Drift from template

Author: aidenvaines-cgi

.editorconfig

@@ -19,3 +19,13 @@ indent_size = 4
 
 [{Makefile,*.mk,go.mod,go.sum,*.go,.gitmodules}]
 indent_style = tab
+
+# Ignore paths
+[Gemfile.lock]
+charset = unset
+end_of_line = unset
+insert_final_newline = unset
+trim_trailing_whitespace = unset
+indent_style = unset
+indent_size = unset
+generated_code = true

.github/CODEOWNERS

@@ -1,8 +1,9 @@
 # NHS Notify Code Owners
 
-* @rossbugginsnhs @m-houston @edmundcraske2-nhs @timireland
+# Notify default owners
+* @rossbugginsnhs @m-houston @aidenvaines-bjss @timireland
 
-# Default protection for codeowners, must be last in file.
+# Codeowners must be final check
 /.github/CODEOWNERS @NHSDigital/nhs-notify-code-owners
 /CODEOWNERS @NHSDigital/nhs-notify-code-owners
 

.github/actions/lint-terraform/action.yaml

@@ -16,5 +16,6 @@ runs:
       run: |
         stacks=${{ inputs.root-modules }}
         for dir in $(find infrastructure/environments -maxdepth 1 -mindepth 1 -type d; echo ${stacks//,/$'\n'}); do
+          dir=$dir opts='-backend=false' make terraform-init
           dir=$dir make terraform-validate
         done

.gitignore

@@ -6,12 +6,8 @@
 *vulnerabilities*report*.json
 *report*json.zip
 .version
-*.rej
-*.porig
-
+version.json
 *.code-workspace
 !project.code-workspace
 
 # Please, add your custom content below!
-
-!nhs-notify-dns.code-workspace

.gitleaksignore

@@ -1,3 +1,5 @@
 # SEE: https://github.com/gitleaks/gitleaks/blob/master/README.md#gitleaksignore
 
 cd9c0efec38c5d63053dd865e5d4e207c0760d91:docs/guides/Perform_static_analysis.md:generic-api-key:37
+96096685ab3d6876671e2bc9a6ff4d48fc56e521:src/helloworld/helloworld.sln:ipv4:4
+4f4e8c15629b2cb09356a7fed4d72953590227ce:docs/Gemfile.lock:ipv4:4

.tool-versions

@@ -1,11 +1,11 @@
-# This file is for you! Please, updated to the versions agreed by your team.
-
+act 0.2.64
+gitleaks 8.18.4
 pre-commit 3.6.0
-gitleaks 8.15.3
-tfsec 1.28.10
 terraform 1.9.2
 terraform-docs 0.19.0
+tfsec 1.28.10
 vale 3.6.0
+
 # ==============================================================================
 # The section below is reserved for Docker image versions.
 

Makefile

@@ -11,7 +11,7 @@ dependencies: # Install dependencies needed to build and test the project @Pipel
 	# TODO: Implement installation of your project dependencies
 
 build: # Build the project artefact @Pipeline
-	# TODO: Implement the artefact build step
+	(cd docs && make build)
 
 publish: # Publish the project artefact @Pipeline
 	# TODO: Implement the artefact publishing step
@@ -20,12 +20,16 @@ deploy: # Deploy the project artefact to the target environment @Pipeline
 	# TODO: Implement the artefact deployment step
 
 clean:: # Clean-up project resources (main) @Operations
+	rm -f .version
 	# TODO: Implement project resources clean-up step
 
-config:: # Configure development environment (main) @Configuration
-	# TODO: Use only 'make' targets that are specific to this project, e.g. you may not need to install Node.js
-	make _install-dependencies
+config:: _install-dependencies version # Configure development environment (main) @Configuration
+	(cd docs && make install)
 
+version:
+	rm -f .version
+	make version-create-effective-file dir=.
+	echo "{ \"schemaVersion\": 1, \"label\": \"version\", \"message\": \"$$(head -n 1 .version 2> /dev/null || echo unknown)\", \"color\": \"orange\" }" > version.json
 # ==============================================================================
 
 ${VERBOSE}.SILENT: \

infrastructure/terraform/.gitignore

@@ -2,7 +2,13 @@
 
 # Transient backends
 components/**/backend_tfscaffold.tf
-bootstrap
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
 
 # Compiled files
 **/*.tfstate

infrastructure/terraform/README

@@ -0,0 +1,3 @@
+This is an implementation of https://github.com/tfutils/tfscaffold for NHS Notify
+
+Update the `etc/global.tfvars` file according to your NHS Notify Domain, and follow https://github.com/tfutils/tfscaffold?tab=readme-ov-file#bootstrapping to get your tfstate s3 bucket set up

infrastructure/terraform/bin/terraform.sh

@@ -8,7 +8,7 @@
 ##
 # Set Script Version
 ##
-readonly script_ver="1.8.0";
+readonly script_ver="1.8.1";
 
 ##
 # Standardised failure function
@@ -399,13 +399,16 @@ fi;
 pushd "${component_path}";
 readonly component_name=$(basename ${component_path});
 
-# Check for presence of tfenv (https://github.com/kamatama41/tfenv)
-# and a .terraform-version file. If both present, ensure required
-# version of terraform for this component is installed automagically.
-tfenv_bin="$(which tfenv 2>/dev/null)";
-if [[ -n "${tfenv_bin}" && -x "${tfenv_bin}" && -f .terraform-version ]]; then
-  ${tfenv_bin} install;
-fi;
+# install terraform
+# verify terraform version matches .tool-versions
+echo ${PWD}
+tool_version=$(grep "terraform " .tool-versions | cut -d ' ' -f 2)
+asdf plugin-add terraform && asdf install terraform "${tool_version}"
+current_version=$(terraform --version | head -n 1 | cut -d 'v' -f 2)
+
+if [ -z "${current_version}" ] || [ "${current_version}" != "${tool_version}" ]; then
+  error_and_die "Terraform version mismatch. Expected: ${tool_version}, Actual: ${current_version}"
+fi
 
 # Regardless of bootstrapping or not, we'll be using this string.
 # If bootstrapping, we will fill it with variables,