Merge pull request #466 from raft-tech/release/v3.1.2-Sprint-75

Release/v3.1.2 sprint 75
HHS · Jun 27, 2023 · 591ecea · 591ecea
2 parents 6d2862a + ab09660
commit 591ecea
Show file tree

Hide file tree

Showing 65 changed files with 2,381 additions and 584 deletions.
diff --git a/.circleci/README.md b/.circleci/README.md
@@ -14,10 +14,10 @@ This script will generate a complete config for building, testing, and deploying
 ### Directory structure
 
 #### build-and-test
-Contains workflows, jobs, and commands for building and testing the application.
+Contains workflows, jobs, and commands for building and testing the application. For all development side builds, these are now triggered by GitHub Actions that serve as a filter so only the code that's changed is tested. See [build-all](../.github/workflows/build-all.yml), [build-backend](../.github/workflows/build-backend.yml), and [build-frontend](../.github/workflows/build-frontend.yml)
 
 #### infrastructure
-Contains workflows, jobs, and commands for setting up the infrastructure on Cloud gov.
+Contains workflows, jobs, and commands for setting up the infrastructure on Cloud gov. For all development side builds, this is now triggered by GitHub Actions that serve as a filter so only runs when infrastructure code is changed. See [deploy-infrastructure](../.github/workflows/deploy-infrastructure.yml)
 
 #### deployment
 Contains workflows, jobs, and commands for deploying the application on Cloud gov. Note: merges to develop now automatically trigger a develop deploy using [deploy-develop-on-merge](../.github/workflows/deploy-develop-on-merge.yml) and deploys to dev environments happen when a label is created on the PR using [deploy-on-label](../.github/workflows/deploy-on-label.yml)
@@ -71,3 +71,17 @@ You want to set the branch to be the branch you want this scan to be run on.
 You want to add a Pipeline Parameter with `run_nightly_owasp_scan`to be a boolean and set to `true`.
 
 You want Attribution set to Scheduled Actor (Scheduling System)
+
+## Updating Cloud Foundry App OS
+Cloud Foundry (CF) occasionally releases OS updates. In doing so they deprecate the previous OS and after a short time
+do not allow any apps to run/deploy on anything but the latest OS. The steps below describe how the main TDP apps are
+updated along with the secondary apps running in CF.
+
+### Frontend/Backend
+ - Before updating, make sure the current buildpacks that these apps use are supported by the latest OS. If they aren't you can update the manifest to point them to the correct buildpacks.
+ - To update the apps you can either deploy each of the environments (sandbox, raft, qasp, etc) from CircleCi or you can use the `tdrs-deploy <ENVIRONMENT>` command from `commands.sh`. Assuming the buildpacks are up to date, that is all you need to do.
+
+### Secondary apps
+ - Before you can make the update, you need to ensure you have the CF plugin that allows you to do so. Download the binary for your respective OS [HERE](https://github.com/cloudfoundry/stack-auditor/releases) and follow the installation instructions [HERE](https://docs.cloudfoundry.org/adminguide/stack-auditor.html#install).
+  - Verify the installation succeeded by running `cf audit-stack`. Note you need to be logged in and have targeted a space via `cf target -o hhs-acf-ofa -s <SPACE>`
+ - To update the remaining apps you need to run `cf change-stack <APP_NAME> <OS_NAME>` against every app that is not a frontend/backend app.
diff --git a/.circleci/base_config.yml b/.circleci/base_config.yml
@@ -21,6 +21,18 @@ executors:
     resource_class: large
 
 parameters:
+  build_and_test_all:
+    type: boolean
+    default: false
+  build_and_test_backend:
+    type: boolean
+    default: false
+  build_and_test_frontend:
+    type: boolean
+    default: false
+  deploy_infrastructure:
+    type: boolean
+    default: false
   develop_branch_deploy:
     type: boolean
     default: false
@@ -36,3 +48,9 @@ parameters:
   target_env:
     type: string
     default: ''
+  triggered:
+    type: boolean
+    default: false
+  util_make_erd:
+    type: boolean
+    default: false
diff --git a/.circleci/build-and-test/workflows.yml b/.circleci/build-and-test/workflows.yml
@@ -1,19 +1,67 @@
 # workflows:
-  build-and-test:
-    unless:
-      or:
-        - << pipeline.parameters.run_dev_deployment >>
-        - << pipeline.parameters.develop_branch_deploy >>
-        - << pipeline.parameters.run_owasp_scan >>
-        - << pipeline.parameters.run_nightly_owasp_scan >>
+  build-and-test-all:
+    when: << pipeline.parameters.build_and_test_all >>
     jobs:
       - secrets-check
+      - test-backend:
+          requires:
+            - secrets-check      
       - test-frontend:
           requires:
             - secrets-check
+      - test-e2e:
+          requires:
+            - secrets-check
+
+  ci-build-and-test-all:
+    jobs:
+      - secrets-check:
+          filters:
+            branches:
+              only:
+                - main
+                - master
+                - /^release.*/
       - test-backend:
+          filters:
+            branches:
+              only:
+                - main
+                - master
+                - /^release.*/
+          requires:
+            - secrets-check      
+      - test-frontend:
+          filters:
+            branches:
+              only:
+                - main
+                - master
+                - /^release.*/
           requires:
             - secrets-check
       - test-e2e:
+          filters:
+            branches:
+              only:
+                - main
+                - master
+                - /^release.*/
+          requires:
+            - secrets-check
+
+  build-and-test-backend:
+    when: << pipeline.parameters.build_and_test_backend >>
+    jobs:
+      - secrets-check
+      - test-backend:
+          requires:
+            - secrets-check
+
+  build-and-test-frontend:
+    when: << pipeline.parameters.build_and_test_frontend >>
+    jobs:
+      - secrets-check
+      - test-frontend:
           requires:
             - secrets-check
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -13,6 +13,18 @@ orbs:
 
 # parameters from github actions
 parameters:
+  build_and_test_all:
+    type: boolean
+    default: false
+  build_and_test_backend:
+    type: boolean
+    default: false
+  build_and_test_frontend:
+    type: boolean
+    default: false
+  deploy_infrastructure:
+    type: boolean
+    default: false
   develop_branch_deploy:
     type: boolean
     default: false
@@ -28,6 +40,12 @@ parameters:
   target_env:
     type: string
     default: ''
+  triggered:
+    type: boolean
+    default: false
+  util_make_erd:
+    type: boolean
+    default: false
 
 jobs:
   setup:
@@ -45,6 +63,23 @@ jobs:
 
 # our single workflow, that triggers the setup job defined above
 workflows:
-  setup:
+  github-triggered-setup:
+    when: << pipeline.parameters.triggered >>
+    jobs:
+      - setup:
+          filters:
+            branches:
+              ignore:
+                - main
+                - master
+                - /^release.*/
+  circle-ci-setup:
     jobs:
-      - setup
+      - setup:
+          filters:
+            branches:
+              only:
+                - main
+                - master
+                - /^release.*/      
+
diff --git a/.circleci/deployment/commands.yml b/.circleci/deployment/commands.yml
@@ -110,10 +110,10 @@
         default: tdp-frontend
         type: string
 # So the frontend knows what space its in for the banner.
-# I am unclear if the domain is a reliable metric to make this function 
+# I am unclear if the domain is a reliable metric to make this function
 # It seems like it might not be working
       cf-space:
-        default: dev 
+        default: dev
         type: string
     steps:
       - install-nodejs:

diff --git a/.circleci/deployment/jobs.yml b/.circleci/deployment/jobs.yml
@@ -20,7 +20,7 @@
           cf-password: CF_PASSWORD_STAGING
           cf-space: tanf-staging
           cf-username: CF_USERNAME_STAGING
-  
+
   deploy-develop:
     executor: docker-executor
     working_directory: ~/tdp-deploy
@@ -43,7 +43,7 @@
           app-dir: tdrs-frontend
       - run:
           name: Run Cypress e2e tests
-          command: cd tdrs-frontend; npm run test:e2e-ci -- --config baseUrl="https://tdp-frontend-develop.acf.hhs.gov" --env cypressToken=$CYPRESS_TOKEN,apiUrl="https://tdp-frontend-develop.acf.hhs.gov/v1"
+          command: cd tdrs-frontend; npm run test:e2e-ci -- --config baseUrl="https://tdp-frontend-develop.acf.hhs.gov" --env cypressToken=$CYPRESS_TOKEN,apiUrl="https://tdp-frontend-develop.acf.hhs.gov/v1",adminUrl="https://tdp-frontend-develop.acf.hhs.gov/admin"
       - store_artifacts:
           path: tdrs-frontend/cypress/screenshots/
       - store_artifacts:

diff --git a/.circleci/deployment/workflows.yml b/.circleci/deployment/workflows.yml
@@ -11,7 +11,7 @@
             - deploy-infrastructure-dev
 
   staging-deployment:
-    unless: 
+    unless:
       or:
         - << pipeline.parameters.run_dev_deployment >>
         - << pipeline.parameters.run_nightly_owasp_scan >>
@@ -71,3 +71,4 @@
             branches:
               only:
                 - master
+
diff --git a/.circleci/infrastructure/workflows.yml b/.circleci/infrastructure/workflows.yml
@@ -1,6 +1,10 @@
-#workflows:
+#workflows: 
   enable-versioning-for-s3-buckets:
-    unless: << pipeline.parameters.run_nightly_owasp_scan >>
+    when: 
+      or:
+        - << pipeline.parameters.deploy_infrastructure >>
+        - equal: [ 'main', << pipeline.git.branch >> ]
+        - equal: [ 'master', << pipeline.git.branch >> ]
     jobs:
       - enable-versioning:
           filters:

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -16,15 +16,15 @@ cd tdrs-backend && docker-compose -f docker-compose.yml -f docker-compose.local.
 > *Demo GIF(s) and screenshots for testing procedure*
 
 ## Deliverables
-_More details on how deliverables herein are assessed included [here](../docs/How-We-Work/our-priorities-values-expectations.md#Deliverables)._
+_More details on how deliverables herein are assessed included [here](https://github.com/raft-tech/TANF-app/blob/develop/docs/How-We-Work/our-priorities-values-expectations.md#Deliverables)._
 
-### [Deliverable 1: Accepted Features](../docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-1-Accepted-Features)
+### [Deliverable 1: Accepted Features](https://github.com/raft-tech/TANF-app/blob/develop/docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-1-Accepted-Features)
 
 Checklist of ACs:
 + [ ] [**_insert ACs here_**]
 + [ ] **`lfrohlich`** and/or **`adpennington`**  confirmed that ACs are met.
 
-### [Deliverable 2: Tested Code](../docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-2-Tested-Code)
+### [Deliverable 2: Tested Code](https://github.com/raft-tech/TANF-app/blob/develop/docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-2-Tested-Code)
 
 + Are all areas of code introduced in this PR meaningfully tested?
   + [ ] If this PR introduces backend code changes, are they meaningfully tested?
@@ -33,39 +33,39 @@ Checklist of ACs:
   + [ ] Frontend coverage: [_insert coverage %_] (see `CodeCov Report` comment in PR)
   + [ ] Backend coverage: [_insert coverage %_] (see `CodeCov Report` comment in PR)
 
-### [Deliverable 3: Properly Styled Code](../docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-3-Properly-Styled-Code)
+### [Deliverable 3: Properly Styled Code](https://github.com/raft-tech/TANF-app/blob/develop/docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-3-Properly-Styled-Code)
 
 + [ ] Are backend code style checks passing on CircleCI?
 + [ ] Are frontend code style checks passing on CircleCI?
 + [ ] Are code maintainability principles being followed?
 
-### [Deliverable 4: Accessible](../docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-4-Accessibility)
+### [Deliverable 4: Accessible](https://github.com/raft-tech/TANF-app/blob/develop/docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-4-Accessibility)
 
 + [ ] Does this PR complete the epic? 
 + [ ] Are links included to any other gov-approved PRs associated with epic?
 + [ ] Does PR include documentation for Raft's a11y review? 
 + [ ] Did automated and manual testing with `iamjolly` and `ttran-hub` using Accessibility Insights reveal any errors introduced in this PR?
 
 
-### [Deliverable 5: Deployed](../docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-5-Deployed)
+### [Deliverable 5: Deployed](https://github.com/raft-tech/TANF-app/blob/develop/docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-5-Deployed)
 
 + [ ] Was the code successfully deployed via automated CircleCI process to development on Cloud.gov?
 
-### [Deliverable 6: Documented](../docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-6-Code-documentation)
+### [Deliverable 6: Documented](https://github.com/raft-tech/TANF-app/blob/develop/docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-6-Code-documentation)
 
 + [ ] Does this PR provide background for why coding decisions were made?
 + [ ] If this PR introduces backend code, is that code easy to understand and sufficiently documented, both inline and overall?
 + [ ] If this PR introduces frontend code, is that code easy to understand and sufficiently documented, both inline and overall?
 + [ ] If this PR introduces dependencies, are their licenses documented?
 + [ ] Can reviewer explain and take ownership of these elements presented in this code review?
 
-### [Deliverable 7: Secure](../docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-7-Secure)
+### [Deliverable 7: Secure](https://github.com/raft-tech/TANF-app/blob/develop/docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-7-Secure)
 
 + [ ] Does the OWASP Scan pass on CircleCI?
 + [ ] Do manual code review and manual testing detect any new security issues?
 + [ ] If new issues detected, is investigation and/or remediation plan documented? 
 
-### [Deliverable 8: User Research](../docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-8-User-Research)
+### [Deliverable 8: User Research](https://github.com/raft-tech/TANF-app/blob/develop/docs/How-We-Work/our-priorities-values-expectations.md#Deliverable-8-User-Research)
 
 Research product(s) clearly articulate(s):
 + [ ] the purpose of the research

diff --git a/.github/workflows/build-all.yml b/.github/workflows/build-all.yml
@@ -0,0 +1,58 @@
+########################################################################### 
+# GitHub Action Workflow
+# On changes to scripts or changes to the pipeline code to any branch
+# besides develop, staging and master triggers the full build and test
+# pipeline.
+# 
+# NOTE: develop, staging(main) and master are skipped on the push because this
+#       would be redundant after running the full set of tests from the PR.
+#       See build-pr.yml for builds that run on code being merged into develop.
+#       See deploy-develop-on-merge.yml and make_erd for the workflow
+#       pipelines that run on merge to develop, staging, and master branches.
+#       HHS (main and master and release/**) branches build all only
+#       and are managed in CircleCI
+#
+# Step 0: Make changes on your branch to files in scripts/ .circleci or .github
+#         and push changes to your remote branch.
+#
+# Step 1: Makes a request to the V2 CircleCI API to initiate the project,
+#         which will filter based upon build_and_test_backend and 
+#         build_and_test_frontend to run the workflow/jobs listed here:
+#           build-and-test:[
+#             test-backend,
+#             test-frontend,
+#             test-e2e
+#           ]
+#
+#         Leverages the open source GitHub Action:
+#           https://github.com/promiseofcake/circleci-trigger-action
+###########################################################################
+name: Build and test All on push when scripts/commands change
+on:
+  push:
+    branches-ignore:
+      - develop
+      - main
+      - master
+      - 'release/**'
+    paths:
+      - 'scripts/**'
+      - '.circleci/**'
+      - '.github/**'
+jobs:
+  build_and_test_all:
+    runs-on: ubuntu-latest
+    name: Initiate deploy job in CircleCI
+    steps:
+      - uses: actions/checkout@v2
+      - name: Circle CI Deployment Trigger
+        id: curl-circle-ci
+        uses: promiseofcake/circleci-trigger-action@v1
+        with:
+          user-token: ${{ secrets.CIRCLE_CI_V2_TOKEN }}
+          project-slug: ${{ github.repository }}
+          branch: ${{ (github.event_name == 'pull_request') && github.head_ref || github.ref_name }}
+          payload: '{
+            "build_and_test_all": true,
+            "triggered": true
+          }'