Lambda using gov-notify API to send notifications to users when test certificate generation task is triggered.
The project runs on node >10 with typescript and serverless framework. For further details about project dependencies, please refer to the package.json
file.
nvm is used to managed node versions and configuration explicitly done per project using an .npmrc
file.
Please install and run the following securiy programs as part of your development process:
-
git-secrets After installing, do a one-time set up with
git secrets --register-aws
. Run withgit secrets --scan
.
These will be run as part of your projects hooks so you don't accidentally introduce any new security vulnerabilities.
You will also require Docker to run the service locally if you wish to mock external dependencies.
Set up your nodejs environment running nvm use
and once the dependencies are installed using npm i
, you can run the scripts from package.json
to build your project.
This code repository uses serverless framework to mock AWS capabilities for local development.
- The
BRANCH
environment variable indicates in which environment is this application running. Not setting this variable will result in defaulting tolocal
.
- Building the docker image -
npm run build:docker
- Building with source maps -
npm run build:dev
- Building without source maps -
npm run build
- The S3 server can be started by running
npm run start:docker
. - The app can be started by running
npm run start
The configuration file can be found under src/config/config.yml
.
Environment variable injection is possible with the syntax:
${BRANCH}
, or you can specify a default value: ${BRANCH:local}
.
The invoke
configuration contains settings for both the local
and the remote
environment.
The local environment contains configuration for the Lambda Invoke local endpoint, as well as configuration for loading mock JSON response.
invoke:
local:
params:
apiVersion: 2015-03-31
endpoint: http://localhost:3000
functions:
testResults:
name: cvs-svc-test-results
mock: tests/resources/test-results-response.json
techRecords:
name: cvs-svc-technical-records
mock: tests/resources/tech-records-response.json
remote:
params:
apiVersion: 2015-03-31
functions:
testResults:
name: test-results-${BRANCH}
techRecords:
name: technical-records-${BRANCH}
The S3 configuration contains settings for both the local
and the remote
environment. The local
environment contains configuration for the local S3 instance. The remote
environment does not require parameters.
s3:
local:
endpoint: http://localhost:7000
s3ForcePathStyle: true
remote: {}
The MOT configuration contains the certificate generation endpoint URL and the expected document names. For more information, please visit the Confluence page
mot:
endpoint: https://9fjfatqw19.execute-api.eu-west-1.amazonaws.com/cvs-dev/CVS
documentNames:
vt20: VT20.pdf
vt20w: VT20W.pdf
vt30: VT30.pdf
vt30w: VT30W.pdf
vt32ve: VT32VE.pdf
vt32vew: VT32VEW.pdf
prs: PRS.pdf
prsw: PRSW.pdf
ct20: CT20.pdf
ct30: CT30.pdf
vtp20: VTP20.pdf
vtp30: VTP30.pdf
psv_prs: PSV_PRS.pdf
vtg5: VTG5.pdf
vtg5a: VTG5A.pdf
The secrets.yml
file needs to be injected at deployment time, and should contain the API key for the MOT service.
mot:
api_key: [API_KEY_HERE]
The following environmental variables can be given to your serverless scripts to trace and debug your service:
AWS_XRAY_CONTEXT_MISSING = LOG_ERROR
SLS_DEBUG = *
BRANCH = local
In order to test, you need to run the following:
npm run test # unit tests
We follow a gitflow approach for development. For the CI/CD and automation please refer to the following pages for further details:
Please familiarise yourself with commitlint and conventional commits conventions as a hook is in place to enforce standards.
The projects has multiple hooks configured using husky which will execute the following scripts: security-checks
, audit
, eslint
, prepush
.
The codebase uses typescript clean code standards as well as sonarqube for static analysis.
SonarQube is available locally, please follow the instructions below if you wish to run the service locally (brew is the preferred approach).
Brew (recommended):
- Install sonarqube using brew
- Change
sonar.host.url
to point to localhost, by default, sonar runs onhttp://localhost:9000
- run the sonar server
sonar start
, then perform your analysisnpm run sonar-scanner
Manual:
- Download sonarqube
- Add sonar-scanner in environment variables in your profile file add the line:
export PATH=<PATH_TO_SONAR_SCANNER>/sonar-scanner-3.3.0.1492-macosx/bin:$PATH
- Start the SonarQube server:
cd <PATH_TO_SONARQUBE_SERVER>/bin/macosx-universal-64 ./sonar.sh start
- In the microservice folder run the command:
npm run sonar-scanner