chore: updated readme and docs

README.md

@@ -1,47 +1,32 @@
 # Get Help Buying for Schools
 
-[![Maintainability][codeclimate-badge]][codeclimate-report]
-![CI][ci-badge]
-![Deploy][deploy-badge]
+[Github Repo](https://github.com/DFE-Digital/buy-for-your-school)
+| [Github Packages](https://github.com/dfe-digital/buy-for-your-school/pkgs/container/buy-for-your-school)
+
+![main](https://github.com/DFE-Digital/buy-for-your-school/actions/workflows/ci-full-pipeline.yml/badge.svg?branch=main)
 
 A service to help school buying professionals create tender documents that comply with the relevant government policy.
 These tender documents can then be used to start a procurement process saving schools time and money.
 
-## Reusable Code
-
-This project uses **[DfE Sign-In][dsi]** for authentication.
-If your department project does the same, the code in `./lib/dsi` could help you.
-
-## Documentation
-
-Run `$ yardoc` to generate documentation for the project in `/documentation` and then `$ open ./documentation/index.html` to open in the browser.
-
-## Changelog
+|Environment|URL|
+|-|-|
+|Production|https://www.get-help-buying-for-schools.service.gov.uk|
+|Staging|https://staging.get-help-buying-for-schools.service.gov.uk|
+|Development|https://dev.get-help-buying-for-schools.service.gov.uk|
 
-When making a change, update the [changelog](CHANGELOG.md) using the
-[Keep a Changelog 1.0.0][keep-a-changelog] format.
+## Getting Started with Development
 
-## Architecture Decision Records
+Please read the [Getting Started](doc/getting-started.md) documentation for help on setting up your local environment and getting access to required systems.
 
-We use ADRs to document architectural decisions managed with [adr-tools][adr].
-
-## Access
-
-| Environment |                              URL                              |
-| :---------- | :-----------------------------------------------------------: |
-| Development |                     http://localhost:3000                     |
-| Research    | https://buy-for-your-school-research.london.cloudapps.digital |
-| Staging     | https://staging-get-help-buying-for-schools.education.gov.uk  |
-| Production  |     https://get-help-buying-for-schools.education.gov.uk      |
-
-
-
----
+## Documentation
 
-[adr]: https://github.com/npryce/adr-tools
-[ci-badge]: https://github.com/DFE-Digital/buy-for-your-school/actions/workflows/continuous-integration.yml/badge.svg
-[codeclimate-badge]: https://api.codeclimate.com/v1/badges/f119cce1678a8a67cca7/maintainability
-[codeclimate-report]: https://codeclimate.com/github/DFE-Digital/buy-for-your-school/maintainability
-[deploy-badge]: https://github.com/DFE-Digital/buy-for-your-school/actions/workflows/deploy.yml/badge.svg
-[dsi]: https://services.signin.education.gov.uk/
-[keep-a-changelog]: https://keepachangelog.com/en/1.0.0/
+- [Accessibility](doc/accessibility.md)
+- [Azure infrastructure](doc/azure.md)
+- [Console Access](doc/console-access.md)
+- [Contentful](doc/contentful-updates.md)
+- [Contentful Webhooks](doc/webhooks.md)
+- [Continuous Integration](doc/continuous-integration.md)
+- [Logging](doc/logging.md)
+- [Managing Environment Variables](doc/managing-environment-variables.md)
+- [Notify](doc/notify.md)
+- [Roles and Portals](roles-and-portals.md)

doc/azure.md

@@ -0,0 +1,10 @@
+# Azure
+
+## Resource groups
+
+|Environment|Azure Resource Group|URL|
+|-|-|-|
+|Production|s174p01-ghbs-app|https://portal.azure.com/#@platform.education.gov.uk/resource/subscriptions/1871efd3-900d-4908-bf66-1b268ab28f10/resourceGroups/s174p01-ghbs-app|
+|Staging|s174t01-ghbs-app|https://portal.azure.com/#@platform.education.gov.uk/resource/subscriptions/cb3dd736-2dc8-4296-9894-16d3ecabe85d/resourceGroups/s174d01-ghbs-app|
+|Development|s174d01-ghbs-app|https://portal.azure.com/#@platform.education.gov.uk/resource/subscriptions/cb3dd736-2dc8-4296-9894-16d3ecabe85d/resourceGroups/s174d01-ghbs-app|
+

doc/console-access.md

@@ -1,51 +1,13 @@
 # Console access
 
-We may need a way to access live environments for debugging or incident management purposes in future.
+NOTE: you will need Azure access to do this
 
-If we do need to open a rails console on production we should pair through the commands we execute to mitigate the risk of data loss.
+Please read [this documentation on console access](https://learn.microsoft.com/en-us/azure/container-apps/container-console?tabs=bash#azure-portal) for more information on connecting to a container app console.
 
-## Prerequisites
+## Console access links
 
-You must have an account that has been invited to the Government Platform as a Service (GPaaS) account. DfE PaaS organisation administrators should be able to invite you if you [request in DfE's #digital-tools-support Slack channel](https://ukgovernmentdfe.slack.com/archives/CMS9V0JQL).
-
-You must have have been given 'Space developer' access to the intended space, for example "sct-prod". Note 'Space manager' is a separate role and does not include all `Space developer` permissions.
-
-[You can sign in to check your account and permissions here](https://admin.london.cloud.service.gov.uk).
-
-## Access
-
-1. From a local terminal login to Cloud Foundry and select the intended space
-    ```
-    $ cf login -a api.london.cloud.service.gov.uk -u [email protected]
-    ```
-1. See all available spaces
-    ```
-    $ cf spaces
-    ```
-1. Change space
-    ```
-    $ cf target -s <space name>
-    ```
-1. View available services
-    ```
-    $ cf apps
-    ```
-1. Connect to the environment (in this case production)
-    ```
-    $ cf ssh <service name>
-    ```
-1. Navigate to the application
-    ```
-    $ cd /srv/app
-    ```
-1. Run the intended commands
-    ```
-    $ export PATH="$PATH:/usr/local/bin"
-    $ /usr/local/bin/ruby bin/rails c
-    ```
-
-    or
-
-    ```
-    $ /usr/local/bin/ruby bin/rake db:seed
-    ```
+|Enviroment|Console Link|
+|--|--|
+|Development|[Console](https://portal.azure.com/#@platform.education.gov.uk/resource/subscriptions/cb3dd736-2dc8-4296-9894-16d3ecabe85d/resourceGroups/s174d01-ghbs-app/providers/Microsoft.App/containerApps/devghbs-buyforyourschool/console)|
+|Staging|[Console](https://portal.azure.com/#@platform.education.gov.uk/resource/subscriptions/bc55c4cf-d75d-42d1-9017-a457b6b2cfc8/resourceGroups/s174t01-ghbs-app/providers/Microsoft.App/containerApps/stagghbs-buyforyourschool/console)|
+|Production|[Console](https://portal.azure.com/#@platform.education.gov.uk/resource/subscriptions/1871efd3-900d-4908-bf66-1b268ab28f10/resourceGroups/s174p01-ghbs-app/providers/Microsoft.App/containerApps/prodghbs-buyforyourschool/console)|

doc/continuous-integration.md

@@ -0,0 +1,17 @@
+# Continuous Integration
+
+## Github Actions
+
+Automated deployments are handled by [github actions](https://github.com/DFE-Digital/buy-for-your-school/actions).
+
+### Deployment Secrets
+
+Select secrets are stored in github "Environments". We store as little secrets as possible within github and prefer to rely on permissions within Azure.
+
+|Secret|Description|
+|-|-|
+|`AZURE_SP_CREDENTIALS`|Service principle credentails stored in JSON form|
+|`CONTAINER_APP_NAME`|Name of the container-app|
+|`RESOURCE_GROUP_NAME`|Name of the resource group|
+
+For more on service principal credentials, see [here](https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#create-a-service-principal) and [here](https://github.com/marketplace/actions/azure-login#configure-a-service-principal-with-a-secret).

doc/dfe-sign-in.md

@@ -2,128 +2,49 @@
 
 **_DfE Sign-In_** `DSI` is the **_Single Sign-On_** `SSO` provider for this service.
 
-There are [testing][test-register], [pre-production][pre-prod-register] and [production][prod-register] environments for DSI that each require registration.
-
-## Registration
-
-Anyone can register for a DSI profile in each environment.
-An *approver* at a supported establishment can invite users to their organisation.
-[This school][test-school] has been used for testing access for local development.
-Contact DfE [#digital-tools-support][digi-tools] and [#dfe_sign-in][dfe_sign-in] Slack channels for further assistance.
-
-## Access
-
-The DSI API returns a user's affiliated organisations with their type name and number.
-Will restrict access to users from certain types of establishment.
-
-**Accept**
-
-    1   Community School
-    2   Voluntary Aided School
-    3   Voluntary Controlled School
-    5   Foundation School
-    6   City Technology College
-    7   Community Special School
-    12  Foundation Special School
-    14  Pupil Referral Unit
-    28  Academy Sponsor Led
-    33  Academy Special Sponsor Led
-    34  Academy Converter
-    35  Free Schools
-    36  Free Schools Special
-    38  Free Schools - Alternative Provision
-    40  University Technical College
-    41  Studio Schools
-    42  Academy Alternative Provision Converter
-    43  Academy Alternative Provision Sponsor Led
-    44  Academy Special Converter
-
-**Reject**
-
-    8   Non-Maintained Special School
-    10  Other Independent Special School
-    11  Other Independent School
-    15  LA Nursery School
-    18  Further Education
-    24  Secure Units
-    25  Offshore Schools
-    26  Service Children's Education
-    27  Miscellaneous
-    29  Higher Education Institution
-    30  Welsh Establishment
-    31  Sixth Form Centres
-    32  Special Post 16 Institution
-    37  British Overseas Schools
-    39  Free Schools - 16-19
-    45  Academy 16-19 Converter
-    46  Academy 16-19 Sponsor Led
-    47  Children's Centre
-    48  Children's Centre Linked Site
-    56  Institution funded by other government department
-
-
 ## Environments
 
-This service has deployment environments and each is paired with a corresponding DSI environment.
-
-|                | Enabled      | DSI Env              | DSI service management     |
-| :------------- | :----------- | :------------------- | :------------------------- |
-| Development    | optional     | [test][test]         | [manage][test-manage]      |
-| Staging        | true         | [pre-prod][pre-prod] | [manage][pre-prod-manage]  |
-| Research       | true         | [pre-prod][pre-prod] | [manage][pre-prod-manage]  |
-| Production     | true         | [prod][prod]         | [manage][prod-manage]      |
-
-DSI DNS Aliases:
-
-- `https://interactions.signin.education.gov.uk` -> `https://services.signin.education.gov.uk`
-- `https://pp-interactions.signin.education.gov.uk` -> `https://pp-services.signin.education.gov.uk`
-- `https://test-interactions.signin.education.gov.uk` -> `https://test-services.signin.education.gov.uk`
-
-## Development
-
-In development, setting the environment variable `DFE_SIGN_IN_ENABLED` to false will bypass DSI.
-You can provide _any_ value in the `UID` field to sign in.
-The application has matured and now requires user data provided by DSI therefore bypassing has limited use.
-
-Communicating with DSI in development requires a secure connection.
-
-Create a self-signed certificate:
+There are three different DfE sign in environments, an account on one environment will not be shared across to the other environments. However, both staging and development environments both use the same DfE sign in environment so the account can be shared in effect.
 
-`$ openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 365 -keyout localhost.key -out localhost.crt`
+Below is a mapping of which applications are backed by which DfE sign in environments:
 
-Firefox will permit the use of this certificate. On OSX, Chrome will require that certificate be trusted.
-In **Keychain Access** add it to the **Certificates** in the **System Keychain**.
-Use `File > Import Items` and import `localhost.crt`.
-Once imported change the trust level to `Always Trust`.
+| App Environment |DSI Env              | DSI service management    | Request Organisations |
+| :------------- |:------------------- | :------------------------- | --------------------- |
+| Local Dev      |[test][test]         | [manage][test-manage]      | [test][test-request-org] |
+| Development    |[pre-prod][pre-prod] | [manage][pre-prod-manage]  | [pre-prod][pre-prod-request-org] |
+| Staging        |[pre-prod][pre-prod] | [manage][pre-prod-manage]  | [pre-prod][pre-prod-request-org] |
+| Production     |[prod][prod]         | [manage][prod-manage]      | [prod][prod-request-org] |
 
+## Getting an account
+### Sign up
 
-See `Procfile.dev` for starting puma with SSL.
+DfE Sign in is "self service" so in order to get an account you need to sign up yourself. Please click on each link in the "DSI Env" in the table above and follow the steps to create an account.
 
+### Request access
 
-## Organisations
+Now you have an account you will be able to log in, but the application does further authorization with your account details.
 
-The service leverages a user's affiliation to an organisation within DSI to control access.
-The development team should use the `test` DSI environment variables in `.env.development.local`.
-Developers in the test environment can [*approve* or *invite*][test-users] new team members.
-The organisation **"DfE Commercial Procurement Operations"** is required to gain access beyond `/support` in each environment.
-The lead developer or product manager will be approvers and can invite new team members thereby granting access to live environments.
+In order to gain access to parts of the system you need to request access to the "DfE Commercial Procurement Operations" organisation. Use the links in the "Request Organisations" column of the table above, search for "DfE Commercial Procurement Operations" organisation and then request access.
 
 ---
 
 [pre-prod]: https://pp-services.signin.education.gov.uk
 [pre-prod-register]: https://pp-profile.signin.education.gov.uk/register
 [pre-prod-manage]: https://pp-manage.signin.education.gov.uk/services/00487750-C9B8-414C-8746-1076885456E0/service-configuration
 [pre-prod-api]: https://pp-api.signin.education.gov.uk
+[pre-prod-request-org]: https://pp-services.signin.education.gov.uk/request-organisation/search
 [prod]: https://services.signin.education.gov.uk
 [prod-register]: https://profile.signin.education.gov.uk/register
 [prod-manage]: https://manage.signin.education.gov.uk/services/9D1B3879-3495-4D3F-AB7A-ED9B8E968EFF/service-configuration
 [prod-api]: https://api.signin.education.gov.uk
+[prod-request-org]: https://services.signin.education.gov.uk/request-organisation/search
 [test]: https://test-services.signin.education.gov.uk
 [test-register]: https://test-profile.signin.education.gov.uk/register
 [test-manage]: https://test-manage.signin.education.gov.uk/services/FD39DCFC-9B60-46C4-ACDC-699A2468B46F/service-configuration
 [test-api]: https://test-api.signin.education.gov.uk
 [test-users]: https://test-services.signin.education.gov.uk/approvals/users
 [test-school]: https://test-services.signin.education.gov.uk/approvals/50F4A834-9314-4A66-969E-C86D03821C26/users
+[test-request-org]: https://test-services.signin.education.gov.uk/request-organisation/search
 [digi-tools]: https://ukgovernmentdfe.slack.com/archives/CMS9V0JQL
 [dfe_sign-in]: https://ukgovernmentdfe.slack.com/archives/C5S500XB6