From 83dc92de706a1d1eac5cf9da823d8394fae62c24 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Mon, 30 Mar 2026 16:48:34 +0000 Subject: [PATCH 1/2] sync copilot --- .github/workflows/sync_copilot.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/sync_copilot.yml diff --git a/.github/workflows/sync_copilot.yml b/.github/workflows/sync_copilot.yml new file mode 100644 index 00000000..72b62eb1 --- /dev/null +++ b/.github/workflows/sync_copilot.yml @@ -0,0 +1,22 @@ +name: Sync Copilot Instructions + +on: + workflow_dispatch: + schedule: + - cron: '0 6 * * 1' + +jobs: + sync-copilot-instructions: + runs-on: ubuntu-22.04 + environment: create_pull_request + permissions: + contents: read + + steps: + - name: Sync shared instructions + uses: NHSDigital/eps-copilot-instructions@a7849a16aabd5c1edef13e29467a480fa08555f8 + with: + copilot_instructions_ref: main + calling_repo_base_branch: main + CREATE_PULL_REQUEST_APP_ID: ${{ secrets.CREATE_PULL_REQUEST_APP_ID }} + CREATE_PULL_REQUEST_PEM: ${{ secrets.CREATE_PULL_REQUEST_PEM }} From 93e0d0b1f503ab39cfddf96bf5376b209c40ec45 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 1 Apr 2026 13:14:43 +0000 Subject: [PATCH 2/2] fix --- .devcontainer/devcontainer.json | 1 - .github/dependabot.yml | 8 +++---- .../update_dev_container_version.yml | 24 +++++++++++-------- .pre-commit-config.yaml | 20 ++++++++++++++++ 4 files changed, 38 insertions(+), 15 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 4e132f5e..ee1bd5b3 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -64,6 +64,5 @@ "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" }, - "postAttachCommand": "git-secrets --register-aws; git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt", "features": {} } diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9934ed07..74e8c9ef 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -24,7 +24,7 @@ updates: commit-message: prefix: "Upgrade: [dependabot] - " cooldown: - default-days: 3 + default-days: 7 - package-ecosystem: "github-actions" # Workflow files stored in the # default location of `.github/workflows` @@ -37,7 +37,7 @@ updates: commit-message: prefix: "Upgrade: [dependabot] - " cooldown: - default-days: 3 + default-days: 7 ################################### # NPM workspace ################## ################################### @@ -54,7 +54,7 @@ updates: registries: - npm-github cooldown: - default-days: 3 + default-days: 7 ################################### # Java workspace ################## ################################### @@ -69,5 +69,5 @@ updates: commit-message: prefix: "Upgrade: [dependabot] - " cooldown: - default-days: 3 + default-days: 7 diff --git a/.github/workflows/update_dev_container_version.yml b/.github/workflows/update_dev_container_version.yml index b6cdd8f2..ef79d062 100644 --- a/.github/workflows/update_dev_container_version.yml +++ b/.github/workflows/update_dev_container_version.yml @@ -1,19 +1,23 @@ -name: Update Devcontainer Version +name: Update devcontainer version on: workflow_dispatch: schedule: - - cron: "0 18 * * 4" + - cron: '0 6 * * 4' +permissions: {} jobs: - update_devcontainer_version: - uses: NHSDigital/eps-common-workflows/.github/workflows/update-dev-container-version.yml@23342d86a245c076937abd6aecdd0ce06446b1e6 + update-devcontainer-version: + runs-on: ubuntu-22.04 + environment: create_pull_request permissions: contents: read packages: read - pull-requests: write - with: - base_branch: main - secrets: - CREATE_PULL_REQUEST_APP_ID: ${{ secrets.CREATE_PULL_REQUEST_APP_ID }} - CREATE_PULL_REQUEST_PEM: ${{ secrets.CREATE_PULL_REQUEST_PEM }} + + steps: + - name: Update devcontainer version + uses: NHSDigital/eps-update-devcontainer@dc3a8c5f11e7226ee4f5f2bb35bd0d1265092306 + with: + calling_repo_base_branch: main + CREATE_PULL_REQUEST_APP_ID: ${{ secrets.CREATE_PULL_REQUEST_APP_ID }} + CREATE_PULL_REQUEST_PEM: ${{ secrets.CREATE_PULL_REQUEST_PEM }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c1d11d3f..efd98aa0 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -23,6 +23,26 @@ repos: - repo: local hooks: + - id: check-commit-signing + name: Check commit signing + description: Ensures that commits are GPG signed + entry: bash + args: + - -c + - | + if ! git config --get commit.gpgsign | grep -q "true" > /dev/null 2>&1; then + echo "Error: Commit signing is not enabled." + echo "Please enable commit signing with:" + echo " git config commit.gpgsign true" + echo "" + echo "For more information, see: https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits" + exit 1 + fi + echo "Commit signing is properly configured." + language: system + pass_filenames: false + always_run: true + - id: git-secrets name: Git Secrets description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.