PI-2770 move to gha

.circleci/config.yml

@@ -1,17 +1,11 @@
 version: 2.1
-
 orbs:
   hmpps: ministryofjustice/hmpps@9
   slack: circleci/slack@4.12.5
-
 parameters:
-  alerts-slack-channel:
-    type: string
-    default: probation-integration-notifications
   releases-slack-channel:
     type: string
     default: probation-integration-notifications
-
 jobs:
   validate:
     executor:
@@ -24,18 +18,16 @@ jobs:
       - hmpps/install_aws_cli
       - run:
           name: Wait for SQS to be ready
-          command: curl -4 --connect-timeout 30 --retry-connrefused --retry 2
-            --retry-delay 5 http://localhost:4566
+          command: curl -4 --connect-timeout 30 --retry-connrefused --retry 2 --retry-delay 5 http://localhost:4566
       - restore_cache:
           keys:
             - gradle-{{ checksum "build.gradle.kts" }}
             - gradle-
       - run:
-          command: ./gradlew -Dorg.gradle.jvmargs="--illegal-access=permit"
-            -Dkotlin.daemon.jvm.options="--illegal-access=permit" check
+          command: ./gradlew -Dorg.gradle.jvmargs="--illegal-access=permit" -Dkotlin.daemon.jvm.options="--illegal-access=permit" check
       - when:
           condition:
-            equal: [ main, << pipeline.git.branch >> ]
+            equal: [main, << pipeline.git.branch >>]
           steps:
             - slack/notify:
                 event: fail
@@ -52,7 +44,6 @@ jobs:
       - store_artifacts:
           path: build/reports/coverage
           destination: coverage
-
 workflows:
   version: 2
   build-test-and-deploy:
@@ -120,32 +111,3 @@ workflows:
           requires:
             - request-prod-approval
           helm_timeout: 5m
-
-  security:
-    triggers:
-      - schedule:
-          cron: "45 9 * * 1-5"
-          filters:
-            branches:
-              only:
-                - main
-    jobs:
-      - hmpps/veracode_pipeline_scan:
-          slack_channel: << pipeline.parameters.alerts-slack-channel >>
-          context:
-            - hmpps-common-vars
-            - veracode-credentials
-  security-weekly:
-    triggers:
-      - schedule:
-          cron: "32 5 * * 1"
-          filters:
-            branches:
-              only:
-                - main
-    jobs:
-      - hmpps/veracode_policy_scan:
-          slack_channel: << pipeline.parameters.alerts-slack-channel >>
-          context:
-            - veracode-credentials
-            - hmpps-common-vars

.circleci/config.yml.bak.20250226_172318

@@ -0,0 +1,151 @@
+version: 2.1
+
+orbs:
+  hmpps: ministryofjustice/hmpps@9
+  slack: circleci/slack@4.12.5
+
+parameters:
+  alerts-slack-channel:
+    type: string
+    default: probation-integration-notifications
+  releases-slack-channel:
+    type: string
+    default: probation-integration-notifications
+
+jobs:
+  validate:
+    executor:
+      name: hmpps/java_localstack_postgres
+      jdk_tag: "21.0"
+      localstack_tag: "3"
+      postgres_tag: "16"
+    steps:
+      - checkout
+      - hmpps/install_aws_cli
+      - run:
+          name: Wait for SQS to be ready
+          command: curl -4 --connect-timeout 30 --retry-connrefused --retry 2
+            --retry-delay 5 http://localhost:4566
+      - restore_cache:
+          keys:
+            - gradle-{{ checksum "build.gradle.kts" }}
+            - gradle-
+      - run:
+          command: ./gradlew -Dorg.gradle.jvmargs="--illegal-access=permit"
+            -Dkotlin.daemon.jvm.options="--illegal-access=permit" check
+      - when:
+          condition:
+            equal: [ main, << pipeline.git.branch >> ]
+          steps:
+            - slack/notify:
+                event: fail
+                channel: << pipeline.parameters.alerts-slack-channel >>
+                template: basic_fail_1
+      - save_cache:
+          paths:
+            - ~/.gradle
+          key: gradle-{{ checksum "build.gradle.kts" }}
+      - store_test_results:
+          path: build/test-results
+      - store_artifacts:
+          path: build/reports/tests/test
+      - store_artifacts:
+          path: build/reports/coverage
+          destination: coverage
+
+workflows:
+  version: 2
+  build-test-and-deploy:
+    jobs:
+      - validate:
+          context: hmpps-common-vars
+          filters:
+            tags:
+              ignore: /.*/
+      - hmpps/helm_lint:
+          name: helm_lint
+      - hmpps/build_docker:
+          name: build_docker
+          filters:
+            branches:
+              only:
+                - main
+      - hmpps/deploy_env:
+          name: deploy_dev
+          env: "dev"
+          jira_update: true
+          jira_env_type: development
+          context: hmpps-common-vars
+          filters:
+            branches:
+              only:
+                - main
+          requires:
+            - validate
+            - build_docker
+            - helm_lint
+          helm_timeout: 5m
+      - hmpps/deploy_env:
+          name: deploy_preprod
+          env: "preprod"
+          jira_update: true
+          jira_env_type: staging
+          context:
+            - hmpps-common-vars
+            - hmpps-tier-preprod
+          filters:
+            branches:
+              only:
+                - main
+          requires:
+            - validate
+            - build_docker
+            - helm_lint
+          helm_timeout: 5m
+      - request-prod-approval:
+          type: approval
+          requires:
+            - deploy_preprod
+            - deploy_dev
+      - hmpps/deploy_env:
+          name: deploy_prod
+          env: "prod"
+          jira_update: true
+          jira_env_type: production
+          slack_notification: true
+          slack_channel_name: << pipeline.parameters.releases-slack-channel >>
+          context:
+            - hmpps-common-vars
+            - hmpps-tier-prod
+          requires:
+            - request-prod-approval
+          helm_timeout: 5m
+
+  security:
+    triggers:
+      - schedule:
+          cron: "45 9 * * 1-5"
+          filters:
+            branches:
+              only:
+                - main
+    jobs:
+      - hmpps/veracode_pipeline_scan:
+          slack_channel: << pipeline.parameters.alerts-slack-channel >>
+          context:
+            - hmpps-common-vars
+            - veracode-credentials
+  security-weekly:
+    triggers:
+      - schedule:
+          cron: "32 5 * * 1"
+          filters:
+            branches:
+              only:
+                - main
+    jobs:
+      - hmpps/veracode_policy_scan:
+          slack_channel: << pipeline.parameters.alerts-slack-channel >>
+          context:
+            - veracode-credentials
+            - hmpps-common-vars

.github/workflows/kotlin_localstack_postgres_validate.yml

@@ -0,0 +1,106 @@
+name: validate template for kotlin with localstack and postgres
+
+on:
+  workflow_call:
+    inputs:
+      working_directory:
+        type: string
+        required: false
+        default: '~/app'
+      java_version:
+        type: string
+        required: false
+        default: '21'
+      java_options:
+        type: string
+        default: 'default: -Xmx512m -XX:ParallelGCThreads=2 -XX:ConcGCThreads=2 -Djava.util.concurrent.ForkJoinPool.common.parallelism=2 -Dorg.gradle.daemon=false -Dkotlin.compiler.execution.strategy=in-process -Dorg.gradle.workers.max=1'
+        required: false
+      postgres_tag:
+        type: string
+        required: true
+      postgres_password:
+        type: string
+        default: 'dev'
+        required: false
+      postgres_username:
+        type: string
+        default: 'root'
+        required: true
+      postgres_db:
+        type: string
+        default: 'postgres'
+        required: false
+      services:
+        type: string
+        default: 's3,sqs,sns,es,ec2,lambda'
+        required: false
+      localstack_tag:
+        type: string
+        default: 'latest'
+        required: false
+
+permissions:
+  contents: read
+
+jobs:
+  template_job:
+    runs-on: ubuntu-latest
+    # Label used to access the service container
+    services:
+      postgres:
+        # Docker Hub PostgreSQL image
+        image: postgres:${{ inputs.postgres_tag }}
+        # Provide the password for postgres
+        env:
+          POSTGRES_USER: ${{ inputs.postgres_username }}
+          POSTGRES_PASSWORD: ${{ inputs.postgres_password }}
+          POSTGRES_DB: ${{ inputs.postgres_db}}
+
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          # Maps tcp port 5432 on service container to the host
+          - 5432:5432
+      localstack:
+        image: localstack/localstack:${{ inputs.localstack_tag }}
+        ports:
+          - 4566:4566
+          - 4571:4571
+        env:
+          ES_PORT_EXTERNAL: 4571
+          DOCKER_HOST: 'unix:///var/run/docker.sock'
+          AWS_EXECUTION_ENV: True
+          PERSISTENCE: 1
+          SERVICES: "${{ inputs.services }}"
+    steps:
+    - uses: actions/checkout@v4
+    - name: refresh cache
+      id: initial-cache
+      uses: actions/cache@v4
+      env: 
+        cache-name: kotlin-cache
+      with:
+        path: | 
+            - gradle-{{ checksum "build.gradle.kts" }}
+            - gradle-
+        key: ${{ runner.os }}-gradle-${{ env.cache-name }}-${{ hashFiles('build.gradle.kts') }}
+    - uses: actions/setup-java@v4
+      with:
+        distribution: 'temurin'
+        java-version: '${{ inputs.java_version }}'
+        cache: 'gradle'
+        cache-dependency-path: | 
+          *.gradle*
+          **/gradle-wrapper.properties
+    - run: ./gradlew check
+    - name: upload the artifacts
+      if: always()
+      uses: actions/upload-artifact@v4
+      with: 
+        name: upload kotlin valdation results
+        path: |
+          build/test-results
+          build/reports/tests