Merge branch 'main' into combineDependabotWorkflow

.tool-versions

@@ -4,6 +4,7 @@ terraform 1.9.1
 pre-commit 3.6.0
 nodejs 18.18.2
 gitleaks 8.18.4
+vale 3.6.0
 tfsec 1.28.10
 
 # ==============================================================================
@@ -18,7 +19,7 @@ tfsec 1.28.10
 # docker/ghcr.io/nhs-england-tools/github-runner-image 20230909-321fd1e-rt@sha256:ce4fd6035dc450a50d3cbafb4986d60e77cb49a71ab60a053bb1b9518139a646 # SEE: https://github.com/nhs-england-tools/github-runner-image/pkgs/container/github-runner-image
 # docker/hadolint/hadolint 2.12.0-alpine@sha256:7dba9a9f1a0350f6d021fb2f6f88900998a4fb0aaf8e4330aa8c38544f04db42 # SEE: https://hub.docker.com/r/hadolint/hadolint/tags
 # docker/hashicorp/terraform 1.5.6@sha256:180a7efa983386a27b43657ed610e9deed9e6c3848d54f9ea9b6cb8a5c8c25f5 # SEE: https://hub.docker.com/r/hashicorp/terraform/tags
-# docker/jdkato/vale v2.29.7@sha256:5ccfac574231b006284513ac3e4e9f38833989d83f2a68db149932c09de85149 # SEE: https://hub.docker.com/r/jdkato/vale/tags
+# docker/jdkato/vale v3.6.0@sha256:0ef22c8d537f079633cfff69fc46f69a2196072f69cab1ab232e8a79a388e425 # SEE: https://hub.docker.com/r/jdkato/vale/tags
 # docker/koalaman/shellcheck latest@sha256:e40388688bae0fcffdddb7e4dea49b900c18933b452add0930654b2dea3e7d5c # SEE: https://hub.docker.com/r/koalaman/shellcheck/tags
 # docker/mstruebing/editorconfig-checker 2.7.1@sha256:dd3ca9ea50ef4518efe9be018d669ef9cf937f6bb5cfe2ef84ff2a620b5ddc24 # SEE: https://hub.docker.com/r/mstruebing/editorconfig-checker/tags
 # docker/sonarsource/sonar-scanner-cli 5.0.1@sha256:494ecc3b5b1ee1625bd377b3905c4284e4f0cc155cff397805a244dee1c7d575 # SEE: https://hub.docker.com/r/sonarsource/sonar-scanner-cli/tags

scripts/config/gitleaks.toml

@@ -22,3 +22,9 @@ paths = [
   '''yarn.lock''',
   '''Gemfile.lock''',
 ]
+
+# Exclude Chrome version in user agent
+regexTarget = "line"
+regexes = [
+  '''Chrome/[\d.]+'''
+]

scripts/config/pre-commit.yaml

@@ -15,6 +15,13 @@ repos:
       - id: pretty-format-json
         args: ['--autofix']
     # -   id: ...
+  - repo: local
+    hooks:
+      - id: sort-dictionary
+        name: Sort dictionary
+        entry: ./scripts/githooks/sort-dictionary.sh
+        language: script
+        pass_filenames: false
   - repo: local
     hooks:
       - id: scan-secrets

scripts/config/vale/styles/Vocab/words/accept.txt → scripts/config/vale/styles/config/vocabularies/words/accept.txt

@@ -1,27 +1,27 @@
+[A-Z]+s
 Bitwarden
+bot
+Cognito
 Cyber
 Dependabot
+draw.io
+drawio
+endcapture
+endfor
+endraw
+GitHub
 Gitleaks
 Grype
+idempotence
+Jira
 OAuth
 Octokit
+onboarding
 Podman
 Python
+rawContent
+sed
 Syft
 Terraform
-Trufflehog
-bot
-idempotence
-onboarding
-sed
 toolchain
-[A-Z]+s
-GitHub
-endraw
-draw.io
-endfor
-drawio
-rawContent
-endcapture
-Cognito
-Jira
+Trufflehog

scripts/githooks/sort-dictionary.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+set -euo pipefail
+
+# Pre-commit git hook to sort the Vale dictionary in a consistent manner to avoid future merge conflicts and aid insertion of new terms
+#
+# Usage:
+#   $ [options] ./sort-dictionary.sh
+#
+# Options:
+#
+#
+# Exit codes:
+#   0 - Successfully sorted the dictionary
+#   non-zero - failed to sort dictionary
+
+# ==============================================================================
+
+function main() {
+  root=scripts/config/vale/styles/config/vocabularies/words
+  opts="--dictionary-order --ignore-case -s"
+  sort $opts $root/accept.txt > $root/accept.sorted.txt
+  sort $opts $root/reject.txt > $root/reject.sorted.txt
+
+  mv $root/accept.sorted.txt $root/accept.txt
+  mv $root/reject.sorted.txt $root/reject.txt
+
+  git add -uv $root/*
+}
+
+# ==============================================================================
+
+function is-arg-true() {
+
+  if [[ "$1" =~ ^(true|yes|y|on|1|TRUE|YES|Y|ON)$ ]]; then
+    return 0
+  else
+    return 1
+  fi
+}
+
+# ==============================================================================
+
+is-arg-true "${VERBOSE:-false}" && set -x
+
+main "$@"
+
+exit 0