From 99096aa4d6cf999276f5cb5cb228732f24f0e229 Mon Sep 17 00:00:00 2001
From: aidenvaines-bjss <54067008+aidenvaines-bjss@users.noreply.github.com>
Date: Mon, 1 Dec 2025 00:35:32 +0000
Subject: [PATCH] Drift from template

---
 .github/scripts/dispatch_internal_repo_workflow.sh   |  5 ++---
 .../scheduled-repository-template-sync.yaml          |  4 ++--
 .github/workflows/scorecard.yml                      |  6 +++---
 infrastructure/terraform/bin/terraform.sh            |  1 +
 scripts/config/pre-commit.yaml                       | 12 +-----------
 scripts/githooks/check-file-format.sh                |  6 ++----
 scripts/githooks/check-markdown-format.sh            |  6 +++---
 scripts/githooks/check-todos.sh                      |  1 -
 8 files changed, 14 insertions(+), 27 deletions(-)

diff --git a/.github/scripts/dispatch_internal_repo_workflow.sh b/.github/scripts/dispatch_internal_repo_workflow.sh
index b73989e03..a52c1bbee 100755
--- a/.github/scripts/dispatch_internal_repo_workflow.sh
+++ b/.github/scripts/dispatch_internal_repo_workflow.sh
@@ -20,7 +20,7 @@
 # All arguments are required except terraformAction, and internalRef.
 # Example:
 #   ./dispatch_internal_repo_workflow.sh \
-#     --infraRepoName "nhs-notify-web-template-management" \
+#     --infraRepoName "nhs-notify-dns" \
 #     --releaseVersion "v1.2.3" \
 #     --targetWorkflow "deploy.yaml" \
 #     --targetEnvironment "prod" \
@@ -86,7 +86,7 @@ while [[ $# -gt 0 ]]; do
       ;;
   esac
 done
-# Validate required parameters
+
 if [[ -z "$APP_PEM_FILE" ]]; then
   echo "[ERROR] PEM_FILE environment variable is not set or is empty."
   exit 1
@@ -140,7 +140,6 @@ PR_TRIGGER_PAT=$(curl --request POST \
   -H "Authorization: Bearer ${JWT}" \
   -H "X-GitHub-Api-Version: 2022-11-28" | jq -r '.token')
 
-
 # Set default values if not provided
 if [[ -z "$PR_TRIGGER_PAT" ]]; then
   echo "[ERROR] PR_TRIGGER_PAT environment variable is not set or is empty."
diff --git a/.github/workflows/scheduled-repository-template-sync.yaml b/.github/workflows/scheduled-repository-template-sync.yaml
index b8484e12a..e91148656 100644
--- a/.github/workflows/scheduled-repository-template-sync.yaml
+++ b/.github/workflows/scheduled-repository-template-sync.yaml
@@ -16,10 +16,10 @@ jobs:
 
     steps:
     - name: Check out the repository
-      uses: actions/checkout@v5.0.0
+      uses: actions/checkout@v4
 
     - name: Check out external repository
-      uses: actions/checkout@v5.0.0
+      uses: actions/checkout@v4
       with:
         repository: NHSDigital/nhs-notify-repository-template
         path: nhs-notify-repository-template
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 9794746d6..5552785d3 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -32,12 +32,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -68,6 +68,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
+        uses: github/codeql-action/upload-sarif@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19
         with:
           sarif_file: results.sarif
diff --git a/infrastructure/terraform/bin/terraform.sh b/infrastructure/terraform/bin/terraform.sh
index 659b535c2..b0791e5ff 100755
--- a/infrastructure/terraform/bin/terraform.sh
+++ b/infrastructure/terraform/bin/terraform.sh
@@ -599,6 +599,7 @@ readonly backend_config="terraform {
     region         = \"${region}\"
     bucket         = \"${bucket}\"
     key            = \"${backend_key}\"
+    dynamodb_table = \"${bucket}\"
     use_lockfile   = true
   }
 }";
diff --git a/scripts/config/pre-commit.yaml b/scripts/config/pre-commit.yaml
index 6b5f90d73..29397e233 100644
--- a/scripts/config/pre-commit.yaml
+++ b/scripts/config/pre-commit.yaml
@@ -3,11 +3,6 @@ repos:
     rev: v5.0.0 # Use the ref you want to point at
     hooks:
       - id: trailing-whitespace
-        exclude: |
-          (?x)^(
-            frontend/src/__tests__/.*\.tsx\.snap |
-            frontend/src/__tests__/utils/markdownit/fixtures/index\.ts
-          )$
       - id: detect-aws-credentials
         args: [--allow-missing-credentials]
       - id: check-added-large-files
@@ -17,11 +12,6 @@ repos:
       - id: forbid-new-submodules
       - id: mixed-line-ending
       - id: pretty-format-json
-        exclude: |
-          (?x)^(
-            .*/?package-lock.json |
-            packages/event-schemas/schemas/[^/]+/[^/]+\.json
-          )$
         args: ['--autofix']
     # -   id: ...
   - repo: local
@@ -42,7 +32,7 @@ repos:
     hooks:
       - id: check-file-format
         name: Check file format
-        entry: /usr/bin/env check=branch exclude=frontend/src/__tests__/utils/markdownit/fixtures/index.ts ./scripts/githooks/check-file-format.sh
+        entry: /usr/bin/env check=branch ./scripts/githooks/check-file-format.sh
         language: script
         pass_filenames: false
   - repo: local
diff --git a/scripts/githooks/check-file-format.sh b/scripts/githooks/check-file-format.sh
index 79e44d571..d7c94747d 100755
--- a/scripts/githooks/check-file-format.sh
+++ b/scripts/githooks/check-file-format.sh
@@ -66,11 +66,9 @@ function main() {
       ;;
   esac
 
-  if command -v editorconfig-checker > /dev/null 2>&1 && ! is-arg-true "${FORCE_USE_DOCKER:-false}"; then
-    echo "Running editorconfig-checker natively"
+  if command -v editorconfig > /dev/null 2>&1 && ! is-arg-true "${FORCE_USE_DOCKER:-false}"; then
     filter="$filter" dry_run_opt="${dry_run_opt:-}" run-editorconfig-natively
   else
-    echo "Running editorconfig-checker in Docker"
     filter="$filter" dry_run_opt="${dry_run_opt:-}" run-editorconfig-in-docker
   fi
 }
@@ -82,7 +80,7 @@ function main() {
 function run-editorconfig-natively() {
 
   # shellcheck disable=SC2046,SC2086
-  editorconfig-checker \
+  editorconfig \
     --exclude '.git/' $dry_run_opt $($filter)
 }
 
diff --git a/scripts/githooks/check-markdown-format.sh b/scripts/githooks/check-markdown-format.sh
index 2c8f3ea7c..c39a080d4 100755
--- a/scripts/githooks/check-markdown-format.sh
+++ b/scripts/githooks/check-markdown-format.sh
@@ -52,7 +52,7 @@ function main() {
   esac
 
   if [ -n "$files" ]; then
-    if command -v markdownlint-cli > /dev/null 2>&1 && ! is-arg-true "${FORCE_USE_DOCKER:-false}"; then
+    if command -v markdownlint > /dev/null 2>&1 && ! is-arg-true "${FORCE_USE_DOCKER:-false}"; then
       files="$files" run-markdownlint-natively
     else
       files="$files" run-markdownlint-in-docker
@@ -60,13 +60,13 @@ function main() {
   fi
 }
 
-# Run markdownlint-cli natively.
+# Run markdownlint natively.
 # Arguments (provided as environment variables):
 #   files=[files to check]
 function run-markdownlint-natively() {
 
   # shellcheck disable=SC2086
-  markdownlint-cli \
+  markdownlint \
     $files \
     --config "$PWD/scripts/config/markdownlint.yaml"
 }
diff --git a/scripts/githooks/check-todos.sh b/scripts/githooks/check-todos.sh
index 49a3663be..83b7a80e8 100755
--- a/scripts/githooks/check-todos.sh
+++ b/scripts/githooks/check-todos.sh
@@ -33,7 +33,6 @@ EXCLUDED_FILES=(
   "Makefile"
   "project.code-workspace"
   "src/jekyll-devcontainer/src/.devcontainer/devcontainer.json"
-  ".eslintrc.json"
 )
 
 EXCLUDED_DIRS=(