pfs-115: Base Finance Admin project files

.adr-dir

@@ -0,0 +1 @@
+adrs

.air.toml

@@ -0,0 +1,10 @@
+# Hot-reloading with Air - https://github.com/cosmtrek/air
+
+root = "."
+tmp_dir = "tmp"
+
+[build]
+exclude_dir = ["tmp", "web/assets", "web/static", "node_modules"]
+cmd = "go build -gcflags='all=-N -l' -o /tmp/main ."
+full_bin = "dlv exec --accept-multiclient --log --headless --continue --listen :2345 --api-version 2 /tmp/main"
+include_ext = ["go", "gotmpl"]

.dockerignore

@@ -0,0 +1,6 @@
+node_modules
+cypress/screenshots
+cypress/videos
+tmp
+main
+web/static

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @ministryofjustice/opg-sirius-supervision @ministryofjustice/opg-webops

.github/renovate.json

@@ -0,0 +1,48 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": [
+        "config:base"
+    ],
+    "branchPrefix": "renovate-",
+    "commitMessageAction": "Renovate Update",
+    "labels": [
+        "Dependencies",
+        "Renovate"
+    ],
+    "lockFileMaintenance": {
+        "enabled": true
+    },
+    "packageRules": [
+        {
+            "automerge": true,
+            "groupName": "Patch & Minor Updates",
+            "groupSlug": "all-minor-patch-updates",
+            "matchPackagePatterns": [
+                "*"
+            ],
+            "matchUpdateTypes": [
+                "minor",
+                "patch"
+            ],
+            "prPriority": 1,
+            "stabilityDays": 3
+        }
+    ],
+    "major": {
+        "labels": [
+            "Dependencies",
+            "Renovate"
+        ],
+        "prPriority": 0
+    },
+    "vulnerabilityAlerts": {
+        "groupName": "Vulnerability Patches",
+        "dependencyDashboardApproval": false,
+        "stabilityDays": 0,
+        "rangeStrategy": "update-lockfile",
+        "commitMessagePrefix": "[SECURITY]",
+        "branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability",
+        "prCreation": "immediate",
+        "prPriority": 2
+    }
+}

.github/workflows/build.yml

@@ -0,0 +1,171 @@
+name: Test & Build
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  test:
+    name: Unit/Integration Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Set up Go 1.22
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.22
+        id: go
+
+      - name: Check out code
+        uses: actions/checkout@v1
+
+      - name: Run tests
+        run: make test
+
+      - name: Test Summary
+        uses: test-summary/action@v2
+        with:
+          paths: "test-results/unit-tests.xml"
+        if: always()
+
+      - name: Upload Code Coverage
+        uses: codecov/codecov-action@v3
+        with:
+          files: test-results/test-coverage.txt
+          fail_ci_if_error: false
+          verbose: true
+
+  lint:
+    name: Go Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Go Lint
+        run: make go-lint
+
+  cypress:
+    name: Cypress Tests
+    runs-on: ubuntu-latest
+    needs: test
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run cypress
+        run: make cypress
+      - name: Store screenshots
+        uses: actions/upload-artifact@v3
+        if: failure()
+        with:
+          name: cypress-screenshots
+          path: cypress/screenshots
+      - name: Store logs
+        uses: actions/upload-artifact@v3
+        if: failure()
+        with:
+          name: cypress-logs
+          path: cypress/logs
+
+  build-and-push:
+    name: "Build & Push Containers"
+    if: false
+    runs-on: ubuntu-latest
+    needs: ['test', 'lint']
+    outputs:
+      branch: ${{ steps.set-outputs.outputs.branch }}
+      tag: ${{ steps.bump_version.outputs.tag }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: '0'
+      - name: Extract branch name
+        run: |
+          if [ "${{ github.head_ref }}" == "" ]; then
+            echo BRANCH_NAME=main >> $GITHUB_ENV
+          else
+            echo BRANCH_NAME=${{ github.head_ref }} >> $GITHUB_ENV
+          fi
+        id: extract_branch
+      - uses: unfor19/install-aws-cli-action@v1
+
+      - name: Build Container
+        run: make build
+
+      - name: Run Trivy vulnerability scanner
+        run: make scan
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'test-results/'
+
+      - name: Bump Version
+        id: bump_version
+        uses: anothrNick/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          INITIAL_VERSION: 1.0.0
+          DEFAULT_BUMP: minor
+          PRERELEASE: true
+          PRERELEASE_SUFFIX: ${{ env.BRANCH_NAME }}
+          RELEASE_BRANCHES: main
+          WITH_V: true
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
+          aws-region: eu-west-1
+          role-to-assume: arn:aws:iam::311462405659:role/sirius-actions-ci
+          role-duration-seconds: 3600
+          role-session-name: GitHubActions
+
+      - name: ECR Login
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          registries: 311462405659
+
+      - name: Push Container
+        run: |
+          docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:latest 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:${{ steps.bump_version.outputs.tag }}
+          if [ $BRANCH_NAME == "main" ]; then
+            docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:latest 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:main-${{ steps.bump_version.outputs.tag }}
+            # We want all of the tags pushed
+            docker push  --all-tags 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin
+          else
+            docker push 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:${{ steps.bump_version.outputs.tag }}
+          fi
+
+  push-tags:
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
+          aws-region: eu-west-1
+          role-to-assume: arn:aws:iam::997462338508:role/sirius-actions-ci
+          role-duration-seconds: 3600
+          role-session-name: GitHubActions
+
+      - name: Install AWS CLI
+        id: install-aws-cli
+        uses: unfor19/install-aws-cli-action@v1
+
+      - name: Push Tag to Parameter Store
+        run: |
+          aws ssm put-parameter --name "opg-sirius-supervision-finance-admin-latest-green-build" --type "String" --value "${{ needs.build-and-push.outputs.tag }}" --overwrite --region=eu-west-1

.gitignore

@@ -0,0 +1,24 @@
+node_modules
+package-lock.json
+test-results
+tmp/
+web/static/
+
+# Cypress cli run artifact folders
+cypress/logs
+cypress/screenshots
+cypress/videos
+cypress/downloads
+/cypress/cypress/
+
+# binaries
+/main
+
+# IDEs
+.idea
+
+.DS_Store
+.cache
+.gocache
+.trivy-cache
+

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Ministry of Justice
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,43 @@
+all: go-lint test build-all scan cypress down
+
+.PHONY: cypress
+
+test-results:
+	mkdir -p -m 0777 test-results cypress/screenshots .trivy-cache .go-cache
+
+setup-directories: test-results
+
+go-lint:
+	docker compose run --rm go-lint
+
+build:
+	docker compose build --no-cache --parallel finance-admin
+
+build-dev:
+	docker compose -f docker-compose.yml -f docker/docker-compose.dev.yml build --parallel finance-admin yarn
+
+build-all:
+	docker compose build --parallel finance-admin yarn cypress
+
+test: setup-directories
+	go run gotest.tools/gotestsum@latest --format testname  --junitfile test-results/unit-tests.xml -- ./... -coverprofile=test-results/test-coverage.txt
+
+scan: setup-directories
+	docker compose run --rm trivy image --format table --exit-code 0 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:latest
+	docker compose run --rm trivy image --format sarif --output /test-results/hub.sarif --exit-code 1 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:latest
+
+clean:
+	docker compose down
+	docker compose run --rm yarn
+
+up: clean build-dev
+	docker compose -f docker-compose.yml -f docker/docker-compose.dev.yml up finance-admin yarn
+
+down:
+	docker compose down
+
+compile-assets:
+	docker compose run --rm yarn build
+
+cypress: setup-directories clean
+	docker compose run --build cypress

README.md

@@ -1,2 +1,52 @@
-# opg-sirius-supervision-finance-admin
-OPG sirius supervision finance admin: Managed by opg-org-infra & Terraform
+# OPG SIRIUS SUPERVISION FINANCE ADMIN
+
+### Major dependencies
+
+- [Go](https://golang.org/) (>= 1.22)
+- [docker compose](https://docs.docker.com/compose/install/) (>= 2.26.0)
+
+#### Installing dependencies locally:
+(This is only necessary if running without docker)
+
+- `yarn install`
+- `go mod download`
+---
+
+## Local development
+
+The application ran through Docker can be accessed on `localhost:8888/finance-admin`.
+
+To enable debugging and hot-reloading of Go files:
+
+`make up`
+
+Hot-reloading is managed independently for both apps and should happen seamlessly. Hot-reloading for web assets (JS, CSS, etc.)
+is also provided via a Yarn watch command.
+
+-----
+## Run the unit/integration tests
+
+`make test`
+
+## Run the Cypress tests
+
+`make cypress`
+
+## Run Trivy scanning
+
+`make scan`
+
+-----
+## Architectural Decision Records
+
+The major decisions made on this project are documented as ADRs in `/adrs`. The process for contributing to these is documented
+in the first ADR.
+
+-----
+## HTMX & JS
+
+This project uses [HTMX](https://htmx.org/) to render partial HTML instead of reloading the whole page on each request. However, this can 
+mean that event listeners added on page load may fail to register/get deregistered when a partial is loaded. To avoid this,
+you can force event listeners to register on every HTMX load event by putting them within the `htmx.onLoad` function.
+
+HTMX also includes a range of utility functions that can be used in place of more unwieldy native DOM functions.