govuk-one-login · kikidawson-gds · Aug 14, 2025
@@ -26,15 +26,15 @@ jobs:
   ci-checks:
     name: Pre-deployment
     uses:
-      ./.github/workflows/job_ci-checks.yml
+      govuk-one-login/mobile-id-check-async/.github/workflows/jobs_ci-checks.yml@ci-checks/v1.0.0
     with:
       PRIVATE_PACKAGES_REQUIRED: true
       WORKING_DIRECTORY: backend-api
 
   run-test-suite:
     name: Pre-deployment
     uses:
-      ./.github/workflows/job_test-suite.yml
+      govuk-one-login/mobile-id-check-async/.github/workflows/jobs_test-suite.yml@test-suite/v1.0.0
     with:
       PRIVATE_PACKAGES_REQUIRED: true
       RUN_PACT_TESTS: true

@@ -27,7 +27,7 @@ jobs:
     name: CI checks
     if: github.event.pull_request.draft == false
     uses:
-      ./.github/workflows/job_ci-checks.yml
+      govuk-one-login/mobile-id-check-async/.github/workflows/jobs_ci-checks.yml@ci-checks/v1.0.0
     with:
       PRIVATE_PACKAGES_REQUIRED: true
       WORKING_DIRECTORY: backend-api
@@ -36,7 +36,7 @@ jobs:
     name: Run test suite
     needs: ci-checks
     uses:
-      ./.github/workflows/job_test-suite.yml
+      govuk-one-login/mobile-id-check-async/.github/workflows/jobs_test-suite.yml@test-suite/v1.0.0
     with:
       PRIVATE_PACKAGES_REQUIRED: true
       RUN_PACT_TESTS: true

@@ -22,6 +22,6 @@ jobs:
     name: CI checks
     if: github.event.pull_request.draft == false
     uses:
-      ./.github/workflows/job_ci-checks.yml
+      govuk-one-login/mobile-id-check-async/.github/workflows/jobs_ci-checks.yml@ci-checks/v1.0.0
     with:
       WORKING_DIRECTORY: helper-scripts
@@ -0,0 +1,19 @@
+name: Initialise New GitHub Actions Job
+
+on:
+  workflow_dispatch:
+    inputs:
+      JOB_NAME:
+        description: The Name of the New Job
+        type: string
+
+jobs:
+  create-tag:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Create Tag v0.0.1
+        run: |
+          $job_name=${{ inputs.JOB_NAME }}
+
+          git tag $job_name/v0.0.1
+          git push origin $job_name/v0.0.1
@@ -0,0 +1,138 @@
+name: GitHub Jobs Post Merge
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/workflows/job_**"
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  id-token: write
+
+jobs:
+  get-file-names:
+    name: Get Names of Files Changed
+    runs-on: ubuntu-24.04
+    env:
+      SAM_CLI_TELEMETRY: 0
+    defaults:
+      run:
+        shell: bash
+        working-directory: .
+    outputs:
+      FILE_NAMES: ${{ steps.get-files.outputs.NAMES }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+          fetch-depth: 0
+
+# This is ugly but can't get anything else to work
+      - name: Get File Names
+        id: get-files
+        run: |
+          files=$( git diff origin/main --name-only -- ./.github/workflows/job_** )
+
+          JSON="["
+          for file in ${files[@]}; do
+              echo $file
+              JSONline="\"$file\","
+              if [[ "$JSON" != *"$JSONline"* ]]; then
+                  JSON="$JSON$JSONline"
+              fi
+          done
+
+          if [[ $JSON == *, ]]; then
+              JSON="${JSON%?}"
+          fi
+          JSON="$JSON]"
+
+          echo $JSON
+          echo "NAMES=$( echo "$JSON" )" >> $GITHUB_OUTPUT
+
+  create-tags:
+    name: Validate Versions and Create Tags
+    runs-on: ubuntu-24.04
+    needs: get-file-names
+    strategy:
+      matrix:
+        file_name:  ${{ fromJSON(needs.get-file-names.outputs.FILE_NAMES) }}
+    env:
+      SAM_CLI_TELEMETRY: 0
+      FILE_NAME: ${{ matrix.file_name }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    defaults:
+      run:
+        shell: bash
+        working-directory: jobs
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Setup NodeJS
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          cache: npm
+          cache-dependency-path: jobs/package-lock.json
+          node-version-file: jobs/.nvmrc
+
+      - name: Install Dependencies
+        run: |
+          npm clean-install
+
+      - name: Validate Job Name
+        id: job-name
+        run: |
+          name=$( yq .description ../$FILE_NAME | jq .name | tr -d '"' )
+
+          if [[ $FILE_NAME == ".github/workflows/job_$name" ]]; then
+            echo "Error: Job name does not match file name."
+            exit 1
+          fi
+
+          if [[ "$name" =~ ^[a-z0-9-]+$ ]]; then
+            echo "Valid job name."
+            echo "NAME=$name" >> $GITHUB_OUTPUT
+          else
+            echo "Error: Invalid job name."
+            exit 1
+          fi
+
+      - name: Get Version
+        id: get-version
+        run: |
+          version=$( yq .description ../$FILE_NAME | jq .version | tr -d '"' )
+          echo "VERSION=$version" >> $GITHUB_OUTPUT
+
+      - name: Validate Version
+        run: |
+          npm run validate-version $FILE_NAME
+
+      - name: Get Message
+        id: get-message
+        run: |
+          message=$( yq .description ../$FILE_NAME | jq .message )
+          echo "MESSAGE=$message" >> $GITHUB_OUTPUT
+
+      - name: Create and Push Tag
+        run: |
+          job_name=${{ steps.job-name.outputs.NAME }}
+          new_version=${{ steps.get-version.outputs.VERSION }}
+
+          git tag $job_name/$new_version
+          git push origin $job_name/$new_version
+
+      - name: Create GitHub Release
+        run: |
+          job_name=${{ steps.job-name.outputs.NAME }}
+          message=${{ steps.get-message.outputs.MESSAGE }}
+          new_version=${{ steps.get-version.outputs.VERSION }}
+
+          gh release create $job_name/$new_version --latest=false --notes "$message"
@@ -0,0 +1,117 @@
+name: GitHub Jobs Pull Request
+
+on:
+  pull_request:
+    branches:
+      - main
+    types:
+      - opened
+      - reopened
+      - ready_for_review
+      - synchronize
+    paths:
+      - ".github/workflows/job_**"
+
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  id-token: write
+
+jobs:
+  get-file-names:
+    name: Get Names of Files Changed
+    runs-on: ubuntu-24.04
+    env:
+      SAM_CLI_TELEMETRY: 0
+    defaults:
+      run:
+        shell: bash
+        working-directory: .
+    outputs:
+      FILE_NAMES: ${{ steps.get-files.outputs.NAMES }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+          fetch-depth: 0
+
+# This is ugly but can't get anything else to work
+      - name: Get File Names
+        id: get-files
+        run: |
+          files=$( git diff origin/main --name-only -- ./.github/workflows/job_** )
+
+          JSON="["
+          for file in ${files[@]}; do
+              echo $file
+              JSONline="\"$file\","
+              if [[ "$JSON" != *"$JSONline"* ]]; then
+                  JSON="$JSON$JSONline"
+              fi
+          done
+
+          if [[ $JSON == *, ]]; then
+              JSON="${JSON%?}"
+          fi
+          JSON="$JSON]"
+
+          echo $JSON
+          echo "NAMES=$( echo "$JSON" )" >> $GITHUB_OUTPUT
+
+  create-tags:
+    name: Validate Versions and Create Tags
+    runs-on: ubuntu-24.04
+    needs: get-file-names
+    strategy:
+      matrix:
+        file_name:  ${{ fromJSON(needs.get-file-names.outputs.FILE_NAMES) }}
+    env:
+      SAM_CLI_TELEMETRY: 0
+      FILE_NAME: ${{ matrix.file_name }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    defaults:
+      run:
+        shell: bash
+        working-directory: jobs
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Setup NodeJS
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          cache: npm
+          cache-dependency-path: jobs/package-lock.json
+          node-version-file: jobs/.nvmrc
+
+      - name: Install Dependencies
+        run: |
+          npm clean-install
+
+      - name: Validate Job Name
+        id: job-name
+        run: |
+          name=$( yq .description ../$FILE_NAME | jq .name | tr -d '"' )
+
+          if [[ $FILE_NAME == ".github/workflows/job_$name" ]]; then
+            echo "Error: Job name does not match file name."
+            exit 1
+          fi
+
+          if [[ "$name" =~ ^[a-z0-9-]+$ ]]; then
+            echo "Valid job name."
+            echo "NAME=$name" >> $GITHUB_OUTPUT
+          else
+            echo "Error: Invalid job name."
+            exit 1
+          fi
+
+      - name: Validate Version
+        run: |
+          npm run validate-version $FILE_NAME
+
@@ -1,5 +1,12 @@
 name: CI Checks
 
+description: {
+  "name": "ci-checks",
+  "version": "v1.0.0",
+  "message":
+    "This update adds versioning to the ci-checks job."
+  }
+
 on:
   workflow_call:
     inputs:

@@ -1,5 +1,12 @@
 name: Build, Push, Sign and Tag Test Image
 
+description: {
+  "name": "push-docker-image",
+  "version": "v1.0.0",
+  "message":
+    "This update adds versioning to the push-docker-image job."
+  }
+
 on:
   workflow_call:
     inputs:

@@ -1,5 +1,12 @@
 name: Run Test Suite
 
+description: {
+  "name": "test-suite",
+  "version": "v1.0.0",
+  "message":
+    "This update adds versioning to the test-suite job."
+  }
+
 on:
   workflow_call:
     inputs:

@@ -1,5 +1,12 @@
 name: Validate, Build, and Upload Artifact to S3
 
+description: {
+  "name": "upload-sam-artifact",
+  "version": "v1.0.0",
+  "message":
+    "This update adds versioning to the upload-sam-artifact job."
+  }
+
 on:
   workflow_call:
     inputs:

@@ -0,0 +1 @@
+22