NHSDigital · anthony-nhs · Mar 18, 2026 · Mar 18, 2026 · Mar 18, 2026
diff --git a/.github/workflows/cdk_release_code.yml b/.github/workflows/cdk_release_code.yml
@@ -21,18 +21,6 @@ on:
       COMMIT_ID:
         required: true
         type: string
-      CREATE_INT_RELEASE_NOTES:
-        type: boolean
-        default: false
-      CREATE_INT_RC_RELEASE_NOTES:
-        type: boolean
-        default: false
-      CREATE_PROD_RELEASE_NOTES:
-        type: boolean
-        default: false
-      MARK_JIRA_RELEASED:
-        type: boolean
-        default: false
       pinned_image:
         type: string
         required: true
@@ -83,18 +71,6 @@ jobs:
           mkdir -p .build
           tar -xf artifact.tar
 
-      - name: create_int_rc_release_notes
-        uses: ./.github/actions/update_confluence_jira
-        if: ${{ inputs.CREATE_INT_RC_RELEASE_NOTES == true }}
-        with:
-          TARGET_ENVIRONMENT: int
-          RELEASE_TAG: ${{ inputs.VERSION_NUMBER }}
-          CONFLUENCE_PAGE_ID: "913232854"
-          CREATE_RC_RELEASE_NOTES: true
-          DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
-          TARGET_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
-          DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
-
       - name: Configure AWS Credentials
         id: connect-aws
         uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
@@ -116,35 +92,6 @@ jobs:
           CDK_CONFIG_isPullRequest: ${{ inputs.IS_PULL_REQUEST }}
           CDK_CONFIG_environment: ${{ inputs.TARGET_ENVIRONMENT }}
 
-      - name: create_int_release_notes
-        uses: ./.github/actions/update_confluence_jira
-        if: ${{ inputs.CREATE_INT_RELEASE_NOTES == true && always() && !failure() && !cancelled() }}
-        with:
-          TARGET_ENVIRONMENT: int
-          CONFLUENCE_PAGE_ID: "913232855"
-          CREATE_RC_RELEASE_NOTES: false
-          DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
-          TARGET_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
-          DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
-
-      - name: create_prod_release_notes
-        uses: ./.github/actions/update_confluence_jira
-        if: ${{ inputs.CREATE_PROD_RELEASE_NOTES == true && always() && !failure() && !cancelled() }}
-        with:
-          TARGET_ENVIRONMENT: prod
-          CONFLUENCE_PAGE_ID: "913232856"
-          CREATE_RC_RELEASE_NOTES: false
-          DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
-          TARGET_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
-          DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
-
-      - name: mark_released_in_jira
-        uses: ./.github/actions/mark_jira_released
-        if: ${{ inputs.MARK_JIRA_RELEASED == true && always() && !failure() && !cancelled() }}
-        with:
-          RELEASE_TAG: ${{ inputs.VERSION_NUMBER }}
-          DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
-
       - name: Checkout gh-pages
         if: ${{ !startsWith(inputs.STACK_NAME, 'lambda-resources-pr-') }}
         uses: actions/checkout@v6.0.2

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -32,7 +32,7 @@ jobs:
 
   tag_release:
     needs: [quality_checks, get_commit_id, get_config_values]
-    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@383f3f9eaf3cb553ebcd74897bfed4d5e387629e
+    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@update_jira
     with:
       dry_run: true
       pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
@@ -57,8 +57,6 @@ jobs:
       BUILD_ARTIFACT: packaged_code
       VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
       COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
-      CREATE_INT_RELEASE_NOTES: true
-      CREATE_PROD_RELEASE_NOTES: true
       IS_PULL_REQUEST: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}

diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -82,7 +82,7 @@ jobs:
   tag_release:
     if: github.event_name != 'merge_group'
     needs: [get_config_values]
-    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@383f3f9eaf3cb553ebcd74897bfed4d5e387629e
+    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@update_jira
     with:
       dry_run: true
       pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -31,12 +31,14 @@ jobs:
 
   tag_release:
     needs: [quality_checks, get_commit_id, get_config_values]
-    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@383f3f9eaf3cb553ebcd74897bfed4d5e387629e
+    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@update_jira
     with:
       dry_run: false
       pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
       branch_name: main
       tag_format: ${{ needs.get_config_values.outputs.tag_format }}
+      update_jira: true
+      jira_release_prefix: "aws-dashboards"
     secrets: inherit
 
   package_code:
@@ -56,8 +58,6 @@ jobs:
       BUILD_ARTIFACT: packaged_code
       VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
       COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
-      CREATE_INT_RELEASE_NOTES: true
-      CREATE_PROD_RELEASE_NOTES: true
       IS_PULL_REQUEST: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -110,8 +110,6 @@ jobs:
       BUILD_ARTIFACT: packaged_code
       VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
       COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
-      CREATE_INT_RELEASE_NOTES: true
-      CREATE_INT_RC_RELEASE_NOTES: true
       IS_PULL_REQUEST: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.INT_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -132,8 +130,6 @@ jobs:
       BUILD_ARTIFACT: packaged_code
       VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
       COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
-      MARK_JIRA_RELEASED: true
-      CREATE_PROD_RELEASE_NOTES: true
       IS_PULL_REQUEST: false
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_DEPLOY_ROLE }}

diff --git a/.gitignore b/.gitignore
@@ -33,3 +33,4 @@ amplify_outputs.json
 .asdf
 cdk.out/
 .npmrc
+.trivy_out/
diff --git a/.trivyignore.yaml b/.trivyignore.yaml
@@ -8,3 +8,10 @@ vulnerabilities:
   - id: CVE-2026-27904
     statement:  minimatch vulnerability accepted as risk - dependency of various packages
     expired_at: 2026-04-01
+  - id: CVE-2026-33036
+    statement: fast-xml-parser - dependency of @aws-sdk
+    expired_at: 2026-06-01
+  - id: CVE-2026-32141
+    statement: flatted vulnerability accepted
+    expired_at: 2026-06-01
+
-Original file line number
+Diff line change
@@ Expand Up / @@ -33,3 +33,4 @@ amplify_outputs.json @@
     .asdf
     cdk.out/
     .npmrc
+    .trivy_out/