Skip to content

[NRL-1922] Fix up some Sonarqube issues #1154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mattdean3-nhs wants to merge 18 commits into
base: develop
Choose a base branch
from
Open

[NRL-1922] Fix up some Sonarqube issues #1154

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
98af011
[NRL-1922] Fix up Sonarqube issues in workflows
mattdean3-nhs Feb 26, 2026
0e3a85f
[NRL-1922] Fix typo in regex for dynamo model validation of type
mattdean3-nhs Feb 26, 2026
be61f3f
[NRL-1922] Use [[ instead of [ in bash condition
mattdean3-nhs Feb 26, 2026
0fb2969
[NRL-1922] Include only python files in coverage scans. Exclude glue …
mattdean3-nhs Feb 27, 2026
bb6d611
[NRL-1922] Add NOSONAR for use of shuffle
mattdean3-nhs Feb 27, 2026
868c968
[NRL-1922] Restore scripts to coverage exclusions
mattdean3-nhs Feb 27, 2026
cd11fea
[NRL-1922] Add missing unit test for failing type validation on dynam…
mattdean3-nhs Feb 27, 2026
0d358b0
[NRL-1922] Resolve put_object missing bucket owner error
mattdean3-nhs Feb 27, 2026
ed23be8
[NRL-1922] Use [[ instead of [ for conditions in shell scripts
mattdean3-nhs Feb 27, 2026
789e7c6
[NRL-1922] Fix missing returns for shell functions
mattdean3-nhs Feb 27, 2026
82f5a48
[NRL-1922] Rename functions to be pythonic in commit-msg hook script
mattdean3-nhs Feb 27, 2026
757098b
[NRL-1922] Switch to use numpy rng generator for poisson distributions
mattdean3-nhs Feb 27, 2026
314d3af
[NRL-1922] Remove duplicate backslash in id validator regex
mattdean3-nhs Feb 27, 2026
5842fde
[NRL-1922] Use python language features where possible
mattdean3-nhs Feb 27, 2026
ab1474e
[NRL-1922] Remove all legacy changelog content to resolve Sonarqube i…
mattdean3-nhs Feb 27, 2026
072224d
[NRL-1922] Resolve all remaining low sev Sonar warnings
mattdean3-nhs Feb 27, 2026
146523a
[NRL-1922] Remove all TODOs to resolve info level Sonarqube notices
mattdean3-nhs Feb 27, 2026
7649657
[NRL-1922] Use env for AWS_REGION in scripts. Fix other Sonar warnings
mattdean3-nhs Feb 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions .github/workflows/activate-stack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,16 +15,15 @@ on:
required: true
type: string

permissions:
id-token: write
contents: read
actions: write

jobs:
activate-stack:
name: Activate ${{ inputs.stack_name }} for ${{ inputs.environment }}
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
contents: read
id-token: write
actions: write

steps:
- name: Git clone - ${{ github.ref }}
Expand Down
13 changes: 8 additions & 5 deletions .github/workflows/deploy-account-wide-infra.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,6 @@ on:
description: Branch to deploy
required: true

permissions:
id-token: write
contents: read
actions: write

jobs:
check-selected-environment:
name: Check Workflow Env
Expand All @@ -39,6 +34,10 @@ jobs:
environment: ${{ inputs.environment }}
needs: [check-selected-environment]
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
contents: read
id-token: write
actions: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down Expand Up @@ -97,6 +96,10 @@ jobs:
needs: [terraform-plan]
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
contents: read
id-token: write
actions: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down
27 changes: 22 additions & 5 deletions .github/workflows/persistent-environment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,14 @@ on:
description: Branch to deploy
required: true

permissions:
id-token: write
contents: read
actions: write

jobs:
build:
name: Build - ${{ inputs.branch_name }}
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
id-token: write
contents: read
actions: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down Expand Up @@ -78,6 +77,10 @@ jobs:
needs: [build]
environment: ${{ inputs.environment }}
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
contents: read
id-token: write
actions: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down Expand Up @@ -151,6 +154,10 @@ jobs:
needs: [terraform-plan]
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
contents: read
id-token: write
actions: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down Expand Up @@ -227,6 +234,10 @@ jobs:
needs: [terraform-apply]
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
contents: read
id-token: write
actions: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down Expand Up @@ -258,6 +269,9 @@ jobs:
needs: [activate-stack]
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
contents: read
id-token: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down Expand Up @@ -289,6 +303,9 @@ jobs:
if: always() && ( needs.post-release-verify.result == 'failure' )
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
contents: read
id-token: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down
31 changes: 24 additions & 7 deletions .github/workflows/pr-env-deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,6 @@ concurrency:
group: environment-${{ github.event.pull_request.number }}
cancel-in-progress: false

permissions:
id-token: write
contents: read
actions: write
issues: write
pull-requests: write

jobs:
set-environment-id:
name: Set Environment ID
Expand Down Expand Up @@ -48,6 +41,13 @@ jobs:
name: Build Application
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: pull-request
permissions:
id-token: write
contents: read
actions: write
issues: write
pull-requests: write

steps:
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
uses: actions/checkout@v4
Expand Down Expand Up @@ -110,6 +110,12 @@ jobs:
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: pull-request
needs: [set-environment-id, build]
permissions:
id-token: write
contents: read
actions: write
issues: write
pull-requests: write

steps:
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
Expand Down Expand Up @@ -194,6 +200,9 @@ jobs:
needs: [set-environment-id, deploy]
environment: pull-request
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
id-token: write
contents: read

steps:
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
Expand Down Expand Up @@ -232,6 +241,10 @@ jobs:
needs: [set-environment-id, integration-test]
environment: pull-request
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
id-token: write
contents: read

steps:
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
uses: actions/checkout@v4
Expand Down Expand Up @@ -266,6 +279,10 @@ jobs:
needs: [set-environment-id, integration-test]
environment: pull-request
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
id-token: write
contents: read
actions: write

steps:
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
Expand Down
12 changes: 5 additions & 7 deletions .github/workflows/pr-env-destroy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,6 @@ concurrency:
group: environment-${{ github.event.pull_request.number }}
cancel-in-progress: true

permissions:
id-token: write
contents: read
actions: write
issues: write
pull-requests: write

jobs:
set-environment-id:
name: Set Environment ID
Expand Down Expand Up @@ -50,6 +43,11 @@ jobs:
needs: [set-environment-id]
environment: pull-request
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
id-token: write
contents: read
issues: write
pull-requests: write

steps:
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
Expand Down
11 changes: 4 additions & 7 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,25 +1,22 @@
name: Release Published
run-name: Release NRL ${{ github.event.release.name }}
permissions:
id-token: write
contents: write
actions: write

env:
SYFT_VERSION: "1.27.1"

on:
release:
types: [published]
# push:
# tags:
# - v*
workflow_dispatch:

jobs:
sbom:
name: Generate Software Bill of Materials - ${{ github.event.release.name }}
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
id-token: write
contents: write
actions: write

steps:
- name: Git clone - ${{ github.ref }}
Expand Down
9 changes: 4 additions & 5 deletions .github/workflows/rollback-stack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,16 +10,15 @@ on:
default: "dev"
type: environment

permissions:
id-token: write
contents: read
actions: write

jobs:
rollback-stack:
name: Rollback to inactive stack for ${{ inputs.environment }}
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
id-token: write
contents: read
actions: write

steps:
- name: Git clone - ${{ github.ref }}
Expand Down
27 changes: 19 additions & 8 deletions .github/workflows/update-lambda-permissions.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,13 @@ on:
type: boolean
default: true

permissions:
id-token: write
contents: read
actions: write

jobs:
check-versions:
name: Check versions
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
id-token: write
contents: read

steps:
- name: Git clone - ${{ github.ref }}
Expand Down Expand Up @@ -80,6 +78,10 @@ jobs:
name: Build permissions
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
id-token: write
contents: read
actions: write

needs: [check-versions]

Expand Down Expand Up @@ -119,8 +121,11 @@ jobs:
name: Pull deployed lambdas
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}

needs: [check-versions]
permissions:
id-token: write
contents: read
actions: write

steps:
- name: Git clone - ${{ github.ref }}
Expand Down Expand Up @@ -161,8 +166,11 @@ jobs:
name: Plan changes
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}

needs: [build-permissions, pull-deployed-lambdas]
permissions:
id-token: write
contents: read
actions: write

steps:
- name: Git clone - ${{ github.ref }}
Expand Down Expand Up @@ -227,8 +235,11 @@ jobs:
name: Apply permissions
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}

needs: terraform-plan
permissions:
id-token: write
contents: read
actions: read

steps:
- name: Git clone - ${{ github.ref }}
Expand Down
27 changes: 1 addition & 26 deletions .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ repos:
- flake8-print
args:
- "--select=T201,F401,F402,F403"
- "--exclude=.git,__pycache__,dist,.venv,scripts/*,packages/feature_documentation/*,layer/psycopg2/*,changelog/scripts/changelog.py"
- "--exclude=.git,__pycache__,dist,.venv,scripts/*"

- repo: https://github.com/psf/black
rev: 24.3.0
Expand Down Expand Up @@ -70,28 +70,3 @@ repos:
args:
- --args=-write=true
- --args=-recursive

# - repo: local
# hooks:
# - id: forbid_json_loads
# name: Don't use json.loads - use json_loads instead
# entry: json\.loads
# language: pygrep
# types: [python]
# exclude: layer/nrlf/nrlf/core/validators.py|layer/psycopg2/.*|mi/.*

# - repo: local
# hooks:
# - id: forbid_json_load
# name: Don't use json.load - use json_load instead
# entry: json\.load
# language: pygrep
# types: [python]
# exclude: layer/nrlf/nrlf/core/validators.py|layer/psycopg2/.*|mi/.*

- repo: local
hooks:
- id: create_changelog
name: Create changelog from changelog files
entry: changelog/scripts/changelog-pre-commit.sh
language: python
Loading