Skip to content

Commit

Permalink
Merge branch 'develop' into 2217-only-view-submission-needed
Browse files Browse the repository at this point in the history
  • Loading branch information
ADPennington authored Dec 6, 2024
2 parents 1ddf0b1 + cb403d4 commit 8054e47
Show file tree
Hide file tree
Showing 28 changed files with 384 additions and 255 deletions.
22 changes: 3 additions & 19 deletions .circleci/deployment/commands.yml
Original file line number Diff line number Diff line change
Expand Up @@ -226,15 +226,8 @@
default: CF_APP
steps:
- checkout
- run:
name: Install dependencies
command: |
apk update
apk add jq
apk add curl
# TODO: Add Signature check
curl -L "https://packages.cloudfoundry.org/stable?release=linux64-binary&version=v7&source=github" | tar -zx
mv cf7 /usr/local/bin/cf
- sudo-check
- cf-check
- login-cloud-dot-gov:
cf-password: <<parameters.cf-password>>
cf-username: <<parameters.cf-username>>
Expand Down Expand Up @@ -285,16 +278,7 @@
type: string
steps:
- checkout
- run:
name: Install dependencies
command: |
sudo apt update
sudo apt install jq
sudo apt install curl
# TODO: Add Signature check
curl -L "https://packages.cloudfoundry.org/stable?release=linux64-binary&version=v7&source=github" | tar -zx
sudo mv cf7 /usr/local/bin/cf
sudo chmod +x /usr/local/bin/cf
- cf-check
- login-cloud-dot-gov:
cf-password: <<parameters.cf-password>>
cf-username: <<parameters.cf-username>>
Expand Down
15 changes: 9 additions & 6 deletions .gitconfig
Original file line number Diff line number Diff line change
@@ -1,17 +1,20 @@
[secrets]
providers = git secrets --aws-provider
patterns = (A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
patterns = (\"|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)(\"|')?\\s*(:|=>|=)\\s*(\"|')?[A-Za-z0-9/\\+=]{40}(\"|')?
patterns = (\"|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?(\"|')?\\s*(:|=>|=)\\s*(\"|')?[0-9]{4}\\-?[0-9]{4}\\-?[0-9]{4}(\"|')?
patterns = .+_KEY=.+
allowed = [A-Z]+_KEY=..echo \".{S3_CREDENTIALS}\" [|] jq -r .+
allowed = ./tdrs-backend/.env.example:.*
allowed = ./tdrs-backend/docker-compose.yml:57:.*
allowed = ./tdrs-backend/manifest.proxy.yml:*

allowed = ./tdrs-frontend/node_modules*
allowed = regexes.json:.*
allowed = ./scripts/copy-login-gov-keypair.sh:14:JWT_KEY=.*
allowed = scripts/deploy-backend.sh:.+:DJANGO_SECRET_KEY=..python -c .from secrets import token_urlsafe. print.token_urlsafe..*
allowed = .git/config:.*
allowed = .gitconfig:.*
allowed = .*DJANGO_SECRET_KEY=.*
allowed = .*DJANGO_SECRET_KEY=.* #this is auto-generated in deployed environments
allowed = ./tdrs-backend/manifest.proxy.yml:*
allowed = ./tdrs-backend/plg/loki/manifest.yml:*
patterns = (A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
patterns = (\"|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)(\"|')?\\s*(:|=>|=)\\s*(\"|')?[A-Za-z0-9/\\+=]{40}(\"|')?
patterns = (\"|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?(\"|')?\\s*(:|=>|=)\\s*(\"|')?[0-9]{4}\\-?[0-9]{4}\\-?[0-9]{4}(\"|')?
patterns = .+_KEY=.+
patterns = .+smtp_auth_password: .[^{]+
4 changes: 4 additions & 0 deletions .githooks/pre-commit
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/bin/bash
set -e

zsh ./scripts/git-secrets-check.sh local
14 changes: 14 additions & 0 deletions .githooks/pre-push
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/bin/bash
set -e

task frontend-lint 2>/dev/null
if [ $? != "0" ]; then
echo "Frontend lint failed"
exit 1
fi

task backend-lint 2>/dev/null
if [ $? != "0" ]; then
echo "Backend lint failed"
exit 1
fi
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ assignees: ''
- [ ] Documentation work for the following has occurred:
- [ ] Relevant User stories.
- [ ] Recommended pa11y checks.
- [ ] Updating living UX documents, e.g. User Flows or Personas(if relevant).
- [ ] Updating living UX documents, e.g. User Flows, Personas, [Service Blueprint](https://www.figma.com/design/irgQPLTrajxCXNiYBTEnMV/TDP-Mockups-For-Feedback?node-id=9080-4762) (if relevant).
- [ ] Internal Raft Review has occurred to ensure DoD standards and QA
- [ ] Dev/Design sync has occurred; resulting tickets created
- [ ] The design is usable and accessible, meaning it adheres to definition of done standards for design work.
Expand Down
5 changes: 3 additions & 2 deletions .github/ISSUE_TEMPLATE/research-synthesis-issue-template.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@ assignees: ''

**AC:**

- [ ] A hack.md with the drafted synthesis has been reviewed.
- [ ] A Gitbook with the drafted synthesis has been reviewed.
- [ ] [TDP Service Blueprint](https://www.figma.com/design/irgQPLTrajxCXNiYBTEnMV/TDP-Mockups-For-Feedback?node-id=9080-4762) has been updated, as appplicable
- [ ] PR has been opened containing the final draft of the synthesis.
- [ ] Internal Raft Review has occurred to ensure DoD standards and QA
- [ ] The content is usable and accessible, meaning it adheres to definition of done standards for design work.
Expand All @@ -35,4 +36,4 @@ assignees: ''

**Supporting Documentation:**

- --Link to hack.md--
- --Link to the gitbook page--
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Temporary Assistance for Needy Families (TANF) Data Portal - TDP
# Temporary Assistance for Needy Families (TANF) Data Portal - TDP

Welcome to the project for the New TANF Data Portal, which will replace the legacy TANF Data Reporting System!

Expand Down
83 changes: 44 additions & 39 deletions Taskfile.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@ version: '3'

tasks:

gitcfg:
desc: Configure git
cmds:
- git config core.hooksPath .githooks

create-network:
desc: Create the external network
cmds:
Expand All @@ -12,10 +17,10 @@ tasks:
dir: tdrs-backend
cmds:
- task: create-network
- docker-compose -f docker-compose.yml up -d --build
- docker-compose -f docker-compose.yml exec web sh -c "python ./manage.py makemigrations"
- docker-compose -f docker-compose.yml exec web sh -c "python ./manage.py migrate"
- docker-compose -f docker-compose.yml down
- docker compose -f docker-compose.yml up -d --build
- docker compose -f docker-compose.yml exec web sh -c "python ./manage.py makemigrations"
- docker compose -f docker-compose.yml exec web sh -c "python ./manage.py migrate"
- docker compose -f docker-compose.yml down
- task: sentry-down

clone-sentry-repo:
Expand Down Expand Up @@ -43,7 +48,7 @@ tasks:
- docker cp .env sentry:/self-hosted/.env
- docker exec sentry bash -c "cd self-hosted && ./install.sh --skip-user-creation --no-report-self-hosted-issues"
# create a new user
- docker exec sentry bash -c "cd self-hosted && docker-compose run --rm web createuser --email [email protected] --password admin --superuser"
- docker exec sentry bash -c "cd self-hosted && docker compose run --rm web createuser --email [email protected] --password admin --superuser"
# copy backup.json file to sentry
- docker cp backup.json sentry:/self-hosted/sentry/backup.json
# restore backup
Expand All @@ -58,73 +63,73 @@ tasks:
desc: Start sentry service
dir: sentry
cmds:
- docker exec sentry bash -c "cd self-hosted && docker-compose up -d"
- docker exec sentry bash -c "cd self-hosted && docker compose up -d"

sentry-down:
desc: Stop sentry service
dir: sentry
cmds:
- docker exec sentry bash -c "cd self-hosted && docker-compose down"
- docker exec sentry bash -c "cd self-hosted && docker compose down"

drop-db:
desc: Drop the backend database
dir: tdrs-backend
cmds:
- docker-compose -f docker-compose.yml down
- docker compose -f docker-compose.yml down
- docker volume rm tdrs-backend_postgres_data

backend-up:
desc: Start backend web server
dir: tdrs-backend
cmds:
- docker-compose -f docker-compose.yml up -d
- docker compose -f docker-compose.yml up -d

backend-down:
desc: Stop backend web server
dir: tdrs-backend
cmds:
- docker-compose -f docker-compose.yml down
- docker compose -f docker-compose.yml down

backend-logs:
desc: Show and follow backend web server logs
dir: tdrs-backend
cmds:
- docker-compose -f docker-compose.yml logs -f
- docker compose -f docker-compose.yml logs -f

backend-restart:
desc: Restart backend web server
dir: tdrs-backend
cmds:
- docker-compose -f docker-compose.yml restart
- docker compose -f docker-compose.yml restart

backend-bash:
desc: Open a shell in the backend container
dir: tdrs-backend
cmds:
- docker-compose -f docker-compose.yml exec web sh
- docker compose -f docker-compose.yml exec web sh

backend-shell:
desc: Open a Django shell in the backend container
dir: tdrs-backend
cmds:
- docker-compose -f docker-compose.yml exec web sh -c "python ./manage.py shell"
- docker compose -f docker-compose.yml exec web sh -c "python ./manage.py shell"

backend-exec:
desc: Execute a command in the backend container
dir: tdrs-backend
vars:
CMD: '{{.CMD}}'
cmds:
- docker-compose -f docker-compose.yml exec web sh -c "python manage.py {{.CMD}}"
- docker compose -f docker-compose.yml exec web sh -c "python manage.py {{.CMD}}"

backend-exec-seed-db:
desc: Execute seed_db command in the backend container
dir: tdrs-backend
vars:
CMD: '{{.CMD}}'
cmds:
- docker-compose -f docker-compose.yml up -d
- docker-compose -f docker-compose.yml exec web sh -c "python manage.py populate_stts; python ./manage.py seed_db"
- docker compose -f docker-compose.yml up -d
- docker compose -f docker-compose.yml exec web sh -c "python manage.py populate_stts; python ./manage.py seed_db"

backend-pytest:
desc: 'Run pytest in the backend container E.g: task backend-pytest PYTEST_ARGS="tdpservice/test/ -s -vv"'
Expand All @@ -133,37 +138,37 @@ tasks:
PYTEST_ARGS: '{{.PYTEST_ARGS | default "."}}'
cmds:
- task backend-up
- docker-compose -f docker-compose.yml exec web sh -c "pytest {{.PYTEST_ARGS}}"
- docker compose -f docker-compose.yml exec web sh -c "pytest {{.PYTEST_ARGS}}"

backend-remove-volumes:
desc: Remove the backend volumes
dir: tdrs-backend
cmds:
- docker-compose -f docker-compose.yml down -v
- docker compose -f docker-compose.yml down -v

backend-lint:
desc: Run flake8 in the backend container
dir: tdrs-backend
cmds:
- task backend-up
- docker-compose -f docker-compose.yml exec web sh -c "flake8 . && if [ $? -eq 0 ]; then echo 'Flake8 linter found no issues'; fi"
- docker compose -f docker-compose.yml exec -T web sh -c "flake8 . && if [ $? -eq 0 ]; then echo 'Flake8 linter found no issues'; fi"

backend-pip-lock:
#TODO: Add a task to lock the pip dependencies
desc: Lock the pip dependencies
dir: tdrs-backend
cmds:
- task: backend-up
- docker-compose -f docker-compose.yml exec web sh -c "pipenv lock"
- docker compose -f docker-compose.yml exec web sh -c "pipenv lock"

psql:
desc: Open a psql shell in the backend container
dir: tdrs-backend
cmds:
- task create-network || true
- docker-compose -f docker-compose.yml up -d postgres
- docker compose -f docker-compose.yml up -d postgres
- sleep 5
- docker-compose -f docker-compose.yml exec postgres sh -c "psql -U tdpuser -d tdrs_test"
- docker compose -f docker-compose.yml exec postgres sh -c "psql -U tdpuser -d tdrs_test"

clean:
desc: Remove all containers, networks, and volumes
Expand All @@ -177,25 +182,25 @@ tasks:
desc: Start clamav service
dir: tdrs-backend
cmds:
- docker-compose -f docker-compose.yml up -d clamav-rest
- docker compose -f docker-compose.yml up -d clamav-rest

frontend-up:
desc: Start frontend web server
dir: tdrs-frontend
cmds:
- docker-compose -f docker-compose.yml up -d
- docker compose -f docker-compose.yml up -d

frontend-down:
desc: Stop frontend web server
dir: tdrs-frontend
cmds:
- docker-compose -f docker-compose.yml down
- docker compose -f docker-compose.yml down

frontend-restart:
desc: Restart frontend web server
dir: tdrs-frontend
cmds:
- docker-compose -f docker-compose.yml restart
- docker compose -f docker-compose.yml restart

frontend-av:
desc: Start frontend with optional clamav service
Expand All @@ -210,43 +215,43 @@ tasks:
desc: Initialize the frontend project
dir: tdrs-frontend
cmds:
- docker-compose -f docker-compose.yml up -d --build
- docker-compose -f docker-compose.yml exec tdp-frontend sh -c "apk add nodejs npm"
- docker-compose -f docker-compose.yml exec tdp-frontend sh -c "npm install"
- docker-compose -f docker-compose.yml down
- docker compose -f docker-compose.yml up -d --build
- docker compose -f docker-compose.yml exec tdp-frontend sh -c "apk add nodejs npm"
- docker compose -f docker-compose.yml exec tdp-frontend sh -c "npm install"
- docker compose -f docker-compose.yml down

frontend-test:
desc: Run frontend tests
dir: tdrs-frontend
cmds:
- docker-compose -f docker-compose.local.yml up tdp-frontend-test -d
- docker-compose -f docker-compose.local.yml exec tdp-frontend-test sh -c "npm run test"
- docker compose -f docker-compose.local.yml up tdp-frontend-test -d
- docker compose -f docker-compose.local.yml exec tdp-frontend-test sh -c "npm run test"

frontend-test-cov:
desc: Run frontend tests with coverage
dir: tdrs-frontend
cmds:
- docker-compose -f docker-compose.local.yml up tdp-frontend-test -d
- docker-compose -f docker-compose.local.yml exec tdp-frontend-test sh -c "npm run test:cov"
- docker compose -f docker-compose.local.yml up tdp-frontend-test -d
- docker compose -f docker-compose.local.yml exec tdp-frontend-test sh -c "npm run test:cov"

frontend-lint:
desc: Run eslint in the frontend container
dir: tdrs-frontend
cmds:
- docker-compose -f docker-compose.local.yml up -d tdp-frontend-test --quiet-pull
- docker-compose -f docker-compose.yml exec tdp-frontend-test sh -c "npm run lint"
- docker compose -f docker-compose.local.yml up -d tdp-frontend-test --quiet-pull
- docker compose -f docker-compose.yml exec -T tdp-frontend-test sh -c "npm run lint"

frontend-logs:
desc: Show and follow frontend web server logs
dir: tdrs-frontend
cmds:
- docker-compose -f docker-compose.yml logs -f
- docker compose -f docker-compose.yml logs -f

frontend-bash:
desc: Open a shell in the frontend container
dir: tdrs-frontend
cmds:
- docker-compose -f docker-compose.yml exec tdp-frontend bash
- docker compose -f docker-compose.yml exec tdp-frontend bash

up:
desc: Start both frontend and backend web servers
Expand Down
Binary file modified docs/Security-Compliance/diagram.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
12 changes: 9 additions & 3 deletions scripts/cf-check.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,20 @@ set -e
if command -v cf /dev/null 2>&1; then
echo The command cf is available
else
apt-get update
apt-get install wget gnupg2 apt-transport-https
if [[ -f /bin/terraform ]]; then
echo "This is our Terraform executor, Alpine Linux v3.13"
apk update
apk add curl jq

else
apt-get update
apt-get install curl wget gnupg2 apt-transport-https jq
fi

NEXUS_ARCHIVE="cf7-cli_7.7.13_linux_x86-64.tgz"
NEXUS_URL="https://tdp-nexus.dev.raftlabs.tech/repository/tdp-bin/cloudfoundry-cli/$NEXUS_ARCHIVE"
curl $NEXUS_URL -o $NEXUS_ARCHIVE # prefers anonymous, use of -u failed.
tar xzf $NEXUS_ARCHIVE
mv ./cf7 /usr/local/bin/cf
cf --version

fi
Loading

0 comments on commit 8054e47

Please sign in to comment.