diff --git a/.github/actions/check-file-format/action.yaml b/.github/actions/check-file-format/action.yaml
new file mode 100644
index 0000000..4590427
--- /dev/null
+++ b/.github/actions/check-file-format/action.yaml
@@ -0,0 +1,9 @@
+name: Check File Format
+runs:
+ using: "composite"
+ steps:
+ - name: Check File Format
+ shell: bash
+ run: |
+ export BRANCH_NAME=origin/${{ github.event.repository.default_branch }}
+ ./scripts/githooks/check-file-format.sh
diff --git a/.github/actions/check-format/action.yml b/.github/actions/check-format/action.yml
deleted file mode 100644
index 81d3c71..0000000
--- a/.github/actions/check-format/action.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-name: "Check Formats"
-runs:
- using: "composite"
- steps:
- - name: Check File Format
- shell: bash
- run: |
- export BRANCH_NAME=origin/${{ github.event.repository.default_branch }}
- ./scripts/githooks/editorconfig-pre-commit.sh
-
- - name: Check Markdown Format
- shell: bash
- run: |
- export BRANCH_NAME=origin/${{ github.event.repository.default_branch }}
- ./scripts/githooks/markdown-pre-commit.sh
diff --git a/.github/actions/check-markdown-format/action.yaml b/.github/actions/check-markdown-format/action.yaml
new file mode 100644
index 0000000..42e34eb
--- /dev/null
+++ b/.github/actions/check-markdown-format/action.yaml
@@ -0,0 +1,9 @@
+name: Check Markdown Format
+runs:
+ using: "composite"
+ steps:
+ - name: Check Markdown Format
+ shell: bash
+ run: |
+ export BRANCH_NAME=origin/${{ github.event.repository.default_branch }}
+ ./scripts/githooks/check-markdown-format.sh
diff --git a/.github/actions/check-terraform-format/action.yaml b/.github/actions/check-terraform-format/action.yaml
new file mode 100644
index 0000000..e664527
--- /dev/null
+++ b/.github/actions/check-terraform-format/action.yaml
@@ -0,0 +1,9 @@
+name: Check Terraform Format
+runs:
+ using: "composite"
+ steps:
+ - name: Check Terraform Format
+ shell: bash
+ run: |
+ export BRANCH_NAME=origin/${{ github.event.repository.default_branch }}
+ ./scripts/githooks/check-terraform-format.sh
diff --git a/.github/actions/cloc-repository/action.yaml b/.github/actions/cloc-repository/action.yaml
new file mode 100644
index 0000000..b1c8def
--- /dev/null
+++ b/.github/actions/cloc-repository/action.yaml
@@ -0,0 +1,9 @@
+name: Count lines of code in this repository
+runs:
+ using: "composite"
+ steps:
+ - name: Count lines of code in this repository
+ shell: bash
+ run: |
+ export FORMAT=default
+ ./scripts/cloc-repository.sh
diff --git a/.github/actions/get-metadata/action.yaml b/.github/actions/get-metadata/action.yaml
new file mode 100644
index 0000000..17db5ae
--- /dev/null
+++ b/.github/actions/get-metadata/action.yaml
@@ -0,0 +1,13 @@
+name: Get Metadata
+runs:
+ using: "composite"
+ steps:
+ - name: Get Metadata
+ id: metadata
+ shell: bash
+ run: |
+ datetime=$(date -u +'%Y-%m-%dT%H:%M:%S%z')
+ echo "build_datetime=$datetime" >> $GITHUB_OUTPUT
+ echo "build_timestamp=$(date --date=$datetime -u +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
+ echo "build_epoch=$(date --date=$datetime -u +'%s')" >> $GITHUB_OUTPUT
+ echo "terraform_version=$(grep terraform .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
diff --git a/.github/actions/scan-dependencies/action.yaml b/.github/actions/scan-dependencies/action.yaml
new file mode 100644
index 0000000..a61aec0
--- /dev/null
+++ b/.github/actions/scan-dependencies/action.yaml
@@ -0,0 +1,23 @@
+name: Scan Dependencies
+runs:
+ using: "composite"
+ steps:
+ - name: Generate SBOM File
+ shell: bash
+ run: ./scripts/sbom-generator.sh
+
+ - name: Upload SBOM Artifact
+ uses: actions/upload-artifact@v3
+ with:
+ name: dependency-scan
+ path: ./sbom-spdx.json
+
+ - name: Run CVE Scanner
+ shell: bash
+ run: ./scripts/cve-scanner.sh
+
+ - name: Upload CVE Artifact
+ uses: actions/upload-artifact@v3
+ with:
+ name: dependency-scan
+ path: ./cve-scan.json
diff --git a/.github/actions/scan-secrets/action.yaml b/.github/actions/scan-secrets/action.yaml
new file mode 100644
index 0000000..b52247d
--- /dev/null
+++ b/.github/actions/scan-secrets/action.yaml
@@ -0,0 +1,9 @@
+name: Scan Secrets
+runs:
+ using: "composite"
+ steps:
+ - name: Count lines of code in this repository
+ shell: bash
+ run: |
+ export ALL_FILES=true
+ ./scripts/githooks/scan-secrets.sh
diff --git a/.github/actions/scan-secrets/action.yml b/.github/actions/scan-secrets/action.yml
deleted file mode 100644
index 5623f5f..0000000
--- a/.github/actions/scan-secrets/action.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-name: "Check Formats"
-runs:
- using: "composite"
- steps:
- - name: Scan Secrets
- shell: bash
- run: |
- export ALL_FILES=true
- ./scripts/githooks/secret-scan-pre-commit.sh
diff --git a/.github/workflows/cicd-pipeline.yaml b/.github/workflows/cicd-pipeline.yaml
index 7a84a34..db5848b 100644
--- a/.github/workflows/cicd-pipeline.yaml
+++ b/.github/workflows/cicd-pipeline.yaml
@@ -2,6 +2,8 @@ name: CI/CD Pipeline
permissions:
contents: read
security-events: write
+ id-token: write
+ actions: write
on:
push:
@@ -18,38 +20,64 @@ jobs:
build_datetime: ${{ steps.metadata.outputs.build_datetime }}
build_timestamp: ${{ steps.metadata.outputs.build_timestamp }}
build_epoch: ${{ steps.metadata.outputs.build_epoch }}
+ terraform_version: ${{ steps.metadata.outputs.terraform_version }}
steps:
+ - uses: actions/checkout@v3
+
- id: metadata
- run: |
- datetime=$(date -u +'%Y-%m-%dT%H:%M:%S%z')
- echo "build_datetime=$datetime" >> $GITHUB_OUTPUT
- echo "build_timestamp=$(date --date=$datetime -u +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
- echo "build_epoch=$(date --date=$datetime -u +'%s')" >> $GITHUB_OUTPUT
-
- precommit-checks:
+ name: Get Metadata
+ uses: ./.github/actions/get-metadata
+
+ - id: cloc
+ name: Get Lines of Code
+ uses: ./.github/actions/cloc-repository
+
+ formatting-checks:
+ needs: [get-metadata]
+ runs-on: ubuntu-latest
+ name: Formatting Checks
+ steps:
+ - uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+
+ - name: Check File Format
+ uses: ./.github/actions/check-file-format
+
+ - name: Check Markdown Format
+ uses: ./.github/actions/check-markdown-format
+
+ - name: Check Terraform Format
+ uses: ./.github/actions/check-terraform-format
+
+ security-scan:
needs: [get-metadata]
runs-on: ubuntu-latest
- name: Pre-Commit Checks
+ name: Security Scanning
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- - uses: ./.github/actions/check-format/
- - uses: ./.github/actions/scan-secrets/
+ - name: Scan Dependencies
+ uses: ./.github/actions/scan-dependencies
+
+ - name: Scan Secrets
+ uses: ./.github/actions/scan-secrets
+
checkov:
name: Checkov
runs-on: ubuntu-latest
- needs: [precommit-checks]
+ needs: [formatting-checks, security-scan]
steps:
- uses: actions/checkout@v3
-
+
- uses: actions/setup-python@v4
with:
python-version: '3.11'
-
+
- name: Install Latest Checkov
id: install-checkov
run: pip install --user checkov
@@ -57,17 +85,17 @@ jobs:
- name: Run Checkov
id: run-checkov
run: checkov --directory . -o sarif -s --quiet
-
+
- name: Upload SARIF File
uses: github/codeql-action/upload-sarif@v2
- if: always() && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
+ if: always() && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
with:
sarif_file: results.sarif
-
+
tflint:
name: TFLint
runs-on: ubuntu-latest
- needs: [precommit-checks]
+ needs: [formatting-checks, security-scan]
steps:
- uses: actions/checkout@v3
@@ -77,16 +105,101 @@ jobs:
with:
path: ~/.tflint.d/plugins
key: tflint-${{ hashFiles('.tflint.hcl') }}
-
+
- name: Setup TFLint
uses: terraform-linters/setup-tflint@v3
with:
tflint_version: v0.47.0
-
+
- name: Init TFLint
run: tflint --init
env:
GITHUB_TOKEN: ${{ github.token }}
-
+
- name: Run TFLint
- run: tflint -f compact
\ No newline at end of file
+ run: tflint -f compact
+
+ build-example-app:
+ name: Build Example App
+ runs-on: ubuntu-latest
+ needs: [tflint, checkov]
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: Install asdf & tools
+ uses: asdf-vm/actions/install@v2
+
+ - name: Install Example Dependencies
+ run: make example-install
+
+ - name: Build Example App
+ run: make example-build
+
+ - name: Zip OpenNext Deployment Assets
+ run: cd example/.open-next && zip -r ../../open-next.zip . -q
+
+ - name: Store Build Artifacts
+ uses: actions/upload-artifact@v3
+ with:
+ name: example-app-opennext-build
+ path: open-next.zip
+
+ deploy:
+ name: Deploy Example App
+ runs-on: ubuntu-latest
+ needs: [build-example-app]
+ if: success() && github.ref_name == 'main'
+ concurrency: example-deploy
+ environment:
+ name: Example Application
+ url: https://terraform-aws-opennext.tools.engineering.england.nhs.uk/
+
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: Install asdf & tools
+ uses: asdf-vm/actions/install@v2
+
+ - id: aws-credentials
+ name: Setup AWS Credentials
+ uses: aws-actions/configure-aws-credentials@v2
+ with:
+ role-to-assume: ${{ secrets.DEPLOYMENT_IAM_ROLE }}
+ aws-region: eu-west-2
+
+ - name: Get Current Identity
+ run: aws sts get-caller-identity
+
+ - name: Download Build Artifacts
+ uses: actions/download-artifact@v3
+ with:
+ name: example-app-opennext-build
+
+ - name: Unzip Build Artifacts to .open-next folder
+ run: unzip -q -d example/.open-next open-next.zip
+
+ - name: Run Terraform Init
+ run: terraform -chdir=example/terraform init
+
+ - name: Run Terraform Plan
+ run: terraform -chdir=example/terraform plan -out example-app.tfplan
+
+ - name: Store Terraform Plan Artifact
+ uses: actions/upload-artifact@v3
+ with:
+ name: example-app-tfplan-output
+ path: example/terraform/example-app.tfplan
+
+ - name: Run Terraform Apply
+ run: terraform -chdir=example/terraform apply example-app.tfplan
+
+ - name: Get CloudFront Distribution ID
+ id: get_distribution_id
+ run: echo "distribution_id=$(terraform -chdir=example/terraform output -raw cloudfront_distribution_id)" >> "$GITHUB_OUTPUT"
+
+ - name: Trigger CloudFront Cache Invalidation
+ id: trigger_invalidation
+ run: echo "invalidation_id=$(aws cloudfront create-invalidation --distribution-id ${{ steps.get_distribution_id.outputs.distribution_id }} --paths '/*' --output text --query Invalidation.Id)" >> "$GITHUB_OUTPUT"
+
+ - name: Wait for Invalidation
+ run: aws cloudfront wait invalidation-completed --distribution-id ${{ steps.get_distribution_id.outputs.distribution_id }} --id ${{ steps.trigger_invalidation.outputs.invalidation_id }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
deleted file mode 100644
index 7bacef2..0000000
--- a/.github/workflows/release.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-name: Release
-run-name: Publish Release Version ${{ github.ref_name }}
-
-on:
- push:
- tags:
- - "v*"
-
-jobs:
- get_metadata:
- name: Get Metadata
- runs-on: ubuntu-latest
- outputs:
- prerelease: ${{ steps.determine_prerelease.outputs == 'true' }}
-
- steps:
- - name: Determine if prerelease
- id: determine_prerelease
- run: |
- if [[ "${{ github.ref_name }}" =~ ^v[0-9]*\.[0-9]*\.[0-9]*-.*?\.[0-9]*? ]]; then
- echo "prerelease=true" >> "$GITHUB_OUTPUT"
- else
- echo "prerelease=false" >> "$GITHUB_OUTPUT"
- fi
-
- publish_release:
- name: Publish Release ${{ github.ref_name }}
- needs: [get_metadata]
- runs-on: ubuntu-latest
- steps:
- - name: Publish Release
- uses: "marvinpinto/action-automatic-releases@v1.2.1"
- with:
- repo_token: ${{ secrets.GITHUB_TOKEN }}
- automatic_release_tag: ${{ github.ref_name }}
- prerelease: ${{ needs.get_metadata.outputs.prerelease }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
deleted file mode 100644
index 026be5b..0000000
--- a/.pre-commit-config.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-# See https://pre-commit.com for more information
-# See https://pre-commit.com/hooks.html for more hooks
-repos:
- - repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v3.2.0
- hooks:
- - id: trailing-whitespace
- - id: end-of-file-fixer
- - id: check-yaml
-
- - repo: https://github.com/editorconfig-checker/editorconfig-checker.python
- rev: 2.7.2
- hooks:
- - id: editorconfig-checker
-
- - repo: https://github.com/markdownlint/markdownlint
- rev: v0.12.0
- hooks:
- - id: markdownlint_docker
-
- - repo: https://github.com/gitleaks/gitleaks
- rev: v8.17.0
- hooks:
- - id: gitleaks-docker
-
- - repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.81.0
- hooks:
- - id: terraform_tflint
diff --git a/.tool-versions b/.tool-versions
new file mode 100644
index 0000000..eac4bb0
--- /dev/null
+++ b/.tool-versions
@@ -0,0 +1,5 @@
+nodejs 18.16.1
+yarn 1.22.19
+terraform 1.5.0
+pre-commit 3.3.3
+poetry 1.5.1
diff --git a/Makefile b/Makefile
index 94d9e45..e33adc8 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,15 @@
-include scripts/makefile/Makefile.init
+include scripts/init.mk
+
+config:
+ make \
+ asdf-install \
+ githooks-install \
+ nodejs-install \
+ terraform-install
+
+.SILENT: \
+ config
+
###############
## Constants ##
@@ -60,8 +71,6 @@ example-install: check # Installs the dependencies for the example project
example-build: example-clean # Builds the example Next.js application
yarn --cwd example package
- cp -r example/.open-next/* ${BUILD_FOLDER}
- for f in ${BUILD_FOLDER}/*; do cd $$f; zip -rq $$f.zip . && cd -; rm -rf $$f; done
tag-release: check-version build-cloudfront-logs-lambda
git add .
@@ -70,3 +79,12 @@ tag-release: check-version build-cloudfront-logs-lambda
git tag ${version}
git push --tags
+
+format-terraform: # Formats all Terraform Files
+ terraform fmt
+ terraform -chdir=modules/cloudfront-logs fmt
+ terraform -chdir=modules/opennext-assets fmt
+ terraform -chdir=modules/opennext-cloudfront fmt
+ terraform -chdir=modules/opennext-lambda fmt
+ terraform -chdir=modules/opennext-revalidation-queue fmt
+ terraform -chdir=example/terraform fmt
diff --git a/README.md b/README.md
index cb0cc4f..9e9b52c 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,7 @@ This is a Terraform module for deploying a Next.js application built with [OpenN
- [OpenNext Terraform Module for AWS](#opennext-terraform-module-for-aws)
- [Table of Contents](#table-of-contents)
+ - [Example](#example)
- [Installation](#installation)
- [Prerequisites](#prerequisites)
- [Usage](#usage)
@@ -16,20 +17,27 @@ This is a Terraform module for deploying a Next.js application built with [OpenN
- [Contacts](#contacts)
- [Licence](#licence)
+## Example
+
+The example app in `example/` is deployed using the latest version of this Terraform module to [terraform-aws-opennext.tools.engineering.england.nhs.uk](https://terraform-aws-opennext.tools.engineering.england.nhs.uk/).
+
## Installation
-Copy and paste the following into your Terraform configuration, edit the variables, and then `terraform init`.
+Copy and paste the following into your Terraform configuration, edit the variables, and then run `terraform init`.
```tf
module "opennext" {
source = "nhs-england-tools/opennext/aws"
- version = "0.0.1-alpha.5"
+ version = "1.0.0" # Use the latest release from https://github.com/nhs-england-tools/terraform-aws-opennext/releases
- prefix = "opennext"
- domain_name = "your-domain-name.com"
- acm_certificate_arn = "arn:aws:acm:region:account:certificate/certificate_ID"
- hosted_zone_id = "12345"
- opennext_build_path = ".open-next"
+ prefix = "opennext" # Prefix for all created resources
+ opennext_build_path = "../.open-next" # Path to your .open-next folder
+ hosted_zone_id = data.aws_route53_zone.zone.zone_id # The Route53 hosted zone ID for your domain name
+
+ cloudfront = {
+ aliases = [local.domain_name] # Your domain name
+ acm_certificate_arn = aws_acm_certificate_validation.ssl_certificate.certificate_arn # The ACM (SSL) certificate for your domain
+ }
}
```
@@ -37,7 +45,7 @@ module "opennext" {
The following software packages or their equivalents are expected to be installed
-- [Terraform](https://developer.hashicorp.com/terraform/downloads) (>=1.3)
+- [Terraform](https://developer.hashicorp.com/terraform/downloads) (>=1.5)
## Usage
@@ -69,7 +77,6 @@ Describe or link templates on how to raise an issue, feature request or make a c
- Thomas Judd-Cooper - [Email](mailto:thomas.judd-cooper1@nhs.net) - [GitHub](https://github.com/Tomdango)
-
## Licence
Unless stated otherwise, the codebase is released under the MIT License. This covers both the codebase and any sample code in the documentation.
diff --git a/docs/adr/ADR-001 - Use git hook and GitHub action to check the .editorconfig compliance.md b/docs/adr/ADR-001 - Use git hook and GitHub action to check the .editorconfig compliance.md
deleted file mode 100644
index a84bc71..0000000
--- a/docs/adr/ADR-001 - Use git hook and GitHub action to check the .editorconfig compliance.md
+++ /dev/null
@@ -1,142 +0,0 @@
-# ADR-001: Use git hook and GitHub Action to check the `.editorconfig` compliance
-
->| | |
->| ------------ | --- |
->| Date | `15/05/2023` |
->| Status | `RFC` |
->| Deciders | `Engineering` |
->| Significance | `Construction techniques` |
->| Owners | `Dan Stefaniuk, Amaan Ibn-Nasar` |
-
----
-
-- [ADR-001: Use git hook and GitHub Action to check the `.editorconfig` compliance](#adr-001-use-git-hook-and-github-action-to-check-the-editorconfig-compliance)
- - [Context](#context)
- - [Decision](#decision)
- - [Assumptions](#assumptions)
- - [Drivers](#drivers)
- - [Options](#options)
- - [Options 1: The pre-commit project](#options-1-the-pre-commit-project)
- - [Options 2a: Custom shell script](#options-2a-custom-shell-script)
- - [Options 2b: Docker-based custom shell script](#options-2b-docker-based-custom-shell-script)
- - [Option 3: A GitHub Action from the Marketplace](#option-3-a-github-action-from-the-marketplace)
- - [Outcome](#outcome)
- - [Rationale](#rationale)
- - [Consequences](#consequences)
- - [Compliance](#compliance)
- - [Notes](#notes)
- - [Tags](#tags)
-
-## Context
-
-As part of the Repository Template project a need for a simple text formatting feature using the [EditorConfig](https://editorconfig.org/) rules was identified that is accessible and consistent for all contributors. To ensure that formatting rules are applied, a compliance check has to be implemented on a developer workstation and as a part of the CI/CD pipeline. This will establish a fast feedback loop and a fallback option, if the former has not worked.
-
-## Decision
-
-### Assumptions
-
-This decision is based on the following assumptions that are used to form a set of generic requirements for the implementation as a guide. A solution should be
-
-- Cross-platform and portable, supporting systems like
- - macOS
- - Windows WSL (Ubuntu)
- - Ubuntu and potentially other Linux distributions like Alpine
-- Configurable
- - can run on a file or a directory
- - can be turned on/off entirely
-- Run locally (aka developer workstation) and remotely (aka CI/CD pipeline)
-- Reusable and avoid code duplication
-
-### Drivers
-
-Implementation of this compliance check (like text encoding, line endings, tabs vs. spaces etc.) will help with any potential debate or discussion, removing personal preferences and opinions, enabling teams to focus on delivering value to the product they work on.
-
-Other linting tools like for example [Prettier](https://prettier.io/) and [ESLint](https://eslint.org/) are not considered here as they are code formatting tools dedicated to specific technologies and languages. The main drivers for this decision are the style consistency across all files in the codebase and to eliminate any disruptive changes introduced based on preferences. EditorConfig rules are recognised and supported by most if not all major editors and IDEs.
-
-Here is the recommended ruleset:
-
-```console
-charset = utf-8
-end_of_line = lf
-indent_size = 2
-indent_style = space
-insert_final_newline = true
-trim_trailing_whitespace = true
-```
-
-### Options
-
-#### Options 1: The [pre-commit](https://pre-commit.com/) project
-
-- Pros
- - Python is installed on most if not all platforms
- - A pythonist friendly tool
- - Well-documented
-- Cons
- - Dependency on Python even for a non-Python project
- - Potential versioning issues with Python runtime and dependencies compatibility
- - Lack of process isolation, access to resources with user-level privileges
- - Dependency on multiple parties and plugins
-
-#### Options 2a: Custom shell script
-
-- Pros
- - Execution environment is installed everywhere, no setup required
- - Ease of maintainability and testability
- - It is a simple solution
-- Cons
- - May potentially require more coding in Bash
- - Requires shell scripting skills
-
-#### Options 2b: Docker-based custom shell script
-
-This option is an extension built upon option 2a.
-
-- Pros
- - Cross-platform compatibility
- - Isolation of the process dependencies and runtime
- - Docker is an expected dependency for most/all projects
-- Cons
- - Requires Docker as a preinstalled dependency
- - Requires basic Docker skills
-
-#### Option 3: A GitHub Action from the Marketplace
-
-- Pros
- - Usage of a GitHub native functionality
-- Cons
- - Reliance on the GitHub DSL (coding in yaml) may lead to less portable solution
- - Implementation of the functionality has to be duplicated for the git hook
-
-### Outcome
-
-The decision is to implement Option 2b.
-
-### Rationale
-
-A choice of shell scripting along with Docker offers a good support for simplicity, process isolation, portability across the operating systems and reuse of the same code and its configuration. This approach makes it consistent for a local environment and the CI/CD pipeline, where the process can be gated and compliance enforced.
-
-## Consequences
-
-As a result of the above decision
-
-- a single Bash script will be implemented
-- it will be placed in the `scripts/githooks` directory
-- the name of the file will be `editorconfig-pre-commit.sh`
-- there will be a `pre-commit` runner included
-- the GitHub Action will call the git hook `editorconfig-pre-commit.sh` script directly
-- and a couple of `Makefile` targets like `config`, `githooks-install` will be implemented to bootstrap the project
-
-The intention of this decision is to guide any other git hook and GitHub Action implementations.
-
-## Compliance
-
-Both, the git hook and the GitHub Action should be executed automatically as part of the developer workflow.
-
-## Notes
-
-There is an emerging practice to use projects like [act](https://github.com/nektos/act) to make GitHub actions even more portable. The recommendation is for this tool to be assessed at further stages of the [nhs-england-tools/repository-template](https://github.com/nhs-england-tools/repository-template) project implementation, in the context of this decision record.
-
-## Tags
-
-`#maintainability, #testability, #simplicity, #security`
diff --git a/docs/adr/ADR-002 - Scan repository for hardcoded secrets.md b/docs/adr/ADR-002 - Scan repository for hardcoded secrets.md
deleted file mode 100644
index dded6ee..0000000
--- a/docs/adr/ADR-002 - Scan repository for hardcoded secrets.md
+++ /dev/null
@@ -1,98 +0,0 @@
-# ADR-002: Scan repository for hardcoded secrets
-
->| | |
->| ------------ | --- |
->| Date | `31/05/2023` |
->| Status | `RFC` |
->| Deciders | `Engineering` |
->| Significance | `Construction techniques` |
->| Owners | `Dan Stefaniuk, Jon Pearce, Tamara Goldschmidt, Tim Rickwood` |
-
----
-
-- [ADR-002: Scan repository for hardcoded secrets](#adr-002-scan-repository-for-hardcoded-secrets)
- - [Context](#context)
- - [Decision](#decision)
- - [Assumptions](#assumptions)
- - [Drivers](#drivers)
- - [Options](#options)
- - [Outcome](#outcome)
- - [Rationale](#rationale)
- - [Consequences](#consequences)
- - [Compliance](#compliance)
- - [Notes](#notes)
- - [Actions](#actions)
- - [Tags](#tags)
-
-## Context
-
-- Review git-secrets decision
- - To compare
- - tools
- - 1. https://github.com/awslabs/git-secrets
- - 2. https://github.com/trufflesecurity/trufflehog
- - 3. https://github.com/gitleaks/gitleaks
- - repo metadata
- - contributions (data and number)
- - stars & forks
- - language
- - licence
- - features
- - scan whole history
- - scan single commit
- - predefined set of rules
- - patterns: custom rules
- - patterns: exclusions
- - entropy detection
- - run as a docker image (locally and in CI/CD pipeline)
-
-Describe the context and the problem statement. Is there a relationship to other decisions previously made? Are there any dependencies and/or constraints within which the decision will be made? Do these need to be reviewed or validated? Please, note that environmental limitations or restrictions such as accepted technology standards, commonly recognised and used patterns, engineering and architecture principles, organisation policies, governance and so on, may as an effect narrow down the choices. This should also be explicitly documented, as this is a point-in-time decision with the intention of being able to articulate it clearly and justify it later.
-
-## Decision
-
-### Assumptions
-
-Summarise the underlying assumptions in the environment in which you make the decision. This could be related to technology changes, forecast of the monetary and non-monetary costs, further delivery commitments, impactful external drivers etc., and any known unknowns that translate to risks.
-
-### Drivers
-
-List the decision drivers that motivate this change or course of action. This may include any identified risks and residual risks after applying the decision.
-
-### Options
-
-Consider a comprehensive set of alternative options; provide weighting if applicable.
-
-### Outcome
-
-State the decision outcome as a result of taking into account all of the above. Is it a reversible or irreversible decision?
-
-### Rationale
-
-Provide a rationale for the decision that is based on weighing the options to ensure that the same questions are not going to be asked again and again unless the decision needs to be superseded.
-
-For non-trivial decisions a comparison table can be useful for the reviewer. Decision criteria down one side, options across the top. You'll likely find decision criteria come from the Drivers section above. Effort can be an important driving factor. You may have an intuitive feel for this, but reviewers will not. T-shirt sizing the effort for each option may help communicate.
-
-## Consequences
-
-Describe the resulting context, after applying the decision. All the identified consequences should be listed here, not just the positive ones. Any decision comes with many implications. For example, it may introduce a need to make other decisions as an effect of cross-cutting concerns; it may impact structural or operational characteristics of the software, and influence non-functional requirements; as a result, some things may become easier or more difficult to do because of this change. What are the trade-offs?
-
-What are the conditions under which this decision no longer applies or becomes irrelevant?
-
-## Compliance
-
-Establish how the success is going to be measured. Once implemented, the effect might lend itself to be measured, therefore if appropriate a set of criteria for success could be established. Compliance checks of the decision can be manual or automated using a fitness function. If it is the latter this section can then specify how that fitness function would be implemented and whether there are any other changes to the codebase needed to measure this decision for compliance.
-
-## Notes
-
-Include any links to existing epics, decisions, dependencies, risks, and policies related to this decision record. This section could also include any further links to configuration items within the project or the codebase, signposting to the areas of change.
-
-It is important that if the decision is sub-optimal or the choice is tactical or misaligned with the strategic directions the risk related to it is identified and clearly articulated. As a result of that, the expectation is that a [Tech Debt](./tech-debt.md) record is going to be created on the backlog.
-
-## Actions
-
-- [x] name, date by, action
-- [ ] name, date by, action
-
-## Tags
-
-`#maintainability, #testability, #simplicity, #security`
diff --git a/example/package.json b/example/package.json
index 328fd2b..aaf41c5 100644
--- a/example/package.json
+++ b/example/package.json
@@ -5,7 +5,7 @@
"scripts": {
"dev": "next dev",
"build": "next build",
- "package": "open-next build && yarn package:functions",
+ "package": "open-next build",
"start": "next start",
"lint": "next lint"
},
diff --git a/example/public/images/patrick.1200x1200.png:Zone.Identifier b/example/public/images/patrick.1200x1200.png:Zone.Identifier
deleted file mode 100644
index 98ef56e..0000000
--- a/example/public/images/patrick.1200x1200.png:Zone.Identifier
+++ /dev/null
@@ -1,4 +0,0 @@
-[ZoneTransfer]
-ZoneId=3
-ReferrerUrl=https://github.com/
-HostUrl=https://raw.githubusercontent.com/serverless-stack/open-next/main/example/public/images/patrick.1200x1200.png
diff --git a/example/src/pages/404.tsx b/example/src/pages/404.tsx
index f15f2f7..117ea15 100644
--- a/example/src/pages/404.tsx
+++ b/example/src/pages/404.tsx
@@ -1,9 +1,18 @@
import { NextPage } from "next";
+import Head from "next/head";
const PageNotFoundPage: NextPage = () => (
-
+ <>
+
+ 404 Page Not Found - Next.js Feature Test App
+
+
+
+
+
404
-
+
+
);
-export default PageNotFoundPage;
\ No newline at end of file
+export default PageNotFoundPage;
diff --git a/example/src/pages/_document.tsx b/example/src/pages/_document.tsx
index c1a98b0..89c6acb 100644
--- a/example/src/pages/_document.tsx
+++ b/example/src/pages/_document.tsx
@@ -1,5 +1,6 @@
import { Html, Head, Main, NextScript } from 'next/document'
-import { Container, Header } from 'nhsuk-react-components'
+import Link from 'next/link'
+import { Container, Footer, Header } from 'nhsuk-react-components'
export default function Document() {
return (
@@ -15,6 +16,14 @@ export default function Document() {
+