CCM-16446 wagtail poc

.devcontainer/devcontainer.json

@@ -1,7 +1,11 @@
 {
   "customizations": {
     "codespaces": {
-      "openFiles": ["README.md", ".github/SECURITY.md", "docs/pages/index.md"]
+      "openFiles": [
+        "README.md",
+        ".github/SECURITY.md",
+        "docs/pages/index.md"
+      ]
     },
     "vscode": {
       "extensions": [
@@ -55,8 +59,12 @@
       }
     }
   },
-  "forwardPorts": [4000],
+  "forwardPorts": [
+    4000
+  ],
   "image": "ghcr.io/nhsdigital/nhs-notify-template-repository:latest",
   "name": "Jekyll",
-  "runArgs": ["--platform=linux/amd64"]
+  "runArgs": [
+    "--platform=linux/amd64"
+  ]
 }

.gitignore

@@ -12,3 +12,13 @@ version.json
 
 # Please, add your custom content below!
 .reports
+# dependencies
+node_modules
+.node-version
+*/node_modules
+/.pnp
+.pnp.js
+/build
+dist
+.DS_Store
+.reports

.tool-versions

@@ -7,6 +7,7 @@ vale 3.14.1
 python 3.13.2
 
 # ==============================================================================
+
 # The section below is reserved for Docker image versions.
 
 # TODO: Move this section - consider using a different file for the repository template dependencies.
@@ -15,6 +16,7 @@ python 3.13.2
 # docker/ghcr.io/gitleaks/gitleaks v8.30.0@sha256:691af3c7c5a48b16f187ce3446d5f194838f91238f27270ed36eef6359a574d9 # SEE: https://github.com/gitleaks/gitleaks/pkgs/container/gitleaks
 # docker/ghcr.io/igorshubovych/markdownlint-cli v0.48.0@sha256:c97f19b52cf7371ff767c080e3e15c15f1cbd3336fc41aeca7a93bb2cdb9843c # SEE: https://github.com/igorshubovych/markdownlint-cli/pkgs/container/markdownlint-cli
 # docker/ghcr.io/make-ops-tools/gocloc latest@sha256:6888e62e9ae693c4ebcfed9f1d86c70fd083868acb8815fe44b561b9a73b5032 # SEE: https://github.com/make-ops-tools/gocloc/pkgs/container/gocloc
+
 # docker/ghcr.io/nhs-england-tools/github-runner-image 20230909-321fd1e-rt@sha256:ce4fd6035dc450a50d3cbafb4986d60e77cb49a71ab60a053bb1b9518139a646 # SEE: https://github.com/nhs-england-tools/github-runner-image/pkgs/container/github-runner-image
 # docker/hadolint/hadolint 2.14.0-alpine@sha256:7aba693c1442eb31c0b015c129697cb3b6cb7da589d85c7562f9deb435a6657c # SEE: https://hub.docker.com/r/hadolint/hadolint/tags
 # docker/hashicorp/terraform 1.14.8@sha256:42ecfb253183ec823646dd7859c5652039669409b44daa72abf57112e622849a # SEE: https://hub.docker.com/r/hashicorp/terraform/tags

containers/wagtail/.dockerignore

@@ -0,0 +1,68 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Django
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+/media
+# /static - commented out to allow source static files (NHS.UK Frontend, fonts, etc.)
+*.pot
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+.pytest_cache/
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# IDEs
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+
+# Project specific
+README.md
+docker-compose.yml
+.dockerignore
+.git/
+.gitignore

containers/wagtail/.env.example

@@ -0,0 +1,29 @@
+# Django Configuration
+DJANGO_SETTINGS_MODULE=config.settings.development
+DJANGO_SECRET_KEY=local-dev-secret-key-change-in-production
+DEBUG=true
+ALLOWED_HOSTS=localhost,127.0.0.1,wagtail
+
+# Database Configuration
+DATABASE_NAME=wagtail
+DATABASE_USER=wagtail
+DATABASE_PASSWORD=wagtail-dev-password
+DATABASE_HOST=postgres
+DATABASE_PORT=5432
+DATABASE_SSLMODE=disable
+
+# Redis Configuration
+REDIS_HOST=redis
+REDIS_PORT=6379
+REDIS_AUTH_TOKEN=redis-dev-password
+REDIS_SSL=false
+
+# AWS S3 Configuration (optional for local dev)
+AWS_STORAGE_BUCKET_NAME=
+AWS_S3_REGION_NAME=eu-west-2
+
+# Wagtail Configuration
+WAGTAILADMIN_BASE_URL=http://localhost:8080
+
+# Logging
+DJANGO_LOG_LEVEL=DEBUG

containers/wagtail/.gitignore

@@ -0,0 +1,31 @@
+# Local environment
+.env
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+*.pyc
+
+# Django
+*.log
+db.sqlite3
+db.sqlite3-journal
+/media
+/staticfiles
+
+# Local development
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+tmp/
+
+# Node.js
+node_modules/
+static/dist/
+static/nhsuk/

containers/wagtail/Dockerfile

@@ -0,0 +1,61 @@
+ARG BASE_IMAGE
+
+FROM ${BASE_IMAGE}
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    curl \
+    build-essential \
+    libpq-dev \
+    # Node.js for NHS.UK Frontend build
+    ca-certificates \
+    gnupg \
+    && mkdir -p /etc/apt/keyrings \
+    && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
+    && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list \
+    && apt-get update \
+    && apt-get install -y nodejs \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create non-root user
+RUN useradd -m -u 1000 wagtail && \
+    mkdir -p /app && \
+    chown -R wagtail:wagtail /app
+
+WORKDIR /app
+
+# Set default environment variables
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    DJANGO_SETTINGS_MODULE=cms.settings.production \
+    PORT=8080
+
+# Create static directory
+RUN mkdir -p /app/static
+
+# Build NHS.UK Frontend static assets
+COPY package.json package-lock.json* ./
+RUN npm install && npm run build:static
+
+# Install Python dependencies
+COPY requirements.txt .
+RUN pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir -r requirements.txt
+
+# Copy application code
+COPY --chown=wagtail:wagtail . .
+
+# Note: collectstatic is run in the CMD on container startup to avoid permission issues
+# RUN SECRET_KEY=none python manage.py collectstatic --noinput --clear
+
+USER wagtail
+
+EXPOSE 8080
+
+# Run Django migrations and start gunicorn
+# Note: For production, migrations should be run separately, but for PoC this is acceptable
+CMD set -xe; \
+    python manage.py collectstatic --noinput; \
+    python manage.py migrate --noinput; \
+    python manage.py setup_homepage; \
+    gunicorn cms.wsgi:application --bind 0.0.0.0:8080 --workers 2 --timeout 60 --access-logfile - --error-logfile -