rails_template_18f 0.7.2 → 0.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9125789bccf3587593670a5046e6a019c8e65265cca40e8a9434f77b1a69cc7a
-  data.tar.gz: 72b8d7345799e1d26eef6506b035e80f1de94ea2679d6272f9ad525dbac5870a
+  metadata.gz: 8d21603b715f565d239901a62f7350b2b607f8ad264b2e23910d5c1203419038
+  data.tar.gz: 20b9516691e7819b443d06fb05e141992cf4f8e179363b43ad11d87918319929
 SHA512:
-  metadata.gz: 60c7961c07e40710113c4608162e3888335b0d86d8270d82b56bf7d16d607454dad73b7f4626fba87804d251358e744d5a307967562537b9d326f90d77a4630e
-  data.tar.gz: 3bd8def94a8f3f576b0f03622e1cf1461e6e79f00d4e3f3e17bd52bad4f91a59e365d3edcbc548be0ceeb6181271446b61a41ea0956832e64ad740c031ade812
+  metadata.gz: 6f1350e3598ae74b8dcb039ec6c85b7dd124e2b42e3563c5edb5e72a3c061c33cce3bfe43274d7c3fa07bb8f9cd0462df7fa40926ffc90fe913c043edeb86c28
+  data.tar.gz: d9bf899901b7cf2451d77dbd0eb50ddd016acc874d5144cee525d2b14df9bcb93887094e4ca1fa5a4b95a38ecb75ea622ffbfd9541e05edf292197016f909f3b

data/CHANGELOG.md

@@ -1,5 +1,19 @@
 ## [Unreleased]
 
+## [0.8.1] - 2024-06-04
+
+- fix error when compliance-template fork question is left blank
+- fix deprecated and then removed use of `npm set-scripts`
+- add a doc/compliance/TODO.md file with tasks that can sometimes be useful on the ATO journey.
+- generalize create_space_deployer.sh to create_service_account.sh to make it easier to create SpaceAuditor users
+- move support scripts set_space_egress.sh, create_service_account.sh, and destroy_service_account.sh out of terraform generator
+
+## [0.8.0] - 2022-07-14
+
+- use rails-erd gem for auto-updating logical data models
+- use cleaner multi-line strings for GitHub Actions deploy steps
+- generate an SBOM for ruby dependencies in either Github Actions or CircleCI using cyclonedx-ruby
+
 ## [0.7.2] - 2022-07-07
 
 - update default node version in github actions to 16.15

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rails_template_18f (0.7.2)
+    rails_template_18f (0.8.1)
       activesupport (~> 7.0.0)
       colorize (~> 0.8)
       railties (~> 7.0.0)
@@ -10,25 +10,25 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (7.0.3)
-      actionview (= 7.0.3)
-      activesupport (= 7.0.3)
-      rack (~> 2.0, >= 2.2.0)
+    actionpack (7.0.8.4)
+      actionview (= 7.0.8.4)
+      activesupport (= 7.0.8.4)
+      rack (~> 2.0, >= 2.2.4)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (7.0.3)
-      activesupport (= 7.0.3)
+    actionview (7.0.8.4)
+      activesupport (= 7.0.8.4)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activesupport (7.0.3)
+    activesupport (7.0.8.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-    ammeter (1.1.5)
+    ammeter (1.1.7)
       activesupport (>= 3.0)
       railties (>= 3.0)
       rspec-rails (>= 2.2)
@@ -36,90 +36,112 @@ GEM
     builder (3.2.4)
     byebug (11.1.3)
     colorize (0.8.1)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.3.1)
     crass (1.0.6)
-    diff-lcs (1.5.0)
-    erubi (1.10.0)
-    i18n (1.10.0)
+    diff-lcs (1.5.1)
+    erubi (1.12.0)
+    i18n (1.14.5)
       concurrent-ruby (~> 1.0)
-    loofah (2.18.0)
+    json (2.7.2)
+    language_server-protocol (3.17.0.3)
+    lint_roller (1.1.0)
+    loofah (2.22.0)
       crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    method_source (1.0.0)
-    minitest (5.16.2)
-    nokogiri (1.13.6-x86_64-darwin)
+      nokogiri (>= 1.12.0)
+    method_source (1.1.0)
+    minitest (5.23.1)
+    nokogiri (1.16.5-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.13.6-x86_64-linux)
+    nokogiri (1.16.5-x86_64-darwin)
       racc (~> 1.4)
-    parallel (1.22.1)
-    parser (3.1.2.0)
+    nokogiri (1.16.5-x86_64-linux)
+      racc (~> 1.4)
+    parallel (1.24.0)
+    parser (3.3.2.0)
       ast (~> 2.4.1)
-    racc (1.6.0)
-    rack (2.2.4)
-    rack-test (2.0.2)
+      racc
+    racc (1.8.0)
+    rack (2.2.9)
+    rack-test (2.1.0)
       rack (>= 1.3)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.3)
-      loofah (~> 2.3)
-    railties (7.0.3)
-      actionpack (= 7.0.3)
-      activesupport (= 7.0.3)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    railties (7.0.8.4)
+      actionpack (= 7.0.8.4)
+      activesupport (= 7.0.8.4)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
       zeitwerk (~> 2.5)
     rainbow (3.1.1)
-    rake (13.0.6)
-    regexp_parser (2.5.0)
-    rexml (3.2.5)
-    rspec (3.11.0)
-      rspec-core (~> 3.11.0)
-      rspec-expectations (~> 3.11.0)
-      rspec-mocks (~> 3.11.0)
-    rspec-core (3.11.0)
-      rspec-support (~> 3.11.0)
-    rspec-expectations (3.11.0)
+    rake (13.2.1)
+    regexp_parser (2.9.2)
+    rexml (3.2.8)
+      strscan (>= 3.0.9)
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.0)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-mocks (3.11.1)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-rails (5.1.2)
-      actionpack (>= 5.2)
-      activesupport (>= 5.2)
-      railties (>= 5.2)
-      rspec-core (~> 3.10)
-      rspec-expectations (~> 3.10)
-      rspec-mocks (~> 3.10)
-      rspec-support (~> 3.10)
-    rspec-support (3.11.0)
-    rubocop (1.29.1)
+      rspec-support (~> 3.13.0)
+    rspec-rails (6.1.2)
+      actionpack (>= 6.1)
+      activesupport (>= 6.1)
+      railties (>= 6.1)
+      rspec-core (~> 3.13)
+      rspec-expectations (~> 3.13)
+      rspec-mocks (~> 3.13)
+      rspec-support (~> 3.13)
+    rspec-support (3.13.1)
+    rubocop (1.63.5)
+      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.1.0.0)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.17.0, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.18.0)
-      parser (>= 3.1.1.0)
-    rubocop-performance (1.13.3)
-      rubocop (>= 1.7.0, < 2.0)
-      rubocop-ast (>= 0.4.0)
-    ruby-progressbar (1.11.0)
-    standard (1.12.1)
-      rubocop (= 1.29.1)
-      rubocop-performance (= 1.13.3)
-    thor (1.2.1)
-    tzinfo (2.0.4)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.31.3)
+      parser (>= 3.3.1.0)
+    rubocop-performance (1.21.0)
+      rubocop (>= 1.48.1, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    ruby-progressbar (1.13.0)
+    standard (1.36.0)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.0)
+      rubocop (~> 1.63.0)
+      standard-custom (~> 1.0.0)
+      standard-performance (~> 1.4)
+    standard-custom (1.0.2)
+      lint_roller (~> 1.0)
+      rubocop (~> 1.50)
+    standard-performance (1.4.0)
+      lint_roller (~> 1.1)
+      rubocop-performance (~> 1.21.0)
+    strscan (3.1.0)
+    thor (1.3.1)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.2.0)
-    zeitwerk (2.6.0)
+    unicode-display_width (2.5.0)
+    zeitwerk (2.6.15)
 
 PLATFORMS
+  arm64-darwin-23
   x86_64-darwin-20
   x86_64-darwin-21
   x86_64-linux

data/README.md

@@ -1,71 +1,90 @@
-18F-Flavored Rails 7 Project
+18F Rails Template
 ============================
+The 18F Rails template starts or upgrades Rails projects so that they're more secure, follow compliance rules, and are nearly ready to deploy onto cloud.gov. This gem sets up security checks and compliance diagrams, adds the U.S. Web Design System (USWDS), and much much more — [see the full list of features](#features).
 
 This template will create a new Rails 7.0.x project.
 
-See the `rails-6` branch for Rails 6.1.x
+[See the `rails-6` branch for Rails 6.1.x](https://github.com/18F/rails-template/tree/rails-6)
 
-## Use for new Rails Project
+## Installation
 
-1. `gem install rails_template_18f`
-1. `rails_template_18f help new` for usage instructions
+### For a new Rails project
 
-### Choosing whether to use `--hotwire`
+1. Install the gem:
+```
+$ gem install rails_template_18f
+```
 
-#### Server Rendered _or_ Single Page Applications
+2. Decide whether to install Rails with Hotwire, a framework for client-side interactivity using JavaScript
+  - **For entirely server-side rendered applications**, without any Javascript:
+    - Use the default configuration (`rails_template_18f new <project name> --no-hotwire`)
+  - **For applications that need [a bit of client-side interactivity][aBitOfJS]**, but not a full single page application like React or Vue:
+    - Use Hotwire (`rails_template_18f new <project name> --hotwire`)
+  - **For single-page applications** where most of the interaction will take place via JavaScript, and which will use a framework like React or Vue:
+    - Use the default configuration (`rails_template_18f new <project name> --no-hotwire`)
 
-`rails_template_18f new <<PATH_TO_PROJECT>>` _or_ `rails_template_18f new <<PATH_TO_PROJECT>> --no-hotwire`
+The `--hotwire` flag means that [Hotwire](https://hotwired.dev/) and [ActionCable](https://guides.rubyonrails.org/action_cable_overview.html) are installed. ActionCable is included to enable the [Turbo Streams](https://turbo.hotwired.dev/handbook/streams) functionality of Hotwire.
 
-This creates a Rails application that is appropriate for both server-rendered applications,
-as well as a basis for installing a separate Single Page Application (SPA) library such as React.
+Before installing, you may want to consider the other application configuration options in the next section.
 
-#### A bit more JavaScript needed
+[aBitOfJS]: https://engineering.18f.gov/web-architecture/#:~:text=are%20more%20complex-,If%20your%20use%20case%20requires%20a%20bit%20of%20client%2Dside%20interactivity%2C%20use%20the%20above%20options%20with%20a%20bit%20of%20JavaScript.,-You%20might%20use
 
-`rails_template_18f new <<PATH_TO_PROJECT>> --hotwire`
+#### Advanced configuration
 
-This creates a Rails application that includes the [Hotwire](https://hotwired.dev/) JavaScript framework.
+There are a variety of options that customize your Rails application.
 
-Hotwire can be used to add [a bit of JavaScript](https://engineering.18f.gov/web-architecture/#:~:text=are%20more%20complex-,If%20your%20use%20case%20requires%20a%20bit%20of%20client%2Dside%20interactivity%2C%20use%20the%20above%20options%20with%20a%20bit%20of%20JavaScript.,-You%20might%20use)
-for more interactivity than server-rendered apps, but less than a full SPA.
+**Important:** Do not use flags `--skip-bundle` or `--skip-javascript`, or various parts of this template will break.
 
-### Available Options
+#### Default configuration
 
-The following options can be added to change how the template behaves.
+```sh
+--skip-active-storage   # Don't include ActiveStorage for document upload
+--skip-action-text      # Don't include ActionText libraries for WYSIWYG editing
+--skip-action-cable     # Don't include ActionCable websocket implementation
+--skip-action-mailbox   # Don't include inbound email
+--skip-hotwire          # Don't include Hotwire JS library
+--skip-test             # Skip built-in test framework. (We include RSpec)
+--javascript=webpack    # Use webpack for JS bundling
+--css=postcss           # Use the PostCSS framework for bundling CSS
+--template=template.rb  # Add additional configuration from template.rb
+--database=postgresql   # Use a PostgreSQL database
+```
 
-**Important:** You must not pass `--skip-bundle` or `--skip-javascript` to `rails_template_18f` or various aspects of the template will be broken
+#### Customizing the installation
 
-#### `--javascript=esbuild`
+| Option | Description |
+|--------|-------------|
+| `--no-skip-<framework>` | Each of the skipped frameworks listed above (also in `railsrc`) can be overridden on the command line. For example: `--no-skip-active-storage` will include support for `ActiveStorage` document uploads |
+| `--javascript=esbuild` | Use [esbuild](https://esbuild.github.io/) instead of [webpack](https://webpack.js.org/) for JavaScript bundling. Note that maintaining IE11 support with esbuild may be tricky. |
+| `--no-skip-<FRAMEWORK>` | Each of the skipped frameworks in `railsrc` can be overridden on the command line. For example: `--no-skip-active-storage` will include support for `ActiveStorage` document uploads |
 
-Use [esbuild](https://esbuild.github.io/) instead of [webpack](https://webpack.js.org/) for JavaScript bundling. Note that
-maintaining IE11 support with esbuild may be tricky.
+You probably won't want to customize the template — that defeats the purpose of using this gem!
 
-#### `--no-skip-FRAMEWORK`
+_TODO: Documentation on whether you can override the `css` and `database` options._
 
-Each of the skipped frameworks in `railsrc` can be overridden on the command line. For example: `--no-skip-active-storage` will include support for `ActiveStorage` document uploads
+### For an existing Rails project
 
-### What default use or `--no-hotwire` does
+Installing this gem in a new Rails project will _TODO: say how it will help_
 
-```
---skip-active-storage   # don't include ActiveStorage for document upload
---skip-action-text      # don't include ActionText libraries for WYSIWYG editing
---skip-action-cable     # don't include ActionCable websocket implementation
---skip-action-mailbox   # don't include inbound email
---skip-hotwire          # don't include Hotwire JS library
---skip-test             # Skip built in test framework. (RSpec included via template.rb)
---javascript=webpack    # Use webpack for JS bundling
---css=postcss           # Use the postcss CSS bundling framework
---template=template.rb  # add additional configuration from template.rb
---database=postgresql   # default to PostgreSQL
+Add this line to your application's Gemfile:
+
+```ruby
+gem "rails_template_18f", group: :development
 ```
 
-### What `--hotwire` does
+And then run:
 
-Identical to `--no-hotwire` except that [Hotwire](https://hotwired.dev/) and [ActionCable](https://guides.rubyonrails.org/action_cable_overview.html) are not skipped.
+    $ bundle install
 
-ActionCable is included to enable the [Turbo Streams](https://turbo.hotwired.dev/handbook/streams) functionality of Hotwire.
+For a list of commands this gem can perform, run:
 
+    $ rails generate | grep 18f
 
-### What `template.rb` does
+_TODO: Add documentation on each option._
+
+### Features
+
+This template does a lot! The template completes the following to-do list to make your application more secure, closer to standards-compliant, and nearly production-ready.
 
 1. Create a better default `README`
 1. Copy `CONTRIBUTING.md` and `LICENSE.md` from the [18F Open Source Policy repo](https://github.com/18F/open-source-policy/)
@@ -101,29 +120,7 @@ ActionCable is included to enable the [Turbo Streams](https://turbo.hotwired.dev
 1. Create [Architecture Decision Records](https://adr.github.io/) for above setup
 1. Commit the resulting project with git (unless `--skip-git` is passed)
 
-## Use for an existing Rails project
-
-### Installation
-
-Add this line to your application's Gemfile:
-
-```ruby
-gem "rails_template_18f", group: :development
-```
-
-And then run:
-
-  $ bundle install
-
-Or install it yourself as:
-
-  $ gem install rails_template_18f
-
-### Usage
-
-Run `rails generate` for a list of commands this gem can run
-
-## Development
+## Developing this gem
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 
@@ -133,6 +130,6 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/18f/rails-template. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/18f/rails-template/blob/main/CODE_OF_CONDUCT.md).
 
-## Code of Conduct
+## Code of conduct
 
 Everyone interacting in the 18F Rails Template project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/rahearn/rails-template-18f/blob/main/CODE_OF_CONDUCT.md).

data/lib/generators/rails_template18f/active_storage/active_storage_generator.rb

@@ -86,10 +86,6 @@ module RailsTemplate18f
         end
       end
 
-      def update_data_model_uml
-        insert_into_file "doc/compliance/apps/data.logical.md", data_model_uml, before: "@enduml"
-      end
-
       def generate_adr
         adr_dir = File.expand_path(File.join("doc", "adr"), destination_root)
         if Dir.exist? adr_dir
@@ -108,45 +104,6 @@ module RailsTemplate18f
           EOS
         end
       end
-
-      no_tasks do
-        def data_model_uml
-          <<~UML
-            class file_uploads {
-              * id : bigint <<generated>>
-              * scan_status : string
-              * record_id : bigint
-              * record_type : string
-            }
-            class active_storage_attachments {
-              * id : bigint <<generated>>
-              * name : string
-              * record_type : string
-              * record_id : bigint
-              * blob_id : bigint
-              * created_at : timestamp without time zone
-            }
-            class active_storage_blobs {
-              * id : bigint <<generated>>
-              * key : string
-              * filename : string
-              content_type : string
-              metadata : text
-              * service_name : string
-              * byte_size : bigint
-              checksum : string
-              * created_at : timestamp without time zone
-            }
-            class active_storage_variant_records {
-              * id : bigint <<generated>>
-              * variation_digest : string
-            }
-            file_uploads ||--|| active_storage_attachments
-            active_storage_attachments ||--|{ active_storage_blobs
-            active_storage_variant_records ||--|{ active_storage_blobs
-          UML
-        end
-      end
     end
   end
 end

data/lib/generators/rails_template18f/circleci/templates/circleci/config.yml.tt

@@ -133,6 +133,20 @@ jobs:
           name: Yarn audit
           command: bundle exec rake yarn:audit
 
+  sbom_generation:
+    docker:
+      - image: cimg/ruby:<%= ruby_version %>
+    steps:
+      - setup-project
+      - run:
+          name: Install cyclonedx
+          command: gem install cyclonedx-ruby
+      - run:
+          name: Generate BOM
+          command: cyclonedx-ruby -p . -o ruby_bom.xml
+      - store_artifacts:
+          path: ./ruby_bom.xml
+
   owasp_scan:
     machine:
       image: ubuntu-2004:202111-02
@@ -343,6 +357,9 @@ workflows:
       - static_security_scans:
           requires:
             - build
+      - sbom_generation:
+          requires:
+            - build
       - owasp_scan:
           requires:
             - build

data/lib/generators/rails_template18f/github_actions/templates/github/workflows/dependency-scans.yml

@@ -37,3 +37,20 @@ jobs:
 
       - name: Run yarn audit
         run: bundle exec rake yarn:audit
+
+  ruby-bom:
+    name: Ruby SBOM Generation
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ./.github/actions/setup-languages
+      - name: Install cyclonedx
+        run: gem install cyclonedx-ruby
+      - name: Generate BOM
+        run: cyclonedx-ruby -p . -o ruby_bom.xml
+      - name: Save BOM
+        uses: actions/upload-artifact@v3
+        with:
+          name: ruby-bom
+          path: ./ruby_bom.xml

data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml.tt

@@ -50,4 +50,6 @@ jobs:
           cf_password: ${{ secrets.CF_PASSWORD }}
           cf_org: <%= cloud_gov_organization %>
           cf_space: <%= cloud_gov_production_space %>
-          push_arguments: "--vars-file config/deployment/production.yml --var rails_master_key=$RAILS_MASTER_KEY"
+          push_arguments: >-
+            --vars-file config/deployment/production.yml
+            --var rails_master_key=$RAILS_MASTER_KEY

data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-staging.yml.tt

@@ -50,4 +50,6 @@ jobs:
           cf_password: ${{ secrets.CF_PASSWORD }}
           cf_org: <%= cloud_gov_organization %>
           cf_space: <%= cloud_gov_staging_space %>
-          push_arguments: "--vars-file config/deployment/staging.yml --var rails_master_key=$RAILS_MASTER_KEY"
+          push_arguments: >-
+            --vars-file config/deployment/staging.yml
+            --var rails_master_key=$RAILS_MASTER_KEY

data/lib/generators/rails_template18f/rails_erd/rails_erd_generator.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module RailsTemplate18f
+  module Generators
+    class RailsErdGenerator < ::Rails::Generators::Base
+      include Base
+
+      desc <<~DESC
+        Description:
+          Install rails-erd and configure to automatically run on db migration
+      DESC
+
+      def install_graphviz
+        append_to_file "Brewfile", <<~EOB
+
+          # used by rails-erd documentation tool
+          brew "graphviz"
+        EOB
+      end
+
+      def install_gem
+        return if gem_installed?("rails-erd")
+        gem "rails-erd", "~> 1.7", group: :development
+      end
+
+      def install_helper_tasks
+        bundle_install do
+          generate "erd:install"
+        end
+      end
+
+      def copy_config
+        copy_file "erdconfig", ".erdconfig"
+      end
+
+      def update_readme
+        insert_into_file "doc/compliance/README.md", <<~EOM, before: "## Development"
+          ### Logical Data Model
+
+          The logical data model will be auto-generated on each database migration.
+          The rendered output is saved to doc/compliance/rendered/apps/data.logical.pdf
+
+        EOM
+      end
+    end
+  end
+end

data/lib/generators/rails_template18f/rails_erd/templates/erdconfig

@@ -0,0 +1,9 @@
+attributes:
+  - content
+  - timestamps
+filename: "doc/compliance/rendered/apps/data.logical"
+filetype: pdf
+inheritance: false
+orientation: horizontal
+polymorphism: false
+exclude: "ActiveRecord::InternalMetadata,ActiveRecord::SchemaMigration"

data/lib/generators/rails_template18f/terraform/templates/terraform/README.md.tt

@@ -59,7 +59,7 @@ The bootstrap module is used to create an s3 bucket for later terraform runs to
 A [SpaceDeployer](https://cloud.gov/docs/services/cloud-gov-service-account/) account is required to run terraform or
 deploy the application from the CI/CD pipeline. Create a new account by running:
 
-`./create_space_deployer.sh <SPACE_NAME> <ACCOUNT_NAME>`
+`../bin/ops/create_service_account.sh -s <SPACE_NAME> -u <ACCOUNT_NAME>`
 
 ## Set up a new environment manually
 
@@ -75,7 +75,7 @@ The below steps rely on you first configuring access to the Terraform state in s
     # something that communicates the purpose of the deployer
     # for example: circleci-deployer for the credentials CircleCI uses to
     # deploy the application or <your_name>-terraform for credentials to run terraform manually
-    ../create_space_deployer.sh <SPACE_NAME> <ACCOUNT_NAME> > secrets.auto.tfvars
+    ../../bin/ops/create_service_account.sh -s <SPACE_NAME> -u <ACCOUNT_NAME> > secrets.auto.tfvars
     ```
 
     The script will output the `username` (as `cf_user`) and `password` (as `cf_password`) for your `<ACCOUNT_NAME>`. Read more in the [cloud.gov service account documentation](https://cloud.gov/docs/services/cloud-gov-service-account/).
@@ -93,7 +93,7 @@ The below steps rely on you first configuring access to the Terraform state in s
 1. Remove the space deployer service instance if it doesn't need to be used again, such as when manually running terraform once.
     ```bash
     # <SPACE_NAME> and <ACCOUNT_NAME> have the same values as used above.
-    ../destroy_space_deployer.sh <SPACE_NAME> <ACCOUNT_NAME>
+    ../../bin/ops/destroy_service_account.sh -s <SPACE_NAME> -u <ACCOUNT_NAME>
     ```
 
 ## Structure

data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/main.tf.tt

@@ -4,7 +4,7 @@ locals {
 }
 
 module "s3" {
-  source = "../shared/s3"
+  source = "github.com/18f/terraform-cloudgov//s3"
 
   cf_api_url      = local.cf_api_url
   cf_user         = var.cf_user

data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/run.sh.tt

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 if [[ ! -f "secrets.auto.tfvars" ]]; then
-  ../create_space_deployer.sh <%= cloud_gov_production_space %> config-bootstrap-deployer > secrets.auto.tfvars
+  ../../bin/ops/create_service_account.sh -s <%= cloud_gov_production_space %> -u config-bootstrap-deployer > secrets.auto.tfvars
 fi
 
 if [[ $# -gt 0 ]]; then