NHSDigital · sathiya-nhs · Jan 29, 2026 · Jan 29, 2026
diff --git a/.github/workflows/apigee-release-pipeline.yml b/.github/workflows/apigee-release-pipeline.yml
@@ -3,11 +3,8 @@
   run:
     shell: bash # Explicitly sets pipeline to fail if any subprocess fails
 on:
-  push:
-    branches:
-      - master
-permissions:
-  contents: read
+  push
+permissions: read-all
 
 jobs:
   deploy-hello-world:
@@ -92,10 +89,10 @@
           token="${token#\"}"
           echo "APIGEE_ACCESS_TOKEN=$token" >> $GITHUB_ENV
 
-      - name: Install Python 3.13
+      - name: Install Python 3.9
         uses: actions/setup-python@v5
         with:
-          python-version: 3.13
+          python-version: 3.9
 
       - name: Upgrade python packaging tools
         run: python -m pip install --upgrade pip cryptography

diff --git a/.github/workflows/continous-integration-workflow.yaml b/.github/workflows/continous-integration-workflow.yaml
@@ -14,10 +14,10 @@
         with:
           fetch-depth: 0  # This causes all history to be fetched, which is required for calculate-version to function	
 
-      - name: Install Python 3.13
+      - name: Install Python 3.9
         uses: actions/setup-python@v5
         with:
-          python-version: 3.13
+          python-version: 3.9
 
       - name: Update apt repositories
         run: sudo apt update
@@ -49,14 +49,10 @@
       - name: Check licenses
         run: make check-licenses
 
-      # - name: Set SPEC_VERSION env var
-      #   run: echo ::set-env name=SPEC_VERSION::$(poetry run python scripts/calculate_version.py)
-      #   env:
-      #     ACTIONS_ALLOW_UNSECURE_COMMANDS: true
-
       - name: Set SPEC_VERSION env var
-        run: echo "SPEC_VERSION=$(poetry run python scripts/calculate_version.py)" >> "$GITHUB_ENV"
-
+        run: echo ::set-env name=SPEC_VERSION::$(poetry run python scripts/calculate_version.py)
+        env:
+          ACTIONS_ALLOW_UNSECURE_COMMANDS: true
 
       - name: Create release (master only)
         id: create-release

diff --git a/.github/workflows/spec-release-pipeline.yml b/.github/workflows/spec-release-pipeline.yml
@@ -4,8 +4,7 @@
     shell: bash # Explicitly sets pipeline to fail if any subprocess fails
 on:
   push
-permissions:
-  contents: read
+permissions: read-all
 
 jobs:
   deploy-hello-world-spec:
@@ -39,10 +38,10 @@
                 echo PR number - $pr_number
           fi
 
-      - name: Install Python 3.13
+      - name: Install Python 3.9
         uses: actions/setup-python@v5
         with:
-          python-version: 3.13
+          python-version: 3.9
 
       - name: Install Proxygen client
         run: |

diff --git a/README.md b/README.md
@@ -33,7 +33,7 @@ The contents of this repository are protected by Crown Copyright (C).
 
 ### Proxygen
 
-Hello World is the first API to use API Management's Proxygen to deploy the proxy, products, sandbox and spec through API calls. 
+Hello World is the first API to use API Management's Proxygen to deploy the proxy, products, sandbox and spec through API calls.
 
 The Proxygen API calls are handled by the Proxygen CLI