RubyGems - rails_template_18f - Versions diffs - 1.0.0 → 1.2.0 - Mend

rails_template_18f 1.0.0 → 1.2.0

Files changed (33) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a7f0ec410febea02b2e3cbc4200373ebbe5b2403f2bd643433acd8d493af8729
-  data.tar.gz: 6a58037093cf649f10bd0ae6166372c8d878e0eecf547baf0ab9be4be91b5d59
+  metadata.gz: 957ad56e218689b3d05f7c31ae6354a4e2c42877567ea87478845b30129cef43
+  data.tar.gz: f5d6045a2632863b50209c557f7460f61f9bacb90a99883b6b090f6580c528d0
 SHA512:
-  metadata.gz: 04c73690530b927f6cf0063c512f580725d19fcad7cce351b24e672b3169167747ae5c344ee437ca078bf4077f53bc7678a0fcdb0b5cf59b3743cec7ecfe79a0
-  data.tar.gz: 6aabb2b9fa5191ed1f295605d47153e79c753880eb8038591ceee1ac733185ddd23de64a7f0041f602527c12f4f92f627fe4a6379772b14cebe36fe87bcdf102
+  metadata.gz: ea0332afd7b819bcd2b03acca406467f9404de6f8e065e980bdabf81ef7083377f8dfc4d6754baaf1a4e6525eaa5190402f7a5307d35fb472960089a62ddba9e
+  data.tar.gz: 5720c1340a3065354de210dd4deccb5577656876501514ac09faf91a133511e92796e0cb18aee299e8894b16394fbacde12419e6c97795a3be086242e9afa815

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 ## [Unreleased]
+## [1.2.0] - 2024-09-20
+- new applications are now on Rails 7.2.x
+- configure dependabot in Github Actions generator
+- fix bin/trestle and bin/auditree so that command line flags are properly passed into the docker containers
+- updates to trestle and auditree github actions
+## [1.1.0] - 2024-08-20
+- add an auditree generator for integration with auditree-devtools and github actions to run it
+- remove the obsolete entry to include nodejs_buildpack in cloud.gov manifest.yml
 ## [1.0.0] - 2024-06-27
 - new applications are now on Rails 7.1.x

data/Gemfile.lock CHANGED Viewed

@@ -1,41 +1,43 @@
 PATH
   remote: .
   specs:
-    rails_template_18f (1.0.0)
-      activesupport (~> 7.1.0)
+    rails_template_18f (1.2.0)
+      activesupport (~> 7.2.0)
       colorize (~> 1.1)
-      railties (~> 7.1.0)
+      railties (~> 7.2.0)
       thor (~> 1.3)
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (7.1.3.4)
-      actionview (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    actionpack (7.2.0)
+      actionview (= 7.2.0)
+      activesupport (= 7.2.0)
       nokogiri (>= 1.8.5)
       racc
-      rack (>= 2.2.4)
+      rack (>= 2.2.4, < 3.2)
       rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    actionview (7.1.3.4)
-      activesupport (= 7.1.3.4)
+      useragent (~> 0.16)
+    actionview (7.2.0)
+      activesupport (= 7.2.0)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activesupport (7.1.3.4)
+    activesupport (7.2.0)
       base64
       bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
       minitest (>= 5.1)
-      mutex_m
-      tzinfo (~> 2.0)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
     ammeter (1.1.7)
       activesupport (>= 3.0)
       railties (>= 3.0)
@@ -43,43 +45,43 @@ GEM
     ast (2.4.2)
     base64 (0.2.0)
     bigdecimal (3.1.8)
-    builder (3.2.4)
+    builder (3.3.0)
     byebug (11.1.3)
     colorize (1.1.0)
-    concurrent-ruby (1.3.1)
+    concurrent-ruby (1.3.4)
     connection_pool (2.4.1)
     crass (1.0.6)
     diff-lcs (1.5.1)
     drb (2.2.1)
-    erubi (1.12.0)
+    erubi (1.13.0)
     i18n (1.14.5)
       concurrent-ruby (~> 1.0)
     io-console (0.7.2)
-    irb (1.13.1)
+    irb (1.14.0)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
     json (2.7.2)
     language_server-protocol (3.17.0.3)
     lint_roller (1.1.0)
+    logger (1.6.0)
     loofah (2.22.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
-    minitest (5.23.1)
-    mutex_m (0.2.0)
-    nokogiri (1.16.5-arm64-darwin)
+    minitest (5.25.1)
+    nokogiri (1.16.7-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.5-x86_64-darwin)
+    nokogiri (1.16.7-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.5-x86_64-linux)
+    nokogiri (1.16.7-x86_64-linux)
       racc (~> 1.4)
-    parallel (1.24.0)
-    parser (3.3.2.0)
+    parallel (1.26.3)
+    parser (3.3.4.2)
       ast (~> 2.4.1)
       racc
     psych (5.1.2)
       stringio
-    racc (1.8.0)
-    rack (3.0.11)
+    racc (1.8.1)
+    rack (3.1.7)
     rack-session (2.0.0)
       rack (>= 3.0.0)
     rack-test (2.1.0)
@@ -94,10 +96,10 @@ GEM
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    railties (7.1.3.4)
-      actionpack (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
-      irb
+    railties (7.2.0)
+      actionpack (= 7.2.0)
+      activesupport (= 7.2.0)
+      irb (~> 1.13)
       rackup (>= 1.0.0)
       rake (>= 12.2)
       thor (~> 1.0, >= 1.2.2)
@@ -107,23 +109,23 @@ GEM
     rdoc (6.7.0)
       psych (>= 4.0.0)
     regexp_parser (2.9.2)
-    reline (0.5.8)
+    reline (0.5.9)
       io-console (~> 0.5)
-    rexml (3.2.8)
-      strscan (>= 3.0.9)
+    rexml (3.3.6)
+      strscan
     rspec (3.13.0)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
     rspec-core (3.13.0)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.0)
+    rspec-expectations (3.13.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-mocks (3.13.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-rails (6.1.2)
+    rspec-rails (6.1.4)
       actionpack (>= 6.1)
       activesupport (>= 6.1)
       railties (>= 6.1)
@@ -132,27 +134,28 @@ GEM
       rspec-mocks (~> 3.13)
       rspec-support (~> 3.13)
     rspec-support (3.13.1)
-    rubocop (1.63.5)
+    rubocop (1.65.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
+      regexp_parser (>= 2.4, < 3.0)
       rexml (>= 3.2.5, < 4.0)
       rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.31.3)
+    rubocop-ast (1.32.1)
       parser (>= 3.3.1.0)
-    rubocop-performance (1.21.0)
+    rubocop-performance (1.21.1)
       rubocop (>= 1.48.1, < 2.0)
       rubocop-ast (>= 1.31.1, < 2.0)
     ruby-progressbar (1.13.0)
-    standard (1.36.0)
+    securerandom (0.3.1)
+    standard (1.40.0)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)
-      rubocop (~> 1.63.0)
+      rubocop (~> 1.65.0)
       standard-custom (~> 1.0.0)
       standard-performance (~> 1.4)
     standard-custom (1.0.2)
@@ -161,14 +164,15 @@ GEM
     standard-performance (1.4.0)
       lint_roller (~> 1.1)
       rubocop-performance (~> 1.21.0)
-    stringio (3.1.0)
+    stringio (3.1.1)
     strscan (3.1.0)
     thor (1.3.1)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.5.0)
+    useragent (0.16.10)
     webrick (1.8.1)
-    zeitwerk (2.6.15)
+    zeitwerk (2.6.17)
 PLATFORMS
   arm64-darwin-23
@@ -182,7 +186,7 @@ DEPENDENCIES
   rails_template_18f!
   rake (~> 13.0)
   rspec (~> 3.13)
-  standard (~> 1.36)
+  standard (~> 1.40)
 BUNDLED WITH
-   2.3.15
+   2.5.16

data/README.md CHANGED Viewed

@@ -2,40 +2,28 @@
 ============================
 The 18F Rails template starts or upgrades Rails projects so that they're more secure, follow compliance rules, and are nearly ready to deploy onto cloud.gov. This gem sets up security checks and compliance diagrams, adds the U.S. Web Design System (USWDS), and much much more — [see the full list of features](#features).
-This template will create a new Rails 7.1.x project.
+This template will create a new Rails 7.2.x project.
-[See the `rails-7.0` branch for Rails 7.0.x](https://github.com/gsa-tts/rails-template/tree/rails-7.0)
+[See the `rails-7.1` branch for Rails 7.1.x](https://github.com/gsa-tts/rails-template/tree/rails-7.1)
-## Installation
+## Usage
 ### For a new Rails project
-1. Install the gem:
+#### Install the gem:
 ```
 $ gem install rails_template_18f
 ```
-2. Decide whether to install Rails with Hotwire, a framework for client-side interactivity using JavaScript
-  - **For entirely server-side rendered applications**, without any Javascript:
-    - Use the default configuration (`rails_template_18f new <project name> --no-hotwire`)
-  - **For applications that need [a bit of client-side interactivity][aBitOfJS]**, but not a full single page application like React or Vue:
-    - Use Hotwire (`rails_template_18f new <project name> --hotwire`)
-  - **For single-page applications** where most of the interaction will take place via JavaScript, and which will use a framework like React or Vue:
-    - Use the default configuration (`rails_template_18f new <project name> --no-hotwire`)
+#### Decide whether to install Rails with Hotwire
-The `--hotwire` flag means that [Hotwire](https://hotwired.dev/) and [ActionCable](https://guides.rubyonrails.org/action_cable_overview.html) are installed. ActionCable is included to enable the [Turbo Streams](https://turbo.hotwired.dev/handbook/streams) functionality of Hotwire.
+[Hotwire](hotwire) is a framework for client-side interactivity using JavaScript that stops short of a full Single Page Application (SPA) framework like React or Vue.
-Before installing, you may want to consider the other application configuration options in the next section.
+It is a good choice if you need [a bit of client-side interactivity][aBitOfJS]. Do not use Hotwire if you either will have almost no Javascript at all, or if you are going to use a full SPA.
-[aBitOfJS]: https://engineering.18f.gov/web-architecture/#:~:text=are%20more%20complex-,If%20your%20use%20case%20requires%20a%20bit%20of%20client%2Dside%20interactivity%2C%20use%20the%20above%20options%20with%20a%20bit%20of%20JavaScript.,-You%20might%20use
+#### Review the defaults and decide if you want to override any of them
-#### Advanced configuration
-There are a variety of options that customize your Rails application.
-**Important:** Do not use flags `--skip-bundle` or `--skip-javascript`, or various parts of this template will break.
-#### Default configuration
+<details><summary>Default configuration</summary>
 ```sh
 --skip-active-storage   # Don't include ActiveStorage for document upload
@@ -49,19 +37,95 @@ There are a variety of options that customize your Rails application.
 --css=postcss           # Use the PostCSS framework for bundling CSS
 --template=template.rb  # Add additional configuration from template.rb
 --database=postgresql   # Use a PostgreSQL database
+--skip-rubocop          # Skip rubocop integration in favor of Standard Ruby
+--skip-ci               # Skip github actions in favor of our CI generators
 ```
-#### Customizing the installation
+If you are using Hotwire, then `--skip-hotwire` and `--skip-action-cable` are automatically removed from this list, as they are required for the Hotwire functionality.
+</details>
+<br />
+Add the following options at the end of your `rails_template_18f new` command to overwrite any of those defaults.
 | Option | Description |
 |--------|-------------|
 | `--no-skip-<framework>` | Each of the skipped frameworks listed above (also in `railsrc`) can be overridden on the command line. For example: `--no-skip-active-storage` will include support for `ActiveStorage` document uploads |
 | `--javascript=esbuild` | Use [esbuild](https://esbuild.github.io/) instead of [webpack](https://webpack.js.org/) for JavaScript bundling. Note that maintaining IE11 support with esbuild may be tricky. |
-You probably won't want to customize the template — that defeats the purpose of using this gem!
 _TODO: Documentation on whether you can override the `css` and `database` options._
+**Important:** Do not use flags `--skip-bundle` or `--skip-javascript`, or various parts of this template will break.
+#### Create your application
+<details><summary>If you are using Hotwire, run:</summary>
+```
+$ rails_template_18f new <project name> --hotwire ADDITIONAL_CONFIG_OPTIONS
+```
+</details>
+<details><summary>If you are not using Hotwire, run:</summary>
+```
+$ rails_template_18f new <project name> ADDITIONAL_CONFIG_OPTIONS
+```
+</details>
+#### Answer the setup questions that the template asks
+The template asks questions to ensure your new application is set up for your use case.
+<details><summary>Set up docker-trestle integration for Compliance-as-Code?</summary>
+Answer `y` to integrate with [docker-trestle](https://github.com/gsa-tts/docker-trestle) for creating compliance documents in markdown and [OSCAL](https://pages.nist.gov/OSCAL/).
+Follow up questions if you answer `y`:
+* "Set up compliance documents as a git submodule?" Answer `y` if you want compliance documents to be stored in a separate git repository and linked to your app as a submodule. Answer `n` to have documents checked directly into your code repo.
+  * If you answer `y`, you'll need to provide the address of the compliance repository.
+* "Run compliance checks with auditree?" Answer `y` if you want to integrate with [auditree](https://github.com/gsa-tts/auditree-devtools) for automated compliance checks.
+</details>
+<details><summary>Create terraform files for cloud.gov services?</summary>
+Answer `y` to run the `terraform` generator. This includes a `/terraform` folder defining services and infrastructure within cloud.gov as well as support for deploying that infrastructure in your chosen CI/CD pipeline.
+</details>
+<details><summary>Cloud.gov organization and space names</summary>
+Provide your cloud.gov organization and space names for use in terraform and deploy scripts.
+</details>
+<details><summary>Create GitHub Actions?</summary>
+Answer `y` to create Github Actions workflows for running tests, scans, and deploys. Also configures Dependabot.
+</details>
+<details><summary>Create CircleCI config?</summary>
+Answer `y` to create a CircleCI workflow for running tests, scans, and deploys.
+</details>
+<details><summary>Create FEDRAMP New Relic config files?</summary>
+Answer `y` to create a default New Relic config that can speak to the Government-flavored New Relic instance, including updating Content Security Policy headers so that browser metrics can be collected.
+</details>
+<details><summary>If this will be a public site, should we include Digital Analytics Program code?</summary>
+Answer `y` to set up an integration with DAP.
+</details>
+<details><summary>Supported locales</summary>
+Answer `y` for any languages that should be supported out of the box. Translations are supplied for the usa-banner. You will still be responsible for translating any application content.
+</details>
+<details><summary>Run db setup steps?</summary>
+Answer `y` to run `rake db:create && rake db:migrate` as part of the app setup. PostgreSQL must be running or this will fail.
+</details>
 ### For an existing Rails project
 Installing this gem in a new Rails project will _TODO: say how it will help_
@@ -74,17 +138,21 @@ gem "rails_template_18f", group: :development
 And then run:
-    $ bundle install
+```sh
+$ bundle install
+```
 For a list of commands this gem can perform, run:
-    $ rails generate | grep 18f
+```sh
+$ bin/rails generate | grep 18f
+```
-_TODO: Add documentation on each option._
+Run `bin/rails generate rails_template_18f:GENERATOR --help` for information on each generator.
 ### Features
-This template does a lot! The template completes the following to-do list to make your application more secure, closer to standards-compliant, and nearly production-ready.
+<details><summary>This template does a lot! The template completes the following to-do list to make your application more secure, closer to standards-compliant, and nearly production-ready.</summary>
 1. Create a better default `README`
 1. Copy `CONTRIBUTING.md` and `LICENSE.md` from the [18F Open Source Policy repo](https://github.com/18F/open-source-policy/)
@@ -110,7 +178,8 @@ This template does a lot! The template completes the following to-do list to mak
 1. Create boundary and logical data model compliance diagrams
 1. Create `manifest.yml` and variable files for cloud.gov deployment
 1. Optionally run the `rake db:create` and `rake db:migrate` setup steps
-1. Optionally integrate with https://github.com/GSA-TTS/compliance-template
+1. Optionally integrate with https://github.com/GSA-TTS/docker-trestle
+1. Optionally integrate with https://github.com/GSA-TTS/auditree-devtools
 1. Optionally create GitHub Actions workflows for testing and cloud.gov deploy
 1. Optionally create terraform modules supporting staging & production cloud.gov spaces
 1. Optionally create CircleCI workflows for testing and cloud.gov deploy
@@ -119,6 +188,7 @@ This template does a lot! The template completes the following to-do list to mak
 1. Optionally add base translation files and routes for Spanish, French, and Simplified Chinese (es.yml, fr.yml, and zh.yml)
 1. Create [Architecture Decision Records](https://adr.github.io/) for above setup
 1. Commit the resulting project with git (unless `--skip-git` is passed)
+</details>
 ## Developing this gem
@@ -133,3 +203,6 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/gsa-tt
 ## Code of conduct
 Everyone interacting in the 18F Rails Template project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/gsa-tts/rails-template/blob/main/CODE_OF_CONDUCT.md).
+[hotwire]: https://hotwired.dev/
+[aBitOfJS]: https://guides.18f.gov/engineering/tools/web-architecture/#if-your-use-case-requires-a-bit-of-client-side-interactivity-use-the-above-options-with-a-bit-of-javascript

data/exe/rails_template_18f CHANGED Viewed

@@ -26,27 +26,6 @@ class CLI < Thor
     run "rails new #{app_directory} --rc=#{File.join(gem_path, railsrc)} --template=#{File.join(gem_path, "template.rb")} #{rails_arguments.join(" ")}"
   end
-  desc "update", "Run rails app:update with some enhancements"
-  long_desc <<-LONGDESC
-    Run `rails app:update` with frameworks fully defined by what is commented out at the top
-    of config/application.rb
-    Example: to enable ActiveStorage
-    1) Uncomment `require "active_storage/engine"` in `config/application.rb`
-    2) Run `bin/rails active_storage:install`
-    3) Run bundle exec rails_template_18f update
-    4) Optional: run other rails_template18f generators that may be applicable
-  LONGDESC
-  def update
-    require_relative "../lib/rails_template18f/app_updater"
-    require "rails/command"
-    Rails::Command.invoke "app:update"
-  end
   desc "version", "Output gem version"
   def version
     puts RailsTemplate18f::VERSION

data/lib/generators/rails_template18f/active_storage/active_storage_generator.rb CHANGED Viewed

@@ -34,11 +34,11 @@ module RailsTemplate18f
         middleware_installed = gem_installed?("faraday-multipart")
         sdk_installed = gem_installed?("aws-sdk-s3")
         return if faraday_installed && middleware_installed && sdk_installed
-        gem "faraday", "~> 2.2" unless faraday_installed
+        gem "faraday", "~> 2.10" unless faraday_installed
         gem "faraday-multipart", "~> 1.0" unless middleware_installed
         unless sdk_installed
           gem_group :production do
-            gem "aws-sdk-s3", "~> 1.112"
+            gem "aws-sdk-s3", "~> 1.159"
           end
         end
         bundle_install

data/lib/generators/rails_template18f/auditree/auditree_generator.rb ADDED Viewed

@@ -0,0 +1,115 @@
+# frozen_string_literal: true
+require "rails/generators"
+module RailsTemplate18f
+  module Generators
+    class AuditreeGenerator < ::Rails::Generators::Base
+      include Base
+      class_option :tag, desc: "Which auditree docker tag to use. Defaults to `latest`"
+      class_option :git_email, desc: "Email address to associate with commits to the evidence locker"
+      class_option :evidence_locker, desc: "Git repository address to store evidence in. Defaults to a TKTK address."
+      desc <<~DESC
+        Description:
+          Set up auditree validation checking with https://github.com/GSA-TTS/devtools-auditree.
+          This generator is still experimental.
+      DESC
+      def copy_bin
+        template "bin/auditree"
+        chmod "bin/auditree", 0o755
+      end
+      def copy_github_actions
+        if file_exists? ".github/workflows"
+          directory "github", ".github"
+          # insert plant-helper calls in rspec
+          insert_into_file ".github/workflows/rspec.yml", <<PLANT_HELPER_STEPS, after: /^\s*run: bundle exec rspec$/
+      - name: Plant assessment plan in evidence locker
+        uses: ./.github/actions/auditree-cmd
+        env:
+          GITHUB_TOKEN: ${{ secrets.AUDITREE_GITHUB_TOKEN }}
+        with:
+          volume: "tmp/oscal/assessment-plans/rspec/assessment-plan.json:/tmp/rspec.json:ro"
+          cmd:
+            plant-helper -f /tmp/rspec.json -c assessment-plans -d "RSpec run assessment plan"
+              -t 31536000 -l #{auditree_evidence_locker}
+      - name: Plan assessment results in evidence locker
+        uses: ./.github/actions/auditree-cmd
+        env:
+          GITHUB_TOKEN: ${{ secrets.AUDITREE_GITHUB_TOKEN }}
+        with:
+          volume: "tmp/oscal/assessment-results/rspec/assessment-results.json:/tmp/rspec.json:ro"
+          cmd:
+            plant-helper -f /tmp/rspec.json -c assessment-results -d "RSpec run assessment results"
+              -t 31536000 -l #{auditree_evidence_locker}
+PLANT_HELPER_STEPS
+        end
+      end
+      def update_readme
+        if file_content("README.md").match?("## Documentation")
+          insert_into_file "README.md", readme_contents, after: "## Documentation\n"
+        else
+          append_to_file "README.md", "\n## Documentation\n#{readme_contents}"
+        end
+      end
+      def update_component_list
+        if oscal_dir_exists?
+          insert_into_file "doc/compliance/oscal/trestle-config.yaml", "  - devtools_cloud_gov\n"
+        end
+      end
+      no_tasks do
+        def docker_auditree_tag
+          options[:tag].present? ? options[:tag] : "latest"
+        end
+        def auditree_evidence_locker
+          options[:evidence_locker].present? ? options[:evidence_locker] : "https://github.com/GSA-TTS/TKTK_#{app_name}_evidence"
+        end
+        def git_email
+          options[:git_email].present? ? options[:git_email] : "auditree@gsa.gov"
+        end
+        def readme_contents
+          <<~README
+            ### Auditree Control Validation
+            Auditree is used within CI/CD to validate that certain controls are in place.
+            * Run `bin/auditree` to start the auditree CLI.
+            * Run `bin/auditree SCRIPT_NAME` to run a single auditree script
+            #### Initial auditree setup.
+            These steps must happen once per project.
+            1. Docker desktop must be running
+            1. Initialize the config file with `bin/auditree init`
+            1. Create an evidence locker repository with a default or blank README
+            1. Create a github personal access token to interact with the code repo and evidence locker and set as `AUDITREE_GITHUB_TOKEN` secret within your Github Actions secrets.
+            1. Update `config/auditree.template.json` with the repo addresses for your locker and code repos
+            #{(options[:evidence_locker].blank? && file_exists?(".github/workflows/rspec.yml")) ? "1. Update `.github/workflows/rspec.yml` with the locker repository URL" : ""}
+            1. Copy the `devtools_cloud_gov` component definition into the project with the latest docker-trestle
+            #### Ongoing use
+            See the [auditree-devtools README](https://github.com/gsa-tts/auditree-devtools) for help with updating
+            auditree and using new checks.
+          README
+        end
+      end
+    end
+  end
+end