Merge pull request #12 from cds-snc/feat/set_common_project_elements

Feat/set common project elements
cds-snc · Jan 22, 2025 · caad5f1 · caad5f1
2 parents 8bdcd49 + 78739e2
commit caad5f1
Show file tree

Hide file tree

Showing 61 changed files with 5,643 additions and 4,536 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -0,0 +1,24 @@
+FROM node:lts
+
+# Install basic development tools
+RUN apt-get update && apt-get install -y \
+    git \
+    procps \
+    && rm -rf /var/lib/apt/lists/*
+
+# Ensure default `node` user has access to `sudo`
+ARG USERNAME=node
+RUN apt-get update \
+    && apt-get install -y sudo \
+    && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+    && chmod 0440 /etc/sudoers.d/$USERNAME
+
+ENV NODE_ENV=development
+
+# Set the default user
+USER node
+
+EXPOSE 3000
+
+# Set the working directory
+WORKDIR /workspace
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -0,0 +1,34 @@
+{
+    "name": "React Development",
+    "build": {
+        "dockerfile": "Dockerfile",
+        "context": ".."
+    },
+    "customizations": {
+        "vscode": {
+            "extensions": [
+                "dbaeumer.vscode-eslint",
+                "esbenp.prettier-vscode",
+                "formulahendry.auto-rename-tag",
+                "dsznajder.es7-react-js-snippets",
+                "bradlc.vscode-tailwindcss"
+            ],
+            "settings": {
+                "editor.formatOnSave": true,
+                "editor.defaultFormatter": "esbenp.prettier-vscode",
+                "editor.codeActionsOnSave": {
+                    "source.fixAll.eslint": true
+                }
+            }
+        }
+    },
+    "forwardPorts": [3000],
+    "postCreateCommand": "npm install",
+    "remoteUser": "node",
+    "features": {
+        "ghcr.io/devcontainers/features/node:1": {},
+        "ghcr.io/devcontainers/features/terraform:1": {},
+        "ghcr.io/devcontainers/features/aws-cli:1": {},
+        "ghcr.io/devcontainers-extra/features/terragrunt:1": {}
+    }
+}
diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -0,0 +1,13 @@
+version: '3.8'
+services:
+  app:
+    build: 
+      context: .
+      dockerfile: .devcontainer/Dockerfile
+    volumes:
+      - .:/workspace:cached
+    ports:
+      - "3000:3000"
+    environment:
+      - NODE_ENV=development
+    command: sleep infinity
diff --git a/.eslintrc.json b/.eslintrc.json
@@ -2,7 +2,7 @@
     "parser": "@babel/eslint-parser",
     "parserOptions": {
       "requireConfigFile": false,
-      "ecmaVersion": 2021,
+      "ecmaVersion": "latest",
       "sourceType": "module",
       "ecmaFeatures": {
         "jsx": true
@@ -14,12 +14,17 @@
       "node": true
     },
     "extends": [
-      "react-app",
       "eslint:recommended",
-      "plugin:react/recommended"
+      "plugin:react/recommended",
+      "plugin:react-hooks/recommended",
+      "plugin:import/recommended",
+      "plugin:prettier/recommended"
     ],
     "plugins": [
-      "react"
+      "react",
+      "react-hooks",
+      "prettier",
+      "import"
     ],
     "rules": {
       "react/prop-types": "off",
@@ -28,11 +33,19 @@
       "semi": ["error", "always"],
       "quotes": "off",
       "no-irregular-whitespace": "off",
-      "react/no-unescaped-entities": "off"
+      "react/no-unescaped-entities": "off",
+      "react/react-in-jsx-scope": "off",
+      "prettier/prettier": "error",
+      "import/no-unused-modules": "off"
     },
     "settings": {
       "react": {
         "version": "detect"
+      },
+      "import/resolver": {
+        "node": {
+          "extensions": [".js", ".jsx"]
+        }
       }
     }
   }
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for more information:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+# https://containers.dev/guide/dependabot
+
+version: 2
+updates:
+ - package-ecosystem: "devcontainers"
+   directory: "/"
+   schedule:
+     interval: weekly
diff --git a/.github/workflows/export_github_data.yml b/.github/workflows/export_github_data.yml
@@ -0,0 +1,25 @@
+name: GitHub repository metadata exporter
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '20 7 * * *'
+
+jobs:
+  export-data:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Audit DNS requests
+        uses: cds-snc/dns-proxy-action@main
+        env:
+          DNS_PROXY_FORWARDTOSENTINEL: 'true'
+          DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
+          DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      - name: Export Data
+        uses: cds-snc/github-repository-metadata-exporter@main
+        with:
+          github-app-id: ${{ secrets.SRE_BOT_RO_APP_ID }}
+          github-app-installation-id: ${{ secrets.SRE_BOT_RO_INSTALLATION_ID }}
+          github-app-private-key: ${{ secrets.SRE_BOT_RO_PRIVATE_KEY }}
+          log-analytics-workspace-id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
+          log-analytics-workspace-key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml
@@ -0,0 +1,10 @@
+on: [issues, pull_request, workflow_dispatch]
+
+jobs:
+  sync-labels:
+    runs-on: ubuntu-latest
+    name: Sync repository labels
+    steps:
+      - uses: cds-snc/labels@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
@@ -0,0 +1,47 @@
+name: Scorecards supply-chain security
+on:
+  workflow_dispatch:
+  schedule:
+    # Weekly on Saturdays.
+    - cron: '30 1 * * 6'
+  push:
+    branches:
+      - main
+
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+
+    steps:
+      - name: 'Checkout code'
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        with:
+          persist-credentials: false
+
+      - name: 'Run analysis'
+        uses: ossf/scorecard-action@bfa3f0d2c52a31cf9f6bc003e1f15e8b99640aec
+        with:
+          results_file: ossf-results.json
+          results_format: json
+          publish_results: false
+
+      - name: 'Add metadata'
+        run: |
+          full_repo="${{ github.repository }}"
+          OWNER=${full_repo%/*}
+          REPO=${full_repo#*/}
+          jq -c '. + {"metadata_owner": "'$OWNER'", "metadata_repo": "'$REPO'", "metadata_query": "ossf"}' ossf-results.json > ossf-results-modified.json
+
+      - name: 'Post results to Sentinel'
+        uses: cds-snc/sentinel-forward-data-action@main
+        with:
+          file_name: ossf-results-modified.json
+          log_type: GitHubMetadata_OSSF_Scorecard
+          log_analytics_workspace_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
+          log_analytics_workspace_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
diff --git a/.github/workflows/s3-backup.yml b/.github/workflows/s3-backup.yml
@@ -0,0 +1,38 @@
+name: S3 backup
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 6 * * *'
+
+jobs:
+  s3-backup:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        with:
+          fetch-depth: 0 # retrieve all history
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@04b98b3f9e85f563fb061be8751a0352327246b0 # v3.0.1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_S3_BACKUP_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_S3_BACKUP_SECRET_ACCESS_KEY }}
+          aws-region: ca-central-1
+
+      - name: Create ZIP bundle
+        run: |
+          ZIP_FILE=`basename ${{ github.repository }}`-`date '+%Y-%m-%d'`.zip
+          zip -rq "${ZIP_FILE}" .
+          mkdir -p ${{ github.repository }}
+          mv "${ZIP_FILE}" ${{ github.repository }}
+
+      - name: Upload to S3 bucket
+        run: |
+          aws s3 sync . s3://${{ secrets.AWS_S3_BACKUP_BUCKET }} --exclude='*' --include='${{ github.repository }}/*'
+
+      - name: Notify Slack channel if this job failed
+        if: ${{ failure() }}
+        run: |
+          json='{"text":"S3 backup failed in <https://github.com/${{ github.repository }}>!"}'
+          curl -X POST -H 'Content-type: application/json' --data "$json"  ${{ secrets.SLACK_NOTIFY_WEBHOOK }}
diff --git a/.gitignore b/.gitignore
@@ -27,3 +27,18 @@ server/node_modules/
 
 .vercel
 temp.jsonl
+
+# Terragrunt and Terraform
+.terragrunt-cache
+*.tfstate
+*.tfstate.backup
+*.tfstate.lock.info
+
+# Ignored Terraform files
+*gitignore*.tf
+
+# Backup files
+*.bak
+
+# Ignore local stack data file
+.devcontainer/data
diff --git a/.prettierrc b/.prettierrc
@@ -0,0 +1,9 @@
+{
+  "semi": true,
+  "tabWidth": 2,
+  "printWidth": 100,
+  "singleQuote": true,
+  "trailingComma": "es5",
+  "bracketSpacing": true,
+  "jsxBracketSameLine": false
+} 
diff --git a/Makefile b/Makefile
@@ -0,0 +1,22 @@
+.PHONY: fmt checkov install lint test fmt-ci lint-ci build install-dev
+
+terraform-fmt:
+	terraform fmt -recursive terragrunt/aws &&\
+	terragrunt hclfmt
+
+checkov:
+	checkov --directory=aws
+
+run-dev:
+	npm run dev
+
+install:
+	npm install
+
+lint: 
+	npm run lint
+
+fmt:
+	npm run format
+
+test: ;