From 73ed2463666c4ab3351d0150f237d23c5842257e Mon Sep 17 00:00:00 2001
From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com>
Date: Thu, 12 Dec 2024 13:56:03 +0000
Subject: [PATCH 1/2] add gitallowed and secret scanning

---
 .devcontainer/devcontainer.json    |  1 +
 .gitallowed                        | 17 +++++++++++++++++
 .github/workflows/ci.yml           |  2 +-
 .github/workflows/pull_request.yml |  2 +-
 4 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100644 .gitallowed

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 5b8ad30..2286ba9 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -21,6 +21,7 @@
         "installDockerBuildx": "true"
       }
     },
+    "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" },
     "containerUser": "vscode",
     "customizations": {
       "vscode": {
diff --git a/.gitallowed b/.gitallowed
new file mode 100644
index 0000000..b385851
--- /dev/null
+++ b/.gitallowed
@@ -0,0 +1,17 @@
+token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
+github-token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
+token: ?"?\$\{\{\s*secrets\.DEPENDABOT_TOKEN\s*\}\}"?
+id-token: write
+self.token = token
+--token=\$\{\{\s*steps\.generate-token\.outputs\.token\s*\}\}
+--token=\$GITHUB-TOKEN
+--token="\$GITHUB-TOKEN"
+"accountId": "123456789012"
+accountId: "123456789012"
+console\.log\(`access token : \${access_token}`\)
+.*CidrBlock.*
+.*Gemfile\.lock.*
+.*\.gitallowed.*
+.*nhsd-rules-deny.txt.*
+.*\.venv.*
+.*node_modules.*
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 12f3c28..91e5e0a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -9,7 +9,7 @@ env:
 
 jobs:
   quality_checks:
-    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@main
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@4.0.5
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index b64f3fc..c90fb19 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -12,7 +12,7 @@ jobs:
     uses: ./.github/workflows/pr_title_check.yml
 
   quality_checks:
-    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@main
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@4.0.5
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
   

From acc084d9e03404d7fe365f1545936bed83536dcb Mon Sep 17 00:00:00 2001
From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com>
Date: Thu, 12 Dec 2024 14:02:50 +0000
Subject: [PATCH 2/2] fix

---
 .github/workflows/pull_request.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index c90fb19..18ef6a5 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -12,7 +12,7 @@ jobs:
     uses: ./.github/workflows/pr_title_check.yml
 
   quality_checks:
-    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@4.0.5
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.5
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}