From b9494615fc971351eda9e6d94723b45ddb07af64 Mon Sep 17 00:00:00 2001 From: Oliver Slater Date: Wed, 27 May 2026 20:46:47 +0100 Subject: [PATCH 1/3] build(release): update assets in .releaserc.json to include all Terraform files --- .releaserc.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.releaserc.json b/.releaserc.json index 3b9a4ea..0b0d752 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -35,7 +35,8 @@ "assets": [ "CHANGELOG.md", "infrastructure/modules/**/README.md", - "infrastructure/modules/**/context.tf" + "infrastructure/modules/**/context.tf", + "infrastructure/modules/**/*.tf" ], "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}" } From c9ce79f64203df3f785bf7c77b83b2e5cbd7f582 Mon Sep 17 00:00:00 2001 From: Oliver Slater Date: Wed, 27 May 2026 20:47:24 +0100 Subject: [PATCH 2/3] build(tests): add release-config.sh for semantic-release/git asset validation --- scripts/tests/release-config.sh | 46 +++++++++++++++++++++++++++++++++ scripts/tests/unit.sh | 1 + 2 files changed, 47 insertions(+) create mode 100755 scripts/tests/release-config.sh diff --git a/scripts/tests/release-config.sh b/scripts/tests/release-config.sh new file mode 100755 index 0000000..0d2c7b2 --- /dev/null +++ b/scripts/tests/release-config.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -euo pipefail + +cd "$(git rev-parse --show-toplevel)" + +# Guardrail test: ensure semantic-release/git assets include the file types +# that the release updater can modify. This prevents updates being generated +# in prepare but silently omitted from the release commit. +node <<'EOF' +const fs = require("node:fs"); + +const releasercPath = ".releaserc.json"; +const requiredAssets = [ + "CHANGELOG.md", + "infrastructure/modules/**/README.md", + "infrastructure/modules/**/context.tf", + "infrastructure/modules/**/*.tf" +]; + +const config = JSON.parse(fs.readFileSync(releasercPath, "utf8")); +const plugins = Array.isArray(config.plugins) ? config.plugins : []; + +const gitPlugin = plugins.find( + (entry) => Array.isArray(entry) && entry[0] === "@semantic-release/git" +); + +if (!gitPlugin) { + console.error("release-config test failed: @semantic-release/git plugin not found in .releaserc.json"); + process.exit(1); +} + +const gitOptions = gitPlugin[1] || {}; +const assets = Array.isArray(gitOptions.assets) ? gitOptions.assets : []; +const missing = requiredAssets.filter((asset) => !assets.includes(asset)); + +if (missing.length > 0) { + console.error("release-config test failed: missing required @semantic-release/git assets:"); + for (const asset of missing) { + console.error(`- ${asset}`); + } + process.exit(1); +} + +console.log("release-config test passed"); +EOF diff --git a/scripts/tests/unit.sh b/scripts/tests/unit.sh index 2ac7073..a5f6086 100755 --- a/scripts/tests/unit.sh +++ b/scripts/tests/unit.sh @@ -17,4 +17,5 @@ cd "$(git rev-parse --show-toplevel)" # tests from here. If you want to run other test suites, see the predefined # tasks in scripts/test.mk. +./scripts/tests/release-config.sh ./scripts/tests/release-updater.sh From 5d711d416425e34d70bb5a9500e55bbcd1db9134 Mon Sep 17 00:00:00 2001 From: Oliver Slater Date: Wed, 27 May 2026 20:49:53 +0100 Subject: [PATCH 3/3] fix(guardduty): update findings_label module source reference to v2.4.0 --- infrastructure/modules/guardduty/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/modules/guardduty/main.tf b/infrastructure/modules/guardduty/main.tf index 8416268..35d2ec9 100644 --- a/infrastructure/modules/guardduty/main.tf +++ b/infrastructure/modules/guardduty/main.tf @@ -119,7 +119,7 @@ resource "aws_guardduty_detector_feature" "eks_runtime_monitoring" { # are derived from the same context but disambiguated from the # detector. module "findings_label" { - source = "git::https://github.com/NHSDigital/screening-terraform-modules-aws.git//infrastructure/modules/tags?ref=v2.3.0" + source = "git::https://github.com/NHSDigital/screening-terraform-modules-aws.git//infrastructure/modules/tags?ref=v2.4.0" context = module.this.context attributes = concat(module.this.attributes, ["findings"])