rails_template_18f 1.0.0 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a7f0ec410febea02b2e3cbc4200373ebbe5b2403f2bd643433acd8d493af8729
4
- data.tar.gz: 6a58037093cf649f10bd0ae6166372c8d878e0eecf547baf0ab9be4be91b5d59
3
+ metadata.gz: ea2ec3406d7768825b772437242ea1b106d635ef1e4231b0a3c5b7959c88574f
4
+ data.tar.gz: edce599ccfdb6455e5dd8a781aecd37c54ec1d94045aba71735d9262885070e1
5
5
  SHA512:
6
- metadata.gz: 04c73690530b927f6cf0063c512f580725d19fcad7cce351b24e672b3169167747ae5c344ee437ca078bf4077f53bc7678a0fcdb0b5cf59b3743cec7ecfe79a0
7
- data.tar.gz: 6aabb2b9fa5191ed1f295605d47153e79c753880eb8038591ceee1ac733185ddd23de64a7f0041f602527c12f4f92f627fe4a6379772b14cebe36fe87bcdf102
6
+ metadata.gz: 6b1cd11a24976b6eeb067ac5ff3dc050c6e049dc2e5875d55b24b269059233b7503cb9eeeb6f70df78543dd30e6a69bc9cbaf8d15f9b38aba7e568847f830bd4
7
+ data.tar.gz: 3cbeed2a16a2f6b89d31f193540556b56e12fa575f659feb513ba75cfea06b1bb19f7fcfcae501fc0ec576a8dead1d7bca87d058c67d3db605611bc6f6551eb2
data/CHANGELOG.md CHANGED
@@ -1,5 +1,11 @@
1
1
  ## [Unreleased]
2
2
 
3
+
4
+ ## [1.1.0] - 2024-08-20
5
+
6
+ - add an auditree generator for integration with auditree-devtools and github actions to run it
7
+ - remove the obsolete entry to include nodejs_buildpack in cloud.gov manifest.yml
8
+
3
9
  ## [1.0.0] - 2024-06-27
4
10
 
5
11
  - new applications are now on Rails 7.1.x
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- rails_template_18f (1.0.0)
4
+ rails_template_18f (1.1.0)
5
5
  activesupport (~> 7.1.0)
6
6
  colorize (~> 1.1)
7
7
  railties (~> 7.1.0)
@@ -0,0 +1,84 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "rails/generators"
4
+
5
+ module RailsTemplate18f
6
+ module Generators
7
+ class AuditreeGenerator < ::Rails::Generators::Base
8
+ include Base
9
+
10
+ class_option :tag, desc: "Which auditree docker tag to use. Defaults to `latest`"
11
+ class_option :git_email, desc: "Email address to associate with commits to the evidence locker"
12
+
13
+ desc <<~DESC
14
+ Description:
15
+ Set up auditree validation checking with https://github.com/GSA-TTS/devtools-auditree.
16
+
17
+ This generator is still experimental.
18
+ DESC
19
+
20
+ def copy_bin
21
+ template "bin/auditree"
22
+ chmod "bin/auditree", 0o755
23
+ end
24
+
25
+ def copy_github_actions
26
+ if file_exists? ".github/workflows"
27
+ directory "github", ".github"
28
+ end
29
+ end
30
+
31
+ def update_readme
32
+ if file_content("README.md").match?("## Documentation")
33
+ insert_into_file "README.md", readme_contents, after: "## Documentation\n"
34
+ else
35
+ append_to_file "README.md", "\n## Documentation\n#{readme_contents}"
36
+ end
37
+ end
38
+
39
+ def update_component_list
40
+ if oscal_dir_exists?
41
+ insert_into_file "doc/compliance/oscal/trestle-config.yaml", " - devtools_cloud_gov\n"
42
+ end
43
+ end
44
+
45
+ no_tasks do
46
+ def docker_auditree_tag
47
+ options[:tag].present? ? options[:tag] : "latest"
48
+ end
49
+
50
+ def git_email
51
+ options[:git_email].present? ? options[:git_email] : "TKTK-email@gsa.gov"
52
+ end
53
+
54
+ def readme_contents
55
+ <<~README
56
+
57
+ ### Auditree Control Validation
58
+
59
+ Auditree is used within CI/CD to validate that certain controls are in place.
60
+
61
+ * Run `bin/auditree` to start the auditree CLI.
62
+ * Run `bin/auditree SCRIPT_NAME` to run a single auditree script
63
+
64
+ #### Initial auditree setup.
65
+
66
+ These steps must happen once per project.
67
+
68
+ 1. Docker desktop must be running
69
+ 1. Initialize the config file with `bin/auditree init > config/auditree.template.json`
70
+ 1. Create an evidence locker repository with a default or blank README
71
+ 1. Create a github personal access token to interact with the code repo and evidence locker and set as `AUDITREE_GITHUB_TOKEN` secret within your production Github environment secrets.
72
+ 1. Update `config/auditree.template.json` with the repo addresses for your locker and code repos
73
+ 1. Copy the `devtools_cloud_gov` component definition into the project with the latest docker-trestle
74
+
75
+ #### Ongoing use
76
+
77
+ See the [auditree-devtools README](https://github.com/gsa-tts/auditree-devtools) for help with updating
78
+ auditree and using new checks.
79
+ README
80
+ end
81
+ end
82
+ end
83
+ end
84
+ end
@@ -0,0 +1,29 @@
1
+ #! /usr/bin/env bash
2
+ usage="
3
+ $0: Run auditree docker image.
4
+
5
+ Usage:
6
+ $0 -h
7
+ $0
8
+ $0 init > path/to/auditree.template.json
9
+ $0 fetch
10
+ $0 check > path/to/assessment-results/auditree/assessment-results.json
11
+
12
+ Notes:
13
+ The following environment variables will be passed through to the docker image:
14
+ * GITHUB_TOKEN - a token that has permissions to read and write to the evidence locker and code repository. Required for all but 'init'
15
+ * CF_USERNAME - the cloud.gov username to fetch evidence from cloud.gov, only needed when running fetch script
16
+ * CF_PASSWORD - the cloud.gov password to fetch evidence from cloud.gov, only needed when running fetch script
17
+ "
18
+
19
+ if [ "$1" = "-h" ]; then
20
+ echo "$usage"
21
+ exit 0
22
+ fi
23
+
24
+ command="bash"
25
+ if [ "$1" != "" ]; then
26
+ command=$1
27
+ fi
28
+
29
+ docker run -e GITHUB_TOKEN -e CF_USERNAME -e CF_PASSWORD -e GIT_EMAIL="<%= git_email %>" -it --rm ghcr.io/gsa-tts/auditree:<%= docker_auditree_tag %> $command
@@ -0,0 +1,31 @@
1
+ name: "Run an auditree-devtools command"
2
+ description: "Sets up workspace for running a single command in auditree-devtools"
3
+ inputs:
4
+ tag:
5
+ description: auditree-devtools tag to use. Defaults to <%= docker_auditree_tag %>
6
+ required: false
7
+ default: <%= docker_auditree_tag %>
8
+ cmd:
9
+ description: Command to run within auditree-devtools
10
+ required: true
11
+ email:
12
+ description: Git user email to attribute to evidence updates
13
+ required: true
14
+ config_template:
15
+ description: Auditree config file template
16
+ required: false
17
+ default: config/auditree.template.json
18
+ cdef:
19
+ description: OSCAL Component Definition being used as baseline for assessment results
20
+ required: false
21
+ default: doc/compliance/oscal/component-definitions/devtools_cloud_gov/component-definition.json
22
+ runs:
23
+ using: "composite"
24
+ steps:
25
+ - name: Run cmd
26
+ shell: bash
27
+ run:
28
+ docker run -v $GITHUB_WORKSPACE/${{inputs.config_template}}:/app/auditree.template.json:ro
29
+ -v $GITHUB_WORKSPACE/${{inputs.cdef}}:/app/cdef.json:ro
30
+ -e GITHUB_TOKEN -e CF_USERNAME -e CF_PASSWORD -e GIT_EMAIL="${{inputs.email}}"
31
+ ghcr.io/gsa-tts/auditree:${{ inputs.tag }} ${{ inputs.cmd }}
@@ -0,0 +1,42 @@
1
+ name: Run Auditree Checks
2
+
3
+ on:
4
+ workflow_dispatch:
5
+ schedule:
6
+ # cron format: 'minute hour dayofmonth month dayofweek'
7
+ # this will run at 11am UTC every day (6am EST / 7am EDT)
8
+ - cron: '0 11 * * *'
9
+
10
+ jobs:
11
+ run_auditree:
12
+ name: Fetch and check auditree evidence
13
+ runs-on: ubuntu-latest
14
+ environment: production
15
+ steps:
16
+ - uses: actions/checkout@v4
17
+
18
+ - name: Fetch evidence
19
+ uses: ./.github/actions/auditree-cmd
20
+ env:
21
+ CF_USERNAME: ${{ secrets.CF_USERNAME }}
22
+ CF_PASSWORD: ${{ secrets.CF_PASSWORD }}
23
+ GITHUB_TOKEN: ${{ secrets.AUDITREE_GITHUB_TOKEN }}
24
+ with:
25
+ cmd: fetch
26
+ email: "<%= git_email %>"
27
+
28
+ - name: Check evidence
29
+ uses: ./.github/actions/auditree-cmd
30
+ env:
31
+ CF_USERNAME: ${{ secrets.CF_USERNAME }}
32
+ CF_PASSWORD: ${{ secrets.CF_PASSWORD }}
33
+ GITHUB_TOKEN: ${{ secrets.AUDITREE_GITHUB_TOKEN }}
34
+ with:
35
+ cmd: check > doc/compliance/oscal/assessment-results/auditree/assessment-results.json
36
+ email: "<%= git_email %>"
37
+
38
+ - name: Save results
39
+ uses: actions/upload-artifact@v4
40
+ with:
41
+ name: auditree_assessment_results
42
+ path: doc/compliance/oscal/assessment-results/auditree
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module RailsTemplate18f
4
- VERSION = "1.0.0"
4
+ VERSION = "1.1.0"
5
5
  end
data/template.rb CHANGED
@@ -69,6 +69,8 @@ if compliance_trestle_submodule && compliance_trestle_repo.blank?
69
69
  compliance_trestle = false
70
70
  compliance_trestle_submodule = false
71
71
  end
72
+ # only ask about auditree if we're also using docker-trestle
73
+ auditree = compliance_trestle ? yes?("Run compliance checks with auditree? (y/n)") : false
72
74
 
73
75
  terraform = yes?("Create terraform files for cloud.gov services? (y/n)")
74
76
  @cloud_gov_organization = ask("What is your cloud.gov organization name? (Leave blank to fill in later)")
@@ -458,6 +460,12 @@ if @circleci_pipeline
458
460
  EOM
459
461
  end
460
462
 
463
+ if auditree
464
+ after_bundle do
465
+ generate "rails_template18f:auditree"
466
+ end
467
+ end
468
+
461
469
  # setup production credentials file
462
470
  require "rails/generators"
463
471
  require "rails/generators/rails/encryption_key_file/encryption_key_file_generator"
@@ -2,7 +2,6 @@
2
2
  applications:
3
3
  - name: <%= app_name %>-((env))
4
4
  buildpacks:
5
- - nodejs_buildpack
6
5
  - ruby_buildpack
7
6
  env:
8
7
  RAILS_MASTER_KEY: ((rails_master_key))
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails_template_18f
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryan Ahearn
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-06-27 00:00:00.000000000 Z
11
+ date: 2024-08-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: railties
@@ -136,6 +136,10 @@ files:
136
136
  - lib/generators/rails_template18f/active_storage/templates/oscal/component-definitions/active_storage/component-definition.json
137
137
  - lib/generators/rails_template18f/active_storage/templates/spec/jobs/file_scan_job_spec.rb
138
138
  - lib/generators/rails_template18f/active_storage/templates/spec/models/file_upload_spec.rb
139
+ - lib/generators/rails_template18f/auditree/auditree_generator.rb
140
+ - lib/generators/rails_template18f/auditree/templates/bin/auditree.tt
141
+ - lib/generators/rails_template18f/auditree/templates/github/actions/auditree-cmd/action.yml.tt
142
+ - lib/generators/rails_template18f/auditree/templates/github/workflows/auditree-validation.yml.tt
139
143
  - lib/generators/rails_template18f/circleci/circleci_generator.rb
140
144
  - lib/generators/rails_template18f/circleci/templates/Dockerfile.ci.tt
141
145
  - lib/generators/rails_template18f/circleci/templates/bin/ci-server-start