use the same workflows as other repos

[eveleighoj]

Description

Please replace this line with a brief description of the changes made.

What type of PR is this? (check all applicable)

• Refactor
• Feature
• Bug Fix
• Optimization
• Documentation Update

Related Tickets & Documents

• Closes #

QA Instructions, Screenshots, Recordings

Before

Before screenshot here

After

After screenshot here

Added/updated tests?

We encourage you to keep the code coverage percentage at 80% and above.

• Yes
• No, and this is why: Please replace this line with details on why tests have not been included
• I need help with writing tests

QA sign off

• Code has been checked and approved
• Design has been checked and approved
• Product and business logic has been checked and proved

[optional] Are there any post-deployment tasks we need to perform?

[optional] Are there any dependencies on other PRs or Work?

Summary by CodeRabbit

• Chores
  • Removed the manual feature deployment workflow.
  • Updated the publish workflow: renamed, updated run naming, and switched to dynamic environment detection.
  • Renamed the security scan workflow for clarity.
  • Enhanced the test workflow with improved run naming, clearer environment input defaults, and expanded push triggers.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 4f8f342a-7e0c-4810-a08a-7a0d3d68f9c6

📥 Commits

Reviewing files that changed from the base of the PR and between 3881aa1 and 6db7247.

📒 Files selected for processing (2)

• .github/workflows/security-scan.yml
• .github/workflows/test.yml

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/security-scan.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/test.yml

---

Walkthrough

Removed .github/workflows/featureDeploy.yml and updated three workflows: .github/workflows/publish.yml (renamed job, push trigger narrowed to main, environment matrix now dynamic), .github/workflows/security-scan.yml (display name capitalised), and .github/workflows/test.yml (run-name updated, push trigger added for non-main, environment input made optional and used dynamically).

Changes

Cohort / File(s)	Summary
Feature Deploy Workflow Removal .github/workflows/featureDeploy.yml	Deleted the manual "Deploy branch" workflow that detected environments and launched deployments via a reusable workflow.
Publish Workflow Updates .github/workflows/publish.yml	Renamed workflow to "Publish", updated run-name to include ref and actor, restricted push trigger to main, renamed job deploy-changes → publish-image, and switched environment matrix to use detected environments from detect-environments.
Security Scan Name Change .github/workflows/security-scan.yml	Changed display name from security-scan to Security Scan; no behavioural changes.
Test Workflow Adjustments .github/workflows/test.yml	Enhanced run-name to include branch/ref and event, made environment input optional with default development, added a push trigger excluding main, and set job environment to use inputs.environment when provided.

Sequence Diagram(s)

sequenceDiagram
    participant GitHub as GitHub Event
    participant PublishWF as Publish Workflow
    participant DetectEnvs as Detect Environments Job
    participant PublishImage as Publish-image Job
    participant ReusableDeploy as Reusable deploy.yml

    GitHub->>PublishWF: trigger (push to main or workflow_dispatch)
    PublishWF->>DetectEnvs: run environment detection
    DetectEnvs-->>PublishImage: return environments (matrix)
    PublishImage->>ReusableDeploy: call reusable workflow per environment

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~7 minutes

Poem

A rabbit hops through workflows neat,
One old deploy now skips a beat.
Names refreshed and triggers tuned,
Environments found and jobs re-routed.
Hooray — CI carrots, freshly hoed! 🐇✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'use the same workflows as other repos' is vague and generic, failing to convey what specific workflow changes were made or why.	Provide a more descriptive title that indicates the specific workflows modified, such as 'Refactor GitHub Actions workflows for consistency' or 'Delete featureDeploy workflow and update publish/test workflows'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/gh-workflows

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	66.02%	6872 / 10408
🔵	Statements	66.02%	6872 / 10408
🔵	Functions	63.44%	276 / 435
🔵	Branches	78.05%	914 / 1171

File Coverage

No changed files found.

Generated in workflow #1381 for commit 6db7247 by the Vitest Coverage Report Action

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

.github/workflows/test.yml (1)

19-21: Trailing whitespace – tiny YAML-lint failure

There are stray spaces after branches-ignore:. They do no harm but fail yamllint’s default rules.

-  push:
-    branches-ignore: [main]
-    
+  push:
+    branches-ignore: [main]

.github/workflows/publish.yml (3)

2-2: Run-name field has double space after colon

YAML-lint warns: “too many spaces after colon”. Trim the surplus to keep formatting tidy.

-run-name:  Publish - ${{ github.head_ref || github.ref_name }} to ${{ inputs.environment || 'All' }} by @${{ github.actor }} triggered via ${{ github.event_name }}
+run-name: Publish - ${{ github.head_ref || github.ref_name }} to ${{ inputs.environment || 'All' }} by @${{ github.actor }} triggered via ${{ github.event_name }}

---

40-44: No newline at end of file

A missing final newline is flagged by yamllint and can cause noisy diffs later.

-    secrets: inherit
+    secrets: inherit
+

---

14-18: Potential empty input when triggered by push

When this workflow runs on push, inputs.environment is undefined, so the called test.yml receives an empty string.
Given the earlier fix (input not required), this is now legal and will default to development, but the explicit empty string is confusing. Prefer passing the resolved default:

-      environment: '${{ inputs.environment }}'
+      environment: '${{ inputs.environment || \'development\' }}'

Purely cosmetic, but makes intent explicit.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5c08f22 and 722c258.

📒 Files selected for processing (4)

• .github/workflows/featureDeploy.yml (0 hunks)
• .github/workflows/publish.yml (2 hunks)
• .github/workflows/security-scan.yml (1 hunks)
• .github/workflows/test.yml (1 hunks)

💤 Files with no reviewable changes (1)

• .github/workflows/featureDeploy.yml

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: cpcundill
PR: digital-land/submit#760
File: .github/workflows/security-scan.yml:1-11
Timestamp: 2025-01-06T14:18:24.064Z
Learning: In .github/workflows/security-scan.yml, the Docker repository secret is named DEPLOY_DOCKER_REPOSITORY, and should be used as follows:
DOCKER_REPO: ${{ secrets.DEPLOY_DOCKER_REPOSITORY }}/submit:latest

.github/workflows/security-scan.yml (1)

Learnt from: cpcundill
PR: #760
File: .github/workflows/security-scan.yml:1-11
Timestamp: 2025-01-06T14:18:24.064Z
Learning: In .github/workflows/security-scan.yml, the Docker repository secret is named DEPLOY_DOCKER_REPOSITORY, and should be used as follows:
DOCKER_REPO: ${{ secrets.DEPLOY_DOCKER_REPOSITORY }}/submit:latest

.github/workflows/test.yml (1)

Learnt from: cpcundill
PR: #760
File: .github/workflows/security-scan.yml:1-11
Timestamp: 2025-01-06T14:18:24.064Z
Learning: In .github/workflows/security-scan.yml, the Docker repository secret is named DEPLOY_DOCKER_REPOSITORY, and should be used as follows:
DOCKER_REPO: ${{ secrets.DEPLOY_DOCKER_REPOSITORY }}/submit:latest

.github/workflows/publish.yml (1)

Learnt from: cpcundill
PR: #760
File: .github/workflows/security-scan.yml:1-11
Timestamp: 2025-01-06T14:18:24.064Z
Learning: In .github/workflows/security-scan.yml, the Docker repository secret is named DEPLOY_DOCKER_REPOSITORY, and should be used as follows:
DOCKER_REPO: ${{ secrets.DEPLOY_DOCKER_REPOSITORY }}/submit:latest

🪛 actionlint (1.7.7)

.github/workflows/test.yml

10-10: input "environment" of workflow_call event has the default value "development", but it is also required. if an input is marked as required, its default value will never be used

(events)

---

11-11: invalid value "environment" for input type of workflow_call event. it must be one of "boolean", "number", or "string"

(syntax-check)

🪛 YAMLlint (1.37.1)

.github/workflows/test.yml

[error] 21-21: trailing spaces

(trailing-spaces)

.github/workflows/publish.yml

[warning] 2-2: too many spaces after colon

(colons)

---

[error] 44-44: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (1)

.github/workflows/security-scan.yml (1)

9-12: Confirm secret value – risk of duplicate or missing image tag/path

DOCKER_REPO currently resolves to the raw value of secrets.DEPLOY_DOCKER_REPOSITORY, while the later docker pull appends :${DOCKER_APPLICATION_TAG}.
Past repos store the secret as <account>.dkr.ecr.<region>.amazonaws.com/submit, i.e. without the tag.
If instead the secret already contains /submit:latest, the pull command will try to fetch …/submit:latest:latest and fail. Likewise, if the secret omits /submit the pull will fetch the repository root (invalid).

Please double-check the exact secret contents and, if necessary, standardise with either of the two common patterns:

-  DOCKER_REPO: ${{ secrets.DEPLOY_DOCKER_REPOSITORY }}
+  # Option A – secret contains just the registry hostname
+  DOCKER_REPO: ${{ secrets.DEPLOY_DOCKER_REPOSITORY }}/submit
+
+  # Option B – secret already contains the repository path **and** tag
+  # DOCKER_REPO: ${{ secrets.DEPLOY_DOCKER_REPOSITORY }}

Consistency with other repos avoids surprises when rotating credentials.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

.github/workflows/test.yml (1)

8-11: required: true makes the default unusable – remove one of them

actionlint still complains: when an input is marked as required: true, its default is ignored. Drop required (or the default) so callers can omit the input and fall back to “development”.

-        description: Which environment's containers should be used?
-        required: true
-        default: 'development'
-        type: string
+        description: Which environment's containers should be used? (e.g. development, staging, production)
+        default: 'development'          # keep default
+        type: string                    # remove `required`

🧹 Nitpick comments (1)

.github/workflows/test.yml (1)

19-21: Trailing whitespace violates YAML-lint

Line 21 ends with a stray space. It’s harmless at runtime but fails linting and clutters diffs—please trim it.

-    branches-ignore: [main]␠
+    branches-ignore: [main]

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 722c258 and 2b5b160.

📒 Files selected for processing (1)

• .github/workflows/test.yml (2 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: cpcundill
PR: digital-land/submit#760
File: .github/workflows/security-scan.yml:1-11
Timestamp: 2025-01-06T14:18:24.064Z
Learning: In .github/workflows/security-scan.yml, the Docker repository secret is named DEPLOY_DOCKER_REPOSITORY, and should be used as follows:
DOCKER_REPO: ${{ secrets.DEPLOY_DOCKER_REPOSITORY }}/submit:latest

📚 Learning: in .github/workflows/security-scan.yml, the docker repository secret is named deploy_docker_reposito...

Learnt from: cpcundill
PR: digital-land/submit#760
File: .github/workflows/security-scan.yml:1-11
Timestamp: 2025-01-06T14:18:24.064Z
Learning: In .github/workflows/security-scan.yml, the Docker repository secret is named DEPLOY_DOCKER_REPOSITORY, and should be used as follows:
DOCKER_REPO: ${{ secrets.DEPLOY_DOCKER_REPOSITORY }}/submit:latest

Applied to files:

• .github/workflows/test.yml

🪛 YAMLlint (1.37.1)

.github/workflows/test.yml

[error] 21-21: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: test

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

.github/workflows/test.yml (1)

8-10: Corrected environment input – previous actionlint error resolved

Changing the type to string and dropping required: true fixes the validation problem flagged earlier.

🧹 Nitpick comments (1)

.github/workflows/test.yml (1)

18-20: Remove trailing spaces after branches-ignore

YAMLlint flags trailing whitespace on Line 20. Cleaning it up avoids noisy CI warnings.

-    branches-ignore: [main]␠
+    branches-ignore: [main]

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2b5b160 and 0749615.

📒 Files selected for processing (1)

• .github/workflows/test.yml (2 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: cpcundill
PR: digital-land/submit#760
File: .github/workflows/security-scan.yml:1-11
Timestamp: 2025-01-06T14:18:24.064Z
Learning: In .github/workflows/security-scan.yml, the Docker repository secret is named DEPLOY_DOCKER_REPOSITORY, and should be used as follows:
DOCKER_REPO: ${{ secrets.DEPLOY_DOCKER_REPOSITORY }}/submit:latest

📚 Learning: in .github/workflows/security-scan.yml, the docker repository secret is named deploy_docker_reposito...

Learnt from: cpcundill
PR: digital-land/submit#760
File: .github/workflows/security-scan.yml:1-11
Timestamp: 2025-01-06T14:18:24.064Z
Learning: In .github/workflows/security-scan.yml, the Docker repository secret is named DEPLOY_DOCKER_REPOSITORY, and should be used as follows:
DOCKER_REPO: ${{ secrets.DEPLOY_DOCKER_REPOSITORY }}/submit:latest

Applied to files:

• .github/workflows/test.yml

🪛 YAMLlint (1.37.1)

.github/workflows/test.yml

[error] 20-20: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: test
• GitHub Check: test

🔇 Additional comments (1)

.github/workflows/test.yml (1)

2-2: Run-name enhancement looks good

Including branch/ref, actor and event makes runs easier to identify.
No further action required.

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (1)

.github/workflows/publish.yml (1)

15-18: Passing an empty string overrides the default in the reusable workflow

run-tests forwards

with:
  environment: '${{ inputs.environment }}'

For a push on main, inputs.environment is undefined, which resolves to an empty string ('').
GitHub treats this as “value supplied”, so the default 'development' in test.yml is bypassed and the called workflow receives an empty string.

If the intention is to get the default when no input is provided, inject the fallback explicitly:

-      environment: '${{ inputs.environment }}'
+      environment: '${{ inputs.environment || '' }}'

or rename the input (deploy_env etc.) and omit it entirely when unset.

🧹 Nitpick comments (5)

.github/workflows/publish.yml (2)

2-2: Remove the double-space after the colon in run-name

YAMLLint flags Line 2 (too many spaces after colon).
While harmless at runtime, it trips static-analysis and review tooling.

-run-name:  Publish - ${{ github.head_ref || github.ref_name }} to ${{ inputs.environment || 'All' }} by @${{ github.actor }} triggered via ${{ github.event_name }}
+run-name: Publish - ${{ github.head_ref || github.ref_name }} to ${{ inputs.environment || 'All' }} by @${{ github.actor }} triggered via ${{ github.event_name }}

---

36-44: No newline at end of file

YAMLLint reports the missing terminating newline (Line 44).
Add a blank line at the end to silence linters and keep POSIX-friendly.

.github/workflows/test.yml (3)

8-10: Minor wording tweak

A question mark in the description makes the sentence look like a prompt rather than documentation.

-        description: Which environment's containers should be used?
+        description: Which environment's containers should be used

---

18-20: Strip trailing whitespace

Line 20 has trailing spaces which fail stricter linters.

-    branches-ignore: [main]␠␠
+    branches-ignore: [main]

---

24-27: Hard-coding the job-level environment ties tests to one env only

The job is forced to environment: development, independent of the environment input that the caller passes. If you intend the tests to run in the requested environment, wire it through:

-    environment: development
+    environment: ${{ inputs.environment || 'development' }}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0749615 and 3c0eb39.

📒 Files selected for processing (4)

• .github/workflows/featureDeploy.yml (0 hunks)
• .github/workflows/publish.yml (2 hunks)
• .github/workflows/security-scan.yml (1 hunks)
• .github/workflows/test.yml (2 hunks)

💤 Files with no reviewable changes (1)

• .github/workflows/featureDeploy.yml

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/security-scan.yml

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: cpcundill
PR: digital-land/submit#760
File: .github/workflows/security-scan.yml:1-11
Timestamp: 2025-01-06T14:18:24.064Z
Learning: In .github/workflows/security-scan.yml, the Docker repository secret is named DEPLOY_DOCKER_REPOSITORY, and should be used as follows:
DOCKER_REPO: ${{ secrets.DEPLOY_DOCKER_REPOSITORY }}/submit:latest

📚 Learning: in .github/workflows/security-scan.yml, the docker repository secret is named deploy_docker_reposito...

Learnt from: cpcundill
PR: digital-land/submit#760
File: .github/workflows/security-scan.yml:1-11
Timestamp: 2025-01-06T14:18:24.064Z
Learning: In .github/workflows/security-scan.yml, the Docker repository secret is named DEPLOY_DOCKER_REPOSITORY, and should be used as follows:
DOCKER_REPO: ${{ secrets.DEPLOY_DOCKER_REPOSITORY }}/submit:latest

Applied to files:

• .github/workflows/publish.yml
• .github/workflows/test.yml

🪛 YAMLlint (1.37.1)

.github/workflows/publish.yml

[warning] 2-2: too many spaces after colon

(colons)

---

[error] 44-44: no new line character at the end of file

(new-line-at-end-of-file)

.github/workflows/test.yml

[error] 20-20: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: test

🔇 Additional comments (1)

.github/workflows/publish.yml (1)

20-35: Consider rate-limit & pagination when listing environments

detect-environments makes a single GET /environments call.
Repos with >100 environments are paginated; only the first page (100) is returned.
If that scenario is even remotely possible, add simple pagination handling to avoid silent omissions.

[coderabbitai]

Actionable comments posted: 1

🔭 Outside diff range comments (1)

.github/workflows/publish.yml (1)

9-12: type: environment is invalid for workflow_dispatch inputs

The same schema rule flagged earlier still applies here: only string, number or boolean are allowed. Using an unsupported type breaks workflow syntax and blocks manual dispatch.

-      environment:
-        type: environment
-        description: The environment to deploy to.
+      environment:
+        type: string
+        description: The environment to deploy to (e.g. development, staging, production)
+        default: ''

🧹 Nitpick comments (1)

.github/workflows/publish.yml (1)

44-44: Missing newline at EOF

A trailing newline keeps POSIX tools happy and silences YAML linters.

-    secrets: inherit
+\n

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3c0eb39 and f7746e1.

📒 Files selected for processing (2)

• .github/workflows/publish.yml (2 hunks)
• .github/workflows/test.yml (2 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: cpcundill
PR: digital-land/submit#760
File: .github/workflows/security-scan.yml:1-11
Timestamp: 2025-01-06T14:18:24.064Z
Learning: In .github/workflows/security-scan.yml, the Docker repository secret is named DEPLOY_DOCKER_REPOSITORY, and should be used as follows:
DOCKER_REPO: ${{ secrets.DEPLOY_DOCKER_REPOSITORY }}/submit:latest

📚 Learning: in .github/workflows/security-scan.yml, the docker repository secret is named deploy_docker_reposito...

Learnt from: cpcundill
PR: digital-land/submit#760
File: .github/workflows/security-scan.yml:1-11
Timestamp: 2025-01-06T14:18:24.064Z
Learning: In .github/workflows/security-scan.yml, the Docker repository secret is named DEPLOY_DOCKER_REPOSITORY, and should be used as follows:
DOCKER_REPO: ${{ secrets.DEPLOY_DOCKER_REPOSITORY }}/submit:latest

Applied to files:

• .github/workflows/publish.yml
• .github/workflows/test.yml

🪛 YAMLlint (1.37.1)

.github/workflows/publish.yml

[error] 44-44: no new line character at the end of file

(new-line-at-end-of-file)

🪛 actionlint (1.7.7)

.github/workflows/test.yml

24-24: undefined variable "development". available variables are "env", "github", "inputs", "job", "matrix", "needs", "runner", "secrets", "steps", "strategy", "vars"

(expression)