diff --git a/.github/workflows/pr-lint.yaml b/.github/workflows/pr-lint.yaml index c6bc45a7..be95d449 100644 --- a/.github/workflows/pr-lint.yaml +++ b/.github/workflows/pr-lint.yaml @@ -1,24 +1,14 @@ name: PR Quality Check -on: pull_request +on: + pull_request: + types: [opened, synchronize, edited, reopened] jobs: link-ticket: runs-on: ubuntu-latest steps: - - name: Check ticket name conforms to requirements - run: echo ${{ github.event.pull_request.head.ref }} | grep -i -E -q "((apm|niad|amb|flagsapi)-[0-9]+)|(dependabot\/)" - - - name: Grab ticket name - if: contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'niad-') || contains(github.event.pull_request.head.ref, 'NIAD-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') - run: echo ::set-env name=TICKET_NAME::$(echo ${{ github.event.pull_request.head.ref }} | tr '[:lower:]' '[:upper:]' | grep -i -o '^\(APM\|NIAD\|AMB\)-[0-9]\+') + - name: Check PR title starts with Jira reference env: - ACTIONS_ALLOW_UNSECURE_COMMANDS: true - - - name: Comment on PR - if: contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'niad-') || contains(github.event.pull_request.head.ref, 'NIAD-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') - uses: unsplash/comment-on-pr@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - msg: | - This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket: - # [${{ env.TICKET_NAME }}](https://nhsd-jira.digital.nhs.uk/browse/${{ env.TICKET_NAME}}) + PR_TITLE: ${{ github.event.pull_request.title }} + run: | + JIRA_REGEX="^(APM|NIAD|AMB|FLAGSAPI)-([[:digit:]]+)" + [[ "$PR_TITLE" =~ $JIRA_REGEX ]] && exit 0 || exit 1 diff --git a/specification/summary-care-record.yaml b/specification/summary-care-record.yaml index 25c887da..2c6b1062 100644 --- a/specification/summary-care-record.yaml +++ b/specification/summary-care-record.yaml @@ -81,15 +81,15 @@ info: This API has two authorisation methods. The first is [user-restricted](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis), meaning an end user must be present and authenticated to use it. The end user must be: - - a health or care staff providing direct care to patients - - strongly authenticated, using either an [NHS smartcard or a modern alternative](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/nhs-smartcards-for-developers) available via [NHS Care Identity Service 2 (NHS CIS2)](https://digital.nhs.uk/services/nhs-identity) + - a health or care worker providing direct care to patients + - strongly authenticated, using either an [NHS smartcard or a modern alternative](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/nhs-smartcards-for-developers) available via [CIS2 Authentication](https://digital.nhs.uk/services/care-identity-service/applications-and-services/cis2-authentication) + - authenticated to assurance level AAL2 or AAL3 - The API uses OAuth 2.0 to authorise the calling system. It only supports CIS2 combined authentication and authorisation (see link below). Do not use separate authentication and authorisation: - - [user-restricted RESTful API - using NHS CIS2 - combined authentication and authorisation](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/user-restricted-restful-apis-nhs-cis2-combined-authentication-and-authorisation) - - For more details, see [user-restricted APIs](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis). - - The second authorisation method is [application-restricted](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#application-restricted-apis) (signed JWT authentication), meaning a few specific API calls can be authorised by the application making the requests. This is typically provided so that GPs can perform batch updates of multiple Summary Care Records without having to log in as a specific user. + The API uses OAuth 2.0 to authorise the calling system. It supports the following security patterns: + - [user-restricted RESTful API - CIS2 - combined authentication and authorisation](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/user-restricted-restful-apis-nhs-cis2-combined-authentication-and-authorisation) + - [user-restricted RESTful API - CIS2 - seperate authentication and authorisation](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/user-restricted-restful-apis-cis2-separate-authentication-and-authorisation) + + The second authorisation method is [application-restricted](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#application-restricted-apis), meaning a few specific API calls can be authorised by the application making the requests. This is typically provided so that GPs can perform batch updates of multiple Summary Care Records without having to log in as a specific user. The following specific endpoint and method combinations can be used with application-restricted authentication, in addition to user-restricted authentication: @@ -97,8 +97,7 @@ info: - GET Bundle - POST Bundle - For more details, see: - - [application-restricted APIs](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#application-restricted-apis) and + For more details, see the following security pattern: - [application-restricted RESTful APIs - signed with JWT authentication](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/application-restricted-restful-apis-signed-jwt-authentication) ## Environments and testing