Skip to content

[NRL-1922] Fix up some Sonarqube issues #1154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mattdean3-nhs merged 18 commits into from
Mar 3, 2026
Merged

[NRL-1922] Fix up some Sonarqube issues #1154

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
ef6f696
[NRL-1922] Fix up Sonarqube issues in workflows
mattdean3-nhs Feb 26, 2026
17c205f
[NRL-1922] Fix typo in regex for dynamo model validation of type
mattdean3-nhs Feb 26, 2026
d4abafc
[NRL-1922] Use [[ instead of [ in bash condition
mattdean3-nhs Feb 26, 2026
0afaf30
[NRL-1922] Include only python files in coverage scans. Exclude glue …
mattdean3-nhs Feb 27, 2026
4db6a84
[NRL-1922] Add NOSONAR for use of shuffle
mattdean3-nhs Feb 27, 2026
a167ca6
[NRL-1922] Restore scripts to coverage exclusions
mattdean3-nhs Feb 27, 2026
b61a1dc
[NRL-1922] Add missing unit test for failing type validation on dynam…
mattdean3-nhs Feb 27, 2026
85f441e
[NRL-1922] Resolve put_object missing bucket owner error
mattdean3-nhs Feb 27, 2026
0e5395e
[NRL-1922] Use [[ instead of [ for conditions in shell scripts
mattdean3-nhs Feb 27, 2026
3ba141f
[NRL-1922] Fix missing returns for shell functions
mattdean3-nhs Feb 27, 2026
3e5d0e7
[NRL-1922] Rename functions to be pythonic in commit-msg hook script
mattdean3-nhs Feb 27, 2026
8276482
[NRL-1922] Switch to use numpy rng generator for poisson distributions
mattdean3-nhs Feb 27, 2026
3d14fa7
[NRL-1922] Remove duplicate backslash in id validator regex
mattdean3-nhs Feb 27, 2026
95cd496
[NRL-1922] Use python language features where possible
mattdean3-nhs Feb 27, 2026
524d91a
[NRL-1922] Remove all legacy changelog content to resolve Sonarqube i…
mattdean3-nhs Feb 27, 2026
004d9a9
[NRL-1922] Resolve all remaining low sev Sonar warnings
mattdean3-nhs Feb 27, 2026
f198826
[NRL-1922] Remove all TODOs to resolve info level Sonarqube notices
mattdean3-nhs Feb 27, 2026
eb96865
[NRL-1922] Use env for AWS_REGION in scripts. Fix other Sonar warnings
mattdean3-nhs Feb 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions .github/workflows/activate-stack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,16 +15,15 @@ on:
required: true
type: string

permissions:
id-token: write
contents: read
actions: write

jobs:
activate-stack:
name: Activate ${{ inputs.stack_name }} for ${{ inputs.environment }}
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
contents: read
id-token: write
actions: write

steps:
- name: Git clone - ${{ github.ref }}
Expand Down
13 changes: 8 additions & 5 deletions .github/workflows/deploy-account-wide-infra.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,6 @@ on:
description: Branch to deploy
required: true

permissions:
id-token: write
contents: read
actions: write

jobs:
check-selected-environment:
name: Check Workflow Env
Expand All @@ -39,6 +34,10 @@ jobs:
environment: ${{ inputs.environment }}
needs: [check-selected-environment]
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
contents: read
id-token: write
actions: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down Expand Up @@ -116,6 +115,10 @@ jobs:
needs: [terraform-plan]
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
contents: read
id-token: write
actions: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down
27 changes: 22 additions & 5 deletions .github/workflows/persistent-environment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,14 @@ on:
description: Branch to deploy
required: true

permissions:
id-token: write
contents: read
actions: write

jobs:
build:
name: Build - ${{ inputs.branch_name }}
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
id-token: write
contents: read
actions: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down Expand Up @@ -78,6 +77,10 @@ jobs:
needs: [build]
environment: ${{ inputs.environment }}
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
contents: read
id-token: write
actions: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down Expand Up @@ -151,6 +154,10 @@ jobs:
needs: [terraform-plan]
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
contents: read
id-token: write
actions: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down Expand Up @@ -227,6 +234,10 @@ jobs:
needs: [terraform-apply]
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
contents: read
id-token: write
actions: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down Expand Up @@ -258,6 +269,9 @@ jobs:
needs: [activate-stack]
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
contents: read
id-token: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down Expand Up @@ -289,6 +303,9 @@ jobs:
if: always() && ( needs.post-release-verify.result == 'failure' )
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
contents: read
id-token: write

steps:
- name: Git clone - ${{ inputs.branch_name }}
Expand Down
31 changes: 24 additions & 7 deletions .github/workflows/pr-env-deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,6 @@ concurrency:
group: environment-${{ github.event.pull_request.number }}
cancel-in-progress: false

permissions:
id-token: write
contents: read
actions: write
issues: write
pull-requests: write

jobs:
set-environment-id:
name: Set Environment ID
Expand Down Expand Up @@ -48,6 +41,13 @@ jobs:
name: Build Application
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: pull-request
permissions:
id-token: write
contents: read
actions: write
issues: write
pull-requests: write

steps:
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
uses: actions/checkout@v4
Expand Down Expand Up @@ -110,6 +110,12 @@ jobs:
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: pull-request
needs: [set-environment-id, build]
permissions:
id-token: write
contents: read
actions: write
issues: write
pull-requests: write

steps:
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
Expand Down Expand Up @@ -194,6 +200,9 @@ jobs:
needs: [set-environment-id, deploy]
environment: pull-request
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
id-token: write
contents: read

steps:
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
Expand Down Expand Up @@ -232,6 +241,10 @@ jobs:
needs: [set-environment-id, integration-test]
environment: pull-request
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
id-token: write
contents: read

steps:
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
uses: actions/checkout@v4
Expand Down Expand Up @@ -266,6 +279,10 @@ jobs:
needs: [set-environment-id, integration-test]
environment: pull-request
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
id-token: write
contents: read
actions: write

steps:
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
Expand Down
12 changes: 5 additions & 7 deletions .github/workflows/pr-env-destroy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,6 @@ concurrency:
group: environment-${{ github.event.pull_request.number }}
cancel-in-progress: true

permissions:
id-token: write
contents: read
actions: write
issues: write
pull-requests: write

jobs:
set-environment-id:
name: Set Environment ID
Expand Down Expand Up @@ -50,6 +43,11 @@ jobs:
needs: [set-environment-id]
environment: pull-request
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
id-token: write
contents: read
issues: write
pull-requests: write

steps:
- name: Git Clone - ${{ github.event.pull_request.head.ref }}
Expand Down
11 changes: 4 additions & 7 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,25 +1,22 @@
name: Release Published
run-name: Release NRL ${{ github.event.release.name }}
permissions:
id-token: write
contents: write
actions: write

env:
SYFT_VERSION: "1.27.1"

on:
release:
types: [published]
# push:
# tags:
# - v*
workflow_dispatch:

jobs:
sbom:
name: Generate Software Bill of Materials - ${{ github.event.release.name }}
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
id-token: write
contents: write
actions: write

steps:
- name: Git clone - ${{ github.ref }}
Expand Down
9 changes: 4 additions & 5 deletions .github/workflows/rollback-stack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,16 +10,15 @@ on:
default: "dev"
type: environment

permissions:
id-token: write
contents: read
actions: write

jobs:
rollback-stack:
name: Rollback to inactive stack for ${{ inputs.environment }}
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
id-token: write
contents: read
actions: write

steps:
- name: Git clone - ${{ github.ref }}
Expand Down
27 changes: 19 additions & 8 deletions .github/workflows/update-lambda-permissions.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,13 @@ on:
type: boolean
default: true

permissions:
id-token: write
contents: read
actions: write

jobs:
check-versions:
name: Check versions
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
id-token: write
contents: read

steps:
- name: Git clone - ${{ github.ref }}
Expand Down Expand Up @@ -80,6 +78,10 @@ jobs:
name: Build permissions
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}
permissions:
id-token: write
contents: read
actions: write

needs: [check-versions]

Expand Down Expand Up @@ -119,8 +121,11 @@ jobs:
name: Pull deployed lambdas
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}

needs: [check-versions]
permissions:
id-token: write
contents: read
actions: write

steps:
- name: Git clone - ${{ github.ref }}
Expand Down Expand Up @@ -161,8 +166,11 @@ jobs:
name: Plan changes
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}

needs: [build-permissions, pull-deployed-lambdas]
permissions:
id-token: write
contents: read
actions: write

steps:
- name: Git clone - ${{ github.ref }}
Expand Down Expand Up @@ -227,8 +235,11 @@ jobs:
name: Apply permissions
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: ${{ inputs.environment }}

needs: terraform-plan
permissions:
id-token: write
contents: read
actions: read

steps:
- name: Git clone - ${{ github.ref }}
Expand Down
27 changes: 1 addition & 26 deletions .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ repos:
- flake8-print
args:
- "--select=T201,F401,F402,F403"
- "--exclude=.git,__pycache__,dist,.venv,scripts/*,packages/feature_documentation/*,layer/psycopg2/*,changelog/scripts/changelog.py"
- "--exclude=.git,__pycache__,dist,.venv,scripts/*"

- repo: https://github.com/psf/black
rev: 24.3.0
Expand Down Expand Up @@ -70,28 +70,3 @@ repos:
args:
- --args=-write=true
- --args=-recursive

# - repo: local
# hooks:
# - id: forbid_json_loads
# name: Don't use json.loads - use json_loads instead
# entry: json\.loads
# language: pygrep
# types: [python]
# exclude: layer/nrlf/nrlf/core/validators.py|layer/psycopg2/.*|mi/.*

# - repo: local
# hooks:
# - id: forbid_json_load
# name: Don't use json.load - use json_load instead
# entry: json\.load
# language: pygrep
# types: [python]
# exclude: layer/nrlf/nrlf/core/validators.py|layer/psycopg2/.*|mi/.*

- repo: local
hooks:
- id: create_changelog
name: Create changelog from changelog files
entry: changelog/scripts/changelog-pre-commit.sh
language: python
Loading