Merge pull request #8 from fecgov/release/sprint-44

Release/sprint 44

.circleci/config.yml

@@ -0,0 +1,31 @@
+# Use the latest 2.1 version of CircleCI pipeline process engine.
+# See: https://circleci.com/docs/2.0/configuration-reference
+version: 2.1
+jobs:
+  deploy:
+    docker:
+      - image: cimg/base:2024.06
+
+    working_directory: ~/repo
+
+    steps:
+      - checkout
+
+      - run:
+          name: Install CF CLI
+          command: |
+            mkdir -p $HOME/bin
+            export PATH=$HOME/bin:$PATH
+            curl -L "https://cli.run.pivotal.io/stable?release=linux64-binary&version=7.1.0" | tar xzv -C $HOME/bin
+
+      - run:
+          name: Deploy Proxy
+          command: |
+            export PATH=$HOME/bin:$PATH
+            ./bin/cf_deploy.sh fecfile-api-proxy fec-fecfileonline-prototyping $CIRCLE_BRANCH
+
+workflows:
+  version: 2.1
+  build-deploy:
+    jobs:
+      - deploy

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,34 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: 'Potential Bug: [Insert title here]'
+labels: bug
+assignees: WiseQA
+
+---
+
+**Where was the issue found:**
+- Committee ID:
+- Environment:
+- Browser:
+
+**Please describe the issue clearly and concisely**
+A clear and concise description of what the bug is.
+
+Approximate time the issue was found:
+
+**To Reproduce**
+How to replicate the issue:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,22 @@
+---
+name: Feature request
+about: Ticket for feature requirements
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+### Business Reason
+As a [role], I will be able to [blank] so that I can [business reason]
+
+### Acceptance Criteria
+**Given** [precedent]
+**When** [action]
+**Then** [result]
+
+### QA Notes
+
+### DEV Notes
+
+### Design

Dockerfile

@@ -0,0 +1,7 @@
+FROM nginx:stable
+COPY nginx.conf mime.types blockips.conf /etc/nginx/
+RUN sed -i '/daemon off;/d' /etc/nginx/nginx.conf
+RUN sed -i 's/{{port}}/8080/g' /etc/nginx/nginx.conf
+RUN sed -i 's/$host/$host:8080/g' /etc/nginx/nginx.conf
+RUN sed -i 's/{{nameservers}}/127.0.0.11/g' /etc/nginx/nginx.conf
+RUN sed -i 's/{{env "FECFILE_WEB_API"}}/http:\/\/api:8080/g' /etc/nginx/nginx.conf

bin/cf_deploy.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+
+set -o errexit
+set -o pipefail
+set -x
+
+cloud_gov=${CF_API:-https://api.fr.cloud.gov}
+
+app=${1}
+org=${2}
+branch=${3}
+
+# Get the space that corresponds with the branch name
+if [[ ${branch} == "develop" ]]; then
+    echo "Branch is develop, deploying to dev space"
+    space="dev"
+elif [[ ${branch} == release* ]]; then
+    echo "Branch starts with release, deploying to stage space"
+    space="stage"
+elif [[ ${branch} == "main" ]]; then
+    echo "Branch is main, deploying to prod space"
+    space="prod"
+else
+# Don't deploy other branches, pass build
+    echo "No space detected"
+    exit 0
+fi
+
+manifest=manifest_${space}.yml
+
+# Get username/password for relevant space (uppercased)
+cf_username_label="FEC_CF_USERNAME_$(echo $space | tr [a-z] [A-Z])"
+cf_password_label="FEC_CF_PASSWORD_$(echo $space | tr [a-z] [A-Z])"
+
+if [[ -z ${org} || -z ${branch} || -z ${app} ]]; then
+  echo "Usage: $0  <app> <org> <branch>" >&2
+  exit 1
+fi
+
+(
+  set +x # Disable debugging
+
+  if [[ -n ${!cf_username_label} && -n ${!cf_password_label} ]]; then
+    cf api ${cloud_gov}
+    cf auth "${!cf_username_label}" "${!cf_password_label}"
+  fi
+)
+
+# Target space
+cf target -o ${org} -s ${space}
+
+# If the app exists, use rolling deployment
+if cf app ${app}; then
+  command="push --strategy rolling"
+else
+  command="push"
+fi
+
+# Deploy app
+cf ${command} ${app} -f ${manifest}
+
+# Add network policies
+cf add-network-policy fecfile-api-proxy fecfile-web-api

blockips.conf

@@ -0,0 +1,5 @@
+# The entire if condition is needed to block an IP
+
+# if ($http_x_forwarded_for ~* x.x.x.x) {
+#    return 403;
+# }

manifest_dev.yml

@@ -0,0 +1,13 @@
+---
+applications:
+  - name: fecfile-api-proxy
+    instances: 1
+    memory: 256M
+    disk_quota: 700M
+    routes:
+      - route: fecfile-web-api-dev.app.cloud.gov
+    stack: cflinuxfs4
+    buildpacks:
+      - nginx_buildpack
+    env:
+      FECFILE_WEB_API: "http://fecfile-web-api-dev.apps.internal:8080"

manifest_prod.yml

@@ -0,0 +1,13 @@
+---
+applications:
+  - name: fecfile-api-proxy
+    instances: 2
+    memory: 256M
+    disk_quota: 1G
+    routes:
+      - route: fecfile-web-api-prod.app.cloud.gov
+    stack: cflinuxfs4
+    buildpacks:
+      - nginx_buildpack
+    env:
+      FECFILE_WEB_API: "http://fecfile-web-api-prod.apps.internal:8080"

manifest_stage.yml

@@ -0,0 +1,13 @@
+---
+applications:
+  - name: fecfile-api-proxy
+    instances: 2
+    memory: 256M
+    disk_quota: 1G
+    routes:
+      - route: fecfile-web-api-stage.app.cloud.gov
+    stack: cflinuxfs4
+    buildpacks:
+      - nginx_buildpack
+    env:
+      FECFILE_WEB_API: "http://fecfile-web-api-stage.apps.internal:8080"

mime.types

@@ -0,0 +1,78 @@
+types {
+  text/html html htm shtml;
+  text/css css;
+  text/xml xml;
+  image/gif gif;
+  image/jpeg jpeg jpg;
+  application/x-javascript js;
+  application/atom+xml atom;
+  application/rss+xml rss;
+  font/ttf ttf;
+  font/woff woff;
+  font/woff2 woff2;
+  text/mathml mml;
+  text/plain txt;
+  text/vnd.sun.j2me.app-descriptor jad;
+  text/vnd.wap.wml wml;
+  text/x-component htc;
+  text/cache-manifest manifest;
+  image/png png;
+  image/tiff tif tiff;
+  image/vnd.wap.wbmp wbmp;
+  image/x-icon ico;
+  image/x-jng jng;
+  image/x-ms-bmp bmp;
+  image/svg+xml svg svgz;
+  image/webp webp;
+  application/java-archive jar war ear;
+  application/mac-binhex40 hqx;
+  application/msword doc;
+  application/pdf pdf;
+  application/postscript ps eps ai;
+  application/rtf rtf;
+  application/vnd.ms-excel xls;
+  application/vnd.ms-powerpoint ppt;
+  application/vnd.wap.wmlc wmlc;
+  application/vnd.google-earth.kml+xml  kml;
+  application/vnd.google-earth.kmz kmz;
+  application/x-7z-compressed 7z;
+  application/x-cocoa cco;
+  application/x-java-archive-diff jardiff;
+  application/x-java-jnlp-file jnlp;
+  application/x-makeself run;
+  application/x-perl pl pm;
+  application/x-pilot prc pdb;
+  application/x-rar-compressed rar;
+  application/x-redhat-package-manager  rpm;
+  application/x-sea sea;
+  application/x-shockwave-flash swf;
+  application/x-stuffit sit;
+  application/x-tcl tcl tk;
+  application/x-x509-ca-cert der pem crt;
+  application/x-xpinstall xpi;
+  application/xhtml+xml xhtml;
+  application/zip zip;
+  application/octet-stream bin exe dll;
+  application/octet-stream deb;
+  application/octet-stream dmg;
+  application/octet-stream eot;
+  application/octet-stream iso img;
+  application/octet-stream msi msp msm;
+  application/json json;
+  audio/midi mid midi kar;
+  audio/mpeg mp3;
+  audio/ogg ogg;
+  audio/x-m4a m4a;
+  audio/x-realaudio ra;
+  video/3gpp 3gpp 3gp;
+  video/mp4 mp4;
+  video/mpeg mpeg mpg;
+  video/quicktime mov;
+  video/webm webm;
+  video/x-flv flv;
+  video/x-m4v m4v;
+  video/x-mng mng;
+  video/x-ms-asf asx asf;
+  video/x-ms-wmv wmv;
+  video/x-msvideo avi;
+}

nginx.conf

@@ -0,0 +1,50 @@
+worker_processes 1;
+daemon off;
+
+error_log stderr;
+events { worker_connections 1024; }
+
+http {
+  charset utf-8;
+  log_format cloudfoundry '$http_x_forwarded_for - $http_referer - [$time_local] "$request" $status $body_bytes_sent';
+  access_log /dev/stdout cloudfoundry;
+  default_type application/octet-stream;
+  include mime.types;
+  sendfile on;
+
+  gzip on;
+  gzip_disable "msie6";
+  gzip_comp_level 6;
+  gzip_min_length 1100;
+  gzip_buffers 16 8k;
+  gzip_proxied any;
+  gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/xml+rss;
+
+  tcp_nopush on;
+  keepalive_timeout 300;
+  proxy_connect_timeout 300;
+  proxy_read_timeout 300;
+  # Ensure that redirects don't include the internal container PORT - {{port}}
+  port_in_redirect off;
+  server_tokens off;
+
+  server {
+    listen {{port}};
+    server_name localhost;
+
+    # Restrict IPs
+    include blockips.conf;
+
+    client_max_body_size 100M;
+
+    location / {
+      resolver {{nameservers}} ipv6=off valid=1s;
+      set $backend "{{env "FECFILE_WEB_API"}}";
+      proxy_pass $backend;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_set_header X-Forwarded-Host $host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      #proxy_set_header X-Script-Name "/";
+    }
+  }
+}