Merge pull request #1 from alphagov/initial-repo-configuration

Initial repository configuration

.github/.pre-commit-config.yaml

@@ -0,0 +1,6 @@
+repos:
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.4.0
+    hooks:
+      - id: detect-secrets
+        args: [ '--baseline', '.secrets.baseline' ]

.github/dependabot.yml

@@ -0,0 +1,23 @@
+---
+version: 2
+updates:
+- package-ecosystem: docker
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "03:00"
+  open-pull-requests-limit: 10
+  labels:
+    - dependencies
+    - govuk-pay
+    - docker
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "03:00"
+  open-pull-requests-limit: 0
+  labels:
+    - dependencies
+    - govuk-pay
+    - github_actions

.secrets.baseline

@@ -0,0 +1,112 @@
+{
+  "version": "1.4.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {},
+  "generated_at": "2023-07-19T08:04:06Z"
+}

CONTRIBUTING.md

@@ -0,0 +1,8 @@
+# GOV.UK Pay contributing guide
+
+This guide covers the basics of how to contribute to the GOV.UK Pay project.
+
+## Contributions from beyond the team
+If you have an idea or a feature request to share, please contact the GOV.UK Pay team by emailing [email protected]. 
+
+Please do not submit pull requests or raise GitHub issues for security vulnerabilities. Please follow our [vulnerability disclosure](https://github.com/alphagov/pay-webhooks/blob/main/README.md#vulnerability-disclosure) process instead.

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 Government Digital Service
+Copyright (c) 2023 Crown Copyright (Government Digital Service)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -1,2 +1,27 @@
 # pay-adot
-GOV.UK Implementation of Amazon Distribution for Open Telemetry as a Fargate sidecar
+
+GOV.UK Implementation of Amazon Distribution for Open Telemetry as a Fargate sidecar.
+
+The sidecar will scrape `/metrics` on the configured container port and push the scraped metrics to a remote prometheus instance.
+
+Authentication with the remote prometheus instance will be done by assuming a role and signing requests using AWS SigV4
+authentication.
+
+## Environment variables
+
+The following environment variables must be set for this container to function:
+
+Environment variable | Example | Description
+---------------------|---------|------------
+APPLICATION\_PORT | `3000` | Open Telemetry will connect to this port on localhost to scrape the /metrics endpoint
+PROMETHEUS\_ENDPOINT\_URL | `https://aps-workspaces.eu-west-1.amazonaws.com/workspaces/ws-01234567-89ab-cdef-0123456789ab/` | The full endpoint URL exposing a prometheus remote write receiver
+PROMETHEUS\_WRITE\_ASSUME\_ROLE\_ARN | `arn:aws:iam::12345678:role/example-role` | The ARN of the role to assume when writing to prometheus
+AWS\_REGION | `eu-west-1` | The region in which to assume the role specified in PROMETHEUS\_WRITE\_ASSUME\_ROLE\_ARN
+
+## Licence
+
+[MIT License](LICENSE)
+
+## Vulnerability Disclosure
+
+GOV.UK Pay aims to stay secure for everyone. If you are a security researcher and have discovered a security vulnerability in this code, we appreciate your help in disclosing it to us in a responsible manner. Please refer to our [vulnerability disclosure policy](https://www.gov.uk/help/report-vulnerability) and our [security.txt](https://vdp.cabinetoffice.gov.uk/.well-known/security.txt) file for details.