Initial commit

.editorconfig

@@ -0,0 +1,21 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.md]
+indent_size = unset
+
+[*.py]
+indent_size = 4
+
+[{Dockerfile,Dockerfile.}*]
+indent_size = 4
+
+[{Makefile,*.mk,go.mod,go.sum,*.go,.gitmodules}]
+indent_style = tab

.gitattributes

@@ -0,0 +1,7 @@
+scripts/docker/** linguist-vendored
+scripts/githooks/** linguist-vendored
+scripts/reports/** linguist-vendored
+scripts/terraform/** linguist-vendored
+scripts/tests/test.mk linguist-vendored
+scripts/init.mk linguist-vendored
+scripts/shellscript-linter.sh linguist-vendored

.github/ISSUE_TEMPLATE/1_support_request.yaml

@@ -0,0 +1,52 @@
+# See:
+# - https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository
+# - https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms
+# - https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/common-validation-errors-when-creating-issue-forms
+
+name: 🔧 Support Request
+description: Get help
+labels: ["support"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to file a support request. Please fill out this form as completely as possible.
+  - type: textarea
+    attributes:
+      label: What exactly are you trying to do?
+      description: Describe in as much detail as possible.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: What have you tried so far?
+      description: Describe what you have tried so far.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Output of any commands you have tried
+      description: Please copy and paste any relevant output. This will be automatically formatted into codeblock.
+      render: Shell
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Additional context
+      description: Add any other context about the problem here.
+    validations:
+      required: false
+  - type: checkboxes
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue you agree to follow our [Code of Conduct](../../docs/CODE_OF_CONDUCT.md)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
+  - type: checkboxes
+    attributes:
+      label: Sensitive Information Declaration
+      description: To ensure the utmost confidentiality and protect your privacy, we kindly ask you to NOT including [PII (Personal Identifiable Information) / PID (Personal Identifiable Data)](https://digital.nhs.uk/data-and-information/keeping-data-safe-and-benefitting-the-public) or any other sensitive data in this form. We appreciate your cooperation in maintaining the security of your information.
+      options:
+        - label: I confirm that neither PII/PID nor sensitive data are included in this form
+          required: true

.github/ISSUE_TEMPLATE/2_feature_request.yaml

@@ -0,0 +1,42 @@
+# See:
+# - https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository
+# - https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms
+# - https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/common-validation-errors-when-creating-issue-forms
+
+name: 🚀 Feature Request
+description: Suggest an idea for this project
+labels: ["feature request"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to file a feature request. Please fill out this form as completely as possible.
+  - type: textarea
+    attributes:
+      label: What is the problem this feature will solve?
+      description: Tell us why this change is needed or helpful and what problems it may help solve.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: What is the feature that you are proposing to solve the problem?
+      description: Provide detailed information for what we should add.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: What alternatives have you considered?
+  - type: checkboxes
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue you agree to follow our [Code of Conduct](../../docs/CODE_OF_CONDUCT.md)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
+  - type: checkboxes
+    attributes:
+      label: Sensitive Information Declaration
+      description: To ensure the utmost confidentiality and protect your privacy, we kindly ask you to NOT including [PII (Personal Identifiable Information) / PID (Personal Identifiable Data)](https://digital.nhs.uk/data-and-information/keeping-data-safe-and-benefitting-the-public) or any other sensitive data in this form. We appreciate your cooperation in maintaining the security of your information.
+      options:
+        - label: I confirm that neither PII/PID nor sensitive data are included in this form
+          required: true

.github/ISSUE_TEMPLATE/3_bug_report.yaml

@@ -0,0 +1,63 @@
+# See:
+# - https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository
+# - https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms
+# - https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/common-validation-errors-when-creating-issue-forms
+
+name: 🐞 Bug Report
+description: File a bug report
+labels: ["bug", "triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to file a bug report. Please fill out this form as completely as possible.
+  - type: checkboxes
+    attributes:
+      label: Is there an existing issue for this?
+      description: Please, search the Issues to see if an issue already exists for the bug you have encountered.
+      options:
+      - label: I have searched the existing Issues
+        required: true
+  - type: textarea
+    attributes:
+      label: Current Behavior
+      description: A concise description of what you are experiencing.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: A concise description of what you expect to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Steps To Reproduce
+      description: Steps to reproduce the behavior
+      placeholder: |
+        1. In this environment...
+        2. With this config...
+        3. Run `...`
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Output
+      description: Please copy and paste any relevant output. This will be automatically formatted into codeblock.
+      render: Shell
+    validations:
+      required: false
+  - type: checkboxes
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue you agree to follow our [Code of Conduct](../../docs/CODE_OF_CONDUCT.md)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
+  - type: checkboxes
+    attributes:
+      label: Sensitive Information Declaration
+      description: To ensure the utmost confidentiality and protect your privacy, we kindly ask you to NOT including [PII (Personal Identifiable Information) / PID (Personal Identifiable Data)](https://digital.nhs.uk/data-and-information/keeping-data-safe-and-benefitting-the-public) or any other sensitive data in this form. We appreciate your cooperation in maintaining the security of your information.
+      options:
+        - label: I confirm that neither PII/PID nor sensitive data are included in this form
+          required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,35 @@
+<!-- markdownlint-disable-next-line first-line-heading -->
+## Description
+
+<!-- Describe your changes in detail. -->
+
+## Context
+
+<!-- Why is this change required? What problem does it solve? -->
+
+## Type of changes
+
+<!-- What types of changes does your code introduce? Put an `x` in all the boxes that apply. -->
+
+- [ ] Refactoring (non-breaking change)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would change existing functionality)
+- [ ] Bug fix (non-breaking change which fixes an issue)
+
+## Checklist
+
+<!-- Go over all the following points, and put an `x` in all the boxes that apply. -->
+
+- [ ] I am familiar with the [contributing guidelines](../docs/CONTRIBUTING.md)
+- [ ] I have followed the code style of the project
+- [ ] I have added tests to cover my changes
+- [ ] I have updated the documentation accordingly
+- [ ] This PR is a result of pair or mob programming
+
+---
+
+## Sensitive Information Declaration
+
+To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including [PII (Personal Identifiable Information) / PID (Personal Identifiable Data)](https://digital.nhs.uk/data-and-information/keeping-data-safe-and-benefitting-the-public) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.
+
+- [ ] I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

.github/SECURITY.md

@@ -0,0 +1,35 @@
+# Security
+
+NHS England takes security and the protection of private data extremely seriously. If you believe you have found a vulnerability or other issue which has compromised or could compromise the security of any of our systems and/or private data managed by our systems, please do not hesitate to contact us using the methods outlined below.
+
+## Table of Contents
+
+- [Security](#security)
+  - [Table of Contents](#table-of-contents)
+  - [Reporting a vulnerability](#reporting-a-vulnerability)
+    - [Email](#email)
+    - [NCSC](#ncsc)
+  - [General Security Enquiries](#general-security-enquiries)
+
+## Reporting a vulnerability
+
+Please note, email is our preferred method of receiving reports.
+
+### Email
+
+If you wish to notify us of a vulnerability via email, please include detailed information on the nature of the vulnerability and any steps required to reproduce it.
+
+You can reach us at:
+
+- _[ A product team email address ]_
+- [[email protected]]([email protected])
+
+### NCSC
+
+You can send your report to the National Cyber Security Centre, who will assess your report and pass it on to NHS England if necessary.
+
+You can report vulnerabilities here: [https://www.ncsc.gov.uk/information/vulnerability-reporting](https://www.ncsc.gov.uk/information/vulnerability-reporting)
+
+## General Security Enquiries
+
+If you have general enquiries regarding our cyber security, please reach out to us at [[email protected]]([email protected])

.github/actions/check-file-format/action.yaml

@@ -0,0 +1,10 @@
+name: "Check file format"
+description: "Check file format"
+runs:
+  using: "composite"
+  steps:
+    - name: "Check file format"
+      shell: bash
+      run: |
+        export BRANCH_NAME=origin/${{ github.event.repository.default_branch }}
+        check=branch ./scripts/githooks/check-file-format.sh

.github/actions/check-markdown-format/action.yaml

@@ -0,0 +1,10 @@
+name: "Check Markdown format"
+description: "Check Markdown format"
+runs:
+  using: "composite"
+  steps:
+    - name: "Check Markdown format"
+      shell: bash
+      run: |
+        export BRANCH_NAME=origin/${{ github.event.repository.default_branch }}
+        check=branch ./scripts/githooks/check-markdown-format.sh

.github/actions/create-lines-of-code-report/action.yaml

@@ -0,0 +1,57 @@
+name: "Count lines of code"
+description: "Count lines of code"
+inputs:
+  build_datetime:
+    description: "Build datetime, set by the CI/CD pipeline workflow"
+    required: true
+  build_timestamp:
+    description: "Build timestamp, set by the CI/CD pipeline workflow"
+    required: true
+  idp_aws_report_upload_account_id:
+    description: "IDP AWS account ID"
+    required: true
+  idp_aws_report_upload_region:
+    description: "IDP AWS account region"
+    required: true
+  idp_aws_report_upload_role_name:
+    description: "Role to upload the report"
+    required: true
+  idp_aws_report_upload_bucket_endpoint:
+    description: "Bucket endpoint for the report"
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: "Create CLOC report"
+      shell: bash
+      run: |
+        export BUILD_DATETIME=${{ inputs.build_datetime }}
+        ./scripts/reports/create-lines-of-code-report.sh
+    - name: "Compress CLOC report"
+      shell: bash
+      run: zip lines-of-code-report.json.zip lines-of-code-report.json
+    - name: "Upload CLOC report as an artefact"
+      if: ${{ !env.ACT }}
+      uses: actions/upload-artifact@v3
+      with:
+        name: lines-of-code-report.json.zip
+        path: ./lines-of-code-report.json.zip
+        retention-days: 21
+    - name: "Check prerequisites for sending the report"
+      shell: bash
+      id: check
+      run: |
+        echo "secrets_exist=${{ inputs.idp_aws_report_upload_role_name != '' && inputs.idp_aws_report_upload_bucket_endpoint != '' }}" >> $GITHUB_OUTPUT
+    - name: "Authenticate to send the report"
+      if: steps.check.outputs.secrets_exist == 'true'
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        role-to-assume: arn:aws:iam::${{ inputs.idp_aws_report_upload_account_id }}:role/${{ inputs.idp_aws_report_upload_role_name }}
+        aws-region: ${{ inputs.idp_aws_report_upload_region }}
+    - name: "Send the CLOC report to the central location"
+      shell: bash
+      if: steps.check.outputs.secrets_exist == 'true'
+      run: |
+        aws s3 cp \
+          ./lines-of-code-report.json.zip \
+          ${{ inputs.idp_aws_report_upload_bucket_endpoint }}/${{ inputs.build_timestamp }}-lines-of-code-report.json.zip

.github/actions/lint-terraform/action.yaml

@@ -0,0 +1,20 @@
+name: "Lint Terraform"
+description: "Lint Terraform"
+inputs:
+  root-modules:
+    description: "Comma separated list of root module directories to validate, content of the 'infrastructure/environments' is checked by default"
+    required: false
+runs:
+  using: "composite"
+  steps:
+    - name: "Check Terraform format"
+      shell: bash
+      run: |
+        check_only=true scripts/githooks/check-terraform-format.sh
+    - name: "Validate Terraform"
+      shell: bash
+      run: |
+        stacks=${{ inputs.root-modules }}
+        for dir in $(find infrastructure/environments -maxdepth 1 -mindepth 1 -type d; echo ${stacks//,/$'\n'}); do
+          dir=$dir make terraform-validate
+        done

.github/actions/perform-static-analysis/action.yaml

@@ -0,0 +1,28 @@
+name: "Perform static analysis"
+description: "Perform static analysis"
+inputs:
+  sonar_organisation_key:
+    description: "Sonar organisation key, used to identify the project"
+    required: false
+  sonar_project_key:
+    description: "Sonar project key, used to identify the project"
+    required: false
+  sonar_token:
+    description: "Sonar token, the API key"
+    required: false
+runs:
+  using: "composite"
+  steps:
+    - name: "Check prerequisites for performing static analysis"
+      shell: bash
+      id: check
+      run: echo "secret_exist=${{ inputs.sonar_token != '' }}" >> $GITHUB_OUTPUT
+    - name: "Perform static analysis"
+      shell: bash
+      if: steps.check.outputs.secret_exist == 'true'
+      run: |
+        export BRANCH_NAME=${GITHUB_HEAD_REF:-$(echo $GITHUB_REF | sed 's#refs/heads/##')}
+        export SONAR_ORGANISATION_KEY=${{ inputs.sonar_organisation_key }}
+        export SONAR_PROJECT_KEY=${{ inputs.sonar_project_key }}
+        export SONAR_TOKEN=${{ inputs.sonar_token }}
+        ./scripts/reports/perform-static-analysis.sh