-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into em-herrick-patch-1
- Loading branch information
Showing
338 changed files
with
59,910 additions
and
6,055 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,79 +1,22 @@ | ||
| <!-- | ||
| Please follow the instructions found in this pull request template so that we | ||
| have all of the relevant details needed for our work. | ||
| At the minimum, please be sure to fill in all sections found below and also do | ||
| the following: | ||
| - Provide an appropriate and descriptive title for the pull request | ||
| - Link the pull request to its corresponding issue (must be done after creating | ||
| the pull request itself) | ||
| - Assign yourself as the author | ||
| - Attach the appropriate labels to it | ||
| - Set it to be on the Notify.gov project board | ||
| - Select one or more reviewers from the team or mark the pull request as a draft | ||
| depending on its current state | ||
| - If the pull request is a draft, please be sure to add reviewers once it is | ||
| ready for review and mark it ready for review | ||
| For each section, please delete the instructions/sample text (that includes this | ||
| text, though it is wrapped in an HTML comment just in case) and put in your own | ||
| information. Thank you! | ||
| Not sure what you should include or write in a pull request? Please read the | ||
| [pull request documentation in our docs!](https://github.com/GSA/notifications-api/blob/main/docs/all.md#pull-requests) | ||
| --> | ||
|
|
||
| *A note to PR reviewers: it may be helpful to review our | ||
| [code review documentation](https://github.com/GSA/notifications-api/blob/main/docs/all.md#code-reviews) | ||
| to know what to keep in mind while reviewing pull requests.* | ||
| *A note to PR reviewers: it may be helpful to review our [code review documentation](https://github.com/GSA/notifications-api/blob/main/docs/all.md#code-reviews) to know what to keep in mind while reviewing pull requests.* | ||
|
|
||
| ## Description | ||
|
|
||
| Please enter a clear description about your proposed changes and what the | ||
| expected outcome(s) is/are from there. If there are complex implementation | ||
| details within the changes, this is a great place to explain those details using | ||
| plain language. | ||
|
|
||
| This should include: | ||
|
|
||
| - Links to issues that this PR addresses | ||
| - Screenshots or screen captures of any visible changes, especially for UI work | ||
| - Dependency changes | ||
|
|
||
| If there are any caveats, known issues, follow-up items, etc., make a quick note | ||
| of them here as well, though more details are probably warranted in the issue | ||
| itself in this case. | ||
| Please enter a detailed description here. | ||
|
|
||
| ## TODO (optional) | ||
|
|
||
| If you're opening a draft PR, it might be helpful to list any outstanding work, | ||
| especially if you're asking folks to take a look before it's ready for full | ||
| review. In this case, create a small checklist with the outstanding items: | ||
|
|
||
| - [ ] TODO item 1 | ||
| - [ ] TODO item 2 | ||
| - [ ] TODO item ... | ||
| * [ ] TODO item 1 | ||
| * [ ] TODO item 2 | ||
| * [ ] TODO item ... | ||
|
|
||
| ## Security Considerations | ||
|
|
||
| Please think about the security compliance aspect of your changes and what the | ||
| potential impacts might be. | ||
|
|
||
| **NOTE: Please be mindful of sharing sensitive information here! If you're not | ||
| sure of what to write, please ask the team first before writing anything here.** | ||
|
|
||
| Relevant details could include (and are not limited to) the following: | ||
|
|
||
| - Handling secrets/credential management (or specifically calling out that there | ||
| is nothing to handle) | ||
| - Any adjustments to the flow of data in and out the system, or even within it | ||
| - Connecting or disconnecting any external services to the application | ||
| - Handling of any sensitive information, such as PII | ||
| - Handling of information within log statements or other application monitoring | ||
| services/hooks | ||
| - The inclusion of a new external dependency or the removal of an existing one | ||
| - ... (anything else relevant from a security compliance perspective) | ||
|
|
||
| There are some cases where there are no security considerations to be had, e.g., | ||
| updating our documentation with publicly available information. In those cases | ||
| it is fine to simply put something like this: | ||
|
|
||
| - None; this is a documentation update with publicly available information. | ||
| * Consideration 1 | ||
| * Consideration 2 | ||
| * Consideration ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -23,6 +23,12 @@ jobs: | |
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Set up Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: "22.3.0" | ||
| - name: Install dependencies | ||
| run: npm install | ||
| - uses: ./.github/actions/setup-project | ||
| - uses: jwalton/gh-find-current-pr@v1 | ||
| id: findPr | ||
|
|
@@ -38,8 +44,6 @@ jobs: | |
| run: poetry run isort --check-only ./app ./tests | ||
| - name: Check dead code | ||
| run: make dead-code | ||
| - name: Run js lint | ||
| run: npm run lint | ||
| - name: Run js tests | ||
| run: npm test | ||
| - name: Run py tests with coverage | ||
|
|
@@ -48,6 +52,7 @@ jobs: | |
| run: poetry run coverage report --fail-under=90 | ||
|
|
||
| end-to-end-tests: | ||
| if: ${{ github.actor != 'dependabot[bot]' }} | ||
| permissions: | ||
| checks: write | ||
| pull-requests: write | ||
|
|
@@ -78,6 +83,7 @@ jobs: | |
| ports: | ||
| # Maps tcp port 6379 on service container to the host | ||
| - 6379:6379 | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: ./.github/actions/setup-project | ||
|
|
@@ -86,10 +92,10 @@ jobs: | |
| - name: Clone API | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| repository: GSA/notifications-api | ||
| path: 'notifications-api' | ||
| repository: GSA/notifications-api | ||
| path: "notifications-api" | ||
| - name: Install API dependencies | ||
| working-directory: 'notifications-api' | ||
| working-directory: "notifications-api" | ||
| run: make bootstrap | ||
| env: | ||
| DATABASE_URL: postgresql://user:password@localhost:5432/test_notification_api | ||
|
|
@@ -99,7 +105,7 @@ jobs: | |
| NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }} | ||
| NOTIFY_ENVIRONMENT: development | ||
| - name: Run API server | ||
| working-directory: 'notifications-api' | ||
| working-directory: "notifications-api" | ||
| run: make run-procfile & | ||
| env: | ||
| DATABASE_URL: postgresql://user:password@localhost:5432/test_notification_api | ||
|
|
@@ -130,6 +136,12 @@ jobs: | |
| # Debugging for now to troubleshoot a connectivity issue to the local servers | ||
| # run: curl --request GET --url "http://localhost:6012" | ||
| env: | ||
| API_HOST_NAME: http://localhost:6011 | ||
| DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }} | ||
| SECRET_KEY: ${{ secrets.SECRET_KEY }} | ||
| ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }} | ||
| ADMIN_CLIENT_USERNAME: notify-admin | ||
|
|
||
| NOTIFY_ENVIRONMENT: e2etest | ||
| NOTIFY_E2E_AUTH_STATE_PATH: ${{ secrets.NOTIFY_E2E_AUTH_STATE_PATH }} | ||
| NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }} | ||
|
|
@@ -160,6 +172,8 @@ jobs: | |
| - uses: pypa/[email protected] | ||
| with: | ||
| inputs: requirements.txt | ||
| ignore-vulns: | | ||
| PYSEC-2024-60 | ||
| - name: Run npm audit | ||
| run: make npm-audit | ||
|
|
||
|
|
@@ -183,12 +197,12 @@ jobs: | |
| - name: Run OWASP Baseline Scan | ||
| uses: zaproxy/[email protected] | ||
| with: | ||
| docker_name: 'ghcr.io/zaproxy/zaproxy:weekly' | ||
| target: 'http://localhost:6012' | ||
| docker_name: "ghcr.io/zaproxy/zaproxy:weekly" | ||
| target: "http://localhost:6012" | ||
| fail_action: true | ||
| allow_issue_writing: false | ||
| rules_file_name: 'zap.conf' | ||
| cmd_options: '-I' | ||
| rules_file_name: "zap.conf" | ||
| cmd_options: "-I" | ||
|
|
||
| a11y-scan: | ||
| runs-on: ubuntu-20.04 | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,95 @@ | ||
| # For most projects, this workflow file will not need changing; you simply need | ||
| # to commit it to your repository. | ||
| # | ||
| # You may wish to alter this file to override the set of languages analyzed, | ||
| # or to provide custom queries or build logic. | ||
| # | ||
| # ******** NOTE ******** | ||
| # We have attempted to detect the languages in your repository. Please check | ||
| # the `language` matrix defined below to confirm you have the correct set of | ||
| # supported CodeQL languages. | ||
| # | ||
| name: "CodeQL" | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ "main", "production" ] | ||
| pull_request: | ||
| branches: [ "main", "production" ] | ||
| schedule: | ||
| - cron: '18 5 * * 3' | ||
|
|
||
| jobs: | ||
| analyze: | ||
| name: Analyze (${{ matrix.language }}) | ||
| # Runner size impacts CodeQL analysis time. To learn more, please see: | ||
| # - https://gh.io/recommended-hardware-resources-for-running-codeql | ||
| # - https://gh.io/supported-runners-and-hardware-resources | ||
| # - https://gh.io/using-larger-runners (GitHub.com only) | ||
| # Consider using larger runners or machines with greater resources for possible analysis time improvements. | ||
| runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} | ||
| timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} | ||
| permissions: | ||
| # required for all workflows | ||
| security-events: write | ||
|
|
||
| # required to fetch internal or private CodeQL packs | ||
| packages: read | ||
|
|
||
| # only required for workflows in private repositories | ||
| actions: read | ||
| contents: read | ||
|
|
||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| include: | ||
| - language: javascript-typescript | ||
| build-mode: none | ||
| - language: python | ||
| build-mode: none | ||
| # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' | ||
| # Use `c-cpp` to analyze code written in C, C++ or both | ||
| # Use 'java-kotlin' to analyze code written in Java, Kotlin or both | ||
| # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both | ||
| # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, | ||
| # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. | ||
| # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how | ||
| # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| # Initializes the CodeQL tools for scanning. | ||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@v3 | ||
| with: | ||
| languages: ${{ matrix.language }} | ||
| build-mode: ${{ matrix.build-mode }} | ||
| # If you wish to specify custom queries, you can do so here or in a config file. | ||
| # By default, queries listed here will override any specified in a config file. | ||
| # Prefix the list here with "+" to use these queries and those in the config file. | ||
|
|
||
| # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs | ||
| # queries: security-extended,security-and-quality | ||
|
|
||
| # If the analyze step fails for one of the languages you are analyzing with | ||
| # "We were unable to automatically build your code", modify the matrix above | ||
| # to set the build mode to "manual" for that language. Then modify this step | ||
| # to build your code. | ||
| # ℹ️ Command-line programs to run using the OS shell. | ||
| # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun | ||
| - if: matrix.build-mode == 'manual' | ||
| shell: bash | ||
| run: | | ||
| echo 'If you are using a "manual" build mode for one or more of the' \ | ||
| 'languages you are analyzing, replace this with the commands to build' \ | ||
| 'your code, for example:' | ||
| echo ' make bootstrap' | ||
| echo ' make release' | ||
| exit 1 | ||
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/analyze@v3 | ||
| with: | ||
| category: "/language:${{matrix.language}}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.