navapbc · lamroger-nava · Mar 27, 2026 · Mar 27, 2026 · Mar 27, 2026 · Mar 27, 2026
diff --git a/.github/workflows/cd-app-catala.yml b/.github/workflows/cd-app-catala.yml
@@ -0,0 +1,45 @@
+name: Deploy app-catala
+# Need to set a default value for when the workflow is triggered from a git push
+# which bypasses the default configuration for inputs
+run-name: Deploy ${{inputs.version || 'main' }} to app-catala ${{ inputs.environment || 'dev' }}
+
+on:
+  # !! Once you've set up the dev environment and are ready to enable continuous
+  # deployment, run:
+  #
+  # nava-platform infra update --answers-only --data app_has_dev_env_setup=true .
+  #
+  # to enable these lines. They are here as comments for context.
+  #
+  # push:
+  #   branches:
+  #     - "main"
+  #   paths:
+  #     - "app-catala/**"
+  #     - "bin/**"
+  #     - "infra/**"
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: Environment to deploy to
+        required: true
+        default: "dev"
+        type: choice
+        options:
+          - dev
+          - staging
+          - prod
+      version:
+        required: true
+        default: "main"
+        description: Tag or branch or SHA to deploy
+
+jobs:
+  deploy:
+    name: " " # GitHub UI is noisy when calling reusable workflows, so use whitespace for name to reduce noise
+    uses: ./.github/workflows/deploy.yml
+    with:
+      app_name: "app-catala"
+      environment: ${{ inputs.environment || 'dev' }}
+      version: ${{ inputs.version || 'main' }}
+    secrets: inherit
diff --git a/.github/workflows/ci-app-catala-infra-service.yml b/.github/workflows/ci-app-catala-infra-service.yml
@@ -0,0 +1,69 @@
+name: CI Infra Service Checks - app-catala
+
+on:
+  # !! Once you've set up the dev environment and are ready to enable automated
+  # infra tests, run:
+  #
+  # nava-platform infra update --answers-only --data app_has_dev_env_setup=true .
+  #
+  # to enable these lines. They are here as comments for context.
+  #
+  # push:
+  #   branches:
+  #     - main
+  #   paths:
+  #     - infra/app-catala/service/**
+  #     - infra/modules/**
+  #     - infra/test/**
+  #     - .github/workflows/ci-app-catala-infra-service.yml
+  # pull_request:
+  #   paths:
+  #     - infra/app-catala/service/**
+  #     - infra/modules/**
+  #     - infra/test/**
+  #     - .github/workflows/ci-app-catala-infra-service.yml
+  workflow_dispatch:
+    inputs:
+      version:
+        required: true
+        default: "main"
+        description: Tag or branch or SHA to test
+
+jobs:
+  build-and-publish:
+    name: Build
+    uses: ./.github/workflows/build-and-publish.yml
+    with:
+      app_name: app-catala
+      ref: ${{ inputs.version || github.ref }}
+
+  infra-test-e2e:
+    name: Test service
+    runs-on: ubuntu-latest
+    needs: [build-and-publish]
+
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.version || github.ref }}
+
+      - name: Set up Terraform
+        uses: ./.github/actions/setup-terraform
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: "infra/test/go.mod"
+
+      - name: Configure AWS credentials
+        uses: ./.github/actions/configure-aws-credentials
+        with:
+          app_name: app-catala
+          # Run infra CI on dev environment
+          environment: dev
+
+      - name: Run Terratest
+        run: make infra-test-service APP_NAME=app-catala
diff --git a/.github/workflows/ci-app-catala-pr-environment-checks.yml b/.github/workflows/ci-app-catala-pr-environment-checks.yml
@@ -0,0 +1,29 @@
+name: CI app-catala PR Environment Checks
+on:
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        required: true
+        type: string
+      commit_hash:
+        required: true
+        type: string
+  # !! Once you've set up the dev environment and are ready to enable PR
+  # environments, run:
+  #
+  # nava-platform infra update --answers-only --data app_has_dev_env_setup=true .
+  #
+  # to enable these lines. They are here as comments for context.
+  #
+  # pull_request:
+
+jobs:
+  update:
+    name: " " # GitHub UI is noisy when calling reusable workflows, so use whitespace for name to reduce noise
+    uses: ./.github/workflows/pr-environment-checks.yml
+    if: github.event_name == 'workflow_dispatch' || github.event.pull_request.state == 'open'
+    with:
+      app_name: "app-catala"
+      environment: "dev"
+      pr_number: ${{ inputs.pr_number || github.event.number }}
+      commit_hash: ${{ inputs.commit_hash || github.event.pull_request.head.sha }}
diff --git a/.github/workflows/ci-app-catala-pr-environment-destroy.yml b/.github/workflows/ci-app-catala-pr-environment-destroy.yml
@@ -0,0 +1,25 @@
+name: CI app-catala PR Environment Destroy
+on:
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        required: true
+        type: string
+  # !! Once you've set up the dev environment and are ready to enable PR
+  # environments, run:
+  #
+  # nava-platform infra update --answers-only --data app_has_dev_env_setup=true .
+  #
+  # to enable these lines. They are here as comments for context.
+  #
+  # pull_request:
+  #   types: [closed]
+
+jobs:
+  destroy:
+    name: " " # GitHub UI is noisy when calling reusable workflows, so use whitespace for name to reduce noise
+    uses: ./.github/workflows/pr-environment-destroy.yml
+    with:
+      app_name: "app-catala"
+      environment: "dev"
+      pr_number: ${{ inputs.pr_number || github.event.number }}
diff --git a/.github/workflows/ci-app-catala-vulnerability-scans.yml b/.github/workflows/ci-app-catala-vulnerability-scans.yml
@@ -0,0 +1,28 @@
+name: CI Vulnerability Scans - app-catala
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - app-catala/**
+      - .grype.yml
+      - .hadolint.yaml
+      - .trivyignore
+      - .github/workflows/vulnerability-scans.yml
+      - .github/workflows/ci-app-catala-vulnerability-scans.yml
+  pull_request:
+    paths:
+      - app-catala/**
+      - .grype.yml
+      - .hadolint.yaml
+      - .trivyignore
+      - .github/workflows/vulnerability-scans.yml
+      - .github/workflows/ci-app-catala-vulnerability-scans.yml
+
+jobs:
+  vulnerability-scans:
+    name: Vulnerability Scans
+    uses: ./.github/workflows/vulnerability-scans.yml
+    with:
+      app_name: "app-catala"
diff --git a/.strata-template-rules-engine-catala/app-catala.yml b/.strata-template-rules-engine-catala/app-catala.yml
@@ -1,5 +1,5 @@
 # Changes here will be overwritten by Copier; NEVER EDIT MANUALLY
 _commit: 4f60dcd
 _src_path: https://github.com/navapbc/strata-template-rules-engine-catala
-app_local_port: 3001
+app_local_port: 3400
 app_name: app-catala
diff --git a/.template-infra/app-app-catala.yml b/.template-infra/app-app-catala.yml
@@ -0,0 +1,7 @@
+# Changes here will be overwritten by Copier
+_commit: v0.16.0-21-g3af6525
+_src_path: https://github.com/navapbc/template-infra
+app_has_dev_env_setup: false
+app_local_port: 3400
+app_name: app-catala
+template: app