From 0dfa78921d4ead6040873e0c5909889c15bfa6c7 Mon Sep 17 00:00:00 2001 From: James Date: Fri, 15 May 2026 15:56:45 +0100 Subject: [PATCH 1/9] mesh-2815: automate dependabot --- .github/dependabot.yml | 27 ++++++++++++++ .github/workflows/dependabot-auto-merge.yaml | 37 ++++++++++++++++++++ .github/workflows/pull-request.yml | 32 +++++++++++++++++ 3 files changed, 96 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/dependabot-auto-merge.yaml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..1c7a22f --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,27 @@ +version: 2 +updates: + - package-ecosystem: "pub" + directory: "/" + commit-message: + prefix: "MESH-2092 " + schedule: + interval: "daily" + cooldown: + default-days: 7 + groups: + dependencies: + patterns: + - "*" + + - package-ecosystem: "github-actions" + directory: "/" + commit-message: + prefix: "MESH-2092 " + schedule: + interval: "daily" + cooldown: + default-days: 7 + groups: + dependencies: + patterns: + - "*" diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml new file mode 100644 index 0000000..765540c --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yaml @@ -0,0 +1,37 @@ +name: Auto-merge Dependabot PRs + +on: + pull_request: + types: + - opened + - reopened + - synchronize + - ready_for_review + - labeled + +jobs: + enable-automerge: + # Only run on Dependabot PRs + if: github.actor == 'dependabot[bot]' + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + + steps: + - name: Fetch Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Auto-approve Dependabot PR + uses: hmarr/auto-approve-action@8f929096a962e83ccdfa8afcf855f39f12d4dac7 # v4 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Enable auto-merge for Dependabot PRs + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index c0ea328..43dcede 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -31,3 +31,35 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + slack-notification: + runs-on: ubuntu-latest + needs: + - check + if: ${{ always() &&github.actor== 'dependabot[bot]' && contains(needs.*.result, 'failure') }} + steps: + - name: Slack Notification + uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c + with: + webhook: ${{ secrets.DEPENDABOT_SLACK_WEBHOOK_URL }} + webhook-type: incoming-webhook + payload: | + { + "blocks": [ + { + "type": "header", + "text": { + "type": "plain_text", + "text": ":alarm: DEPENDABOT PR FAILED :alarm:", + "emoji": true + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Checks failed for ${{ github.repository }}:${{ github.ref }} in " + } + } + ] + } \ No newline at end of file From 98c752823681ab7c93ce4fbb175c4267fd38329e Mon Sep 17 00:00:00 2001 From: James Date: Fri, 15 May 2026 16:09:06 +0100 Subject: [PATCH 2/9] mesh-2815: secrets --- .gitallowed | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitallowed b/.gitallowed index 31996d2..4672ad7 100644 --- a/.gitallowed +++ b/.gitallowed @@ -11,4 +11,6 @@ String token = _validateToken token = token -token = find.byKey\(const Key\('token'\)\) \ No newline at end of file +token = find.byKey\(const Key\('token'\)\) + +\.github/workflows/dependabot-auto-merge\.yaml:[0-9]+:[[:space:]]+github-token:[[:space:]]+\$\{\{ secrets\.GITHUB_TOKEN \}\} From f4ff40a47363a80a5f0c6791a78c30e3e63fa9f5 Mon Sep 17 00:00:00 2001 From: James Date: Tue, 19 May 2026 13:08:35 +0100 Subject: [PATCH 3/9] mesh-2815: fix flutter analayze --- test/widget_test.dart | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/test/widget_test.dart b/test/widget_test.dart index aa5e78b..291a0d4 100644 --- a/test/widget_test.dart +++ b/test/widget_test.dart @@ -14,8 +14,14 @@ void main() { testWidgets('generate header', (WidgetTester tester) async { // Build our app and trigger a frame. const size = Size(2048, 1024); - await tester.binding.setSurfaceSize(size); - tester.binding.window.physicalSizeTestValue = size; + tester.view.physicalSize = size; + tester.view.devicePixelRatio = 1.0; + + addTearDown(() { + tester.view.resetPhysicalSize(); + tester.view.resetDevicePixelRatio(); + }); + await tester.pumpWidget(const MyApp()); final generateTab = find.text('generate header'); @@ -70,8 +76,14 @@ void main() { testWidgets('validate header', (WidgetTester tester) async { // Build our app and trigger a frame. const size = Size(2048, 1024); - await tester.binding.setSurfaceSize(size); - tester.binding.window.physicalSizeTestValue = size; + tester.view.physicalSize = size; + tester.view.devicePixelRatio = 1.0; + + addTearDown(() { + tester.view.resetPhysicalSize(); + tester.view.resetDevicePixelRatio(); + }); + await tester.pumpWidget(const MyApp()); final generateTab = find.text('validate header'); From 494b732cb69942a6d11796620e0bd5e9eada9cfc Mon Sep 17 00:00:00 2001 From: Alex Hawdon Date: Mon, 1 Jun 2026 12:09:12 +0100 Subject: [PATCH 4/9] MESH-2563: Update auto-merge workflow to use App-provided token Also: - Pinned all actions to SHAs and included full version comment - Migrated to use correct Sonar Github action --- .github/workflows/dependabot-auto-merge.yaml | 11 ++++++++-- .github/workflows/pull-request.yml | 12 +++++------ .github/workflows/release.yml | 20 +++++++++---------- .../scheduled-combine-dependabot-prs.yaml | 2 +- 4 files changed, 26 insertions(+), 19 deletions(-) diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml index 765540c..94af245 100644 --- a/.github/workflows/dependabot-auto-merge.yaml +++ b/.github/workflows/dependabot-auto-merge.yaml @@ -19,9 +19,16 @@ jobs: pull-requests: write steps: + - name: Generate token from GitHub App + id: generate-token + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 + with: + client-id: ${{ secrets.SHARED_MERGE_AND_WRITEBACK_APP_ID }} + private-key: ${{ secrets.SHARED_MERGE_AND_WRITEBACK_APP_PRIVATE_KEY }} + - name: Fetch Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -34,4 +41,4 @@ jobs: run: gh pr merge --auto --squash "$PR_URL" env: PR_URL: ${{ github.event.pull_request.html_url }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} \ No newline at end of file diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 43dcede..770f40b 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -10,11 +10,11 @@ jobs: runs-on: ubuntu-latest if: github.repository == 'NHSDigital/mesh_validate_auth_header' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - - uses: subosito/flutter-action@v2 + - uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2.23.0 with: channel: 'stable' @@ -26,10 +26,10 @@ jobs: - run: flutter analyze - run: flutter test -r expanded - - name: SonarCloud Scan - uses: SonarSource/sonarcloud-github-action@master + - name: SonarQube Scan + uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # v8.1.0 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} slack-notification: @@ -39,7 +39,7 @@ jobs: if: ${{ always() &&github.actor== 'dependabot[bot]' && contains(needs.*.result, 'failure') }} steps: - name: Slack Notification - uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c + uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 with: webhook: ${{ secrets.DEPENDABOT_SLACK_WEBHOOK_URL }} webhook-type: incoming-webhook diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5a26740..3cb33a9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,9 +12,9 @@ jobs: RELEASE_VERSION: ${{ steps.release_version.outputs.RELEASE_VERSION }} RELEASE_URL: ${{ steps.upload_url.outputs.RELEASE_URL }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - run: echo RELEASE_VERSION="$(grep 'version:' pubspec.yaml | sed -En 's/^version:\s(.*)\+.*$/\1/p')+${{github.run_number}}" >> $GITHUB_ENV - - uses: actions/create-release@v1 + - uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v.1.1.4 id: create_release continue-on-error: false env: @@ -32,10 +32,10 @@ jobs: if: github.repository == 'NHSDigital/mesh_validate_auth_header' needs: create_release steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - - uses: subosito/flutter-action@v2 + - uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2.23.0 with: channel: 'stable' @@ -51,7 +51,7 @@ jobs: zip -r "${{ env.ZIP_NAME }}" . - name: upload bundle - uses: actions/upload-release-asset@v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -60,7 +60,7 @@ jobs: asset_path: build/linux/x64/release/bundle/${{ env.ZIP_NAME }} asset_content_type: application/zip - - uses: fregante/setup-git-user@v1 + - uses: fregante/setup-git-user@024bc0b8e177d7e77203b48dab6fb45666854b35 # v2.0.2 - run: git checkout github-pages - run: git merge develop - run: rm -rf ./docs @@ -76,9 +76,9 @@ jobs: if: github.repository == 'NHSDigital/mesh_validate_auth_header' needs: create_release steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: subosito/flutter-action@v2 + - uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2.23.0 with: channel: 'stable' @@ -87,14 +87,14 @@ jobs: - run: echo ZIP_NAME="mesh-validate-auth-windows-${{needs.create_release.outputs.RELEASE_VERSION}}.zip" >> $GITHUB_ENV shell: bash - - uses: thedoctor0/zip-release@main + - uses: thedoctor0/zip-release@b57d897cb5d60cb78b51a507f63fa184cfe35554 # 0.7.6 with: directory: 'build/windows/runner/Release' type: 'zip' filename: ${{ env.ZIP_NAME }} - name: upload bundle - uses: actions/upload-release-asset@v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/scheduled-combine-dependabot-prs.yaml b/.github/workflows/scheduled-combine-dependabot-prs.yaml index faf91d9..651c2c1 100644 --- a/.github/workflows/scheduled-combine-dependabot-prs.yaml +++ b/.github/workflows/scheduled-combine-dependabot-prs.yaml @@ -25,7 +25,7 @@ jobs: steps: - name: combine-prs id: combine-prs - uses: github/combine-prs@v5.0.0 + uses: github/combine-prs@2909f404763c3177a456e052bdb7f2e85d3a7cb3 # v5.2.0 with: ci_required: ${{ inputs.ci_required == 'YES' }} labels: dependencies From a8fc8fc1dd75e583443a317fb99f3c039c049333 Mon Sep 17 00:00:00 2001 From: Alex Hawdon Date: Mon, 1 Jun 2026 13:52:49 +0100 Subject: [PATCH 5/9] Add SonarQube scan step with specified scanner version in workflows --- .github/workflows/pull-request.yml | 2 ++ .github/workflows/release.yml | 26 ++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 770f40b..de53fea 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -28,6 +28,8 @@ jobs: - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # v8.1.0 + with: + scannerVersion: 7.0.2.4839 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3cb33a9..c1e68f2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -58,6 +58,32 @@ jobs: upload_url: ${{needs.create_release.outputs.RELEASE_URL}} asset_name: ${{ env.ZIP_NAME }} asset_path: build/linux/x64/release/bundle/${{ env.ZIP_NAME }} + + sonar-scan: + runs-on: ubuntu-latest + if: github.repository == 'NHSDigital/mesh_validate_auth_header' + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: 0 + + - uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2.23.0 + with: + channel: 'stable' + + - run: | + sudo apt-get update -y + sudo apt-get install -y ninja-build libgtk-3-dev + + - run: flutter test -r expanded + + - name: SonarQube Scan + uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # v8.1.0 + with: + scannerVersion: 7.0.2.4839 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} asset_content_type: application/zip - uses: fregante/setup-git-user@024bc0b8e177d7e77203b48dab6fb45666854b35 # v2.0.2 From a5f87b7ae0d7200a0fa85189d84ae68a93ab3bb7 Mon Sep 17 00:00:00 2001 From: Alex Hawdon Date: Mon, 1 Jun 2026 17:43:42 +0100 Subject: [PATCH 6/9] Fix some automated changes to the sonar scanning --- .github/workflows/pull-request.yml | 2 -- .github/workflows/release.yml | 24 ++++++++++-------------- 2 files changed, 10 insertions(+), 16 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index de53fea..770f40b 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -28,8 +28,6 @@ jobs: - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # v8.1.0 - with: - scannerVersion: 7.0.2.4839 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c1e68f2..d71debe 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -58,6 +58,16 @@ jobs: upload_url: ${{needs.create_release.outputs.RELEASE_URL}} asset_name: ${{ env.ZIP_NAME }} asset_path: build/linux/x64/release/bundle/${{ env.ZIP_NAME }} + asset_content_type: application/zip + - uses: fregante/setup-git-user@024bc0b8e177d7e77203b48dab6fb45666854b35 # v2.0.2 + - run: git checkout github-pages + - run: git merge develop + - run: rm -rf ./docs + - run: flutter build web --release --base-href /${{ github.event.repository.name }}/ + - run: cp -R build/web ./docs + - run: git add ./docs + - run: git commit -m "publish-web" + - run: git push sonar-scan: runs-on: ubuntu-latest @@ -79,23 +89,9 @@ jobs: - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # v8.1.0 - with: - scannerVersion: 7.0.2.4839 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - asset_content_type: application/zip - - - uses: fregante/setup-git-user@024bc0b8e177d7e77203b48dab6fb45666854b35 # v2.0.2 - - run: git checkout github-pages - - run: git merge develop - - run: rm -rf ./docs - - run: flutter build web --release --base-href /${{ github.event.repository.name }}/ - - run: cp -R build/web ./docs - - run: git add ./docs - - run: git commit -m "publish-web" - - run: git push - windows-build: runs-on: windows-latest From d54a4bfee172fa9eb89bbee374c4134d5829dcee Mon Sep 17 00:00:00 2001 From: Alex Hawdon Date: Mon, 1 Jun 2026 17:47:49 +0100 Subject: [PATCH 7/9] Update Flutter test command to include coverage and clean up coverage reports --- .github/workflows/pull-request.yml | 2 +- .github/workflows/release.yml | 2 +- .gitignore | 3 + coverage/lcov.info | 220 ----------------------------- pubspec.lock | 166 ++++++++++++++-------- sonar-project.properties | 3 + 6 files changed, 119 insertions(+), 277 deletions(-) delete mode 100644 coverage/lcov.info diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 770f40b..921006f 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -24,7 +24,7 @@ jobs: - run: make check-secrets - run: flutter analyze - - run: flutter test -r expanded + - run: flutter test --coverage -r expanded - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # v8.1.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d71debe..1648ec8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -85,7 +85,7 @@ jobs: sudo apt-get update -y sudo apt-get install -y ninja-build libgtk-3-dev - - run: flutter test -r expanded + - run: flutter test --coverage -r expanded - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # v8.1.0 diff --git a/.gitignore b/.gitignore index 24476c5..8f86e22 100644 --- a/.gitignore +++ b/.gitignore @@ -38,6 +38,9 @@ app.*.symbols # Obfuscation related app.*.map.json +# Coverage reports +coverage/ + # Android Studio will place build artifacts here /android/app/debug /android/app/profile diff --git a/coverage/lcov.info b/coverage/lcov.info deleted file mode 100644 index abe02df..0000000 --- a/coverage/lcov.info +++ /dev/null @@ -1,220 +0,0 @@ -SF:lib/main.dart -DA:6,3 -DA:7,3 -DA:10,1 -DA:11,2 -DA:14,1 -DA:15,2 -DA:18,0 -DA:20,0 -DA:21,0 -DA:25,2 -DA:28,1 -DA:30,1 -DA:32,1 -DA:50,1 -DA:63,1 -DA:64,1 -DA:87,0 -DA:88,0 -DA:89,0 -DA:93,1 -DA:94,2 -DA:95,2 -DA:99,1 -DA:100,2 -DA:101,1 -DA:105,1 -DA:106,3 -DA:107,2 -DA:108,2 -DA:109,2 -DA:110,2 -DA:111,2 -DA:112,1 -DA:114,3 -DA:115,3 -DA:116,1 -DA:117,2 -DA:118,3 -DA:123,1 -DA:124,3 -DA:126,2 -DA:127,1 -DA:128,1 -DA:130,3 -DA:131,1 -DA:132,0 -DA:133,0 -DA:137,1 -DA:138,1 -DA:139,2 -DA:140,0 -DA:141,0 -DA:146,2 -DA:147,0 -DA:148,0 -DA:153,1 -DA:154,1 -DA:155,1 -DA:156,2 -DA:157,1 -DA:158,1 -DA:160,1 -DA:162,1 -DA:163,0 -DA:166,1 -DA:167,1 -DA:168,0 -DA:170,3 -DA:171,0 -DA:174,1 -DA:175,0 -DA:178,1 -DA:179,0 -DA:182,1 -DA:183,0 -DA:186,1 -DA:187,0 -DA:190,1 -DA:191,0 -DA:194,1 -DA:195,0 -DA:199,1 -DA:200,0 -DA:201,0 -DA:202,0 -DA:208,1 -DA:210,3 -DA:211,3 -DA:212,1 -DA:213,2 -DA:214,2 -DA:215,1 -DA:216,1 -DA:220,0 -DA:221,0 -DA:229,1 -DA:231,1 -DA:233,1 -DA:234,1 -DA:235,3 -DA:243,1 -DA:244,1 -DA:245,1 -DA:246,1 -DA:248,1 -DA:249,1 -DA:250,1 -DA:258,1 -DA:261,1 -DA:262,1 -DA:263,1 -DA:264,1 -DA:269,1 -DA:270,1 -DA:271,1 -DA:273,1 -DA:279,1 -DA:280,1 -DA:281,1 -DA:284,1 -DA:285,1 -DA:292,1 -DA:293,1 -DA:294,1 -DA:296,1 -DA:305,1 -DA:306,1 -DA:307,1 -DA:314,1 -DA:315,1 -DA:316,1 -DA:318,1 -DA:327,1 -DA:328,1 -DA:329,1 -DA:336,1 -DA:337,1 -DA:338,1 -DA:340,1 -DA:346,1 -DA:347,1 -DA:348,1 -DA:355,1 -DA:356,1 -DA:357,1 -DA:359,1 -DA:365,1 -DA:366,1 -DA:367,1 -DA:370,1 -DA:377,1 -DA:378,1 -DA:379,1 -DA:381,1 -DA:387,1 -DA:388,1 -DA:389,1 -DA:392,1 -DA:399,1 -DA:400,1 -DA:401,1 -DA:403,1 -DA:407,1 -DA:408,1 -DA:409,1 -DA:411,1 -DA:427,1 -DA:428,1 -DA:430,1 -DA:431,1 -DA:432,1 -DA:440,1 -DA:443,1 -DA:444,1 -DA:445,1 -DA:446,1 -DA:451,1 -DA:452,1 -DA:453,1 -DA:455,1 -DA:461,1 -DA:462,1 -DA:463,1 -DA:466,1 -DA:467,1 -DA:474,1 -DA:475,1 -DA:476,1 -DA:478,1 -DA:487,1 -DA:488,1 -DA:489,1 -DA:496,1 -DA:497,1 -DA:498,1 -DA:500,1 -DA:509,1 -DA:510,1 -DA:511,1 -DA:518,1 -DA:519,1 -DA:520,1 -DA:522,1 -DA:528,1 -DA:529,1 -DA:530,1 -DA:537,1 -DA:538,1 -DA:539,1 -DA:541,1 -DA:545,1 -DA:546,1 -DA:547,1 -DA:548,1 -DA:549,1 -DA:550,1 -LF:216 -LH:190 -end_of_record diff --git a/pubspec.lock b/pubspec.lock index c203ec0..d2a111f 100644 --- a/pubspec.lock +++ b/pubspec.lock @@ -5,58 +5,66 @@ packages: dependency: transitive description: name: async - url: "https://pub.dartlang.org" + sha256: "758e6d74e971c3e5aceb4110bfd6698efc7f501675bcfe0c775459a8140750eb" + url: "https://pub.dev" source: hosted - version: "2.9.0" + version: "2.13.0" boolean_selector: dependency: transitive description: name: boolean_selector - url: "https://pub.dartlang.org" + sha256: "8aab1771e1243a5063b8b0ff68042d67334e3feab9e95b9490f9a6ebf73b42ea" + url: "https://pub.dev" source: hosted - version: "2.1.0" + version: "2.1.2" characters: dependency: transitive description: name: characters - url: "https://pub.dartlang.org" + sha256: f71061c654a3380576a52b451dd5532377954cf9dbd272a78fc8479606670803 + url: "https://pub.dev" source: hosted - version: "1.2.1" + version: "1.4.0" clock: dependency: transitive description: name: clock - url: "https://pub.dartlang.org" + sha256: fddb70d9b5277016c77a80201021d40a2247104d9f4aa7bab7157b7e3f05b84b + url: "https://pub.dev" source: hosted - version: "1.1.1" + version: "1.1.2" collection: dependency: transitive description: name: collection - url: "https://pub.dartlang.org" + sha256: "2f5709ae4d3d59dd8f7cd309b4e023046b57d8a6c82130785d2b0e5868084e76" + url: "https://pub.dev" source: hosted - version: "1.16.0" + version: "1.19.1" crypto: dependency: "direct main" description: name: crypto - url: "https://pub.dartlang.org" + sha256: aa274aa7774f8964e4f4f38cc994db7b6158dd36e9187aaceaddc994b35c6c67 + url: "https://pub.dev" source: hosted version: "3.0.2" cupertino_icons: dependency: "direct main" description: name: cupertino_icons - url: "https://pub.dartlang.org" + sha256: e35129dc44c9118cee2a5603506d823bab99c68393879edb440e0090d07586be + url: "https://pub.dev" source: hosted version: "1.0.5" fake_async: dependency: transitive description: name: fake_async - url: "https://pub.dartlang.org" + sha256: "5368f224a74523e8d2e7399ea1638b37aecfca824a3cc4dfdf77bf1fa905ac44" + url: "https://pub.dev" source: hosted - version: "1.3.1" + version: "1.3.3" flutter: dependency: "direct main" description: flutter @@ -66,7 +74,8 @@ packages: dependency: "direct dev" description: name: flutter_lints - url: "https://pub.dartlang.org" + sha256: aeb0b80a8b3709709c9cc496cdc027c5b3216796bc0af0ce1007eaf24464fd4c + url: "https://pub.dev" source: hosted version: "2.0.1" flutter_test: @@ -79,172 +88,219 @@ packages: description: flutter source: sdk version: "0.0.0" - js: + leak_tracker: + dependency: transitive + description: + name: leak_tracker + sha256: "6bb818ecbdffe216e81182c2f0714a2e62b593f4a4f13098713ff1685dfb6ab0" + url: "https://pub.dev" + source: hosted + version: "10.0.9" + leak_tracker_flutter_testing: + dependency: transitive + description: + name: leak_tracker_flutter_testing + sha256: f8b613e7e6a13ec79cfdc0e97638fddb3ab848452eff057653abd3edba760573 + url: "https://pub.dev" + source: hosted + version: "3.0.9" + leak_tracker_testing: dependency: transitive description: - name: js - url: "https://pub.dartlang.org" + name: leak_tracker_testing + sha256: "6ba465d5d76e67ddf503e1161d1f4a6bc42306f9d66ca1e8f079a47290fb06d3" + url: "https://pub.dev" source: hosted - version: "0.6.4" + version: "3.0.1" lints: dependency: transitive description: name: lints - url: "https://pub.dartlang.org" + sha256: "5e4a9cd06d447758280a8ac2405101e0e2094d2a1dbdd3756aec3fe7775ba593" + url: "https://pub.dev" source: hosted version: "2.0.1" matcher: dependency: transitive description: name: matcher - url: "https://pub.dartlang.org" + sha256: dc58c723c3c24bf8d3e2d3ad3f2f9d7bd9cf43ec6feaa64181775e60190153f2 + url: "https://pub.dev" source: hosted - version: "0.12.12" + version: "0.12.17" material_color_utilities: dependency: transitive description: name: material_color_utilities - url: "https://pub.dartlang.org" + sha256: f7142bb1154231d7ea5f96bc7bde4bda2a0945d2806bb11670e30b850d56bdec + url: "https://pub.dev" source: hosted - version: "0.1.5" + version: "0.11.1" meta: dependency: transitive description: name: meta - url: "https://pub.dartlang.org" + sha256: e3641ec5d63ebf0d9b41bd43201a66e3fc79a65db5f61fc181f04cd27aab950c + url: "https://pub.dev" source: hosted - version: "1.8.0" + version: "1.16.0" path: dependency: transitive description: name: path - url: "https://pub.dartlang.org" + sha256: "75cca69d1490965be98c73ceaea117e8a04dd21217b37b292c9ddbec0d955bc5" + url: "https://pub.dev" source: hosted - version: "1.8.2" + version: "1.9.1" plugin_platform_interface: dependency: transitive description: name: plugin_platform_interface - url: "https://pub.dartlang.org" + sha256: dbf0f707c78beedc9200146ad3cb0ab4d5da13c246336987be6940f026500d3a + url: "https://pub.dev" source: hosted version: "2.1.3" sky_engine: dependency: transitive description: flutter source: sdk - version: "0.0.99" + version: "0.0.0" source_span: dependency: transitive description: name: source_span - url: "https://pub.dartlang.org" + sha256: "254ee5351d6cb365c859e20ee823c3bb479bf4a293c22d17a9f1bf144ce86f7c" + url: "https://pub.dev" source: hosted - version: "1.9.0" + version: "1.10.1" stack_trace: dependency: transitive description: name: stack_trace - url: "https://pub.dartlang.org" + sha256: "8b27215b45d22309b5cddda1aa2b19bdfec9df0e765f2de506401c071d38d1b1" + url: "https://pub.dev" source: hosted - version: "1.10.0" + version: "1.12.1" stream_channel: dependency: transitive description: name: stream_channel - url: "https://pub.dartlang.org" + sha256: "969e04c80b8bcdf826f8f16579c7b14d780458bd97f56d107d3950fdbeef059d" + url: "https://pub.dev" source: hosted - version: "2.1.0" + version: "2.1.4" string_scanner: dependency: transitive description: name: string_scanner - url: "https://pub.dartlang.org" + sha256: "921cd31725b72fe181906c6a94d987c78e3b98c2e205b397ea399d4054872b43" + url: "https://pub.dev" source: hosted - version: "1.1.1" + version: "1.4.1" term_glyph: dependency: transitive description: name: term_glyph - url: "https://pub.dartlang.org" + sha256: "7f554798625ea768a7518313e58f83891c7f5024f88e46e7182a4558850a4b8e" + url: "https://pub.dev" source: hosted - version: "1.2.1" + version: "1.2.2" test_api: dependency: transitive description: name: test_api - url: "https://pub.dartlang.org" + sha256: fb31f383e2ee25fbbfe06b40fe21e1e458d14080e3c67e7ba0acfde4df4e0bbd + url: "https://pub.dev" source: hosted - version: "0.4.12" + version: "0.7.4" typed_data: dependency: transitive description: name: typed_data - url: "https://pub.dartlang.org" + sha256: "26f87ade979c47a150c9eaab93ccd2bebe70a27dc0b4b29517f2904f04eb11a5" + url: "https://pub.dev" source: hosted version: "1.3.1" url_launcher: dependency: "direct main" description: name: url_launcher - url: "https://pub.dartlang.org" + sha256: "568176fc8ab5ac1d88ff0db8ff28659d103851670dda55e83b485664c2309299" + url: "https://pub.dev" source: hosted version: "6.1.6" url_launcher_android: dependency: transitive description: name: url_launcher_android - url: "https://pub.dartlang.org" + sha256: "9e262cbec69233717d5198f4d0b0c4961fa027e3685ba425442c43c64f38bb9b" + url: "https://pub.dev" source: hosted version: "6.0.19" url_launcher_ios: dependency: transitive description: name: url_launcher_ios - url: "https://pub.dartlang.org" + sha256: "6ba7dddee26c9fae27c9203c424631109d73c8fa26cfa7bc3e35e751cb87f62e" + url: "https://pub.dev" source: hosted version: "6.0.17" url_launcher_linux: dependency: transitive description: name: url_launcher_linux - url: "https://pub.dartlang.org" + sha256: "360fa359ab06bcb4f7c5cd3123a2a9a4d3364d4575d27c4b33468bd4497dd094" + url: "https://pub.dev" source: hosted version: "3.0.1" url_launcher_macos: dependency: transitive description: name: url_launcher_macos - url: "https://pub.dartlang.org" + sha256: a9b3ea9043eabfaadfa3fb89de67a11210d85569086d22b3854484beab8b3978 + url: "https://pub.dev" source: hosted version: "3.0.1" url_launcher_platform_interface: dependency: transitive description: name: url_launcher_platform_interface - url: "https://pub.dartlang.org" + sha256: "4eae912628763eb48fc214522e58e942fd16ce195407dbf45638239523c759a6" + url: "https://pub.dev" source: hosted version: "2.1.1" url_launcher_web: dependency: transitive description: name: url_launcher_web - url: "https://pub.dartlang.org" + sha256: "5669882643b96bb6d5786637cac727c6e918a790053b09245fd4513b8a07df2a" + url: "https://pub.dev" source: hosted version: "2.0.13" url_launcher_windows: dependency: transitive description: name: url_launcher_windows - url: "https://pub.dartlang.org" + sha256: e3c3b16d3104260c10eea3b0e34272aaa57921f83148b0619f74c2eced9b7ef1 + url: "https://pub.dev" source: hosted version: "3.0.1" vector_math: dependency: transitive description: name: vector_math - url: "https://pub.dartlang.org" + sha256: "80b3257d1492ce4d091729e3a67a60407d227c27241d6927be0130c98e741803" + url: "https://pub.dev" source: hosted - version: "2.1.2" + version: "2.1.4" + vm_service: + dependency: transitive + description: + name: vm_service + sha256: ddfa8d30d89985b96407efce8acbdd124701f96741f2d981ca860662f1c0dc02 + url: "https://pub.dev" + source: hosted + version: "15.0.0" sdks: - dart: ">=2.18.2 <3.0.0" - flutter: ">=2.10.0" + dart: ">=3.7.0-0 <4.0.0" + flutter: ">=3.18.0-18.0.pre.54" diff --git a/sonar-project.properties b/sonar-project.properties index 042fc6a..e62a8b1 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -2,6 +2,9 @@ sonar.projectVersion=2.0 sonar.projectKey=NHSDigital_mesh_validate_auth_header sonar.organization=nhsdigital sonar.host.url=https://sonarcloud.io +sonar.sources=lib +sonar.tests=test +sonar.dart.lcov.reportPaths=coverage/lcov.info sonar.c.file.suffixes=- sonar.cpp.file.suffixes=- sonar.objc.file.suffixes=- From 2c1c1a8cb1c41d62b2e47f8d7b3992e9c82d9b57 Mon Sep 17 00:00:00 2001 From: Alex Hawdon Date: Mon, 1 Jun 2026 17:51:37 +0100 Subject: [PATCH 8/9] Update sonar-project.properties to include test inclusions --- sonar-project.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonar-project.properties b/sonar-project.properties index e62a8b1..2fa360e 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,9 +1,9 @@ -sonar.projectVersion=2.0 sonar.projectKey=NHSDigital_mesh_validate_auth_header sonar.organization=nhsdigital sonar.host.url=https://sonarcloud.io sonar.sources=lib sonar.tests=test +sonar.test.inclusions=**/*_test.dart sonar.dart.lcov.reportPaths=coverage/lcov.info sonar.c.file.suffixes=- sonar.cpp.file.suffixes=- From 032a6f7217d1bf9e6df95141befc6c5bee36b933 Mon Sep 17 00:00:00 2001 From: Alex Hawdon Date: Mon, 1 Jun 2026 20:32:07 +0100 Subject: [PATCH 9/9] Implement code review suggestions --- .github/workflows/dependabot-auto-merge.yaml | 2 ++ .github/workflows/pull-request.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml index 94af245..106d4e3 100644 --- a/.github/workflows/dependabot-auto-merge.yaml +++ b/.github/workflows/dependabot-auto-merge.yaml @@ -33,11 +33,13 @@ jobs: github-token: ${{ secrets.GITHUB_TOKEN }} - name: Auto-approve Dependabot PR + if: steps.metadata.outcome == 'success' && contains(fromJSON('["version-update:semver-minor", "version-update:semver-patch"]'), steps.metadata.outputs.update-type) uses: hmarr/auto-approve-action@8f929096a962e83ccdfa8afcf855f39f12d4dac7 # v4 with: github-token: ${{ secrets.GITHUB_TOKEN }} - name: Enable auto-merge for Dependabot PRs + if: steps.metadata.outcome == 'success' && contains(fromJSON('["version-update:semver-minor", "version-update:semver-patch"]'), steps.metadata.outputs.update-type) run: gh pr merge --auto --squash "$PR_URL" env: PR_URL: ${{ github.event.pull_request.html_url }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 921006f..f474459 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -36,7 +36,7 @@ jobs: runs-on: ubuntu-latest needs: - check - if: ${{ always() &&github.actor== 'dependabot[bot]' && contains(needs.*.result, 'failure') }} + if: ${{ always() && github.actor == 'dependabot[bot]' && contains(needs.*.result, 'failure') }} steps: - name: Slack Notification uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1648ec8..9aaa44b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,7 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - run: echo RELEASE_VERSION="$(grep 'version:' pubspec.yaml | sed -En 's/^version:\s(.*)\+.*$/\1/p')+${{github.run_number}}" >> $GITHUB_ENV - - uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v.1.1.4 + - uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4 id: create_release continue-on-error: false env: