🗺️ Add Helm chart (#193)

Signed-off-by: GitHub <[email protected]> Signed-off-by: Jacob Woffenden <[email protected]> Co-authored-by: Michael Collins <[email protected]> Co-authored-by: jamesstottmoj <[email protected]>
ministryofjustice · Jul 10, 2024 · 072fc8b · 072fc8b
1 parent f85807c
commit 072fc8b
Show file tree

Hide file tree

Showing 36 changed files with 855 additions and 119 deletions.
diff --git a/.devcontainer/devcontainer-lock.json b/.devcontainer/devcontainer-lock.json
@@ -0,0 +1,42 @@
+{
+  "features": {
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {
+      "version": "2.11.0",
+      "resolved": "ghcr.io/devcontainers/features/docker-in-docker@sha256:503f23cd692325b3cbb8c20a0ecfabb3444b0c786b363e0c82572bd7d71dc099",
+      "integrity": "sha256:503f23cd692325b3cbb8c20a0ecfabb3444b0c786b363e0c82572bd7d71dc099"
+    },
+    "ghcr.io/devcontainers/features/node:1": {
+      "version": "1.5.0",
+      "resolved": "ghcr.io/devcontainers/features/node@sha256:a124954d7ed085eb90e08e6fcecac8cbcbb866317ab16deb2c7797d63cbf35d6",
+      "integrity": "sha256:a124954d7ed085eb90e08e6fcecac8cbcbb866317ab16deb2c7797d63cbf35d6"
+    },
+    "ghcr.io/devcontainers/features/python:1": {
+      "version": "1.6.2",
+      "resolved": "ghcr.io/devcontainers/features/python@sha256:adf861c49eb404ce507280936fa626dcfdc4cffeb7f0a975ef400861a0cb3313",
+      "integrity": "sha256:adf861c49eb404ce507280936fa626dcfdc4cffeb7f0a975ef400861a0cb3313"
+    },
+    "ghcr.io/ministryofjustice/devcontainer-feature/aws:1": {
+      "version": "1.0.0",
+      "resolved": "ghcr.io/ministryofjustice/devcontainer-feature/aws@sha256:bb07a76c8e7a6b630a2056ce959addddee436e3f9936c69b9163eff54f58dbd5",
+      "integrity": "sha256:bb07a76c8e7a6b630a2056ce959addddee436e3f9936c69b9163eff54f58dbd5"
+    },
+    "ghcr.io/ministryofjustice/devcontainer-feature/container-structure-test:1": {
+      "version": "1.0.0",
+      "resolved": "ghcr.io/ministryofjustice/devcontainer-feature/container-structure-test@sha256:19eb30f9eb327b667be2002757d55381de87cdb5a79a6e37d293369fe8ad01ad",
+      "integrity": "sha256:19eb30f9eb327b667be2002757d55381de87cdb5a79a6e37d293369fe8ad01ad",
+      "dependsOn": [
+        "ghcr.io/devcontainers/features/docker-in-docker:2"
+      ]
+    },
+    "ghcr.io/ministryofjustice/devcontainer-feature/kubernetes:1": {
+      "version": "1.0.1",
+      "resolved": "ghcr.io/ministryofjustice/devcontainer-feature/kubernetes@sha256:0ec758e44468ba2a8b70b87613762ab04e50f7bb5eac8f2aea592cff213dbde5",
+      "integrity": "sha256:0ec758e44468ba2a8b70b87613762ab04e50f7bb5eac8f2aea592cff213dbde5"
+    },
+    "ghcr.io/ministryofjustice/devcontainer-feature/static-analysis:1": {
+      "version": "1.0.0",
+      "resolved": "ghcr.io/ministryofjustice/devcontainer-feature/static-analysis@sha256:e81d52725655c8ffb861605feac7ad155b447d51af65f6c3a03cab32d59f1e16",
+      "integrity": "sha256:e81d52725655c8ffb861605feac7ad155b447d51af65f6c3a03cab32d59f1e16"
+    }
+  }
+}
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -3,24 +3,28 @@
   "image": "ghcr.io/ministryofjustice/devcontainer-base:latest",
   "features": {
     "ghcr.io/devcontainers/features/node:1": {
-      "version": "20.11.1"
+      "version": "20.15.0"
     },
     "ghcr.io/devcontainers/features/python:1": {
       "version": "3.12"
     },
     "ghcr.io/devcontainers/features/docker-in-docker:2": {},
     "./features/src/postgresql": {},
-    "ghcr.io/ministryofjustice/devcontainer-feature/aws:0": {}
+    "ghcr.io/ministryofjustice/devcontainer-feature/aws:1": {},
+    "ghcr.io/ministryofjustice/devcontainer-feature/container-structure-test:1": {},
+    "ghcr.io/ministryofjustice/devcontainer-feature/kubernetes:1": {},
+    "ghcr.io/ministryofjustice/devcontainer-feature/static-analysis:1": {}
   },
-  "postCreateCommand": "bash scripts/devcontainer/post-create.sh",
-  "postStartCommand": "bash scripts/devcontainer/post-start.sh",
+  "postCreateCommand": "bash .devcontainer/post-create.sh",
+  "postStartCommand": "bash .devcontainer/post-start.sh",
   "runArgs": ["--name=analytical-platform-ui-devcontainer"],
   "customizations": {
     "vscode": {
       "extensions": [
         "EditorConfig.EditorConfig",
         "GitHub.vscode-github-actions",
-        "GitHub.vscode-codeql"
+        "GitHub.vscode-codeql",
+        "ms-vsliveshare.vsliveshare"
       ]
     }
   }

diff --git a/scripts/devcontainer/post-create.sh → .devcontainer/post-create.sh b/scripts/devcontainer/post-create.sh → .devcontainer/post-create.sh
@@ -7,10 +7,10 @@ npm install --global npm@latest
 docker compose --file contrib/docker-compose-postgres.yml up --detach
 
 # Upgrade Pip
-pip install --upgrade pip
+pip install --break-system-package --upgrade pip
 
 # Install dependencies
-pip install -r requirements.dev.txt
+pip install --break-system-package --requirement requirements.dev.txt
 
 # install npm dependencies and static assets
 npm install

diff --git a/scripts/devcontainer/post-start.sh → .devcontainer/post-start.sh b/scripts/devcontainer/post-start.sh → .devcontainer/post-start.sh
diff --git a/.editorconfig b/.editorconfig
@@ -5,6 +5,19 @@ end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
 
+# This file is autogenerated
+[.devcontainer/devcontainer-lock.json]
+end_of_line = unset
+insert_final_newline = unset
+
+[*.json]
+indent_style = space
+indent_size = 2
+
 [*.sh]
 indent_style = space
 indent_size = 2
+
+[{*.yml,*.yaml}]
+indent_style = space
+indent_size = 2
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1 +1 @@
-* @ministryofjustice/data-platform-apps-and-tools
+* @ministryofjustice/analytical-platform
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,15 +1,11 @@
 ---
 version: 2
 updates:
-  - package-ecosystem: "bundler"
+  - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "daily"
-  - package-ecosystem: "terraform"
-    directory: "/terraform"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "github-actions"
+  - package-ecosystem: "devcontainers"
     directory: "/"
     schedule:
       interval: "daily"
@@ -21,10 +17,6 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
-  - package-ecosystem: "gomod"
-    directory: "/"
-    schedule:
-      interval: "daily"
   - package-ecosystem: "docker"
     directory: "/"
     schedule:

diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
@@ -23,6 +23,7 @@ jobs:
         id: build_image
         uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6.2.0
         with:
+          file: container/Dockerfile
           push: false
           load: true
           tags: dashboard

diff --git a/.github/workflows/chart-lint.yml b/.github/workflows/chart-lint.yml
@@ -0,0 +1,33 @@
+---
+name: Chart Lint
+
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions: {}
+
+jobs:
+  chart-lint:
+    name: Chart Lint
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Set Up Helm
+        id: setup_helm
+        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+
+      - name: Set Up Helm Chart Testing
+        id: setup_chart_testing
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+
+      - name: Lint Chart
+        id: lint_chart
+        run: |
+          make ct
diff --git a/.github/workflows/enforce-version-pinning.yml b/.github/workflows/enforce-version-pinning.yml
@@ -4,10 +4,14 @@ name: Enforce Version Pinning
 
 on:
   pull_request:
-    branches: [main]
+    branches:
+      - main
+
+permissions: {}
 
 jobs:
-  check-version-pinning:
+  enforce-version-pinning:
+    name: Enforce Version Pinning
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -4,12 +4,13 @@ name: Release
 on:
   push:
     tags:
-      - '*.*.*'
+      - "*"
 
 permissions: {}
 
 jobs:
-  release:
+  release-image:
+    name: Release Image
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -21,34 +22,68 @@ jobs:
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Install cosign
-        id: install-cosign
+        id: install_cosign
         uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
 
-      - name: Login to GitHub Container Registry
-        id: login
+      - name: Log in to GitHub Container Registry
+        id: login_ghcr
         uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Push
-        id: push
+      - name: Build and Push
+        id: build_and_push
         uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6.2.0
         with:
-          context: .
           push: true
-          tags: ghcr.io/${{ github.repository_owner }}/analytical-platform-ui:${{ github.ref_name }}
+          tags: ghcr.io/${{ github.repository }}:${{ github.ref_name }}
 
       - name: Sign
         id: sign
+        shell: bash
         run: |
-          cosign sign --yes ghcr.io/${{ github.repository_owner }}/analytical-platform-ui@${{ steps.push.outputs.digest }}
+          cosign sign --yes ghcr.io/${{ github.repository }}@${{ steps.build_and_push.outputs.digest }}
 
       - name: Verify
         id: verify
         run: |
           cosign verify \
-          --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
-          --certificate-identity=https://github.com/${{ github.repository_owner }}/analytical-platform-ui/.github/workflows/release.yml@refs/tags/${{ github.ref_name }} \
-          ghcr.io/${{ github.repository_owner }}/analytical-platform-ui@${{ steps.push.outputs.digest }}
+            --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
+            --certificate-identity=https://github.com/${{ github.repository }}/.github/workflows/release.yml@refs/tags/${{ github.ref_name }} \
+            ghcr.io/${{ github.repository }}@${{ steps.build_and_push.outputs.digest }}
+
+  release-chart:
+    name: Release Chart
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Set Up Helm
+        id: setup_helm
+        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+
+      - name: Log in to GitHub Container Registry
+        id: login_ghcr
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Package Chart
+        id: package_chart
+        run: |
+          helm package chart --destination .helm-deploy
+
+      - name: Push Chart
+        id: push_chart
+        run: |
+          helm push .helm-deploy/analytical-platform-ui-${{ github.ref_name }}.tgz oci://ghcr.io/ministryofjustice/analytical-platform-charts
diff --git a/.github/workflows/scan-image.yml b/.github/workflows/scan-image.yml
@@ -24,15 +24,16 @@ jobs:
         id: build_image
         uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6.2.0
         with:
+          file: container/Dockerfile
           push: false
           load: true
-          tags: dashboard
+          tags: ui
 
       - name: Scan Image
         id: scan_image
         uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
         with:
-          image-ref: dashboard
+          image-ref: ui
           exit-code: 1
           format: sarif
           output: trivy-results.sarif
@@ -44,7 +45,7 @@ jobs:
         id: scan_image_on_failure
         uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
         with:
-          image-ref: dashboard
+          image-ref: ui
           exit-code: 1
           format: table
           severity: CRITICAL

diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml
@@ -30,7 +30,7 @@ jobs:
       - name: Super-Linter
         id: super_linter
         # yamllint disable-line rule:line-length
-        uses: super-linter/super-linter/slim@ba3315d7e5da8cee94ef552f3baf1c34f6021345 # v5.7.1
+        uses: super-linter/super-linter/slim@88ea3923a7e1f89dd485d079f6eb5f5e8f937589 # v6.6.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DEFAULT_BRANCH: main
@@ -40,3 +40,4 @@ jobs:
           PYTHON_FLAKE8_CONFIG_FILE: .flake8
           PYTHON_ISORT_CONFIG_FILE: pyproject.toml
           PYTHON_MYPY_CONFIG_FILE: mypy.ini
+          VALIDATE_KUBERNETES_KUBECONFORM: false # Super-Linter doesn't support https://github.com/jtyr/kubeconform-helm
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -7,8 +7,6 @@ repos:
         id: end-of-file-fixer
       - name: Trailing Whitespace Fixer
         id: trailing-whitespace
-      - name: Check yaml
-        id: check-yaml
       - name: requirements.txt fixer
         id: requirements-txt-fixer
 
@@ -40,3 +38,4 @@ repos:
     rev: v1.32.0
     hooks:
       - id: yamllint
+        args: ["--config-file", ".yaml-lint.yml"]
diff --git a/.yamllint → .yaml-lint.yml b/.yamllint → .yaml-lint.yml
@@ -7,3 +7,7 @@ rules:
     level: warning
     allow-non-breakable-inline-mappings: true
   truthy: disable
+
+ignore:
+  - '**/chart/templates/*.yaml'
+  - '**/chart/templates/tests/*.yaml'
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		* @ministryofjustice/data-platform-apps-and-tools
		* @ministryofjustice/analytical-platform