Update example application

.dockerignore

@@ -4,9 +4,9 @@ docker-compose.yml
 Dockerfile
 README.md
 node_modules
+tmp
 .babelrc.json
 .eslintrc.js
 .flake8
 .gitignore
-.stylelintrc
-docker-compose.yml
+.stylelintrc

.eslintrc.js

@@ -20,4 +20,5 @@ module.exports = {
     sourceType: "module",
   },
   rules: {},
+  ignorePatterns: ["webpack.config.js", "*.min.js", "tmp/*"],
 };

.flake8

@@ -1,5 +1,6 @@
 [flake8]
 ignore = E203, E266, E501, W503, F403, F401
+exclude = venv*,__pycache__,node_modules,migrations,tmp
 max-line-length = 80
-max-complexity = 18
+max-complexity = 12
 select = B,C,E,F,W,T4,B9

.github/actions/node-tests/action.yml

@@ -0,0 +1,11 @@
+name: Run Node tests
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install Node dependencies
+      run: npm install
+      shell: bash
+    - name: Run Node tests
+      run: npm run test:all
+      shell: bash

.github/actions/python-tests/action.yml

@@ -0,0 +1,20 @@
+name: Run Python tests
+
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/setup-python@v5
+      with:
+        python-version: 3.12
+    - uses: snok/install-poetry@v1
+      with:
+        version: 1.8.1
+        virtualenvs-create: true
+        virtualenvs-in-project: true
+        virtualenvs-path: .venv
+    - name: Install Poetry dependencies
+      run: poetry install --no-interaction --no-root
+      shell: bash
+    - name: Run Python tests
+      run: poetry run python -m pytest
+      shell: bash

.github/workflows/branch-cleanup.yml

@@ -0,0 +1,24 @@
+name: Clean up feature branch
+
+on:
+  delete:
+
+jobs:
+  delete:
+    if: github.event.ref_type == 'branch' && startsWith(github.event.ref, 'feature/')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Get tag from deleted branch
+        id: version-tag
+        run: echo "VERSION=$(echo "${{ github.event.ref }}" | sed -e 's,/,-,g')" >> "$GITHUB_OUTPUT"
+      - name: Debug
+        run: echo "Clean up Docker image ${{ vars.DOCKER_IMAGE_NAME }}:${{ steps.version-tag.outputs.VERSION }}"
+      - name: Delete image
+        if: ${{ steps.version-tag.outputs.VERSION }}
+        uses: bots-house/ghcr-delete-image-action@v1.1.0
+        with:
+          owner: ${{ github.repository_owner }}
+          name: ${{ vars.DOCKER_IMAGE_NAME }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          tag: ${{ steps.version-tag.outputs.VERSION }}

.github/workflows/cd.yml

@@ -0,0 +1,106 @@
+name: Build and deploy
+
+on:
+  workflow_dispatch:
+  push:
+
+concurrency:
+  group: cd-${{ github.ref }}
+
+jobs:
+  test-node:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run tests
+        uses: ./.github/actions/node-tests
+
+  test-python:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run tests
+        uses: ./.github/actions/python-tests
+
+  version:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Get tag
+        id: version-tag
+        uses: nationalarchives/ds-docker-actions/.github/actions/get-version-tag@main
+    outputs:
+      version: ${{ steps.version-tag.outputs.version-tag }}
+
+  build:
+    runs-on: ubuntu-latest
+    needs:
+      - test-python
+      - test-node
+      - version
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build Docker image
+        uses: nationalarchives/ds-docker-actions/.github/actions/docker-build@main
+        with:
+          version: ${{ needs.version.outputs.version }}
+          latest: ${{ github.ref == 'refs/heads/main' }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+
+  update-proof-of-concept:
+    runs-on: ubuntu-latest
+    needs:
+      - build
+      - version
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          repository: nationalarchives/ds-etna-deployments-proof-of-concept
+          ref: main
+          token: ${{ secrets.ACTIONS_GITHUB_TOKEN }}
+      - name: Set up git config
+        run: |
+          git config user.name "ds-etna-frontend"
+          git config user.email "<>"
+      - name: Install jq
+        run: sudo apt-get install jq
+      - name: Update config
+        run: jq --indent 4 '(.services.frontend.version|="${{ needs.version.outputs.version }}")' config-aws-develop.json > tmp.$$.json && mv tmp.$$.json config-aws-develop.json
+      - name: Push new version
+        run: |
+          git add config-aws-develop.json
+          git commit -m "Update frontend to v${{ needs.version.outputs.version }}"
+          git push origin main
+
+  update-dblclk:
+    runs-on: ubuntu-latest
+    needs:
+      - build
+      - version
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          repository: nationalarchives/ds-etna
+          ref: proof-of-concept
+          token: ${{ secrets.ACTIONS_GITHUB_TOKEN }}
+      - name: Set up git config
+        run: |
+          git config user.name "ds-etna-frontend"
+          git config user.email "<>"
+      - name: Install yq
+        uses: dcarbone/install-yq-action@v1.1.1
+      - name: Update config
+        run: |
+          yq '(.services.frontend.image|="ghcr.io/${{ github.repository_owner }}/${{ vars.DOCKER_IMAGE_NAME }}:${{ needs.version.outputs.version }}")' docker-compose.yml > tmp.$$.yml && mv tmp.$$.yml docker-compose.yml
+          yq '(.services.frontend-develop.image|="ghcr.io/${{ github.repository_owner }}/${{ vars.DOCKER_IMAGE_NAME }}:${{ needs.version.outputs.version }}")' docker-compose.yml > tmp.$$.yml && mv tmp.$$.yml docker-compose.yml
+      - name: Push new version
+        run: |
+          git add docker-compose.yml
+          git commit -m "Update frontend to v${{ needs.version.outputs.version }}"
+          git push origin proof-of-concept

.github/workflows/pr.yml

@@ -0,0 +1,22 @@
+name: Pull request
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+
+jobs:
+  test-node:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run tests
+        uses: ./.github/actions/node-tests
+
+  test-python:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run tests
+        uses: ./.github/actions/python-tests

.github/workflows/remove-untagged.yml

@@ -0,0 +1,16 @@
+name: Remove untagged container images
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 3 * * 1"
+
+jobs:
+  remove-untagged:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Remove untagged Docker images
+        uses: nationalarchives/ds-docker-actions/.github/actions/remove-untagged@main
+        with:
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -1,6 +1,9 @@
 .DS_Store
+__pycache__
 /node_modules
+/app/static/assets
 /app/static/*.css
 /app/static/*.css.map
-/app/static/*.js
-/app/static/*.js.map
+/app/static/*.min.js
+/app/static/*.min.js.map
+/tmp

.nvmrc

@@ -1 +1 @@
-lts/hydrogen
+lts/iron

.prettierignore

@@ -0,0 +1,2 @@
+**/*.html
+tmp/**/*

.stylelintrc

@@ -1,21 +1,18 @@
 {
-    "extends": [
-        "stylelint-config-standard-scss"
-    ],
-    "plugins": [
-        "stylelint-selector-bem-pattern"
-    ],
-    "rules": {
-        "at-rule-empty-line-before": null,
-        "block-no-empty": null,
-        "declaration-empty-line-before": null,
-        "property-no-vendor-prefix": null,
-        "value-keyword-case": null,
-        "scss/dollar-variable-empty-line-before": null,
-        "scss/double-slash-comment-empty-line-before": null,
-        "selector-class-pattern": null,
-        "plugin/selector-bem-pattern": {
-            "preset": "bem"
-        }
+  "extends": ["stylelint-config-standard-scss"],
+  "plugins": ["stylelint-selector-bem-pattern"],
+  "rules": {
+    "at-rule-empty-line-before": null,
+    "block-no-empty": null,
+    "declaration-empty-line-before": null,
+    "property-no-vendor-prefix": null,
+    "value-keyword-case": null,
+    "scss/dollar-variable-empty-line-before": null,
+    "scss/double-slash-comment-empty-line-before": null,
+    "selector-class-pattern": null,
+    "plugin/selector-bem-pattern": {
+      "preset": "bem"
     }
-}
+  },
+  "ignoreFiles": ["app/**/*.css", "tmp/**/*.css", "tmp/**/*.scss"]
+}

Dockerfile

@@ -1,15 +1,24 @@
-FROM ghcr.io/nationalarchives/tna-python:latest
+ARG IMAGE=ghcr.io/nationalarchives/tna-python
+ARG IMAGE_TAG=latest
 
-ENV NPM_BUILD_COMMAND=build
+FROM "$IMAGE":"$IMAGE_TAG"
+
+ENV NPM_BUILD_COMMAND=compile
+ARG BUILD_VERSION
+ENV BUILD_VERSION="$BUILD_VERSION"
 
 # Copy in the application code
 COPY --chown=app . .
 
-# Install the dependencies
+# Install dependencies
 RUN tna-build
 
-# Delete the source files
-RUN rm -fR /app/src
+# Copy in the static assets from TNA Frontend
+RUN mkdir /app/app/static/assets; \
+    cp -r /app/node_modules/@nationalarchives/frontend/nationalarchives/assets/* /app/app/static/assets
+
+# Delete source files and tests
+RUN rm -fR /app/src /app/test
 
 # Run the application
-CMD ["tna-run", "my-app:app"]
+CMD ["tna-run", "flask_app:app"]

README.md

@@ -1,5 +1,50 @@
-# Example Python Flask Application
+# TNA Python Flask Application
+
+## Quickstart
+
+```sh
+# Build and start the container
+docker compose up -d
+
+# Install Node modules
+npm install
+
+# Create a static assets directory
+mkdir app/static/assets
+
+# Copy in the TNA Frontend static assets
+cp -r node_modules/@nationalarchives/frontend/nationalarchives/assets/* app/static/assets
+```
+
+## Environment variables
+
+In addition to the [base Docker image variables](https://github.com/nationalarchives/docker/blob/main/docker/tna-python/README.md#environment-variables), this application has support for:
+
+| Variable                | Purpose                                                                   | Default                                                   |
+| ----------------------- | ------------------------------------------------------------------------- | --------------------------------------------------------- |
+| `CONFIG`                | The configuration to use                                                  | `config.Production`                                       |
+| `DEBUG`                 | If true, allow debugging[^1]                                              | `False`                                                   |
+| `COOKIE_DOMAIN`         | The domain to save cookie preferences against                             | _none_                                                    |
+| `CSP_IMG_SRC`           | A comma separated list of CSP rules for `img-src`                         | `'self'`                                                  |
+| `CSP_SCRIPT_SRC`        | A comma separated list of CSP rules for `script-src`                      | `'self'`                                                  |
+| `CSP_SCRIPT_SRC_ELEM`   | A comma separated list of CSP rules for `script-src-elem`                 | `'self'`                                                  |
+| `CSP_STYLE_SRC`         | A comma separated list of CSP rules for `style-src`                       | `'self'`                                                  |
+| `CSP_FONT_SRC`          | A comma separated list of CSP rules for `font-src`                        | `'self'`                                                  |
+| `CSP_CONNECT_SRC`       | A comma separated list of CSP rules for `connect-src`                     | `'self'`                                                  |
+| `CSP_MEDIA_SRC`         | A comma separated list of CSP rules for `media-src`                       | `'self'`                                                  |
+| `CSP_WORKER_SRC`        | A comma separated list of CSP rules for `worker-src`                      | `'self'`                                                  |
+| `CSP_FRAME_SRC`         | A comma separated list of CSP rules for `frame-src`                       | `'self'`                                                  |
+| `FRAME_DOMAIN_ALLOW`    | A domain from which to allow frame embedding (used in CMS previews)       | _none_                                                    |
+| `FORCE_HTTPS`           | Redirect requests to HTTPS as part of the CSP                             | _none_                                                    |
+| `CACHE_TYPE`            | https://flask-caching.readthedocs.io/en/latest/#configuring-flask-caching | _none_                                                    |
+| `CACHE_DEFAULT_TIMEOUT` | The number of seconds to cache pages for                                  | production: `300`, staging: `60`, develop: `0`, test: `0` |
+| `CACHE_DIR`             | Directory for storing cached responses                                    | `/tmp`                                                    |
+| `CACHE_HEADER_DURATION` | The time to return in the `Cache-Control` header                          | production: `604800`, staging/develop/test: `1`           |
+
+[^1] [Debugging in Flask](https://flask.palletsprojects.com/en/2.3.x/debugging/)
+
+## Running tests
 
 ```sh
-docker-compose up -d
+poetry run python -m pytest
 ```