diff --git a/.adr-dir b/.adr-dir new file mode 100644 index 00000000..da5cac6b --- /dev/null +++ b/.adr-dir @@ -0,0 +1 @@ +docs/architecture/decisions diff --git a/.github/workflows/validate-api.yaml b/.github/workflows/validate-api.yaml new file mode 100644 index 00000000..8a7265f7 --- /dev/null +++ b/.github/workflows/validate-api.yaml @@ -0,0 +1,22 @@ +name: Validate OpenAPI spec + +on: + pull_request: + branches: + - main + push: + branches: + - main + +jobs: + validate: + name: Validate + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - uses: actions/setup-node@v3 + with: + node-version: lts/* + - run: npx @redocly/cli lint ./docs/openapi/openapi.yaml --skip-rule no-empty-servers diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..e7a4baa1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,19 @@ +# OS +.DS_STORE +# terraform +**/.terraform/* +*.tfstate +*.tfstate.* +*.tfvars +secrets.auto.tfvars +# editors +.vscode/ +.idea +*.iml +# envs +.env +venv/ +env/ +# structurizr +.structurizr +docs/architecture/dsl/**/workspace.json diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..4c960a22 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,20 @@ +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks +repos: + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.27.0 + hooks: + - id: terraform_fmt + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.2.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - repo: https://github.com/awslabs/git-secrets + rev: master + hooks: + - id: git-secrets + - repo: https://github.com/zricethezav/gitleaks + rev: v8.8.4 + hooks: + - id: gitleaks diff --git a/.prettierrc.json b/.prettierrc.json new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/.prettierrc.json @@ -0,0 +1 @@ +{} diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 00000000..0212694e --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +* @ministryofjustice/sirius diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..e931408a --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,88 @@ +# Code of conduct for `ministryofjustice` + +Contributors to repositories hosted in `ministryofjustice` are expected to +follow the Contributor Covenant Code of +Conduct, and those working within Government are also expected to follow the Civil Service Code + +## Civil Service Code + +The [Civil Service Code](https://www.gov.uk/government/publications/civil-service-code/the-civil-service-code) + +## Contributor Covenant Code of Conduct + +> Note: +> * where the code of conduct says "project" we mean the Ministry of Justice, `@ministryofjustice` and all repositories hosted within it. +> * where the code of conduct says "maintainer" we mean `@ministryofjustice` organisation owners +> * where the code of conduct says "leadership" we mean both `@ministryofjustice` organisation owners, line managers, and other leadership within the Ministry of Justice + +### Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, gender identity and expression, level of experience, +nationality, personal appearance, race, religion, or sexual identity and +orientation. + +### Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +### Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +### Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +### Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +### Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..9eabffc7 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2023 Crown copyright (Ministry of Justice) + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..9a04e96d --- /dev/null +++ b/Makefile @@ -0,0 +1,36 @@ +SHELL = '/bin/bash' +export AWS_ACCESS_KEY_ID ?= X +export AWS_SECRET_ACCESS_KEY ?= X + +build: + # Nothing to build yet + +up: + docker-compose up -d + +down: + docker-compose down + +create-tables: + aws --endpoint-url http://localhost:8030 dynamodb create-table \ + --no-cli-pager \ + --table-name deeds \ + --attribute-definitions AttributeName=uid,AttributeType=S \ + --key-schema AttributeName=uid,KeyType=HASH \ + --billing-mode PAY_PER_REQUEST + + aws --endpoint-url http://localhost:8030 dynamodb create-table \ + --no-cli-pager \ + --table-name events \ + --attribute-definitions AttributeName=uid,AttributeType=S AttributeName=created,AttributeType=S \ + --key-schema AttributeName=uid,KeyType=HASH AttributeName=created,KeyType=RANGE \ + --billing-mode PAY_PER_REQUEST + +run-structurizr: + docker pull structurizr/lite + docker run -it --rm -p 4080:8080 -v $(PWD)/docs/architecture/dsl/local:/usr/local/structurizr structurizr/lite + +run-structurizr-export: + docker pull structurizr/cli:latest + docker run --rm -v $(PWD)/docs/architecture/dsl/local:/usr/local/structurizr structurizr/cli \ + export -workspace /usr/local/structurizr/workspace.dsl -format mermaid diff --git a/README.md b/README.md index ddd7072d..d342e17b 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,3 @@ # opg-data-lpa-deed + LPA deed service: Managed by opg-org-infra & Terraform diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 00000000..a0efd213 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,7 @@ +version: "3.6" + +services: + ddb: + image: amazon/dynamodb-local:latest + ports: + - 8030:8000 diff --git a/docs/architecture/decisions/0001-record-architecture-decisions.md b/docs/architecture/decisions/0001-record-architecture-decisions.md new file mode 100644 index 00000000..84622e35 --- /dev/null +++ b/docs/architecture/decisions/0001-record-architecture-decisions.md @@ -0,0 +1,19 @@ +# 1. Record architecture decisions + +Date: 2023-08-23 + +## Status + +Accepted + +## Context + +We need to record the architectural decisions made on this project. + +## Decision + +We will use Architecture Decision Records, as [described by Michael Nygard](http://thinkrelevance.com/blog/2011/11/15/documenting-architecture-decisions). + +## Consequences + +See Michael Nygard's article, linked above. For a lightweight ADR toolset, see Nat Pryce's [adr-tools](https://github.com/npryce/adr-tools). diff --git a/docs/architecture/dsl/README.md b/docs/architecture/dsl/README.md new file mode 100644 index 00000000..52c803a5 --- /dev/null +++ b/docs/architecture/dsl/README.md @@ -0,0 +1,22 @@ +# C4 Models via Structurizr + +## Purpose + +To provide an up to date Diagram as Code C4 Model of our application model to maintain a overview of the structure. + +This should be updated as changes to the application occur and can be used to plan future iterations of the application structure. + +## Instructions + +The local folder contains Diagrams as Code that can be run with the following commands. + +### To run in browser locally + +- Run `make run-structurizr` +- Open a browser to [http://localhost:8080](http://localhost:8080) +- Open the workspace.dsl file and edit +- Every 2 seconds the website will check for updates and refresh if changes are detected + +### To export Mermaid files + +- Run `make run-structurizr-export` diff --git a/docs/architecture/dsl/local/lpaDeedService.dsl b/docs/architecture/dsl/local/lpaDeedService.dsl new file mode 100644 index 00000000..755241ea --- /dev/null +++ b/docs/architecture/dsl/local/lpaDeedService.dsl @@ -0,0 +1,13 @@ +lpaDeedService = softwareSystem "LPA Deed Service" "Stores deeds and manages changes to them" { + database = container "Database" "Stores deeds and events" "DynamoDB" "Database" + lambda = container "Lambda" "Executes code for storing, updating and retrieving deeds" "AWS Lambda, Go" "Component" { + -> database "Queries and writes to" + } + iam = container "IAM" "Manages permissions to API Gateway" "AWS IAM" "Component" + certificateManager = container "Certificate Manager" "Generate a valid cert for SSL connectivity to the API" "AWS Certificate Manager" "Component" + dns = container "DNS" "Generate a friendly DNS Name for the API" "AWS Route 53" "Component" + apiGateway = container "API Gateway" "Provides a REST API for communication to the service." "AWS API Gateway v2, OpenAPI" "Component" { + -> lambda "Forwards requests to and Returns responses from" + -> iam "Validates requests" + } +} diff --git a/docs/architecture/dsl/local/workspace.dsl b/docs/architecture/dsl/local/workspace.dsl new file mode 100644 index 00000000..efdd216c --- /dev/null +++ b/docs/architecture/dsl/local/workspace.dsl @@ -0,0 +1,43 @@ +workspace { + model { + !include https://raw.githubusercontent.com/ministryofjustice/opg-technical-guidance/main/dsl/poas/persons.dsl + !include https://raw.githubusercontent.com/ministryofjustice/opg-modernising-lpa/main/docs/architecture/dsl/local/makeRegisterSoftwareSystem.dsl + !include lpaDeedService.dsl + lpaCaseManagement = softwareSystem "LPA Case Management" "PKA Sirius." "Existing System" { + -> apiGateway "Gets deeds from and sends updates to" + } + + ualpa_SoftwareSystem = softwareSystem "Use A Lasting Power of Attorney" "Allows LPA Actors to retrieve and share LPAs with People and Organisations interested in LPAs" "Existing System" { + -> apiGateway "Gets deeds from" + } + + makeRegisterSoftwareSystem -> apiGateway "Sends deeds to" + } + + views { + systemContext lpaDeedService "SystemContext" { + include * + autoLayout + } + + container lpaDeedService { + include * + autoLayout + } + + theme default + + styles { + element "Existing System" { + background #999999 + color #ffffff + } + element "Web Browser" { + shape WebBrowser + } + element "Database" { + shape Cylinder + } + } + } +} diff --git a/docs/openapi/openapi.yaml b/docs/openapi/openapi.yaml new file mode 100644 index 00000000..80d77650 --- /dev/null +++ b/docs/openapi/openapi.yaml @@ -0,0 +1,17 @@ +openapi: "3.0.2" +info: + title: LPA Deed Service + version: "1.0" + license: + name: MIT + url: https://opensource.org/licenses/MIT +servers: + - url: https://lpa-deed.api.opg.service.justice.gov.uk + description: Production + - url: https://preproduction.lpa-deed.api.opg.service.justice.gov.uk + description: Preproduction + - url: https://development.lpa-deed.api.opg.service.justice.gov.uk + description: Development +security: + - {} +paths: {} diff --git a/metadata.json b/metadata.json new file mode 100644 index 00000000..1cd8baaf --- /dev/null +++ b/metadata.json @@ -0,0 +1,5 @@ +{ + "$schema": "https://raw.githubusercontent.com/ministryofjustice/opg-repository-reporting/main/schema/v0.0.1.json", + "owners": ["vega"], + "dependencies": [] +} diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000..eaf7060e --- /dev/null +++ b/renovate.json @@ -0,0 +1,40 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base" + ], + "branchPrefix": "renovate-", + "commitMessageAction": "Renovate Update", + "labels": [ + "Dependencies", + "Renovate" + ], + "packageRules": [ + { + "automerge": true, + "groupName": "Patch & Minor Updates", + "groupSlug": "all-minor-patch-updates", + "matchPackagePatterns": [ + "*" + ], + "matchUpdateTypes": [ + "minor", + "patch" + ], + "stabilityDays": 3, + "prPriority": 4 + } + ], + "major": { + "automerge": false, + "stabilityDays": 3, + "prPriority": 0 + }, + "vulnerabilityAlerts": { + "groupName": "Security Alerts", + "rangeStrategy": "update-lockfile", + "commitMessagePrefix": "[SECURITY]", + "branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability", + "prPriority": 5 + } +}