rails_template_18f 2.0.0 → 2.1.0

data/lib/generators/rails_template18f/public_egress/public_egress_generator.rb

@@ -41,24 +41,6 @@ EOT
 EOT
       end
 
-      def setup_terraform_provider
-        insert_into_file file_path("terraform/providers.tf"), after: "required_providers {\n" do
-          <<-EOT
-    cloudfoundry-community = {
-      source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.53.1"
-    }
-          EOT
-        end
-        append_to_file file_path("terraform/providers.tf"), <<~EOT
-          provider "cloudfoundry-community" {
-            api_url  = "https://api.fr.cloud.gov"
-            user     = var.cf_user
-            password = var.cf_password
-          }
-        EOT
-      end
-
       def setup_proxy_vars
         create_file ".profile", <<~EOP unless file_exists?(".profile")
           ##
@@ -117,18 +99,19 @@ EOB
           <<~EOT
 
             module "egress_space" {
-              source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.1.0"
+              source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.3.0"
 
               cf_org_name          = local.cf_org_name
               cf_space_name        = "${var.cf_space_name}-egress"
               allow_ssh            = var.allow_space_ssh
               deployers            = local.space_deployers
               developers           = var.space_developers
+              auditors             = var.space_auditors
               security_group_names = ["public_networks_egress"]
             }
 
             module "egress_proxy" {
-              source = "github.com/gsa-tts/terraform-cloudgov//egress_proxy?ref=v2.1.0"
+              source = "github.com/gsa-tts/terraform-cloudgov//egress_proxy?ref=v2.3.0"
 
               cf_org_name     = local.cf_org_name
               cf_egress_space = module.egress_space.space
@@ -139,17 +122,18 @@ EOB
             }
 
             resource "cloudfoundry_network_policy" "egress_routing" {
-              provider = cloudfoundry-community
-              policy {
-                source_app      = cloudfoundry_app.app.id
-                destination_app = module.egress_proxy.app_id
-                port            = "61443"
-              }
-              policy {
-                source_app      = cloudfoundry_app.app.id
-                destination_app = module.egress_proxy.app_id
-                port            = "8080"
-              }
+              policies = [
+                {
+                  source_app      = cloudfoundry_app.app.id
+                  destination_app = module.egress_proxy.app_id
+                  port            = module.egress_proxy.https_port
+                },
+                {
+                  source_app      = cloudfoundry_app.app.id
+                  destination_app = module.egress_proxy.app_id
+                  port            = module.egress_proxy.http_port
+                }
+              ]
             }
 
             resource "cloudfoundry_service_instance" "egress_proxy_credentials" {

data/lib/generators/rails_template18f/terraform/templates/full_bootstrap/main.tf.tt

@@ -36,7 +36,7 @@ locals {
   s3_plan_name = "basic"
 }
 module "mgmt_space" {
-  source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.1.0"
+  source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.3.0"
 
   cf_org_name   = local.org_name
   cf_space_name = var.mgmt_space_name
@@ -44,7 +44,7 @@ module "mgmt_space" {
 }
 
 module "s3" {
-  source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v2.1.0"
+  source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v2.3.0"
 
   cf_space_id  = module.mgmt_space.space_id
   name         = "<%= app_name %>-terraform-state"

data/lib/generators/rails_template18f/terraform/templates/sandbox_bootstrap/main.tf.tt

@@ -30,7 +30,7 @@ data "cloudfoundry_space" "space" {
 }
 
 module "s3" {
-  source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v2.1.0"
+  source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v2.3.0"
 
   cf_space_id  = data.cloudfoundry_space.space.id
   name         = "<%= app_name %>-terraform-state"

data/lib/generators/rails_template18f/terraform/templates/terraform/README.md.tt

@@ -1,7 +1,6 @@
 # Terraform
 
 This directory holds the terraform module for maintaining the system infrastructure and deploying the application.
-
 <% unless terraform_manage_spaces? %>
 ## READ ME FIRST
 
@@ -16,7 +15,6 @@ bin/rails generate rails_template18f:terraform --cg-org=<ORG_NAME> --cg-staging=
 
 …to take full advantage of the generator, and then re-run your CI generator of choice to add production terraform plan and apply steps to your workflow.
 <% end %>
-
 ## Terraform State Credentials
 
 The `bootstrap` module is used to create an s3 bucket for later terraform runs to store their state in as well as
@@ -52,7 +50,8 @@ These steps only need to be run once per project.
 
 ### Steps:
 
-<% if terraform_manage_spaces? %>1. Create a new `sandbox-<NAME>.tfvars` file to hold variable values for your environment. A good starting point is copying `staging.tfvars` and editing it with your values.<% end %>
+<% if terraform_manage_spaces? %>1. Create a new `sandbox-<NAME>.tfvars` file to hold variable values for your environment. A good starting point is copying `staging.tfvars` and editing it with your values
+1. Add a `cf_user = "your.email@agency.gov"` line to the `sandbox-<NAME>.tfvars` file<% end %>
 
 1. Run terraform plan with:
     ```bash
@@ -81,12 +80,7 @@ These steps only need to be run once per project.
 |  |- templates/
 |     |- backend_config.tftpl
 |     |- bot_secrets.tftpl
-|     |- imports.tf.tftpl<% if terraform_manage_spaces? %>
-|- sandbox_bot/
-|  |- main.tf
-|  |- run.sh
-|  |- <sandbox_name>/ (automatically generated)
-|     |- terraform.tfstate(.backup) (automatically generated)<% end %>
+|     |- imports.tf.tftpl
 |- dist/
 |  |- src.zip (automatically generated)
 |- README.md
@@ -111,7 +105,3 @@ In the bootstrap module:
 - `apply.sh` Helper script to either recreate the state locally or call `terraform apply` Any arguments are passed through to the `apply` call
 - `imports.tf` import blocks to create a new local state file when new developers need to access the state file. This file is automatically generated by calling `./apply.sh` and should be checked into git on any changes
 - `users.auto.tfvars` this file defines the list of cloud.gov accounts that should have access to the terraform state bucket
-
-In the sandbox_bot module:
-- `main.tf` sets up a cloud.gov SpaceDeployer to manage the sandbox environment and outputs its credentials into the main module `secrets.auto.tfvars`
-- `run.sh` Helper script to set up a separate local state file for each sandbox name. In normal use this will only ever be called by `./terraform.sh`

data/lib/generators/rails_template18f/terraform/templates/terraform/app.tf.tt

@@ -14,11 +14,6 @@ data "archive_file" "src" {
   ]
 }
 
-locals {
-  host_name = coalesce(var.host_name, "${local.app_name}-${var.env}")
-  domain    = coalesce(var.custom_domain_name, "app.cloud.gov")
-}
-
 resource "cloudfoundry_app" "app" {
   name       = "${local.app_name}-${var.env}"
   space_name = var.cf_space_name
@@ -28,7 +23,6 @@ resource "cloudfoundry_app" "app" {
   source_code_hash = data.archive_file.src.output_base64sha256
   buildpacks       = ["ruby_buildpack"]
   strategy         = "rolling"
-  routes           = [{ route = "${local.host_name}.${local.domain}" }]
 
   environment = {
     RAILS_ENV                = var.env

data/lib/generators/rails_template18f/terraform/templates/terraform/main.tf.tt

@@ -3,16 +3,16 @@ locals {
   app_name        = "<%= app_name %>"
   space_deployers = setunion([var.cf_user], var.space_deployers)
 }
-
 <% if terraform_manage_spaces? %>
 module "app_space" {
-  source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.1.0"
+  source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v2.3.0"
 
   cf_org_name          = local.cf_org_name
   cf_space_name        = var.cf_space_name
   allow_ssh            = var.allow_space_ssh
   deployers            = local.space_deployers
   developers           = var.space_developers
+  auditors             = var.space_auditors
   security_group_names = ["trusted_local_networks_egress"]
 }
 <% else %>
@@ -31,9 +31,8 @@ resource "cloudfoundry_security_group_space_bindings" "trusted_egress_binding" {
   running_spaces = [data.cloudfoundry_space.app_space.id]
 }
 <% end %>
-
 module "database" {
-  source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v2.1.0"
+  source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v2.3.0"
 
   cf_space_id   = <% if terraform_manage_spaces? %>module.app_space.space_id<% else %>data.cloudfoundry_space.app_space.id<% end %>
   name          = "${local.app_name}-rds-${var.env}"
@@ -43,7 +42,7 @@ module "database" {
 }
 <% if has_active_job? %>
 module "redis" {
-  source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v2.1.0"
+  source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v2.3.0"
 
   cf_space_id     = <% if terraform_manage_spaces? %>module.app_space.space_id<% else %>data.cloudfoundry_space.app_space.id<% end %>
   name            = "${local.app_name}-redis-${var.env}"
@@ -51,10 +50,9 @@ module "redis" {
   # depends_on line is required only for initial creation and destruction. It can be commented out for updates if you see unwanted cascading effects
   depends_on = [module.app_space]<% end %>
 }
-<% end %>
-<% if has_active_storage? %>
+<% end %><% if has_active_storage? %>
 module "s3" {
-  source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v2.1.0"
+  source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v2.3.0"
 
   cf_space_id  = <% if terraform_manage_spaces? %>module.app_space.space_id<% else %>data.cloudfoundry_space.app_space.id<% end %>
   name         = "${local.app_name}-s3-${var.env}"
@@ -64,7 +62,7 @@ module "s3" {
 }
 
 module "clamav" {
-  source = "github.com/gsa-tts/terraform-cloudgov//clamav?ref=v2.1.0"
+  source = "github.com/gsa-tts/terraform-cloudgov//clamav?ref=v2.3.0"
 
   cf_org_name   = local.cf_org_name
   cf_space_name = var.cf_space_name
@@ -76,31 +74,44 @@ module "clamav" {
 }
 
 resource "cloudfoundry_network_policy" "clamav_routing" {
-  provider = cloudfoundry-community
-  policy {
+  policies = [{
     source_app      = cloudfoundry_app.app.id
     destination_app = module.clamav.app_id
     port            = "61443"
-  }
+  }]
 }
 <% end %>
-
-###########################################################################
+###########################################################################<% if terraform_manage_spaces? %>
+# Before setting var.custom_domain_name, ensure the ACME challenge record has been created:
+# See https://cloud.gov/docs/services/external-domain-service/#how-to-create-an-instance-of-this-service<% else %>
 # Before setting var.custom_domain_name, perform the following steps:
 # 1) Domain must be manually created by an OrgManager:
 #     cf create-domain var.cf_org_name var.domain_name
 # 2) ACME challenge record must be created.
-#     See https://cloud.gov/docs/services/external-domain-service/#how-to-create-an-instance-of-this-service
+#     See https://cloud.gov/docs/services/external-domain-service/#how-to-create-an-instance-of-this-service<% end %>
 ###########################################################################
 module "domain" {
   count  = (var.custom_domain_name == null ? 0 : 1)
-  source = "github.com/gsa-tts/terraform-cloudgov//domain?ref=v2.1.0"
+  source = "github.com/gsa-tts/terraform-cloudgov//domain?ref=v2.3.0"
 
   cf_org_name   = local.cf_org_name
   cf_space      = <% if terraform_manage_spaces? %>module.app_space.space<% else %>data.cloudfoundry_space.app_space<% end %>
   cdn_plan_name = "domain"
   domain_name   = var.custom_domain_name
+  create_domain = <%= terraform_manage_spaces? ? "true" : "false" %>
+  app_ids       = [cloudfoundry_app.app.id]
   host_name     = var.host_name<% if terraform_manage_spaces? %>
   # depends_on line is required only for initial creation and destruction. It can be commented out for updates if you see unwanted cascading effects
   depends_on = [module.app_space]<% end %>
 }
+module "app_route" {
+  count  = (var.custom_domain_name == null ? 1 : 0)
+  source = "github.com/gsa-tts/terraform-cloudgov//app_route?ref=v2.3.0"
+
+  cf_org_name   = local.cf_org_name
+  cf_space_name = var.cf_space_name
+  app_ids       = [cloudfoundry_app.app.id]
+  hostname      = coalesce(var.host_name, "${local.app_name}-${var.env}")<% if terraform_manage_spaces? %>
+  # depends_on line is required only for initial creation and destruction. It can be commented out for updates if you see unwanted cascading effects
+  depends_on = [module.app_space]<% end %>
+}

data/lib/generators/rails_template18f/terraform/templates/terraform/production.tfvars.tt

@@ -8,3 +8,6 @@ web_memory         = "512M"
 <% if has_active_storage? %>s3_plan_name       = "basic"<% end %>
 <% if has_active_job? %>redis_plan_name    = "TKTK-production-redis-plan"<% end %>
 <% if has_active_job? %>worker_memory      = "512M"<% end %>
+space_auditors = [
+  # enter cloud.gov usernames that should have access to audit logs
+]

data/lib/generators/rails_template18f/terraform/templates/terraform/providers.tf.tt

@@ -1,32 +1,18 @@
 terraform {
   required_version = "~> 1.10"
-  required_providers {<% if has_active_storage? %>
-    cloudfoundry-community = {
-      source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.53.1"
-    }<% end %>
+  required_providers {
     cloudfoundry = {
       source  = "cloudfoundry/cloudfoundry"
-      version = "1.2.0"
+      version = "1.5.0"
     }
   }
 
   backend "s3" {
-    encrypt      = true
-    use_lockfile = true
-    region       = "us-gov-west-1"
+    encrypt           = true
+    use_lockfile      = true
+    use_fips_endpoint = true
+    region            = "us-gov-west-1"
   }
 }
 
-provider "cloudfoundry" {
-  api_url  = "https://api.fr.cloud.gov"
-  user     = var.cf_user
-  password = var.cf_password
-}
-<% if has_active_storage? %>
-provider "cloudfoundry-community" {
-  api_url  = "https://api.fr.cloud.gov"
-  user     = var.cf_user
-  password = var.cf_password
-}
-<% end %>
+provider "cloudfoundry" {}

data/lib/generators/rails_template18f/terraform/templates/terraform/terraform.sh.tt

@@ -83,27 +83,9 @@ if [[ $tfm_needs_init = true ]]; then
     echo "=============================================================================================================="
     echo "= Recreating backend config file. It is fine if this step wants to delete any local_sensitive_file resources"
     echo "=============================================================================================================="
-    (cd bootstrap && ./apply.sh $force)
+    (cd bootstrap && ./apply.sh -auto-approve)
   fi
   terraform init -backend-config=secrets.backend.tfvars -backend-config="key=terraform.tfstate.$env" -reconfigure
-fi
-
-echo "=============================================================================================================="
-echo "= Creating a bot deployer for $env"
-echo "=============================================================================================================="
-<% if terraform_manage_spaces? %>
-if [[ "$env" = "staging" ]] || [[ "$env" = "production" ]]; then
-  (cd bootstrap && ./apply.sh -var create_bot_secrets_file=true $force)
-else
-  (cd sandbox_bot && ./run.sh "$env" apply $force)
-fi
-<% else %>
-if [[ ! -f secrets.auto.tfvars ]]; then
-  ../bin/ops/create_service_account.sh -s <%= cloud_gov_staging_space %> -u terraform-deployer -n > secrets.auto.tfvars
-fi
-<% end %>
-
-if [[ -f secrets.backend.tfvars ]]; then
   rm secrets.backend.tfvars
 fi
 
@@ -111,25 +93,3 @@ echo "==========================================================================
 echo "= Calling $cmd $force on the application infrastructure"
 echo "=============================================================================================================="
 terraform "$cmd" -var-file="$env.tfvars" -var rails_master_key="$rmk" $force "$@"
-
-<% if terraform_manage_spaces? %>
-if [[ "$cmd" = "destroy" ]] && [[ "$env" != "staging" ]] && [[ "$env" != "production" ]]; then
-<% else %>
-if [[ "$cmd" = "destroy" ]]; then
-<% end %>
-  if [[ -z "$force" ]]; then
-    read -p "Destroy the sandbox_bot user? (y/n) " confirm
-    if [[ "$confirm" != "y" ]]; then
-      exit 0
-    fi
-  fi
-  echo "=============================================================================================================="
-  echo "= Destroying the sandbox_bot user"
-  echo "=============================================================================================================="
-<% if terraform_manage_spaces? %>
-  (cd sandbox_bot && ./run.sh "$env" destroy -auto-approve)
-<% else %>
-  ../bin/ops/destroy_service_account.sh -s <%= cloud_gov_staging_space %> -u terraform-deployer
-  rm secrets.auto.tfvars
-<% end %>
-fi

data/lib/generators/rails_template18f/terraform/templates/terraform/variables.tf.tt

@@ -1,19 +1,14 @@
 # Deploy user settings
 variable "cf_user" {
   type        = string
-  description = "The service account running the terraform"
-}
-variable "cf_password" {
-  type        = string
-  sensitive   = true
-  description = "The service account password"
+  description = "The user email or service account running the terraform"
 }
 
 # app_space settings
 variable "cf_space_name" {
   type        = string
   description = "The space name to deploy the app into"
-}
+}<% if terraform_manage_spaces? %>
 variable "space_deployers" {
   type        = set(string)
   default     = []
@@ -24,11 +19,16 @@ variable "space_developers" {
   default     = []
   description = "A list of users to be granted SpaceDeveloper on cf_space_name"
 }
+variable "space_auditors" {
+  type        = set(string)
+  default     = []
+  description = "A list of users to be granted SpaceAuditor on cf_space_name"
+}
 variable "allow_space_ssh" {
   type        = bool
   default     = false
   description = "Whether to allow ssh to cf_space_name"
-}
+}<% end %>
 
 # supporting services settings
 variable "rds_plan_name" {
@@ -50,7 +50,6 @@ variable "s3_plan_name" {
   description = "The name of the s3 plan to use"
 }
 <% end %>
-
 # routing settings
 variable "custom_domain_name" {
   type        = string

data/lib/generators/rails_template18f/terraform/terraform_generator.rb

@@ -23,7 +23,6 @@ module RailsTemplate18f
           template "sandbox_bootstrap/main.tf", "terraform/bootstrap/main.tf"
           copy_file "sandbox_bootstrap/imports.tf.tftpl", "terraform/bootstrap/templates/imports.tf.tftpl"
           remove_file "terraform/bootstrap/users.auto.tfvars"
-          remove_dir "terraform/sandbox_bot"
           remove_file "terraform/production.tfvars"
         end
       end

data/lib/rails_template18f/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RailsTemplate18f
-  VERSION = "2.0.0"
+  VERSION = "2.1.0"
 end

data/template.rb

@@ -99,6 +99,7 @@ end
 cloud_gov_staging_space = default_staging_space if cloud_gov_staging_space.blank?
 cloud_gov_production_space = default_prod_space if cloud_gov_production_space.blank?
 
+@gitlab_ci = yes?("Create GitLab CI config? (y/n)")
 @github_actions = yes?("Create GitHub Actions? (y/n)")
 @circleci_pipeline = yes?("Create CircleCI config? (y/n)")
 newrelic = yes?("Create FEDRAMP New Relic config files? (y/n)")
@@ -132,6 +133,8 @@ if compliance_trestle
     generator_arguments = []
     generator_arguments << "--oscal_repo=#{compliance_trestle_repo}" if compliance_trestle_submodule
     generator_arguments << "--ci=github" if @github_actions
+    generator_arguments << "--ci=gitlab" if @gitlab_ci
+    generator_arguments << "--ci=circleci" if @circleci_pipeline
     generate "rails_template18f:oscal", *generator_arguments
   end
   register_announcement("OSCAL Documentation", <<~EOM)
@@ -193,7 +196,7 @@ chmod "bin/ops/create_service_account.sh", 0o755
 chmod "bin/ops/destroy_service_account.sh", 0o755
 chmod "bin/ops/set_space_egress.sh", 0o755
 copy_file "pa11y.js"
-copy_file "pa11yci.js"
+template "pa11yci.js"
 copy_file "editorconfig", ".editorconfig"
 copy_file "zap.conf"
 after_bundle do
@@ -402,9 +405,10 @@ after_bundle do
 end
 if cloud_gov_org_tktk?
   register_announcement("Terraform", <<~EOM)
-    Fill in the cloud.gov organization information in:
+    Fill in the cloud.gov organization and space information in:
       * terraform/bootstrap/main.tf
       * terraform/main.tf
+      * terraform/*.tfvars
   EOM
 end
 register_announcement("Terraform", "Run the bootstrap script and update the appropriate CI/CD environment variables defined in the Deployment section of the README")
@@ -430,11 +434,6 @@ if @github_actions
     ]
     generate "rails_template18f:github_actions", *generator_arguments
   end
-  if cloud_gov_org_tktk?
-    register_announcement("GitHub Actions", <<~EOM)
-      * Fill in the cloud.gov organization information in .github/workflows/deploy-staging.yml
-    EOM
-  end
   register_announcement("GitHub Actions", <<~EOM)
     * Create environment variable secrets for deploy users as defined in the Deployment section of the README
   EOM
@@ -449,16 +448,25 @@ if @circleci_pipeline
     ]
     generate "rails_template18f:circleci", *generator_arguments
   end
-  if cloud_gov_org_tktk?
-    register_announcement("CircleCI", <<~EOM)
-      * Fill in the cloud.gov organization information in .circleci/config.yml
-    EOM
-  end
   register_announcement("CircleCI", <<~EOM)
     * Create project environment variables for deploy users as defined in the Deployment section of the README
   EOM
 end
 
+if @gitlab_ci
+  after_bundle do
+    generator_arguments = [
+      "--cg-org=#{@cloud_gov_organization}",
+      "--cg-staging=#{cloud_gov_staging_space}",
+      "--cg-prod=#{cloud_gov_production_space}"
+    ]
+    generate "rails_template18f:gitlab_ci", *generator_arguments
+  end
+  register_announcement("GitLab CI", <<~EOM)
+    * Create project environment variables for deploy users as defined in the Deployment section of the README
+  EOM
+end
+
 if auditree
   after_bundle do
     generate "rails_template18f:auditree", "--evidence_locker=#{auditree_evidence_repo}"

data/templates/{pa11yci.js → pa11yci.js.tt}

@@ -2,7 +2,12 @@ let defaults = require("./pa11y.js");
 
 // set chrome path for github actions
 defaults.defaults.chromeLaunchConfig = {
+  <% if @gitlab_ci %>
+  "executablePath": "/usr/bin/chromium",
+  "args": ["--no-sandbox"]
+  <% else %>
   "executablePath": "/usr/bin/google-chrome"
+  <% end %>
 };
 
 module.exports = defaults;

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: rails_template_18f
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.0
 platform: ruby
 authors:
 - Ryan Ahearn
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-01-16 00:00:00.000000000 Z
+date: 2025-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -108,7 +107,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.43'
-description:
 email:
 - ryan.ahearn@gsa.gov
 executables:
@@ -169,6 +167,12 @@ files:
 - lib/generators/rails_template18f/github_actions/templates/github/workflows/terraform-staging.yml
 - lib/generators/rails_template18f/github_actions/templates/github/workflows/validate-ssp.yml
 - lib/generators/rails_template18f/github_actions/templates/oscal/component-definitions/github_actions/component-definition.json.tt
+- lib/generators/rails_template18f/gitlab_ci/gitlab_ci_generator.rb
+- lib/generators/rails_template18f/gitlab_ci/templates/gitlab-ci.yml.tt
+- lib/generators/rails_template18f/gitlab_ci/templates/gitlab/node.yml.tt
+- lib/generators/rails_template18f/gitlab_ci/templates/gitlab/rails.yml
+- lib/generators/rails_template18f/gitlab_ci/templates/gitlab/ruby.yml
+- lib/generators/rails_template18f/gitlab_ci/templates/gitlab/terraform.yml
 - lib/generators/rails_template18f/i18n/i18n_generator.rb
 - lib/generators/rails_template18f/i18n/templates/config/locales/en.yml.tt
 - lib/generators/rails_template18f/i18n/templates/config/locales/es.yml
@@ -204,8 +208,6 @@ files:
 - lib/generators/rails_template18f/terraform/templates/terraform/main.tf.tt
 - lib/generators/rails_template18f/terraform/templates/terraform/production.tfvars.tt
 - lib/generators/rails_template18f/terraform/templates/terraform/providers.tf.tt
-- lib/generators/rails_template18f/terraform/templates/terraform/sandbox_bot/main.tf
-- lib/generators/rails_template18f/terraform/templates/terraform/sandbox_bot/run.sh
 - lib/generators/rails_template18f/terraform/templates/terraform/staging.tfvars.tt
 - lib/generators/rails_template18f/terraform/templates/terraform/terraform.sh.tt
 - lib/generators/rails_template18f/terraform/templates/terraform/variables.tf.tt
@@ -255,7 +257,7 @@ files:
 - templates/lib/tasks/cf.rake
 - templates/lib/tasks/scanning.rake
 - templates/pa11y.js
-- templates/pa11yci.js
+- templates/pa11yci.js.tt
 - templates/zap.conf
 homepage: https://github.com/18f/rails-template
 licenses: []
@@ -264,7 +266,6 @@ metadata:
   homepage_uri: https://github.com/18f/rails-template
   source_code_uri: https://github.com/18f/rails-template
   changelog_uri: https://github.com/18f/rails-template/blob/main/CHANGELOG.md
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -279,8 +280,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Generators for creating an 18F-flavored Rails app
 test_files: []