From 97f77ceb082f761faba3472b3653b06966819a06 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 16 Oct 2023 11:28:19 +0000
Subject: [PATCH 01/11] Update Terraform
 github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars to v0.2.1 (#176)

* Update Terraform github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars to v0.2.1

* Fixed readme

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
---
 terraform/README.md                   | 4 ++--
 terraform/key-vault-tfvars-secrets.tf | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/terraform/README.md b/terraform/README.md
index 48330360c..3783e98ef 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -133,14 +133,14 @@ If everything looks good, answer `yes` and wait for the new infrastructure to be
 
 | Name | Version |
 |------|---------|
-| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.73.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.75.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_azure_container_apps_hosting"></a> [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.1.0 |
-| <a name="module_azurerm_key_vault"></a> [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.2.0 |
+| <a name="module_azurerm_key_vault"></a> [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.2.1 |
 
 ## Resources
 
diff --git a/terraform/key-vault-tfvars-secrets.tf b/terraform/key-vault-tfvars-secrets.tf
index 79ebcfb27..0b1c2ddf3 100644
--- a/terraform/key-vault-tfvars-secrets.tf
+++ b/terraform/key-vault-tfvars-secrets.tf
@@ -1,5 +1,5 @@
 module "azurerm_key_vault" {
-  source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.2.0"
+  source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.2.1"
 
   environment                           = local.environment
   project_name                          = local.project_name

From 6795a393b475fb588e456ce015b42d86e0536bd5 Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Mon, 9 Oct 2023 13:17:50 +0100
Subject: [PATCH 02/11] Removed deprecated policy

---
 terraform/ci-storage.tf | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/terraform/ci-storage.tf b/terraform/ci-storage.tf
index 6b5e99ec8..107a06512 100644
--- a/terraform/ci-storage.tf
+++ b/terraform/ci-storage.tf
@@ -30,9 +30,5 @@ resource "azurerm_monitor_diagnostic_setting" "ci-test-reports" {
 
   metric {
     category = "Transaction"
-
-    retention_policy {
-      enabled = false
-    }
   }
 }

From 4e2aabe6751345800953d80ccc403da0e7f5e1ac Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Mon, 16 Oct 2023 12:37:11 +0100
Subject: [PATCH 03/11] Update to Terraform 1.6.1

---
 .github/workflows/continuous-integration-terraform.yml | 6 +++---
 terraform/.terraform-version                           | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/continuous-integration-terraform.yml b/.github/workflows/continuous-integration-terraform.yml
index 825fdb605..7d88f82eb 100644
--- a/.github/workflows/continuous-integration-terraform.yml
+++ b/.github/workflows/continuous-integration-terraform.yml
@@ -40,19 +40,19 @@ jobs:
         run: rm ./terraform/backend.tf
 
       - name: Run a Terraform init
-        uses: docker://hashicorp/terraform:1.5.7
+        uses: docker://hashicorp/terraform:1.6.1
         with:
           entrypoint: terraform
           args: -chdir=terraform init
 
       - name: Run a Terraform validate
-        uses: docker://hashicorp/terraform:1.5.7
+        uses: docker://hashicorp/terraform:1.6.1
         with:
           entrypoint: terraform
           args: -chdir=terraform validate
 
       - name: Run a Terraform format check
-        uses: docker://hashicorp/terraform:1.5.7
+        uses: docker://hashicorp/terraform:1.6.1
         with:
           entrypoint: terraform
           args: -chdir=terraform fmt -check=true -diff=true
diff --git a/terraform/.terraform-version b/terraform/.terraform-version
index f01291b87..9c6d6293b 100644
--- a/terraform/.terraform-version
+++ b/terraform/.terraform-version
@@ -1 +1 @@
-1.5.7
+1.6.1

From 0b54d7d18965d39da2e4a0ac26457572c2e65d9f Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Mon, 16 Oct 2023 12:35:39 +0100
Subject: [PATCH 04/11] Added Statuscake TLS Monitor

* This will allow us to get Slack alerts as the day of expiry approaches
---
 terraform/.terraform.lock.hcl       | 23 +++++++++++++++++++++++
 terraform/README.md                 |  4 ++++
 terraform/locals.tf                 |  4 ++++
 terraform/statuscake-tls-monitor.tf | 12 ++++++++++++
 terraform/variables.tf              | 18 ++++++++++++++++++
 5 files changed, 61 insertions(+)
 create mode 100644 terraform/statuscake-tls-monitor.tf

diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index 0e1ada0ad..5a17d79fb 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -78,3 +78,26 @@ provider "registry.terraform.io/hashicorp/null" {
     "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694",
   ]
 }
+
+provider "registry.terraform.io/statuscakedev/statuscake" {
+  version     = "2.2.1"
+  constraints = ">= 2.1.0"
+  hashes = [
+    "h1:v9Zsszr6aXmjl0Zf6XfN+qOlIo+fJJL7iV1YLXuF/78=",
+    "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7",
+    "zh:443c840fd4ea0c7e8a45197c4823e7b122f087c7fac4f6ea96e9df1c499b9a39",
+    "zh:5c4a0f20dc321d45ba24207db0d21509a99a0531e150d989bf81c77ff3492ad1",
+    "zh:631e1bcab1703d6b722aeed3b709815575655b6bd28fca6ed48af64ee9205949",
+    "zh:6670e7dd4ac0a7e1ebb7370ad18d4a6d26a991602a138ba536538aa3b8a1cbc7",
+    "zh:6fa0b4200f08e088e382221095b75614e2a710e0185d28282a467a64fea84e3e",
+    "zh:8acff0f15c098f94643f0ecf7d3302f266869a53d97f7f647c8429d2b94f7ec1",
+    "zh:9007669557420a006ccbe7d03b1fb447a7a2770bde0db15909e0df63a89b936d",
+    "zh:93f0a45edbd4b851edca0ab49329a1de69261c26ac981c2aec985045bd60cf46",
+    "zh:99084f140c2be88b2554853fb5382f753e6809dadaa97b289f7cc92259c0d4d9",
+    "zh:d046b0d8b9fc512b3b483731f17edd8ee221f1dcaec649a8b8dcdde5400a90c4",
+    "zh:d0c966677d7a073d21605b351f2b3a83174901bcb6f25d4b4eb5b7822dac2d05",
+    "zh:dbd5ebfa764c0b58e764721704524c4f7028e70c8cb0b22efe494d588bf65cc0",
+    "zh:e492bdc2ddd32fe73532566affd6a9a22c0b75c042583d5450881f6c523441f8",
+    "zh:ee8f95766dbc1e1d2c41c6c837582af16b3e7ed5698c23471f1376011c7fa1a7",
+  ]
+}
diff --git a/terraform/README.md b/terraform/README.md
index 3783e98ef..2b3c3c73d 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -141,6 +141,7 @@ If everything looks good, answer `yes` and wait for the new infrastructure to be
 |------|--------|---------|
 | <a name="module_azure_container_apps_hosting"></a> [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.1.0 |
 | <a name="module_azurerm_key_vault"></a> [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.2.1 |
+| <a name="module_statuscake-tls-monitor"></a> [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.1 |
 
 ## Resources
 
@@ -201,6 +202,9 @@ If everything looks good, answer `yes` and wait for the new infrastructure to be
 | <a name="input_project_name"></a> [project\_name](#input\_project\_name) | Project name. Will be used along with `environment` as a prefix for all resources. | `string` | n/a | yes |
 | <a name="input_redis_cache_capacity"></a> [redis\_cache\_capacity](#input\_redis\_cache\_capacity) | Redis Cache Capacity | `number` | n/a | yes |
 | <a name="input_redis_cache_sku"></a> [redis\_cache\_sku](#input\_redis\_cache\_sku) | Redis Cache SKU | `string` | n/a | yes |
+| <a name="input_statuscake_api_token"></a> [statuscake\_api\_token](#input\_statuscake\_api\_token) | API token for StatusCake | `string` | n/a | yes |
+| <a name="input_statuscake_contact_group_integrations"></a> [statuscake\_contact\_group\_integrations](#input\_statuscake\_contact\_group\_integrations) | List of Integration IDs to connect to your Contact Group | `list(string)` | `[]` | no |
+| <a name="input_statuscake_contact_group_name"></a> [statuscake\_contact\_group\_name](#input\_statuscake\_contact\_group\_name) | Name of the contact group in StatusCake | `string` | `""` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags to be applied to all resources | `map(string)` | n/a | yes |
 | <a name="input_tfvars_filename"></a> [tfvars\_filename](#input\_tfvars\_filename) | tfvars filename. This file is uploaded and stored encrypted within Key Vault, to ensure that the latest tfvars are stored in a shared place. | `string` | n/a | yes |
 | <a name="input_virtual_network_address_space"></a> [virtual\_network\_address\_space](#input\_virtual\_network\_address\_space) | Virtual network address space CIDR | `string` | n/a | yes |
diff --git a/terraform/locals.tf b/terraform/locals.tf
index 4974067ff..ead5d3932 100644
--- a/terraform/locals.tf
+++ b/terraform/locals.tf
@@ -49,4 +49,8 @@ locals {
   key_vault_access_users                       = var.key_vault_access_users
   key_vault_access_ipv4                        = var.key_vault_access_ipv4
   tfvars_filename                              = var.tfvars_filename
+  statuscake_api_token                         = var.statuscake_api_token
+  statuscake_monitored_resource_address        = "https://${local.dns_zone_domain_name}${local.monitor_endpoint_healthcheck}"
+  statuscake_contact_group_name                = var.statuscake_contact_group_name
+  statuscake_contact_group_integrations        = var.statuscake_contact_group_integrations
 }
diff --git a/terraform/statuscake-tls-monitor.tf b/terraform/statuscake-tls-monitor.tf
new file mode 100644
index 000000000..955195128
--- /dev/null
+++ b/terraform/statuscake-tls-monitor.tf
@@ -0,0 +1,12 @@
+module "statuscake-tls-monitor" {
+  source = "github.com/dfe-digital/terraform-statuscake-tls-monitor?ref=v0.1.1"
+
+  statuscake_api_token                  = local.statuscake_api_token
+  statuscake_monitored_resource_address = local.statuscake_monitored_resource_address
+  statuscake_alert_at = [ # days to alert on
+    14, 7, 3
+  ]
+  statuscake_contact_group_name            = local.statuscake_contact_group_name
+  statuscake_contact_group_integrations    = local.statuscake_contact_group_integrations
+  statuscake_contact_group_email_addresses = local.monitor_email_receivers
+}
diff --git a/terraform/variables.tf b/terraform/variables.tf
index a777182c4..e694bb6ae 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -277,3 +277,21 @@ variable "tfvars_filename" {
   description = "tfvars filename. This file is uploaded and stored encrypted within Key Vault, to ensure that the latest tfvars are stored in a shared place."
   type        = string
 }
+
+variable "statuscake_api_token" {
+  description = "API token for StatusCake"
+  type        = string
+  sensitive   = true
+}
+
+variable "statuscake_contact_group_name" {
+  description = "Name of the contact group in StatusCake"
+  type        = string
+  default     = ""
+}
+
+variable "statuscake_contact_group_integrations" {
+  description = "List of Integration IDs to connect to your Contact Group"
+  type        = list(string)
+  default     = []
+}

From 2f7e3c99451d6e94d20d7eb001ad64bbe9fa0683 Mon Sep 17 00:00:00 2001
From: Liz Daly <50752284+lookupdaily@users.noreply.github.com>
Date: Mon, 9 Oct 2023 18:06:24 +0100
Subject: [PATCH 05/11] Add summary card components

Add summary card components to page, with correct headings and properties.

Dynamic data to be displayed next to each property will be added later using the page model, once the Academies database connection work is complete.
---
 .../Pages/Trusts/Details.cshtml               | 99 +++++++++++++++++++
 1 file changed, 99 insertions(+)

diff --git a/DfE.FindInformationAcademiesTrusts/Pages/Trusts/Details.cshtml b/DfE.FindInformationAcademiesTrusts/Pages/Trusts/Details.cshtml
index c2f3b50b5..e324ee78d 100644
--- a/DfE.FindInformationAcademiesTrusts/Pages/Trusts/Details.cshtml
+++ b/DfE.FindInformationAcademiesTrusts/Pages/Trusts/Details.cshtml
@@ -3,3 +3,102 @@
 @{
   Layout = "_TrustLayout";
 }
+
+<section class="govuk-!-margin-top-8 govuk-!-margin-bottom-9">
+  <div class="govuk-summary-card">
+    <div class="govuk-summary-card__title-wrapper">
+      <h2 class="govuk-summary-card__title">Trust details</h2>
+    </div>
+    <div class="govuk-summary-card__content">
+      <dl class="govuk-summary-list">
+        <div class="govuk-summary-list__row">
+          <dt class="govuk-summary-list__key">
+            Address
+          </dt>
+          <dd class="govuk-summary-list__value">
+            Dorthy Inlet, Kingston upon Hull, City of, JY36 9VC
+          </dd>
+        </div>
+        <div class="govuk-summary-list__row">
+          <dt class="govuk-summary-list__key">
+            Opened on
+          </dt>
+          <dd class="govuk-summary-list__value">
+            30 Dec 2013
+          </dd>
+        </div>
+        <div class="govuk-summary-list__row">
+          <dt class="govuk-summary-list__key">
+            Region and territory
+          </dt>
+          <dd class="govuk-summary-list__value">
+            Yorkshire and the Humber
+          </dd>
+        </div>
+        <div class="govuk-summary-list__row">
+          <dt class="govuk-summary-list__key">
+            Information from other services (opens in a new tab)
+          </dt>
+          <dd class="govuk-summary-list__value">
+            <p class="govuk-body">
+              <a class="govuk-link" href="#">Companies House</a>
+            </p>
+            <p class="govuk-body">
+              <a class="govuk-link" href="#">Get information about schools</a>
+            </p>
+            <p class="govuk-body">
+              <a class="govuk-link" href="#">Schools financial benchmarking</a>
+            </p>
+            <p class="govuk-body">
+              <a class="govuk-link" href="#">Find school college and performance data in England</a>
+            </p>
+          </dd>
+        </div>
+      </dl>
+    </div>
+  </div>
+</section>
+
+<section class="govuk-!-margin-top-8 govuk-!-margin-bottom-9">
+  <div class="govuk-summary-card">
+    <div class="govuk-summary-card__title-wrapper">
+      <h2 class="govuk-summary-card__title">Reference numbers</h2>
+    </div>
+    <div class="govuk-summary-card__content">
+      <dl class="govuk-summary-list">
+        <div class="govuk-summary-list__row">
+          <dt class="govuk-summary-list__key">
+            UID (Unique group identifier)
+          </dt>
+          <dd class="govuk-summary-list__value">
+            2412
+          </dd>
+        </div>
+        <div class="govuk-summary-list__row">
+          <dt class="govuk-summary-list__key">
+            Group ID (identifier) and TRN (trust reference number)
+          </dt>
+          <dd class="govuk-summary-list__value">
+            TR3971
+          </dd>
+        </div>
+        <div class="govuk-summary-list__row">
+          <dt class="govuk-summary-list__key">
+            UKPRN (UK provider reference number)
+          </dt>
+          <dd class="govuk-summary-list__value">
+            10013796
+          </dd>
+        </div>
+        <div class="govuk-summary-list__row">
+          <dt class="govuk-summary-list__key">
+            Companies House number
+          </dt>
+          <dd class="govuk-summary-list__value">
+            03080547
+          </dd>
+        </div>
+      </dl>
+    </div>
+  </div>
+</section>

From c8945d6d7bd0cff9181c4f5e773e9633046cd90a Mon Sep 17 00:00:00 2001
From: Liz Daly <50752284+lookupdaily@users.noreply.github.com>
Date: Mon, 16 Oct 2023 14:45:50 +0100
Subject: [PATCH 06/11] Add UI tests for trust details page

Add a UI test which checks that the correct trust information is displayed on the trust details page.

As this change is purely UI work, using static data the page object model contains the same static data to use in the tests. Once the data is populated correctly in a later user story this test is expected to fail and the page object model will need to be updated to use the AcademiesDb faker to check the correct values are displaying for different trusts.
---
 .../page-object-model/trust/details-page.ts     | 17 +++++++++++++++++
 .../ui-tests/trusts/details-page.spec.ts        |  5 +++++
 2 files changed, 22 insertions(+)

diff --git a/tests/playwright/page-object-model/trust/details-page.ts b/tests/playwright/page-object-model/trust/details-page.ts
index 59c995514..c63300991 100644
--- a/tests/playwright/page-object-model/trust/details-page.ts
+++ b/tests/playwright/page-object-model/trust/details-page.ts
@@ -8,12 +8,16 @@ export class DetailsPage {
   readonly trustHeading: TrustHeaderComponent
   readonly trustNavigation: TrustNavigationComponent
   readonly pageHeadingLocator: Locator
+  readonly trustDetailsCardLocator: Locator
+  readonly referenceNumbersCardLocator: Locator
 
   constructor (readonly page: Page) {
     this.expect = new DetailsPageAssertions(this)
     this.trustHeading = new TrustHeaderComponent(page)
     this.trustNavigation = new TrustNavigationComponent(page)
     this.pageHeadingLocator = page.locator('h1')
+    this.trustDetailsCardLocator = this.page.getByText('Trust details Address')
+    this.referenceNumbersCardLocator = this.page.getByText('Reference numbers UID')
   }
 
   async goTo (
@@ -40,4 +44,17 @@ class DetailsPageAssertions {
     const { name, type } = MockTrustsProvider.expectedFormattedTrustResult
     await this.detailsPage.trustHeading.expect.toSeeCorrectTrustNameAndType(name, type)
   }
+
+  async toSeeCorrectTrustDetails (): Promise<void> {
+    await expect(this.detailsPage.trustDetailsCardLocator).toContainText('Address Dorthy Inlet, Kingston upon Hull, City of, JY36 9VC')
+    await expect(this.detailsPage.trustDetailsCardLocator).toContainText('Opened on 30 Dec 2013')
+    await expect(this.detailsPage.trustDetailsCardLocator).toContainText('Region and territory Yorkshire and the Humber')
+  }
+
+  async toSeeCorrectTrustReferenceNumbers (): Promise<void> {
+    await expect(this.detailsPage.referenceNumbersCardLocator).toContainText('UID (Unique group identifier) 2412')
+    await expect(this.detailsPage.referenceNumbersCardLocator).toContainText('Group ID (identifier) and TRN (trust reference number) TR3971')
+    await expect(this.detailsPage.referenceNumbersCardLocator).toContainText('UKPRN (UK provider reference number) 10013796')
+    await expect(this.detailsPage.referenceNumbersCardLocator).toContainText('Companies House number 03080547')
+  }
 }
diff --git a/tests/playwright/ui-tests/trusts/details-page.spec.ts b/tests/playwright/ui-tests/trusts/details-page.spec.ts
index 99368dbed..c0e67434d 100644
--- a/tests/playwright/ui-tests/trusts/details-page.spec.ts
+++ b/tests/playwright/ui-tests/trusts/details-page.spec.ts
@@ -16,6 +16,11 @@ test.describe('Details page', () => {
     await detailsPage.expect.toSeeCorrectTrustNameAndTypeInHeader()
   })
 
+  test('user should see the correct trust information', async () => {
+    await detailsPage.expect.toSeeCorrectTrustDetails()
+    await detailsPage.expect.toSeeCorrectTrustReferenceNumbers()
+  })
+
   test.describe('given a user tries to visit the url without an existing trust', () => {
     test.beforeEach(({ page }) => {
       notFoundPage = new NotFoundPage(page)

From 0f79e2be5e423ed1022b0b70f2943a6f3aed94e3 Mon Sep 17 00:00:00 2001
From: Liz Daly <50752284+lookupdaily@users.noreply.github.com>
Date: Mon, 16 Oct 2023 14:51:22 +0100
Subject: [PATCH 07/11] Update details page accessibility test

Check that trust details and reference number cards are displaying correctly before running the axe-core scanner.
---
 .../playwright/accessibility-tests/trusts/details-page.spec.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/playwright/accessibility-tests/trusts/details-page.spec.ts b/tests/playwright/accessibility-tests/trusts/details-page.spec.ts
index 68cd7a579..1e7b103d1 100644
--- a/tests/playwright/accessibility-tests/trusts/details-page.spec.ts
+++ b/tests/playwright/accessibility-tests/trusts/details-page.spec.ts
@@ -7,7 +7,8 @@ test.describe('Details page', () => {
     await detailsPage.goTo()
     await detailsPage.expect.toSeeCorrectTrustNameAndTypeInHeader()
     await detailsPage.trustNavigation.expect.toBeVisible()
-
+    await detailsPage.expect.toSeeCorrectTrustDetails()
+    await detailsPage.expect.toSeeCorrectTrustReferenceNumbers()
     await expectNoAccessibilityViolations()
   })
 })

From 448ba88e25cb0ce948f5545298623f5b8e90413e Mon Sep 17 00:00:00 2001
From: Nick Warms <Nicholas.WARMS@education.gov.uk>
Date: Mon, 16 Oct 2023 10:24:58 +0100
Subject: [PATCH 08/11] Move app insights to always be turned on

Now we enable and disable app insights using the presence of the connection string in the secrets file
---
 DfE.FindInformationAcademiesTrusts/Program.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/DfE.FindInformationAcademiesTrusts/Program.cs b/DfE.FindInformationAcademiesTrusts/Program.cs
index fb753ce8b..72f9360eb 100644
--- a/DfE.FindInformationAcademiesTrusts/Program.cs
+++ b/DfE.FindInformationAcademiesTrusts/Program.cs
@@ -32,6 +32,7 @@ public static void Main(string[] args)
 
             builder.Services.AddRazorPages();
             builder.Services.AddHealthChecks();
+            builder.Services.AddApplicationInsightsTelemetry();
             AddAuthenticationServices(builder);
 
             builder.Services.Configure<RouteOptions>(options =>
@@ -212,7 +213,6 @@ private static void ReconfigureLogging(WebApplicationBuilder builder)
         }
         else
         {
-            builder.Services.AddApplicationInsightsTelemetry();
             builder.Host.UseSerilog((_, services, loggerConfiguration) => loggerConfiguration
                 .ReadFrom.Configuration(builder.Configuration)
                 .WriteTo.ApplicationInsights(services.GetRequiredService<TelemetryConfiguration>(),

From aafcbbab744bd33b869b5de6fbd2d9bae9ad2e7f Mon Sep 17 00:00:00 2001
From: Nick Warms <Nicholas.WARMS@education.gov.uk>
Date: Mon, 16 Oct 2023 10:29:36 +0100
Subject: [PATCH 09/11] Add app insights snippet

---
 DfE.FindInformationAcademiesTrusts/Pages/Shared/_Layout.cshtml | 3 +++
 DfE.FindInformationAcademiesTrusts/Pages/_ViewImports.cshtml   | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/DfE.FindInformationAcademiesTrusts/Pages/Shared/_Layout.cshtml b/DfE.FindInformationAcademiesTrusts/Pages/Shared/_Layout.cshtml
index 90f2a1046..cec1de6b5 100644
--- a/DfE.FindInformationAcademiesTrusts/Pages/Shared/_Layout.cshtml
+++ b/DfE.FindInformationAcademiesTrusts/Pages/Shared/_Layout.cshtml
@@ -14,6 +14,9 @@
   <link rel="apple-touch-icon" sizes="152x152" href="~/dist/images/govuk-apple-touch-icon-152x152.png">
   <link rel="apple-touch-icon" href="~/dist/images/govuk-apple-touch-icon.png">
   <link rel="stylesheet" href="~/dist/main.css"/>
+  <script asp-add-nonce>
+    @Html.Raw(AppInsightsSnippet.ScriptBody)
+  </script>
 </head>
 
 <body class="govuk-template__body ">
diff --git a/DfE.FindInformationAcademiesTrusts/Pages/_ViewImports.cshtml b/DfE.FindInformationAcademiesTrusts/Pages/_ViewImports.cshtml
index 53cfbbce9..63f152ca0 100644
--- a/DfE.FindInformationAcademiesTrusts/Pages/_ViewImports.cshtml
+++ b/DfE.FindInformationAcademiesTrusts/Pages/_ViewImports.cshtml
@@ -1,4 +1,6 @@
 @using DfE.FindInformationAcademiesTrusts
+@using Microsoft.ApplicationInsights.AspNetCore
 @namespace DfE.FindInformationAcademiesTrusts.Pages
 @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
 @addTagHelper *, NetEscapades.AspNetCore.SecurityHeaders.TagHelpers
+@inject JavaScriptSnippet AppInsightsSnippet

From 1183c7e4404831bad2158fea7c608260762d08f2 Mon Sep 17 00:00:00 2001
From: Nick Warms <Nicholas.WARMS@education.gov.uk>
Date: Mon, 16 Oct 2023 10:31:20 +0100
Subject: [PATCH 10/11] Change CSP policies to allow for App Insights tracking

---
 DfE.FindInformationAcademiesTrusts/Program.cs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/DfE.FindInformationAcademiesTrusts/Program.cs b/DfE.FindInformationAcademiesTrusts/Program.cs
index 72f9360eb..d763e1797 100644
--- a/DfE.FindInformationAcademiesTrusts/Program.cs
+++ b/DfE.FindInformationAcademiesTrusts/Program.cs
@@ -110,7 +110,12 @@ private static HeaderPolicyCollection GetSecurityHeaderPolicies()
                 cspBuilder.AddScriptSrc()
                     .Self()
                     .UnsafeInline()
-                    .WithNonce();
+                    .WithNonce()
+                    .From("https://js.monitor.azure.com/scripts/b/ai.2.min.js");
+                cspBuilder.AddConnectSrc()
+                    .Self()
+                    .WithNonce()
+                    .From("https://*.in.applicationinsights.azure.com//v2/track");
                 cspBuilder.AddObjectSrc().None();
                 cspBuilder.AddBlockAllMixedContent();
                 cspBuilder.AddImgSrc().Self();

From 1b0be7cd92b545f28351a75600b90834e63566fd Mon Sep 17 00:00:00 2001
From: Nick Warms <Nicholas.WARMS@education.gov.uk>
Date: Mon, 16 Oct 2023 11:59:29 +0100
Subject: [PATCH 11/11] Remove unused CSP

---
 DfE.FindInformationAcademiesTrusts/Program.cs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/DfE.FindInformationAcademiesTrusts/Program.cs b/DfE.FindInformationAcademiesTrusts/Program.cs
index d763e1797..f0297d7b1 100644
--- a/DfE.FindInformationAcademiesTrusts/Program.cs
+++ b/DfE.FindInformationAcademiesTrusts/Program.cs
@@ -114,7 +114,6 @@ private static HeaderPolicyCollection GetSecurityHeaderPolicies()
                     .From("https://js.monitor.azure.com/scripts/b/ai.2.min.js");
                 cspBuilder.AddConnectSrc()
                     .Self()
-                    .WithNonce()
                     .From("https://*.in.applicationinsights.azure.com//v2/track");
                 cspBuilder.AddObjectSrc().None();
                 cspBuilder.AddBlockAllMixedContent();