Skip to content

Commit 61ba489

Browse files
PI-2770 move to gha (#815)
1 parent 8956bb2 commit 61ba489

12 files changed

+207
-168
lines changed

.circleci/config.yml

-165
This file was deleted.
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
name: integration test template for kotlin
2+
3+
on:
4+
workflow_call:
5+
6+
permissions:
7+
contents: read
8+
9+
jobs:
10+
integration_tests:
11+
runs-on: ubuntu-latest
12+
services:
13+
opensearch:
14+
image: opensearchproject/opensearch:2.5.0
15+
env:
16+
node.name: opensearch
17+
cluster.name: probation-search-cluster
18+
discovery.type: single-node
19+
bootstrap.memory_lock: true
20+
plugins.security.disabled: true
21+
OPENSEARCH_JAVA_OPTS: -Xms1g -Xmx1g
22+
23+
options: >-
24+
--health-cmd "curl http://localhost:9200/_cluster/health"
25+
--health-interval 10s
26+
--health-timeout 30s
27+
--health-retries 20
28+
ports:
29+
- 9200:9200
30+
31+
steps:
32+
- uses: actions/checkout@v4
33+
- name: refresh cache
34+
id: initial-cache
35+
uses: actions/cache@v4
36+
env:
37+
cache-name: kotlin-cache
38+
with:
39+
path: |
40+
- gradle-{{ checksum "build.gradle.kts" }}
41+
- gradle-
42+
key: ${{ runner.os }}-gradle-${{ env.cache-name }}-${{ hashFiles('build.gradle.kts') }}
43+
- uses: actions/setup-java@v4
44+
with:
45+
distribution: 'temurin'
46+
java-version: '21'
47+
cache: 'gradle'
48+
cache-dependency-path: |
49+
*.gradle*
50+
**/gradle-wrapper.properties
51+
- run: ./gradlew check
52+
env:
53+
JAVA_TOOL_OPTIONS: "-Xmx4g -Dorg.gradle.daemon=false -Dkotlin.compiler.execution.strategy=in-process"
54+
TESTCONTAINERS_ELASTICSEARCH_ENABLED: 'false'
55+
- name: upload the artifacts
56+
if: always()
57+
uses: actions/upload-artifact@v4
58+
with:
59+
name: upload kotlin valdation results
60+
path: |
61+
build/test-results
62+
build/reports/tests

.github/workflows/pipeline.yml

+83
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
name: Pipeline [test -> build -> deploy]
2+
on:
3+
push:
4+
branches:
5+
- '**'
6+
workflow_dispatch:
7+
inputs:
8+
additional_docker_tag:
9+
description: Additional docker tag that can be used to specify stable or testing tags
10+
required: false
11+
default: ''
12+
type: string
13+
push:
14+
description: Push docker image to registry flag
15+
required: true
16+
default: false
17+
type: boolean
18+
permissions:
19+
contents: read
20+
packages: write
21+
concurrency:
22+
group: ${{ github.workflow }}-${{ github.ref }}
23+
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
24+
jobs:
25+
helm_lint:
26+
strategy:
27+
matrix:
28+
environments: ['dev', 'preprod', 'prod']
29+
name: helm lint
30+
uses: ministryofjustice/hmpps-github-actions/.github/workflows/test_helm_lint.yml@v2 # WORKFLOW VERSION
31+
secrets: inherit
32+
with:
33+
environment: ${{ matrix.environments }}
34+
kotlin_validate:
35+
name: Validate the kotlin
36+
uses: ./.github/workflows/kotlin_integration_tests.yml
37+
secrets: inherit
38+
build:
39+
name: Build docker image from hmpps-github-actions
40+
if: github.ref == 'refs/heads/main'
41+
uses: ministryofjustice/hmpps-github-actions/.github/workflows/docker_build.yml@v2 # WORKFLOW_VERSION
42+
needs:
43+
- kotlin_validate
44+
with:
45+
docker_registry: 'ghcr.io'
46+
registry_org: 'ministryofjustice'
47+
additional_docker_tag: ""
48+
push: ${{ inputs.push || true }}
49+
docker_multiplatform: false
50+
additional_docker_build_args: ""
51+
deploy_dev:
52+
name: Deploy to the dev environment
53+
if: github.ref == 'refs/heads/main'
54+
needs:
55+
- build
56+
- helm_lint
57+
uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2 # WORKFLOW_VERSION
58+
secrets: inherit
59+
with:
60+
environment: 'dev'
61+
app_version: '${{ needs.build.outputs.app_version }}'
62+
deploy_preprod:
63+
name: Deploy to the preprod environment
64+
needs:
65+
- build
66+
- helm_lint
67+
uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2 # WORKFLOW_VERSION
68+
secrets: inherit
69+
with:
70+
environment: 'preprod'
71+
app_version: '${{ needs.build.outputs.app_version }}'
72+
deploy_prod:
73+
name: Deploy to the prod environment
74+
needs:
75+
- build
76+
- helm_lint
77+
- deploy_dev
78+
- deploy_preprod
79+
uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2 # WORKFLOW_VERSION
80+
secrets: inherit
81+
with:
82+
environment: 'prod'
83+
app_version: '${{ needs.build.outputs.app_version }}'

.github/workflows/security_owasp.yml

+12
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
name: Security OWASP dependency check
2+
on:
3+
workflow_dispatch:
4+
schedule:
5+
- cron: "29 3 * * MON-FRI" # Every weekday at 03:29 UTC
6+
jobs:
7+
security-kotlin-owasp-check:
8+
name: Kotlin security OWASP dependency check
9+
uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_owasp.yml@v2 # WORKFLOW_VERSION
10+
with:
11+
channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
12+
secrets: inherit

.github/workflows/security_trivy.yml

+12
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
name: Security trivy dependency check
2+
on:
3+
workflow_dispatch:
4+
schedule:
5+
- cron: "29 3 * * MON-FRI" # Every weekday at 03:29 UTC
6+
jobs:
7+
security-kotlin-trivy-check:
8+
name: Project security trivy dependency check
9+
uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_trivy.yml@v2 # WORKFLOW_VERSION
10+
with:
11+
channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
12+
secrets: inherit
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
name: Security veracode pipeline scan
2+
on:
3+
workflow_dispatch:
4+
schedule:
5+
- cron: "29 3 * * MON-FRI" # Every weekday at 03:29 UTC
6+
jobs:
7+
security-veracode-pipeline-scan:
8+
name: Project security veracode pipeline scan
9+
uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_pipeline_scan.yml@v2 # WORKFLOW_VERSION
10+
with:
11+
channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
12+
secrets: inherit
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
name: Security veracode policy scan
2+
on:
3+
workflow_dispatch:
4+
schedule:
5+
- cron: "50 3 * * 1" # Every Monday at 03:50 UTC
6+
jobs:
7+
security-veracode-policy-check:
8+
name: Project security veracode policy scan
9+
uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_policy_scan.yml@v2 # WORKFLOW_VERSION
10+
with:
11+
channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
12+
secrets: inherit

.trivyignore

+3
Original file line numberDiff line numberDiff line change
@@ -10,3 +10,6 @@
1010
# Suppression for h2 2.1.214 password on command line vulnerability
1111
# can be suppressed as we only run h2 locally and not on build environments
1212
CVE-2022-45868
13+
# Suppression for tomcat vulnerability affecting jsp compilation in the default servlet
14+
# can be suppressed as we do not use the default servlet and haven't configured it for write either
15+
CVE-2024-50379

README.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# probation-offender-search
22

33
[![CircleCI](https://circleci.com/gh/ministryofjustice/probation-offender-search/tree/main.svg?style=svg)](https://circleci.com/gh/ministryofjustice/probation-offender-search)
4-
[![Docker](https://quay.io/repository/hmpps/probation-offender-search/status)](https://quay.io/repository/hmpps/probation-offender-search/status)
4+
[![Docker](https://github.com/orgs/ministryofjustice/packages?repo_name=probation-offender-search)](https://github.com/orgs/ministryofjustice/packages?repo_name=probation-offender-search)
55
[![API docs](https://img.shields.io/badge/API_docs_(needs_VPN)-view-85EA2D.svg?logo=swagger)](https://probation-offender-search-dev.hmpps.service.justice.gov.uk/swagger-ui/index.html)
66

77
API to provides searching of offender records in Delius via Elastic search

docker-compose.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
version: "3"
22
services:
33
offender-search:
4-
image: quay.io/hmpps/probation-offender-search:latest
4+
image: ghcr.io/ministryofjustice/probation-offender-search:latest
55
networks:
66
- hmpps
77
container_name: probation-offender-search

gradle.properties

+8
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
# WARNING - THIS FILE WAS GENERATED BY THE dps-gradle-spring-boot GRADLE PLUGIN
2+
# AND ANY MANUAL CHANGES WILL BE OVERRIDDEN ON YOUR NEXT BUILD.
3+
#
4+
# To make general changes to the configuration below, change the gradle plugin dps-gradle-spring-boot,
5+
# publish a new version and update to the new version in your gradle build script
6+
#
7+
# To stop the dps-gradle-spring-boot project from overwriting any project specific customisations here, remove the
8+
# warning at the top of this file.

0 commit comments

Comments
 (0)