CCM-17346: Restore local actions; use local build-docs in stage-3

damientobin1 · damientobin1 · commit 495c566468aa · 2026-05-06T22:06:43.000+01:00
diff --git a/.github/actions/build-docs/action.yml b/.github/actions/build-docs/action.yml
@@ -0,0 +1,44 @@
+name: "Build Docs"
+description: "build jekyll docs"
+inputs:
+  version:
+    description: "Version number"
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+    - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+      with:
+        node-version: 18
+    - name: Install docs node dependencies
+      working-directory: ./docs
+      run: pnpm --ignore-workspace install --frozen-lockfile
+      shell: bash
+    - name: Setup Ruby
+      uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1
+      with:
+        ruby-version: "3.2" # Not needed with a .ruby-version file
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+        cache-version: 0 # Increment this number if you need to re-download cached gems
+        working-directory: "./docs"
+    - name: Setup Pages
+      id: pages
+      uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5
+    - name: Build with Jekyll
+      working-directory: ./docs
+      # Outputs to the './_site' directory by default
+      shell: bash
+      run: make build BASE_URL="$BASE_URL" VERSION="$VERSION"
+      #run: bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}"
+      env:
+        JEKYLL_ENV: production
+        BASE_URL: ${{ steps.pages.outputs.base_path }}
+        VERSION: ${{ inputs.version }}
+    - name: Upload artifact
+      # Automatically uploads an artifact from the './_site' directory by default
+      uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3
+      with:
+        path: "docs/_site/"
+        name: jekyll-docs-${{ inputs.version }}
diff --git a/.github/actions/check-todo-usage/action.yaml b/.github/actions/check-todo-usage/action.yaml
@@ -0,0 +1,10 @@
+name: "Check Todo usage"
+description: "Check Todo usage"
+runs:
+  using: "composite"
+  steps:
+    - name: "Check Todo usage"
+      shell: bash
+      run: |
+        export BRANCH_NAME=origin/${{ github.event.repository.default_branch }}
+        check=branch ./scripts/githooks/check-todos.sh
diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml
@@ -0,0 +1,10 @@
+name: Make Config Action
+description: Install dependencies and execute make config
+
+runs:
+  using: composite
+  steps:
+    - name: Install dependencies and execute make config
+      shell: bash
+      run: |
+        scripts/setup/setup.sh
diff --git a/.github/actions/trivy-iac/action.yaml b/.github/actions/trivy-iac/action.yaml
@@ -0,0 +1,20 @@
+#TODO - Re-visit Trivy usage https://nhsd-jira.digital.nhs.uk/browse/CCM-15549
+# name: "Trivy IaC Scan"
+# description: "Scan Terraform IaC using Trivy"
+# runs:
+#   using: "composite"
+#   steps:
+#     - name: "Trivy Terraform IaC Scan"
+#       shell: bash
+#       run: |
+#         components_exit_code=0
+#         modules_exit_code=0
+#         asdf plugin add trivy || true
+#         asdf install trivy || true
+#         ./scripts/terraform/trivy-scan.sh --mode iac ./infrastructure/terraform/components || components_exit_code=$?
+#         ./scripts/terraform/trivy-scan.sh --mode iac ./infrastructure/terraform/modules || modules_exit_code=$?
+
+#         if [ $components_exit_code -ne 0 ] || [ $modules_exit_code -ne 0 ]; then
+#           echo "Trivy misconfigurations detected."
+#           exit 1
+#         fi
diff --git a/.github/actions/trivy-package/action.yaml b/.github/actions/trivy-package/action.yaml
@@ -0,0 +1,18 @@
+#TODO - Re-visit Trivy usage https://nhsd-jira.digital.nhs.uk/browse/CCM-15549
+# name: "Trivy Package Scan"
+# description: "Scan project packages using Trivy"
+# runs:
+#   using: "composite"
+#   steps:
+#     - name: "Trivy Package Scan"
+#       shell: bash
+#       run: |
+#         exit_code=0
+#         asdf plugin add trivy || true
+#         asdf install trivy || true
+#         ./scripts/terraform/trivy-scan.sh --mode package . || exit_code=$?
+
+#         if [ $exit_code -ne 0 ]; then
+#           echo "Trivy has detected package vulnerabilities. Please refer to https://nhsd-confluence.digital.nhs.uk/spaces/RIS/pages/1257636917/PLAT-KOP-012+-+Trivy+Pipeline+Vulnerability+Scanning+Exemption"
+#           exit 1
+#         fi
diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml
@@ -50,7 +50,7 @@ jobs:
           version: "${{ inputs.pnpm_version }}"
           cache: true
       - name: "Build docs"
-        uses: NHSDigital/nhs-notify-shared-modules/.github/actions/build-docs@3.0.0
+        uses: ./.github/actions/build-docs
         with:
           version: "${{ inputs.version }}"
   artefact-1:
