diff --git a/.releaserc.json b/.releaserc.json index 3b9a4ea..0b0d752 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -35,7 +35,8 @@ "assets": [ "CHANGELOG.md", "infrastructure/modules/**/README.md", - "infrastructure/modules/**/context.tf" + "infrastructure/modules/**/context.tf", + "infrastructure/modules/**/*.tf" ], "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}" } diff --git a/infrastructure/modules/guardduty/main.tf b/infrastructure/modules/guardduty/main.tf index 8416268..35d2ec9 100644 --- a/infrastructure/modules/guardduty/main.tf +++ b/infrastructure/modules/guardduty/main.tf @@ -119,7 +119,7 @@ resource "aws_guardduty_detector_feature" "eks_runtime_monitoring" { # are derived from the same context but disambiguated from the # detector. module "findings_label" { - source = "git::https://github.com/NHSDigital/screening-terraform-modules-aws.git//infrastructure/modules/tags?ref=v2.3.0" + source = "git::https://github.com/NHSDigital/screening-terraform-modules-aws.git//infrastructure/modules/tags?ref=v2.4.0" context = module.this.context attributes = concat(module.this.attributes, ["findings"]) diff --git a/scripts/tests/release-config.sh b/scripts/tests/release-config.sh new file mode 100755 index 0000000..0d2c7b2 --- /dev/null +++ b/scripts/tests/release-config.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -euo pipefail + +cd "$(git rev-parse --show-toplevel)" + +# Guardrail test: ensure semantic-release/git assets include the file types +# that the release updater can modify. This prevents updates being generated +# in prepare but silently omitted from the release commit. +node <<'EOF' +const fs = require("node:fs"); + +const releasercPath = ".releaserc.json"; +const requiredAssets = [ + "CHANGELOG.md", + "infrastructure/modules/**/README.md", + "infrastructure/modules/**/context.tf", + "infrastructure/modules/**/*.tf" +]; + +const config = JSON.parse(fs.readFileSync(releasercPath, "utf8")); +const plugins = Array.isArray(config.plugins) ? config.plugins : []; + +const gitPlugin = plugins.find( + (entry) => Array.isArray(entry) && entry[0] === "@semantic-release/git" +); + +if (!gitPlugin) { + console.error("release-config test failed: @semantic-release/git plugin not found in .releaserc.json"); + process.exit(1); +} + +const gitOptions = gitPlugin[1] || {}; +const assets = Array.isArray(gitOptions.assets) ? gitOptions.assets : []; +const missing = requiredAssets.filter((asset) => !assets.includes(asset)); + +if (missing.length > 0) { + console.error("release-config test failed: missing required @semantic-release/git assets:"); + for (const asset of missing) { + console.error(`- ${asset}`); + } + process.exit(1); +} + +console.log("release-config test passed"); +EOF diff --git a/scripts/tests/unit.sh b/scripts/tests/unit.sh index 2ac7073..a5f6086 100755 --- a/scripts/tests/unit.sh +++ b/scripts/tests/unit.sh @@ -17,4 +17,5 @@ cd "$(git rev-parse --show-toplevel)" # tests from here. If you want to run other test suites, see the predefined # tasks in scripts/test.mk. +./scripts/tests/release-config.sh ./scripts/tests/release-updater.sh