Initial commit

.github/CODEOWNERS

@@ -0,0 +1 @@
+@ONSdigital/ons-template-admins

.github/dependabot.yml

@@ -0,0 +1,12 @@
+---
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/pull_request_template.md

@@ -0,0 +1,17 @@
+# Change Description
+
+- what changes have been made and why
+
+## Type of change
+
+- [ ] New service
+- [ ] New feature
+- [ ] Breaking change
+- [ ] Bugfix
+- [ ] Quality of life changes
+
+## Checklist
+
+- [ ] I have followed the [Contributing](https://github.com/ONSdigital/ons-template/CONTRIBUTING.md) guide.
+- [ ] I have merged the latest commits from the main branch
+- [ ] All the GitHub Checks are :white_check_mark:

.github/rename_project.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+escape_for_sed() {
+	echo "$1" | sed -e 's/[\/&]/\\&/g'
+}
+
+while getopts ":a:n:u:d:" flag; do
+	case "${flag}" in
+	a) author=${OPTARG} ;;
+	n) name=${OPTARG} ;;
+	u) urlname=${OPTARG} ;;
+	d) description=$(escape_for_sed "${OPTARG}") ;;
+	*)
+		echo "Invalid option: -${OPTARG}" >&2
+		exit 1
+		;;
+	esac
+done
+
+echo "Author: $author"
+echo "Project Name: $name"
+echo "Project URL name: $urlname"
+echo "Description: $description"
+
+echo "Renaming project..."
+
+original_author="author_name"
+original_name="project_name"
+original_urlname="project_urlname"
+original_description="project_description"
+
+for filename in $(git ls-files); do
+	sed -i "s/$original_author/$author/g" "$filename"
+	sed -i "s/$original_name/$name/g" "$filename"
+	sed -i "s/$original_urlname/$urlname/g" "$filename"
+	sed -i "s/$original_description/$description/g" "$filename"
+	echo "Renamed $filename"
+done
+
+mv project_name "$name"

.github/slim-README.md

@@ -0,0 +1,25 @@
+# ons-template
+
+This repository attempts to demonstrate how colleagues can implement the [GitHub Policy](https://officenationalstatistics.sharepoint.com/sites/ONS_DDaT_Communities/Software%20Engineering%20Policies/Draft_Sub_Policies/GitHub%20Usage%20Policy.docx) (Link to internal site, not accessible externally) created by ONS' Software Engineering Community.
+
+## Contents
+* [How to use this template](#post-clone-steps)
+
+## Post-Clone Steps
+### Repository Settings
+Familiarise yourself with the [ONS GitHub Policy](../../wiki) and ensure your repository is compliant with the policy.
+
+Few key points to note are:
+
+- **[Branch Protection](https://github.com/ONSdigital/ons-template/wiki/5.7-Branch-Protection-rules)**: Ensure
+  the `main` or any other primary branch
+  is protected.
+- **[Signed Commits](https://github.com/ONSdigital/ons-template/wiki/5.8-Signed-Commits)**: Use GPG keys to sign your
+  commits.
+- **[Security Alerts](https://github.com/ONSdigital/ons-template/wiki/6.2-Security)**: Make use of Secret scanning and
+  Dependabot alerts.
+- **[PIRR](https://github.com/ONSdigital/ons-template/wiki/4.2-Private-Internal-Repository-Information)**: If not
+  public then ensure a PIRR.md is documented.
+
+## Contributing
+Please see [CONTRIBUTING.md](CONTRIBUTING.md)

.github/workflows/post-creation-tidy.yml

@@ -0,0 +1,123 @@
+---
+# This workflow is triggered on push events and renames the project from template
+# This should be the first workflow to run after the project is created from the 'Use this template' feature
+
+name: Post Creation Tidy
+
+on: # yamllint disable-line rule:truthy
+  push:
+    branches: [main]
+
+permissions:
+  contents: write
+  actions: write
+
+concurrency:
+  group: "${{ github.head_ref || github.ref }}-${{ github.workflow }}"
+  cancel-in-progress: true
+
+jobs:
+  post-creation-tidy:
+    name: Rename Project
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          # by default, it uses a depth of 1
+          # this fetches all history so that we can read each commit
+          fetch-depth: 0
+          ref: ${{ github.head_ref }}
+
+      - name: Check Repository is not a Template
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const repo = await github.rest.repos.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+            });
+            core.exportVariable("is_template", repo.data.is_template);
+
+      - name: Set Environment Variables and Check Visibility
+        if: env.is_template == 'false'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const repoName = context.repo.repo.replace(/-/g, '_').toLowerCase();
+            const repoUrlName = context.repo.repo;
+            const repoOwner = context.repo.owner;
+            core.exportVariable('REPOSITORY_NAME', repoName);
+            core.exportVariable('REPOSITORY_URLNAME', repoUrlName);
+            core.exportVariable('REPOSITORY_OWNER', repoOwner);
+
+            const repo = await github.rest.repos.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+            });
+            const description = repo.data.description;
+            const visibility = repo.data.visibility;
+            const isPublic = visibility === 'public';
+
+            core.exportVariable('REPOSITORY_DESCRIPTION', description);
+            core.exportVariable('is_public', isPublic);
+
+      # - name: Rename Repository Check
+      #   if: env.is_template == 'false'
+      #   run: |
+      #     echo "needs_renaming=$(ls .github/template.yml &> /dev/null && echo true || echo false)" >> "$GITHUB_ENV"
+
+      - name: Update readme
+        if: env.is_template == 'false'
+        run: |
+          mv ./.github/slim-README.md README.md
+
+      # - name: Add markdown-link-check Config File
+      #   if: env.is_template == 'false' && env.needs_renaming == 'true'
+      #   run: |
+      #     # file=".github/linters/.markdown-link-check.json"
+      #     # mv -f .github/linters/.project-markdown-link-check.json "$file"
+
+      #     if [ "$is_public" = false ]; then
+      #       new_pattern='{
+      #         "pattern": "author_name/project_urlname",
+      #         "reason": "Private repository"
+      #       }'
+      #       existing_patterns=$(jq '.ignorePatterns' "$file")
+      #       if [ "$existing_patterns" = "null" ]; then
+      #         jq '.ignorePatterns = [] | .ignorePatterns += [ '"$new_pattern"' ]' "$file" > tmpfile && mv tmpfile "$file"
+      #       else
+      #         jq '.ignorePatterns += [ '"$new_pattern"' ]' "$file" > tmpfile && mv tmpfile "$file"
+      #       fi
+      #     fi
+
+      - name: Rename the Project
+        if: env.is_template == 'false' && env.needs_renaming == 'true'
+        run: |
+          echo "Renaming the project with -a(author) ${{ env.REPOSITORY_OWNER }} -n(name) ${{ env.REPOSITORY_NAME }} \
+            -u(urlname) ${{ env.REPOSITORY_URLNAME }} \
+            -d(description) ${{ env.REPOSITORY_DESCRIPTION || env.REPOSITORY_URLNAME }}"
+
+          .github/rename_project.sh -a ${{ env.REPOSITORY_OWNER }} -n ${{ env.REPOSITORY_NAME }} \
+            -u ${{ env.REPOSITORY_URLNAME }} -d "${{ env.REPOSITORY_DESCRIPTION || env.REPOSITORY_URLNAME }}"
+
+      - name: Check if PIRR is needed
+        if: env.is_template == 'false'
+        run: |
+          if [ "$is_public" = true ]; then
+            echo "Removing PIRR.md"
+            rm PIRR.md
+          fi
+
+      - name: Cleanup
+        if: env.is_template == 'false'
+        run: |
+          rm .github/rename_project.sh
+          rm .github/workflows/post-creation-tidy.yml
+          rm .github/workflows/super-linter.yml 
+          rm -rf .assets
+
+      - uses: stefanzweifel/git-auto-commit-action@v5
+        if: env.is_template == 'false'
+        with:
+          commit_message: ✅ Ready to clone and use
+          push_options: --force

.github/workflows/super-linter.yml

@@ -0,0 +1,31 @@
+---
+name: github-superlinter
+run-name: ${{ github.actor }} pushed a change to ${{github.ref_name}}
+on: # yamllint disable-line rule:truthy
+    push: null
+    pull_request: null
+jobs:
+    superlint:
+        runs-on: ubuntu-latest
+
+        permissions:
+            contents: read
+            packages: read
+            statuses: write
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+              with:
+                    # super-linter needs the full git history to get the
+                    # list of files that changed across commits
+                  fetch-depth: 0
+
+            - name: Super-linter
+              uses: super-linter/super-linter/[email protected] 
+              env:
+                    # To report GitHub Actions status checks
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+                  DEFAULT_BRANCH: main
+                  LINTER_RULES_PATH: "./configs"
+                  VALIDATE_GITHUB_ACTIONS: false

.gitignore

@@ -0,0 +1,3 @@
+# VS Code
+.vscode
+.DS_Store

CONTRIBUTING.md

@@ -0,0 +1,9 @@
+# How to Contribute to this project
+## What Should a good CONTRIBUTING.md contains
+* An introduction to the key stakeholders for the code not the resultant use cases
+* Comprehensive testing documentation
+* Any specific environment set-up e.g. non standard precommits
+* How to submit changes
+* How to raise Bugs
+* Any specific style advice
+[Source 1](https://mozillascience.github.io/working-open-workshop/contributing/)

LICENSE

@@ -0,0 +1,16 @@
+The MIT License (MIT)
+Copyright (c) 2024, ONS Digital
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit
+persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or
+substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+THE USE OR OTHER DEALINGS IN THE SOFTWARE.

PIRR.md

@@ -0,0 +1,13 @@
+# Private/Internal Reasoning Record
+## What visibility is the repository set to?
+Private or Internal
+## What decision led to this?
+### Good reasons
+There must general be a risk being mitigated
+* Infrastructure As Code
+* This is a temporary repository
+* Awaiting security risk adviser guidance
+* Code that won't be released e.g. training or PoC code
+### Bad reasons
+* No use to the public
+* idk..

README.md

@@ -0,0 +1,61 @@
+# ons-template
+
+[![Super-Linter](https://github.com/ONSdigital/ons-template/actions/workflows/super-linter.yml/badge.svg?branch=main)](https://github.com/ONSdigital/ons-template/actions/workflows/super-linter.yml)
+
+This repository attempts to demonstrate how colleagues can implement the [GitHub Policy](https://officenationalstatistics.sharepoint.com/sites/ONS_DDaT_Communities/Software%20Engineering%20Policies/Draft_Sub_Policies/GitHub%20Usage%20Policy.docx) (Link to internal site, not accessible externally) created by ONS' Software Engineering Community.
+
+## Contents
+* [The Wiki](#the-wiki)
+* [Contributing](#contributing)
+* [How to use this template](#how-to-use-this-template)
+* [What should a good README.md contain](#what-should-a-good-readmemd-contain)
+
+## The Wiki
+[The wiki](../../wiki) explains how you could implement the GitHub Repository policy.
+
+## How to use this template
+
+> **DO NOT FORK** this repository. Instead, use the
+> **[Use this template](https://github.com/ONSdigital/ons-template/generate)** feature.
+
+To get started with this template:
+
+1. Click on **[Use this template](https://github.com/ONSdigital/ons-template/generate)**.
+2. Select the correct visibility, default is public or internal over private. The default is internal as per [GitHubs Documentation](https://docs.github.com/en/enterprise-cloud@latest/repositories/creating-and-managing-repositories/about-repositories#about-internal-repositories)
+3. Name your new repository and provide a description, then click **Create repository**. Note: the repository name
+   should be lowercase and use
+   hyphens (`-`) instead of spaces.
+4. GitHub Actions will process the template and commit to your new repository shortly after you click **Create
+   repository**.. **Wait until the first
+   run of GitHub Actions CI to finish!**
+5. Once the **Rename Project** CI action has run, clone the repository and start working on your project.
+
+> **NOTE**: **WAIT** until first CI run of **Rename Project** job before cloning your new project.
+
+## Post-Clone Steps
+### Repository Settings
+Familiarise yourself with the [ONS GitHub Policy](../../wiki) and ensure your repository is compliant with the policy.
+
+Few key points to note are:
+
+- **[Branch Protection](https://github.com/ONSdigital/ons-template/wiki/5.7-Branch-Protection-rules)**: Ensure
+  the `main` or any other primary branch
+  is protected.
+- **[Signed Commits](https://github.com/ONSdigital/ons-template/wiki/5.8-Signed-Commits)**: Use GPG keys to sign your
+  commits.
+- **[Security Alerts](https://github.com/ONSdigital/ons-template/wiki/6.2-Security)**: Make use of Secret scanning and
+  Dependabot alerts.
+- **[PIRR](https://github.com/ONSdigital/ons-template/wiki/4.2-Private-Internal-Repository-Information)**: If not
+  public then ensure a PIRR.md is documented.
+
+## Contributing
+Please see [CONTRIBUTING.md](CONTRIBUTING.md)
+
+## What should a good README.md contain
+* Title formatted as heading one.
+* Brief Description of the Repository under said title.
+* As many badges as possible.
+* A link to a contributions page commonly called CONTRIBUTING.md.
+* Table of contents.
+* The basics, how to install or run the code within.
+* At least one diagrams or video to show how the project works.

assets/template.yml

@@ -0,0 +1,2 @@
+---
+author: ONSdigital

configs/.checkov.yaml

@@ -0,0 +1,10 @@
+---
+compact: true
+download-external-modules: false
+evaluate-variables: true
+output: cli
+quiet: true
+soft-fail: false
+skip-check:
+ - CKV2_GHA_1 # Not needed
+summary-position: bottom