From 3648d40ab6d172a14ecff221dfe305d2309a8ea5 Mon Sep 17 00:00:00 2001
From: Tim Ireland <tim.ireland@hscic.gov.uk>
Date: Tue, 21 Apr 2026 14:12:07 +0100
Subject: [PATCH 1/4] Update stage-2-test.yaml

Testing updated sonar access token
---
 .github/workflows/stage-2-test.yaml | 46 ++++++++++++++---------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/stage-2-test.yaml b/.github/workflows/stage-2-test.yaml
index 0dea45de49..a5556859ce 100644
--- a/.github/workflows/stage-2-test.yaml
+++ b/.github/workflows/stage-2-test.yaml
@@ -200,26 +200,26 @@ jobs:
           name: code-coverage-report
           path: .reports/lcov.info
 
-  # perform-static-analysis:
-  #   name: "Perform static analysis"
-  #   needs: [test-unit, merge-coverage]
-  #   runs-on: ubuntu-latest
-  #   permissions:
-  #     id-token: write
-  #     contents: read
-  #   timeout-minutes: 5
-  #   steps:
-  #     - name: "Checkout code"
-  #       uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-  #       with:
-  #         fetch-depth: 0 # Full history is needed to improving relevancy of reporting
-  #     - name: "Download coverage report for SONAR"
-  #       uses: actions/download-artifact@v5
-  #       with:
-  #         name: code-coverage-report
-  #     - name: "Perform static analysis"
-  #       uses: NHSDigital/nhs-notify-shared-modules/.github/actions/perform-static-analysis@3.0.8
-  #       with:
-  #         sonar_organisation_key: "${{ vars.SONAR_ORGANISATION_KEY }}"
-  #         sonar_project_key: "${{ vars.SONAR_PROJECT_KEY }}"
-  #         sonar_token: "${{ secrets.SONAR_TOKEN }}"
+   perform-static-analysis:
+     name: "Perform static analysis"
+     needs: [test-unit, merge-coverage]
+     runs-on: ubuntu-latest
+     permissions:
+       id-token: write
+       contents: read
+     timeout-minutes: 5
+     steps:
+       - name: "Checkout code"
+         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+         with:
+           fetch-depth: 0 # Full history is needed to improving relevancy of reporting
+       - name: "Download coverage report for SONAR"
+         uses: actions/download-artifact@v5
+         with:
+           name: code-coverage-report
+       - name: "Perform static analysis"
+         uses: NHSDigital/nhs-notify-shared-modules/.github/actions/perform-static-analysis@3.0.8
+         with:
+           sonar_organisation_key: "${{ vars.SONAR_ORGANISATION_KEY }}"
+           sonar_project_key: "${{ vars.SONAR_PROJECT_KEY }}"
+           sonar_token: "${{ secrets.SONAR_TOKEN }}"

From ff4c9c04b9e5821f65f532bec55ba9e5879132b3 Mon Sep 17 00:00:00 2001
From: Tim Ireland <tim.ireland@hscic.gov.uk>
Date: Tue, 21 Apr 2026 14:20:15 +0100
Subject: [PATCH 2/4] Update stage-2-test.yaml

---
 .github/workflows/stage-2-test.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/stage-2-test.yaml b/.github/workflows/stage-2-test.yaml
index a5556859ce..6b62eb8288 100644
--- a/.github/workflows/stage-2-test.yaml
+++ b/.github/workflows/stage-2-test.yaml
@@ -200,7 +200,7 @@ jobs:
           name: code-coverage-report
           path: .reports/lcov.info
 
-   perform-static-analysis:
+  perform-static-analysis:
      name: "Perform static analysis"
      needs: [test-unit, merge-coverage]
      runs-on: ubuntu-latest

From 65812c4367ebe879b1039219ada6106c7a555ce3 Mon Sep 17 00:00:00 2001
From: Tim Ireland <tim.ireland@hscic.gov.uk>
Date: Tue, 21 Apr 2026 14:25:16 +0100
Subject: [PATCH 3/4] Update stage-2-test.yaml

---
 .github/workflows/stage-2-test.yaml | 44 ++++++++++++++---------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/stage-2-test.yaml b/.github/workflows/stage-2-test.yaml
index 6b62eb8288..b3720be5a6 100644
--- a/.github/workflows/stage-2-test.yaml
+++ b/.github/workflows/stage-2-test.yaml
@@ -201,25 +201,25 @@ jobs:
           path: .reports/lcov.info
 
   perform-static-analysis:
-     name: "Perform static analysis"
-     needs: [test-unit, merge-coverage]
-     runs-on: ubuntu-latest
-     permissions:
-       id-token: write
-       contents: read
-     timeout-minutes: 5
-     steps:
-       - name: "Checkout code"
-         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-         with:
-           fetch-depth: 0 # Full history is needed to improving relevancy of reporting
-       - name: "Download coverage report for SONAR"
-         uses: actions/download-artifact@v5
-         with:
-           name: code-coverage-report
-       - name: "Perform static analysis"
-         uses: NHSDigital/nhs-notify-shared-modules/.github/actions/perform-static-analysis@3.0.8
-         with:
-           sonar_organisation_key: "${{ vars.SONAR_ORGANISATION_KEY }}"
-           sonar_project_key: "${{ vars.SONAR_PROJECT_KEY }}"
-           sonar_token: "${{ secrets.SONAR_TOKEN }}"
+    name: "Perform static analysis"
+    needs: [test-unit, merge-coverage]
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    timeout-minutes: 5
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0 # Full history is needed to improving relevancy of reporting
+      - name: "Download coverage report for SONAR"
+        uses: actions/download-artifact@v5
+        with:
+          name: code-coverage-report
+      - name: "Perform static analysis"
+        uses: NHSDigital/nhs-notify-shared-modules/.github/actions/perform-static-analysis@3.0.8
+        with:
+          sonar_organisation_key: "${{ vars.SONAR_ORGANISATION_KEY }}"
+          sonar_project_key: "${{ vars.SONAR_PROJECT_KEY }}"
+          sonar_token: "${{ secrets.SONAR_TOKEN }}"

From b5cd75928a0342d7f5903c097b4b45b764bba4c0 Mon Sep 17 00:00:00 2001
From: Tim Ireland <tim.ireland@hscic.gov.uk>
Date: Tue, 21 Apr 2026 14:39:01 +0100
Subject: [PATCH 4/4] Update sonar-scanner.properties

adjusting sonar properties file
---
 scripts/config/sonar-scanner.properties | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/config/sonar-scanner.properties b/scripts/config/sonar-scanner.properties
index ac9af5d3dc..2031e3bf43 100644
--- a/scripts/config/sonar-scanner.properties
+++ b/scripts/config/sonar-scanner.properties
@@ -3,12 +3,12 @@
 sonar.host.url=https://sonarcloud.io
 sonar.qualitygate.wait=true
 sonar.sourceEncoding=UTF-8
-sonar.sources=frontend/src/, lambdas/authorizer, lambdas/backend-api, utils/utils, data-migration/user-transfer
-sonar.tests=tests/, frontend/src/__tests__, lambdas/authorizer/src/__tests__, lambdas/backend-api/src/__tests__, utils/utils/src/__tests__, data-migration/user-transfer/src/__tests__
-sonar.exclusions=frontend/src/__tests__/**/*, lambdas/*/src/__tests__/**/*, data-migration/user-transfer/src/__tests__/**/*, utils/utils/src/__tests__/**/*, **/*.dev.*, frontend/src/components/forms/SubmitTemplate/SubmitLetterTemplate.tsx
+sonar.sources=frontend/src/, lambdas/authorizer, lambdas/backend-api, utils/utils
+sonar.tests=tests/, frontend/src/__tests__, lambdas/authorizer/src/__tests__, lambdas/backend-api/src/__tests__, utils/utils/src/__tests__
+sonar.exclusions=frontend/src/__tests__/**/*, lambdas/*/src/__tests__/**/*,utils/utils/src/__tests__/**/*, **/*.dev.*, frontend/src/components/forms/SubmitTemplate/SubmitLetterTemplate.tsx
 sonar.terraform.provider.aws.version=5.54.1
 sonar.cpd.exclusions=**.test.*
-sonar.coverage.exclusions=tests/, frontend/src/__tests__, **/*.dev.*, lambdas/**/src/__tests__, utils/utils/src/__tests__, data-migration/user-transfer/src/__tests__, utils/utils/src/zod-validators.ts ,**/jest.config.ts,scripts/**/*
+sonar.coverage.exclusions=tests/, frontend/src/__tests__, **/*.dev.*, lambdas/**/src/__tests__, utils/utils/src/__tests__, utils/utils/src/zod-validators.ts, **/jest.config.ts,scripts/**/*
 
 #sonar.python.coverage.reportPaths=.coverage/coverage.xml
 sonar.javascript.lcov.reportPaths=lcov.info