIndexFunction",
+			"path": "../packages/createIndexFunction"
+		},
+		{
+			"name": "packages/slackBotFunction",
+			"path": "../packages/slackBotFunction"
 		}
 	],
 	"settings": {

diff --git a/Makefile b/Makefile
@@ -17,20 +17,37 @@ install-hooks: install-python
 install-node:
 	npm ci
 
+compile-node:
+	npx tsc --build tsconfig.build.json
+
 pre-commit: git-secrets-docker-setup
 	poetry run pre-commit run --all-files
 
 git-secrets-docker-setup:
 	export LOCAL_WORKSPACE_FOLDER=$(pwd)
 	docker build -f https://raw.githubusercontent.com/NHSDigital/eps-workflow-quality-checks/refs/tags/v4.0.4/dockerfiles/nhsd-git-secrets.dockerfile -t git-secrets .
 
+lint: lint-githubactions lint-githubaction-scripts
+
 lint-githubactions:
 	actionlint
 
 lint-githubaction-scripts:
+	shellcheck ./scripts/*.sh
 	shellcheck .github/scripts/*.sh
 
-lint: lint-githubactions lint-githubaction-scripts
+test: compile-node
+	npm run test --workspace packages/cdk
+
+clean:
+	rm -rf packages/cdk/coverage
+	rm -rf packages/cdk/lib
+	rm -rf cdk.out
+	rm -rf .build
+
+deep-clean: clean
+	rm -rf .venv
+	find . -name 'node_modules' -type d -prune -exec rm -rf '{}' +
 
 check-licenses: check-licenses-node check-licenses-python
 
@@ -43,6 +60,12 @@ check-licenses-python:
 aws-configure:
 	aws configure sso --region eu-west-2
 
+aws-login:
+	aws sso login --sso-session sso-session
+
+cfn-guard:
+	./scripts/run_cfn_guard.sh
+
 cdk-deploy: guard-stack_name
 	REQUIRE_APPROVAL="$${REQUIRE_APPROVAL:-any-change}" && \
 	VERSION_NUMBER="$${VERSION_NUMBER:-undefined}" && \
@@ -52,23 +75,34 @@ cdk-deploy: guard-stack_name
 		--all \
 		--ci true \
 		--require-approval $${REQUIRE_APPROVAL} \
+		--context accountId=$$ACCOUNT_ID \
 		--context stackName=$$stack_name \
-		--context VERSION_NUMBER=$$VERSION_NUMBER \
-		--context COMMIT_ID=$$COMMIT_ID 
+		--context versionNumber=$$VERSION_NUMBER \
+		--context commitId=$$COMMIT_ID \
+		--context logRetentionInDays=$$LOG_RETENTION_IN_DAYS \
+		--context slackBotToken=$$SLACK_BOT_TOKEN \
+		--context slackSigningSecret=$$SLACK_SIGNING_SECRET
 
 cdk-synth:
 	npx cdk synth \
+		--quiet \
 		--app "npx ts-node --prefer-ts-exts packages/cdk/bin/EpsAssistMeApp.ts" \
+		--context accountId=undefined \
 		--context stackName=epsam \
-		--context VERSION_NUMBER=undefined \
-		--context COMMIT_ID=undefined 
+		--context versionNumber=undefined \
+		--context commitId=undefined \
+		--context logRetentionInDays=30 \
+		--context slackBotToken=dummy \
+		--context slackSigningSecret=dummy
 
 cdk-diff:
 	npx cdk diff \
 		--app "npx ts-node --prefer-ts-exts packages/cdk/bin/EpsAssistMeApp.ts" \
+		--context accountId=$$ACCOUNT_ID \
 		--context stackName=$$stack_name \
-		--context VERSION_NUMBER=$$VERSION_NUMBER \
-		--context COMMIT_ID=$$COMMIT_ID 
+		--context versionNumber=$$VERSION_NUMBER \
+		--context commitId=$$COMMIT_ID \
+		--context logRetentionInDays=$$LOG_RETENTION_IN_DAYS
 
 cdk-watch: guard-stack_name
 	REQUIRE_APPROVAL="$${REQUIRE_APPROVAL:-any-change}" && \
@@ -80,6 +114,10 @@ cdk-watch: guard-stack_name
 		--all \
 		--ci true \
 		--require-approval $${REQUIRE_APPROVAL} \
+		--context accountId=$$ACCOUNT_ID \
 		--context stackName=$$stack_name \
-		--context VERSION_NUMBER=$$VERSION_NUMBER \
-		--context COMMIT_ID=$$COMMIT_ID
+		--context versionNumber=$$VERSION_NUMBER \
+		--context commitId=$$COMMIT_ID \
+		--context logRetentionInDays=$$LOG_RETENTION_IN_DAYS \
+		--context slackBotToken=$$SLACK_BOT_TOKEN \
+		--context slackSigningSecret=$$SLACK_SIGNING_SECRET
-Original file line number
+Diff line change
@@ Expand Up / @@ -28,3 +28,4 @@ _site/ @@
     vendor
     .npmrc
     cdk.out
+    .build