Initial commit

.dockerignore

@@ -0,0 +1,12 @@
+dist
+kubectl_deploy*
+helm_deploy*
+README.md
+node_modules
+npm-debug.log
+.*
+**/*.test.js
+scss-report.txt
+eslint-report.html
+test-report.html
+docker-compose*

.editorconfig

@@ -0,0 +1,10 @@
+# http://editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+charset = utf-8
+max_line_length = 120
+trim_trailing_whitespace = true
+insert_final_newline = true

.env.example

@@ -0,0 +1,10 @@
+REDIS_ENABLED=false
+TOKEN_VERIFICATION_ENABLED=false
+
+# Credentials for allowing user access
+AUTH_CODE_CLIENT_ID=hmpps-typescript-template
+AUTH_CODE_CLIENT_SECRET=clientsecret
+
+# Credentials for API calls
+CLIENT_CREDS_CLIENT_ID=hmpps-typescript-template-system
+CLIENT_CREDS_CLIENT_SECRET=clientsecret

.github/workflows/deploy_to_env.yml

@@ -0,0 +1,39 @@
+name: Deploy to environment
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: Environment
+        type: choice
+        required: true
+        options:
+          - dev
+          - preprod
+          - prod
+        default: 'dev'
+      version:
+        description: version to be deployed to the environment - must already exist.
+        required: true
+        default: ''
+        type: string
+
+permissions:
+  contents: read
+
+jobs:
+  helm_lint:
+    name: helm lint
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/test_helm_lint.yml@v2 # WORKFLOW_VERSION
+    secrets: inherit
+    with:
+      environment: ${{ inputs.environment }}
+  deploy_env:
+    name: Deploy to environment
+    needs:
+      - helm_lint
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2 # WORKFLOW_VERSION
+    secrets: inherit
+    with:
+      environment: ${{ inputs.environment }}
+      app_version: ${{ inputs.version }}

.github/workflows/pipeline.yml

@@ -0,0 +1,93 @@
+name: Pipeline [test -> build -> deploy]
+
+on:
+  push:
+    branches:
+      - '**'
+  workflow_dispatch:
+    inputs:
+      additional_docker_tag:
+        description: Additional docker tag that can be used to specify stable or testing tags
+        required: false
+        default: ''
+        type: string
+      push:
+        description: Push docker image to registry flag
+        required: true
+        default: false
+        type: boolean
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  # main node build workflow
+  node_build:
+    name: node build
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/node_build.yml@v2 # WORKFLOW_VERSION
+    secrets: inherit
+  # generic node unit tests - feel free to override with local tests if required
+  node_unit_tests:
+    name: node unit tests
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/node_unit_tests.yml@v2 # WORKFLOW_VERSION
+    needs: [node_build]
+    secrets: inherit
+  # generic node integration tests using wiremock - feel free to override with local tests if required
+  node_integration_tests:
+    name: node integration tests
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/node_integration_tests.yml@v2 # WORKFLOW_VERSION
+    needs: [node_build]
+    secrets: inherit
+  helm_lint:
+    strategy:
+      matrix:
+        environments: ['dev', 'preprod', 'prod']
+    name: helm lint
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/test_helm_lint.yml@v2 # WORKFLOW_VERSION
+    secrets: inherit
+    with:
+      environment: ${{ matrix.environments }}
+  build:
+    name: Build docker image from hmpps-github-actions
+    if: github.ref == 'refs/heads/main'
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/docker_build.yml@v2 # WORKFLOW_VERSION
+    needs:
+      - node_integration_tests
+      - node_unit_tests
+    with:
+      docker_registry: 'ghcr.io'
+      registry_org: 'ministryofjustice'
+      additional_docker_tag: ${{ inputs.additional_docker_tag }}
+      push: ${{ inputs.push || true }}
+      docker_multiplatform: true
+  deploy_dev:
+    name: Deploy to the development environment
+    needs:
+      - build
+      - helm_lint
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2 # WORKFLOW_VERSION
+    secrets: inherit
+    with:
+      environment: 'dev'
+      app_version: '${{ needs.build.outputs.app_version }}'
+  # deploy_preprod:
+  #   name: Deploy to pre-production environment
+  #   needs:
+  #     - build
+  #     - deploy_dev
+  #   uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2 # WORKFLOW_VERSION
+  #   secrets: inherit
+  #   with:
+  #     environment: 'preprod'
+  #     app_version: '${{ needs.build.outputs.app_version }}'
+  # deploy_prod:
+  #   name: Deploy to production environment
+  #   needs:
+  #     - build
+  #     - deploy_preprod
+  #   uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2 # WORKFLOW_VERSION
+  #   secrets: inherit
+  #   with:
+  #     environment: 'prod'
+  #     app_version: '${{ needs.build.outputs.app_version }}'

.github/workflows/rename_template_project_pr.yml

@@ -0,0 +1,43 @@
+name: rename-project-create-pr
+
+on:
+  workflow_dispatch:
+    inputs:
+      product_id:
+        description: 'Product ID: provide an ID for the product this app/component belongs too.  Refer to the developer portal.'
+        required: true
+      slack_releases_channel:
+        description: 'Slack channel for release notifications.'
+        required: true
+      security_alerts_slack_channel_id:
+        description: 'Slack channel for pipeline security notifications.'
+        required: true
+      non_prod_alerts_prometheus_severity_label:
+        description: 'Non-prod kubernetes alerts. The severity label used by prometheus to route alert notifications to slack. See cloud-platform user guide.'
+        required: true
+        default: 'digital-prison-service-dev'
+      prod_alerts_prometheus_severity_label:
+        description: 'Production kubernetes alerts. The severity label used by prometheus to route alert notifications to slack. See cloud-platform user guide.'
+        required: true
+        default: 'digital-prison-service'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run rename-project script
+        run: ./rename-project.bash ${{ github.event.repository.name }} ${{ inputs.slack_releases_channel }} ${{ inputs.security_alerts_slack_channel_id }} ${{ inputs.non_prod_alerts_prometheus_severity_label }} ${{ inputs.prod_alerts_prometheus_severity_label }} ${{ inputs.product_id }}
+
+      - name: Delete this github actions workflow
+        run: rm .github/workflows/rename_template_project*
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v7
+        with:
+          commit-message: updating project name after deployment from template repository
+          title: Update template project name/references
+          body: Update all references to project name after deploying from template repository
+          branch: rename_template_project
+          base: main

.github/workflows/security_npm_dependency.yml

@@ -0,0 +1,12 @@
+name: Security npm dependency check
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "19 6 * * MON-FRI" # Every weekday
+jobs:
+  security-npm-dependency-check:
+    name: Project security npm dependency check
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_npm_dependency.yml@v2 # WORKFLOW_VERSION
+    with:
+      channel_id: C05J915DX0Q
+    secrets: inherit

.github/workflows/security_trivy.yml

@@ -0,0 +1,12 @@
+name: Security trivy dependency check
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "19 6 * * MON-FRI" # Every weekday
+jobs:
+  security-kotlin-trivy-check:
+    name: Project security trivy dependency check
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_trivy.yml@v2 # WORKFLOW_VERSION
+    with:
+      channel_id: C05J915DX0Q
+    secrets: inherit

.github/workflows/security_veracode_pipeline_scan.yml

@@ -0,0 +1,12 @@
+name: Security veracode pipeline scan
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "19 6 * * MON-FRI" # Every weekday
+jobs:
+  security-veracode-pipeline-scan:
+    name: Project security veracode pipeline scan
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_pipeline_scan.yml@v2 # WORKFLOW_VERSION
+    with:
+      channel_id: C05J915DX0Q
+    secrets: inherit

.github/workflows/security_veracode_policy_scan.yml

@@ -0,0 +1,12 @@
+name: Security veracode policy scan
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "34 6 * * 1" # Every Monday
+jobs:
+  security-veracode-policy-check:
+    name: Project security veracode policy scan
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_policy_scan.yml@v2 # WORKFLOW_VERSION
+    with:
+      channel_id: C05J915DX0Q
+    secrets: inherit

.gitignore

@@ -0,0 +1,127 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
+
+
+.idea
+.vscode
+dist/
+test_results/
+integration_tests/videos/
+integration_tests/screenshots/
+*/*.iml
+**/Chart.lock
+**/.DS_Store

.husky/pre-commit

@@ -0,0 +1 @@
+NODE_ENV=dev && node_modules/.bin/lint-staged && npm run typecheck && npm test

.nvmrc

@@ -0,0 +1 @@
+22