From 37506f451c135a7654174f9c604f44d3e809703f Mon Sep 17 00:00:00 2001 From: samfallowfield <73955537+samfallowfield@users.noreply.github.com> Date: Fri, 30 Jan 2026 11:25:31 +0000 Subject: [PATCH 1/6] [PRM-678] - remove public acl from gatsby-config --- dashboard/gatsby-config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboard/gatsby-config.js b/dashboard/gatsby-config.js index 007466cc..7fc4d223 100644 --- a/dashboard/gatsby-config.js +++ b/dashboard/gatsby-config.js @@ -6,7 +6,7 @@ module.exports = { bucketName: `${process.env.DEPLOYMENT_BUCKET}`, region: "eu-west-2", parallelLimit: 1000, - acl: "public-read", + acl: null, }, }, { From 72e7bf7e1f78441067a1c6cb3bc5c05ecc4ce148 Mon Sep 17 00:00:00 2001 From: oliverbeumkes-nhs Date: Fri, 30 Jan 2026 11:53:41 +0000 Subject: [PATCH 2/6] Removed git_ref from inputs for infrastructure workflow as already has v3 tag --- .github/workflows/dashboard-build-and-deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/dashboard-build-and-deploy.yml b/.github/workflows/dashboard-build-and-deploy.yml index 679ccc18..68130896 100644 --- a/.github/workflows/dashboard-build-and-deploy.yml +++ b/.github/workflows/dashboard-build-and-deploy.yml @@ -97,7 +97,6 @@ jobs: image_tag: gp2gp-dashboard hyphenated_alias: gp2gp-dashboard build_lambda: true - git_ref: ${{ github.ref }} secrets: inherit redeploy_gp2gp_infrastructure_step_functions: From 62680b9cbd8cd6b3c72daf84807484c9d73f73a2 Mon Sep 17 00:00:00 2001 From: oliverbeumkes-nhs Date: Fri, 30 Jan 2026 11:55:57 +0000 Subject: [PATCH 3/6] Removed git_ref from inputs for infrastructure workflow as already has v3 tag for step function redeploy --- .github/workflows/dashboard-build-and-deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/dashboard-build-and-deploy.yml b/.github/workflows/dashboard-build-and-deploy.yml index 68130896..d51919b7 100644 --- a/.github/workflows/dashboard-build-and-deploy.yml +++ b/.github/workflows/dashboard-build-and-deploy.yml @@ -108,5 +108,4 @@ jobs: is_deployment: ${{ github.ref == 'refs/heads/main' }} terraform_stack: step_function hyphenated_alias: step-function - git_ref: ${{ github.ref }} secrets: inherit \ No newline at end of file From aee37da2d4a9e057c790edd20c3ef3ad2450ff67 Mon Sep 17 00:00:00 2001 From: oliverbeumkes-nhs Date: Fri, 30 Jan 2026 15:14:23 +0000 Subject: [PATCH 4/6] updated is_deployment to true if deploying from a tag --- .github/workflows/dashboard-build-and-deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dashboard-build-and-deploy.yml b/.github/workflows/dashboard-build-and-deploy.yml index d51919b7..fe100f17 100644 --- a/.github/workflows/dashboard-build-and-deploy.yml +++ b/.github/workflows/dashboard-build-and-deploy.yml @@ -92,7 +92,7 @@ jobs: uses: NHSDigital/gp2gp-reporting-infrastructure/.github/workflows/deploy-stack.yml@v3 with: environment: ${{ inputs.environment }} - is_deployment: ${{ github.ref == 'refs/heads/main' }} + is_deployment: ${{ github.ref == 'refs/heads/main' || startswith('refs/tags/', github.ref) }} terraform_stack: gp2gp_dashboard image_tag: gp2gp-dashboard hyphenated_alias: gp2gp-dashboard @@ -105,7 +105,7 @@ jobs: uses: NHSDigital/gp2gp-reporting-infrastructure/.github/workflows/deploy-stack.yml@v3 with: environment: ${{ inputs.environment }} - is_deployment: ${{ github.ref == 'refs/heads/main' }} + is_deployment: ${{ github.ref == 'refs/heads/main' || startswith('refs/tags/', github.ref) }} terraform_stack: step_function hyphenated_alias: step-function secrets: inherit \ No newline at end of file From 4e3ab3306e837e94cf6e4fe40613da3b7190829e Mon Sep 17 00:00:00 2001 From: oliverbeumkes-nhs Date: Fri, 30 Jan 2026 15:29:37 +0000 Subject: [PATCH 5/6] Flipped the startswith around --- .github/workflows/dashboard-build-and-deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dashboard-build-and-deploy.yml b/.github/workflows/dashboard-build-and-deploy.yml index fe100f17..d4078cc4 100644 --- a/.github/workflows/dashboard-build-and-deploy.yml +++ b/.github/workflows/dashboard-build-and-deploy.yml @@ -92,7 +92,7 @@ jobs: uses: NHSDigital/gp2gp-reporting-infrastructure/.github/workflows/deploy-stack.yml@v3 with: environment: ${{ inputs.environment }} - is_deployment: ${{ github.ref == 'refs/heads/main' || startswith('refs/tags/', github.ref) }} + is_deployment: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }} terraform_stack: gp2gp_dashboard image_tag: gp2gp-dashboard hyphenated_alias: gp2gp-dashboard @@ -105,7 +105,7 @@ jobs: uses: NHSDigital/gp2gp-reporting-infrastructure/.github/workflows/deploy-stack.yml@v3 with: environment: ${{ inputs.environment }} - is_deployment: ${{ github.ref == 'refs/heads/main' || startswith('refs/tags/', github.ref) }} + is_deployment: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }} terraform_stack: step_function hyphenated_alias: step-function secrets: inherit \ No newline at end of file From 0625cee2b6df861388aacd44fda05f7ae3681c6d Mon Sep 17 00:00:00 2001 From: chrisbloe Date: Fri, 30 Jan 2026 16:42:44 +0000 Subject: [PATCH 6/6] Let's try "bucket-owner-full-control" instead --- dashboard/gatsby-config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboard/gatsby-config.js b/dashboard/gatsby-config.js index 7fc4d223..71f70e5d 100644 --- a/dashboard/gatsby-config.js +++ b/dashboard/gatsby-config.js @@ -6,7 +6,7 @@ module.exports = { bucketName: `${process.env.DEPLOYMENT_BUCKET}`, region: "eu-west-2", parallelLimit: 1000, - acl: null, + acl: "bucket-owner-full-control", }, }, {