rails_template_18f 1.1.0 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/Gemfile.lock +57 -55
- data/README.md +102 -29
- data/exe/rails_template_18f +0 -21
- data/lib/generators/rails_template18f/active_storage/active_storage_generator.rb +2 -2
- data/lib/generators/rails_template18f/auditree/auditree_generator.rb +34 -3
- data/lib/generators/rails_template18f/auditree/templates/bin/auditree.tt +85 -11
- data/lib/generators/rails_template18f/auditree/templates/github/actions/auditree-cmd/action.yml.tt +17 -6
- data/lib/generators/rails_template18f/auditree/templates/github/workflows/auditree-validation.yml.tt +2 -6
- data/lib/generators/rails_template18f/circleci/templates/circleci/config.yml.tt +13 -7
- data/lib/generators/rails_template18f/cloud_gov_config/cloud_gov_config_generator.rb +1 -1
- data/lib/generators/rails_template18f/github_actions/github_actions_generator.rb +0 -1
- data/lib/generators/rails_template18f/github_actions/templates/github/dependabot.yml.tt +25 -0
- data/lib/generators/rails_template18f/github_actions/templates/github/workflows/assemble-ssp.yml.tt +12 -3
- data/lib/generators/rails_template18f/github_actions/templates/github/workflows/brakeman-analysis.yml +1 -1
- data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml.tt +8 -0
- data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-staging.yml.tt +8 -0
- data/lib/generators/rails_template18f/github_actions/templates/github/workflows/rspec.yml.tt +9 -1
- data/lib/generators/rails_template18f/github_actions/templates/github/workflows/{validate-ssp.yml.tt → validate-ssp.yml} +1 -1
- data/lib/generators/rails_template18f/i18n_js/i18n_js_generator.rb +12 -20
- data/lib/generators/rails_template18f/i18n_js/templates/app/javascript/i18n.js +11 -0
- data/lib/generators/rails_template18f/i18n_js/templates/config/i18n-js.yml +4 -0
- data/lib/generators/rails_template18f/i18n_js/templates/config/initializers/i18n_js.rb +5 -0
- data/lib/generators/rails_template18f/i18n_js/templates/lib/tasks/i18n.rake +8 -7
- data/lib/generators/rails_template18f/newrelic/newrelic_generator.rb +1 -1
- data/lib/generators/rails_template18f/oscal/oscal_generator.rb +14 -1
- data/lib/generators/rails_template18f/oscal/templates/bin/trestle.tt +4 -1
- data/lib/generators/rails_template18f/oscal/templates/github/actions/trestle-cmd/action.yml.tt +16 -0
- data/lib/generators/rails_template18f/public_egress/public_egress_generator.rb +136 -0
- data/lib/generators/rails_template18f/sidekiq/sidekiq_generator.rb +1 -1
- data/lib/generators/rails_template18f/terraform/templates/terraform/README.md.tt +2 -2
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/main.tf.tt +1 -1
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/run.sh.tt +2 -1
- data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/teardown_creds.sh.tt +1 -1
- data/lib/generators/rails_template18f/terraform/templates/terraform/production/main.tf.tt +25 -5
- data/lib/generators/rails_template18f/terraform/templates/terraform/staging/main.tf.tt +22 -4
- data/lib/rails_template18f/generators/base.rb +7 -0
- data/lib/rails_template18f/generators/cloud_gov_options.rb +7 -27
- data/lib/rails_template18f/generators/cloud_gov_parsing.rb +41 -0
- data/lib/rails_template18f/generators.rb +1 -0
- data/lib/rails_template18f/version.rb +1 -1
- data/rails-template-18f.gemspec +3 -3
- data/railsrc +2 -0
- data/railsrc-hotwire +2 -0
- data/template.rb +19 -12
- data/templates/bin/ops/create_service_account.sh.tt +14 -2
- data/templates/bin/ops/destroy_service_account.sh.tt +0 -3
- data/templates/lib/tasks/scanning.rake +1 -1
- data/templates/manifest.yml.tt +1 -1
- metadata +19 -14
- data/lib/generators/rails_template18f/github_actions/templates/github/actions/trestle-cmd/action.yml +0 -20
- data/lib/rails_template18f/app_updater.rb +0 -19
- /data/lib/generators/rails_template18f/terraform/templates/terraform/production/{providers.tf.tt → providers.tf} +0 -0
- /data/lib/generators/rails_template18f/terraform/templates/terraform/staging/{providers.tf.tt → providers.tf} +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 24d43ee8d10fdaa457658cfab2ce12e28e9d65364147ad46e96ef8d8d2f6f15c
|
4
|
+
data.tar.gz: 686546614e2d8205fce7ccd575842645effeb30add6d08fe3057b6623f1800f6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ebc79caba4f53280dbf1dffa76ba9268ecbd6ae9634fd463f1920770a02531f0d5cd350a26ecbc439accf57fbe96d824e76349ce29492075fb2d4151b40cd46a
|
7
|
+
data.tar.gz: 79fa51828475fac62b1a5e4ec4562eb9b563da24760f85c41c42f123bdb3e882124a38686050a52c0c6b3ffa29577eaa547405e78ef14ad1b6b99f7fff5df0e8
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,18 @@
|
|
1
1
|
## [Unreleased]
|
2
2
|
|
3
|
+
## [1.3.0] - 2024-12-18
|
4
|
+
|
5
|
+
- Set up app space via terraform, with proper restricted egress security group
|
6
|
+
- Create rails_template18f:public_egress generator for integrating with cg-egress-proxy
|
7
|
+
- [Use exec when starting rails server](https://docs.cloudfoundry.org/devguide/deploy-apps/manifest-attributes.html#start-commands:~:text=To%20resolve%20this,process.%20For%20example%3A)
|
8
|
+
- Upgrade the i18n-js integration to 4.x
|
9
|
+
|
10
|
+
## [1.2.0] - 2024-09-20
|
11
|
+
|
12
|
+
- new applications are now on Rails 7.2.x
|
13
|
+
- configure dependabot in Github Actions generator
|
14
|
+
- fix bin/trestle and bin/auditree so that command line flags are properly passed into the docker containers
|
15
|
+
- updates to trestle and auditree github actions
|
3
16
|
|
4
17
|
## [1.1.0] - 2024-08-20
|
5
18
|
|
data/Gemfile.lock
CHANGED
@@ -1,41 +1,43 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
rails_template_18f (1.
|
5
|
-
activesupport (~> 7.
|
4
|
+
rails_template_18f (1.3.0)
|
5
|
+
activesupport (~> 7.2.0)
|
6
6
|
colorize (~> 1.1)
|
7
|
-
railties (~> 7.
|
7
|
+
railties (~> 7.2.0)
|
8
8
|
thor (~> 1.3)
|
9
9
|
|
10
10
|
GEM
|
11
11
|
remote: https://rubygems.org/
|
12
12
|
specs:
|
13
|
-
actionpack (7.1
|
14
|
-
actionview (= 7.1
|
15
|
-
activesupport (= 7.1
|
13
|
+
actionpack (7.2.1)
|
14
|
+
actionview (= 7.2.1)
|
15
|
+
activesupport (= 7.2.1)
|
16
16
|
nokogiri (>= 1.8.5)
|
17
17
|
racc
|
18
|
-
rack (>= 2.2.4)
|
18
|
+
rack (>= 2.2.4, < 3.2)
|
19
19
|
rack-session (>= 1.0.1)
|
20
20
|
rack-test (>= 0.6.3)
|
21
21
|
rails-dom-testing (~> 2.2)
|
22
22
|
rails-html-sanitizer (~> 1.6)
|
23
|
-
|
24
|
-
|
23
|
+
useragent (~> 0.16)
|
24
|
+
actionview (7.2.1)
|
25
|
+
activesupport (= 7.2.1)
|
25
26
|
builder (~> 3.1)
|
26
27
|
erubi (~> 1.11)
|
27
28
|
rails-dom-testing (~> 2.2)
|
28
29
|
rails-html-sanitizer (~> 1.6)
|
29
|
-
activesupport (7.1
|
30
|
+
activesupport (7.2.1)
|
30
31
|
base64
|
31
32
|
bigdecimal
|
32
|
-
concurrent-ruby (~> 1.0, >= 1.
|
33
|
+
concurrent-ruby (~> 1.0, >= 1.3.1)
|
33
34
|
connection_pool (>= 2.2.5)
|
34
35
|
drb
|
35
36
|
i18n (>= 1.6, < 2)
|
37
|
+
logger (>= 1.4.2)
|
36
38
|
minitest (>= 5.1)
|
37
|
-
|
38
|
-
tzinfo (~> 2.0)
|
39
|
+
securerandom (>= 0.3)
|
40
|
+
tzinfo (~> 2.0, >= 2.0.5)
|
39
41
|
ammeter (1.1.7)
|
40
42
|
activesupport (>= 3.0)
|
41
43
|
railties (>= 3.0)
|
@@ -43,43 +45,43 @@ GEM
|
|
43
45
|
ast (2.4.2)
|
44
46
|
base64 (0.2.0)
|
45
47
|
bigdecimal (3.1.8)
|
46
|
-
builder (3.
|
48
|
+
builder (3.3.0)
|
47
49
|
byebug (11.1.3)
|
48
50
|
colorize (1.1.0)
|
49
|
-
concurrent-ruby (1.3.
|
51
|
+
concurrent-ruby (1.3.4)
|
50
52
|
connection_pool (2.4.1)
|
51
53
|
crass (1.0.6)
|
52
54
|
diff-lcs (1.5.1)
|
53
55
|
drb (2.2.1)
|
54
|
-
erubi (1.
|
55
|
-
i18n (1.14.
|
56
|
+
erubi (1.13.0)
|
57
|
+
i18n (1.14.6)
|
56
58
|
concurrent-ruby (~> 1.0)
|
57
59
|
io-console (0.7.2)
|
58
|
-
irb (1.
|
60
|
+
irb (1.14.1)
|
59
61
|
rdoc (>= 4.0.0)
|
60
62
|
reline (>= 0.4.2)
|
61
63
|
json (2.7.2)
|
62
64
|
language_server-protocol (3.17.0.3)
|
63
65
|
lint_roller (1.1.0)
|
66
|
+
logger (1.6.1)
|
64
67
|
loofah (2.22.0)
|
65
68
|
crass (~> 1.0.2)
|
66
69
|
nokogiri (>= 1.12.0)
|
67
|
-
minitest (5.
|
68
|
-
|
69
|
-
nokogiri (1.16.5-arm64-darwin)
|
70
|
+
minitest (5.25.1)
|
71
|
+
nokogiri (1.16.7-arm64-darwin)
|
70
72
|
racc (~> 1.4)
|
71
|
-
nokogiri (1.16.
|
73
|
+
nokogiri (1.16.7-x86_64-darwin)
|
72
74
|
racc (~> 1.4)
|
73
|
-
nokogiri (1.16.
|
75
|
+
nokogiri (1.16.7-x86_64-linux)
|
74
76
|
racc (~> 1.4)
|
75
|
-
parallel (1.
|
76
|
-
parser (3.3.
|
77
|
+
parallel (1.26.3)
|
78
|
+
parser (3.3.5.0)
|
77
79
|
ast (~> 2.4.1)
|
78
80
|
racc
|
79
81
|
psych (5.1.2)
|
80
82
|
stringio
|
81
|
-
racc (1.8.
|
82
|
-
rack (3.
|
83
|
+
racc (1.8.1)
|
84
|
+
rack (3.1.7)
|
83
85
|
rack-session (2.0.0)
|
84
86
|
rack (>= 3.0.0)
|
85
87
|
rack-test (2.1.0)
|
@@ -94,10 +96,10 @@ GEM
|
|
94
96
|
rails-html-sanitizer (1.6.0)
|
95
97
|
loofah (~> 2.21)
|
96
98
|
nokogiri (~> 1.14)
|
97
|
-
railties (7.1
|
98
|
-
actionpack (= 7.1
|
99
|
-
activesupport (= 7.1
|
100
|
-
irb
|
99
|
+
railties (7.2.1)
|
100
|
+
actionpack (= 7.2.1)
|
101
|
+
activesupport (= 7.2.1)
|
102
|
+
irb (~> 1.13)
|
101
103
|
rackup (>= 1.0.0)
|
102
104
|
rake (>= 12.2)
|
103
105
|
thor (~> 1.0, >= 1.2.2)
|
@@ -107,52 +109,52 @@ GEM
|
|
107
109
|
rdoc (6.7.0)
|
108
110
|
psych (>= 4.0.0)
|
109
111
|
regexp_parser (2.9.2)
|
110
|
-
reline (0.5.
|
112
|
+
reline (0.5.10)
|
111
113
|
io-console (~> 0.5)
|
112
|
-
rexml (3.
|
113
|
-
strscan (>= 3.0.9)
|
114
|
+
rexml (3.3.8)
|
114
115
|
rspec (3.13.0)
|
115
116
|
rspec-core (~> 3.13.0)
|
116
117
|
rspec-expectations (~> 3.13.0)
|
117
118
|
rspec-mocks (~> 3.13.0)
|
118
|
-
rspec-core (3.13.
|
119
|
+
rspec-core (3.13.1)
|
119
120
|
rspec-support (~> 3.13.0)
|
120
|
-
rspec-expectations (3.13.
|
121
|
+
rspec-expectations (3.13.3)
|
121
122
|
diff-lcs (>= 1.2.0, < 2.0)
|
122
123
|
rspec-support (~> 3.13.0)
|
123
|
-
rspec-mocks (3.13.
|
124
|
+
rspec-mocks (3.13.2)
|
124
125
|
diff-lcs (>= 1.2.0, < 2.0)
|
125
126
|
rspec-support (~> 3.13.0)
|
126
|
-
rspec-rails (
|
127
|
-
actionpack (>=
|
128
|
-
activesupport (>=
|
129
|
-
railties (>=
|
127
|
+
rspec-rails (7.0.1)
|
128
|
+
actionpack (>= 7.0)
|
129
|
+
activesupport (>= 7.0)
|
130
|
+
railties (>= 7.0)
|
130
131
|
rspec-core (~> 3.13)
|
131
132
|
rspec-expectations (~> 3.13)
|
132
133
|
rspec-mocks (~> 3.13)
|
133
134
|
rspec-support (~> 3.13)
|
134
135
|
rspec-support (3.13.1)
|
135
|
-
rubocop (1.
|
136
|
+
rubocop (1.65.1)
|
136
137
|
json (~> 2.3)
|
137
138
|
language_server-protocol (>= 3.17.0)
|
138
139
|
parallel (~> 1.10)
|
139
140
|
parser (>= 3.3.0.2)
|
140
141
|
rainbow (>= 2.2.2, < 4.0)
|
141
|
-
regexp_parser (>=
|
142
|
+
regexp_parser (>= 2.4, < 3.0)
|
142
143
|
rexml (>= 3.2.5, < 4.0)
|
143
144
|
rubocop-ast (>= 1.31.1, < 2.0)
|
144
145
|
ruby-progressbar (~> 1.7)
|
145
146
|
unicode-display_width (>= 2.4.0, < 3.0)
|
146
|
-
rubocop-ast (1.
|
147
|
+
rubocop-ast (1.32.3)
|
147
148
|
parser (>= 3.3.1.0)
|
148
|
-
rubocop-performance (1.21.
|
149
|
+
rubocop-performance (1.21.1)
|
149
150
|
rubocop (>= 1.48.1, < 2.0)
|
150
151
|
rubocop-ast (>= 1.31.1, < 2.0)
|
151
152
|
ruby-progressbar (1.13.0)
|
152
|
-
|
153
|
+
securerandom (0.3.1)
|
154
|
+
standard (1.40.1)
|
153
155
|
language_server-protocol (~> 3.17.0.2)
|
154
156
|
lint_roller (~> 1.0)
|
155
|
-
rubocop (~> 1.
|
157
|
+
rubocop (~> 1.65.0)
|
156
158
|
standard-custom (~> 1.0.0)
|
157
159
|
standard-performance (~> 1.4)
|
158
160
|
standard-custom (1.0.2)
|
@@ -161,14 +163,14 @@ GEM
|
|
161
163
|
standard-performance (1.4.0)
|
162
164
|
lint_roller (~> 1.1)
|
163
165
|
rubocop-performance (~> 1.21.0)
|
164
|
-
stringio (3.1.
|
165
|
-
|
166
|
-
thor (1.3.1)
|
166
|
+
stringio (3.1.1)
|
167
|
+
thor (1.3.2)
|
167
168
|
tzinfo (2.0.6)
|
168
169
|
concurrent-ruby (~> 1.0)
|
169
|
-
unicode-display_width (2.
|
170
|
-
|
171
|
-
|
170
|
+
unicode-display_width (2.6.0)
|
171
|
+
useragent (0.16.10)
|
172
|
+
webrick (1.8.2)
|
173
|
+
zeitwerk (2.6.18)
|
172
174
|
|
173
175
|
PLATFORMS
|
174
176
|
arm64-darwin-23
|
@@ -182,7 +184,7 @@ DEPENDENCIES
|
|
182
184
|
rails_template_18f!
|
183
185
|
rake (~> 13.0)
|
184
186
|
rspec (~> 3.13)
|
185
|
-
standard (~> 1.
|
187
|
+
standard (~> 1.40)
|
186
188
|
|
187
189
|
BUNDLED WITH
|
188
|
-
2.
|
190
|
+
2.5.16
|
data/README.md
CHANGED
@@ -2,40 +2,28 @@
|
|
2
2
|
============================
|
3
3
|
The 18F Rails template starts or upgrades Rails projects so that they're more secure, follow compliance rules, and are nearly ready to deploy onto cloud.gov. This gem sets up security checks and compliance diagrams, adds the U.S. Web Design System (USWDS), and much much more — [see the full list of features](#features).
|
4
4
|
|
5
|
-
This template will create a new Rails 7.
|
5
|
+
This template will create a new Rails 7.2.x project.
|
6
6
|
|
7
|
-
[See the `rails-7.
|
7
|
+
[See the `rails-7.1` branch for Rails 7.1.x](https://github.com/gsa-tts/rails-template/tree/rails-7.1)
|
8
8
|
|
9
|
-
##
|
9
|
+
## Usage
|
10
10
|
|
11
11
|
### For a new Rails project
|
12
12
|
|
13
|
-
|
13
|
+
#### Install the gem:
|
14
14
|
```
|
15
15
|
$ gem install rails_template_18f
|
16
16
|
```
|
17
17
|
|
18
|
-
|
19
|
-
- **For entirely server-side rendered applications**, without any Javascript:
|
20
|
-
- Use the default configuration (`rails_template_18f new <project name> --no-hotwire`)
|
21
|
-
- **For applications that need [a bit of client-side interactivity][aBitOfJS]**, but not a full single page application like React or Vue:
|
22
|
-
- Use Hotwire (`rails_template_18f new <project name> --hotwire`)
|
23
|
-
- **For single-page applications** where most of the interaction will take place via JavaScript, and which will use a framework like React or Vue:
|
24
|
-
- Use the default configuration (`rails_template_18f new <project name> --no-hotwire`)
|
18
|
+
#### Decide whether to install Rails with Hotwire
|
25
19
|
|
26
|
-
|
20
|
+
[Hotwire](hotwire) is a framework for client-side interactivity using JavaScript that stops short of a full Single Page Application (SPA) framework like React or Vue.
|
27
21
|
|
28
|
-
|
22
|
+
It is a good choice if you need [a bit of client-side interactivity][aBitOfJS]. Do not use Hotwire if you either will have almost no Javascript at all, or if you are going to use a full SPA.
|
29
23
|
|
30
|
-
|
24
|
+
#### Review the defaults and decide if you want to override any of them
|
31
25
|
|
32
|
-
|
33
|
-
|
34
|
-
There are a variety of options that customize your Rails application.
|
35
|
-
|
36
|
-
**Important:** Do not use flags `--skip-bundle` or `--skip-javascript`, or various parts of this template will break.
|
37
|
-
|
38
|
-
#### Default configuration
|
26
|
+
<details><summary>Default configuration</summary>
|
39
27
|
|
40
28
|
```sh
|
41
29
|
--skip-active-storage # Don't include ActiveStorage for document upload
|
@@ -49,19 +37,95 @@ There are a variety of options that customize your Rails application.
|
|
49
37
|
--css=postcss # Use the PostCSS framework for bundling CSS
|
50
38
|
--template=template.rb # Add additional configuration from template.rb
|
51
39
|
--database=postgresql # Use a PostgreSQL database
|
40
|
+
--skip-rubocop # Skip rubocop integration in favor of Standard Ruby
|
41
|
+
--skip-ci # Skip github actions in favor of our CI generators
|
52
42
|
```
|
53
43
|
|
54
|
-
|
44
|
+
If you are using Hotwire, then `--skip-hotwire` and `--skip-action-cable` are automatically removed from this list, as they are required for the Hotwire functionality.
|
45
|
+
</details>
|
46
|
+
<br />
|
47
|
+
|
48
|
+
Add the following options at the end of your `rails_template_18f new` command to overwrite any of those defaults.
|
55
49
|
|
56
50
|
| Option | Description |
|
57
51
|
|--------|-------------|
|
58
52
|
| `--no-skip-<framework>` | Each of the skipped frameworks listed above (also in `railsrc`) can be overridden on the command line. For example: `--no-skip-active-storage` will include support for `ActiveStorage` document uploads |
|
59
53
|
| `--javascript=esbuild` | Use [esbuild](https://esbuild.github.io/) instead of [webpack](https://webpack.js.org/) for JavaScript bundling. Note that maintaining IE11 support with esbuild may be tricky. |
|
60
54
|
|
61
|
-
You probably won't want to customize the template — that defeats the purpose of using this gem!
|
62
|
-
|
63
55
|
_TODO: Documentation on whether you can override the `css` and `database` options._
|
64
56
|
|
57
|
+
**Important:** Do not use flags `--skip-bundle` or `--skip-javascript`, or various parts of this template will break.
|
58
|
+
|
59
|
+
#### Create your application
|
60
|
+
|
61
|
+
<details><summary>If you are using Hotwire, run:</summary>
|
62
|
+
|
63
|
+
```
|
64
|
+
$ rails_template_18f new <project name> --hotwire ADDITIONAL_CONFIG_OPTIONS
|
65
|
+
```
|
66
|
+
</details>
|
67
|
+
|
68
|
+
<details><summary>If you are not using Hotwire, run:</summary>
|
69
|
+
|
70
|
+
```
|
71
|
+
$ rails_template_18f new <project name> ADDITIONAL_CONFIG_OPTIONS
|
72
|
+
```
|
73
|
+
</details>
|
74
|
+
|
75
|
+
#### Answer the setup questions that the template asks
|
76
|
+
|
77
|
+
The template asks questions to ensure your new application is set up for your use case.
|
78
|
+
|
79
|
+
<details><summary>Set up docker-trestle integration for Compliance-as-Code?</summary>
|
80
|
+
|
81
|
+
Answer `y` to integrate with [docker-trestle](https://github.com/gsa-tts/docker-trestle) for creating compliance documents in markdown and [OSCAL](https://pages.nist.gov/OSCAL/).
|
82
|
+
|
83
|
+
Follow up questions if you answer `y`:
|
84
|
+
* "Set up compliance documents as a git submodule?" Answer `y` if you want compliance documents to be stored in a separate git repository and linked to your app as a submodule. Answer `n` to have documents checked directly into your code repo.
|
85
|
+
* If you answer `y`, you'll need to provide the address of the compliance repository.
|
86
|
+
* "Run compliance checks with auditree?" Answer `y` if you want to integrate with [auditree](https://github.com/gsa-tts/auditree-devtools) for automated compliance checks.
|
87
|
+
</details>
|
88
|
+
|
89
|
+
<details><summary>Create terraform files for cloud.gov services?</summary>
|
90
|
+
|
91
|
+
Answer `y` to run the `terraform` generator. This includes a `/terraform` folder defining services and infrastructure within cloud.gov as well as support for deploying that infrastructure in your chosen CI/CD pipeline.
|
92
|
+
</details>
|
93
|
+
|
94
|
+
<details><summary>Cloud.gov organization and space names</summary>
|
95
|
+
|
96
|
+
Provide your cloud.gov organization and space names for use in terraform and deploy scripts.
|
97
|
+
</details>
|
98
|
+
|
99
|
+
<details><summary>Create GitHub Actions?</summary>
|
100
|
+
|
101
|
+
Answer `y` to create Github Actions workflows for running tests, scans, and deploys. Also configures Dependabot.
|
102
|
+
</details>
|
103
|
+
|
104
|
+
<details><summary>Create CircleCI config?</summary>
|
105
|
+
|
106
|
+
Answer `y` to create a CircleCI workflow for running tests, scans, and deploys.
|
107
|
+
</details>
|
108
|
+
|
109
|
+
<details><summary>Create FEDRAMP New Relic config files?</summary>
|
110
|
+
|
111
|
+
Answer `y` to create a default New Relic config that can speak to the Government-flavored New Relic instance, including updating Content Security Policy headers so that browser metrics can be collected.
|
112
|
+
</details>
|
113
|
+
|
114
|
+
<details><summary>If this will be a public site, should we include Digital Analytics Program code?</summary>
|
115
|
+
|
116
|
+
Answer `y` to set up an integration with DAP.
|
117
|
+
</details>
|
118
|
+
|
119
|
+
<details><summary>Supported locales</summary>
|
120
|
+
|
121
|
+
Answer `y` for any languages that should be supported out of the box. Translations are supplied for the usa-banner. You will still be responsible for translating any application content.
|
122
|
+
</details>
|
123
|
+
|
124
|
+
<details><summary>Run db setup steps?</summary>
|
125
|
+
|
126
|
+
Answer `y` to run `rake db:create && rake db:migrate` as part of the app setup. PostgreSQL must be running or this will fail.
|
127
|
+
</details>
|
128
|
+
|
65
129
|
### For an existing Rails project
|
66
130
|
|
67
131
|
Installing this gem in a new Rails project will _TODO: say how it will help_
|
@@ -74,17 +138,21 @@ gem "rails_template_18f", group: :development
|
|
74
138
|
|
75
139
|
And then run:
|
76
140
|
|
77
|
-
|
141
|
+
```sh
|
142
|
+
$ bundle install
|
143
|
+
```
|
78
144
|
|
79
145
|
For a list of commands this gem can perform, run:
|
80
146
|
|
81
|
-
|
147
|
+
```sh
|
148
|
+
$ bin/rails generate | grep 18f
|
149
|
+
```
|
82
150
|
|
83
|
-
|
151
|
+
Run `bin/rails generate rails_template_18f:GENERATOR --help` for information on each generator.
|
84
152
|
|
85
153
|
### Features
|
86
154
|
|
87
|
-
This template does a lot! The template completes the following to-do list to make your application more secure, closer to standards-compliant, and nearly production-ready
|
155
|
+
<details><summary>This template does a lot! The template completes the following to-do list to make your application more secure, closer to standards-compliant, and nearly production-ready.</summary>
|
88
156
|
|
89
157
|
1. Create a better default `README`
|
90
158
|
1. Copy `CONTRIBUTING.md` and `LICENSE.md` from the [18F Open Source Policy repo](https://github.com/18F/open-source-policy/)
|
@@ -110,7 +178,8 @@ This template does a lot! The template completes the following to-do list to mak
|
|
110
178
|
1. Create boundary and logical data model compliance diagrams
|
111
179
|
1. Create `manifest.yml` and variable files for cloud.gov deployment
|
112
180
|
1. Optionally run the `rake db:create` and `rake db:migrate` setup steps
|
113
|
-
1. Optionally integrate with https://github.com/GSA-TTS/
|
181
|
+
1. Optionally integrate with https://github.com/GSA-TTS/docker-trestle
|
182
|
+
1. Optionally integrate with https://github.com/GSA-TTS/auditree-devtools
|
114
183
|
1. Optionally create GitHub Actions workflows for testing and cloud.gov deploy
|
115
184
|
1. Optionally create terraform modules supporting staging & production cloud.gov spaces
|
116
185
|
1. Optionally create CircleCI workflows for testing and cloud.gov deploy
|
@@ -119,6 +188,7 @@ This template does a lot! The template completes the following to-do list to mak
|
|
119
188
|
1. Optionally add base translation files and routes for Spanish, French, and Simplified Chinese (es.yml, fr.yml, and zh.yml)
|
120
189
|
1. Create [Architecture Decision Records](https://adr.github.io/) for above setup
|
121
190
|
1. Commit the resulting project with git (unless `--skip-git` is passed)
|
191
|
+
</details>
|
122
192
|
|
123
193
|
## Developing this gem
|
124
194
|
|
@@ -133,3 +203,6 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/gsa-tt
|
|
133
203
|
## Code of conduct
|
134
204
|
|
135
205
|
Everyone interacting in the 18F Rails Template project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/gsa-tts/rails-template/blob/main/CODE_OF_CONDUCT.md).
|
206
|
+
|
207
|
+
[hotwire]: https://hotwired.dev/
|
208
|
+
[aBitOfJS]: https://guides.18f.gov/engineering/tools/web-architecture/#if-your-use-case-requires-a-bit-of-client-side-interactivity-use-the-above-options-with-a-bit-of-javascript
|
data/exe/rails_template_18f
CHANGED
@@ -26,27 +26,6 @@ class CLI < Thor
|
|
26
26
|
run "rails new #{app_directory} --rc=#{File.join(gem_path, railsrc)} --template=#{File.join(gem_path, "template.rb")} #{rails_arguments.join(" ")}"
|
27
27
|
end
|
28
28
|
|
29
|
-
desc "update", "Run rails app:update with some enhancements"
|
30
|
-
long_desc <<-LONGDESC
|
31
|
-
Run `rails app:update` with frameworks fully defined by what is commented out at the top
|
32
|
-
of config/application.rb
|
33
|
-
|
34
|
-
Example: to enable ActiveStorage
|
35
|
-
|
36
|
-
1) Uncomment `require "active_storage/engine"` in `config/application.rb`
|
37
|
-
|
38
|
-
2) Run `bin/rails active_storage:install`
|
39
|
-
|
40
|
-
3) Run bundle exec rails_template_18f update
|
41
|
-
|
42
|
-
4) Optional: run other rails_template18f generators that may be applicable
|
43
|
-
LONGDESC
|
44
|
-
def update
|
45
|
-
require_relative "../lib/rails_template18f/app_updater"
|
46
|
-
require "rails/command"
|
47
|
-
Rails::Command.invoke "app:update"
|
48
|
-
end
|
49
|
-
|
50
29
|
desc "version", "Output gem version"
|
51
30
|
def version
|
52
31
|
puts RailsTemplate18f::VERSION
|
@@ -34,11 +34,11 @@ module RailsTemplate18f
|
|
34
34
|
middleware_installed = gem_installed?("faraday-multipart")
|
35
35
|
sdk_installed = gem_installed?("aws-sdk-s3")
|
36
36
|
return if faraday_installed && middleware_installed && sdk_installed
|
37
|
-
gem "faraday", "~> 2.
|
37
|
+
gem "faraday", "~> 2.10" unless faraday_installed
|
38
38
|
gem "faraday-multipart", "~> 1.0" unless middleware_installed
|
39
39
|
unless sdk_installed
|
40
40
|
gem_group :production do
|
41
|
-
gem "aws-sdk-s3", "~> 1.
|
41
|
+
gem "aws-sdk-s3", "~> 1.159"
|
42
42
|
end
|
43
43
|
end
|
44
44
|
bundle_install
|
@@ -9,6 +9,7 @@ module RailsTemplate18f
|
|
9
9
|
|
10
10
|
class_option :tag, desc: "Which auditree docker tag to use. Defaults to `latest`"
|
11
11
|
class_option :git_email, desc: "Email address to associate with commits to the evidence locker"
|
12
|
+
class_option :evidence_locker, desc: "Git repository address to store evidence in. Defaults to a TKTK address."
|
12
13
|
|
13
14
|
desc <<~DESC
|
14
15
|
Description:
|
@@ -25,6 +26,31 @@ module RailsTemplate18f
|
|
25
26
|
def copy_github_actions
|
26
27
|
if file_exists? ".github/workflows"
|
27
28
|
directory "github", ".github"
|
29
|
+
|
30
|
+
# insert plant-helper calls in rspec
|
31
|
+
insert_into_file ".github/workflows/rspec.yml", <<PLANT_HELPER_STEPS, after: /^\s*run: bundle exec rspec$/
|
32
|
+
|
33
|
+
|
34
|
+
- name: Plant assessment plan in evidence locker
|
35
|
+
uses: ./.github/actions/auditree-cmd
|
36
|
+
env:
|
37
|
+
GITHUB_TOKEN: ${{ secrets.AUDITREE_GITHUB_TOKEN }}
|
38
|
+
with:
|
39
|
+
volume: "tmp/oscal/assessment-plans/rspec/assessment-plan.json:/tmp/rspec.json:ro"
|
40
|
+
cmd:
|
41
|
+
plant-helper -f /tmp/rspec.json -c assessment-plans -d "RSpec run assessment plan"
|
42
|
+
-t 31536000 -l #{auditree_evidence_locker}
|
43
|
+
|
44
|
+
- name: Plan assessment results in evidence locker
|
45
|
+
uses: ./.github/actions/auditree-cmd
|
46
|
+
env:
|
47
|
+
GITHUB_TOKEN: ${{ secrets.AUDITREE_GITHUB_TOKEN }}
|
48
|
+
with:
|
49
|
+
volume: "tmp/oscal/assessment-results/rspec/assessment-results.json:/tmp/rspec.json:ro"
|
50
|
+
cmd:
|
51
|
+
plant-helper -f /tmp/rspec.json -c assessment-results -d "RSpec run assessment results"
|
52
|
+
-t 31536000 -l #{auditree_evidence_locker}
|
53
|
+
PLANT_HELPER_STEPS
|
28
54
|
end
|
29
55
|
end
|
30
56
|
|
@@ -47,8 +73,12 @@ module RailsTemplate18f
|
|
47
73
|
options[:tag].present? ? options[:tag] : "latest"
|
48
74
|
end
|
49
75
|
|
76
|
+
def auditree_evidence_locker
|
77
|
+
options[:evidence_locker].present? ? options[:evidence_locker] : "https://github.com/GSA-TTS/TKTK_#{app_name}_evidence"
|
78
|
+
end
|
79
|
+
|
50
80
|
def git_email
|
51
|
-
options[:git_email].present? ? options[:git_email] : "
|
81
|
+
options[:git_email].present? ? options[:git_email] : "auditree@gsa.gov"
|
52
82
|
end
|
53
83
|
|
54
84
|
def readme_contents
|
@@ -66,10 +96,11 @@ module RailsTemplate18f
|
|
66
96
|
These steps must happen once per project.
|
67
97
|
|
68
98
|
1. Docker desktop must be running
|
69
|
-
1. Initialize the config file with `bin/auditree init
|
99
|
+
1. Initialize the config file with `bin/auditree init`
|
70
100
|
1. Create an evidence locker repository with a default or blank README
|
71
|
-
1. Create a github personal access token to interact with the code repo and evidence locker and set as `AUDITREE_GITHUB_TOKEN` secret within your
|
101
|
+
1. Create a github personal access token to interact with the code repo and evidence locker and set as `AUDITREE_GITHUB_TOKEN` secret within your Github Actions secrets.
|
72
102
|
1. Update `config/auditree.template.json` with the repo addresses for your locker and code repos
|
103
|
+
#{(options[:evidence_locker].blank? && file_exists?(".github/workflows/rspec.yml")) ? "1. Update `.github/workflows/rspec.yml` with the locker repository URL" : ""}
|
73
104
|
1. Copy the `devtools_cloud_gov` component definition into the project with the latest docker-trestle
|
74
105
|
|
75
106
|
#### Ongoing use
|