Feature/terraform workflows

.dockerfile

@@ -0,0 +1,17 @@
+FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
+WORKDIR /
+EXPOSE 8080 
+
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+WORKDIR /
+COPY src/ src/
+RUN dotnet publish "src/Dfe.ContentSupport.Web/Dfe.ContentSupport.Web.csproj" -c Release -o /out/publish
+RUN rm -rf /src
+
+FROM base AS final
+WORKDIR /src
+RUN useradd -m dotnet
+COPY --from=build /out/publish .
+RUN chown dotnet:dotnet /src .
+USER dotnet
+ENTRYPOINT ["dotnet", "Dfe.ContentSupport.Web.dll"]

.github/actions/azure-ip-whitelist/action.yml

@@ -0,0 +1,42 @@
+name: Azure IP Whitelist
+description: Add or remove an IP Address to the Azure KV + SQL whitelist
+
+inputs:
+  ip_address:
+    required: true
+    type: string
+  verb:
+    required: true
+    type: choice
+    options:
+      - "add"
+      - "remove"
+  az_resource_group:
+    required: true
+    type: string
+  az_keyvault_name:
+    required: true
+    type: string
+  az_ip_name:
+    type: string
+    default: "github_action"
+  az_sql_database_server_name:
+    required: true
+    type: string
+
+runs:
+  using: composite
+  steps:
+    - name: Add to whitelist
+      if: ${{ inputs.verb == 'add' }}
+      shell: bash
+      run: |
+        az keyvault network-rule add --resource-group ${{ inputs.az_resource_group }} --name ${{ inputs.az_keyvault_name }} --ip-address ${{ inputs.ip_address }} &> /dev/null
+        az sql server firewall-rule create --resource-group ${{ inputs.az_resource_group }} --server ${{ inputs.az_sql_database_server_name }} --name ${{ inputs.az_ip_name }} --start-ip-address ${{ inputs.ip_address }} --end-ip-address ${{ inputs.ip_address }} &> /dev/null
+
+    - name: Remove from whitelist
+      if: ${{ inputs.verb == 'remove' }}
+      shell: bash
+      run: |
+        az keyvault network-rule remove --resource-group ${{ inputs.az_resource_group }} --name ${{ inputs.az_keyvault_name }} --ip-address ${{ inputs.ip_address }} &> /dev/null
+        az sql server firewall-rule delete --resource-group ${{ inputs.az_resource_group }} --server ${{ inputs.az_sql_database_server_name }} --name ${{ inputs.az_ip_name }} &> /dev/null

.github/actions/azure-login/action.yml

@@ -22,6 +22,4 @@ runs:
     - name: Azure login with ACA credentials
       uses: azure/login@v1
       with:
-        creds: '{"clientId":"${{ inputs.az_client_id }}","clientSecret":"${{ inputs.az_client_secret }}","subscriptionId":"${{ inputs.az_subscription_id }}","tenantId":"${{ inputs.az_tenant_id }}"}'
-
- #test       
+        creds: '{"clientId":"${{ inputs.az_client_id }}","clientSecret":"${{ inputs.az_client_secret }}","subscriptionId":"${{ inputs.az_subscription_id }}","tenantId":"${{ inputs.az_tenant_id }}"}'

.github/actions/build-docker-image/action.yml

@@ -0,0 +1,10 @@
+name: Build Docker Image
+description: Builds the docker image
+
+runs:
+  using: composite
+
+  steps:
+    - name: Build Docker image
+      shell: bash
+      run: docker build ./src/ --file  ./.dockerfile --tag dfe-digital_sts-content-and-support:$(date +%s)

.github/actions/build-dotnet-app/action.yml

@@ -0,0 +1,25 @@
+name: Build DotNet App
+description: Sets up .Net for specified version and builds application
+
+inputs:
+  dotnet_version:
+    required: true
+    type: string
+  solution_filename:
+    required: true
+    type: string
+
+runs:
+  using: composite
+
+  steps:
+    - name: Setup .NET Core SDK ${{ inputs.dotnet_version }}
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: ${{ inputs.dotnet_version }}
+    - name: Install dependencies
+      shell: bash
+      run: dotnet restore ${{ inputs.solution_filename }}
+    - name: Build
+      shell: bash
+      run: dotnet build ${{ inputs.solution_filename }} --configuration Release --no-restore --output ./build

.github/actions/list-directory/action.yml

@@ -0,0 +1,24 @@
+name: List Directory
+description: Get a list of folders from a given input source directory as a JSON array.
+
+inputs:
+  source:
+    required: true
+    type: string
+outputs:
+  directories:
+    value: ${{ steps.list-dir.outputs.directories }}
+
+runs:
+  using: composite
+
+  steps:
+    - name: Get List of Directories
+      id: list-dir
+      shell: bash
+      run: |
+        cd ${{ inputs.source }}
+        array=(*/)
+        directories="$(jq -c -n '$ARGS.positional' --args "${array[@]}")"
+        echo $directories
+        echo "directories=$directories" >> $GITHUB_OUTPUT

.github/actions/post-terraform-results/action.yml

@@ -0,0 +1,92 @@
+name: Post Terraform Results
+description: Updates the PR with the Terraform results
+
+inputs:
+  github_token:
+    required: true
+    type: string
+  plan_stdout:
+    required: true
+    type: string  
+  plan_outcome:
+    required: true
+    type: string
+  fmt_outcome:
+    required: true
+    type: string
+  init_outcome:
+    required: true
+    type: string
+  validate_outcome:
+    required: true
+    type: string
+  validate_stdout:
+    required: true
+    type: string
+  github_actor:
+    required: true
+    type: string
+  github_event_name:
+    required: true
+    type: string
+  tf_working_directory:
+    required: true
+    type: string
+  github_workflow:
+    required: true
+    type: string
+
+runs:
+  using: composite
+
+  steps:
+    - name: Update PR with Terraform results
+      uses: actions/github-script@v7
+      if: github.event_name == 'pull_request'
+      env:
+        PLAN: "terraform\n${{ inputs.plan_stdout }}"
+      with:
+        github-token: ${{ inputs.github_token }}
+        script: |
+          // 1. Retrieve existing bot comments for the PR
+          const { data: comments } = await github.rest.issues.listComments({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            issue_number: context.issue.number,
+          })
+          const botComment = comments.find(comment => {
+            return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style')
+          })
+
+          // 2. Prepare format of the comment
+          const output = `#### Terraform Format and Style 🖌\`${{ inputs.fmt_outcome }}\`
+          #### Terraform Initialization ⚙️\`${{ inputs.init_outcome }}\`
+          #### Terraform Validation 🤖\`${{ inputs.validate_outcome }}\`
+          <details><summary>Validation Output</summary>
+
+          \`\`\`\n
+          ${{ inputs.validate_stdout }}
+          \`\`\`
+
+          </details>
+
+          #### Terraform Plan 📖\`${{ inputs.plan_outcome }}\`
+
+          *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.TF_WORKING_DIRECTORY }}\`, Workflow: \`${{ github.workflow }}\`*`;
+
+          // 3. If we have a comment, update it, otherwise create a new one
+          if (botComment) {
+            github.rest.issues.updateComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              comment_id: botComment.id,
+              body: output
+            })
+          } else {
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
+          }

.github/actions/run-unit-tests/action.yml

@@ -0,0 +1,23 @@
+name: Run Unit Tests
+description: Runs the unit tests and publishes them to the workflow runs 
+
+inputs:
+  solution_filename:
+    required: true
+    type: string
+
+runs:
+  using: composite
+
+  steps:
+    - name: Test
+      shell: bash
+      run: dotnet test ${{ inputs.solution_filename }} --no-restore --verbosity normal --collect:"XPlat Code Coverage" --logger:"trx;LogFileName=test-results.trx" || true
+    - name: Test Report
+      uses: dorny/test-reporter@v1
+      if: always()
+      with:
+        name: DotNET Tests
+        path: "**/test-results.trx"                            
+        reporter: dotnet-trx
+        fail-on-error: true

.github/semver-release/.releaserc.json

@@ -0,0 +1,16 @@
+{
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    [
+      "@semantic-release/github",
+      {
+        "successComment": false
+      }
+    ]
+  ],
+  "branches": [
+    { "name": "main" },
+    { "name": "development", "prerelease": true }
+  ]
+}