Initial commit

.github/ISSUE_TEMPLATE/bug.md

@@ -0,0 +1,35 @@
+---
+name: Bug
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the Bug**
+A clear and concise description of what the bug is.
+
+**Expected Behaviour**
+A clear and concise description of what you expected to happen.
+
+**Actual Behaviour**
+A clear and concise description of what you expected to happen.
+
+** Steps To Reproduce**
+Steps to reproduce the behaviour:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/custom.md

@@ -0,0 +1,8 @@
+---
+name: Custom issue template
+about: Describe this issue template's purpose here
+title: ''
+labels: ''
+assignees: ''
+
+---

.github/ISSUE_TEMPLATE/decision.md

@@ -0,0 +1,8 @@
+---
+name: Decision
+about: This is a big decision that has been made or raised to PO
+title: ''
+labels: decision
+assignees: ''
+
+---

.github/ISSUE_TEMPLATE/documentation.md

@@ -0,0 +1,26 @@
+---
+name: Documentation
+about: Documentation for a specific area or need
+title: ''
+labels: documentation
+assignees: ''
+
+---
+
+**As a** *(User Type/Persona)* **I want** *(Feature/enhancement)* **So That** *(Value, why is this wanted, what is the user trying to accomplish)*
+
+**Additional Context**
+- enter text here
+- enter text here
+
+**Acceptance Criteria**
+- [ ] Given (Context), When (action carried out), Then (expected outcome)
+- [ ] Given (Context), When (action carried out), Then (expected outcome)
+
+**Definition of Done**
+- [ ] Ready to Demo in Sprint Review
+- [ ] Does what I have made have appropriate test coverage?
+- [ ] Documentation and/or scientific documentation exists and can be found
+- [ ] Peer Reviewed by 2 people on the team
+- [ ] Manual testing of all PRs in Dev and Prod
+- [ ] Merged

.github/ISSUE_TEMPLATE/epic.md

@@ -0,0 +1,21 @@
+---
+name: Epic
+about: A User Story Large enough that it cannot be completed in a single sprint, the
+  desired end state of a feature
+title: ''
+labels: epic
+assignees: ''
+
+---
+
+**As a** *(User Type/Persona)* **I want** *(Feature/enhancement)* **So That** *(Value, why is this wanted, what is the user trying to accomplish)*
+
+**Additional Context**
+
+- enter text here
+- enter text here
+
+**Acceptance Criteria**
+
+- [ ] Given (Context), When (action carried out), Then (expected outcome)
+- [ ] Given (Context), When (action carried out), Then (expected outcome)

.github/ISSUE_TEMPLATE/feature.md

@@ -0,0 +1,26 @@
+---
+name: Feature request / user story
+about: Suggest an idea from the perspective of a user
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**As a** *(User Type/Persona)* **I want** *(Feature/enhancement)* **So That** *(Value, why is this wanted, what is the user trying to accomplish)*
+
+**Additional Context**
+- enter text here
+- enter text here
+
+**Acceptance Criteria**
+- [ ] Given (Context), When (action carried out), Then (expected outcome)
+- [ ] Given (Context), When (action carried out), Then (expected outcome)
+
+**Definition of Done**
+- [ ] Ready to Demo in Sprint Review
+- [ ] Does what I have made have appropriate test coverage?
+- [ ] Documentation and/or scientific documentation exists and can be found
+- [ ] Peer Reviewed by 2 people on the team
+- [ ] Manual testing of all PRs in Dev and Prod
+- [ ] Merged

.github/ISSUE_TEMPLATE/question.md

@@ -0,0 +1,22 @@
+---
+name: Question
+about: Ask us a question!
+title: ''
+labels: question
+assignees: ''
+
+---
+
+**Describe the task**
+basic description of the task, is it focuse on research with users or the business area? is it design focused on either co-design or wireframing? is it User Testing or compiling results?
+
+**Acceptance Criteria**
+- [ ] what is required for this task to be complete?
+- what is the finishing point or end state of this task?
+- [ ] what is the output of this task?
+
+**SME/User Contact**
+(may want to use a persona to fill this in)
+
+**Additional context**
+- any additional details that could not be captured above

.github/ISSUE_TEMPLATE/task.md

@@ -0,0 +1,20 @@
+---
+name: Task
+about: Work for the team that cannot be written as a user story
+title: ''
+labels: task
+assignees: ''
+
+---
+
+**Describe the task**
+A clear and concise description of what the task is.
+
+**Acceptance Criteria**
+- [ ] first
+- [ ] second
+- [ ] third
+
+**Additional context**
+- Add any other context about the task here.
+- Or here

.github/ISSUE_TEMPLATE/ux.md

@@ -0,0 +1,22 @@
+---
+name: UX Task
+about: This is a Task for UX Research, Design or Testing
+title: ''
+labels: ux
+assignees: ''
+
+---
+
+**Describe the task**
+basic description of the task, is it focuse on research with users or the business area? is it design focused on either co-design or wireframing? is it User Testing or compiling results?
+
+**Acceptance Criteria**
+- [ ] what is required for this task to be complete?
+- what is the finishing point or end state of this task?
+- [ ] what is the output of this task?
+
+**SME/User Contact**
+(may want to use a persona to fill this in)
+
+**Additional context**
+- any additional details that could not be captured above

.github/dependabot.yml

@@ -0,0 +1,8 @@
+# Dependency updates for GitHub Actions and npm
+# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily

.github/pull_request_template.md

@@ -0,0 +1,43 @@
+<!-- Provide a general summary of your changes in the Title above -->
+
+# Description
+
+Please provide a summary of the change and the issue fixed. Please include relevant context. List dependency changes.
+
+Fixes # (issue)
+
+## Type of change
+
+Please delete options that are not relevant.
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] This change requires a documentation update
+
+# How Has This Been Tested?
+
+Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
+
+- [ ] Test A
+- [ ] Test B
+
+
+## Checklist
+
+<!-- Go over all the following points, and put an `x` in all the boxes that apply. -->
+<!-- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
+
+- [ ] I have read the [CONTRIBUTING](CONTRIBUTING.md) doc
+- [ ] I have performed a self-review of my own code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] New and existing unit tests pass locally with my changes
+- [ ] Any dependent changes have already been accepted and merged
+
+
+## Further comments
+
+<!-- If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc... -->

.github/workflows/analysis.yml

@@ -0,0 +1,100 @@
+name: Analysis
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    types: [opened, reopened, synchronize, ready_for_review]
+  schedule:
+    - cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  codeql:
+    name: CodeQL
+    if: github.event_name != 'pull_request' || !github.event.pull_request.draft
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: github/codeql-action/init@v2
+        with:
+          languages: javascript
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:javascript"
+
+  # https://github.com/marketplace/actions/aqua-security-trivy
+  trivy:
+    name: Trivy Security Scan
+    if: github.event_name != 'pull_request' || !github.event.pull_request.draft
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@0.12.0
+        with:
+          format: "sarif"
+          output: "trivy-results.sarif"
+          ignore-unfixed: true
+          scan-type: "fs"
+          scanners: "vuln,secret,config"
+          severity: "CRITICAL,HIGH"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: "trivy-results.sarif"
+
+  tests:
+    name: Tests
+    if: github.event_name != 'pull_request' || !github.event.pull_request.draft
+    runs-on: ubuntu-22.04
+    services:
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_DB: postgres
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+    strategy:
+      matrix:
+        dir: [backend, frontend]
+        include:
+          - dir: backend
+            sonar_projectKey: quickstart-openshift_backend
+            token: SONAR_TOKEN_BACKEND
+            triggers: ('backend/')
+          - dir: frontend
+            sonar_projectKey: quickstart-openshift_frontend
+            token: SONAR_TOKEN_FRONTEND
+            triggers: ('frontend/')
+    steps:
+      - uses: bcgov-nr/action-test-and-analyse@v1.1.0
+        with:
+          commands: |
+            npm ci
+            npm run test:cov
+          dir: ${{ matrix.dir }}
+          node_version: "20"
+          sonar_args: >
+            -Dsonar.exclusions=**/coverage/**,**/node_modules/**,**/*spec.ts
+            -Dsonar.organization=bcgov-sonarcloud
+            -Dsonar.projectKey=${{ matrix.sonar_projectKey }}
+            -Dsonar.sources=src
+            -Dsonar.tests.inclusions=**/*spec.ts
+            -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info
+          sonar_token: ${{ secrets[matrix.token] }}
+          triggers: ${{ matrix.triggers }}