[PRM-516] Review workflows

.github/workflows/automated-sbom-repo-scan.yml

@@ -1,11 +1,11 @@
-name: 'Z-AUTOMATED: SBOM Repo Scan'
+name: "Z-AUTOMATED Tool: SBOM Repo Scan"
 
 on:
   pull_request:
     types: [opened, synchronize, reopened]
 
 permissions:
-  actions: read   # Required for anchore/sbom-action
+  actions: read # Required for anchore/sbom-action
   contents: write # Required for anchore/sbom-action
   id-token: write # Required for requesting the JWT
   pull-requests: write
@@ -17,7 +17,7 @@ jobs:
     steps:
       - uses: actions/checkout@v5
         with:
-          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
 
       - uses: anchore/sbom-action@v0
         with:
@@ -51,14 +51,14 @@ jobs:
               repo: context.repo.repo,
               issue_number: context.issue.number,
             })
-            
+
             const botComment = comments.find(comment => {
               return comment.user.type === 'Bot' && comment.body.includes('Code security issues found')
             })
 
             // 2. Prepare format of the comment
             const output = `### Code security issues found
-            
+
             View full details [here](https://github.com/${{ github.repository }}/security/code-scanning?query=is%3Aopen+pr%3A${{ github.event.pull_request.number }}).`;
 
             // 3. If we have a comment, update it, otherwise create a new one
@@ -70,7 +70,7 @@ jobs:
                 body: output
               })
             }
-            
+
             github.rest.issues.createComment({
               issue_number: context.issue.number,
               owner: context.repo.owner,
@@ -89,7 +89,7 @@ jobs:
               repo: context.repo.repo,
               issue_number: context.issue.number,
             })
-            
+
             const botComment = comments.find(comment => {
               return comment.user.type === 'Bot' && comment.body.includes('Code security issues found')
             })

.github/workflows/base-cypress-build.yml

@@ -1,13 +1,13 @@
 # .github/workflows/terraform-dev
-name: 'Z-BASE Cypress Build: Run a cypress build job'
+name: "Z-BASE Build: Cypress"
 
 on:
   workflow_call:
     inputs:
       build_branch:
-        description: 'Branch with smoke tests.'
+        description: "Branch with smoke tests."
         required: true
-        type: 'string'
+        type: "string"
 
 permissions:
   pull-requests: write
@@ -22,13 +22,13 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v5
         with:
-          repository: 'NHSDigital/national-document-repository'
+          repository: "NHSDigital/national-document-repository"
           ref: ${{ github.event.inputs.build_branch }}
 
       - name: Cypress install
         run: npm install --legacy-peer-deps
         working-directory: ./app
-      
+
       - name: Configure React environment vars
         env:
           ENDPOINT_DOC_STORE_API: http://localhost:3000
@@ -37,7 +37,7 @@ jobs:
           IDENTITY_PROVIDER_POOL_ID: not provided yet
           MONITOR_ACCOUNT_ID: not provided yet
           BUILD_ENV: development
-          IMAGE_VERSION: 'not-required'
+          IMAGE_VERSION: "not-required"
         run: |
           ./react-environment-config.sh
         working-directory: ./app

.github/workflows/base-cypress-smoketest.yml

@@ -1,5 +1,5 @@
 # .github/workflows/terraform-dev
-name: "Z-BASE Cypress Smoketest: Smoketest shared actions for running"
+name: "Z-BASE Test: UI Smoke Test"
 
 on:
   workflow_call:

.github/workflows/base-cypress-test-all-env.yml

@@ -1,4 +1,4 @@
-name: "Z-BASE Cypress Test: Run a cypress test job against all browsers"
+name: "Z-BASE Test: Cypress e2e browsers"
 
 on:
   workflow_call:
@@ -21,7 +21,7 @@ jobs:
   view_action_parameters:
     name: View input params
     runs-on: ubuntu-latest
-    steps: 
+    steps:
       - name: Display client passed variables
         run: |
           echo Build Branch: ${{ inputs.build_branch }}

.github/workflows/base-cypress-test.yml

@@ -1,21 +1,21 @@
 # .github/workflows/terraform-dev
-name: 'Z-BASE Cypress Test Base: Run a cypress test job against a specific browser'
+name: "Z-BASE Test: Cypress e2e browser"
 
 on:
   workflow_call:
     inputs:
       build_branch:
-        description: 'Branch with smoke tests.'
+        description: "Branch with smoke tests."
         required: true
-        type: 'string'
+        type: "string"
       cypress_base_url:
-        description: 'Base URL to run tests against'
+        description: "Base URL to run tests against"
         required: true
-        type: 'string'
+        type: "string"
       cypress_browser:
-        description: 'what browser to run against'
+        description: "what browser to run against"
         required: true
-        type: 'string'
+        type: "string"
 
 permissions:
   pull-requests: write
@@ -39,7 +39,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v5
         with:
-          repository: 'NHSDigital/national-document-repository'
+          repository: "NHSDigital/national-document-repository"
           ref: ${{ inputs.build_branch }}
 
       - name: Download the build folder
@@ -66,7 +66,7 @@ jobs:
           working-directory: ./app
         env:
           CYPRESS_BASE_URL: ${{ inputs.cypress_base_url }}
-          CYPRESS_grepTags: 'regression'
+          CYPRESS_grepTags: "regression"
 
       - uses: actions/upload-artifact@v4
         if: failure()

.github/workflows/base-data-collection.yml

@@ -1,4 +1,4 @@
-name: "Z-BASE Deploy Data Collection: Build data collection image"
+name: "Z-BASE Deploy: Data Collection"
 
 on:
   workflow_call:
@@ -32,9 +32,9 @@ jobs:
     steps:
       - uses: actions/checkout@v5
         with:
-          repository: 'NHSDigital/national-document-repository'
+          repository: "NHSDigital/national-document-repository"
           ref: ${{ inputs.build_branch }}
-          fetch-depth: '0'
+          fetch-depth: "0"
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4

.github/workflows/base-deploy-ui.yml

@@ -1,5 +1,5 @@
 # .github/workflows/terraform-dev
-name: "Z-BASE Deploy UI: Run a deploy job for the UI"
+name: "Z-BASE Deploy: UI"
 
 on:
   workflow_call:
@@ -21,7 +21,7 @@ on:
         required: true
 
 permissions:
-  actions: read   # Required for anchore/sbom-action
+  actions: read # Required for anchore/sbom-action
   contents: write # Required for anchore/sbom-action
   id-token: write # This is required for requesting the JWT
   pull-requests: write
@@ -37,9 +37,9 @@ jobs:
     steps:
       - uses: actions/checkout@v5
         with:
-          repository: 'NHSDigital/national-document-repository'
+          repository: "NHSDigital/national-document-repository"
           ref: ${{ inputs.build_branch }}
-          fetch-depth: '0'
+          fetch-depth: "0"
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -48,10 +48,10 @@ jobs:
           role-skip-session-tagging: true
           aws-region: ${{ vars.AWS_REGION }}
           mask-aws-account-id: true
-          
+
       - name: Get SSM parameters from SSM
         id: ssm-parameters
-        run: | 
+        run: |
           doc_store_api_endpoint=$(aws ssm get-parameter --name "/ndr/${{ inputs.sandbox }}/api_endpoint" --with-decryption --query "Parameter.Value" --output text)
           echo "::add-mask::$doc_store_api_endpoint"
           echo "ENDPOINT_DOC_STORE_API=$doc_store_api_endpoint" >> $GITHUB_ENV
@@ -65,7 +65,7 @@ jobs:
           cloudfront_domain_name=$(aws cloudfront list-distributions --query "DistributionList.Items[?starts_with(Origins.Items[0].DomainName, '${{ inputs.sandbox }}')].DomainName" --output text)
           echo "Cloudfront domain name found for environment: $cloudfront_domain_name"
           echo "CLOUDFRONT_DOMAIN_NAME=$cloudfront_domain_name" >> $GITHUB_ENV
-        
+
       - name: Login to Amazon ECR
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
@@ -86,16 +86,16 @@ jobs:
             --query "AppMonitorSummaries[?starts_with(Name, '${{ inputs.sandbox }}')].Id" \
             --output text)
           echo "::add-mask::$app_monitor_id"
-          echo "MONITOR_ACCOUNT_ID=$app_monitor_id" >> $GITHUB_OUTPUT  
+          echo "MONITOR_ACCOUNT_ID=$app_monitor_id" >> $GITHUB_OUTPUT
 
       - name: Configure React environment vars
         env:
           AWS_REGION: ${{ vars.AWS_REGION }}
           OIDC_PROVIDER_ID: not provided yet
-          IDENTITY_PROVIDER_POOL_ID: ${{ steps.cognito-identity-pool.outputs.IDENTITY_PROVIDER_POOL_ID }} 
-          MONITOR_ACCOUNT_ID: ${{ steps.rum-app-monitor.outputs.MONITOR_ACCOUNT_ID }} 
+          IDENTITY_PROVIDER_POOL_ID: ${{ steps.cognito-identity-pool.outputs.IDENTITY_PROVIDER_POOL_ID }}
+          MONITOR_ACCOUNT_ID: ${{ steps.rum-app-monitor.outputs.MONITOR_ACCOUNT_ID }}
           BUILD_ENV: ${{ inputs.environment }}
-          IMAGE_VERSION: 'ndr-${{ inputs.sandbox }}-app:${{ github.sha }}'
+          IMAGE_VERSION: "ndr-${{ inputs.sandbox }}-app:${{ github.sha }}"
         run: |
           ./react-environment-config.sh
 

.github/workflows/base-e2e-backendtest.yml

@@ -1,5 +1,5 @@
 # .github/workflows/terraform-dev
-name: "Z-BASE E2e Test: E2e shared actions for running tests on the NDR Backend"
+name: "Z-BASE: Test - Backend E2e Test"
 
 on:
   workflow_call:

.github/workflows/base-lambda-layer-reusable-publish-all.yml

@@ -1,4 +1,4 @@
-name: 'ZBASE Lambda Layers: Deploy all required Lambda layers'
+name: "Z-BASE Deploy: Lambda layers"
 
 on:
   workflow_call:
@@ -10,13 +10,13 @@ on:
         required: true
         type: string
       build_branch:
-        description: 'Feature branch to push to test?'
+        description: "Feature branch to push to test?"
         required: true
-        type: 'string'
+        type: "string"
       sandbox:
-        description: 'Which Sandbox to push to'
+        description: "Which Sandbox to push to"
         required: true
-        type: 'string'
+        type: "string"
     secrets:
       AWS_ASSUME_ROLE:
         required: true
@@ -84,4 +84,4 @@ jobs:
       sandbox: ${{ inputs.sandbox }}
       lambda_layer_name: alerting_lambda_layer
     secrets:
-      AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }}
+      AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }}

.github/workflows/base-lambda-layer-reusable-publish.yml

@@ -1,4 +1,4 @@
-name: 'Z-BASE Lambda Layer: action to deploy a single lambda layer'
+name: "Z-BASE Deploy: Lambda layer"
 
 on:
   workflow_call:
@@ -47,9 +47,9 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v5
         with:
-          repository: 'NHSDigital/national-document-repository'
+          repository: "NHSDigital/national-document-repository"
           ref: ${{ inputs.build_branch }}
-          fetch-depth: '0'
+          fetch-depth: "0"
 
       - name: Set up Python ${{ inputs.python_version }}
         uses: actions/setup-python@v5

.github/workflows/base-lambdas-check-packages.yml

@@ -1,4 +1,4 @@
-name: "Z-BASE Lambdas: Lambda check packages runner"
+name: "Z-BASE Build: Lambda Package Audit"
 
 on:
   workflow_call:
@@ -24,7 +24,6 @@ jobs:
     name: View input params
     runs-on: ubuntu-latest
     steps:
-
       - name: Display client passed variables
         run: |
           echo Python Version: ${{ inputs.python_version }}
@@ -40,7 +39,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v5
         with:
-          repository: 'NHSDigital/national-document-repository'
+          repository: "NHSDigital/national-document-repository"
           ref: ${{ inputs.build_branch }}
 
       - name: Set up Python ${{ inputs.python_version }}
@@ -49,7 +48,7 @@ jobs:
           python-version: ${{ inputs.python_version }}
 
       - name: Make virtual environment
-        run: | 
+        run: |
           make env
 
       - name: Start virtual environment
@@ -59,4 +58,4 @@ jobs:
 
       - name: Check packages with pip-audit
         run: |
-          make check-packages
+          make check-packages

.github/workflows/base-lambdas-edge-deploy.yml

@@ -1,4 +1,4 @@
-name: 'Z-BASE Lambdas: action to deploy a single lambda'
+name: "Z-BASE Deploy: Edge Lambda"
 
 on:
   workflow_call:
@@ -51,9 +51,9 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v5
         with:
-          repository: 'NHSDigital/national-document-repository'
+          repository: "NHSDigital/national-document-repository"
           ref: ${{ inputs.build_branch }}
-          fetch-depth: '0'
+          fetch-depth: "0"
 
       - name: Set up Python ${{ inputs.python_version }}
         uses: actions/setup-python@v5
@@ -68,7 +68,7 @@ jobs:
         with:
           role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }}
           role-skip-session-tagging: true
-          aws-region: 'us-east-1'
+          aws-region: "us-east-1"
           mask-aws-account-id: true
 
       - name: Create release package for Lambda ${{ inputs.lambda_aws_name }}
@@ -86,7 +86,7 @@ jobs:
 
           LAMBDA_VERSION=$(echo $RESPONSE | jq -r '.Version')
           echo "Lambda function updated to version: $LAMBDA_VERSION"
-          
+
           LAMBDA_ARN=$(echo $RESPONSE | jq -r '.FunctionArn')
           echo "LAMBDA_ARN=$LAMBDA_ARN" >> $GITHUB_ENV
 
@@ -104,5 +104,5 @@ jobs:
         run: |
           ./lambdas/venv/bin/python3 lambdas/scripts/update_cloudfront.py
         env:
-          AWS_REGION: 'us-east-1'
-          LAMBDA_ARN: ${{ env.LAMBDA_ARN }}
+          AWS_REGION: "us-east-1"
+          LAMBDA_ARN: ${{ env.LAMBDA_ARN }}