Merge main into release-merge-find-and-connect

.github/workflows/deploy.yml

@@ -269,4 +269,13 @@ jobs:
       app_name: ${{ matrix.app_name }}
       test_project_name: ${{ matrix.test_project_name }}
       project_type: service
+    secrets: inherit
+
+  run-ui-e2e-tests:
+    if: ${{ startsWith(inputs.environment, 'Test') || inputs.environment == 'Pre-production' }}
+    name: Run E2E Test Suite
+    needs: [ deploy-ui-services ]
+    uses: ./.github/workflows/run-e2e-tests.yml
+    with:
+      environment: ${{ inputs.environment }}
     secrets: inherit

.github/workflows/e2e-seed-database.yml

@@ -0,0 +1,106 @@
+name: Seed Database with E2E Test Data
+run-name: Seed ${{ inputs.environment }} Database with E2E Test Data (${{ inputs.action }})
+
+on:
+  workflow_dispatch: 
+    inputs:
+      environment:
+        description: The environment target to seed test data in
+        default: 'Development'
+        type: choice
+        options:
+          - 'Development'
+          - 'Test'
+          - 'Test2'
+          - 'Pre-production'
+      action:
+        description: Whether to run the setup or teardown script
+        default: 'Teardown'
+        type: choice
+        options:
+          - 'Setup'
+          - 'Teardown'
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+      action:
+        required: true
+        type: string
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  run-seed-script:
+    name: Run ${{ inputs.action }} Script
+    runs-on: ubuntu-24.04
+    environment: ${{ inputs.environment }}
+    defaults: 
+      run: 
+        working-directory: "test/e2e-seed-data-framework"
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Install NodeJS
+        uses: actions/setup-node@v4
+        with:
+          node-version: "lts/Jod" # 22 LTS
+
+      - name: Install NPM Packages
+        shell: bash
+        run: npm i
+
+      - name: Get Workflow Runner IP
+        id: runner-ip
+        uses: ./.github/actions/get-runner-ip-address
+
+      - name: Azure CLI Login
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Add Azure Firewall Rule
+        uses: ./.github/actions/azure-firewall-ip
+        with:
+          ip_address: ${{ steps.runner-ip.outputs.ip_address }}
+          action: "Add"
+          az_resource_group: ${{ vars.AZURE_RESOURCE_PREFIX }}-familyhubs
+          az_sql_server_name: ${{ vars.AZURE_RESOURCE_PREFIX }}-as-fh-sql-server
+          az_firewall_rule_name: E2E-SEED-SCRIPT
+
+      - name: Create Environment Variables
+        shell: bash
+        run: |
+          cat <<'EOF' > .env
+          IDS_START_FROM=1000000
+          CONNECTION_STRING_SERVICEDIRECTORY='${{ secrets.PLAYWRIGHT_CONNECTION_STRING_SERVICE_DIRECTORY_DATABASE }}'
+          CONNECTION_STRING_REFERRAL='${{ secrets.PLAYWRIGHT_CONNECTION_STRING_REFERRAL_DATABASE }}'
+          CONNECTION_STRING_REPORT='${{ secrets.PLAYWRIGHT_CONNECTION_STRING_REPORT_DATABASE }}'
+          ENCRYPTION_KEY='${{ secrets.PLAYWRIGHT_REFERRAL_COLUMN_ENCRYPTION_KEY }}'
+          INITIALISATION_VECTOR='${{ secrets.PLAYWRIGHT_REFERRAL_COLUMN_INITIALISATION_VECTOR }}'
+          EXAMPLE_SEED=False
+          EOF
+
+      - name: Run ${{ inputs.action }}
+        shell: bash
+        run: |
+          SCRIPT=$(tr '[:upper:]' '[:lower:]' <<< "${{ inputs.action }}")
+          npm run $SCRIPT:dev
+
+      - name: Remove Azure Firewall Rule
+        if: always()
+        uses: ./.github/actions/azure-firewall-ip
+        with:
+          ip_address: ${{ steps.runner-ip.outputs.ip_address }}
+          action: "Remove"
+          az_resource_group: ${{ vars.AZURE_RESOURCE_PREFIX }}-familyhubs
+          az_sql_server_name: ${{ vars.AZURE_RESOURCE_PREFIX }}-as-fh-sql-server
+          az_firewall_rule_name: E2E-SEED-SCRIPT

.github/workflows/run-e2e-tests.yml

@@ -0,0 +1,132 @@
+name: Run E2E Test Suite
+run-name: Run E2E Test Suite on ${{ inputs.environment }}
+
+on:
+  workflow_dispatch: 
+    inputs:
+      environment:
+        description: The environment to run the E2E tests on
+        default: 'Development'
+        type: choice
+        options:
+          - 'Development'
+          - 'Test'
+          - 'Test2'
+          - 'Pre-production'
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  pre-test-teardown:
+    name: Pre-Test Database Teardown
+    uses: ./.github/workflows/e2e-seed-database.yml
+    with:
+      environment: ${{ inputs.environment }}
+      action: 'Teardown'
+    secrets: inherit
+
+  pre-test-setup:
+    needs: [ pre-test-teardown ]
+    name: Pre-Test Database Setup
+    uses: ./.github/workflows/e2e-seed-database.yml
+    with:
+      environment: ${{ inputs.environment }}
+      action: 'Setup'
+    secrets: inherit
+
+  run-test-suite:
+    needs: [ pre-test-setup ]
+    name: ${{ matrix.job_name }}
+    strategy:
+      fail-fast: false
+      matrix:
+        suite: [ find-e2e-tests, manage-e2e-tests ]
+        include:
+          - suite: find-e2e-tests
+            job_name: E2E - Find UI
+            base_url: ${{ vars.PLAYWRIGHT_FIND_BASE_URL }}
+          - suite: manage-e2e-tests
+            job_name: E2E - Manage UI
+            base_url: ${{ vars.PLAYWRIGHT_MANAGE_BASE_URL }}
+    runs-on: ubuntu-24.04
+    environment: ${{ inputs.environment }}
+    defaults: 
+      run: 
+        working-directory: "test/${{ matrix.suite }}"
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Install NodeJS
+        uses: actions/setup-node@v4
+        with:
+          node-version: "lts/Jod" # 22 LTS
+
+      - name: Install NPM Packages
+        shell: bash
+        run: npm i
+
+      - name: Install Playwright Dependencies
+        shell: bash
+        run: npx playwright install-deps
+
+      - name: Get Playwright Version
+        id: playwright-version
+        shell: bash
+        run: |
+          ARRAY=($(npx playwright --version))
+          VERSION=${ARRAY[1]}
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+
+      - name: Playwright Browser Cache
+        id: playwright-cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/ms-playwright
+          key: ${{ runner.os }}-PlayWright-${{ steps.playwright-version.outputs.VERSION }}
+
+      - name: Install Playwright Browsers
+        if: steps.playwright-cache.outputs.cache-hit != 'true'
+        shell: bash
+        run: npx playwright install
+
+      - name: Create Environment Variables
+        shell: bash
+        run: |
+          cat <<'EOF' > .env
+          BASE_URL='${{ vars.PLAYWRIGHT_ENVIRONMENT_PREFIX }}${{ matrix.base_url }}'
+          USER_NAME='${{ secrets.PLAYWRIGHT_USER_NAME }}'
+          PASSWORD='${{ secrets.PLAYWRIGHT_PASSWORD }}'
+          DFE_ADMIN_USER='${{ secrets.PLAYWRIGHT_GOVLOGIN_DFE_ADMIN_USER }}'
+          GOV_LOGIN_PASSWORD='${{ secrets.PLAYWRIGHT_GOVLOGIN_PASSWORD }}'
+          EOF
+
+      - name: Run Playwright Test Suite
+        shell: bash
+        run: npx playwright test --workers `nproc`
+
+      - name: Upload Report
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: playwright-report-${{ matrix.suite }}
+          path: "**/playwright-report/"
+
+  # Intentionally doesn't run after test failure to facilitate analysis
+  post-test-teardown:
+    needs: [ run-test-suite ]
+    name: Post-Test Database Teardown
+    uses: ./.github/workflows/e2e-seed-database.yml
+    with:
+      environment: ${{ inputs.environment }}
+      action: 'Teardown'
+    secrets: inherit

src/Directory.Packages.props

@@ -138,9 +138,9 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageVersion>
     <PackageVersion Include="StackExchange.Redis" Version="2.8.12" />
-    <PackageVersion Include="Swashbuckle.AspNetCore" Version="6.5.0" />
-    <PackageVersion Include="Swashbuckle.AspNetCore.Annotations" Version="6.5.0" />
-    <PackageVersion Include="Swashbuckle.AspNetCore.SwaggerUI" Version="6.5.0" />
+    <PackageVersion Include="Swashbuckle.AspNetCore" Version="7.1.0" />
+    <PackageVersion Include="Swashbuckle.AspNetCore.Annotations" Version="7.1.0" />
+    <PackageVersion Include="Swashbuckle.AspNetCore.SwaggerUI" Version="7.1.0" />
     <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="7.7.1" />
     <PackageVersion Include="System.Linq" Version="4.3.0" />
     <PackageVersion Include="TestStack.BDDfy" Version="4.3.2" />

src/service/idam-api/src/FamilyHubs.Idam.Api/StartupExtensions.cs

@@ -144,6 +144,7 @@ public static void ConfigureWebApplication(this WebApplication webApplication)
         webApplication.UseSwaggerUI();
 
         webApplication.UseHttpsRedirection();
+        webApplication.UseHsts();
 
         webApplication.MapControllers();
 

src/service/idam-api/src/FamilyHubs.Idam.Api/web.config

@@ -0,0 +1,18 @@
+<configuration>
+    <system.webServer>
+        <httpProtocol>
+            <customHeaders>
+                <add name="X-Frame-Options" value="DENY" />
+                <add name="X-XSS-Protection" value="1; mode=block" />
+                <add name="X-Content-Type-Options" value="nosniff" />
+                <add name="Content-Security-Policy" value="default-src 'self';" />
+
+                <remove name="X-Powered-By" />
+                <remove name="x-aspnet-version"/>
+            </customHeaders>
+        </httpProtocol>
+        <security>
+            <requestFiltering removeServerHeader="true" />
+        </security>
+    </system.webServer>
+</configuration>

src/service/mock-hsda-api/src/FamilyHubs.Mock-Hsda.Api/Program.cs

@@ -59,7 +59,7 @@
     c.SwaggerEndpoint("/swagger/v1/swagger.json", "HSDA Mock API V1");
 });
 
-app.UseHttpsRedirection();
+app.UseHsts();
 
 app.UseRouting();
 

src/service/mock-hsda-api/src/FamilyHubs.Mock-Hsda.Api/web.config

@@ -0,0 +1,18 @@
+<configuration>
+    <system.webServer>
+        <httpProtocol>
+            <customHeaders>
+                <add name="X-Frame-Options" value="DENY" />
+                <add name="X-XSS-Protection" value="1; mode=block" />
+                <add name="X-Content-Type-Options" value="nosniff" />
+                <add name="Content-Security-Policy" value="default-src 'self';" />
+
+                <remove name="X-Powered-By" />
+                <remove name="x-aspnet-version"/>
+            </customHeaders>
+        </httpProtocol>
+        <security>
+            <requestFiltering removeServerHeader="true" />
+        </security>
+    </system.webServer>
+</configuration>

src/service/notification-api/src/FamilyHubs.Notification.Api/Endpoints/MinimalNotifyEndPoints.cs

@@ -1,4 +1,5 @@
-using FamilyHubs.Notification.Core.Commands.CreateNotification;
+using System.Net.Mime;
+using FamilyHubs.Notification.Core.Commands.CreateNotification;
 using FamilyHubs.Notification.Core.Queries.GetSentNotifications;
 using FamilyHubs.Notification.Api.Contracts;
 using MediatR;
@@ -26,14 +27,18 @@ public void RegisterMinimalNotifyEndPoints(WebApplication app)
             var result = await _mediator.Send(request, cancellationToken);
             return result;
 
-        }).WithMetadata(new SwaggerOperationAttribute("Get Notifications", "Get Paginated Notification List") { Tags = new[] { "Notifications" } });
+        })
+            .WithMetadata(new SwaggerOperationAttribute("Get Notifications", "Get Paginated Notification List") { Tags = new[] { "Notifications" } })
+            .Produces<PaginatedList<MessageDto>>(contentType: MediaTypeNames.Application.Json);
 
         app.MapGet("api/notify/{id}", [Authorize] async (long id, CancellationToken cancellationToken, ISender _mediator) =>
         {
             GetNotificationByIdCommand request = new(id);
             var result = await _mediator.Send(request, cancellationToken);
             return result;
 
-        }).WithMetadata(new SwaggerOperationAttribute("Get Notification By Id", "Get Notification By Id") { Tags = new[] { "Notifications" } });
+        })
+            .WithMetadata(new SwaggerOperationAttribute("Get Notification By Id", "Get Notification By Id") { Tags = new[] { "Notifications" } })
+            .Produces<MessageDto>(contentType: MediaTypeNames.Application.Json);
     }
 }

src/service/notification-api/src/FamilyHubs.Notification.Api/StartupExtensions.cs

@@ -178,6 +178,7 @@ public static void ConfigureWebApplication(this WebApplication webApplication)
         webApplication.UseSwaggerUI();
 
         webApplication.UseHttpsRedirection();
+        webApplication.UseHsts();
 
         webApplication.MapControllers();
 

src/service/notification-api/src/FamilyHubs.Notification.Api/web.config

@@ -0,0 +1,18 @@
+<configuration>
+    <system.webServer>
+        <httpProtocol>
+            <customHeaders>
+                <add name="X-Frame-Options" value="DENY" />
+                <add name="X-XSS-Protection" value="1; mode=block" />
+                <add name="X-Content-Type-Options" value="nosniff" />
+                <add name="Content-Security-Policy" value="default-src 'self';" />
+
+                <remove name="X-Powered-By" />
+                <remove name="x-aspnet-version"/>
+            </customHeaders>
+        </httpProtocol>
+        <security>
+            <requestFiltering removeServerHeader="true" />
+        </security>
+    </system.webServer>
+</configuration>