rails_template_18f 2.0.0 → 2.2.0

data/template.rb

@@ -99,8 +99,13 @@ end
 cloud_gov_staging_space = default_staging_space if cloud_gov_staging_space.blank?
 cloud_gov_production_space = default_prod_space if cloud_gov_production_space.blank?
 
+@gitlab_ci = yes?("Create GitLab CI config? (y/n)")
 @github_actions = yes?("Create GitHub Actions? (y/n)")
 @circleci_pipeline = yes?("Create CircleCI config? (y/n)")
+local_terraform_backend = false
+unless [@gitlab_ci, @github_actions, @circleci_pipeline].any?
+  local_terraform_backend = yes?("Use a local file to store terraform state? This is only appropriate for short-lived proofs of concept but will make it easier to deploy for a single dev. (y/n)")
+end
 newrelic = yes?("Create FEDRAMP New Relic config files? (y/n)")
 dap = yes?("If this will be a public site, should we include Digital Analytics Program code? (y/n)")
 supported_languages = []
@@ -127,20 +132,27 @@ register_announcement("Documentation", <<~EOM)
 EOM
 
 # do early so later generators register files in the correct location
-if compliance_trestle
-  after_bundle do
-    generator_arguments = []
-    generator_arguments << "--oscal_repo=#{compliance_trestle_repo}" if compliance_trestle_submodule
-    generator_arguments << "--ci=github" if @github_actions
-    generate "rails_template18f:oscal", *generator_arguments
-  end
-  register_announcement("OSCAL Documentation", <<~EOM)
-    OSCAL files have been generated with some default implementation statements in `doc/compliance/oscal`
+run_oscal_generator = ->(register_announcement = false) {
+  if compliance_trestle
+    after_bundle do
+      generator_arguments = []
+      generator_arguments << "--oscal_repo=#{compliance_trestle_repo}" if compliance_trestle_submodule
+      generator_arguments << "--ci=github" if @github_actions
+      generator_arguments << "--ci=gitlab" if @gitlab_ci
+      generator_arguments << "--ci=circleci" if @circleci_pipeline
+      generate "rails_template18f:oscal", *generator_arguments
+    end
+    if register_announcement
+      register_announcement("OSCAL Documentation", <<~EOM)
+        OSCAL files have been generated with some default implementation statements in `doc/compliance/oscal`
 
-    All generated statements must be reviewed for accuracy with your system's implementation before being
-    submitted for authorization.
-  EOM
-end
+        All generated statements must be reviewed for accuracy with your system's implementation before being
+        submitted for authorization.
+      EOM
+    end
+  end
+}
+run_oscal_generator.call(true)
 
 # ensure dependencies are installed
 copy_file "Brewfile"
@@ -193,7 +205,7 @@ chmod "bin/ops/create_service_account.sh", 0o755
 chmod "bin/ops/destroy_service_account.sh", 0o755
 chmod "bin/ops/set_space_egress.sh", 0o755
 copy_file "pa11y.js"
-copy_file "pa11yci.js"
+template "pa11yci.js"
 copy_file "editorconfig", ".editorconfig"
 copy_file "zap.conf"
 after_bundle do
@@ -398,13 +410,19 @@ after_bundle do
     "--cg-staging=#{cloud_gov_staging_space}",
     "--cg-prod=#{cloud_gov_production_space}"
   ]
+  if @gitlab_ci
+    generator_arguments << "--backend=gitlab"
+  elsif local_terraform_backend
+    generator_arguments << "--backend=local"
+  end
   generate "rails_template18f:terraform", *generator_arguments
 end
 if cloud_gov_org_tktk?
   register_announcement("Terraform", <<~EOM)
-    Fill in the cloud.gov organization information in:
+    Fill in the cloud.gov organization and space information in:
       * terraform/bootstrap/main.tf
       * terraform/main.tf
+      * terraform/*.tfvars
   EOM
 end
 register_announcement("Terraform", "Run the bootstrap script and update the appropriate CI/CD environment variables defined in the Deployment section of the README")
@@ -430,11 +448,6 @@ if @github_actions
     ]
     generate "rails_template18f:github_actions", *generator_arguments
   end
-  if cloud_gov_org_tktk?
-    register_announcement("GitHub Actions", <<~EOM)
-      * Fill in the cloud.gov organization information in .github/workflows/deploy-staging.yml
-    EOM
-  end
   register_announcement("GitHub Actions", <<~EOM)
     * Create environment variable secrets for deploy users as defined in the Deployment section of the README
   EOM
@@ -449,16 +462,28 @@ if @circleci_pipeline
     ]
     generate "rails_template18f:circleci", *generator_arguments
   end
-  if cloud_gov_org_tktk?
-    register_announcement("CircleCI", <<~EOM)
-      * Fill in the cloud.gov organization information in .circleci/config.yml
-    EOM
-  end
   register_announcement("CircleCI", <<~EOM)
     * Create project environment variables for deploy users as defined in the Deployment section of the README
   EOM
 end
 
+if @gitlab_ci
+  after_bundle do
+    generator_arguments = [
+      "--cg-org=#{@cloud_gov_organization}",
+      "--cg-staging=#{cloud_gov_staging_space}",
+      "--cg-prod=#{cloud_gov_production_space}"
+    ]
+    generate "rails_template18f:gitlab_ci", *generator_arguments
+  end
+  register_announcement("GitLab CI", <<~EOM)
+    * Create project environment variables for deploy users as defined in the Deployment section of the README
+  EOM
+end
+
+# rerun so we can update the correct CI systems
+run_oscal_generator.call
+
 if auditree
   after_bundle do
     generate "rails_template18f:auditree", "--evidence_locker=#{auditree_evidence_repo}"

data/templates/{pa11yci.js → pa11yci.js.tt}

@@ -2,7 +2,12 @@ let defaults = require("./pa11y.js");
 
 // set chrome path for github actions
 defaults.defaults.chromeLaunchConfig = {
+  <% if @gitlab_ci %>
+  "executablePath": "/usr/bin/chromium",
+  "args": ["--no-sandbox"]
+  <% else %>
   "executablePath": "/usr/bin/google-chrome"
+  <% end %>
 };
 
 module.exports = defaults;

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: rails_template_18f
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Ryan Ahearn
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-01-16 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -108,7 +107,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.43'
-description:
 email:
 - ryan.ahearn@gsa.gov
 executables:
@@ -140,6 +138,7 @@ files:
 - lib/generators/rails_template18f/auditree/templates/bin/auditree.tt
 - lib/generators/rails_template18f/auditree/templates/github/actions/auditree-cmd/action.yml.tt
 - lib/generators/rails_template18f/auditree/templates/github/workflows/auditree-validation.yml.tt
+- lib/generators/rails_template18f/auditree/templates/gitlab/auditree.yml.tt
 - lib/generators/rails_template18f/circleci/circleci_generator.rb
 - lib/generators/rails_template18f/circleci/templates/Dockerfile.ci.tt
 - lib/generators/rails_template18f/circleci/templates/bin/ci-server-start
@@ -156,7 +155,6 @@ files:
 - lib/generators/rails_template18f/github_actions/templates/github/actions/setup-languages/action.yml.tt
 - lib/generators/rails_template18f/github_actions/templates/github/actions/setup-project/action.yml.tt
 - lib/generators/rails_template18f/github_actions/templates/github/dependabot.yml.tt
-- lib/generators/rails_template18f/github_actions/templates/github/workflows/assemble-ssp.yml.tt
 - lib/generators/rails_template18f/github_actions/templates/github/workflows/brakeman-analysis.yml
 - lib/generators/rails_template18f/github_actions/templates/github/workflows/dependency-scans.yml
 - lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml
@@ -167,8 +165,13 @@ files:
 - lib/generators/rails_template18f/github_actions/templates/github/workflows/rspec.yml.tt
 - lib/generators/rails_template18f/github_actions/templates/github/workflows/terraform-production.yml
 - lib/generators/rails_template18f/github_actions/templates/github/workflows/terraform-staging.yml
-- lib/generators/rails_template18f/github_actions/templates/github/workflows/validate-ssp.yml
 - lib/generators/rails_template18f/github_actions/templates/oscal/component-definitions/github_actions/component-definition.json.tt
+- lib/generators/rails_template18f/gitlab_ci/gitlab_ci_generator.rb
+- lib/generators/rails_template18f/gitlab_ci/templates/gitlab-ci.yml.tt
+- lib/generators/rails_template18f/gitlab_ci/templates/gitlab/node.yml.tt
+- lib/generators/rails_template18f/gitlab_ci/templates/gitlab/rails.yml
+- lib/generators/rails_template18f/gitlab_ci/templates/gitlab/ruby.yml
+- lib/generators/rails_template18f/gitlab_ci/templates/gitlab/terraform.yml
 - lib/generators/rails_template18f/i18n/i18n_generator.rb
 - lib/generators/rails_template18f/i18n/templates/config/locales/en.yml.tt
 - lib/generators/rails_template18f/i18n/templates/config/locales/es.yml
@@ -186,26 +189,33 @@ files:
 - lib/generators/rails_template18f/oscal/templates/bin/trestle.tt
 - lib/generators/rails_template18f/oscal/templates/doc/compliance/oscal/trestle-config.yaml.tt
 - lib/generators/rails_template18f/oscal/templates/github/actions/trestle-cmd/action.yml.tt
+- lib/generators/rails_template18f/oscal/templates/github/workflows/assemble-ssp.yml.tt
+- lib/generators/rails_template18f/oscal/templates/github/workflows/validate-ssp.yml
+- lib/generators/rails_template18f/oscal/templates/gitlab/trestle.yml.tt
 - lib/generators/rails_template18f/public_egress/public_egress_generator.rb
 - lib/generators/rails_template18f/rails_erd/rails_erd_generator.rb
 - lib/generators/rails_template18f/rails_erd/templates/erdconfig
 - lib/generators/rails_template18f/sidekiq/sidekiq_generator.rb
 - lib/generators/rails_template18f/sidekiq/templates/config/initializers/redis.rb
-- lib/generators/rails_template18f/terraform/templates/full_bootstrap/imports.tf.tftpl
-- lib/generators/rails_template18f/terraform/templates/full_bootstrap/main.tf.tt
-- lib/generators/rails_template18f/terraform/templates/sandbox_bootstrap/imports.tf.tftpl
-- lib/generators/rails_template18f/terraform/templates/sandbox_bootstrap/main.tf.tt
+- lib/generators/rails_template18f/terraform/templates/gitlab_bootstrap/apply.sh
+- lib/generators/rails_template18f/terraform/templates/gitlab_bootstrap/bot_secrets.tftpl
+- lib/generators/rails_template18f/terraform/templates/gitlab_bootstrap/main.tf.tt
+- lib/generators/rails_template18f/terraform/templates/gitlab_bootstrap/setup_shadowenv.sh
+- lib/generators/rails_template18f/terraform/templates/gitlab_bootstrap/users.auto.tfvars
+- lib/generators/rails_template18f/terraform/templates/s3_bootstrap/common/apply.sh
+- lib/generators/rails_template18f/terraform/templates/s3_bootstrap/common/templates/backend_config.tftpl
+- lib/generators/rails_template18f/terraform/templates/s3_bootstrap/common/templates/bot_secrets.tftpl
+- lib/generators/rails_template18f/terraform/templates/s3_bootstrap/common/users.auto.tfvars
+- lib/generators/rails_template18f/terraform/templates/s3_bootstrap/full/imports.tf.tftpl
+- lib/generators/rails_template18f/terraform/templates/s3_bootstrap/full/main.tf.tt
+- lib/generators/rails_template18f/terraform/templates/s3_bootstrap/sandbox/imports.tf.tftpl
+- lib/generators/rails_template18f/terraform/templates/s3_bootstrap/sandbox/main.tf.tt
+- lib/generators/rails_template18f/terraform/templates/terraform/.shadowenv.d/.gitignore
 - lib/generators/rails_template18f/terraform/templates/terraform/README.md.tt
 - lib/generators/rails_template18f/terraform/templates/terraform/app.tf.tt
-- lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/apply.sh
-- lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/templates/backend_config.tftpl
-- lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/templates/bot_secrets.tftpl
-- lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/users.auto.tfvars
 - lib/generators/rails_template18f/terraform/templates/terraform/main.tf.tt
 - lib/generators/rails_template18f/terraform/templates/terraform/production.tfvars.tt
 - lib/generators/rails_template18f/terraform/templates/terraform/providers.tf.tt
-- lib/generators/rails_template18f/terraform/templates/terraform/sandbox_bot/main.tf
-- lib/generators/rails_template18f/terraform/templates/terraform/sandbox_bot/run.sh
 - lib/generators/rails_template18f/terraform/templates/terraform/staging.tfvars.tt
 - lib/generators/rails_template18f/terraform/templates/terraform/terraform.sh.tt
 - lib/generators/rails_template18f/terraform/templates/terraform/variables.tf.tt
@@ -255,7 +265,7 @@ files:
 - templates/lib/tasks/cf.rake
 - templates/lib/tasks/scanning.rake
 - templates/pa11y.js
-- templates/pa11yci.js
+- templates/pa11yci.js.tt
 - templates/zap.conf
 homepage: https://github.com/18f/rails-template
 licenses: []
@@ -264,7 +274,6 @@ metadata:
   homepage_uri: https://github.com/18f/rails-template
   source_code_uri: https://github.com/18f/rails-template
   changelog_uri: https://github.com/18f/rails-template/blob/main/CHANGELOG.md
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -279,8 +288,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
-signing_key:
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Generators for creating an 18F-flavored Rails app
 test_files: []

data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/templates/backend_config.tftpl

@@ -1,8 +0,0 @@
-# remove this file after initializing your terraform
-# you can always regenerate it by running ./apply.sh
-# within the bootstrap module
-
-bucket     = "${creds.bucket}"
-region     = "${creds.region}"
-access_key = "${creds.access_key_id}"
-secret_key = "${creds.secret_access_key}"

data/lib/generators/rails_template18f/terraform/templates/terraform/sandbox_bot/main.tf

@@ -1,74 +0,0 @@
-terraform {
-  required_version = "~> 1.10"
-  required_providers {
-    cloudfoundry = {
-      source  = "cloudfoundry/cloudfoundry"
-      version = "1.1.0"
-    }
-  }
-  backend "local" {}
-}
-# empty config will let terraform borrow cf-cli's auth
-provider "cloudfoundry" {}
-
-variable "sandbox_name" {
-  type        = string
-  description = "Name of the sandbox environment we're deploying into"
-}
-
-locals {
-  sa_service_name    = "${var.sandbox_name}-local-deployer"
-  sa_key_name        = "deployer-access-key"
-  sa_bot_credentials = jsondecode(data.cloudfoundry_service_credential_binding.runner_sa_key.credential_bindings.0.credential_binding).credentials
-  sa_cf_username     = nonsensitive(local.sa_bot_credentials.username)
-}
-
-data "cloudfoundry_service_plans" "cg_service_account" {
-  name                  = "space-deployer"
-  service_offering_name = "cloud-gov-service-account"
-}
-data "terraform_remote_state" "bootstrap" {
-  backend = "local"
-  config = {
-    path = "${path.module}/../bootstrap/terraform.tfstate"
-  }
-}
-resource "cloudfoundry_service_instance" "runner_service_account" {
-  name         = local.sa_service_name
-  type         = "managed"
-  space        = data.terraform_remote_state.bootstrap.outputs.mgmt_space_id
-  service_plan = data.cloudfoundry_service_plans.cg_service_account.service_plans.0.id
-}
-
-resource "cloudfoundry_service_credential_binding" "runner_sa_key" {
-  name             = local.sa_key_name
-  service_instance = cloudfoundry_service_instance.runner_service_account.id
-  type             = "key"
-}
-data "cloudfoundry_service_credential_binding" "runner_sa_key" {
-  name             = local.sa_key_name
-  service_instance = cloudfoundry_service_instance.runner_service_account.id
-  depends_on       = [cloudfoundry_service_credential_binding.runner_sa_key]
-}
-
-data "cloudfoundry_user" "sa_user" {
-  name = local.sa_cf_username
-}
-resource "cloudfoundry_org_role" "sa_org_manager" {
-  user = data.cloudfoundry_user.sa_user.users.0.id
-  type = "organization_manager"
-  org  = data.terraform_remote_state.bootstrap.outputs.mgmt_org_id
-}
-
-resource "local_sensitive_file" "bot_secrets_file" {
-  filename        = "${path.module}/../secrets.auto.tfvars"
-  file_permission = "0600"
-
-  content = <<-EOT
-    # "${local.sa_service_name}"/"${local.sa_key_name}" generated by sandbox_bot terraform module.
-    # Run `./run.sh ${var.sandbox_name} destroy` in that directory to clean up
-
-    cf_user     = "${local.sa_cf_username}"
-    cf_password = "${local.sa_bot_credentials.password}"
-  EOT
-}

data/lib/generators/rails_template18f/terraform/templates/terraform/sandbox_bot/run.sh

@@ -1,17 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-if [[ $# -lt 2 ]]; then
-  echo "usage: $0 SANDBOX_NAME TERRAFORM_CMD [TERRAFORM_ARGS]"
-  echo "You must pass the sandbox_name as the first argument and terraform command as the second"
-  echo "All other arguments are passed as-is to terraform"
-  exit 1
-fi
-
-sandbox_name="$1"
-cmd="$2"
-shift 2
-
-terraform init -backend-config="path=$sandbox_name/terraform.tfstate" -reconfigure
-terraform "$cmd" -var sandbox_name="$sandbox_name" "$@"