Initial commit

.circleci/config.yml

@@ -0,0 +1,128 @@
+version: 2.1
+
+orbs:
+  hmpps: ministryofjustice/hmpps@6.0
+
+parameters:
+  alerts-slack-channel:
+    type: string
+    default: dps_alerts_security
+  releases-slack-channel:
+    type: string
+    default: dps-releases
+
+jobs:
+  validate:
+    executor:
+      name: hmpps/java
+      tag: "17.0"
+    steps:
+      - checkout
+      - restore_cache:
+          keys:
+            - gradle-{{ checksum "build.gradle.kts" }}
+            - gradle-
+      - run:
+          command: ./gradlew check
+      - save_cache:
+          paths:
+            - ~/.gradle
+          key: gradle-{{ checksum "build.gradle.kts" }}
+      - store_test_results:
+          path: build/test-results
+      - store_artifacts:
+          path: build/reports/tests
+
+workflows:
+  version: 2
+  build-test-and-deploy:
+    jobs:
+      - validate:
+          filters:
+            tags:
+              ignore: /.*/
+      - hmpps/helm_lint:
+          name: helm_lint
+      - hmpps/build_multiplatform_docker:
+          name: build_docker
+          filters:
+            branches:
+              only:
+                - main
+      - hmpps/deploy_env:
+          name: deploy_dev
+          env: "dev"
+          context: hmpps-common-vars
+          filters:
+            branches:
+              only:
+                - main
+          requires:
+            - validate
+            - build_docker
+            - helm_lint
+#      - request-preprod-approval:
+#          type: approval
+#          requires:
+#            - deploy_dev
+#      - hmpps/deploy_env:
+#          name: deploy_preprod
+#          env: "preprod"
+#          context:
+#            - hmpps-common-vars
+#            - hmpps-template-kotlin-preprod
+#          requires:
+#            - request-preprod-approval
+#      - request-prod-approval:
+#          type: approval
+#          requires:
+#            - deploy_preprod
+#      - hmpps/deploy_env:
+#          name: deploy_prod
+#          env: "prod"
+#          slack_notification: true
+#          slack_channel_name: << pipeline.parameters.releases-slack-channel >>
+#          context:
+#            - hmpps-common-vars
+#            - hmpps-template-kotlin-prod
+#          requires:
+#            - request-prod-approval
+
+  security:
+    triggers:
+      - schedule:
+          cron: "11 5 * * 1-5"
+          filters:
+            branches:
+              only:
+                - main
+    jobs:
+      - hmpps/gradle_owasp_dependency_check:
+          slack_channel: << pipeline.parameters.alerts-slack-channel >>
+          context:
+            - hmpps-common-vars
+      - hmpps/trivy_latest_scan:
+          slack_channel: << pipeline.parameters.alerts-slack-channel >>
+          context:
+            - hmpps-common-vars
+      - hmpps/veracode_pipeline_scan:
+          slack_channel: << pipeline.parameters.alerts-slack-channel >>
+          context:
+            - veracode-credentials
+            - hmpps-common-vars
+  security-weekly:
+    triggers:
+      - schedule:
+          cron: "0 5 * * 1"
+          filters:
+            branches:
+              only:
+                - main
+    jobs:
+      - hmpps/veracode_policy_scan:
+          slack_channel: << pipeline.parameters.alerts-slack-channel >>
+          context:
+            - veracode-credentials
+            - hmpps-common-vars
+
+

.github/workflows/rename_template_project_pr.yml

@@ -0,0 +1,24 @@
+name: rename-project-create-pr
+
+on: [workflow_dispatch]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Run rename-project script
+        run: ./rename-project.bash ${{ github.event.repository.name }}
+
+      - name: Delete this github actions workflow
+        run: rm .github/workflows/rename_template_project*
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v3
+        with:
+          commit-message: updating project name after deployment from template repository
+          title: Update template project name/references
+          body: Update all references to project name after deploying from template repository
+          branch: rename_template_project
+          base: main

.gitignore

@@ -0,0 +1,72 @@
+# Created by .ignore support plugin (hsz.mobi)
+### JetBrains template
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+.idea/
+.gradle/
+build/
+
+# CMake
+cmake-build-debug/
+
+## File-based project format:
+*.iws
+
+## Plugin-specific files:
+
+# IntelliJ
+out/
+*.iml
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+### Java template
+# Compiled class file
+*.class
+
+# Log file
+*.log
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.war
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+
+Dockerrun.aws.json
+dist
+
+# Elastic Beanstalk Files
+.elasticbeanstalk/*
+!.elasticbeanstalk/config.yml
+!.elasticbeanstalk/*.cfg.yml
+!.elasticbeanstalk/*.global.yml
+
+# AWS DOcker build
+ecr.repo
+dps-gradle-spring-boot-suppressions.xml
+.editorconfig
+sonar-project.properties
+
+#Helm
+**/Chart.lock

.trivyignore

@@ -0,0 +1,22 @@
+# WARNING - THIS FILE WAS GENERATED BY THE dps-gradle-spring-boot GRADLE PLUGIN
+#           AND ANY MANUAL CHANGES WILL BE OVERRIDDEN ON YOUR NEXT BUILD.
+#
+# To make general changes to the suppressions below, change the gradle plugin dps-gradle-spring-boot,
+# publish a new version and update to the new version in your gradle build script
+#
+# To stop the dps-gradle-spring-boot project from overwriting any project specific customisations here, remove the
+# warning at the top of this file.
+#
+# Suppression for snakeyaml 1.30 vulnerability as bundled with application insights so can't be upgraded easily
+#   Can be suppressed as we we don't parse untrusted yaml
+CVE-2022-25857
+CVE-2022-38751
+# Suppression for snakeyaml 1.31 vulnerability as not fixed yet
+#   Can be suppressed as we we don't parse untrusted yaml
+CVE-2022-38752
+# Suppression for jackson databind 2.13.4 as no release for it yet
+#   Can be suppressed as UNWRAP_SINGLE_VALUE_ARRAYS is not enabled
+CVE-2022-42003
+# Suppression for jackson databind 2.13.3 as bundled with application insights
+#   Can be suppressed as don't parse untrusted json in application insights
+CVE-2022-42004

Dockerfile

@@ -0,0 +1,35 @@
+FROM --platform=$BUILDPLATFORM eclipse-temurin:18-jre-jammy AS builder
+
+ARG BUILD_NUMBER
+ENV BUILD_NUMBER ${BUILD_NUMBER:-1_0_0}
+
+WORKDIR /app
+ADD . .
+RUN ./gradlew --no-daemon assemble
+
+FROM eclipse-temurin:18-jre-jammy
+LABEL maintainer="HMPPS Digital Studio <info@digital.justice.gov.uk>"
+
+ARG BUILD_NUMBER
+ENV BUILD_NUMBER ${BUILD_NUMBER:-1_0_0}
+
+RUN apt-get update && \
+    apt-get -y upgrade && \
+    apt-get install -y curl && \
+    rm -rf /var/lib/apt/lists/*
+
+ENV TZ=Europe/London
+RUN ln -snf "/usr/share/zoneinfo/$TZ" /etc/localtime && echo "$TZ" > /etc/timezone
+
+RUN addgroup --gid 2000 --system appgroup && \
+    adduser --uid 2000 --system appuser --gid 2000
+
+WORKDIR /app
+COPY --from=builder --chown=appuser:appgroup /app/build/libs/hmpps-template-kotlin*.jar /app/app.jar
+COPY --from=builder --chown=appuser:appgroup /app/build/libs/applicationinsights-agent*.jar /app/agent.jar
+COPY --from=builder --chown=appuser:appgroup /app/applicationinsights.json /app
+COPY --from=builder --chown=appuser:appgroup /app/applicationinsights.dev.json /app
+
+USER 2000
+
+ENTRYPOINT ["java", "-XX:+AlwaysActAsServerClassMachine", "-javaagent:/app/agent.jar", "-jar", "/app/app.jar"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020-2021 Crown Copyright (Ministry of Justice)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,44 @@
+# hmpps-template-kotlin
+[![repo standards badge](https://img.shields.io/badge/dynamic/json?color=blue&style=flat&logo=github&label=MoJ%20Compliant&query=%24.result&url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fhmpps-template-kotlin)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-github-repositories.html#hmpps-template-kotlin "Link to report")
+[![CircleCI](https://circleci.com/gh/ministryofjustice/hmpps-template-kotlin/tree/main.svg?style=svg)](https://circleci.com/gh/ministryofjustice/hmpps-template-kotlin)
+[![Docker Repository on Quay](https://quay.io/repository/hmpps/hmpps-template-kotlin/status "Docker Repository on Quay")](https://quay.io/repository/hmpps/hmpps-template-kotlin)
+[![API docs](https://img.shields.io/badge/API_docs_-view-85EA2D.svg?logo=swagger)](https://hmpps-template-kotlin-dev.hmpps.service.justice.gov.uk/webjars/swagger-ui/index.html?configUrl=/v3/api-docs)
+
+This is a skeleton project from which to create new kotlin projects from.
+
+# Instructions
+
+If this is a HMPPS project then the project will be created as part of bootstrapping - 
+see https://github.com/ministryofjustice/dps-project-bootstrap.
+
+## Creating a CloudPlatform namespace
+
+When deploying to a new namespace, you may wish to use this template kotlin project namespace as the basis for your new namespace:
+
+<https://github.com/ministryofjustice/cloud-platform-environments/tree/main/namespaces/live.cloud-platform.service.justice.gov.uk/hmpps-template-kotlin>
+
+Copy this folder, update all the existing namespace references, and submit a PR to the CloudPlatform team. Further instructions from the CloudPlatform team can be found here: <https://user-guide.cloud-platform.service.justice.gov.uk/#cloud-platform-user-guide>
+
+## Renaming from HMPPS Template Kotlin - github Actions
+
+Once the new repository is deployed. Navigate to the repository in github, and select the `Actions` tab.
+Click the link to `Enable Actions on this repository`.
+
+Find the Action workflow named: `rename-project-create-pr` and click `Run workflow`.  This workflow will
+execute the `rename-project.bash` and create Pull Request for you to review.  Review the PR and merge.
+
+Note: ideally this workflow would run automatically however due to a recent change github Actions are not
+enabled by default on newly created repos. There is no way to enable Actions other then to click the button in the UI.
+If this situation changes we will update this project so that the workflow is triggered during the bootstrap project.
+Further reading: <https://github.community/t/workflow-isnt-enabled-in-repos-generated-from-template/136421>
+
+## Manually renaming from HMPPS Template Kotlin
+
+Run the `rename-project.bash` and create a PR.
+
+The `rename-project.bash` script takes a single argument - the name of the project and calculates from it:
+* The main class name (project name converted to pascal case) 
+* The project description (class name with spaces between the words)
+* The main package name (project name with hyphens removed)
+
+It then performs a search and replace and directory renames so the project is ready to be used.

applicationinsights.dev.json

@@ -0,0 +1,32 @@
+{
+  "role": {
+    "name": "hmpps-template-kotlin"
+  },
+  "customDimensions": {
+    "service.version": "${BUILD_NUMBER}"
+  },
+  "instrumentation": {
+    "logging": {
+      "level": "DEBUG"
+    }
+  },
+  "selfDiagnostics": {
+    "destination": "console"
+  },
+  "preview": {
+    "sampling": {
+      "overrides": [
+        {
+          "attributes": [
+            {
+              "key": "http.url",
+              "value": "https?://[^/]+/health.*",
+              "matchType": "regexp"
+            }
+          ],
+          "percentage": 100
+        }
+      ]
+    }
+  }
+}