rails_template_18f 1.3.0 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (82) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +11 -0
  3. data/Gemfile +1 -1
  4. data/Gemfile.lock +64 -61
  5. data/README.md +11 -16
  6. data/lib/generators/rails_template18f/active_storage/active_storage_generator.rb +7 -6
  7. data/lib/generators/rails_template18f/circleci/circleci_generator.rb +28 -27
  8. data/lib/generators/rails_template18f/circleci/templates/Dockerfile.ci.tt +0 -1
  9. data/lib/generators/rails_template18f/circleci/templates/circleci/config.yml.tt +152 -163
  10. data/lib/generators/rails_template18f/github_actions/github_actions_generator.rb +31 -30
  11. data/lib/generators/rails_template18f/github_actions/templates/github/actions/compile-assets/action.yml +50 -0
  12. data/lib/generators/rails_template18f/github_actions/templates/github/actions/setup-project/action.yml.tt +4 -8
  13. data/lib/generators/rails_template18f/github_actions/templates/github/dependabot.yml.tt +2 -4
  14. data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml +72 -0
  15. data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-staging.yml +72 -0
  16. data/lib/generators/rails_template18f/github_actions/templates/github/workflows/owasp-daily-scan.yml.tt +10 -1
  17. data/lib/generators/rails_template18f/github_actions/templates/github/workflows/owasp-scan.yml.tt +1 -1
  18. data/lib/generators/rails_template18f/github_actions/templates/github/workflows/pa11y.yml.tt +2 -2
  19. data/lib/generators/rails_template18f/github_actions/templates/github/workflows/terraform-production.yml +46 -3
  20. data/lib/generators/rails_template18f/github_actions/templates/github/workflows/terraform-staging.yml +46 -3
  21. data/lib/generators/rails_template18f/github_actions/templates/github/workflows/validate-ssp.yml +2 -2
  22. data/lib/generators/rails_template18f/i18n_js/i18n_js_generator.rb +2 -2
  23. data/lib/generators/rails_template18f/i18n_js/templates/app/javascript/{i18n.js → i18n/index.js} +1 -1
  24. data/lib/generators/rails_template18f/i18n_js/templates/config/i18n-js.yml +1 -1
  25. data/lib/generators/rails_template18f/newrelic/newrelic_generator.rb +4 -2
  26. data/lib/generators/rails_template18f/public_egress/public_egress_generator.rb +86 -54
  27. data/lib/generators/rails_template18f/sidekiq/sidekiq_generator.rb +8 -17
  28. data/lib/generators/rails_template18f/terraform/templates/full_bootstrap/imports.tf.tftpl +25 -0
  29. data/lib/generators/rails_template18f/terraform/templates/full_bootstrap/main.tf.tt +159 -0
  30. data/lib/generators/rails_template18f/terraform/templates/sandbox_bootstrap/imports.tf.tftpl +10 -0
  31. data/lib/generators/rails_template18f/terraform/templates/sandbox_bootstrap/main.tf.tt +117 -0
  32. data/lib/generators/rails_template18f/terraform/templates/terraform/README.md.tt +77 -93
  33. data/lib/generators/rails_template18f/terraform/templates/terraform/app.tf.tt +63 -0
  34. data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/apply.sh +15 -0
  35. data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/templates/backend_config.tftpl +8 -0
  36. data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/templates/bot_secrets.tftpl +5 -0
  37. data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/users.auto.tfvars +5 -0
  38. data/lib/generators/rails_template18f/terraform/templates/terraform/main.tf.tt +106 -0
  39. data/lib/generators/rails_template18f/terraform/templates/terraform/production.tfvars.tt +10 -0
  40. data/lib/generators/rails_template18f/terraform/templates/terraform/providers.tf.tt +32 -0
  41. data/lib/generators/rails_template18f/terraform/templates/terraform/sandbox_bot/main.tf +74 -0
  42. data/lib/generators/rails_template18f/terraform/templates/terraform/sandbox_bot/run.sh +17 -0
  43. data/lib/generators/rails_template18f/terraform/templates/terraform/staging.tfvars.tt +8 -0
  44. data/lib/generators/rails_template18f/terraform/templates/terraform/terraform.sh.tt +135 -0
  45. data/lib/generators/rails_template18f/terraform/templates/terraform/variables.tf.tt +99 -0
  46. data/lib/generators/rails_template18f/terraform/terraform_generator.rb +13 -4
  47. data/lib/rails_template18f/generators/cloud_gov_options.rb +9 -6
  48. data/lib/rails_template18f/generators/cloud_gov_parsing.rb +7 -7
  49. data/lib/rails_template18f/generators.rb +0 -1
  50. data/lib/rails_template18f/version.rb +1 -1
  51. data/rails-template-18f.gemspec +4 -4
  52. data/railsrc +4 -2
  53. data/railsrc-hotwire +4 -2
  54. data/template.rb +61 -71
  55. data/templates/README.md.tt +21 -8
  56. data/templates/app/assets/stylesheets/uswds-settings.scss +3 -2
  57. data/templates/app/views/application/_header.html.erb +1 -1
  58. data/templates/app/views/application/_usa_banner.html.erb +3 -3
  59. data/templates/bin/ops/create_service_account.sh.tt +20 -11
  60. data/templates/bin/ops/destroy_service_account.sh.tt +3 -3
  61. data/templates/browserslistrc +1 -2
  62. data/templates/doc/compliance/TODO.md +1 -4
  63. metadata +30 -29
  64. data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-production.yml.tt +0 -50
  65. data/lib/generators/rails_template18f/github_actions/templates/github/workflows/deploy-staging.yml.tt +0 -50
  66. data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/import.sh +0 -13
  67. data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/main.tf.tt +0 -22
  68. data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/providers.tf +0 -16
  69. data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/run.sh.tt +0 -40
  70. data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/teardown_creds.sh.tt +0 -5
  71. data/lib/generators/rails_template18f/terraform/templates/terraform/bootstrap/variables.tf +0 -2
  72. data/lib/generators/rails_template18f/terraform/templates/terraform/production/main.tf.tt +0 -90
  73. data/lib/generators/rails_template18f/terraform/templates/terraform/production/providers.tf +0 -23
  74. data/lib/generators/rails_template18f/terraform/templates/terraform/production/variables.tf +0 -2
  75. data/lib/generators/rails_template18f/terraform/templates/terraform/staging/main.tf.tt +0 -70
  76. data/lib/generators/rails_template18f/terraform/templates/terraform/staging/providers.tf +0 -23
  77. data/lib/generators/rails_template18f/terraform/templates/terraform/staging/variables.tf +0 -2
  78. data/lib/rails_template18f/generators/pipeline_options.rb +0 -18
  79. data/templates/app/assets/images/uswds.js +0 -6
  80. data/templates/config/deployment/production.yml +0 -3
  81. data/templates/config/deployment/staging.yml +0 -3
  82. data/templates/manifest.yml.tt +0 -17
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 24d43ee8d10fdaa457658cfab2ce12e28e9d65364147ad46e96ef8d8d2f6f15c
4
- data.tar.gz: 686546614e2d8205fce7ccd575842645effeb30add6d08fe3057b6623f1800f6
3
+ metadata.gz: 3286e663d05b9b712a5b1f3fa2aa1403016f0822be9fd26d0999200701dab318
4
+ data.tar.gz: 04e5124a24452f747270e42aaa1b5455de3b0ce4362ff455e94554984214473e
5
5
  SHA512:
6
- metadata.gz: ebc79caba4f53280dbf1dffa76ba9268ecbd6ae9634fd463f1920770a02531f0d5cd350a26ecbc439accf57fbe96d824e76349ce29492075fb2d4151b40cd46a
7
- data.tar.gz: 79fa51828475fac62b1a5e4ec4562eb9b563da24760f85c41c42f123bdb3e882124a38686050a52c0c6b3ffa29577eaa547405e78ef14ad1b6b99f7fff5df0e8
6
+ metadata.gz: 954b939ea264b5200c01e8122da1001e0c099f072b370de98926ce9dcaef154a6e00568353a4fff191addfaf1cd7cc4f85549454c6984b29ff9c537af8207f17
7
+ data.tar.gz: c85daa74d0ca528fbbe4a3d260a720206194635a12c6a73fde878e19384870a601e78f789b513c43bfd57c4290ef6e6f85bcb409717ad646628ca1966318e09b
data/CHANGELOG.md CHANGED
@@ -1,5 +1,16 @@
1
1
  ## [Unreleased]
2
2
 
3
+ ## [2.0.0] - 2025-01-16
4
+
5
+ - Default new apps to Rails 8, including support for thruster proxy
6
+ - Massive overhaul of the Terraform generator
7
+ - Creates and configures spaces for app and egress proxy
8
+ - Moves from module-per-environment to a single module with per-env variable files
9
+ - Ability for a one-script deployment from nothing, enabling easy developer sandboxes and review apps
10
+ - Add asset caching to GitHub Actions & CircleCI deploy workflows to enable serving in-flight asset requests without error
11
+ - Switch js bundling from webpack to esbuild
12
+ - Switch css bundling from postcss to dart-sass
13
+
3
14
  ## [1.3.0] - 2024-12-18
4
15
 
5
16
  - Set up app space via terraform, with proper restricted egress security group
data/Gemfile CHANGED
@@ -5,6 +5,6 @@ source "https://rubygems.org"
5
5
  # Specify your gem's dependencies in rails-template-18f.gemspec
6
6
  gemspec
7
7
 
8
- gem "rake", "~> 13.0"
8
+ gem "rake", "~> 13.2"
9
9
 
10
10
  gem "byebug"
data/Gemfile.lock CHANGED
@@ -1,34 +1,34 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- rails_template_18f (1.3.0)
5
- activesupport (~> 7.2.0)
4
+ rails_template_18f (2.0.0)
5
+ activesupport (~> 8.0.1)
6
6
  colorize (~> 1.1)
7
- railties (~> 7.2.0)
7
+ railties (~> 8.0.1)
8
8
  thor (~> 1.3)
9
9
 
10
10
  GEM
11
11
  remote: https://rubygems.org/
12
12
  specs:
13
- actionpack (7.2.1)
14
- actionview (= 7.2.1)
15
- activesupport (= 7.2.1)
13
+ actionpack (8.0.1)
14
+ actionview (= 8.0.1)
15
+ activesupport (= 8.0.1)
16
16
  nokogiri (>= 1.8.5)
17
- racc
18
- rack (>= 2.2.4, < 3.2)
17
+ rack (>= 2.2.4)
19
18
  rack-session (>= 1.0.1)
20
19
  rack-test (>= 0.6.3)
21
20
  rails-dom-testing (~> 2.2)
22
21
  rails-html-sanitizer (~> 1.6)
23
22
  useragent (~> 0.16)
24
- actionview (7.2.1)
25
- activesupport (= 7.2.1)
23
+ actionview (8.0.1)
24
+ activesupport (= 8.0.1)
26
25
  builder (~> 3.1)
27
26
  erubi (~> 1.11)
28
27
  rails-dom-testing (~> 2.2)
29
28
  rails-html-sanitizer (~> 1.6)
30
- activesupport (7.2.1)
29
+ activesupport (8.0.1)
31
30
  base64
31
+ benchmark (>= 0.3)
32
32
  bigdecimal
33
33
  concurrent-ruby (~> 1.0, >= 1.3.1)
34
34
  connection_pool (>= 2.2.5)
@@ -38,67 +38,70 @@ GEM
38
38
  minitest (>= 5.1)
39
39
  securerandom (>= 0.3)
40
40
  tzinfo (~> 2.0, >= 2.0.5)
41
+ uri (>= 0.13.1)
41
42
  ammeter (1.1.7)
42
43
  activesupport (>= 3.0)
43
44
  railties (>= 3.0)
44
45
  rspec-rails (>= 2.2)
45
46
  ast (2.4.2)
46
47
  base64 (0.2.0)
47
- bigdecimal (3.1.8)
48
+ benchmark (0.4.0)
49
+ bigdecimal (3.1.9)
48
50
  builder (3.3.0)
49
51
  byebug (11.1.3)
50
52
  colorize (1.1.0)
51
53
  concurrent-ruby (1.3.4)
52
54
  connection_pool (2.4.1)
53
55
  crass (1.0.6)
56
+ date (3.4.1)
54
57
  diff-lcs (1.5.1)
55
58
  drb (2.2.1)
56
- erubi (1.13.0)
59
+ erubi (1.13.1)
57
60
  i18n (1.14.6)
58
61
  concurrent-ruby (~> 1.0)
59
- io-console (0.7.2)
60
- irb (1.14.1)
62
+ io-console (0.8.0)
63
+ irb (1.14.3)
61
64
  rdoc (>= 4.0.0)
62
65
  reline (>= 0.4.2)
63
- json (2.7.2)
66
+ json (2.9.1)
64
67
  language_server-protocol (3.17.0.3)
65
68
  lint_roller (1.1.0)
66
- logger (1.6.1)
67
- loofah (2.22.0)
69
+ logger (1.6.4)
70
+ loofah (2.23.1)
68
71
  crass (~> 1.0.2)
69
72
  nokogiri (>= 1.12.0)
70
- minitest (5.25.1)
71
- nokogiri (1.16.7-arm64-darwin)
73
+ minitest (5.25.4)
74
+ nokogiri (1.18.0-arm64-darwin)
72
75
  racc (~> 1.4)
73
- nokogiri (1.16.7-x86_64-darwin)
76
+ nokogiri (1.18.0-x86_64-darwin)
74
77
  racc (~> 1.4)
75
- nokogiri (1.16.7-x86_64-linux)
78
+ nokogiri (1.18.0-x86_64-linux-gnu)
76
79
  racc (~> 1.4)
77
80
  parallel (1.26.3)
78
- parser (3.3.5.0)
81
+ parser (3.3.6.0)
79
82
  ast (~> 2.4.1)
80
83
  racc
81
- psych (5.1.2)
84
+ psych (5.2.2)
85
+ date
82
86
  stringio
83
87
  racc (1.8.1)
84
- rack (3.1.7)
88
+ rack (3.1.8)
85
89
  rack-session (2.0.0)
86
90
  rack (>= 3.0.0)
87
- rack-test (2.1.0)
91
+ rack-test (2.2.0)
88
92
  rack (>= 1.3)
89
- rackup (2.1.0)
93
+ rackup (2.2.1)
90
94
  rack (>= 3)
91
- webrick (~> 1.8)
92
95
  rails-dom-testing (2.2.0)
93
96
  activesupport (>= 5.0.0)
94
97
  minitest
95
98
  nokogiri (>= 1.6)
96
- rails-html-sanitizer (1.6.0)
99
+ rails-html-sanitizer (1.6.2)
97
100
  loofah (~> 2.21)
98
- nokogiri (~> 1.14)
99
- railties (7.2.1)
100
- actionpack (= 7.2.1)
101
- activesupport (= 7.2.1)
101
+ nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
102
+ railties (8.0.1)
103
+ actionpack (= 8.0.1)
104
+ activesupport (= 8.0.1)
102
105
  irb (~> 1.13)
103
106
  rackup (>= 1.0.0)
104
107
  rake (>= 12.2)
@@ -106,17 +109,16 @@ GEM
106
109
  zeitwerk (~> 2.6)
107
110
  rainbow (3.1.1)
108
111
  rake (13.2.1)
109
- rdoc (6.7.0)
112
+ rdoc (6.10.0)
110
113
  psych (>= 4.0.0)
111
- regexp_parser (2.9.2)
112
- reline (0.5.10)
114
+ regexp_parser (2.10.0)
115
+ reline (0.6.0)
113
116
  io-console (~> 0.5)
114
- rexml (3.3.8)
115
117
  rspec (3.13.0)
116
118
  rspec-core (~> 3.13.0)
117
119
  rspec-expectations (~> 3.13.0)
118
120
  rspec-mocks (~> 3.13.0)
119
- rspec-core (3.13.1)
121
+ rspec-core (3.13.2)
120
122
  rspec-support (~> 3.13.0)
121
123
  rspec-expectations (3.13.3)
122
124
  diff-lcs (>= 1.2.0, < 2.0)
@@ -124,7 +126,7 @@ GEM
124
126
  rspec-mocks (3.13.2)
125
127
  diff-lcs (>= 1.2.0, < 2.0)
126
128
  rspec-support (~> 3.13.0)
127
- rspec-rails (7.0.1)
129
+ rspec-rails (7.1.0)
128
130
  actionpack (>= 7.0)
129
131
  activesupport (>= 7.0)
130
132
  railties (>= 7.0)
@@ -132,45 +134,46 @@ GEM
132
134
  rspec-expectations (~> 3.13)
133
135
  rspec-mocks (~> 3.13)
134
136
  rspec-support (~> 3.13)
135
- rspec-support (3.13.1)
136
- rubocop (1.65.1)
137
+ rspec-support (3.13.2)
138
+ rubocop (1.69.2)
137
139
  json (~> 2.3)
138
140
  language_server-protocol (>= 3.17.0)
139
141
  parallel (~> 1.10)
140
142
  parser (>= 3.3.0.2)
141
143
  rainbow (>= 2.2.2, < 4.0)
142
- regexp_parser (>= 2.4, < 3.0)
143
- rexml (>= 3.2.5, < 4.0)
144
- rubocop-ast (>= 1.31.1, < 2.0)
144
+ regexp_parser (>= 2.9.3, < 3.0)
145
+ rubocop-ast (>= 1.36.2, < 2.0)
145
146
  ruby-progressbar (~> 1.7)
146
- unicode-display_width (>= 2.4.0, < 3.0)
147
- rubocop-ast (1.32.3)
147
+ unicode-display_width (>= 2.4.0, < 4.0)
148
+ rubocop-ast (1.37.0)
148
149
  parser (>= 3.3.1.0)
149
- rubocop-performance (1.21.1)
150
+ rubocop-performance (1.23.0)
150
151
  rubocop (>= 1.48.1, < 2.0)
151
152
  rubocop-ast (>= 1.31.1, < 2.0)
152
153
  ruby-progressbar (1.13.0)
153
- securerandom (0.3.1)
154
- standard (1.40.1)
154
+ securerandom (0.4.1)
155
+ standard (1.43.0)
155
156
  language_server-protocol (~> 3.17.0.2)
156
157
  lint_roller (~> 1.0)
157
- rubocop (~> 1.65.0)
158
+ rubocop (~> 1.69.1)
158
159
  standard-custom (~> 1.0.0)
159
- standard-performance (~> 1.4)
160
+ standard-performance (~> 1.6)
160
161
  standard-custom (1.0.2)
161
162
  lint_roller (~> 1.0)
162
163
  rubocop (~> 1.50)
163
- standard-performance (1.4.0)
164
+ standard-performance (1.6.0)
164
165
  lint_roller (~> 1.1)
165
- rubocop-performance (~> 1.21.0)
166
- stringio (3.1.1)
166
+ rubocop-performance (~> 1.23.0)
167
+ stringio (3.1.2)
167
168
  thor (1.3.2)
168
169
  tzinfo (2.0.6)
169
170
  concurrent-ruby (~> 1.0)
170
- unicode-display_width (2.6.0)
171
- useragent (0.16.10)
172
- webrick (1.8.2)
173
- zeitwerk (2.6.18)
171
+ unicode-display_width (3.1.3)
172
+ unicode-emoji (~> 4.0, >= 4.0.4)
173
+ unicode-emoji (4.0.4)
174
+ uri (1.0.2)
175
+ useragent (0.16.11)
176
+ zeitwerk (2.7.1)
174
177
 
175
178
  PLATFORMS
176
179
  arm64-darwin-23
@@ -182,9 +185,9 @@ DEPENDENCIES
182
185
  ammeter (~> 1.1)
183
186
  byebug
184
187
  rails_template_18f!
185
- rake (~> 13.0)
188
+ rake (~> 13.2)
186
189
  rspec (~> 3.13)
187
- standard (~> 1.40)
190
+ standard (~> 1.43)
188
191
 
189
192
  BUNDLED WITH
190
- 2.5.16
193
+ 2.6.1
data/README.md CHANGED
@@ -2,9 +2,9 @@
2
2
  ============================
3
3
  The 18F Rails template starts or upgrades Rails projects so that they're more secure, follow compliance rules, and are nearly ready to deploy onto cloud.gov. This gem sets up security checks and compliance diagrams, adds the U.S. Web Design System (USWDS), and much much more — [see the full list of features](#features).
4
4
 
5
- This template will create a new Rails 7.2.x project.
5
+ This template will create a new Rails 8.0.x project.
6
6
 
7
- [See the `rails-7.1` branch for Rails 7.1.x](https://github.com/gsa-tts/rails-template/tree/rails-7.1)
7
+ [See the `rails-7.2` branch for Rails 7.2.x](https://github.com/gsa-tts/rails-template/tree/rails-7.2)
8
8
 
9
9
  ## Usage
10
10
 
@@ -33,12 +33,15 @@ It is a good choice if you need [a bit of client-side interactivity][aBitOfJS].
33
33
  --skip-hotwire # Don't include Hotwire JS library
34
34
  --skip-docker # Don't include Dockerfile meant for production use
35
35
  --skip-test # Skip built-in test framework. (We include RSpec)
36
- --javascript=webpack # Use webpack for JS bundling
37
- --css=postcss # Use the PostCSS framework for bundling CSS
36
+ --javascript=esbuild # Use esbuild for JS bundling
37
+ --css=sass # Use dart-sass for compiling SASS and bundling CSS
38
38
  --template=template.rb # Add additional configuration from template.rb
39
39
  --database=postgresql # Use a PostgreSQL database
40
40
  --skip-rubocop # Skip rubocop integration in favor of Standard Ruby
41
41
  --skip-ci # Skip github actions in favor of our CI generators
42
+ --skip-kamal # Skip kamal deployment system
43
+ --skip-thruster # Skip thruster reverse proxy
44
+ --skip-solid # Skip solid cache,queue,websocket additions
42
45
  ```
43
46
 
44
47
  If you are using Hotwire, then `--skip-hotwire` and `--skip-action-cable` are automatically removed from this list, as they are required for the Hotwire functionality.
@@ -50,9 +53,7 @@ Add the following options at the end of your `rails_template_18f new` command to
50
53
  | Option | Description |
51
54
  |--------|-------------|
52
55
  | `--no-skip-<framework>` | Each of the skipped frameworks listed above (also in `railsrc`) can be overridden on the command line. For example: `--no-skip-active-storage` will include support for `ActiveStorage` document uploads |
53
- | `--javascript=esbuild` | Use [esbuild](https://esbuild.github.io/) instead of [webpack](https://webpack.js.org/) for JavaScript bundling. Note that maintaining IE11 support with esbuild may be tricky. |
54
-
55
- _TODO: Documentation on whether you can override the `css` and `database` options._
56
+ | `--javascript=webpack` | Use [webpack](https://webpack.js.org/) instead of [esbuild](https://esbuild.github.io/) for JavaScript bundling. |
56
57
 
57
58
  **Important:** Do not use flags `--skip-bundle` or `--skip-javascript`, or various parts of this template will break.
58
59
 
@@ -86,11 +87,6 @@ Follow up questions if you answer `y`:
86
87
  * "Run compliance checks with auditree?" Answer `y` if you want to integrate with [auditree](https://github.com/gsa-tts/auditree-devtools) for automated compliance checks.
87
88
  </details>
88
89
 
89
- <details><summary>Create terraform files for cloud.gov services?</summary>
90
-
91
- Answer `y` to run the `terraform` generator. This includes a `/terraform` folder defining services and infrastructure within cloud.gov as well as support for deploying that infrastructure in your chosen CI/CD pipeline.
92
- </details>
93
-
94
90
  <details><summary>Cloud.gov organization and space names</summary>
95
91
 
96
92
  Provide your cloud.gov organization and space names for use in terraform and deploy scripts.
@@ -171,17 +167,16 @@ Run `bin/rails generate rails_template_18f:GENERATOR --help` for information on
171
167
  1. Setup Rails credential diffing
172
168
  1. Create a separate production credentials file.
173
169
  1. Create a `pre-commit` hook that can be used to automatically run ruby linter & terraform format
174
- 1. Setup USWDS via postcss
175
- 1. Setup webpack with `.browserslistrc` from USWDS
170
+ 1. Setup USWDS via dart-sass
171
+ 1. Setup esbuild with a default `.browserslistrc`
176
172
  1. Update `app/views/layouts/application.html.erb` to pass the `pa11y-ci` scan and include the USWDS Banner
177
173
  1. Create a `PagesController` and root route
178
174
  1. Create boundary and logical data model compliance diagrams
179
- 1. Create `manifest.yml` and variable files for cloud.gov deployment
175
+ 1. Create terraform modules supporting staging & production cloud.gov spaces for infrastructure and app deployment
180
176
  1. Optionally run the `rake db:create` and `rake db:migrate` setup steps
181
177
  1. Optionally integrate with https://github.com/GSA-TTS/docker-trestle
182
178
  1. Optionally integrate with https://github.com/GSA-TTS/auditree-devtools
183
179
  1. Optionally create GitHub Actions workflows for testing and cloud.gov deploy
184
- 1. Optionally create terraform modules supporting staging & production cloud.gov spaces
185
180
  1. Optionally create CircleCI workflows for testing and cloud.gov deploy
186
181
  1. Optionally create a New Relic config with FEDRAMP-specific host
187
182
  1. Optionally configure DAP (Digital Analytics Program)
@@ -34,11 +34,11 @@ module RailsTemplate18f
34
34
  middleware_installed = gem_installed?("faraday-multipart")
35
35
  sdk_installed = gem_installed?("aws-sdk-s3")
36
36
  return if faraday_installed && middleware_installed && sdk_installed
37
- gem "faraday", "~> 2.10" unless faraday_installed
38
- gem "faraday-multipart", "~> 1.0" unless middleware_installed
37
+ gem "faraday", "~> 2.12" unless faraday_installed
38
+ gem "faraday-multipart", "~> 1.1" unless middleware_installed
39
39
  unless sdk_installed
40
40
  gem_group :production do
41
- gem "aws-sdk-s3", "~> 1.159"
41
+ gem "aws-sdk-s3", "~> 1.176"
42
42
  end
43
43
  end
44
44
  bundle_install
@@ -55,7 +55,7 @@ module RailsTemplate18f
55
55
  end
56
56
 
57
57
  def configure_local_clamav_runner
58
- append_to_file "Procfile.dev", "clamav: docker run --rm -p 9443:9443 ajilaag/clamav-rest:20211229\n"
58
+ append_to_file "Procfile.dev", "clamav: docker run --rm -p 9443:9443 ghcr.io/gsa-tts/clamav-rest/clamav:latest\n"
59
59
  end
60
60
 
61
61
  def configure_clamav_env_var
@@ -64,8 +64,9 @@ module RailsTemplate18f
64
64
  # CLAMAV_API_URL tells FileScanJob where to send files for virus scans
65
65
  CLAMAV_API_URL=https://localhost:9443
66
66
  EOM
67
- insert_into_file "manifest.yml", " CLAMAV_API_URL: \"https://#{app_name}-clamapi-((env)).apps.internal:9443\"\n", before: /^\s+processes:/
68
- insert_into_file "manifest.yml", "\n - #{app_name}-s3-((env))", after: "services:"
67
+ insert_into_file file_path("terraform/app.tf"), <<EOT, after: "environment = {\n"
68
+ CLAMAV_API_URL = "https://#{app_name}-clamapi-${var.env}.apps.internal:61443"
69
+ EOT
69
70
  end
70
71
 
71
72
  def update_boundary_diagram
@@ -6,7 +6,7 @@ module RailsTemplate18f
6
6
  module Generators
7
7
  class CircleciGenerator < ::Rails::Generators::Base
8
8
  include Base
9
- include PipelineOptions
9
+ include CloudGovOptions
10
10
 
11
11
  desc <<~DESC
12
12
  Description:
@@ -82,44 +82,46 @@ EOB
82
82
  def readme_staging_deploy
83
83
  <<~EOM
84
84
 
85
- Deploys to staging#{terraform? ? ", including applying changes in terraform," : ""} happen
86
- on every push to the `main` branch in GitHub.
85
+ Deploys to staging happen via terraform on every push to the `main` branch in GitHub.
87
86
 
88
87
  The following secrets must be set within [CircleCI Environment Variables](https://circleci.com/docs/2.0/env-vars/)
89
88
  to enable a deploy to work:
90
89
 
91
90
  | Secret Name | Description |
92
91
  | ----------- | ----------- |
93
- | `CF_STAGING_USERNAME` | cloud.gov SpaceDeployer username |
94
- | `CF_STAGING_PASSWORD` | cloud.gov SpaceDeployer password |
92
+ | `CF_USERNAME` | cloud.gov SpaceDeployer username |
93
+ | `CF_PASSWORD` | cloud.gov SpaceDeployer password |
95
94
  | `RAILS_MASTER_KEY` | `config/master.key` |
96
95
  #{terraform_secret_values}
97
96
  EOM
98
97
  end
99
98
 
100
99
  def readme_prod_deploy
101
- <<~EOM
102
-
103
- Deploys to production#{terraform? ? ", including applying changes in terraform," : ""} happen
104
- on every push to the `production` branch in GitHub.
105
-
106
- The following secrets must be set within [CircleCI Environment Variables](https://circleci.com/docs/2.0/env-vars/)
107
- to enable a deploy to work:
108
-
109
- | Secret Name | Description |
110
- | ----------- | ----------- |
111
- | `CF_PRODUCTION_USERNAME` | cloud.gov SpaceDeployer username |
112
- | `CF_PRODUCTION_PASSWORD` | cloud.gov SpaceDeployer password |
113
- | `PRODUCTION_RAILS_MASTER_KEY` | `config/credentials/production.key` |
114
- #{terraform_secret_values}
115
- EOM
100
+ if terraform_manage_spaces?
101
+ <<~EOM
102
+
103
+ Deploys to production happen via terraform on every push to the `production` branch in GitHub.
104
+
105
+ The following secrets must be set within [CircleCI Environment Variables](https://circleci.com/docs/2.0/env-vars/)
106
+ to enable a deploy to work:
107
+
108
+ | Secret Name | Description |
109
+ | ----------- | ----------- |
110
+ | `CF_USERNAME` | cloud.gov SpaceDeployer username, if different value than staging, update name in .circleci/config.yml |
111
+ | `CF_PASSWORD` | cloud.gov SpaceDeployer password, if different value than staging, update name in .circleci/config.yml |
112
+ | `PRODUCTION_RAILS_MASTER_KEY` | `config/credentials/production.key` |
113
+ #{terraform_secret_values}
114
+ EOM
115
+ else
116
+ "Production deploys are not supported in the sandbox organization."
117
+ end
116
118
  end
117
119
 
118
120
  def readme_credentials
119
121
  <<~EOM
120
122
 
121
123
  1. Store variables that must be secret using [CircleCI Environment Variables](https://circleci.com/docs/2.0/env-vars/)
122
- 1. Add the appropriate `--var` addition to the `cf push` line on the deploy job
124
+ 1. Add the appropriate entries to the "Set terraform variables" steps in .circleci/config.yml
123
125
  EOM
124
126
  end
125
127
  end
@@ -127,12 +129,11 @@ EOB
127
129
  private
128
130
 
129
131
  def terraform_secret_values
130
- if terraform?
131
- <<~EOM
132
- | `AWS_ACCESS_KEY_ID` | Access key for terraform state bucket |
133
- | `AWS_SECRET_ACCESS_KEY` | Secret key for terraform state bucket |
134
- EOM
135
- end
132
+ <<~EOM
133
+ | `AWS_ACCESS_KEY_ID` | Access key for terraform state bucket |
134
+ | `AWS_SECRET_ACCESS_KEY` | Secret key for terraform state bucket |
135
+ | `TERRAFORM_STATE_BUCKET_NAME` | Bucket name for terraform state bucket |
136
+ EOM
136
137
  end
137
138
  end
138
139
  end
@@ -8,6 +8,5 @@ RUN bundle install --deployment
8
8
  RUN yarn install --frozen-lockfile
9
9
 
10
10
  ENV RAILS_ENV=ci
11
- RUN bundle exec rake assets:precompile
12
11
 
13
12
  CMD ["./bin/ci-server-start"]