Merge pull request #4377 from nhsuk/next

Version 3.2.0

Author: thomasleese

.github/workflows/deploy-monitoring.yml

@@ -121,7 +121,7 @@ jobs:
     name: Terraform apply (Grafana)
     runs-on: ubuntu-latest
     needs: [plan-aws, apply-aws]
-    if: always() && needs.plan-aws-aws.result == 'success' && (needs.apply-aws.result == 'success' || needs.apply-aws.result == 'skipped')
+    if: always() && needs.plan-aws.result == 'success' && (needs.apply-aws.result == 'success' || needs.apply-aws.result == 'skipped')
     permissions:
       id-token: write
     defaults:

.github/workflows/lint.yml

@@ -21,7 +21,7 @@ jobs:
           cache: yarn
           node-version-file: .tool-versions
       - run: yarn install --immutable --immutable-cache --check-cache
-      - uses: jdx/mise-action@v2
+      - uses: jdx/mise-action@v3
         with:
           install_args: hk pkl tflint terraform
       - run: tflint --chdir=terraform --init

Gemfile

@@ -44,6 +44,7 @@ gem "good_job"
 gem "govuk-components"
 gem "govuk_design_system_formbuilder"
 gem "govuk_markdown"
+gem "indefinite_article"
 gem "jsonb_accessor"
 gem "jwt"
 gem "mechanize"

Gemfile.lock

@@ -113,25 +113,25 @@ GEM
     ast (2.4.3)
     attr_required (1.0.2)
     aws-eventstream (1.4.0)
-    aws-partitions (1.1147.0)
-    aws-sdk-accessanalyzer (1.76.0)
+    aws-partitions (1.1150.0)
+    aws-sdk-accessanalyzer (1.77.0)
       aws-sdk-core (~> 3, >= 3.228.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-core (3.229.0)
+    aws-sdk-core (3.230.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
       base64
       bigdecimal
       jmespath (~> 1, >= 1.6.1)
       logger
-    aws-sdk-ec2 (1.549.0)
+    aws-sdk-ec2 (1.550.0)
       aws-sdk-core (~> 3, >= 3.228.0)
       aws-sigv4 (~> 1.5)
     aws-sdk-ecr (1.108.0)
       aws-sdk-core (~> 3, >= 3.228.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-iam (1.127.0)
+    aws-sdk-iam (1.128.0)
       aws-sdk-core (~> 3, >= 3.228.0)
       aws-sigv4 (~> 1.5)
     aws-sdk-kms (1.110.0)
@@ -140,7 +140,7 @@ GEM
     aws-sdk-rds (1.287.0)
       aws-sdk-core (~> 3, >= 3.228.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.196.1)
+    aws-sdk-s3 (1.197.0)
       aws-sdk-core (~> 3, >= 3.228.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
@@ -172,11 +172,11 @@ GEM
     capybara-screenshot (1.0.26)
       capybara (>= 1.0, < 4)
       launchy
-    caxlsx (4.2.0)
+    caxlsx (4.3.0)
       htmlentities (~> 4.3, >= 4.3.4)
       marcel (~> 1.0)
       nokogiri (~> 1.10, >= 1.10.4)
-      rubyzip (>= 1.3.0, < 3)
+      rubyzip (>= 2.4, < 4)
     cgi (0.4.2)
     charlock_holmes (0.7.9)
     childprocess (5.0.0)
@@ -306,6 +306,8 @@ GEM
       domain_name (~> 0.5)
     i18n (1.14.7)
       concurrent-ruby (~> 1.0)
+    indefinite_article (0.2.5)
+      activesupport
     io-console (0.8.1)
     irb (1.15.2)
       pp (>= 0.6.0)
@@ -602,7 +604,7 @@ GEM
       rubyzip (>= 1.3.0)
     rubyntlm (0.6.5)
       base64
-    rubyzip (2.4.1)
+    rubyzip (3.0.2)
     rufo (0.18.1)
     sanitize (7.0.0)
       crass (~> 1.0.2)
@@ -790,6 +792,7 @@ DEPENDENCIES
   govuk_design_system_formbuilder
   govuk_markdown
   hotwire-livereload
+  indefinite_article
   its
   jsbundling-rails
   jsonb_accessor

adr/00014-aws-cloud-map-for-service-discovery.md

@@ -0,0 +1,77 @@
+# 14. Use AWS Cloud Map for Service Discovery
+
+Date: 2025-07-21
+
+## Status
+
+Accepted
+
+## Context
+
+The introduction of the reporting service transforms the Mavis application into one consisting of multiple ECS
+services that need to communicate with each other internally, for data access and processing. Therefore, we require a
+scalable and reliable service discovery mechanism to facilitate this architectural change.
+
+## Considered Options
+
+Several service discovery approaches were evaluated for ECS inter-service communication, prioritizing CodeDeploy
+compatibility for blue-green deployments and scalability for future services.
+
+### Option 1: Internal Application Load Balancer (ALB)
+
+Use an internal ALB for routing via path/host rules, with ECS-integrated target groups for dynamic registration.
+
+- **Pros**: Includes load balancing and health checks.
+- **Cons**: Incompatible with CodeDeploy's task set management (max one target group per ECS service);
+  adds SSL and rule overhead.
+
+Rejected due to deployment issues.
+
+### Option 2: AWS Service Connect
+
+Managed ECS discovery with DNS, load balancing, and metrics, built on Cloud Map.
+
+- **Pros**: Easy setup with failover and telemetry; implementing TLS/SSL is straightforward.
+- **Cons**: Requires ECS controller, conflicting with CodeDeploy's blue-green needs.
+
+Rejected for compatibility.
+
+### Option 3: AWS Cloud Map (Service Discovery)
+
+Register services in a private DNS namespace for resolution (e.g., `web.mavis.${environment}.aws-int`), using MULTIVALUE
+routing.
+
+- **Pros**: CodeDeploy-compatible; lightweight DNS-based; ECS-integrated registration.
+- **Cons**: No built-in load balancing; needs manual security rules; implementing TLS/SSL requires additional complexity
+
+Selected for meeting requirements.
+
+### Comparison
+
+With the requirement of blue-green deployments, AWS Cloud Map was the only viable option that offered a simple DNS-based
+service discovery mechanism that integrates well with ECS and CodeDeploy.
+
+## Decision
+
+We will use AWS Cloud Map (Service Discovery) to enable service-to-service communication. This involves creating a
+private DNS namespace within the VPC and registering ECS services (e.g., the web service) with Cloud Map. Services can
+then resolve each other using DNS names (e.g., `web.mavis.${environment}.aws-int`), allowing dynamic IP resolution for
+tasks.
+
+- A private DNS namespace (`mavis.${environment}.aws-int`) will be provisioned.
+- The web service will be registered with a MULTIVALUE routing policy to support multiple tasks.
+- Security group rules will explicitly allow ingress/egress between services
+  (e.g., reporting service to web service on port 4000).
+- This integrates seamlessly with Terraform for infrastructure management and does not conflict with CodeDeploy.
+
+## Consequences
+
+- Services will dynamically discover each other via DNS, improving scalability and reducing configuration drift.
+- Additional Terraform resources (e.g., `aws_service_discovery_private_dns_namespace` and
+  `aws_service_discovery_service`) will be maintained, increasing infrastructure complexity slightly but providing
+  better automation.
+- DNS caching (TTL set to 10 seconds initially) may introduce minor latency during task scaling or failures; this can be
+  tuned based on monitoring.
+- Alignment with AWS-native services ensures compatibility with future enhancements but requires monitoring DNS
+  resolution metrics to detect issues.
+- No changes to application code are needed beyond using the resolved DNS names for internal calls.

app/components/app_activity_log_component.rb

@@ -274,7 +274,7 @@ def vaccination_events
       discarded =
         if vaccination_record.discarded?
           {
-            title: "Vaccination record deleted",
+            title: "Vaccination record archived",
             at: vaccination_record.discarded_at,
             programmes: programmes_for(vaccination_record)
           }

app/components/app_patient_pds_discrepancy_table_component.html.erb

@@ -0,0 +1,53 @@
+<% return if discrepancies.blank? %>
+
+<div class="nhsuk-table__panel-with-heading-tab">
+  <h3 class="nhsuk-table__heading-tab">
+    <%= pluralize(discrepancies.count, "NHS number") %>
+    <%= discrepancies.count == 1 ? "was" : "were" %> updated
+  </h3>
+
+  <p>
+    <%= pluralize(discrepancies.count, "incorrect NHS number") %>
+    updated with <%= discrepancies.count == 1 ? "that" : "those" %> found on Spine.
+    Update your original data source if necessary.
+  </p>
+
+  <%= govuk_table(html_attributes: { class: "nhsuk-table-responsive" }) do |table| %>
+    <% table.with_head do |head| %>
+      <% head.with_row do |row| %>
+        <% row.with_cell(text: "Child record") %>
+        <% row.with_cell(text: "NHS number (upload)") %>
+        <% row.with_cell(text: "NHS number (Spine)") %>
+      <% end %>
+    <% end %>
+
+    <% table.with_body do |body| %>
+      <% discrepancies.each do |changeset| %>
+        <% patient = changeset.patient %>
+
+        <% body.with_row do |row| %>
+          <% row.with_cell do %>
+            <span class="nhsuk-table-responsive__heading">Child record</span>
+            <span>
+              <% if can_link_to?(patient) %>
+                <%= link_to patient.full_name, patient_path(patient) %>
+              <% else %>
+                <%= patient.full_name %>
+              <% end %>
+            </span>
+          <% end %>
+
+          <% row.with_cell do %>
+            <span class="nhsuk-table-responsive__heading">Uploaded NHS number</span>
+            <%= helpers.format_nhs_number(changeset.uploaded_nhs_number) %>
+          <% end %>
+
+          <% row.with_cell do %>
+            <span class="nhsuk-table-responsive__heading">PDS NHS number</span>
+            <%= helpers.format_nhs_number(changeset.pds_nhs_number) %>
+          <% end %>
+        <% end %>
+      <% end %>
+    <% end %>
+  <% end %>
+</div>

app/components/app_patient_pds_discrepancy_table_component.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+class AppPatientPDSDiscrepancyTableComponent < ViewComponent::Base
+  def initialize(discrepancies:, current_user:)
+    super
+
+    @discrepancies = discrepancies
+    @current_user = current_user
+  end
+
+  private
+
+  attr_reader :discrepancies, :current_user
+
+  def can_link_to?(record)
+    allowed_ids.include?(record.id)
+  end
+
+  def allowed_ids
+    @allowed_ids ||= PatientPolicy::Scope.new(current_user, Patient).resolve.ids
+  end
+end

app/components/app_session_details_summary_component.rb

@@ -26,7 +26,14 @@ def patient_sessions
 
   def cohort_row
     count = patient_sessions.count
-    href = import_session_path(session)
+
+    actions =
+      if @session.school?
+        href = import_session_path(session)
+        [{ text: "Import class lists", href: }]
+      else
+        []
+      end
 
     {
       key: {
@@ -35,7 +42,7 @@ def cohort_row
       value: {
         text: I18n.t("children", count:)
       },
-      actions: [{ text: "Import class lists", href: }]
+      actions:
     }
   end
 

app/components/app_session_summary_component.rb

@@ -30,7 +30,7 @@ def rows
   end
 
   def school_urn_row
-    if (text = location.urn).present?
+    if (text = location.urn_and_site).present?
       { key: { text: "School URN" }, value: { text: } }
     end
   end