Skip to content

Commit

Permalink
Merge branch 'master' into HOFF-672-test
Browse files Browse the repository at this point in the history
  • Loading branch information
@mislam987
mislam987 authored Sep 5, 2024
2 parents 2a0caf0 + 7933fdf commit 394157e
Show file tree
Hide file tree
Showing 8 changed files with 354 additions and 11 deletions.
148 changes: 145 additions & 3 deletions .drone.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ environment:
BRANCH_ENV: sas-lmr-branch
STG_ENV: sas-lmr-stg
UAT_ENV: sas-lmr-uat
PRODUCTION_URL: www.home-office-forms-demo.homeoffice.gov.uk
PRODUCTION_URL: www.landlords-reporting.homeoffice.gov.uk
IMAGE_URL: quay.io/ukhomeofficedigital
IMAGE_REPO: lmr
GIT_REPO: UKHomeOffice/lmr
Expand Down Expand Up @@ -42,6 +42,12 @@ acceptance_tests: &acceptance_tests
pull: if-not-exists
image: mcr.microsoft.com/playwright:v1.12.3-focal

sonar_scanner: &sonar_scanner
pull: if-not-exists
image: quay.io/ukhomeofficedigital/sonar-scanner-nodejs:latest
commands:
- sonar-scanner -Dproject.settings=./sonar-project.properties

steps:
- name: clone_repos
image: alpine/git
Expand Down Expand Up @@ -89,6 +95,14 @@ steps:
- master
event: push

- name: sonar_scanner_deploy
<<: *sonar_scanner
when:
branch:
include:
- master
event: push

- name: build_image
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
environment:
Expand Down Expand Up @@ -118,12 +132,31 @@ steps:
branch: master
event: [push, pull_request]

# Trivy Security Scannner
- name: scan-image
pull: always
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/trivy/client:latest
resources:
limits:
cpu: 1000
memory: 1024Mi
environment:
IMAGE_NAME: lmr:${DRONE_COMMIT_SHA}
SEVERITY: MEDIUM,HIGH,CRITICAL
FAIL_ON_DETECTION: false
IGNORE_UNFIXED: true
ALLOW_CVE_LIST_FILE: hof-services-config/Landlords_Make_A_Report/trivy-cve-exceptions.txt
when:
event:
- pull_request
- push
- tag

# Deploy to pull request UAT environment
- name: deploy_to_branch
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
environment:
# NOTIFY_STUB: stub
KUBE_SERVER:
from_secret: kube_server_dev
KUBE_TOKEN:
Expand Down Expand Up @@ -177,6 +210,33 @@ steps:
branch: master
event: pull_request

- name: sonar_scanner_branch
<<: *sonar_scanner
when:
branch:
include:
- master
- feature/*
event: pull_request

# Snyk security scans which run after branch deployment to prevent blocking of PR UAT tests.
- name: snyk_scan
pull: if-not-exists
image: node:lts
environment:
NOTIFY_STUB: true
SNYK_TOKEN:
from_secret: snyk_token
commands:
- yarn run test:snyk
when:
branch:
include:
- master
- feature/*
event: pull_request

# Deploy to master UAT environment
- name: deploy_to_uat
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
Expand Down Expand Up @@ -209,6 +269,19 @@ steps:
branch: master
event: push

- name: clone_repos_prod
image: alpine/git
environment:
DRONE_GIT_USERNAME:
from_secret: drone_git_username
DRONE_GIT_TOKEN:
from_secret: drone_git_token
commands:
- git clone https://$${DRONE_GIT_USERNAME}:$${DRONE_GIT_TOKEN}@github.com/UKHomeOfficeForms/hof-services-config.git
when:
target: PROD
event: promote

# Tear down pull request UAT environment
- name: tear_down_branch
pull: if-not-exists
Expand Down Expand Up @@ -267,6 +340,58 @@ steps:
cron: tear_down_pr_envs
event: cron

# # CRON job steps that runs security scans using Snyk & Trivy
- name: cron_clone_repos
image: alpine/git
environment:
DRONE_GIT_USERNAME:
from_secret: drone_git_username
DRONE_GIT_TOKEN:
from_secret: drone_git_token
commands:
- git clone https://$${DRONE_GIT_USERNAME}:$${DRONE_GIT_TOKEN}@github.com/UKHomeOfficeForms/hof-services-config.git
when:
cron: security_scans
event: cron

- name: cron_build_image
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- docker build --no-cache -t $${IMAGE_REPO}:$${DRONE_COMMIT_SHA} .
volumes:
- name: dockersock
path: /var/run
when:
cron: security_scans
event: cron

- name: cron_snyk_scan
pull: if-not-exists
image: node:lts
environment:
SNYK_TOKEN:
from_secret: snyk_token
commands:
- yarn install --frozen-lockfile
- yarn run postinstall
- yarn run test:snyk
when:
cron: security_scans
event: cron

- name: cron_trivy_scan
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/trivy/client:latest
pull: always
environment:
IMAGE_NAME: lmr:${DRONE_COMMIT_SHA}
SEVERITY: MEDIUM,HIGH,CRITICAL
FAIL_ON_DETECTION: false
IGNORE_UNFIXED: true
ALLOW_CVE_LIST_FILE: hof-services-config/Landlords_Make_A_Report/trivy-cve-exceptions.txt
when:
cron: security_scans
event: cron

# Slack notification upon a CRON job fail
- name: cron_notify_slack_tear_down_pr_envs
pull: if-not-exists
Expand All @@ -276,7 +401,7 @@ steps:
failure: ignore
icon_url: http://readme.drone.io/0.5/logo_dark.svg
icon.url: http://readme.drone.io/0.5/logo_dark.svg
template: "CRON Job {{build.deployTo}} of GRO has {{build.status}} - <{{build.link}}|#{{build.number}}> {{#success build.status}}\n :thumbsup: :thumbsup: :thumbsup:\n{{else}}\n :x: :x: :x:\n{{/success}} Author: {{build.author}}\n\nDuration: {{since job.started}}\n\nJob: <{{build.link}}|#{{build.number}}>\n\nCommit: {{build.commit}}\n"
template: "CRON Job {{build.deployTo}} of Landlords Make A Report form has {{build.status}} - <{{build.link}}|#{{build.number}}> {{#success build.status}}\n :thumbsup: :thumbsup: :thumbsup:\n{{else}}\n :x: :x: :x:\n{{/success}} Author: {{build.author}}\n\nDuration: {{since job.started}}\n\nJob: <{{build.link}}|#{{build.number}}>\n\nCommit: {{build.commit}}\n"
username: Drone
webhook:
from_secret: slack_webhook
Expand All @@ -285,6 +410,23 @@ steps:
event: cron
status: failure

- name: cron_notify_slack_security_scans
pull: if-not-exists
image: plugins/slack
settings:
channel: sas-build
failure: ignore
icon_url: http://readme.drone.io/0.5/logo_dark.svg
icon.url: http://readme.drone.io/0.5/logo_dark.svg
template: "CRON Job {{build.deployTo}} of Landlords Make A Report Form has {{build.status}} - <{{build.link}}|#{{build.number}}> {{#success build.status}}\n :thumbsup: :thumbsup: :thumbsup:\n{{else}}\n :x: :x: :x:\n{{/success}} Author: {{build.author}}\n\nDuration: {{since job.started}}\n\nJob: <{{build.link}}|#{{build.number}}>\n\nCommit: {{build.commit}}\n"
username: Drone
webhook:
from_secret: slack_webhook
when:
cron: security_scans
event: cron
status: failure

services:
- name: docker
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
Expand Down
75 changes: 75 additions & 0 deletions .snyk
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.19.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
SNYK-JS-REQUEST-3361831:
- '*':
reason: No upgrade or patch available
expires: '2024-11-01T17:02:21.865Z'
SNYK-JS-XML2JS-5414874:
- '*':
reason: No direct upgrade or patch available
expires: '2024-11-01T17:02:21.865Z'
SNYK-JS-DICER-2311764:
- '*':
reason: No upgrade or patch available
expires: '2024-11-01T17:02:21.865Z'
SNYK-JS-FILETYPE-2958042:
- '*':
reason: No upgrade or patch available
expires: '2024-11-01T17:02:21.865Z'
SNYK-JS-UNDERSCORE-1080984:
- '*':
reason: No upgrade or patch available
expires: '2024-11-01T17:02:21.865Z'
SNYK-JS-USERAGENT-174737:
- '*':
reason: No upgrade or patch available
expires: '2024-11-01T17:02:21.865Z'
SNYK-JS-AXIOS-6032459:
- '*':
reason: To be updated to a newer version in hof
expires: '2024-11-01T17:02:21.865Z'
SNYK-JS-AXIOS-6124857:
- '*':
reason: To be updated to a newer version in hof
expires: '2024-11-01T17:02:21.865Z'
SNYK-JS-AXIOS-6144788:
- '*':
reason: To be updated to a newer version in hof
expires: '2024-11-01T17:02:21.865Z'
SNYK-JS-FOLLOWREDIRECTS-6141137:
- '*':
reason: To be updated to a newer version in hof
expires: '2024-11-01T17:02:21.865Z'
SNYK-JS-INFLIGHT-6095116:
- '*':
reason: To be updated to a newer version in hof
expires: '2024-11-01T17:02:21.865Z'
SNYK-JS-NODEMAILER-6219989:
- '*':
reason: To be updated to a newer version in hof
expires: '2024-11-01T17:02:21.865Z'
SNYK-JS-TOUGHCOOKIE-5672873:
- '*':
reason: To be updated to a newer version in hof
expires: '2024-11-01T17:02:21.865Z'
SNYK-JS-MARKDOWNIT-6483324:
- hof > markdown-it:
reason: Need to update markdown-it in HOF to version 13.0.2.
expires: '2024-07-03T00:00:00.000Z'
SNYK-JS-FOLLOWREDIRECTS-6444610:
- hof > notifications-node-client > * :
reason: No upgrade or patch available
expires: '2024-06-21T00:00:00.000Z'
- notifications-node-client > axios > follow-redirects:
reason: Need to update follow-redirects in HOF to version 1.15.6.
expires: '2024-06-21T00:00:00.000Z'
SNYK-JS-EXPRESS-6474509:
- hof > *:
reason: Need to update follow-redirects in HOF to version 1.15.6.
expires: '2024-06-21T00:00:00.000Z'
- hof > reqres > express:
reason: Need to update follow-redirects in HOF to version 1.15.6.
expires: '2024-06-21T00:00:00.000Z'
patch: {}
1 change: 0 additions & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ FROM node:18-alpine@sha256:2322b1bb3917b313f2e9308395aa5c39d51b91cc92a5d4d5be6d0

USER root

# Update packages as a result of Anchore security vulnerability checks
RUN apk update && \
apk add --upgrade gnutls binutils nodejs npm apk-tools libjpeg-turbo libcurl libx11 libxml2

Expand Down
4 changes: 3 additions & 1 deletion apps/lmr/translations/src/en/pages.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,8 @@
}
},
"accessibility": {
"header": "Accessibility statement"
"header": "Accessibility statement",
"preparation-p1": "This statement was prepared on 19 April 2024. It was last reviewed on 19 April 2024.",
"preparation-p2": "This website was last tested on 18 March 2024. The test was carried out internally by the Home Office."
}
}
4 changes: 2 additions & 2 deletions apps/lmr/views/accessibility.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,8 @@ <h3 class="govuk-heading-m">{{#t}}accessibility.disproportionate-burden-header{{
<h3 class="govuk-heading-m">{{#t}}accessibility.outside-scope-header{{/t}}</h3>
<p class="govuk-body">{{#t}}accessibility.outside-scope-p1{{/t}}</p>
<h2 class="govuk-heading-m">{{#t}}accessibility.preparation-header{{/t}}</h2>
<p class="govuk-body">{{#t}}accessibility.preparation-p1{{/t}}</p>
<p class="govuk-body">{{#t}}accessibility.preparation-p2{{/t}}</p>
<p class="govuk-body">{{#t}}pages.accessibility.preparation-p1{{/t}}</p>
<p class="govuk-body">{{#t}}pages.accessibility.preparation-p2{{/t}}</p>
<p class="govuk-body">{{#t}}accessibility.preparation-p3{{/t}}</p>
{{/page-content}}
{{/partials-page}}
6 changes: 4 additions & 2 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
"test:acceptance": "TAGS=\"${TAGS:=@feature}\" npm run test:cucumber",
"test:acceptance_browser": "ACCEPTANCE_WITH_BROWSER=true TAGS=\"${TAGS:=@feature}\" yarn run test:cucumber",
"test:cucumber": "cucumber-js -f @cucumber/pretty-formatter \"test/_features/**/*.feature\" --require test/_features/test.setup.js --require \"test/_features/step_definitions/**/*.js\" --tags $TAGS",
"test:snyk": "snyk config set api=SNYK_TOKEN && snyk test",
"build": "hof-build",
"postinstall": "yarn run build"
},
Expand All @@ -27,7 +28,7 @@
"jquery": "^3.6.0",
"lodash": "^4.17.21",
"moment": "^2.29.4",
"notifications-node-client": "^7.0.0",
"notifications-node-client": "^8.0.0",
"typeahead-aria": "^1.0.4",
"uuidv4": "^6.2.13"
},
Expand All @@ -39,7 +40,8 @@
"eslint-config-hof": "^1.3.1",
"mocha": "^9.2.0",
"nyc": "^15.1.0",
"playwright": "^1.2.3"
"playwright": "^1.2.3",
"snyk": "^1.1288.0"
},
"mocha": {
"require": "test/setup.js"
Expand Down
6 changes: 6 additions & 0 deletions sonar-project.properties
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
sonar.projectKey=Landlords-Make-A-Report
sonar.projectName=Landlords-Make-A-Report
sonar.language=js
sonar.sources=apps
sonar.tests=test
sonar.javascript.lcov.reportPaths=coverage/lcov.info
Loading

0 comments on commit 394157e

Please sign in to comment.