alphagov · aaronfowles · Sep 24, 2025 · Oct 28, 2024 · Oct 28, 2024 · Oct 28, 2024
diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
@@ -0,0 +1,14 @@
+name: Lint GitHub Actions
+permissions:
+  contents: read
+on:
+  push:
+    paths: ['.github/**']
+jobs:
+  actionlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          show-progress: false
+      - uses: alphagov/govuk-infrastructure/.github/actions/actionlint@main
diff --git a/.github/workflows/check-code-hygiene.yml b/.github/workflows/check-code-hygiene.yml
@@ -1,5 +1,6 @@
 name: Code Hygiene
-
+permissions:
+  contents: read
 on:
   pull_request:
     branches:
@@ -12,18 +13,18 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Cache Node.js modules
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
           restore-keys: |
             ${{ runner.os }}-node-
 
       - name: Setup Node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v4
         with:
           node-version: 16
 

diff --git a/.github/workflows/check-test-coverage.yml b/.github/workflows/check-test-coverage.yml
@@ -1,5 +1,4 @@
 name: Jest Coverage Check
-
 on:
   push:
     branches: [main]
@@ -11,17 +10,21 @@ jobs:
     name: Jest Test with Coverage Check
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: read
+      actions: write
+
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Setup Node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v4
         with:
           node-version: 16
 
       - name: Cache Node.js modules
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}

diff --git a/.github/workflows/production-create-release.yml b/.github/workflows/production-create-release.yml
@@ -16,12 +16,12 @@ jobs:
     env:
       commitmsg: ${{ github.event.head_commit.message }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Create Tag Name
         run: |
           GIT_TAG=$(date +v%Y.%m.%d)-$(git log --format=%h -1)
-          echo "GIT_TAG=$GIT_TAG" >> $GITHUB_ENV
+          echo "GIT_TAG=$GIT_TAG" >> "$GITHUB_ENV"
 
       - name: Create Release
         id: create_release

diff --git a/.github/workflows/production-deploy.yml b/.github/workflows/production-deploy.yml
@@ -1,5 +1,6 @@
 name: Deploy Production
-
+permissions:
+  contents: read
 on:
   workflow_dispatch:
     inputs:
@@ -15,7 +16,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.event.inputs.tag }}
 

diff --git a/.github/workflows/staging-deploy.yml b/.github/workflows/staging-deploy.yml
@@ -1,5 +1,6 @@
 name: Deploy Staging
-
+permissions:
+  contents: read
 on:
   workflow_dispatch:
   push:
@@ -20,7 +21,7 @@ jobs:
     environment: staging
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install Dependencies
         run: npm ci

diff --git a/README.md b/README.md
@@ -15,6 +15,7 @@ Docs](https://docs.data-community.publishing.service.gov.uk).
 
 - Clone this repository
 - Run `npm install` to install all dependencies
+- Run `npm run build`
 - Install [Sass](https://sass-lang.com/install) and compile the Sass sources to CSS with `sass ./src/frontend/scss/main.scss > ./public/main.css`
 
 - Install [webpack](https://webpack.js.org/) and compile the browser-side Typescript code to JavaScript by just running `webpack`
@@ -32,7 +33,7 @@ Docs](https://docs.data-community.publishing.service.gov.uk).
 
 - Start the server with `npm run dev`.
 
-- Point your browser to `https://localhost:8080` (the port can be changed using the `PORT` environment variable)
+- Point your browser to `http://localhost:8080` (the port can be changed using the `PORT` environment variable)
 
 # Developing
 
@@ -120,7 +121,7 @@ Production deployments have to be triggered manually for security reasons.
 
 ## Deployment Steps
 
-1. Go to production site https://govgraphsearch.dev/ and view the source.
+1. Go to production site https://gov-search.service.gov.uk/ and view the source.
 2. Look for the line beginning `<!-- Google Tag Manager (noscript) --><noscript><iframe src="https://www.googletagmanager.com/ns.html?` and note the values of the URL parameters `id` and `gtm_auth`. They look like `GTM-XXXXXXX` and `aWEg5ABBXXXXXXXXXXXXXXXXX`.
 3. Run the script `deploy-to-gcp.sh` located at the root directory
 4. Enter the value of `id` as in step 2 as the GTM tracking ID.