Merge pull request #94 from DEFRA/feature/NI-131-dockerise

NI-131: Dockerfile and .env files for fws-app

Author: teddmason

.githooks/pre-commit

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+# Pre-commit hook to prevent committing .env files with secrets
+
+ENV_FILES=(
+    "docker/.env"
+    "docker/.env.example"
+)
+
+SECRETS_FOUND=false
+
+for ENV_FILE in "${ENV_FILES[@]}"; do
+    # Check if .env file is being committed
+    if git diff --cached --name-only | grep -q "^${ENV_FILE}$"; then
+        echo "⚠️  WARNING: Attempting to commit ${ENV_FILE}"
+        echo ""
+        
+        # Check for populated secrets
+        SENSITIVE_VARS=(
+            "AD_CLIENT_ID"
+            "AD_CLIENT_SECRET"
+            "AD_TENANT"
+            "AD_COOKIE_PASSWORD"
+            "FWS_API_KEY"
+        )
+        
+        for var in "${SENSITIVE_VARS[@]}"; do
+            # Get the staged content
+            staged_value=$(git diff --cached "${ENV_FILE}" | grep "^+${var}=" | cut -d'=' -f2- | tr -d ' ' || true)
+            
+            # Also check current file content if it's being added
+            if [[ -f "${ENV_FILE}" ]]; then
+                current_value=$(grep "^${var}=" "${ENV_FILE}" 2>/dev/null | cut -d'=' -f2- | tr -d ' ' || true)
+                
+                # Check if value is not empty and not a placeholder
+                if [[ -n "$current_value" ]] && \
+                   [[ "$current_value" != "YOUR_VALUE_HERE" ]] && \
+                   [[ "$current_value" != "CHANGE_ME" ]] && \
+                   [[ "$current_value" != "DUMMY_VALUE" ]] && \
+                   [[ "$current_value" != "http://dummy.url" ]] && \
+                   [[ "$current_value" != "cookie_encryption_password_secure" ]]; then
+                    echo "❌ ERROR: Secret variable ${var} contains a value in ${ENV_FILE}"
+                    SECRETS_FOUND=true
+                fi
+            fi
+        done
+        
+        if [[ "$SECRETS_FOUND" = false ]]; then
+            echo "✓ No secrets detected in ${ENV_FILE}"
+        fi
+        echo ""
+    fi
+done
+
+if [[ "$SECRETS_FOUND" = true ]]; then
+    echo "Commit blocked! One or more .env files contain sensitive values."
+    echo ""
+    echo "To fix this:"
+    echo "  1. Remove sensitive values from the .env files"
+    echo "  2. Replace them with empty values or allowed placeholders:"
+    echo "     - DUMMY_VALUE"
+    echo "     - http://dummy.url"
+    echo "     - cookie_encryption_password_secure"
+    echo "  3. Or remove the files from this commit with: git reset <file>"
+    echo ""
+    exit 1
+fi
+
+exit 0

.gitignore

@@ -5,3 +5,5 @@ npm-debug.log
 server/public/build
 lcov.info
 docker/.env
+coverage
+docker/.env

Dockerfile

@@ -0,0 +1,51 @@
+ARG PARENT_VERSION=2.10.0-node22.21.1
+
+FROM defradigital/node:${PARENT_VERSION} AS base
+ARG PORT=3000
+ENV PORT=${PORT}
+
+USER root
+
+# set -xe : -e abort on error : -x verbose output
+RUN set -xe \
+  && apk update && apk upgrade \
+  && rm -rf /var/cache/apk/* \
+  && mkdir -p /home/node/app
+
+# Create app directory
+WORKDIR /home/node/app
+
+# Copy the basic directories/files across
+RUN mkdir -p dist
+COPY --chown=root:root package*.json .
+COPY --chown=root:root ./index.js .
+COPY --chown=root:root ./bin ./bin
+COPY --chown=root:root ./client ./client
+COPY --chown=root:root ./server ./server
+
+ARG BUILD_VERSION=v4.0.0-1-g6666666
+ARG GIT_COMMIT=0
+RUN echo -e "module.exports = { version: '$BUILD_VERSION', revision: '$GIT_COMMIT' }" > ./version.js
+
+FROM base AS development
+
+# Temporarily disable the postinstall NPM script
+RUN npm pkg set scripts.postinstall="echo no-postinstall" \
+&& npm ci --ignore-scripts --omit dev \
+&& npm run build
+
+USER node
+EXPOSE ${PORT}/tcp
+EXPOSE 9229/tcp
+CMD [ "node", "--inspect=0.0.0.0:9229", "index.js" ]
+
+FROM base AS production 
+
+# Temporarily disable the postinstall NPM script
+RUN npm pkg set scripts.postinstall="echo no-postinstall" \
+&& npm ci --ignore-scripts --omit dev \
+&& npm run build
+
+USER node
+EXPOSE ${PORT}/tcp
+CMD [ "node", "index.js" ]

bin/build

@@ -1,3 +1,3 @@
-#!/bin/bash
+#!/bin/sh
 
 npm run build:css

bin/build-css

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 sass --style=expanded \
   --load-path=node_modules \

bin/run-unit-tests

@@ -2,9 +2,9 @@
 
 set -e
 
-# Ensure tests requring a Redis cache use a local containerised instance.
-REDIS_HOST=localhost
-REDIS_PORT=6379
-REDIS_TLS=false
+# Set environtment variables for test run
+set -a
+. docker/.env.example
+set +a
 
 lab -v -c -r console -o stdout -r lcov -o coverage/lcov.info

docker/.env.example

@@ -0,0 +1,21 @@
+# FWS app config
+# need to script the automation of picking up the localstack url
+# When using localstack the api url is in the format:
+# http://localstack-main:4566/_aws/execute-api/{api id}/local
+# use ./update-localstack-url.sh to update this value
+FWS_API_URL=http://dummy.url
+# if using localstack the authorizer function isn't supported so only needs a dummy key, if using dev will need a real key
+FWS_API_KEY=DUMMY_VALUE
+# These are secrets that need populating before starting the app
+# obtain from secret manager or another developer
+AD_CLIENT_ID=DUMMY_VALUE
+AD_CLIENT_SECRET=DUMMY_VALUE
+AD_TENANT=http://dummy.url
+AD_COOKIE_PASSWORD=cookie_encryption_password_secure
+LOG_LEVEL=info
+pm_cwd=
+HOME_PAGE=http://localhost:3000
+LOCAL_CACHE=false
+# REDIS_HOST needs to be fws-app-redis for when running in docker-compose, localhost for unit tests
+REDIS_HOST=localhost
+REDIS_PORT=6379

docker/app.yml

@@ -0,0 +1,25 @@
+services:
+ fws-app:
+  container_name: fws-app
+  build:
+    context: ..
+    target: development
+  ports:
+    - "3000:3000"
+    - "9229:9229"
+  env_file:
+    - .env
+  depends_on:
+    fws-app-redis:
+      condition: service_healthy
+  networks:
+    - default
+    - localstack
+  deploy:
+    restart_policy:
+      condition: on-failure
+
+networks:
+  localstack:
+    external: true
+    name: docker_ls

docker/infrastructure.yml

@@ -11,5 +11,4 @@ services:
     test: ["CMD", "redis-cli", "ping"]
     interval: 5s
     timeout: 5s
-    retries: 10    
-    
+    retries: 10

docker/scripts/start-local.sh

@@ -0,0 +1,124 @@
+#!/bin/bash
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+ENV_FILE="$SCRIPT_DIR/../.env"
+readonly SEPARATOR="======================================"
+
+echo "$SEPARATOR"
+echo "FWS App Local Startup Script"
+echo "$SEPARATOR"
+echo ""
+
+# Step 0: Check for active Python virtual environment
+echo "Step 0: Checking Python virtual environment..."
+
+if [[ -z "$VIRTUAL_ENV" ]]; then
+    echo "Error: No Python virtual environment is active" >&2
+    echo "" >&2
+    echo "Please activate your Python virtual environment before running this script:" >&2
+    echo "  source ~/environments/my_env/bin/activate" >&2
+    echo "" >&2
+    echo "Or if using a different virtual environment:" >&2
+    echo "  source /path/to/your/venv/bin/activate" >&2
+    echo "" >&2
+    exit 1
+fi
+
+echo "✓ Python virtual environment active: $VIRTUAL_ENV"
+echo ""
+
+# Step 1: Check .env file for required variables
+echo "Step 1: Validating .env file..."
+
+if [[ ! -f "$ENV_FILE" ]]; then
+    echo "Error: .env file not found at $ENV_FILE" >&2
+    exit 1
+fi
+
+# Required variables (excluding FWS_API_URL which will be populated later)
+REQUIRED_VARS=(
+    "FWS_API_KEY"
+    "AD_CLIENT_ID"
+    "AD_CLIENT_SECRET"
+    "AD_TENANT"
+    "AD_COOKIE_PASSWORD"
+    "LOG_LEVEL"
+    "HOME_PAGE"
+    "REDIS_HOST"
+    "REDIS_PORT"
+)
+
+MISSING_VARS=()
+
+for var in "${REQUIRED_VARS[@]}"; do
+    # Extract value from .env file (handle both 'VAR=value' and 'export VAR=value')
+    value=$(grep "^${var}=" "$ENV_FILE" | cut -d'=' -f2- | tr -d ' ' || true)
+    
+    if [[ -z "$value" ]]; then
+        MISSING_VARS+=("$var")
+    fi
+done
+
+if [[ ${#MISSING_VARS[@]} -gt 0 ]]; then
+    echo "Error: The following required environment variables are missing or empty in .env:" >&2
+    for var in "${MISSING_VARS[@]}"; do
+        echo "  - $var" >&2
+    done
+    echo "" >&2
+    echo "Please populate these values in $ENV_FILE before running this script." >&2
+    exit 1
+fi
+
+echo "✓ All required environment variables are set"
+echo ""
+
+# Step 2: Bootstrap LocalStack API
+echo "Step 2: Bootstrapping LocalStack API..."
+FWS_API_DIR="$PROJECT_ROOT/../fws-api"
+
+if [[ ! -d "$FWS_API_DIR" ]]; then
+    echo "Error: fws-api directory not found at $FWS_API_DIR" >&2
+    echo "Please ensure fws-api is in the same parent directory as fws-app" >&2
+    exit 1
+fi
+
+cd "$FWS_API_DIR"
+echo "Running npm run bootstrap-debug in $FWS_API_DIR..."
+npm run bootstrap-debug
+
+echo "✓ LocalStack API bootstrapped successfully"
+echo ""
+
+# Step 3: Update LocalStack URL in .env
+echo "Step 3: Updating FWS_API_URL in .env..."
+cd "$SCRIPT_DIR"
+./update-localstack-url.sh
+
+echo "✓ FWS_API_URL updated"
+echo ""
+
+# Step 4: Start Docker Compose services
+echo "Step 4: Starting Docker Compose services..."
+cd "$PROJECT_ROOT"
+docker compose -f docker/infrastructure.yml -f docker/app.yml up -d --build
+
+echo "✓ Services started successfully"
+echo ""
+
+# Step 5: Display success message
+echo "$SEPARATOR"
+echo "✓ FWS App is now running!"
+echo "$SEPARATOR"
+echo ""
+echo "Access the application at:"
+echo "  → http://localhost:3000"
+echo ""
+echo "To view logs:"
+echo "  docker compose -f docker/infrastructure.yml -f docker/app.yml logs -f"
+echo ""
+echo "To stop services:"
+echo "  docker compose -f docker/infrastructure.yml -f docker/app.yml down"
+echo ""