merge develop

cabinetoffice · Oct 24, 2023 · 4f545fd · 4f545fd
1 parent 4129d23
commit 4f545fd
Show file tree

Hide file tree

Showing 10 changed files with 160 additions and 1,065 deletions.
diff --git a/.env.example b/.env.example
@@ -0,0 +1,32 @@
+ELASTIC_INDEX=elasticIndex
+ELASTIC_PASSWORD=elasticPasswrod
+ELASTIC_URL=elasticUrl
+ELASTIC_USERNAME=elasticUsername
+
+GOV_NOTIFY_API_KEY=gov-notify-api-key
+GOV_NOTIFY_GRANT_UPDATED_EMAIL_TEMPLATE_ID=gov-notify-grant-updated-email-template-id
+GOV_NOTIFY_GRANT_CLOSING_EMAIL_TEMPLATE_ID=gov-notify-grant-closing-email-template-id
+GOV_NOTIFY_GRANT_OPENING_EMAIL_TEMPLATE_ID=gov-notify-grant-opening-email-template-id
+GOV_NOTIFY_NEW_GRANTS_EMAIL_TEMPLATE_ID=gov-notify-new-grants-email-template-id
+GOV_NOTIFY_SAVED_SEARCH_NOTIFICATION_EMAIL_TEMPLATE_ID=gov-notify-saved-search-notification-email-template-id
+GOV_NOTIFY_NOTIFICATION_EMAIL_NEWSLETTER_TEMPLATE=gov-notify-notification-email-newsletter-template
+
+CONTENTFUL_SPACE_ID=contentful-space-id
+CONTENTFUL_ACCESS_TOKEN=contentful-access-token
+CONTENTFUL_PREVIEW_ACCESS_TOKEN=contentful-preview-access-token
+CONTENTFUL_ENVIRONMENT=contentful-environment
+CONTENTFUL_MANAGEMENT_TOKEN=contentful-management-token
+
+ENCRYPTION_GENERATOR_KEY_ID=encryption-generator-key
+ENCRYPTION_KEY_NAME=encryption-key
+ENCRYPTION_KEY_NAMESPACE=encription-key-namespace
+ENCRYPTION_ORIGIN=eu-west-2
+ENCRYPTION_STAGE=encription-stage
+ENCRYPTION_WRAPPING_KEY=encription-wrapping-key
+
+DATABASE_URL=postgres://postgres:root@localhost:5432/postgres
+DATABASE_SSL=false
+HOST=http://localhost:3001/
+IS_SERVICE_DOWN=false
+FIND-ACCOUNTS-MIGRATING-ENABLED=true
+FRONT_END_HOST=http://localhost:3001/
diff --git a/.github/workflows/feature.yml b/.github/workflows/feature.yml
@@ -1,19 +1,9 @@
 name: Unit & Integration Tests
 
 on:
-    push:
-        branches:
-            - feature/**
-            - GAP-**
-            - bug/**
-        paths-ignore:
-            - '*.md'
-
     pull_request:
-        types: [closed]
         branches:
-            - feature/**
-            - GAP-**
+            - develop
         paths-ignore:
             - '*.md'
 env:
@@ -28,88 +18,27 @@ jobs:
             contents: read
 
         steps:
-            # ==============================
-            - name: Dump context
-              env:
-                  GITHUB_CONTEXT: ${{ toJson(github) }}
-              run: echo "${GITHUB_CONTEXT}"
-            # ==============================
-
             - name: Checkout repo
               uses: actions/checkout@master
 
-            - name: Generate .env
-              run: |
-                  cat << EOF > .env
-                  CONTENTFUL_SPACE_ID=${{ secrets.DEV_CONTENTFUL_SPACE_ID }}
-                  CONTENTFUL_ACCESS_TOKEN=${{ secrets.DEV_CONTENTFUL_ACCESS_TOKEN }}
-                  CONTENTFUL_PREVIEW_ACCESS_TOKEN=${{ secrets.DEV_CONTENTFUL_PREVIEW_ACCESS_TOKEN }}
-                  CONTENTFUL_MANAGEMENT_TOKEN=${{ secrets.DEV_CONTENTFUL_MANAGEMENT_TOKEN }}
-                  CONTENTFUL_ENVIRONMENT=${{ secrets.DEV_CONTENTFUL_ENVIRONMENT }}
-                  ELASTIC_INDEX=${{ secrets.DEV_ELASTIC_INDEX }}
-                  ELASTIC_URL=${{ secrets.DEV_ELASTIC_URL }}
-                  ELASTIC_USERNAME=${{ secrets.DEV_ELASTIC_USERNAME }}
-                  ELASTIC_PASSWORD=${{ secrets.DEV_ELASTIC_PASSWORD }}
-                  GOV_NOTIFY_API_KEY=${{ secrets.GOV_NOTIFY_API_KEY }}
-                  GOV_NOTIFY_GRANT_UPDATED_EMAIL_TEMPLATE_ID=${{ secrets.GOV_NOTIFY_GRANT_UPDATED_EMAIL_TEMPLATE_ID }}
-                  GOV_NOTIFY_GRANT_CLOSING_EMAIL_TEMPLATE_ID=${{ secrets.GOV_NOTIFY_GRANT_CLOSING_EMAIL_TEMPLATE_ID }}
-                  GOV_NOTIFY_GRANT_OPENING_EMAIL_TEMPLATE_ID=${{ secrets.GOV_NOTIFY_GRANT_OPENING_EMAIL_TEMPLATE_ID }}
-                  GOV_NOTIFY_SAVED_SEARCH_NOTIFICATION_EMAIL_TEMPLATE_ID=${{ secrets.GOV_NOTIFY_SAVED_SEARCH_NOTIFICATION_EMAIL_TEMPLATE_ID }}
-                  DATABASE_SSL=true
-                  HOST=${{ secrets.DEV_ENVIRONMENT_URL }}
-                  ENCRYPTION_KEY_NAME=${{ secrets.DEV_ENCRYPTION_KEY_NAME }}
-                  ENCRYPTION_KEY_NAMESPACE=${{ secrets.DEV_ENCRYPTION_KEY_NAMESPACE }}
-                  ENCRYPTION_ORIGIN=${{ secrets.DEV_ENCRYPTION_ORIGIN }}
-                  ENCRYPTION_STAGE=${{ secrets.DEV_ENCRYPTION_STAGE }}
-                  ENCRYPTION_WRAPPING_KEY=${{ secrets.DEV_ENCRYPTION_WRAPPING_KEY }}
-                  FRONT_END_HOST=${{ secrets.DEV_FRONTEND_URL }}
-                  EOF
+            - name: Generate .env files
+              run: cp .env.example .env
 
             - name: Read .nvmrc
-              run: echo "::set-output name=NVMRC::$(cat .nvmrc)"
               id: nvm
+              run: echo "name=NVMRC::$(cat .nvmrc)" >> $GITHUB_OUTPUT
 
             - name: Setup node
               uses: actions/setup-node@master
               with:
                   node-version: '${{ steps.nvm.outputs.NVMRC }}'
-
-            - name: Snyk setup
-              uses: snyk/actions/node@master
-              env:
-                  SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-              with:
-                  args: --yarn-workspaces --strict-out-of-sync=false
-
-            - name: Install yarn
-              run: npm install -g yarn && YARN_IGNORE_NODE=1 yarn set version berry
-
-            - name: Read yarn cache directory path
-              run: echo "::set-output name=dir::$(yarn config get cacheFolder)"
-              id: yarn-cache-dir-path
-
-            - name: Cache dependencies
-              uses: actions/cache@v2
-              id: yarn-cache
-              with:
-                  path: |
-                      ${{ steps.yarn-cache-dir-path.outputs.dir }}
-                      **/node_modules
-                  key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
-                  restore-keys: |
-                      ${{ runner.os }}-yarn-
+                  cache: 'yarn'
 
             - name: Install dependencies
-              if: steps.yarn-cache.outputs.cache-hit != 'true'
-              run: |
-                  YARN_IGNORE_NODE=1 yarn install --immutable
-
-            - name: Units Tests
-              run: |
-                  YARN_IGNORE_NODE=1 yarn test:cov
+              run: yarn install --immutable
 
             - name: Build application
-              run: |
-                  YARN_IGNORE_NODE=1 yarn build
+              run: yarn build
 
-    # =============================
+            - name: Units Tests
+              run: yarn jest --ci
diff --git a/.github/workflows/promoteToProd.yml b/.github/workflows/promoteToProd.yml
@@ -25,7 +25,7 @@ jobs:
 
             - name: Login to AWS ECR
               id: login-ecr
-              uses: aws-actions/amazon-ecr-login@v1
+              uses: aws-actions/amazon-ecr-login@v2
 
             - name: Add prod tag to existing test image
               # Based on steps described here - https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-retag.html

diff --git a/.github/workflows/pushImage.yml b/.github/workflows/pushImage.yml
@@ -13,7 +13,7 @@ env:
     AWS_REGION: eu-west-2
 
 jobs:
-    build:
+    test:
         name: Build Feature
 
         # Need to check here as create event can't be filtered by branch name...
@@ -23,69 +23,86 @@ jobs:
 
         steps:
             - name: Checkout repo
-              uses: actions/checkout@v3
+              uses: actions/checkout@master
+
+            - name: Generate .env files
+              run: cp .env.example .env
 
             - name: Read .nvmrc
-              run: echo "::set-output name=NVMRC::$(cat .nvmrc)"
               id: nvm
+              run: echo "name=NVMRC::$(cat .nvmrc)" >> $GITHUB_OUTPUT
 
             - name: Setup node
               uses: actions/setup-node@master
               with:
                   node-version: '${{ steps.nvm.outputs.NVMRC }}'
+                  cache: 'yarn'
 
-            - name: Snyk setup
-              uses: snyk/actions/node@master
-              env:
-                  SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-              with:
-                  args: --yarn-workspaces --strict-out-of-sync=false
+            - name: Install dependencies
+              run: yarn install --immutable
+
+            - name: Build application
+              run: yarn build
+
+            - name: Units Tests
+              run: yarn jest --ci
 
-            - name: Use Yarn v3.6
-              run: yarn set version berry
+    build:
+        runs-on: ubuntu-latest
 
-            - name: Read yarn cache directory path
-              run: echo "::set-output name=dir::$(yarn config get cacheFolder)"
-              id: yarn-cache-dir-path
+        outputs:
+            docker-image-name: ${{ steps.docker-image-name.outputs.name }}
 
-            - name: Cache dependencies
-              uses: actions/cache@v2
-              id: yarn-cache
+        steps:
+            - uses: actions/checkout@v3
               with:
-                  path: |
-                      ${{ steps.yarn-cache-dir-path.outputs.dir }}
-                      **/node_modules
-                      ~/.cache/Cypress
-                  key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
-                  restore-keys: |
-                      ${{ runner.os }}-yarn-
+                  # Fetch all commits since we use the total commit count to determine the build version
+                  fetch-depth: 0
 
-            - name: Install dependencies
-              if: steps.yarn-cache.outputs.cache-hit != 'true'
-              run: |
-                  yarn install --immutable
+            - name: Setup AWS credentials
+              uses: aws-actions/configure-aws-credentials@v1-node16
+              with:
+                  aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+                  aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+                  aws-region: ${{ env.AWS_REGION }}
 
-            - name: Build application
+            - name: Login to AWS ECR
+              id: login-ecr
+              uses: aws-actions/amazon-ecr-login@v2
+
+            - name: Determine & set BUILD_VERSION
               run: |
-                  yarn build
+                  GIT_COUNT=$(git rev-list $GITHUB_SHA --count)
+                  echo "BUILD_VERSION=b_$GIT_COUNT" >> $GITHUB_ENV
+                  echo BUILD_VERSION is ${{ env.BUILD_VERSION }}
 
-            - name: Units Tests
+            - name: Build Docker image
+              env:
+                  ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+              run: docker build -t $ECR_REGISTRY/find-a-grant-api:${{ env.BUILD_VERSION }} .
+
+            - name: Generate Docker image name
+              id: docker-image-name
               run: |
-                  yarn test:cov
+                  NAME=${{ (github.ref == 'refs/heads/develop' && 'find-api-dev-image') || (startsWith(github.ref, 'refs/heads/release') && 'find-api-qa-image') }}
+                  echo "name=$NAME" >> $GITHUB_OUTPUT
 
-            - name: Cache application build
-              uses: actions/cache@v2
-              id: build-cache
-              with:
-                  path: |
-                      ${{ github.workspace }}/.next/cache
-                  key: gap-cache-build-${{ github.event.pull_request.head.sha }}
+            - name: Save Docker image
+              env:
+                  ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+              run: docker save --output ${{ steps.docker-image-name.outputs.name }}.tar $ECR_REGISTRY/find-a-grant-api:${{ env.BUILD_VERSION }}
 
-    imageBuild:
-        needs: build
+            - name: Upload Docker image
+              uses: actions/upload-artifact@v3
+              with:
+                  name: ${{ steps.docker-image-name.outputs.name }}
+                  path: ${{ steps.docker-image-name.outputs.name }}.tar
+                  retention-days: 1
 
-        environment: AWS
+    deploy:
         runs-on: ubuntu-latest
+        environment: AWS
+        needs: [build, test]
 
         steps:
             - uses: actions/checkout@v3
@@ -102,20 +119,26 @@ jobs:
 
             - name: Login to AWS ECR
               id: login-ecr
-              uses: aws-actions/amazon-ecr-login@v1
+              uses: aws-actions/amazon-ecr-login@v2
 
             - name: Determine & set BUILD_VERSION
               run: |
                   GIT_COUNT=$(git rev-list $GITHUB_SHA --count)
                   echo "BUILD_VERSION=b_$GIT_COUNT" >> $GITHUB_ENV
                   echo BUILD_VERSION is ${{ env.BUILD_VERSION }}
 
-            - name: Build, tag and push Docker image to AWS ECR
+            - name: Download Docker image
+              uses: actions/download-artifact@v3
+              with:
+                  name: ${{ needs.build.outputs.docker-image-name }}
+
+            - name: Load Docker image
+              run: docker load --input ${{ needs.build.outputs.docker-image-name }}.tar
+
+            - name: Push Docker image to AWS ECR
               env:
                   ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-              run: |
-                  docker build -t $ECR_REGISTRY/find-a-grant-api:${{ env.BUILD_VERSION }} .
-                  docker push $ECR_REGISTRY/find-a-grant-api:${{ env.BUILD_VERSION }}
+              run: docker push $ECR_REGISTRY/find-a-grant-api:${{ env.BUILD_VERSION }}
 
             - name: Create env tag
               env:

diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
@@ -0,0 +1,26 @@
+name: Security Vulnerabilites
+
+on:
+    pull_request:
+        branches:
+            - develop
+
+jobs:
+    build:
+        name: Snyk scan
+
+        runs-on: ubuntu-latest
+
+        permissions:
+            contents: read
+
+        steps:
+            - name: Checkout repo
+              uses: actions/checkout@v4
+
+            - name: Snyk setup
+              uses: snyk/actions/node@master
+              env:
+                  SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+              with:
+                  args: --strict-out-of-sync=false
diff --git a/.gitignore b/.gitignore
@@ -38,4 +38,5 @@ lerna-debug.log*
 
 ### Local properties ###
 application-local.properties
-.env.local
+.env.local
+.env