[Template Sync] Drift from template-repository remediation

.github/scripts/dispatch_internal_repo_workflow.sh

@@ -20,7 +20,7 @@
 # All arguments are required except terraformAction, and internalRef.
 # Example:
 #   ./dispatch_internal_repo_workflow.sh \
-#     --infraRepoName "nhs-notify-web-template-management" \
+#     --infraRepoName "nhs-notify-dns" \
 #     --releaseVersion "v1.2.3" \
 #     --targetWorkflow "deploy.yaml" \
 #     --targetEnvironment "prod" \
@@ -86,7 +86,7 @@ while [[ $# -gt 0 ]]; do
       ;;
   esac
 done
-# Validate required parameters
+
 if [[ -z "$APP_PEM_FILE" ]]; then
   echo "[ERROR] PEM_FILE environment variable is not set or is empty."
   exit 1
@@ -140,7 +140,6 @@ PR_TRIGGER_PAT=$(curl --request POST \
   -H "Authorization: Bearer ${JWT}" \
   -H "X-GitHub-Api-Version: 2022-11-28" | jq -r '.token')
 
-
 # Set default values if not provided
 if [[ -z "$PR_TRIGGER_PAT" ]]; then
   echo "[ERROR] PR_TRIGGER_PAT environment variable is not set or is empty."

.github/workflows/scheduled-repository-template-sync.yaml

@@ -16,10 +16,10 @@ jobs:
 
     steps:
     - name: Check out the repository
-      uses: actions/checkout@v5.0.0
+      uses: actions/checkout@v4
 
     - name: Check out external repository
-      uses: actions/checkout@v5.0.0
+      uses: actions/checkout@v4
       with:
         repository: NHSDigital/nhs-notify-repository-template
         path: nhs-notify-repository-template

.github/workflows/scorecard.yml

@@ -32,12 +32,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -68,6 +68,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
+        uses: github/codeql-action/upload-sarif@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19
         with:
           sarif_file: results.sarif

infrastructure/terraform/bin/terraform.sh

@@ -599,6 +599,7 @@ readonly backend_config="terraform {
     region         = \"${region}\"
     bucket         = \"${bucket}\"
     key            = \"${backend_key}\"
+    dynamodb_table = \"${bucket}\"
     use_lockfile   = true
   }
 }";

scripts/config/pre-commit.yaml

@@ -3,11 +3,6 @@ repos:
     rev: v5.0.0 # Use the ref you want to point at
     hooks:
       - id: trailing-whitespace
-        exclude: |
-          (?x)^(
-            frontend/src/__tests__/.*\.tsx\.snap |
-            frontend/src/__tests__/utils/markdownit/fixtures/index\.ts
-          )$
       - id: detect-aws-credentials
         args: [--allow-missing-credentials]
       - id: check-added-large-files
@@ -17,11 +12,6 @@ repos:
       - id: forbid-new-submodules
       - id: mixed-line-ending
       - id: pretty-format-json
-        exclude: |
-          (?x)^(
-            .*/?package-lock.json |
-            packages/event-schemas/schemas/[^/]+/[^/]+\.json
-          )$
         args: ['--autofix']
     # -   id: ...
   - repo: local
@@ -42,7 +32,7 @@ repos:
     hooks:
       - id: check-file-format
         name: Check file format
-        entry: /usr/bin/env check=branch exclude=frontend/src/__tests__/utils/markdownit/fixtures/index.ts ./scripts/githooks/check-file-format.sh
+        entry: /usr/bin/env check=branch ./scripts/githooks/check-file-format.sh
         language: script
         pass_filenames: false
   - repo: local

scripts/githooks/check-file-format.sh

@@ -66,11 +66,9 @@ function main() {
       ;;
   esac
 
-  if command -v editorconfig-checker > /dev/null 2>&1 && ! is-arg-true "${FORCE_USE_DOCKER:-false}"; then
-    echo "Running editorconfig-checker natively"
+  if command -v editorconfig > /dev/null 2>&1 && ! is-arg-true "${FORCE_USE_DOCKER:-false}"; then
     filter="$filter" dry_run_opt="${dry_run_opt:-}" run-editorconfig-natively
   else
-    echo "Running editorconfig-checker in Docker"
     filter="$filter" dry_run_opt="${dry_run_opt:-}" run-editorconfig-in-docker
   fi
 }
@@ -82,7 +80,7 @@ function main() {
 function run-editorconfig-natively() {
 
   # shellcheck disable=SC2046,SC2086
-  editorconfig-checker \
+  editorconfig \
     --exclude '.git/' $dry_run_opt $($filter)
 }
 

scripts/githooks/check-markdown-format.sh

@@ -52,21 +52,21 @@ function main() {
   esac
 
   if [ -n "$files" ]; then
-    if command -v markdownlint-cli > /dev/null 2>&1 && ! is-arg-true "${FORCE_USE_DOCKER:-false}"; then
+    if command -v markdownlint > /dev/null 2>&1 && ! is-arg-true "${FORCE_USE_DOCKER:-false}"; then
       files="$files" run-markdownlint-natively
     else
       files="$files" run-markdownlint-in-docker
     fi
   fi
 }
 
-# Run markdownlint-cli natively.
+# Run markdownlint natively.
 # Arguments (provided as environment variables):
 #   files=[files to check]
 function run-markdownlint-natively() {
 
   # shellcheck disable=SC2086
-  markdownlint-cli \
+  markdownlint \
     $files \
     --config "$PWD/scripts/config/markdownlint.yaml"
 }

scripts/githooks/check-todos.sh

@@ -33,7 +33,6 @@ EXCLUDED_FILES=(
   "Makefile"
   "project.code-workspace"
   "src/jekyll-devcontainer/src/.devcontainer/devcontainer.json"
-  ".eslintrc.json"
 )
 
 EXCLUDED_DIRS=(