🚧 Add many files

.devcontainer/devcontainer-lock.json

@@ -0,0 +1,42 @@
+{
+  "features": {
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {
+      "version": "2.11.0",
+      "resolved": "ghcr.io/devcontainers/features/docker-in-docker@sha256:503f23cd692325b3cbb8c20a0ecfabb3444b0c786b363e0c82572bd7d71dc099",
+      "integrity": "sha256:503f23cd692325b3cbb8c20a0ecfabb3444b0c786b363e0c82572bd7d71dc099"
+    },
+    "ghcr.io/devcontainers/features/node:1": {
+      "version": "1.5.0",
+      "resolved": "ghcr.io/devcontainers/features/node@sha256:a124954d7ed085eb90e08e6fcecac8cbcbb866317ab16deb2c7797d63cbf35d6",
+      "integrity": "sha256:a124954d7ed085eb90e08e6fcecac8cbcbb866317ab16deb2c7797d63cbf35d6"
+    },
+    "ghcr.io/devcontainers/features/python:1": {
+      "version": "1.6.2",
+      "resolved": "ghcr.io/devcontainers/features/python@sha256:adf861c49eb404ce507280936fa626dcfdc4cffeb7f0a975ef400861a0cb3313",
+      "integrity": "sha256:adf861c49eb404ce507280936fa626dcfdc4cffeb7f0a975ef400861a0cb3313"
+    },
+    "ghcr.io/ministryofjustice/devcontainer-feature/aws:1": {
+      "version": "1.0.0",
+      "resolved": "ghcr.io/ministryofjustice/devcontainer-feature/aws@sha256:bb07a76c8e7a6b630a2056ce959addddee436e3f9936c69b9163eff54f58dbd5",
+      "integrity": "sha256:bb07a76c8e7a6b630a2056ce959addddee436e3f9936c69b9163eff54f58dbd5"
+    },
+    "ghcr.io/ministryofjustice/devcontainer-feature/container-structure-test:1": {
+      "version": "1.0.0",
+      "resolved": "ghcr.io/ministryofjustice/devcontainer-feature/container-structure-test@sha256:19eb30f9eb327b667be2002757d55381de87cdb5a79a6e37d293369fe8ad01ad",
+      "integrity": "sha256:19eb30f9eb327b667be2002757d55381de87cdb5a79a6e37d293369fe8ad01ad",
+      "dependsOn": [
+        "ghcr.io/devcontainers/features/docker-in-docker:2"
+      ]
+    },
+    "ghcr.io/ministryofjustice/devcontainer-feature/kubernetes:1": {
+      "version": "1.0.1",
+      "resolved": "ghcr.io/ministryofjustice/devcontainer-feature/kubernetes@sha256:0ec758e44468ba2a8b70b87613762ab04e50f7bb5eac8f2aea592cff213dbde5",
+      "integrity": "sha256:0ec758e44468ba2a8b70b87613762ab04e50f7bb5eac8f2aea592cff213dbde5"
+    },
+    "ghcr.io/ministryofjustice/devcontainer-feature/static-analysis:1": {
+      "version": "1.0.0",
+      "resolved": "ghcr.io/ministryofjustice/devcontainer-feature/static-analysis@sha256:e81d52725655c8ffb861605feac7ad155b447d51af65f6c3a03cab32d59f1e16",
+      "integrity": "sha256:e81d52725655c8ffb861605feac7ad155b447d51af65f6c3a03cab32d59f1e16"
+    }
+  }
+}

.devcontainer/devcontainer.json

@@ -1,27 +1,31 @@
 {
-    "name": "analytical-platform-ollamate",
-    "image": "ghcr.io/ministryofjustice/devcontainer-base:latest",
-    "features": {
-      "ghcr.io/devcontainers/features/node:1": {
-        "version": "20.11.1"
-      },
-      "ghcr.io/devcontainers/features/python:1": {
-        "version": "3.12"
-      },
-      "ghcr.io/devcontainers/features/docker-in-docker:2": {},
-      "./features/src/postgresql": {},
-      "ghcr.io/ministryofjustice/devcontainer-feature/aws:0": {}
+  "name": "analytical-platform-ollamate",
+  "image": "ghcr.io/ministryofjustice/devcontainer-base:latest",
+  "features": {
+    "ghcr.io/devcontainers/features/node:1": {
+      "version": "20.11.1"
     },
-    "postCreateCommand": "bash scripts/devcontainer/post-create.sh",
-    "postStartCommand": "bash scripts/devcontainer/post-start.sh",
-    "runArgs": ["--name=analytical-platform-ollamate-devcontainer"],
-    "customizations": {
-      "vscode": {
-        "extensions": [
-          "EditorConfig.EditorConfig",
-          "GitHub.vscode-github-actions",
-          "GitHub.vscode-codeql"
-        ]
-      }
+    "ghcr.io/devcontainers/features/python:1": {
+      "version": "3.12"
+    },
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {},
+    "./features/src/postgresql": {},
+    "ghcr.io/ministryofjustice/devcontainer-feature/aws:1": {},
+    "ghcr.io/ministryofjustice/devcontainer-feature/container-structure-test:1": {},
+    "ghcr.io/ministryofjustice/devcontainer-feature/kubernetes:1": {},
+    "ghcr.io/ministryofjustice/devcontainer-feature/static-analysis:1": {}
+  },
+  "postCreateCommand": "bash scripts/devcontainer/post-create.sh",
+  "postStartCommand": "bash scripts/devcontainer/post-start.sh",
+  "runArgs": ["--name=analytical-platform-ollamate-devcontainer"],
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "EditorConfig.EditorConfig",
+        "GitHub.vscode-github-actions",
+        "GitHub.vscode-codeql",
+        "ms-vsliveshare.vsliveshare"
+      ]
     }
-  }
+  }
+}

.editorconfig

@@ -5,6 +5,19 @@ end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
 
+# This file is autogenerated
+[.devcontainer/devcontainer-lock.json]
+end_of_line = unset
+insert_final_newline = unset
+
+[*.json]
+indent_style = space
+indent_size = 2
+
 [*.sh]
 indent_style = space
-indent_size = 2
+indent_size = 2
+
+[{*.yml,*.yaml}]
+indent_style = space
+indent_size = 2

.flake8

@@ -0,0 +1,5 @@
+[flake8]
+max-line-length = 88
+extend-ignore = E203, E704
+exclude =
+    venv

.github/CODEOWNERS

@@ -1,3 +1 @@
-# Add a team or username to this file
-# Example:
-# *   @ministryofjustice/operations-engineering
+@ministryofjustice/analytical-platforms

.github/dependabot.yml

@@ -1,21 +1,11 @@
 ---
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
-
 version: 2
-
 updates:
-  - package-ecosystem: "bundler"
+  - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "daily"
-  - package-ecosystem: "terraform"
-    directory: "/terraform"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "github-actions"
+  - package-ecosystem: "devcontainers"
     directory: "/"
     schedule:
       interval: "daily"
@@ -27,10 +17,6 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
-  - package-ecosystem: "gomod"
-    directory: "/"
-    schedule:
-      interval: "daily"
   - package-ecosystem: "docker"
     directory: "/"
     schedule:

.github/workflows/chart-lint.yml

@@ -0,0 +1,33 @@
+---
+name: Chart Lint
+
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions: {}
+
+jobs:
+  chart-lint:
+    name: Chart Lint
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Set Up Helm
+        id: setup_helm
+        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+
+      - name: Set Up Helm Chart Testing
+        id: setup_chart_testing
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+
+      - name: Lint Chart
+        id: lint_chart
+        run: |
+          make ct

.github/workflows/enforce-version-pinning.yml

@@ -0,0 +1,38 @@
+---
+name: Enforce Version Pinning
+
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions: {}
+
+jobs:
+  enforce-version-pinning:
+    name: Enforce Version Pinning
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Check for pinned versions in requirements.txt
+        run: |
+          if grep -q -v '==' requirements.txt; then
+            echo "Unpinned dependencies found in requirements.txt"
+            echo "❌ Unpinned dependencies found in requirements.txt"
+            exit 1
+          else
+            echo "✅ All dependencies are correctly pinned."
+          fi
+
+      - name: Check for pinned versions in package.json
+        run: |
+          UNPINNED=$(grep -E '"[^"]+": "\^|~' package.json || true)
+          if [ -n "$UNPINNED" ]; then
+            echo "❌ Unpinned dependencies found in package.json:"
+            echo "$UNPINNED"
+            exit 1
+          else
+            echo "✅ All dependencies are correctly pinned."
+          fi

.github/workflows/release.yml

@@ -1,54 +1,89 @@
 ---
-name: Release
-
-on:
-  push:
-    tags:
-      - '*.*.*'
-
-permissions: {}
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-      packages: write
-    steps:
-      - name: Checkout
-        id: checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Install cosign
-        id: install-cosign
-        uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0
-
-      - name: Login to GitHub Container Registry
-        id: login
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Push
-        id: push
-        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
-        with:
-          context: .
-          push: true
-          tags: ghcr.io/${{ github.repository_owner }}/analytical-platform-ui:${{ github.ref_name }}
-
-      - name: Sign
-        id: sign
-        run: |
-          cosign sign --yes ghcr.io/${{ github.repository_owner }}/analytical-platform-ui@${{ steps.push.outputs.digest }}
-
-      - name: Verify
-        id: verify
-        run: |
-          cosign verify \
-          --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
-          --certificate-identity=https://github.com/${{ github.repository_owner }}/analytical-platform-ui/.github/workflows/release.yml@refs/tags/${{ github.ref_name }} \
-          ghcr.io/${{ github.repository_owner }}/analytical-platform-ui@${{ steps.push.outputs.digest }}
+  name: Release
+
+  on:
+    push:
+      tags:
+        - "*"
+
+  permissions: {}
+
+  jobs:
+    release-image:
+      name: Release Image
+      runs-on: ubuntu-latest
+      permissions:
+        contents: read
+        id-token: write
+        packages: write
+      steps:
+        - name: Checkout
+          id: checkout
+          uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+        - name: Install cosign
+          id: install_cosign
+          uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
+
+        - name: Log in to GitHub Container Registry
+          id: login_ghcr
+          uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+          with:
+            registry: ghcr.io
+            username: ${{ github.actor }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+
+        - name: Build and Push
+          id: build_and_push
+          uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6.2.0
+          with:
+            push: true
+            tags: ghcr.io/${{ github.repository }}:${{ github.ref_name }}
+
+        - name: Sign
+          id: sign
+          shell: bash
+          run: |
+            cosign sign --yes ghcr.io/${{ github.repository }}@${{ steps.build_and_push.outputs.digest }}
+
+        - name: Verify
+          id: verify
+          run: |
+            cosign verify \
+              --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
+              --certificate-identity=https://github.com/${{ github.repository }}/.github/workflows/release.yml@refs/tags/${{ github.ref_name }} \
+              ghcr.io/${{ github.repository }}@${{ steps.build_and_push.outputs.digest }}
+
+    release-chart:
+      name: Release Chart
+      runs-on: ubuntu-latest
+      permissions:
+        contents: read
+        id-token: write
+        packages: write
+      steps:
+        - name: Checkout
+          id: checkout
+          uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+        - name: Set Up Helm
+          id: setup_helm
+          uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+
+        - name: Log in to GitHub Container Registry
+          id: login_ghcr
+          uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+          with:
+            registry: ghcr.io
+            username: ${{ github.actor }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+
+        - name: Package Chart
+          id: package_chart
+          run: |
+            helm package chart --destination .helm-deploy
+
+        - name: Push Chart
+          id: push_chart
+          run: |
+            helm push .helm-deploy/analytical-platform-ollamate-${{ github.ref_name }}.tgz oci://ghcr.io/ministryofjustice/analytical-platform-charts