feat(vapt): merge back into tracking branch

.env-example

@@ -1,16 +1,19 @@
 export CLIENT_ID=""
 export CLIENT_SECRET=""
-export REDIRECT_URI="http://localhost:8081/auth"
+export REDIRECT_URI="http://localhost:8081/v1/auth"
 export NODE_ENV="LOCAL_DEV"
 export COOKIE_DOMAIN="localhost"
 export AUTH_TOKEN_EXPIRY_DURATION_IN_MILLISECONDS=3600000
+export SESSION_SECRET=mysessionsecretblah
 export JWT_SECRET=mysecretblah
 export ENCRYPTION_SECRET=anothersecretblah
 export FRONTEND_URL='http://localhost:8081'
 export GITHUB_ORG_NAME="isomerpages"
 export GITHUB_BUILD_ORG_NAME="opengovsg"
 export GITHUB_BUILD_REPO_NAME="isomer-build"
 export MUTEX_TABLE_NAME=""
+export MAX_NUM_OTP_ATTEMPTS=5
+export OTP_EXPIRY=900000
 
 # GitHub access token to create repo
 export SYSTEM_GITHUB_TOKEN=""
@@ -50,3 +53,9 @@ AWS_REGION="ap-southeast-1"
 export DD_ENV="local"
 export DD_SERVICE="isomer"
 export DD_TAGS="service:isomer"
+
+# Cloudmersive
+export CLOUDMERSIVE_API_KEY=""
+
+# GitGuardian
+export GITGUARDIAN_API_KEY=""

.env.test

@@ -11,6 +11,8 @@ export GITHUB_ORG_NAME="isomerpages"
 export GITHUB_BUILD_ORG_NAME="opengovsg"
 export GITHUB_BUILD_REPO_NAME="isomer-build"
 export ISOMERPAGES_REPO_PAGE_COUNT=3
+export MAX_NUM_OTP_ATTEMPTS=5
+export OTP_EXPIRY=900000
 
 # Database
 export DB_URI="postgres://isomer:password@localhost:54321/isomercms_test"

.github/workflows/vapt.yml

@@ -0,0 +1,165 @@
+name: vapt
+
+on:
+  push:
+  pull_request:
+    types: [opened, reopened]
+
+env:
+  VAPT_BRANCH: refs/heads/vapt
+  EB_APP: cms-backend-vapt-application-alb	
+  EB_ENV_VAPT: cms-backend-vapt-application-alb
+  COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
+
+jobs:
+  install:
+    # NOTE: Netlify uses ubuntu 16.08 but Github Actions does not offer it by default.
+    # Hence, we default to the latest version.
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: "14.x"
+      - name: Cache Node.js modules
+        uses: actions/cache@v2
+        with:
+          # npm cache files are stored in `~/.npm` on Linux/macOS
+          path: ~/.npm
+          key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.OS }}-node-
+            ${{ runner.OS }}-
+      - run: npm ci
+
+  lint:
+    needs: install
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: "14.x"
+      - name: Load Node.js modules
+        uses: actions/cache@v2
+        with:
+          # npm cache files are stored in `~/.npm` on Linux/macOS
+          path: ~/.npm
+          key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
+      - run: npm ci
+      - run: npm run lint-fix
+      - run: npm run format-fix
+
+  test:
+    needs: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: "14.x"
+      - name: Load Node.js modules
+        uses: actions/cache@v2
+        with:
+          # npm cache files are stored in `~/.npm` on Linux/macOS
+          path: ~/.npm
+          key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
+      - run: npm ci
+      - run: npm run dev:services
+      - run: . .env.test && npx jest
+      - run: docker compose down
+
+  gatekeep:
+    name: Determine if Build & Deploy is needed
+    outputs:
+      proceed: ${{ steps.determine_proceed.outputs.proceed }}
+    runs-on: ubuntu-18.04
+    if: github.event_name == 'push'
+    steps:
+      - shell: python
+        id: determine_proceed
+        run: |
+          import os
+          ref = os.environ['GITHUB_REF']
+          vapt = os.environ['VAPT_BRANCH']
+          if ref == vapt:
+            print('::set-output name=proceed::true')
+          else:
+            print('::set-output name=proceed::false')
+
+  deploy:
+    name: Build and deploy to EB
+    runs-on: ubuntu-18.04
+    needs: [gatekeep]
+    if: needs.gatekeep.outputs.proceed == 'true'
+    steps:
+        - uses: actions/checkout@v2
+        - name: Use Node.js
+          uses: actions/setup-node@v1
+          with:
+            node-version: '12.x'
+        - name: Cache Node.js modules
+          uses: actions/cache@v2
+          with:
+            # npm cache files are stored in `~/.npm` on Linux/macOS
+            path: ~/.npm
+            key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
+            restore-keys: |
+              ${{ runner.OS }}-node-
+              ${{ runner.OS }}-
+        - name: Inject DataDog API key
+          env: 
+            DD_API_KEY: ${{ secrets.DD_API_KEY }}
+          run: sed -i -e "s#@DD_API_KEY#$DD_API_KEY#g" .ebextensions/99datadog.config
+        - name: Install NPM
+          run: npm ci
+        - name: Build application
+          run: npm run build
+        - name: Zip application
+          run: zip -r "deploy.zip" * .platform .ebextensions -x .env-example .gitignore package-lock.json 
+        - name: Get timestamp
+          shell: bash
+          run: echo "##[set-output name=timestamp;]$(env TZ=Asia/Singapore date '+%Y%m%d%H%M%S')"
+          id: get_timestamp
+        - name: Get Elastic Beanstalk label
+          shell: bash
+          run: echo "##[set-output name=label;]$(echo github-${GITHUB_SHA}-${TIMESTAMP})"
+          id: get_label
+          env:
+            TIMESTAMP: ${{ steps.get_timestamp.outputs.timestamp }}
+        - name: Get truncated version_description
+          id: get_desc
+          shell: python
+          run: |
+            import os
+            commit_message = os.environ['COMMIT_MESSAGE']
+            description = commit_message[0:100].replace('(', '').replace(')', '').replace('\'', '')
+            print('::set-output name=desc::' + description)
+        - name: Select Elastic Beanstalk variables
+          shell: python
+          run: |
+            import os
+            branch = os.environ['GITHUB_REF']
+            vapt = os.environ['VAPT_BRANCH']
+            eb_app = os.environ['EB_APP']
+            eb_env_vapt = os.environ['EB_ENV_VAPT']
+            if branch == vapt:
+              print('::set-output name=eb_app::' + eb_app)
+              print('::set-output name=eb_env::' + eb_env_vapt)
+          id: select_eb_vars
+        - name: Deploy to EB
+          uses: opengovsg/beanstalk-deploy@v11
+          with:
+            aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID_FOR_CICD }}
+            aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_FOR_CICD }}
+            application_name: ${{ steps.select_eb_vars.outputs.eb_app }}
+            environment_name: ${{ steps.select_eb_vars.outputs.eb_env }}
+            version_description: ${{ steps.get_desc.output.desc }}
+            version_label: ${{ steps.get_label.outputs.label }}
+            region: ap-southeast-1
+            deployment_package: deploy.zip
+            wait_for_deployment: true
+            wait_for_environment_recovery: true

.gitignore

@@ -4,5 +4,7 @@ node_modules/
 build/
 *.pem
 .env*
+.env.*
 .idea/
-.DS_Store
+.DS_Store
+.cache_ggshield

.husky/pre-commit

@@ -2,3 +2,4 @@
 . "$(dirname "$0")/_/husky.sh"
 
 npx lint-staged
+source .env && ggshield secret scan pre-commit

README.md

@@ -1,3 +1,34 @@
+## Setup
+
+1. Ensure pre-commit hooks are setup for safe commits. See below section on "Setting up Git Guardian"
+2. Ensure node 14 is installed. Install and use nvm to manage multiple node versions.
+3. Run `npm i` to install required packages
+4. Ensure [Docker](https://www.docker.com/products/docker-desktop/) is installed
+5. Run `npm run dev:services` to bring up the docker containers
+6. Run `npm run dev` to start the server
+
+## Setting Up Git Guardian
+
+1. Install GitGuardian
+
+```
+brew install gitguardian/tap/ggshield
+```
+
+2. Add the API Key to your `.env` file
+
+```
+# Service API key from GitGuardian account
+export GITGUARDIAN_API_KEY=abc123
+```
+
+Notes:
+
+Only if necessary,
+
+- To skip all pre-commit hooks, use `$ git commit -m "commit message" -n`
+- To skip only GitGuardian’s hook, use `$ SKIP=ggshield git commit -m "commit message"`
+
 ## E2E Tests
 
 To run the E2E tests successfully, you will need to define the following environment variables: