rails_template_18f 1.2.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 957ad56e218689b3d05f7c31ae6354a4e2c42877567ea87478845b30129cef43
-  data.tar.gz: f5d6045a2632863b50209c557f7460f61f9bacb90a99883b6b090f6580c528d0
+  metadata.gz: 3286e663d05b9b712a5b1f3fa2aa1403016f0822be9fd26d0999200701dab318
+  data.tar.gz: 04e5124a24452f747270e42aaa1b5455de3b0ce4362ff455e94554984214473e
 SHA512:
-  metadata.gz: ea0332afd7b819bcd2b03acca406467f9404de6f8e065e980bdabf81ef7083377f8dfc4d6754baaf1a4e6525eaa5190402f7a5307d35fb472960089a62ddba9e
-  data.tar.gz: 5720c1340a3065354de210dd4deccb5577656876501514ac09faf91a133511e92796e0cb18aee299e8894b16394fbacde12419e6c97795a3be086242e9afa815
+  metadata.gz: 954b939ea264b5200c01e8122da1001e0c099f072b370de98926ce9dcaef154a6e00568353a4fff191addfaf1cd7cc4f85549454c6984b29ff9c537af8207f17
+  data.tar.gz: c85daa74d0ca528fbbe4a3d260a720206194635a12c6a73fde878e19384870a601e78f789b513c43bfd57c4290ef6e6f85bcb409717ad646628ca1966318e09b

data/CHANGELOG.md

@@ -1,5 +1,23 @@
 ## [Unreleased]
 
+## [2.0.0] - 2025-01-16
+
+- Default new apps to Rails 8, including support for thruster proxy
+- Massive overhaul of the Terraform generator
+  - Creates and configures spaces for app and egress proxy
+  - Moves from module-per-environment to a single module with per-env variable files
+  - Ability for a one-script deployment from nothing, enabling easy developer sandboxes and review apps
+- Add asset caching to GitHub Actions & CircleCI deploy workflows to enable serving in-flight asset requests without error
+- Switch js bundling from webpack to esbuild
+- Switch css bundling from postcss to dart-sass
+
+## [1.3.0] - 2024-12-18
+
+- Set up app space via terraform, with proper restricted egress security group
+- Create rails_template18f:public_egress generator for integrating with cg-egress-proxy
+- [Use exec when starting rails server](https://docs.cloudfoundry.org/devguide/deploy-apps/manifest-attributes.html#start-commands:~:text=To%20resolve%20this,process.%20For%20example%3A)
+- Upgrade the i18n-js integration to 4.x
+
 ## [1.2.0] - 2024-09-20
 
 - new applications are now on Rails 7.2.x

data/Gemfile

@@ -5,6 +5,6 @@ source "https://rubygems.org"
 # Specify your gem's dependencies in rails-template-18f.gemspec
 gemspec
 
-gem "rake", "~> 13.0"
+gem "rake", "~> 13.2"
 
 gem "byebug"

data/Gemfile.lock

@@ -1,34 +1,34 @@
 PATH
   remote: .
   specs:
-    rails_template_18f (1.2.0)
-      activesupport (~> 7.2.0)
+    rails_template_18f (2.0.0)
+      activesupport (~> 8.0.1)
       colorize (~> 1.1)
-      railties (~> 7.2.0)
+      railties (~> 8.0.1)
       thor (~> 1.3)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (7.2.0)
-      actionview (= 7.2.0)
-      activesupport (= 7.2.0)
+    actionpack (8.0.1)
+      actionview (= 8.0.1)
+      activesupport (= 8.0.1)
       nokogiri (>= 1.8.5)
-      racc
-      rack (>= 2.2.4, < 3.2)
+      rack (>= 2.2.4)
       rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
       useragent (~> 0.16)
-    actionview (7.2.0)
-      activesupport (= 7.2.0)
+    actionview (8.0.1)
+      activesupport (= 8.0.1)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activesupport (7.2.0)
+    activesupport (8.0.1)
       base64
+      benchmark (>= 0.3)
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
@@ -38,67 +38,70 @@ GEM
       minitest (>= 5.1)
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
+      uri (>= 0.13.1)
     ammeter (1.1.7)
       activesupport (>= 3.0)
       railties (>= 3.0)
       rspec-rails (>= 2.2)
     ast (2.4.2)
     base64 (0.2.0)
-    bigdecimal (3.1.8)
+    benchmark (0.4.0)
+    bigdecimal (3.1.9)
     builder (3.3.0)
     byebug (11.1.3)
     colorize (1.1.0)
     concurrent-ruby (1.3.4)
     connection_pool (2.4.1)
     crass (1.0.6)
+    date (3.4.1)
     diff-lcs (1.5.1)
     drb (2.2.1)
-    erubi (1.13.0)
-    i18n (1.14.5)
+    erubi (1.13.1)
+    i18n (1.14.6)
       concurrent-ruby (~> 1.0)
-    io-console (0.7.2)
-    irb (1.14.0)
+    io-console (0.8.0)
+    irb (1.14.3)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
-    json (2.7.2)
+    json (2.9.1)
     language_server-protocol (3.17.0.3)
     lint_roller (1.1.0)
-    logger (1.6.0)
-    loofah (2.22.0)
+    logger (1.6.4)
+    loofah (2.23.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
-    minitest (5.25.1)
-    nokogiri (1.16.7-arm64-darwin)
+    minitest (5.25.4)
+    nokogiri (1.18.0-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.7-x86_64-darwin)
+    nokogiri (1.18.0-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.7-x86_64-linux)
+    nokogiri (1.18.0-x86_64-linux-gnu)
       racc (~> 1.4)
     parallel (1.26.3)
-    parser (3.3.4.2)
+    parser (3.3.6.0)
       ast (~> 2.4.1)
       racc
-    psych (5.1.2)
+    psych (5.2.2)
+      date
       stringio
     racc (1.8.1)
-    rack (3.1.7)
+    rack (3.1.8)
     rack-session (2.0.0)
       rack (>= 3.0.0)
-    rack-test (2.1.0)
+    rack-test (2.2.0)
       rack (>= 1.3)
-    rackup (2.1.0)
+    rackup (2.2.1)
       rack (>= 3)
-      webrick (~> 1.8)
     rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.6.0)
+    rails-html-sanitizer (1.6.2)
       loofah (~> 2.21)
-      nokogiri (~> 1.14)
-    railties (7.2.0)
-      actionpack (= 7.2.0)
-      activesupport (= 7.2.0)
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
+    railties (8.0.1)
+      actionpack (= 8.0.1)
+      activesupport (= 8.0.1)
       irb (~> 1.13)
       rackup (>= 1.0.0)
       rake (>= 12.2)
@@ -106,73 +109,71 @@ GEM
       zeitwerk (~> 2.6)
     rainbow (3.1.1)
     rake (13.2.1)
-    rdoc (6.7.0)
+    rdoc (6.10.0)
       psych (>= 4.0.0)
-    regexp_parser (2.9.2)
-    reline (0.5.9)
+    regexp_parser (2.10.0)
+    reline (0.6.0)
       io-console (~> 0.5)
-    rexml (3.3.6)
-      strscan
     rspec (3.13.0)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.0)
+    rspec-core (3.13.2)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.2)
+    rspec-expectations (3.13.3)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.1)
+    rspec-mocks (3.13.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-rails (6.1.4)
-      actionpack (>= 6.1)
-      activesupport (>= 6.1)
-      railties (>= 6.1)
+    rspec-rails (7.1.0)
+      actionpack (>= 7.0)
+      activesupport (>= 7.0)
+      railties (>= 7.0)
       rspec-core (~> 3.13)
       rspec-expectations (~> 3.13)
       rspec-mocks (~> 3.13)
       rspec-support (~> 3.13)
-    rspec-support (3.13.1)
-    rubocop (1.65.1)
+    rspec-support (3.13.2)
+    rubocop (1.69.2)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 2.4, < 3.0)
-      rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.31.1, < 2.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.36.2, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.32.1)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.37.0)
       parser (>= 3.3.1.0)
-    rubocop-performance (1.21.1)
+    rubocop-performance (1.23.0)
       rubocop (>= 1.48.1, < 2.0)
       rubocop-ast (>= 1.31.1, < 2.0)
     ruby-progressbar (1.13.0)
-    securerandom (0.3.1)
-    standard (1.40.0)
+    securerandom (0.4.1)
+    standard (1.43.0)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)
-      rubocop (~> 1.65.0)
+      rubocop (~> 1.69.1)
       standard-custom (~> 1.0.0)
-      standard-performance (~> 1.4)
+      standard-performance (~> 1.6)
     standard-custom (1.0.2)
       lint_roller (~> 1.0)
       rubocop (~> 1.50)
-    standard-performance (1.4.0)
+    standard-performance (1.6.0)
       lint_roller (~> 1.1)
-      rubocop-performance (~> 1.21.0)
-    stringio (3.1.1)
-    strscan (3.1.0)
-    thor (1.3.1)
+      rubocop-performance (~> 1.23.0)
+    stringio (3.1.2)
+    thor (1.3.2)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.5.0)
-    useragent (0.16.10)
-    webrick (1.8.1)
-    zeitwerk (2.6.17)
+    unicode-display_width (3.1.3)
+      unicode-emoji (~> 4.0, >= 4.0.4)
+    unicode-emoji (4.0.4)
+    uri (1.0.2)
+    useragent (0.16.11)
+    zeitwerk (2.7.1)
 
 PLATFORMS
   arm64-darwin-23
@@ -184,9 +185,9 @@ DEPENDENCIES
   ammeter (~> 1.1)
   byebug
   rails_template_18f!
-  rake (~> 13.0)
+  rake (~> 13.2)
   rspec (~> 3.13)
-  standard (~> 1.40)
+  standard (~> 1.43)
 
 BUNDLED WITH
-   2.5.16
+   2.6.1

data/README.md

@@ -2,9 +2,9 @@
 ============================
 The 18F Rails template starts or upgrades Rails projects so that they're more secure, follow compliance rules, and are nearly ready to deploy onto cloud.gov. This gem sets up security checks and compliance diagrams, adds the U.S. Web Design System (USWDS), and much much more — [see the full list of features](#features).
 
-This template will create a new Rails 7.2.x project.
+This template will create a new Rails 8.0.x project.
 
-[See the `rails-7.1` branch for Rails 7.1.x](https://github.com/gsa-tts/rails-template/tree/rails-7.1)
+[See the `rails-7.2` branch for Rails 7.2.x](https://github.com/gsa-tts/rails-template/tree/rails-7.2)
 
 ## Usage
 
@@ -33,12 +33,15 @@ It is a good choice if you need [a bit of client-side interactivity][aBitOfJS].
 --skip-hotwire          # Don't include Hotwire JS library
 --skip-docker           # Don't include Dockerfile meant for production use
 --skip-test             # Skip built-in test framework. (We include RSpec)
---javascript=webpack    # Use webpack for JS bundling
---css=postcss           # Use the PostCSS framework for bundling CSS
+--javascript=esbuild    # Use esbuild for JS bundling
+--css=sass              # Use dart-sass for compiling SASS and bundling CSS
 --template=template.rb  # Add additional configuration from template.rb
 --database=postgresql   # Use a PostgreSQL database
 --skip-rubocop          # Skip rubocop integration in favor of Standard Ruby
 --skip-ci               # Skip github actions in favor of our CI generators
+--skip-kamal            # Skip kamal deployment system
+--skip-thruster         # Skip thruster reverse proxy
+--skip-solid            # Skip solid cache,queue,websocket additions
 ```
 
 If you are using Hotwire, then `--skip-hotwire` and `--skip-action-cable` are automatically removed from this list, as they are required for the Hotwire functionality.
@@ -50,9 +53,7 @@ Add the following options at the end of your `rails_template_18f new` command to
 | Option | Description |
 |--------|-------------|
 | `--no-skip-<framework>` | Each of the skipped frameworks listed above (also in `railsrc`) can be overridden on the command line. For example: `--no-skip-active-storage` will include support for `ActiveStorage` document uploads |
-| `--javascript=esbuild` | Use [esbuild](https://esbuild.github.io/) instead of [webpack](https://webpack.js.org/) for JavaScript bundling. Note that maintaining IE11 support with esbuild may be tricky. |
-
-_TODO: Documentation on whether you can override the `css` and `database` options._
+| `--javascript=webpack` | Use [webpack](https://webpack.js.org/) instead of [esbuild](https://esbuild.github.io/) for JavaScript bundling. |
 
 **Important:** Do not use flags `--skip-bundle` or `--skip-javascript`, or various parts of this template will break.
 
@@ -86,11 +87,6 @@ Follow up questions if you answer `y`:
 * "Run compliance checks with auditree?" Answer `y` if you want to integrate with [auditree](https://github.com/gsa-tts/auditree-devtools) for automated compliance checks.
 </details>
 
-<details><summary>Create terraform files for cloud.gov services?</summary>
-
-Answer `y` to run the `terraform` generator. This includes a `/terraform` folder defining services and infrastructure within cloud.gov as well as support for deploying that infrastructure in your chosen CI/CD pipeline.
-</details>
-
 <details><summary>Cloud.gov organization and space names</summary>
 
 Provide your cloud.gov organization and space names for use in terraform and deploy scripts.
@@ -171,17 +167,16 @@ Run `bin/rails generate rails_template_18f:GENERATOR --help` for information on
 1. Setup Rails credential diffing
 1. Create a separate production credentials file.
 1. Create a `pre-commit` hook that can be used to automatically run ruby linter & terraform format
-1. Setup USWDS via postcss
-1. Setup webpack with `.browserslistrc` from USWDS
+1. Setup USWDS via dart-sass
+1. Setup esbuild with a default `.browserslistrc`
 1. Update `app/views/layouts/application.html.erb` to pass the `pa11y-ci` scan and include the USWDS Banner
 1. Create a `PagesController` and root route
 1. Create boundary and logical data model compliance diagrams
-1. Create `manifest.yml` and variable files for cloud.gov deployment
+1. Create terraform modules supporting staging & production cloud.gov spaces for infrastructure and app deployment
 1. Optionally run the `rake db:create` and `rake db:migrate` setup steps
 1. Optionally integrate with https://github.com/GSA-TTS/docker-trestle
 1. Optionally integrate with https://github.com/GSA-TTS/auditree-devtools
 1. Optionally create GitHub Actions workflows for testing and cloud.gov deploy
-1. Optionally create terraform modules supporting staging & production cloud.gov spaces
 1. Optionally create CircleCI workflows for testing and cloud.gov deploy
 1. Optionally create a New Relic config with FEDRAMP-specific host
 1. Optionally configure DAP (Digital Analytics Program)

data/lib/generators/rails_template18f/active_storage/active_storage_generator.rb

@@ -34,11 +34,11 @@ module RailsTemplate18f
         middleware_installed = gem_installed?("faraday-multipart")
         sdk_installed = gem_installed?("aws-sdk-s3")
         return if faraday_installed && middleware_installed && sdk_installed
-        gem "faraday", "~> 2.10" unless faraday_installed
-        gem "faraday-multipart", "~> 1.0" unless middleware_installed
+        gem "faraday", "~> 2.12" unless faraday_installed
+        gem "faraday-multipart", "~> 1.1" unless middleware_installed
         unless sdk_installed
           gem_group :production do
-            gem "aws-sdk-s3", "~> 1.159"
+            gem "aws-sdk-s3", "~> 1.176"
           end
         end
         bundle_install
@@ -55,7 +55,7 @@ module RailsTemplate18f
       end
 
       def configure_local_clamav_runner
-        append_to_file "Procfile.dev", "clamav: docker run --rm -p 9443:9443 ajilaag/clamav-rest:20211229\n"
+        append_to_file "Procfile.dev", "clamav: docker run --rm -p 9443:9443 ghcr.io/gsa-tts/clamav-rest/clamav:latest\n"
       end
 
       def configure_clamav_env_var
@@ -64,8 +64,9 @@ module RailsTemplate18f
           # CLAMAV_API_URL tells FileScanJob where to send files for virus scans
           CLAMAV_API_URL=https://localhost:9443
         EOM
-        insert_into_file "manifest.yml", "    CLAMAV_API_URL: \"https://#{app_name}-clamapi-((env)).apps.internal:9443\"\n", before: /^\s+processes:/
-        insert_into_file "manifest.yml", "\n  - #{app_name}-s3-((env))", after: "services:"
+        insert_into_file file_path("terraform/app.tf"), <<EOT, after: "environment = {\n"
+    CLAMAV_API_URL = "https://#{app_name}-clamapi-${var.env}.apps.internal:61443"
+EOT
       end
 
       def update_boundary_diagram

data/lib/generators/rails_template18f/circleci/circleci_generator.rb

@@ -6,7 +6,7 @@ module RailsTemplate18f
   module Generators
     class CircleciGenerator < ::Rails::Generators::Base
       include Base
-      include PipelineOptions
+      include CloudGovOptions
 
       desc <<~DESC
         Description:
@@ -82,44 +82,46 @@ EOB
         def readme_staging_deploy
           <<~EOM
 
-            Deploys to staging#{terraform? ? ", including applying changes in terraform," : ""} happen
-            on every push to the `main` branch in GitHub.
+            Deploys to staging happen via terraform on every push to the `main` branch in GitHub.
 
             The following secrets must be set within [CircleCI Environment Variables](https://circleci.com/docs/2.0/env-vars/)
             to enable a deploy to work:
 
             | Secret Name | Description |
             | ----------- | ----------- |
-            | `CF_STAGING_USERNAME` | cloud.gov SpaceDeployer username |
-            | `CF_STAGING_PASSWORD` | cloud.gov SpaceDeployer password |
+            | `CF_USERNAME` | cloud.gov SpaceDeployer username |
+            | `CF_PASSWORD` | cloud.gov SpaceDeployer password |
             | `RAILS_MASTER_KEY` | `config/master.key` |
             #{terraform_secret_values}
           EOM
         end
 
         def readme_prod_deploy
-          <<~EOM
-
-            Deploys to production#{terraform? ? ", including applying changes in terraform," : ""} happen
-            on every push to the `production` branch in GitHub.
-
-            The following secrets must be set within [CircleCI Environment Variables](https://circleci.com/docs/2.0/env-vars/)
-            to enable a deploy to work:
-
-            | Secret Name | Description |
-            | ----------- | ----------- |
-            | `CF_PRODUCTION_USERNAME` | cloud.gov SpaceDeployer username |
-            | `CF_PRODUCTION_PASSWORD` | cloud.gov SpaceDeployer password |
-            | `PRODUCTION_RAILS_MASTER_KEY` | `config/credentials/production.key` |
-            #{terraform_secret_values}
-          EOM
+          if terraform_manage_spaces?
+            <<~EOM
+
+              Deploys to production happen via terraform on every push to the `production` branch in GitHub.
+
+              The following secrets must be set within [CircleCI Environment Variables](https://circleci.com/docs/2.0/env-vars/)
+              to enable a deploy to work:
+
+              | Secret Name | Description |
+              | ----------- | ----------- |
+              | `CF_USERNAME` | cloud.gov SpaceDeployer username, if different value than staging, update name in .circleci/config.yml |
+              | `CF_PASSWORD` | cloud.gov SpaceDeployer password, if different value than staging, update name in .circleci/config.yml |
+              | `PRODUCTION_RAILS_MASTER_KEY` | `config/credentials/production.key` |
+              #{terraform_secret_values}
+            EOM
+          else
+            "Production deploys are not supported in the sandbox organization."
+          end
         end
 
         def readme_credentials
           <<~EOM
 
             1. Store variables that must be secret using [CircleCI Environment Variables](https://circleci.com/docs/2.0/env-vars/)
-            1. Add the appropriate `--var` addition to the `cf push` line on the deploy job
+            1. Add the appropriate entries to the "Set terraform variables" steps in .circleci/config.yml
           EOM
         end
       end
@@ -127,12 +129,11 @@ EOB
       private
 
       def terraform_secret_values
-        if terraform?
-          <<~EOM
-            | `AWS_ACCESS_KEY_ID` | Access key for terraform state bucket |
-            | `AWS_SECRET_ACCESS_KEY` | Secret key for terraform state bucket |
-          EOM
-        end
+        <<~EOM
+          | `AWS_ACCESS_KEY_ID` | Access key for terraform state bucket |
+          | `AWS_SECRET_ACCESS_KEY` | Secret key for terraform state bucket |
+          | `TERRAFORM_STATE_BUCKET_NAME` | Bucket name for terraform state bucket |
+        EOM
       end
     end
   end

data/lib/generators/rails_template18f/circleci/templates/Dockerfile.ci.tt

@@ -8,6 +8,5 @@ RUN bundle install --deployment
 RUN yarn install --frozen-lockfile
 
 ENV RAILS_ENV=ci
-RUN bundle exec rake assets:precompile
 
 CMD ["./bin/ci-server-start"]