Merge pull request #1576 from govuk-one-login/BAU/better-dev-envars

BAU: Add a script to automatically build .env file for a given target environment

.github/workflows/pre-merge-checks-python.yaml

@@ -0,0 +1,50 @@
+name: Pre-merge checks for Python
+on:
+  pull_request:
+    paths: ["**/*.py"]
+    types:
+      - opened
+      - reopened
+      - ready_for_review
+      - synchronize
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - uses: actions/cache@v4
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.dev.txt
+          pip install -r scripts/requirements.txt
+
+      - name: Pylint
+        run: |
+          pylint -f actions $(git ls-files '*.py')
+
+      - name: Flake8
+        run: |
+          flake8p --format github $(git ls-files '*.py')
+
+      - name: Black
+        run: |
+          black --check $(git ls-files '*.py')
+
+      - name: isort
+        run: |
+          isort --check-only $(git ls-files '*.py')

README.md

@@ -21,8 +21,14 @@ Before you can run the frontend app against the backend you will need to configu
 
 ### Set the Environment variables
 
-Create a copy of one `.env.XXX`, where `XXX` is the environment you wish to use for OIDC,
-rename it .env and fill in the missing values.
+You will need a `.env` file. this can be generated by:
+
+1. Log into the VPN
+1. Run `scripts/create-env-file.sh ${target_environment}`, where `${target_environment}` is the environment you wish to use for
+   OIDC etc. `build|sandpit|authdev#` are supported.
+
+If things stop working in future, this script can be rerun to update the variables sourced from AWS. All non-generated variables
+may be updated, and changes will persist through reruns.
 
 `UI_LOCALES` can be used be the stub to request specific locales when authorising. Only 'en' and 'cy' are supported.
 
@@ -62,7 +68,7 @@ Additionaly delete the Docker images for all the frontend services in docker-com
 
 There are two stub apps you can use to start a journey.
 
-> NB: ports 2000 and 5000 can be set in `.env` with `STUB_DEFAULT_PORT=2000` and `STUB_NO_MFA_PORT=5000`. If you have changed these
+> NB: ports 2000 and 5000 can be set in `.env` with `DOCKER_STUB_DEFAULT_PORT=2000` and `DOCKER_STUB_NO_MFA_PORT=5000`. If you have changed these
 > values in your `.env` file, use your value rather than the one stated below.
 
 To start an auth only journey with MFA required ("Cm"), navigate to the stub app on port 2000 [http://localhost:2000](http://localhost:2000). This acts like a local client to create a backend session and redirect to the start page.
@@ -73,7 +79,7 @@ Changes made locally will automatically be deployed after a few seconds. You sho
 
 ### Switching between different Vectors of Trust
 
-You can further tweak the vector of trust (VTR) requested by the stub client on port 5000 (or `$STUB_DEFAULT_PORT` if modified in `.env`) by editing `docker-compose.yml`
+You can further tweak the vector of trust (VTR) requested by the stub client on port 5000 (or `$DOCKER_STUB_DEFAULT_PORT` if modified in `.env`) by editing `docker-compose.yml`
 and changing the `VTR` environment variable for the `di-auth-stub-no-mfa` service:
 
 ```
@@ -145,11 +151,11 @@ brew install pre-commit
 
 If you're having problems running locally, try these steps first:
 
-* Connect to the VPN
-* Run `./shutdown.sh`
-* Delete your Docker **Images** (you can do this via Docker Desktop or with `docker system prune --all`)
-* Run `./startup.sh -lc` to do a cleanup before a local run
-* Because things sometimes don't work first time round, a `touch src/server.ts` _while the server is running_ might help
+- Connect to the VPN
+- Run `./shutdown.sh`
+- Delete your Docker **Images** (you can do this via Docker Desktop or with `docker system prune --all`)
+- Run `./startup.sh -lc` to do a cleanup before a local run
+- Because things sometimes don't work first time round, a `touch src/server.ts` _while the server is running_ might help
 
 ### Getting past specific errors
 
@@ -168,7 +174,7 @@ Remember to run these commands in the docker container itself.
 
 ### Documentation
 
-> Generate and view documentation of the user journey state machine 
+> Generate and view documentation of the user journey state machine
 
 ```shell script
 yarn dev:render-user-journey-documentation
@@ -220,7 +226,8 @@ using mocha.
 The application stack must be started before the integration tests can be run, either with frontend running in a docker container or on the local machine (./startup -l).
 In either case the command to run the integration tests is the same, but the tests usually run faster when frontend is started outside of docker.
 
-In both cases frontend must have started successfully with the message 'Server listening on port 3000' before the tests can be run.  If running frontend in a container check the actual container logs in docker desktop to make sure that frontend has started correctly, otherwise the test run will be invalid.
+In both cases frontend must have started successfully with the message 'Server listening on port 3000' before the tests can be run. If running frontend in a container check the actual container logs in docker desktop to make sure that frontend has started correctly, otherwise the test run will be invalid.
+
 > To run the integration tests
 
 ```shell script

dev-app.js

@@ -19,7 +19,7 @@ function createAuthorizeRequest() {
   const ui_locales = process.env.UI_LOCALES && process.env.UI_LOCALES.length > 0 ? `&ui_locales=${process.env.UI_LOCALES}` : "";
   const redirect_uri = `https://${process.env.STUB_HOSTNAME}/oidc/authorization-code/callback`
 
-  return process.env.API_BASE_URL +
+  return new URL(
     "/authorize?" +
     vtr +
     "scope=openid+phone+email" +
@@ -30,7 +30,8 @@ function createAuthorizeRequest() {
     `&client_id=${process.env.TEST_CLIENT_ID}` +
     "&cookie_consent=accept" +
     "&_ga=test" +
-    ui_locales;
+    ui_locales, process.env.API_BASE_URL
+  ).toString();
 }
 
 app.get("/", (req, res) => {

pyproject.toml

@@ -0,0 +1,20 @@
+[tool.pylint]
+max-line-length = "88"
+disable = '''missing-module-docstring,
+        missing-class-docstring,
+        missing-function-docstring,
+        invalid-name,
+        too-few-public-methods,
+        line-too-long
+        '''
+ignore = ".venv"
+
+[tool.pylint.main]
+load-plugins = "pylint_actions"
+
+[tool.flake8]
+max-line-length = "88"
+extend-ignore = ["E203", "E701", "E501"]
+
+[tool.isort]
+profile = "black"

requirements.dev.txt

@@ -0,0 +1,7 @@
+pylint
+pylint-actions
+black
+isort
+flake8
+Flake8-pyproject
+flake8-github-actions

scripts/.gitignore

@@ -0,0 +1 @@
+.venv