Skip to content

Commit

Permalink
pfs-115: Base Finance Admin project files
Browse files Browse the repository at this point in the history
  • Loading branch information
denialanderror committed Jul 30, 2024
1 parent defe75c commit 4956b0d
Show file tree
Hide file tree
Showing 52 changed files with 3,883 additions and 2 deletions.
1 change: 1 addition & 0 deletions .adr-dir
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
adrs
10 changes: 10 additions & 0 deletions .air.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Hot-reloading with Air - https://github.com/cosmtrek/air

root = "."
tmp_dir = "tmp"

[build]
exclude_dir = ["tmp", "web/assets", "web/static", "node_modules"]
cmd = "go build -gcflags='all=-N -l' -o /tmp/main ."
full_bin = "dlv exec --accept-multiclient --log --headless --continue --listen :2345 --api-version 2 /tmp/main"
include_ext = ["go", "gotmpl"]
6 changes: 6 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
node_modules
cypress/screenshots
cypress/videos
tmp
main
web/static
1 change: 1 addition & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
* @ministryofjustice/opg-sirius-supervision @ministryofjustice/opg-webops
48 changes: 48 additions & 0 deletions .github/renovate.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
],
"branchPrefix": "renovate-",
"commitMessageAction": "Renovate Update",
"labels": [
"Dependencies",
"Renovate"
],
"lockFileMaintenance": {
"enabled": true
},
"packageRules": [
{
"automerge": true,
"groupName": "Patch & Minor Updates",
"groupSlug": "all-minor-patch-updates",
"matchPackagePatterns": [
"*"
],
"matchUpdateTypes": [
"minor",
"patch"
],
"prPriority": 1,
"stabilityDays": 3
}
],
"major": {
"labels": [
"Dependencies",
"Renovate"
],
"prPriority": 0
},
"vulnerabilityAlerts": {
"groupName": "Vulnerability Patches",
"dependencyDashboardApproval": false,
"stabilityDays": 0,
"rangeStrategy": "update-lockfile",
"commitMessagePrefix": "[SECURITY]",
"branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability",
"prCreation": "immediate",
"prPriority": 2
}
}
171 changes: 171 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,171 @@
name: Test & Build

on:
pull_request:
branches:
- main
push:
branches:
- main
workflow_dispatch:

defaults:
run:
shell: bash

jobs:
test:
name: Unit/Integration Tests
runs-on: ubuntu-latest

steps:
- name: Set up Go 1.22
uses: actions/setup-go@v1
with:
go-version: 1.22
id: go

- name: Check out code
uses: actions/checkout@v1

- name: Run tests
run: make test

- name: Test Summary
uses: test-summary/action@v2
with:
paths: "test-results/unit-tests.xml"
if: always()

- name: Upload Code Coverage
uses: codecov/codecov-action@v3
with:
files: test-results/test-coverage.txt
fail_ci_if_error: false
verbose: true

lint:
name: Go Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Go Lint
run: make go-lint

cypress:
name: Cypress Tests
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v4
- name: Run cypress
run: make cypress
- name: Store screenshots
uses: actions/upload-artifact@v3
if: failure()
with:
name: cypress-screenshots
path: cypress/screenshots
- name: Store logs
uses: actions/upload-artifact@v3
if: failure()
with:
name: cypress-logs
path: cypress/logs

build-and-push:
name: "Build & Push Containers"
if: false
runs-on: ubuntu-latest
needs: ['test', 'lint']
outputs:
branch: ${{ steps.set-outputs.outputs.branch }}
tag: ${{ steps.bump_version.outputs.tag }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '0'
- name: Extract branch name
run: |
if [ "${{ github.head_ref }}" == "" ]; then
echo BRANCH_NAME=main >> $GITHUB_ENV
else
echo BRANCH_NAME=${{ github.head_ref }} >> $GITHUB_ENV
fi
id: extract_branch
- uses: unfor19/install-aws-cli-action@v1

- name: Build Container
run: make build

- name: Run Trivy vulnerability scanner
run: make scan

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'test-results/'

- name: Bump Version
id: bump_version
uses: anothrNick/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
INITIAL_VERSION: 1.0.0
DEFAULT_BUMP: minor
PRERELEASE: true
PRERELEASE_SUFFIX: ${{ env.BRANCH_NAME }}
RELEASE_BRANCHES: main
WITH_V: true

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
aws-region: eu-west-1
role-to-assume: arn:aws:iam::311462405659:role/sirius-actions-ci
role-duration-seconds: 3600
role-session-name: GitHubActions

- name: ECR Login
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
registries: 311462405659

- name: Push Container
run: |
docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:latest 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:${{ steps.bump_version.outputs.tag }}
if [ $BRANCH_NAME == "main" ]; then
docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:latest 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:main-${{ steps.bump_version.outputs.tag }}
# We want all of the tags pushed
docker push --all-tags 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin
else
docker push 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:${{ steps.bump_version.outputs.tag }}
fi
push-tags:
runs-on: ubuntu-latest
needs: build-and-push
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
steps:
- uses: actions/checkout@v4

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
aws-region: eu-west-1
role-to-assume: arn:aws:iam::997462338508:role/sirius-actions-ci
role-duration-seconds: 3600
role-session-name: GitHubActions

- name: Install AWS CLI
id: install-aws-cli
uses: unfor19/install-aws-cli-action@v1

- name: Push Tag to Parameter Store
run: |
aws ssm put-parameter --name "opg-sirius-supervision-finance-admin-latest-green-build" --type "String" --value "${{ needs.build-and-push.outputs.tag }}" --overwrite --region=eu-west-1
24 changes: 24 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
node_modules
package-lock.json
test-results
tmp/
web/static/

# Cypress cli run artifact folders
cypress/logs
cypress/screenshots
cypress/videos
cypress/downloads
/cypress/cypress/

# binaries
/main

# IDEs
.idea

.DS_Store
.cache
.gocache
.trivy-cache

Empty file added .trivyignore
Empty file.
21 changes: 21 additions & 0 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
MIT License

Copyright (c) 2024 Ministry of Justice

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
43 changes: 43 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
all: go-lint test build-all scan cypress down

.PHONY: cypress

test-results:
mkdir -p -m 0777 test-results cypress/screenshots .trivy-cache .go-cache

setup-directories: test-results

go-lint:
docker compose run --rm go-lint

build:
docker compose build --no-cache --parallel finance-admin

build-dev:
docker compose -f docker-compose.yml -f docker/docker-compose.dev.yml build --parallel finance-admin yarn

build-all:
docker compose build --parallel finance-admin yarn cypress

test: setup-directories
go run gotest.tools/gotestsum@latest --format testname --junitfile test-results/unit-tests.xml -- ./... -coverprofile=test-results/test-coverage.txt

scan: setup-directories
docker compose run --rm trivy image --format table --exit-code 0 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:latest
docker compose run --rm trivy image --format sarif --output /test-results/hub.sarif --exit-code 1 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:latest

clean:
docker compose down
docker compose run --rm yarn

up: clean build-dev
docker compose -f docker-compose.yml -f docker/docker-compose.dev.yml up finance-admin yarn

down:
docker compose down

compile-assets:
docker compose run --rm yarn build

cypress: setup-directories clean
docker compose run --build cypress
54 changes: 52 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,52 @@
# opg-sirius-supervision-finance-admin
OPG sirius supervision finance admin: Managed by opg-org-infra & Terraform
# OPG SIRIUS SUPERVISION FINANCE ADMIN

### Major dependencies

- [Go](https://golang.org/) (>= 1.22)
- [docker compose](https://docs.docker.com/compose/install/) (>= 2.26.0)

#### Installing dependencies locally:
(This is only necessary if running without docker)

- `yarn install`
- `go mod download`
---

## Local development

The application ran through Docker can be accessed on `localhost:8888/finance-admin`.

To enable debugging and hot-reloading of Go files:

`make up`

Hot-reloading is managed independently for both apps and should happen seamlessly. Hot-reloading for web assets (JS, CSS, etc.)
is also provided via a Yarn watch command.

-----
## Run the unit/integration tests

`make test`

## Run the Cypress tests

`make cypress`

## Run Trivy scanning

`make scan`

-----
## Architectural Decision Records

The major decisions made on this project are documented as ADRs in `/adrs`. The process for contributing to these is documented
in the first ADR.

-----
## HTMX & JS

This project uses [HTMX](https://htmx.org/) to render partial HTML instead of reloading the whole page on each request. However, this can
mean that event listeners added on page load may fail to register/get deregistered when a partial is loaded. To avoid this,
you can force event listeners to register on every HTMX load event by putting them within the `htmx.onLoad` function.

HTMX also includes a range of utility functions that can be used in place of more unwieldy native DOM functions.
Loading

0 comments on commit 4956b0d

Please sign in to comment.