rails_template_18f 2.1.0 → 2.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c98e855c8844d55ba478f2fe9a0bac27cea41e417e7f76b2be22f97c5363963c
-  data.tar.gz: 5eeb6079ee3d68350ee473aec5156fd54f2f47d837a1230ac62080b223960220
+  metadata.gz: c3ca664ff6618dfdbbd5253b5a58ed43487d7a268cce07bded46840c96353cf6
+  data.tar.gz: 27084955f39ced3910a073008f14fec6630c11607429cdbf9cd1b6f61af0b9f7
 SHA512:
-  metadata.gz: 24df2ba12417ab9754e851406fc9c77b21c23b21206f7760dd0ba23d0793f25b3fad5c8a57fbf2c5f9743cb8e0edd2bbe6a89b4f8603342f9ec893f3a28bdb34
-  data.tar.gz: 681823d0918b7ddacde8372051d85f8636954b92aa97467655b89e7d5ac3580768b31d1b7e12d27cd8d2a296c92769ae065b578dbb1b143aa8dbb15e9927fcde
+  metadata.gz: 9fb5460862865efea3faeb5cf6e1f220e725b57e83c0eb4b3178d486169be2e6e5f6cc3185a621c05ac50a9cdda068e11eb3ae9efba2ae17ce2041fe64e9a41f
+  data.tar.gz: f5826c6d647d2c0285b0399fccb74e91c2ff4c832f9b4d5ab9f89d89dc81302a7c1880aab76076a7fc81dcc906e45536261b0d5b367284581ff51a9c0751ec03

data/CHANGELOG.md

@@ -1,5 +1,17 @@
 ## [Unreleased]
 
+## [2.3.0] - 2025-11-25
+
+- Updates to Gitlab CI and Terraform generators for better workshop.cloud.gov support
+
+## [2.2.0] - 2025-06-27
+
+- Prevent non-compliant hostnames by replacing underscores with dashes
+- use shadowenv for configuring terraform backend secrets
+- use GitLab http backend for terraform state storage whenever configuring both terraform and GitLab CI
+- Create GitLabCI jobs for oscal and auditree generators
+- fixes for deploying to the sandbox-gsa cloug.gov org
+
 ## [2.1.0] - 2025-04-29
 
 - Terraform generator updates to remove the old cloudfoundy-community provider and reduce the need for cloud.gov service accounts

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rails_template_18f (2.1.0)
+    rails_template_18f (2.3.0)
       activesupport (~> 8.0.1)
       colorize (~> 1.1)
       railties (~> 8.0.1)
@@ -10,9 +10,9 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (8.0.1)
-      actionview (= 8.0.1)
-      activesupport (= 8.0.1)
+    actionpack (8.0.4)
+      actionview (= 8.0.4)
+      activesupport (= 8.0.4)
       nokogiri (>= 1.8.5)
       rack (>= 2.2.4)
       rack-session (>= 1.0.1)
@@ -20,13 +20,13 @@ GEM
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
       useragent (~> 0.16)
-    actionview (8.0.1)
-      activesupport (= 8.0.1)
+    actionview (8.0.4)
+      activesupport (= 8.0.4)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activesupport (8.0.1)
+    activesupport (8.0.4)
       base64
       benchmark (>= 0.3)
       bigdecimal
@@ -43,140 +43,155 @@ GEM
       activesupport (>= 3.0)
       railties (>= 3.0)
       rspec-rails (>= 2.2)
-    ast (2.4.2)
-    base64 (0.2.0)
-    benchmark (0.4.0)
-    bigdecimal (3.1.9)
+    ast (2.4.3)
+    base64 (0.3.0)
+    benchmark (0.5.0)
+    bigdecimal (3.3.1)
     builder (3.3.0)
-    byebug (11.1.3)
+    byebug (12.0.0)
     colorize (1.1.0)
-    concurrent-ruby (1.3.4)
-    connection_pool (2.4.1)
+    concurrent-ruby (1.3.5)
+    connection_pool (2.5.4)
     crass (1.0.6)
-    date (3.4.1)
-    diff-lcs (1.5.1)
-    drb (2.2.1)
+    date (3.5.0)
+    diff-lcs (1.6.2)
+    drb (2.2.3)
+    erb (6.0.0)
     erubi (1.13.1)
-    i18n (1.14.6)
+    i18n (1.14.7)
       concurrent-ruby (~> 1.0)
-    io-console (0.8.0)
-    irb (1.14.3)
+    io-console (0.8.1)
+    irb (1.15.3)
+      pp (>= 0.6.0)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
-    json (2.9.1)
-    language_server-protocol (3.17.0.3)
+    json (2.16.0)
+    language_server-protocol (3.17.0.5)
     lint_roller (1.1.0)
-    logger (1.6.4)
-    loofah (2.23.1)
+    logger (1.7.0)
+    loofah (2.24.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
-    minitest (5.25.4)
-    nokogiri (1.18.8-arm64-darwin)
+    minitest (5.26.2)
+    nokogiri (1.18.10-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.8-x86_64-darwin)
+    nokogiri (1.18.10-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.8-x86_64-linux-gnu)
+    nokogiri (1.18.10-x86_64-linux-gnu)
       racc (~> 1.4)
-    parallel (1.26.3)
-    parser (3.3.6.0)
+    parallel (1.27.0)
+    parser (3.3.10.0)
       ast (~> 2.4.1)
       racc
-    psych (5.2.2)
+    pp (0.6.3)
+      prettyprint
+    prettyprint (0.2.0)
+    prism (1.6.0)
+    psych (5.2.6)
       date
       stringio
     racc (1.8.1)
-    rack (3.1.12)
-    rack-session (2.0.0)
+    rack (3.2.4)
+    rack-session (2.1.1)
+      base64 (>= 0.1.0)
       rack (>= 3.0.0)
     rack-test (2.2.0)
       rack (>= 1.3)
     rackup (2.2.1)
       rack (>= 3)
-    rails-dom-testing (2.2.0)
+    rails-dom-testing (2.3.0)
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.6.2)
       loofah (~> 2.21)
       nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
-    railties (8.0.1)
-      actionpack (= 8.0.1)
-      activesupport (= 8.0.1)
+    railties (8.0.4)
+      actionpack (= 8.0.4)
+      activesupport (= 8.0.4)
       irb (~> 1.13)
       rackup (>= 1.0.0)
       rake (>= 12.2)
       thor (~> 1.0, >= 1.2.2)
+      tsort (>= 0.2)
       zeitwerk (~> 2.6)
     rainbow (3.1.1)
-    rake (13.2.1)
-    rdoc (6.10.0)
+    rake (13.3.1)
+    rdoc (6.15.1)
+      erb
       psych (>= 4.0.0)
-    regexp_parser (2.10.0)
-    reline (0.6.0)
+      tsort
+    regexp_parser (2.11.3)
+    reline (0.6.3)
       io-console (~> 0.5)
-    rspec (3.13.0)
+    rspec (3.13.2)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.2)
+    rspec-core (3.13.6)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.3)
+    rspec-expectations (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.2)
+    rspec-mocks (3.13.7)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-rails (7.1.0)
-      actionpack (>= 7.0)
-      activesupport (>= 7.0)
-      railties (>= 7.0)
+    rspec-rails (8.0.2)
+      actionpack (>= 7.2)
+      activesupport (>= 7.2)
+      railties (>= 7.2)
       rspec-core (~> 3.13)
       rspec-expectations (~> 3.13)
       rspec-mocks (~> 3.13)
       rspec-support (~> 3.13)
-    rspec-support (3.13.2)
-    rubocop (1.69.2)
+    rspec-support (3.13.6)
+    rubocop (1.80.2)
       json (~> 2.3)
-      language_server-protocol (>= 3.17.0)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.36.2, < 2.0)
+      rubocop-ast (>= 1.46.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.37.0)
-      parser (>= 3.3.1.0)
-    rubocop-performance (1.23.0)
-      rubocop (>= 1.48.1, < 2.0)
-      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-ast (1.48.0)
+      parser (>= 3.3.7.2)
+      prism (~> 1.4)
+    rubocop-performance (1.25.0)
+      lint_roller (~> 1.1)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.38.0, < 2.0)
     ruby-progressbar (1.13.0)
     securerandom (0.4.1)
-    standard (1.43.0)
+    standard (1.51.1)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)
-      rubocop (~> 1.69.1)
+      rubocop (~> 1.80.2)
       standard-custom (~> 1.0.0)
-      standard-performance (~> 1.6)
+      standard-performance (~> 1.8)
     standard-custom (1.0.2)
       lint_roller (~> 1.0)
       rubocop (~> 1.50)
-    standard-performance (1.6.0)
+    standard-performance (1.8.0)
       lint_roller (~> 1.1)
-      rubocop-performance (~> 1.23.0)
-    stringio (3.1.2)
-    thor (1.3.2)
+      rubocop-performance (~> 1.25.0)
+    stringio (3.1.8)
+    thor (1.4.0)
+    tsort (0.2.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (3.1.3)
-      unicode-emoji (~> 4.0, >= 4.0.4)
-    unicode-emoji (4.0.4)
-    uri (1.0.3)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.1.0)
+    uri (1.1.1)
     useragent (0.16.11)
-    zeitwerk (2.7.1)
+    zeitwerk (2.7.3)
 
 PLATFORMS
   arm64-darwin-23
+  arm64-darwin-24
   x86_64-darwin-20
   x86_64-darwin-21
   x86_64-linux

data/lib/generators/rails_template18f/active_storage/active_storage_generator.rb

@@ -20,12 +20,13 @@ module RailsTemplate18f
         environment "config.active_storage.service = :local", env: "ci"
         append_to_file "config/storage.yml", <<~EOYAML
 
+          <% cgc = CloudGovConfig.new %>
           amazon:
             service: S3
-            access_key_id: <%= CloudGovConfig.dig(:s3, :credentials, :access_key_id) %>
-            secret_access_key: <%= CloudGovConfig.dig(:s3, :credentials, :secret_access_key) %>
+            access_key_id: <%= cgc.dig(:s3, :credentials, :access_key_id) %>
+            secret_access_key: <%= cgc.dig(:s3, :credentials, :secret_access_key) %>
             region: us-gov-west-1
-            bucket: <%= CloudGovConfig.dig(:s3, :credentials, :bucket) %>
+            bucket: <%= cgc.dig(:s3, :credentials, :bucket) %>
         EOYAML
       end
 

data/lib/generators/rails_template18f/auditree/auditree_generator.rb

@@ -41,7 +41,7 @@ module RailsTemplate18f
             plant-helper -f /tmp/rspec.json -c assessment-plans -d "RSpec run assessment plan"
               -t 31536000 -l #{auditree_evidence_locker}
 
-      - name: Plan assessment results in evidence locker
+      - name: Plant assessment results in evidence locker
         uses: ./.github/actions/auditree-cmd
         env:
           GITHUB_TOKEN: ${{ secrets.AUDITREE_GITHUB_TOKEN }}
@@ -54,6 +54,19 @@ PLANT_HELPER_STEPS
         end
       end
 
+      def copy_gitlab_actions
+        if file_exists? ".gitlab-ci.yml"
+          directory "gitlab", ".gitlab"
+          insert_into_file ".gitlab-ci.yml", "  - local: \".gitlab/auditree.yml\"\n", after: /^include:\n/
+          insert_into_file ".gitlab-ci.yml", "  AUDITREE_VERSION: #{docker_auditree_tag}\n", after: /^variables:\n/
+          insert_into_file ".gitlab-ci.yml", <<EOY, after: /^\s+- bundle exec rspec\n/
+  artifacts:
+    paths:
+      - tmp/oscal/**/*
+EOY
+        end
+      end
+
       def update_readme
         if file_content("README.md").match?("## Documentation")
           insert_into_file "README.md", readme_contents, after: "## Documentation\n"
@@ -74,7 +87,7 @@ PLANT_HELPER_STEPS
         end
 
         def auditree_evidence_locker
-          options[:evidence_locker].present? ? options[:evidence_locker] : "https://github.com/GSA-TTS/TKTK_#{app_name}_evidence"
+          options[:evidence_locker].present? ? options[:evidence_locker] : "REPLACE_THIS_WITH_YOUR_EVIDENCE_LOCKER_REPO"
         end
 
         def git_email
@@ -98,10 +111,9 @@ PLANT_HELPER_STEPS
             1. Docker desktop must be running
             1. Initialize the config file with `bin/auditree init`
             1. Create an evidence locker repository with a default or blank README
-            1. Create a github personal access token to interact with the code repo and evidence locker and set as `AUDITREE_GITHUB_TOKEN` secret within your Github Actions secrets.
-            1. Update `config/auditree.template.json` with the repo addresses for your locker and code repos
-            #{(options[:evidence_locker].blank? && file_exists?(".github/workflows/rspec.yml")) ? "1. Update `.github/workflows/rspec.yml` with the locker repository URL" : ""}
-            1. Copy the `devtools_cloud_gov` component definition into the project with the latest docker-trestle
+            1. Update `config/auditree.template.json` with the repo address for your locker
+            #{ci_readme_contents.chomp}
+            1. Copy the `devtools_cloud_gov` component definition into the project with the latest docker-trestle after [setting up docker-trestle](#initial-trestle-setup)
 
             #### Ongoing use
 
@@ -109,6 +121,24 @@ PLANT_HELPER_STEPS
             auditree and using new checks.
           README
         end
+
+        def ci_readme_contents
+          if file_exists? ".gitlab-ci.yml"
+            <<~README
+              1. Remove the `repo_integrity` section of `config/auditree.template.json`
+              1. Create a gitlab personal access token with `write_repository` scope to interact with the code repo and evidence locker and set as `AUDITREE_GITLAB_TOKEN` secret within your CI/CD variables.
+              #{"1. Update `.gitlab/auditree.yml` with the locker repository URL" if options[:evidence_locker].blank?}
+            README
+          elsif file_exists? ".github/workflows"
+            <<~README
+              1. Update `config/auditree.template.json` with the repo address for your code repos
+              1. Create a github personal access token to interact with the code repo and evidence locker and set as `AUDITREE_GITHUB_TOKEN` secret within your Github Actions secrets.
+              #{"1. Update `.github/workflows/rspec.yml` with the locker repository URL" if options[:evidence_locker].blank?}
+            README
+          else
+            ""
+          end
+        end
       end
     end
   end

data/lib/generators/rails_template18f/auditree/templates/gitlab/auditree.yml.tt

@@ -0,0 +1,48 @@
+.auditree:setup:
+  inherit:
+    default: false
+  image: "ghcr.io/gsa-tts/auditree:${AUDITREE_VERSION}"
+  variables:
+    CDEF: "${CI_PROJECT_DIR}/doc/compliance/oscal/component-definitions/devtools_cloud_gov/component-definition.json"
+    AUDITREE_CONFIG: "${CI_PROJECT_DIR}/config/auditree.template.json"
+  before_script:
+    - git config --global user.name "$GITLAB_USER_NAME"
+    - git config --global user.email "$GITLAB_USER_EMAIL"
+    - cf api api.fr.cloud.gov
+    - cd $HOME
+    - export GITLAB_TOKEN="auditree-gitlab-token:${AUDITREE_GITLAB_TOKEN}"
+
+auditree:
+  extends: .auditree:setup
+  stage: scan
+  script:
+    - fetch -c "$CDEF" -t "$AUDITREE_CONFIG"
+    - check -c "$CDEF" -t "$AUDITREE_CONFIG" -o "$CI_PROJECT_DIR"
+  artifacts:
+    paths:
+      - auditree.json
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+
+rspec:plant:
+  extends: .auditree:setup
+  stage: test
+  needs: ["rspec"]
+  variables:
+    PLAN_FILE: "${CI_PROJECT_DIR}/tmp/oscal/assessment-plans/rspec/assessment-plan.json"
+    RESULT_FILE: "${CI_PROJECT_DIR}/tmp/oscal/assessment-results/rspec/assessment-results.json"
+  script:
+    - |
+      if [ -f "$PLAN_FILE" ]; then
+        plant-helper -f "$PLAN_FILE" -c assessment-plans -d "RSpec run assessment plan" -t 31536000 -l "<%= auditree_evidence_locker %>"
+      else
+        echo "No plan file, skipping plant"
+      fi
+    - |
+      if [ -f "$RESULT_FILE" ]; then
+        plant-helper -f "$RESULT_FILE" -c assessment-results -d "RSpec run assessment results" -t 31536000 -l "<%= auditree_evidence_locker %>"
+      else
+        echo "No result file, skipping plant"
+      fi
+  rules:
+    - if: $CI_PIPELINE_SOURCE != "schedule"

data/lib/generators/rails_template18f/circleci/templates/circleci/config.yml.tt

@@ -319,8 +319,10 @@ jobs:
             CF_USER: "$CF_USERNAME"
           path: terraform
           out: staging.out
-          var_file: staging.tfvars
+          var_file: staging.env.tfvars
           var: >-
+            environment_type="staging",
+            environment_slug="staging",
             rails_master_key="$RAILS_MASTER_KEY",
             cf_user="$CF_USERNAME",
       - persist_to_workspace:
@@ -368,8 +370,10 @@ jobs:
             CF_USER: "$CF_USERNAME"
           path: terraform
           out: production.out
-          var_file: production.tfvars
+          var_file: production.env.tfvars
           var: >-
+            environment_type="production",
+            environment_slug="production",
             rails_master_key="$PRODUCTION_RAILS_MASTER_KEY",
             cf_user="$CF_USERNAME",
       - persist_to_workspace:

data/lib/generators/rails_template18f/cloud_gov_config/cloud_gov_config_generator.rb

@@ -12,14 +12,6 @@ module RailsTemplate18f
           Install a helper class to retrieve configuration from ENV["VCAP_SERVICES"]
       DESC
 
-      def install_climate_control
-        return if gem_installed?("climate_control")
-        gem_group :test do
-          gem "climate_control", "~> 1.2"
-        end
-        bundle_install
-      end
-
       def install_model_and_test
         copy_file "app/models/cloud_gov_config.rb"
         copy_file "spec/models/cloud_gov_config_spec.rb"

data/lib/generators/rails_template18f/cloud_gov_config/templates/app/models/cloud_gov_config.rb

@@ -1,23 +1,14 @@
 # frozen_string_literal: true
 
 class CloudGovConfig
-  ENV_VARIABLE = "VCAP_SERVICES"
+  attr_reader :vcap_services
 
-  def self.dig(*path)
-    return nil if ENV[ENV_VARIABLE].blank?
-    first, *rest = path
-    vcap_services[first]&.first&.dig(*rest)
-  end
-
-  def self.vcap_services
-    if Rails.env.test?
-      parse_env
-    else
-      @vcap_services ||= parse_env
-    end
+  def initialize(env = ENV["VCAP_SERVICES"])
+    @vcap_services = env.blank? ? {} : JSON.parse(env).with_indifferent_access
   end
 
-  private_class_method def self.parse_env
-    JSON.parse(ENV[ENV_VARIABLE]).with_indifferent_access
+  def dig(*path)
+    first, *rest = path
+    vcap_services[first]&.first&.dig(*rest)
   end
 end

data/lib/generators/rails_template18f/cloud_gov_config/templates/spec/models/cloud_gov_config_spec.rb

@@ -3,35 +3,29 @@
 require "rails_helper"
 
 RSpec.describe CloudGovConfig, type: :model do
-  subject { described_class }
-
-  describe ".dig" do
-    context "VCAP_SERVICES is blank" do
-      it "returns nil" do
-        expect(subject.dig(:s3, :credentials, :bucket)).to be_nil
+  describe "#dig" do
+    [nil, "", "{}"].each do |blank|
+      context "VCAP_SERVICES is #{blank.inspect}" do
+        subject { described_class.new blank }
+        it "returns nil" do
+          expect(subject.dig(:s3, :credentials, :bucket)).to be_nil
+        end
       end
     end
 
     context "VCAP_SERVICES is set" do
+      subject { described_class.new vcap }
       let(:bucket_name) { "bucket-name" }
       let(:vcap) {
         {
-          s3: [
-            {
-              credentials: {
-                bucket: bucket_name
-              }
+          s3: [{
+            credentials: {
+              bucket: bucket_name
             }
-          ]
-        }
+          }]
+        }.to_json
       }
 
-      around do |example|
-        ClimateControl.modify VCAP_SERVICES: vcap.to_json do
-          example.run
-        end
-      end
-
       it "can find a path" do
         expect(subject.dig(:s3, :credentials, :bucket)).to eq bucket_name
       end

data/lib/generators/rails_template18f/github_actions/github_actions_generator.rb

@@ -17,10 +17,6 @@ module RailsTemplate18f
 
       def install_actions
         directory "github", ".github"
-        if !oscal_dir_exists?
-          remove_file ".github/workflows/validate-ssp.yml"
-          remove_file ".github/workflows/assemble-ssp.yml"
-        end
         if !terraform_manage_spaces?
           remove_file ".github/workflows/terraform-production.yml"
           remove_file ".github/workflows/deploy-production.yml"

data/lib/generators/rails_template18f/github_actions/templates/github/dependabot.yml.tt

@@ -2,11 +2,27 @@ version: 2
 updates:
 - package-ecosystem: bundler
   directory: "/"
+  groups:
+    minor-and-patch:
+      patterns:
+        - "*"
+      exclude-patterns:
+        - "rails"
+      update-types:
+        - "minor"
+        - "patch"
   schedule:
     interval: daily
   open-pull-requests-limit: 10
 - package-ecosystem: npm
   directory: "/"
+  groups:
+    minor-and-patch:
+      patterns:
+        - "*"
+      update-types:
+        - "minor"
+        - "patch"
   schedule:
     interval: daily
   open-pull-requests-limit: 10

data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml

@@ -57,7 +57,10 @@ jobs:
             apt-get install -y zip
         with:
           path: terraform
-          var_file: terraform/production.tfvars
+          var_file: terraform/production.env.tfvars
+          variables: |
+            environment_type="production"
+            environment_slug="production"
           backend_config: >
             access_key=${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
             secret_key=${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}

data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-staging.yml

@@ -57,7 +57,10 @@ jobs:
             apt-get install -y zip
         with:
           path: terraform
-          var_file: terraform/staging.tfvars
+          var_file: terraform/staging.env.tfvars
+          variables: |
+            environment_type="staging"
+            environment_slug="staging"
           backend_config: >
             access_key=${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
             secret_key=${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}

data/lib/generators/rails_template18f/github_actions/templates/github/workflows/terraform-production.yml

@@ -67,7 +67,10 @@ jobs:
             apt-get install -y zip
         with:
           path: terraform
-          var_file: terraform/production.tfvars
+          var_file: terraform/production.env.tfvars
+          variables: |
+            environment_type="production"
+            environment_slug="production"
           add_github_comment: changes-only
           backend_config: >
             access_key=${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}

data/lib/generators/rails_template18f/github_actions/templates/github/workflows/terraform-staging.yml

@@ -67,7 +67,10 @@ jobs:
             apt-get install -y zip
         with:
           path: terraform
-          var_file: terraform/staging.tfvars
+          var_file: terraform/staging.env.tfvars
+          variables: |
+            environment_type="staging"
+            environment_slug="staging"
           add_github_comment: changes-only
           backend_config: >
             access_key=${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}