rails_template_18f 0.1.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +19 -0
- data/Gemfile +2 -0
- data/Gemfile.lock +4 -1
- data/README.md +16 -19
- data/exe/rails_template_18f +60 -0
- data/lib/generators/rails_template18f/active_storage/active_storage_generator.rb +135 -0
- data/lib/generators/rails_template18f/active_storage/templates/app/jobs/file_scan_job.rb +33 -0
- data/lib/generators/rails_template18f/active_storage/templates/app/models/file_upload.rb +25 -0
- data/lib/generators/rails_template18f/active_storage/templates/doc/adr/clamav.md.tt +30 -0
- data/lib/generators/rails_template18f/active_storage/templates/spec/jobs/file_scan_job_spec.rb +35 -0
- data/lib/generators/rails_template18f/active_storage/templates/spec/models/file_upload_spec.rb +38 -0
- data/lib/generators/rails_template18f/circleci/circleci_generator.rb +26 -10
- data/lib/generators/rails_template18f/cloud_gov_config/cloud_gov_config_generator.rb +28 -0
- data/lib/generators/rails_template18f/cloud_gov_config/templates/app/models/cloud_gov_config.rb +15 -0
- data/lib/generators/rails_template18f/cloud_gov_config/templates/spec/models/cloud_gov_config_spec.rb +44 -0
- data/lib/generators/rails_template18f/dap/dap_generator.rb +72 -0
- data/lib/generators/rails_template18f/github_actions/github_actions_generator.rb +27 -11
- data/lib/generators/rails_template18f/i18n/i18n_generator.rb +107 -0
- data/{templates → lib/generators/rails_template18f/i18n/templates}/config/locales/en.yml.tt +3 -3
- data/{templates → lib/generators/rails_template18f/i18n/templates}/config/locales/es.yml +3 -3
- data/{templates → lib/generators/rails_template18f/i18n/templates}/config/locales/fr.yml +3 -6
- data/{templates → lib/generators/rails_template18f/i18n/templates}/config/locales/zh.yml +0 -0
- data/lib/generators/rails_template18f/i18n_js/i18n_js_generator.rb +60 -0
- data/lib/generators/rails_template18f/i18n_js/templates/lib/tasks/i18n.rake +9 -0
- data/lib/generators/rails_template18f/newrelic/newrelic_generator.rb +79 -0
- data/{templates/config/newrelic.yml → lib/generators/rails_template18f/newrelic/templates/config/newrelic.yml.tt} +7 -7
- data/lib/generators/rails_template18f/sidekiq/sidekiq_generator.rb +70 -0
- data/lib/generators/rails_template18f/sidekiq/templates/config/initializers/redis.rb +14 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/README.md.tt +0 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/bootstrap/import.sh +0 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/bootstrap/main.tf.tt +3 -3
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/bootstrap/providers.tf +0 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/bootstrap/run.sh.tt +1 -1
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/teardown_creds.sh.tt +5 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/bootstrap/variables.tf +0 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/create_space_deployer.sh +0 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/destroy_space_deployer.sh +0 -0
- data/lib/generators/rails_template18f/terraform/templates/terraform/production/main.tf.tt +82 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/production/providers.tf.tt +0 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/production/variables.tf +0 -0
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/main.tf.tt +50 -0
- data/{templates/terraform/shared/database → lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav}/providers.tf +0 -0
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/clamav/variables.tf +47 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/shared/database/main.tf.tt +0 -0
- data/{templates/terraform/shared/domain → lib/generators/rails_template18f/terraform/templates/terraform/shared/database}/providers.tf +0 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/shared/database/variables.tf +0 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/shared/domain/main.tf.tt +1 -1
- data/{templates/terraform/shared/s3 → lib/generators/rails_template18f/terraform/templates/terraform/shared/domain}/providers.tf +0 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/shared/domain/variables.tf +0 -0
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/main.tf.tt +23 -0
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/providers.tf +16 -0
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/redis/variables.tf +42 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/shared/s3/main.tf +0 -0
- data/lib/generators/rails_template18f/terraform/templates/terraform/shared/s3/providers.tf +16 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/shared/s3/variables.tf +0 -0
- data/lib/generators/rails_template18f/terraform/templates/terraform/staging/main.tf.tt +62 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/staging/providers.tf.tt +0 -0
- data/{templates → lib/generators/rails_template18f/terraform/templates}/terraform/staging/variables.tf +0 -0
- data/lib/generators/rails_template18f/terraform/terraform_generator.rb +84 -0
- data/lib/rails_template18f/app_updater.rb +19 -0
- data/lib/rails_template18f/generators/base.rb +53 -0
- data/lib/rails_template18f/generators/cloud_gov_options.rb +53 -0
- data/lib/rails_template18f/generators/pipeline_options.rb +18 -0
- data/lib/rails_template18f/generators.rb +11 -0
- data/lib/rails_template18f/version.rb +1 -1
- data/lib/rails_template_18f.rb +1 -4
- data/rails-template-18f.gemspec +1 -0
- data/template.rb +84 -148
- data/templates/README.md.tt +7 -44
- data/templates/config/deployment/staging.yml +1 -1
- data/templates/config/environments/ci.rb +0 -1
- data/templates/doc/compliance/apps/application.boundary.md.tt +4 -31
- data/templates/githooks/{pre-commit.tt → pre-commit} +0 -15
- data/templates/manifest.yml.tt +1 -2
- metadata +77 -34
- data/lib/rails_template18f/terraform_options.rb +0 -68
- data/templates/terraform/bootstrap/teardown_creds.sh.tt +0 -5
- data/templates/terraform/production/main.tf.tt +0 -50
- data/templates/terraform/staging/main.tf.tt +0 -30
data/template.rb
CHANGED
|
@@ -10,6 +10,10 @@ def skip_git?
|
|
|
10
10
|
!!options[:skip_git]
|
|
11
11
|
end
|
|
12
12
|
|
|
13
|
+
def skip_active_job?
|
|
14
|
+
!!options[:skip_active_job]
|
|
15
|
+
end
|
|
16
|
+
|
|
13
17
|
def webpack?
|
|
14
18
|
adjusted_javascript_option == "webpack"
|
|
15
19
|
end
|
|
@@ -48,25 +52,24 @@ unless Gem::Dependency.new("rails", "~> 7.0.0").match?("rails", Rails.gem_versio
|
|
|
48
52
|
end
|
|
49
53
|
|
|
50
54
|
# ask setup questions
|
|
51
|
-
|
|
55
|
+
terraform = yes?("Create terraform files for cloud.gov services? (y/n)")
|
|
52
56
|
@cloud_gov_organization = ask("What is your cloud.gov organization name? (Leave blank to fill in later)")
|
|
53
57
|
default_staging_space = "staging"
|
|
54
|
-
|
|
58
|
+
cloud_gov_staging_space = ask("What is your cloud.gov staging space name? (Default: #{default_staging_space})")
|
|
55
59
|
default_prod_space = "prod"
|
|
56
|
-
|
|
60
|
+
cloud_gov_production_space = ask("What is your cloud.gov production space name? (Default: #{default_prod_space})")
|
|
57
61
|
@cloud_gov_organization = "TKTK-cloud.gov-org-name" if @cloud_gov_organization.blank?
|
|
58
|
-
|
|
59
|
-
|
|
62
|
+
cloud_gov_staging_space = default_staging_space if cloud_gov_staging_space.blank?
|
|
63
|
+
cloud_gov_production_space = default_prod_space if cloud_gov_production_space.blank?
|
|
60
64
|
|
|
61
65
|
@github_actions = yes?("Create Github Actions? (y/n)")
|
|
62
66
|
@circleci_pipeline = yes?("Create CircleCI config? (y/n)")
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
@supported_languages.push(:zh) if yes?("Add Simplified Chinese to supported locales, with starter zh.yml? (y/n)")
|
|
67
|
+
newrelic = yes?("Create FEDRAMP New Relic config files? (y/n)")
|
|
68
|
+
dap = yes?("If this will be a public site, should we include Digital Analytics Program code? (y/n)")
|
|
69
|
+
supported_languages = []
|
|
70
|
+
supported_languages.push(:es) if yes?("Add Spanish to supported locales, with starter es.yml? (y/n)")
|
|
71
|
+
supported_languages.push(:fr) if yes?("Add French to supported locales, with starter fr.yml? (y/n)")
|
|
72
|
+
supported_languages.push(:zh) if yes?("Add Simplified Chinese to supported locales, with starter zh.yml? (y/n)")
|
|
70
73
|
|
|
71
74
|
running_node_version = `node --version`.gsub(/^v/, "").strip
|
|
72
75
|
@node_version = ask("What version of NodeJS are you using? (Default: #{running_node_version})")
|
|
@@ -151,34 +154,16 @@ else
|
|
|
151
154
|
"policy.style_src :self"
|
|
152
155
|
end
|
|
153
156
|
|
|
154
|
-
script_policy = [":self"]
|
|
155
|
-
connect_policy = [":self"]
|
|
156
|
-
image_policy = [":self", ":data"]
|
|
157
|
-
|
|
158
|
-
if @newrelic
|
|
159
|
-
script_policy << '"https://js-agent.newrelic.com"'
|
|
160
|
-
script_policy << '"https://*.nr-data.net"'
|
|
161
|
-
connect_policy << '"https://*.nr-data.net"'
|
|
162
|
-
end
|
|
163
|
-
|
|
164
|
-
if @dap
|
|
165
|
-
image_policy << '"https://www.google-analytics.com"'
|
|
166
|
-
script_policy << '"https://dap.digitalgov.gov"'
|
|
167
|
-
script_policy << '"https://www.google-analytics.com"'
|
|
168
|
-
connect_policy << '"https://dap.digitalgov.gov"'
|
|
169
|
-
connect_policy << '"https://www.google-analytics.com"'
|
|
170
|
-
end
|
|
171
|
-
|
|
172
157
|
gsub_file csp_initializer, /^# config.*\|policy\|$.+^# end$/m, <<EOM
|
|
173
158
|
config.content_security_policy do |policy|
|
|
174
159
|
policy.default_src :self
|
|
175
160
|
policy.font_src :self
|
|
176
161
|
policy.form_action :self
|
|
177
162
|
policy.frame_ancestors :none
|
|
178
|
-
policy.img_src
|
|
163
|
+
policy.img_src :self, :data
|
|
179
164
|
policy.object_src :none
|
|
180
|
-
policy.script_src
|
|
181
|
-
policy.connect_src
|
|
165
|
+
policy.script_src :self
|
|
166
|
+
policy.connect_src :self
|
|
182
167
|
#{style_policy}
|
|
183
168
|
end
|
|
184
169
|
EOM
|
|
@@ -187,32 +172,13 @@ uncomment_lines csp_initializer, "Rails.application"
|
|
|
187
172
|
uncomment_lines csp_initializer, /end$/
|
|
188
173
|
uncomment_lines csp_initializer, "content_security_policy_nonce"
|
|
189
174
|
|
|
190
|
-
|
|
191
|
-
gem "newrelic_rpm", "~> 8.4"
|
|
192
|
-
copy_file "config/newrelic.yml"
|
|
193
|
-
|
|
194
|
-
register_announcement("New Relic", <<~EOM)
|
|
195
|
-
A New Relic config file has been written to `config/newrelic.yml`
|
|
196
|
-
|
|
197
|
-
To get started sending metrics via New Relic APM:
|
|
198
|
-
1. Replace `<APPNAME>` with what is registered for your application in New Relic
|
|
199
|
-
2. Add your New Relic license key to the Rails credentials with key `new_relic_key`.
|
|
200
|
-
3. Comment out the `agent_enabled: false` line
|
|
201
|
-
|
|
202
|
-
To enable browser monitoring:
|
|
203
|
-
4. Embed the Javascript snippet provided by New Relic into `application.html.erb`.
|
|
204
|
-
It is recommended to vary this based on environment (i.e. include one snippet
|
|
205
|
-
for staging and another for production).
|
|
206
|
-
EOM
|
|
207
|
-
end
|
|
208
|
-
|
|
175
|
+
# install development & testing gems
|
|
209
176
|
gem_group :development, :test do
|
|
210
177
|
gem "rspec-rails", "~> 5.1"
|
|
211
178
|
gem "dotenv-rails", "~> 2.7"
|
|
212
179
|
gem "brakeman", "~> 5.2"
|
|
213
180
|
gem "bundler-audit", "~> 0.9"
|
|
214
181
|
gem "standard", "~> 1.7"
|
|
215
|
-
gem "i18n-tasks", "~> 0.9"
|
|
216
182
|
end
|
|
217
183
|
if ENV["RT_DEV"] == "true"
|
|
218
184
|
gem "rails_template_18f", group: :development, path: ENV["PWD"]
|
|
@@ -222,11 +188,10 @@ end
|
|
|
222
188
|
|
|
223
189
|
copy_file "lib/tasks/scanning.rake"
|
|
224
190
|
copy_file "env", ".env"
|
|
191
|
+
copy_file "githooks/pre-commit", ".githooks/pre-commit", mode: :preserve
|
|
225
192
|
|
|
226
193
|
unless skip_git?
|
|
227
194
|
rails_command "credentials:diff --enroll"
|
|
228
|
-
template "githooks/pre-commit", ".githooks/pre-commit"
|
|
229
|
-
chmod ".githooks/pre-commit", 0o755
|
|
230
195
|
append_to_file ".gitignore", <<~EOM
|
|
231
196
|
|
|
232
197
|
# Ignore local dotenv overrides
|
|
@@ -241,27 +206,7 @@ unless skip_git?
|
|
|
241
206
|
EOM
|
|
242
207
|
end
|
|
243
208
|
|
|
244
|
-
#
|
|
245
|
-
@supported_languages.each do |language|
|
|
246
|
-
template "config/locales/#{language}.yml", force: true
|
|
247
|
-
end
|
|
248
|
-
application "config.i18n.available_locales = #{@supported_languages}"
|
|
249
|
-
application "config.i18n.fallbacks = [:en]"
|
|
250
|
-
after_bundle do
|
|
251
|
-
# Recommended by i18n-tasks
|
|
252
|
-
run "cp $(i18n-tasks gem-path)/templates/config/i18n-tasks.yml config/"
|
|
253
|
-
end
|
|
254
|
-
insert_into_file "app/helpers/application_helper.rb", <<'EOH', before: /^end$/
|
|
255
|
-
def format_active_locale(locale_string)
|
|
256
|
-
link_classes = "usa-nav__link"
|
|
257
|
-
if locale_string.to_sym == I18n.locale
|
|
258
|
-
link_classes = "#{link_classes} usa-current"
|
|
259
|
-
end
|
|
260
|
-
link_to t("shared.languages.#{locale_string}"), root_path(locale: locale_string), class: link_classes
|
|
261
|
-
end
|
|
262
|
-
EOH
|
|
263
|
-
|
|
264
|
-
# setup USWDS
|
|
209
|
+
# setup USWDS and asset pipeline
|
|
265
210
|
copy_file "browserslistrc", ".browserslistrc" if webpack?
|
|
266
211
|
uncomment_lines "Gemfile", "sassc-rails" # use sassc-rails for asset minification in prod
|
|
267
212
|
after_bundle do
|
|
@@ -313,7 +258,7 @@ after_bundle do
|
|
|
313
258
|
@import "uswds-settings.scss";
|
|
314
259
|
@import "../../../node_modules/uswds/dist/scss/uswds.scss";
|
|
315
260
|
EOCSS
|
|
316
|
-
gsub_file "app/views/layouts/application.html.erb", "<html>",
|
|
261
|
+
gsub_file "app/views/layouts/application.html.erb", "<html>", '<html lang="<%= I18n.locale %>">'
|
|
317
262
|
gsub_file "app/views/layouts/application.html.erb", /^\s+<%= yield %>/, <<-EOHTML
|
|
318
263
|
<%= render "application/usa_banner" %>
|
|
319
264
|
<%= render "application/header" %>
|
|
@@ -328,32 +273,14 @@ end
|
|
|
328
273
|
directory "app/views/application"
|
|
329
274
|
|
|
330
275
|
after_bundle do
|
|
276
|
+
# install and configure RSpec
|
|
331
277
|
generate "rspec:install"
|
|
332
278
|
gsub_file "spec/spec_helper.rb", /^=(begin|end)$/, ""
|
|
333
279
|
|
|
334
|
-
# Setup the PagesController
|
|
280
|
+
# Setup the PagesController and home (root) route
|
|
335
281
|
generate :controller, "pages", "home", "--skip-routes", "--no-helper", "--no-assets"
|
|
282
|
+
route "root 'pages#home'"
|
|
336
283
|
|
|
337
|
-
if @supported_languages.count > 1
|
|
338
|
-
locale_switching = <<~EOM
|
|
339
|
-
around_action :switch_locale
|
|
340
|
-
|
|
341
|
-
def switch_locale(&action)
|
|
342
|
-
locale = params[:locale] || I18n.default_locale
|
|
343
|
-
I18n.with_locale(locale, &action)
|
|
344
|
-
end
|
|
345
|
-
EOM
|
|
346
|
-
insert_into_file "app/controllers/application_controller.rb", locale_switching, before: /^end/
|
|
347
|
-
|
|
348
|
-
route <<-'EOM'
|
|
349
|
-
scope "(:locale)", locale: /#{I18n.available_locales.join('|')}/ do
|
|
350
|
-
# Your application routes here
|
|
351
|
-
root 'pages#home'
|
|
352
|
-
end
|
|
353
|
-
EOM
|
|
354
|
-
else
|
|
355
|
-
route "root 'pages#home'"
|
|
356
|
-
end
|
|
357
284
|
gsub_file "spec/requests/pages_spec.rb", "/pages/home", "/"
|
|
358
285
|
gsub_file "spec/views/pages/home.html.erb_spec.rb", " pending \"add some examples to (or delete) \#{__FILE__}\"", <<-EOM
|
|
359
286
|
it "displays the gov banner" do
|
|
@@ -362,34 +289,48 @@ after_bundle do
|
|
|
362
289
|
end
|
|
363
290
|
EOM
|
|
364
291
|
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
292
|
+
# Setup translations
|
|
293
|
+
generate "rails_template18f:i18n", "--languages=#{supported_languages.join(",")}", "--force"
|
|
294
|
+
end
|
|
295
|
+
|
|
296
|
+
# install ADRs and compliance documentation
|
|
297
|
+
directory "doc"
|
|
298
|
+
register_announcement("Documentation", <<~EOM)
|
|
299
|
+
* Include a short description of your application in doc/compliance/apps/application.boundary.md
|
|
300
|
+
* Remember to keep your Logical Data Model up to date in doc/compliance/apps/data.logical.md
|
|
301
|
+
EOM
|
|
302
|
+
|
|
303
|
+
if newrelic
|
|
304
|
+
after_bundle do
|
|
305
|
+
generate "rails_template18f:newrelic"
|
|
306
|
+
end
|
|
307
|
+
register_announcement("New Relic", <<~EOM)
|
|
308
|
+
A New Relic config file has been written to `config/newrelic.yml`
|
|
309
|
+
|
|
310
|
+
See instructions in README to get started sending data to New Relic
|
|
311
|
+
EOM
|
|
312
|
+
end
|
|
313
|
+
|
|
314
|
+
if dap
|
|
315
|
+
after_bundle do
|
|
316
|
+
generate "rails_template18f:dap"
|
|
368
317
|
end
|
|
318
|
+
register_announcement("Digital Analytics Program", "Update the DAP agency code in app/views/layouts/application.html.erb")
|
|
369
319
|
end
|
|
370
320
|
|
|
371
321
|
# infrastructure & deploy
|
|
372
322
|
template "manifest.yml"
|
|
373
323
|
copy_file "lib/tasks/cf.rake"
|
|
374
324
|
directory "config/deployment"
|
|
375
|
-
after_bundle do
|
|
376
|
-
run "cp .gitignore .cfignore" unless skip_git?
|
|
377
|
-
end
|
|
378
325
|
|
|
379
|
-
if
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
.terraform.lock.hcl
|
|
388
|
-
**/.terraform/*
|
|
389
|
-
secrets.auto.tfvars
|
|
390
|
-
terraform.tfstate
|
|
391
|
-
terraform.tfstate.backup
|
|
392
|
-
EOM
|
|
326
|
+
if terraform
|
|
327
|
+
after_bundle do
|
|
328
|
+
generator_arguments = [
|
|
329
|
+
"--cg-org=#{@cloud_gov_organization}",
|
|
330
|
+
"--cg-staging=#{cloud_gov_staging_space}",
|
|
331
|
+
"--cg-prod=#{cloud_gov_production_space}"
|
|
332
|
+
]
|
|
333
|
+
generate "rails_template18f:terraform", *generator_arguments
|
|
393
334
|
end
|
|
394
335
|
if cloud_gov_org_tktk?
|
|
395
336
|
register_announcement("Terraform", <<~EOM)
|
|
@@ -402,13 +343,25 @@ if @terraform
|
|
|
402
343
|
register_announcement("Terraform", "Run the bootstrap script and update the appropriate CI/CD environment variables defined in the Deployment section of the README")
|
|
403
344
|
end
|
|
404
345
|
|
|
346
|
+
if !skip_active_job?
|
|
347
|
+
after_bundle do
|
|
348
|
+
generate "rails_template18f:sidekiq"
|
|
349
|
+
end
|
|
350
|
+
end
|
|
351
|
+
|
|
352
|
+
if !skip_active_storage?
|
|
353
|
+
after_bundle do
|
|
354
|
+
generate "rails_template18f:active_storage"
|
|
355
|
+
end
|
|
356
|
+
end
|
|
357
|
+
|
|
405
358
|
if @github_actions
|
|
406
359
|
after_bundle do
|
|
407
360
|
generator_arguments = [
|
|
408
|
-
(
|
|
361
|
+
(terraform ? "--terraform" : "--no-terraform"),
|
|
409
362
|
"--cg-org=#{@cloud_gov_organization}",
|
|
410
|
-
"--cg-staging=#{
|
|
411
|
-
"--cg-prod=#{
|
|
363
|
+
"--cg-staging=#{cloud_gov_staging_space}",
|
|
364
|
+
"--cg-prod=#{cloud_gov_production_space}"
|
|
412
365
|
]
|
|
413
366
|
generate "rails_template18f:github_actions", *generator_arguments
|
|
414
367
|
end
|
|
@@ -425,10 +378,10 @@ end
|
|
|
425
378
|
if @circleci_pipeline
|
|
426
379
|
after_bundle do
|
|
427
380
|
generator_arguments = [
|
|
428
|
-
(
|
|
381
|
+
(terraform ? "--terraform" : "--no-terraform"),
|
|
429
382
|
"--cg-org=#{@cloud_gov_organization}",
|
|
430
|
-
"--cg-staging=#{
|
|
431
|
-
"--cg-prod=#{
|
|
383
|
+
"--cg-staging=#{cloud_gov_staging_space}",
|
|
384
|
+
"--cg-prod=#{cloud_gov_production_space}"
|
|
432
385
|
]
|
|
433
386
|
generate "rails_template18f:circleci", *generator_arguments
|
|
434
387
|
end
|
|
@@ -437,29 +390,6 @@ if @circleci_pipeline
|
|
|
437
390
|
EOM
|
|
438
391
|
end
|
|
439
392
|
|
|
440
|
-
if @adrs
|
|
441
|
-
directory "doc"
|
|
442
|
-
else
|
|
443
|
-
directory "doc/compliance"
|
|
444
|
-
end
|
|
445
|
-
register_announcement("Documentation", <<~EOM)
|
|
446
|
-
* Include a short description of your application in doc/compliance/apps/application.boundary.md
|
|
447
|
-
* Remember to keep your Logical Data Model up to date in doc/compliance/apps/data.logical.md
|
|
448
|
-
EOM
|
|
449
|
-
|
|
450
|
-
if @dap
|
|
451
|
-
after_bundle do
|
|
452
|
-
insert_into_file "app/views/layouts/application.html.erb", <<-EODAP, before: /^\s+<\/head>/
|
|
453
|
-
|
|
454
|
-
<% if Rails.env.production? %>
|
|
455
|
-
<!-- We participate in the US government's analytics program. See the data at analytics.usa.gov. -->
|
|
456
|
-
<%= javascript_include_tag "https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=GSA", async: true, id:"_fed_an_ua_tag" %>
|
|
457
|
-
<% end %>
|
|
458
|
-
EODAP
|
|
459
|
-
end
|
|
460
|
-
register_announcement("Digital Analytics Program", "Update the DAP agency code in app/views/layouts/application.html.erb")
|
|
461
|
-
end
|
|
462
|
-
|
|
463
393
|
# setup production credentials file
|
|
464
394
|
require "rails/generators"
|
|
465
395
|
require "rails/generators/rails/encryption_key_file/encryption_key_file_generator"
|
|
@@ -488,6 +418,11 @@ EOM
|
|
|
488
418
|
|
|
489
419
|
# ensure this is the very last step
|
|
490
420
|
after_bundle do
|
|
421
|
+
if run_db_setup
|
|
422
|
+
rails_command "db:create"
|
|
423
|
+
rails_command "db:migrate"
|
|
424
|
+
end
|
|
425
|
+
|
|
491
426
|
# x86_64-linux is required to install gems on any linux system such as cloud.gov or CI pipelines
|
|
492
427
|
run "bundle lock --add-platform x86_64-linux"
|
|
493
428
|
|
|
@@ -497,10 +432,11 @@ after_bundle do
|
|
|
497
432
|
run "bundle exec standardrb --fix"
|
|
498
433
|
|
|
499
434
|
unless skip_git?
|
|
435
|
+
run "cp .gitignore .cfignore"
|
|
500
436
|
git add: "."
|
|
501
437
|
git commit: "-a -m 'Initial commit'"
|
|
502
438
|
end
|
|
503
439
|
|
|
504
|
-
# Post-install
|
|
440
|
+
# Post-install announcements
|
|
505
441
|
print_announcements
|
|
506
442
|
end
|
data/templates/README.md.tt
CHANGED
|
@@ -53,10 +53,9 @@ TBD
|
|
|
53
53
|
|
|
54
54
|
The system's Content-Security-Policy header prevents `<script>` and `<style>` tags from working without further
|
|
55
55
|
configuration. Use `<%%= javascript_tag nonce: true %>` for inline javascript.
|
|
56
|
-
|
|
56
|
+
|
|
57
57
|
See the [CSP compliant script tag helpers](./doc/adr/0004-rails-csp-compliant-script-tag-helpers.md) ADR for
|
|
58
58
|
more information on setting these up successfully.
|
|
59
|
-
<% end %>
|
|
60
59
|
|
|
61
60
|
## Internationalization
|
|
62
61
|
|
|
@@ -101,10 +100,9 @@ Run everything: `bundle exec rake`
|
|
|
101
100
|
|
|
102
101
|
When new pages are added to the application, ensure they are added to `./.pa11yci` so that they can be scanned.
|
|
103
102
|
|
|
104
|
-
### Automatic linting
|
|
103
|
+
### Automatic linting
|
|
105
104
|
|
|
106
|
-
To enable automatic ruby linting
|
|
107
|
-
follow the instructions at the top of `.githooks/pre-commit`
|
|
105
|
+
To enable automatic ruby linting on every `git commit` follow the instructions at the top of `.githooks/pre-commit`
|
|
108
106
|
|
|
109
107
|
## CI/CD
|
|
110
108
|
|
|
@@ -114,24 +112,16 @@ Each environment has dependencies on a PostgreSQL RDS instance managed by cloud.
|
|
|
114
112
|
See [cloud.gov docs](https://cloud.gov/docs/services/relational-database/) for information on RDS.
|
|
115
113
|
|
|
116
114
|
#### Staging
|
|
117
|
-
|
|
118
115
|
<% if !@github_actions && !@circleci_pipeline %>
|
|
119
|
-
<% if @terraform %>
|
|
120
|
-
Follow the instructions in `terraform/README.md` to create the supporting services.
|
|
121
|
-
<% else %>
|
|
122
116
|
Before the first deploy only, create DB service with `cf create-service aws-rds micro-psql <%= app_name %>-rds-staging`
|
|
123
|
-
|
|
117
|
+
|
|
124
118
|
`cf push --strategy rolling --vars-file config/deployment/staging.yml --var rails_master_key=$(cat config/master.key)`
|
|
125
119
|
<% end %>
|
|
126
120
|
|
|
127
121
|
#### Production
|
|
128
|
-
|
|
129
122
|
<% if !@github_actions && !@circleci_pipeline %>
|
|
130
|
-
<% if @terraform %>
|
|
131
|
-
Follow the instructions in `terraform/README.md` to create the supporting services.
|
|
132
|
-
<% else %>
|
|
133
123
|
Before the first deploy only, create DB service with `cf create-service aws-rds <<SERVICE_PLAN_NAME>> <%= app_name %>-rds-production`
|
|
134
|
-
|
|
124
|
+
|
|
135
125
|
`cf push --strategy rolling --vars-file config/deployment/production.yml --var rails_master_key=$(cat config/credentials/production.key)`
|
|
136
126
|
<% end %>
|
|
137
127
|
|
|
@@ -150,34 +140,8 @@ Otherwise, they are set as a `((variable))` within `manifest.yml` and the variab
|
|
|
150
140
|
|
|
151
141
|
Configuration that changes from staging to production, but is public, should be added to `config/deployment/staging.yml` and `config/deployment/production.yml`
|
|
152
142
|
|
|
153
|
-
<% if @newrelic %>
|
|
154
|
-
## Monitoring with New Relic
|
|
155
|
-
|
|
156
|
-
The [New Relic Ruby agent](https://docs.newrelic.com/docs/apm/agents/ruby-agent/getting-started/introduction-new-relic-ruby) has been installed for monitoring this application.
|
|
157
|
-
|
|
158
|
-
The config lives at `config/newrelic.yml`, and points to a [FEDRAMP version of the New Relic service as its host](https://docs.newrelic.com/docs/security/security-privacy/compliance/fedramp-compliant-endpoints/). To access the metrics dashboard, you will need to be connected to VPN.
|
|
159
|
-
|
|
160
|
-
### Getting started
|
|
161
|
-
|
|
162
|
-
To get started sending metrics via New Relic APM:
|
|
163
|
-
1. Replace `<APPNAME>` in `config/newrelic.yml` with what is registered for your application in New Relic
|
|
164
|
-
1. Add your New Relic license key to the Rails credentials with key `new_relic_key`.
|
|
165
|
-
1. Comment out the `agent_enabled: false` line in `config/newrelic.yml`
|
|
166
|
-
1. Add the [Javascript snippet provided by New Relic](https://docs.newrelic.com/docs/browser/browser-monitoring/installation/install-browser-monitoring-agent) into `application.html.erb`. It is recommended to vary this based on environment (i.e. include one snippet for staging and another for production).
|
|
167
|
-
<% end %>
|
|
168
|
-
|
|
169
|
-
<% if @dap %>
|
|
170
|
-
## Analytics
|
|
171
|
-
|
|
172
|
-
Digital Analytics Program (DAP) code has been included for the Production environment, associated with GSA.
|
|
173
|
-
|
|
174
|
-
If <%= app_name.titleize %> is for another agency, update the agency line in `app/views/layouts/application.html.erb`
|
|
175
|
-
<% end %>
|
|
176
|
-
|
|
177
143
|
## Documentation
|
|
178
144
|
|
|
179
|
-
<% if @adrs %>
|
|
180
|
-
|
|
181
145
|
Architectural Decision Records (ADR) are stored in `doc/adr`
|
|
182
146
|
To create a new ADR, first install [ADR-tools](https://github.com/npryce/adr-tools) if you don't
|
|
183
147
|
already have it installed.
|
|
@@ -187,7 +151,6 @@ Then create the ADR:
|
|
|
187
151
|
* `adr new Title Of Architectural Decision`
|
|
188
152
|
|
|
189
153
|
This will create a new, numbered ADR in the `doc/adr` directory.
|
|
190
|
-
<% end %>
|
|
191
154
|
|
|
192
155
|
Compliance diagrams are stored in `doc/compliance`. See the README there for more information on
|
|
193
156
|
generating diagram updates.
|
|
@@ -197,8 +160,8 @@ generating diagram updates.
|
|
|
197
160
|
*This will continue to evolve as the project moves forward.*
|
|
198
161
|
|
|
199
162
|
* Pull down the most recent main before checking out a branch
|
|
200
|
-
* Write your code
|
|
201
|
-
* If a big architectural decision was made, add an ADR
|
|
163
|
+
* Write your code
|
|
164
|
+
* If a big architectural decision was made, add an ADR
|
|
202
165
|
* Submit a PR
|
|
203
166
|
* If you added functionality, please add tests.
|
|
204
167
|
* All tests must pass!
|
|
@@ -11,6 +11,7 @@ LAYOUT_WITH_LEGEND()
|
|
|
11
11
|
title application boundary view
|
|
12
12
|
|
|
13
13
|
Person_Ext(public, "Public", "A member of the public")
|
|
14
|
+
Person(developer, "Developer", "Application developers")
|
|
14
15
|
|
|
15
16
|
Boundary(device, "Computing Device", "Windows, OS X, Linux, iOS, Android"){
|
|
16
17
|
System_Ext(browser, "Web Browser", "any modern version")
|
|
@@ -29,49 +30,21 @@ Boundary(aws, "AWS GovCloud") {
|
|
|
29
30
|
System_Boundary(inventory, "Application") {
|
|
30
31
|
Container(app, "<&layers> <%= app_name.titleize %>", "Ruby <%= @ruby_version %>, Rails <%= Rails.version %>", "TKTK Application Description")
|
|
31
32
|
ContainerDb(app_db, "Application DB", "AWS RDS (PostgreSQL)", "Primary data storage")
|
|
32
|
-
<% if !skip_active_storage? %>
|
|
33
|
-
ContainerDb(app_s3, "File Storage", "AWS S3", "User-uploaded file storage")
|
|
34
|
-
<% end %>
|
|
35
33
|
}
|
|
36
34
|
}
|
|
37
35
|
}
|
|
38
36
|
}
|
|
39
37
|
|
|
40
|
-
|
|
41
38
|
Boundary(gsa_saas, "GSA-authorized SaaS") {
|
|
42
|
-
<% if @dap %>
|
|
43
|
-
System_Ext(dap, "DAP", "Analytics collection")
|
|
44
|
-
<% end %>
|
|
45
|
-
<% if @newrelic %>
|
|
46
|
-
System_Ext(newrelic, "New Relic", "Monitoring SaaS")
|
|
47
|
-
<% end %>
|
|
48
39
|
}
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
<% if @newrelic %>
|
|
53
|
-
Rel(app, newrelic, "reports telemetry (ruby agent)", "tcp (443)")
|
|
54
|
-
Rel(browser, newrelic, "reports ux metrics (javascript agent)", "https (443)")
|
|
55
|
-
<% end %>
|
|
40
|
+
|
|
41
|
+
Boundary(cicd, "CI/CD Pipeline") {
|
|
42
|
+
}
|
|
56
43
|
|
|
57
44
|
Rel(browser, aws_alb, "request info, submit requests", "https GET/POST (443)")
|
|
58
45
|
Rel(aws_alb, cloudgov_router, "proxies requests", "https GET/POST (443)")
|
|
59
46
|
Rel(cloudgov_router, app, "proxies requests", "https GET/POST (443)")
|
|
60
47
|
Rel(app, app_db, "reads/writes primary data", "psql (5432)")
|
|
61
|
-
<% if !skip_active_storage? %>
|
|
62
|
-
Rel(app, app_s3, "reads/writes file data", "https (443)")
|
|
63
|
-
<% end %>
|
|
64
|
-
|
|
65
|
-
Person(developer, "Developer", "Application developers")
|
|
66
|
-
Boundary(cicd, "CI/CD Pipeline") {
|
|
67
|
-
}
|
|
68
|
-
|
|
69
|
-
<% if @dap %>
|
|
70
|
-
Rel(developer, dap, "View traffic statistics", "https GET (443)")
|
|
71
|
-
<% end %>
|
|
72
|
-
<% if @newrelic %>
|
|
73
|
-
Rel(developer, newrelic, "Manage performance", "https (443)")
|
|
74
|
-
<% end %>
|
|
75
48
|
@enduml
|
|
76
49
|
```
|
|
77
50
|
|
|
@@ -18,18 +18,3 @@ if [ $linter_status -ne 0 ]; then
|
|
|
18
18
|
echo "Fix above before committing. Run 'git commit -n' to bypass linter."
|
|
19
19
|
exit 1
|
|
20
20
|
fi
|
|
21
|
-
|
|
22
|
-
<% if @terraform %>
|
|
23
|
-
echo "Running Terraform formatter"
|
|
24
|
-
# imitates https://github.com/HHS/Head-Start-TTADP/blob/3b72ff05d94fab4cda877c63d8cd6970f0eeffc7/.githooks/pre-commit
|
|
25
|
-
|
|
26
|
-
files=$(git diff --cached --name-only terraform)
|
|
27
|
-
for f in $files
|
|
28
|
-
do
|
|
29
|
-
# Format any *.tf files that were cached/staged
|
|
30
|
-
if [ -e "$f" ] && [[ $f == *.tf ]]; then
|
|
31
|
-
terraform fmt "$f"
|
|
32
|
-
git add "$f"
|
|
33
|
-
fi
|
|
34
|
-
done
|
|
35
|
-
<% end %>
|
data/templates/manifest.yml.tt
CHANGED
|
@@ -8,8 +8,7 @@ applications:
|
|
|
8
8
|
RAILS_MASTER_KEY: ((rails_master_key))
|
|
9
9
|
RAILS_ENV: ((env))
|
|
10
10
|
RAILS_LOG_TO_STDOUT: true
|
|
11
|
-
RAILS_SERVE_STATIC_FILES: true
|
|
12
|
-
NEW_RELIC_LOG: stdout<% end %>
|
|
11
|
+
RAILS_SERVE_STATIC_FILES: true
|
|
13
12
|
processes:
|
|
14
13
|
- type: web
|
|
15
14
|
instances: ((web_instances))
|