🔧 QoL Configuration (#5)

* 🔧 Add GitHub Workflows * 🔧 Add * 🔧 Add devcontainer * 🚧 Add many files * 🔧 Add package.json * 🔥 Comment out tests in Dockerfile * :alert: black linting * 🔧 Add linting config files * :alert: linting * Add new lines * :alert: Linting * Linting * 🔧 Update flake8 configuration * 🔧 Blank-ify charts * 🔧 Linting + correction * 🔧 Alter flake8 configuration * 🔧 flake8 configuration * 🔥 Remove unneeded code * ♻️ Rename * 🔧 Add ollama in devcontainer * ➕ Makefile extension * 🔧 Comment out prints * Add pytest + pytest-django to requirements.txt * 🔧 Remove Testing for now * 🔧 Add .yamllint * Linting * Final touches * 🔧 Linting * 🔧 Linting * Thought this had been added * Update .devcontainer/devcontainer.json Co-authored-by: Jacob Woffenden <[email protected]> * Update .github/workflows/build-test.yml Co-authored-by: Jacob Woffenden <[email protected]> * Update .github/CODEOWNERS Co-authored-by: Jacob Woffenden <[email protected]> * 🔧 Feedback updates * Update chart/values.yaml Co-authored-by: Jacob Woffenden <[email protected]> * Update README.md Co-authored-by: Jacob Woffenden <[email protected]> * 🔧 Update Checkout versions across all workflow * 🔧 Feedback updates * 🔧 Tune down --------- Co-authored-by: Jacob Woffenden <[email protected]>
ministryofjustice · Jul 15, 2024 · acadd6d · acadd6d
1 parent 1a0cb75
commit acadd6d
Show file tree

Hide file tree

Showing 53 changed files with 1,096 additions and 197 deletions.
diff --git a/.devcontainer/devcontainer-lock.json b/.devcontainer/devcontainer-lock.json
@@ -0,0 +1,42 @@
+{
+  "features": {
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {
+      "version": "2.11.0",
+      "resolved": "ghcr.io/devcontainers/features/docker-in-docker@sha256:503f23cd692325b3cbb8c20a0ecfabb3444b0c786b363e0c82572bd7d71dc099",
+      "integrity": "sha256:503f23cd692325b3cbb8c20a0ecfabb3444b0c786b363e0c82572bd7d71dc099"
+    },
+    "ghcr.io/devcontainers/features/node:1": {
+      "version": "1.5.0",
+      "resolved": "ghcr.io/devcontainers/features/node@sha256:a124954d7ed085eb90e08e6fcecac8cbcbb866317ab16deb2c7797d63cbf35d6",
+      "integrity": "sha256:a124954d7ed085eb90e08e6fcecac8cbcbb866317ab16deb2c7797d63cbf35d6"
+    },
+    "ghcr.io/devcontainers/features/python:1": {
+      "version": "1.6.2",
+      "resolved": "ghcr.io/devcontainers/features/python@sha256:adf861c49eb404ce507280936fa626dcfdc4cffeb7f0a975ef400861a0cb3313",
+      "integrity": "sha256:adf861c49eb404ce507280936fa626dcfdc4cffeb7f0a975ef400861a0cb3313"
+    },
+    "ghcr.io/ministryofjustice/devcontainer-feature/aws:1": {
+      "version": "1.0.0",
+      "resolved": "ghcr.io/ministryofjustice/devcontainer-feature/aws@sha256:bb07a76c8e7a6b630a2056ce959addddee436e3f9936c69b9163eff54f58dbd5",
+      "integrity": "sha256:bb07a76c8e7a6b630a2056ce959addddee436e3f9936c69b9163eff54f58dbd5"
+    },
+    "ghcr.io/ministryofjustice/devcontainer-feature/container-structure-test:1": {
+      "version": "1.0.0",
+      "resolved": "ghcr.io/ministryofjustice/devcontainer-feature/container-structure-test@sha256:19eb30f9eb327b667be2002757d55381de87cdb5a79a6e37d293369fe8ad01ad",
+      "integrity": "sha256:19eb30f9eb327b667be2002757d55381de87cdb5a79a6e37d293369fe8ad01ad",
+      "dependsOn": [
+        "ghcr.io/devcontainers/features/docker-in-docker:2"
+      ]
+    },
+    "ghcr.io/ministryofjustice/devcontainer-feature/kubernetes:1": {
+      "version": "1.0.1",
+      "resolved": "ghcr.io/ministryofjustice/devcontainer-feature/kubernetes@sha256:0ec758e44468ba2a8b70b87613762ab04e50f7bb5eac8f2aea592cff213dbde5",
+      "integrity": "sha256:0ec758e44468ba2a8b70b87613762ab04e50f7bb5eac8f2aea592cff213dbde5"
+    },
+    "ghcr.io/ministryofjustice/devcontainer-feature/static-analysis:1": {
+      "version": "1.0.0",
+      "resolved": "ghcr.io/ministryofjustice/devcontainer-feature/static-analysis@sha256:e81d52725655c8ffb861605feac7ad155b447d51af65f6c3a03cab32d59f1e16",
+      "integrity": "sha256:e81d52725655c8ffb861605feac7ad155b447d51af65f6c3a03cab32d59f1e16"
+    }
+  }
+}
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -0,0 +1,32 @@
+{
+  "name": "analytical-platform-ollamate",
+  "image": "ghcr.io/ministryofjustice/devcontainer-base:latest",
+  "features": {
+    "ghcr.io/devcontainers/features/node:1": {
+      "version": "20.15.1"
+    },
+    "ghcr.io/devcontainers/features/python:1": {
+      "version": "3.12"
+    },
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {},
+    "./features/src/postgresql": {},
+    "ghcr.io/ministryofjustice/devcontainer-feature/aws:1": {},
+    "ghcr.io/ministryofjustice/devcontainer-feature/container-structure-test:1": {},
+    "ghcr.io/ministryofjustice/devcontainer-feature/kubernetes:1": {},
+    "ghcr.io/ministryofjustice/devcontainer-feature/static-analysis:1": {}
+  },
+  "postCreateCommand": "bash scripts/devcontainer/post-create.sh",
+  "postStartCommand": "bash scripts/devcontainer/post-start.sh",
+  "runArgs": ["--name=analytical-platform-ollamate-devcontainer"],
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "EditorConfig.EditorConfig",
+        "GitHub.vscode-github-actions",
+        "GitHub.vscode-codeql",
+        "ms-vsliveshare.vsliveshare",
+        "ms-vscode.makefile-tools"
+      ]
+    }
+  }
+}
diff --git a/.devcontainer/features/src/postgresql/devcontainer-feature.json b/.devcontainer/features/src/postgresql/devcontainer-feature.json
@@ -0,0 +1,6 @@
+{
+    "id": "postgresql",
+    "version": "1.0.0",
+    "name": "postgresql",
+    "description": "PostgreSQL"
+  }
diff --git a/.devcontainer/features/src/postgresql/install.sh b/.devcontainer/features/src/postgresql/install.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+echo "deb https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" >/etc/apt/sources.list.d/pgdg.list
+
+wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
+
+apt-get update
+
+apt-get -y install \
+  postgresql-common \
+  postgresql-client-common \
+  postgresql-15 \
+  postgresql-client-15 \
+  libpq-dev
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,23 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+# This file is autogenerated
+[.devcontainer/devcontainer-lock.json]
+end_of_line = unset
+insert_final_newline = unset
+
+[*.json]
+indent_style = space
+indent_size = 2
+
+[*.sh]
+indent_style = space
+indent_size = 2
+
+[{*.yml,*.yaml}]
+indent_style = space
+indent_size = 2
diff --git a/.env.example b/.env.example
@@ -1,7 +1,13 @@
+DB_NAME=ollamate
+DB_USER=ollamate
+DB_PASSWORD=ollamate
+
+SECRET_KEY=
+
 CLIENT_ID=<your_client_id>
 CLIENT_SECRET=<your_client_secret>
 AZURE_TENANT_ID=<your_azure_tenant_id>
 REDIRECT_URI=<your_redirect_uri>
 
 # when running locally, you can use
-REDIRECT_URI="https://127.0.0.1:8000/azure_auth/callback" 
+REDIRECT_URI="https://127.0.0.1:8000/azure_auth/callback"
diff --git a/.flake8 b/.flake8
@@ -0,0 +1,7 @@
+[flake8]
+max-line-length = 100
+extend-ignore = E203, E704
+exclude =
+    venv
+per-file-ignores =
+  ollamate/*:E501,W292
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,3 +1 @@
-# Add a team or username to this file
-# Example:
-# *   @ministryofjustice/operations-engineering
+@ministryofjustice/analytical-platform
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,21 +1,11 @@
 ---
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
-
 version: 2
-
 updates:
-  - package-ecosystem: "bundler"
+  - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "daily"
-  - package-ecosystem: "terraform"
-    directory: "/terraform"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "github-actions"
+  - package-ecosystem: "devcontainers"
     directory: "/"
     schedule:
       interval: "daily"
@@ -27,10 +17,6 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
-  - package-ecosystem: "gomod"
-    directory: "/"
-    schedule:
-      interval: "daily"
   - package-ecosystem: "docker"
     directory: "/"
     schedule:

diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
@@ -0,0 +1,36 @@
+---
+name: Build and Test
+
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions: {}
+
+jobs:
+  build:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Build Image
+        id: build_image
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        with:
+          push: false
+          load: true
+          tags: ollamate
+
+      # - name: Run Python Tests
+      #   id: run_python_tests
+      #   run: |
+      #     docker compose --file contrib/docker-compose-test.yml run --rm interfaces
+      #   env:
+      #     NETWORK: default
+      #     IMAGE_TAG: dashboard
diff --git a/.github/workflows/chart-lint.yml b/.github/workflows/chart-lint.yml
@@ -0,0 +1,33 @@
+---
+name: Chart Lint
+
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions: {}
+
+jobs:
+  chart-lint:
+    name: Chart Lint
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Set Up Helm
+        id: setup_helm
+        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+
+      - name: Set Up Helm Chart Testing
+        id: setup_chart_testing
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+
+      - name: Lint Chart
+        id: lint_chart
+        run: |
+          make ct
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,41 @@
+---
+name: CodeQL Analysis
+
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions: {}
+
+jobs:
+  codeql-analysis:
+    name: CodeQL Analysis
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["javascript", "python"]
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Initialise CodeQL
+        id: initialise_codeql
+        uses: github/codeql-action/init@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: CodeQL Autobuild
+        id: codeql_autobuild
+        uses: github/codeql-action/autobuild@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+
+      - name: CodeQL Analysis
+        id: codeql_analysis
+        uses: github/codeql-action/analyze@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        with:
+          category: "language:${{ matrix.language }}"
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -23,6 +23,7 @@ jobs:
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Dependency Review
-        uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3
+        id: dependency_review
+        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
         with:
           fail-on-severity: critical
diff --git a/.github/workflows/enforce-version-pinning.yml b/.github/workflows/enforce-version-pinning.yml
@@ -0,0 +1,38 @@
+---
+name: Enforce Version Pinning
+
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions: {}
+
+jobs:
+  enforce-version-pinning:
+    name: Enforce Version Pinning
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Check for pinned versions in requirements.txt
+        run: |
+          if grep -q -v '==' requirements.txt; then
+            echo "Unpinned dependencies found in requirements.txt"
+            echo "❌ Unpinned dependencies found in requirements.txt"
+            exit 1
+          else
+            echo "✅ All dependencies are correctly pinned."
+          fi
+
+      - name: Check for pinned versions in package.json
+        run: |
+          UNPINNED=$(grep -E '"[^"]+": "\^|~' package.json || true)
+          if [ -n "$UNPINNED" ]; then
+            echo "❌ Unpinned dependencies found in package.json:"
+            echo "$UNPINNED"
+            exit 1
+          else
+            echo "✅ All dependencies are correctly pinned."
+          fi