rails_template_18f 0.7.2 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9125789bccf3587593670a5046e6a019c8e65265cca40e8a9434f77b1a69cc7a
-  data.tar.gz: 72b8d7345799e1d26eef6506b035e80f1de94ea2679d6272f9ad525dbac5870a
+  metadata.gz: dcc4a62d027d473b29b87425d2418522373457ae750a3bfa1e7d5834f3e3d39f
+  data.tar.gz: 88d86b8508c80de0b0593ca4852a789442e4ac5e84324c074e866bc85d50de37
 SHA512:
-  metadata.gz: 60c7961c07e40710113c4608162e3888335b0d86d8270d82b56bf7d16d607454dad73b7f4626fba87804d251358e744d5a307967562537b9d326f90d77a4630e
-  data.tar.gz: 3bd8def94a8f3f576b0f03622e1cf1461e6e79f00d4e3f3e17bd52bad4f91a59e365d3edcbc548be0ceeb6181271446b61a41ea0956832e64ad740c031ade812
+  metadata.gz: b8145b8f45a774296b8ea2add76694855f5c618e5900e2dcb4528666c6a855913d5a8eace278d1f208bce0ff1fa23818544bf1a931b11e88856451684fa6a465
+  data.tar.gz: ef237cfc40495ef9bece29583ad4007c08631e5cfd092e9415914442ffa588302a980f4fef1584d520827df970a791d1633a43cbe90e8d5eb72c036be7e84a0c

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 ## [Unreleased]
 
+## [0.8.0] - 2022-07-14
+
+- use rails-erd gem for auto-updating logical data models
+- use cleaner multi-line strings for GitHub Actions deploy steps
+- generate an SBOM for ruby dependencies in either Github Actions or CircleCI using cyclonedx-ruby
+
 ## [0.7.2] - 2022-07-07
 
 - update default node version in github actions to 16.15

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rails_template_18f (0.7.2)
+    rails_template_18f (0.8.0)
       activesupport (~> 7.0.0)
       colorize (~> 0.8)
       railties (~> 7.0.0)

data/lib/generators/rails_template18f/active_storage/active_storage_generator.rb

@@ -86,10 +86,6 @@ module RailsTemplate18f
         end
       end
 
-      def update_data_model_uml
-        insert_into_file "doc/compliance/apps/data.logical.md", data_model_uml, before: "@enduml"
-      end
-
       def generate_adr
         adr_dir = File.expand_path(File.join("doc", "adr"), destination_root)
         if Dir.exist? adr_dir
@@ -108,45 +104,6 @@ module RailsTemplate18f
           EOS
         end
       end
-
-      no_tasks do
-        def data_model_uml
-          <<~UML
-            class file_uploads {
-              * id : bigint <<generated>>
-              * scan_status : string
-              * record_id : bigint
-              * record_type : string
-            }
-            class active_storage_attachments {
-              * id : bigint <<generated>>
-              * name : string
-              * record_type : string
-              * record_id : bigint
-              * blob_id : bigint
-              * created_at : timestamp without time zone
-            }
-            class active_storage_blobs {
-              * id : bigint <<generated>>
-              * key : string
-              * filename : string
-              content_type : string
-              metadata : text
-              * service_name : string
-              * byte_size : bigint
-              checksum : string
-              * created_at : timestamp without time zone
-            }
-            class active_storage_variant_records {
-              * id : bigint <<generated>>
-              * variation_digest : string
-            }
-            file_uploads ||--|| active_storage_attachments
-            active_storage_attachments ||--|{ active_storage_blobs
-            active_storage_variant_records ||--|{ active_storage_blobs
-          UML
-        end
-      end
     end
   end
 end

data/lib/generators/rails_template18f/circleci/templates/circleci/config.yml.tt

@@ -133,6 +133,20 @@ jobs:
           name: Yarn audit
           command: bundle exec rake yarn:audit
 
+  sbom_generation:
+    docker:
+      - image: cimg/ruby:<%= ruby_version %>
+    steps:
+      - setup-project
+      - run:
+          name: Install cyclonedx
+          command: gem install cyclonedx-ruby
+      - run:
+          name: Generate BOM
+          command: cyclonedx-ruby -p . -o ruby_bom.xml
+      - store_artifacts:
+          path: ./ruby_bom.xml
+
   owasp_scan:
     machine:
       image: ubuntu-2004:202111-02
@@ -343,6 +357,9 @@ workflows:
       - static_security_scans:
           requires:
             - build
+      - sbom_generation:
+          requires:
+            - build
       - owasp_scan:
           requires:
             - build

data/lib/generators/rails_template18f/github_actions/templates/github/workflows/dependency-scans.yml

@@ -37,3 +37,20 @@ jobs:
 
       - name: Run yarn audit
         run: bundle exec rake yarn:audit
+
+  ruby-bom:
+    name: Ruby SBOM Generation
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ./.github/actions/setup-languages
+      - name: Install cyclonedx
+        run: gem install cyclonedx-ruby
+      - name: Generate BOM
+        run: cyclonedx-ruby -p . -o ruby_bom.xml
+      - name: Save BOM
+        uses: actions/upload-artifact@v3
+        with:
+          name: ruby-bom
+          path: ./ruby_bom.xml

data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml.tt

@@ -50,4 +50,6 @@ jobs:
           cf_password: ${{ secrets.CF_PASSWORD }}
           cf_org: <%= cloud_gov_organization %>
           cf_space: <%= cloud_gov_production_space %>
-          push_arguments: "--vars-file config/deployment/production.yml --var rails_master_key=$RAILS_MASTER_KEY"
+          push_arguments: >-
+            --vars-file config/deployment/production.yml
+            --var rails_master_key=$RAILS_MASTER_KEY

data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-staging.yml.tt

@@ -50,4 +50,6 @@ jobs:
           cf_password: ${{ secrets.CF_PASSWORD }}
           cf_org: <%= cloud_gov_organization %>
           cf_space: <%= cloud_gov_staging_space %>
-          push_arguments: "--vars-file config/deployment/staging.yml --var rails_master_key=$RAILS_MASTER_KEY"
+          push_arguments: >-
+            --vars-file config/deployment/staging.yml
+            --var rails_master_key=$RAILS_MASTER_KEY

data/lib/generators/rails_template18f/rails_erd/rails_erd_generator.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module RailsTemplate18f
+  module Generators
+    class RailsErdGenerator < ::Rails::Generators::Base
+      include Base
+
+      desc <<~DESC
+        Description:
+          Install rails-erd and configure to automatically run on db migration
+      DESC
+
+      def install_graphviz
+        append_to_file "Brewfile", <<~EOB
+
+          # used by rails-erd documentation tool
+          brew "graphviz"
+        EOB
+      end
+
+      def install_gem
+        return if gem_installed?("rails-erd")
+        gem "rails-erd", "~> 1.7", group: :development
+      end
+
+      def install_helper_tasks
+        bundle_install do
+          generate "erd:install"
+        end
+      end
+
+      def copy_config
+        copy_file "erdconfig", ".erdconfig"
+      end
+
+      def update_readme
+        insert_into_file "doc/compliance/README.md", <<~EOM, before: "## Development"
+          ### Logical Data Model
+
+          The logical data model will be auto-generated on each database migration.
+          The rendered output is saved to doc/compliance/rendered/apps/data.logical.pdf
+
+        EOM
+      end
+    end
+  end
+end

data/lib/generators/rails_template18f/rails_erd/templates/erdconfig

@@ -0,0 +1,9 @@
+attributes:
+  - content
+  - timestamps
+filename: "doc/compliance/rendered/apps/data.logical"
+filetype: pdf
+inheritance: false
+orientation: horizontal
+polymorphism: false
+exclude: "ActiveRecord::InternalMetadata,ActiveRecord::SchemaMigration"

data/lib/rails_template18f/generators/pipeline_options.rb

@@ -17,14 +17,15 @@ module RailsTemplate18f
       def update_cicd_oscal_docs(ci_name)
         if oscal_dir_exists?
           update_ca7_oscal_doc
-          update_cm2_oscal_doc("GitHub Actions")
-          update_cm3_oscal_doc("GitHub Actions")
+          update_cm2_oscal_doc(ci_name)
+          update_cm3_oscal_doc(ci_name)
           update_ra5_oscal_doc
-          update_sa11_oscal_doc("GitHub Actions")
+          update_sa11_oscal_doc(ci_name)
           update_sa22_oscal_doc
-          update_sc281_oscal_doc("GitHub Actions")
+          update_sc281_oscal_doc(ci_name)
           update_si2_oscal_doc
           update_si10_oscal_doc
+          update_sr3_oscal_doc(ci_name)
         end
       end
 
@@ -176,6 +177,14 @@ module RailsTemplate18f
           that may lead to application vulnerabilities that are a result of improper input validation.
         EOS
       end
+
+      def update_sr3_oscal_doc(ci)
+        insert_into_oscal "sr-3.md", <<~EOS, after: "Implementation b.\n"
+          A complete Software Bill of Materials (SBOM) for all Ruby dependencies is automatically
+          generated by #{ci} on each push to GitHub as well as on a nightly basis. These can be downloaded
+          from the applicable artifact section for each CI job.
+        EOS
+      end
     end
   end
 end

data/lib/rails_template18f/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RailsTemplate18f
-  VERSION = "0.7.2"
+  VERSION = "0.8.0"
 end

data/template.rb

@@ -319,8 +319,10 @@ end
 directory "doc"
 register_announcement("Documentation", <<~EOM)
   * Include a short description of your application in doc/compliance/apps/application.boundary.md
-  * Remember to keep your Logical Data Model up to date in doc/compliance/apps/data.logical.md
 EOM
+after_bundle do
+  generate "rails_template18f:rails_erd"
+end
 
 if compliance_template
   after_bundle do

data/templates/doc/compliance/README.md

@@ -1,13 +1,18 @@
 # Compliance artifacts
 
-## What is this?
-
 In order to maintain and revise compliance materials with minimal fuss, we store all artifacts as text source (eg Markdown, PlantUML, OSCAL), then generate rendered materials for consumption by downstream entities in the assessment and authorization process.
 
 This directory initially just contains system architecture diagrams corresponding to sections 1-12 of a typical System Security Plan (SSP) document.
 
 The source for other things (OSCAL for control descriptions, evidence generation scripts, etc) will appear here over time.
 
+## Documents
+
+### Application Boundary
+
+The UML source of the application boundary is stored at doc/compliance/apps/application.boundary.md.
+The rendered output is saved to doc/compliance/rendered/apps/application.boundary.svg
+
 ## Development
 
 These plugins may be helpful for editing diagrams.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_template_18f
 version: !ruby/object:Gem::Version
-  version: 0.7.2
+  version: 0.8.0
 platform: ruby
 authors:
 - Ryan Ahearn
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-07-07 00:00:00.000000000 Z
+date: 2022-07-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -167,6 +167,8 @@ files:
 - lib/generators/rails_template18f/newrelic/newrelic_generator.rb
 - lib/generators/rails_template18f/newrelic/templates/config/newrelic.yml.tt
 - lib/generators/rails_template18f/oscal/oscal_generator.rb
+- lib/generators/rails_template18f/rails_erd/rails_erd_generator.rb
+- lib/generators/rails_template18f/rails_erd/templates/erdconfig
 - lib/generators/rails_template18f/sidekiq/sidekiq_generator.rb
 - lib/generators/rails_template18f/sidekiq/templates/config/initializers/redis.rb
 - lib/generators/rails_template18f/terraform/templates/terraform/README.md.tt
@@ -235,7 +237,6 @@ files:
 - templates/doc/adr/0004-rails-csp-compliant-script-tag-helpers.md.tt
 - templates/doc/compliance/README.md
 - templates/doc/compliance/apps/application.boundary.md.tt
-- templates/doc/compliance/apps/data.logical.md
 - templates/doc/compliance/rendered/apps/.keep
 - templates/editorconfig
 - templates/env

data/templates/doc/compliance/apps/data.logical.md

@@ -1,21 +0,0 @@
-# Logical Data Model
-
-![logical data model view](../rendered/apps/data.logical.svg)
-
-```plantuml
-@startuml
-scale 0.65
-
-' avoid problems with angled crows feet
-skinparam linetype ortho
-
-class TKTK_Example {
-  * id : integer <<generated>>
-}
-@enduml
-```
-
-### Notes
-
-* See the help docs for [Entity Relationship Diagram](https://plantuml.com/ie-diagram) and [Class Diagram](https://plantuml.com/class-diagram) for syntax help.
-* We're using the `*` visibility modifier to denote fields that cannot be `null`.