acteng · Sparrow0hawk · Jun 2, 2026 · Jun 2, 2026 · Jun 3, 2026 · Jun 8, 2026
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,105 @@
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+permissions:
+  contents: read
+
+env:
+  VITE_MAPTILER_API_KEY: '${{ secrets.MAPTILER_API_KEY }}'
+  IMAGE_PROJECT: dft-rlg-atip-dev
+  IMAGE_LOCATION: europe-west1
+  IMAGE_REPOSITORY_ID: docker
+  IMAGE_NAME: plan
+
+jobs:
+  build:
+    timeout-minutes: 60
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v6
+
+    - uses: actions/setup-node@v6
+      with:
+        node-version: 22.x
+        cache: 'npm'
+
+    - name: Install wasm-pack
+      uses: jetli/[email protected]
+
+    - name: Install dependencies
+      run: npm ci
+
+    - name: Setup GOV.UK
+      run: npm run setup-govuk
+
+    - name: Install Playwright Browsers
+      run: npx playwright install --with-deps
+
+    - name: Run type-checker
+      run: npm run check
+
+    - name: Run Playwright tests
+      run: npm test
+
+    - name: Upload test results
+      run: npx github-actions-ctrf ctrf/ctrf-report.json
+      if: always()
+
+    - name: Upload test results for historical report
+      uses: actions/upload-artifact@v4
+      with:
+        name: ctrf-report
+        path: ctrf/ctrf-report.json
+      if: always()
+
+    - name: Build svelte app
+      run: npm run build
+
+    - id: auth
+      name: Authenticate with Google Cloud
+      uses: google-github-actions/auth@v3
+      with:
+        token_format: access_token
+        credentials_json: '${{ secrets.GCP_CREDENTIALS_PUSH }}'
+
+    - name: Login to Docker repository
+      uses: docker/login-action@v4
+      with:
+        registry: ${{ env.IMAGE_LOCATION }}-docker.pkg.dev
+        username: oauth2accesstoken
+        password: ${{ steps.auth.outputs.access_token }}
+
+    - id: meta
+      name: Extract metadata
+      uses: docker/metadata-action@v6
+      with:
+        images: ${{ env.IMAGE_LOCATION }}-docker.pkg.dev/${{ env.IMAGE_PROJECT }}/${{ env.IMAGE_REPOSITORY_ID }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=semver,pattern={{version}}
+          type=ref,event=branch,enable={{is_not_default_branch}}
+          type=ref,event=pr,enable={{is_not_default_branch}}
+          type=raw,value=latest,enable={{is_default_branch}}
+
+    - name: Build and push image
+      uses: docker/build-push-action@v7
+      with:
+        context: .
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        push: true
+
+  deploy:
+    needs: build
+    uses: ./.github/workflows/deploy.yml
+    with:
+      environment: Dev
+      tag: ${{ needs.build.outputs.version }}
+    # only run deploy for CI runs on main
+    if: github.event_name != 'pull_request'
+    secrets:
+      GCP_CREDENTIALS_DEPLOY: ${{ secrets.GCP_CREDENTIALS_DEPLOY }}
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,61 @@
+name: Deploy
+run-name: 'Deploy ${{ inputs.tag }} to ${{ inputs.environment }}'
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        description: Environment
+        type: string
+        required: true
+
+      tag:
+        description: Docker image tag
+        type: string
+        required: true
+
+    secrets:
+      GCP_CREDENTIALS_DEPLOY:
+        required: true
+
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: Environment
+        type: environment
+        required: true
+
+      tag:
+        description: Docker image tag
+        type: string
+        required: true
+        default: latest
+
+permissions:
+  contents: read
+
+env:
+  IMAGE_PROJECT: dft-rlg-atip-dev
+  IMAGE_LOCATION: europe-west1
+  IMAGE_REPOSITORY_ID: docker
+  IMAGE_NAME: plan
+  SERVICE_LOCATION: europe-west1
+  SERVICE_NAME: plan
+
+jobs:
+
+  deploy:
+    runs-on: ubuntu-24.04
+    environment: ${{ inputs.environment }}
+    steps:
+      - name: Authenticate with Google Cloud
+        uses: google-github-actions/auth@v3
+        with:
+          credentials_json: '${{ secrets.GCP_CREDENTIALS_DEPLOY }}'
+
+      - name: Deploy image
+        uses: google-github-actions/deploy-cloudrun@v3
+        with:
+          service: ${{ env.SERVICE_NAME }}
+          image: ${{ env.IMAGE_LOCATION }}-docker.pkg.dev/${{ env.IMAGE_PROJECT }}/${{ env.IMAGE_REPOSITORY_ID }}/${{ env.IMAGE_NAME }}:${{ inputs.tag }}
+          region: ${{ env.SERVICE_LOCATION }}
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
diff --git a/.gitignore b/.gitignore
@@ -20,3 +20,7 @@ ctrf
 
 # playwright
 test-results
+
+# terraform
+.terraform/
+/cloud/browse/tf-backend/terraform.tfstate*
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,12 @@
+FROM node:22-slim
+
+ENV PORT=8080
+
+WORKDIR /usr/src/app
+COPY backend .
+
+RUN npm install --production
+
+USER node
+
+CMD [ "sh", "-c", "npm start" ]
diff --git a/README.md b/README.md
@@ -86,6 +86,50 @@ You can also configure the application locally by setting the following environm
 
 1. Open http://localhost:8080
 
+## Running locally using Docker
+
+To run the server as a container:
+
+1. Build the svelte app
+
+   ```bash
+   npm install && npm run build
+   ```
+
+2. Copy over the built svelte app
+
+   ```bash
+   cp -r dist backend/
+   ```
+
+1. Build the Docker image
+
+   ```bash
+   docker build -t plan .
+   ```
+
+1. Authenticate with Google
+
+   ```bash
+   gcloud auth application-default login
+   ```
+
+1. Run the Docker image
+
+   ```bash
+   ADC=~/.config/gcloud/application_default_credentials.json
+
+   docker run --rm -it \
+     -e GCS_BUCKET=dft-rlg-atip-dev \
+     -e USE_IAP=false \
+     -e GOOGLE_APPLICATION_CREDENTIALS=/tmp/keys/google_credentials.json \
+     -v ${ADC}:/tmp/keys/google_credentials.json:ro \
+     -p 8080:8080 \
+      plan
+   ```
+
+1. Open http://127.0.0.1:8080
+
 
 ### Developing with Vite
 

diff --git a/cloud/browse/README.md b/cloud/browse/README.md
@@ -0,0 +1,16 @@
+# Cloud infrastructure
+
+This service is hosted on [Google Cloud Platform](https://console.cloud.google.com/).
+
+## Prerequisites
+
+1. Install [Google Cloud CLI](https://cloud.google.com/sdk/docs/install)
+
+## Provisioning
+
+To provision the cloud infrastructure:
+
+1. Provision the [Terraform backend](tf-backend/README.md)
+2. Provision the [Docker repository](docker-repository/README.md)
+3. Provision the [storage bucket](storage-bucket/README.md)
+4. Provision the [service](service/README.md)
diff --git a/cloud/browse/docker-repository/.terraform.lock.hcl b/cloud/browse/docker-repository/.terraform.lock.hcl