From 8aa7b0539d523e1a953f7fad55d142e88823741a Mon Sep 17 00:00:00 2001
From: Chris Alfano <chris@jarv.us>
Date: Tue, 4 Oct 2022 19:56:34 -0400
Subject: [PATCH 1/4] docs: add article on updating SAML2 certificate

---
 docs/operations/update-saml2-certificate.md | 62 +++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 docs/operations/update-saml2-certificate.md

diff --git a/docs/operations/update-saml2-certificate.md b/docs/operations/update-saml2-certificate.md
new file mode 100644
index 00000000..ad1dffc2
--- /dev/null
+++ b/docs/operations/update-saml2-certificate.md
@@ -0,0 +1,62 @@
+# Update SAML2 Certificate
+
+The OpenSSL certificate used by Laddr's Single Sign-On (SSO) integration with Slack needs to be refreshed occasionally when it nears or passes its expiration date
+
+## Generate a new certificate
+
+On any computer with the `openssl` command installed (readily available on macOS and Linux), you can generate the new key+certificate pair before installing it to your Slack and Laddr instances:
+
+1. Generate private key:
+
+    ```bash
+    openssl genrsa \
+        -out ./laddr-slack-private-key.pem \
+        1024
+    ```
+
+2. Generate public certificate:
+
+    ```bash
+    openssl req -new -x509 \
+        -days 1095 \
+        -key ./laddr-slack-private-key.pem \
+        -out ./laddr-slack-public-cert.pem
+    ```
+
+    *Fill out the prompts with appropriate information about your organization. These values don't really matter for anything*
+
+3. If your Laddr instance is hosted on Kubernetes, encode the two generated files into a `Secret` manifest (you only need the `kubectl` command installed on your local system for this, it does *not* need to be connected to any cluster):
+
+    ```bash
+    kubectl create secret generic saml2 \
+        --output=yaml \
+        --dry-run \
+        --from-file=SAML2_PRIVATE_KEY=./laddr-slack-private-key.pem \
+        --from-file=SAML2_CERTIFICATE=./laddr-slack-public-cert.pem \
+        > ./saml2.secret.yaml
+    ```
+
+4. If your cluster uses [sealed secrets](http://civic-cloud.phl.io/development/features/sealed-secrets/), seal the newly-created secret:
+
+    ```bash
+    export SEALED_SECRETS_CERT=https://sealed-secrets.live.k8s.phl.io/v1/cert.pem
+    kubeseal \
+        --namespace "my-project" \
+        -f ./saml2.secret.yaml \
+        -w ./saml2.sealed-secret.yaml
+    ```
+
+    *Be sure to replace `my-project` with the namespace your instance is deployed within*
+
+5. Deploy the sealed secret to your cluster
+
+    *In Code for Philly's case, that means updating [`saml2.yaml`](https://github.com/CodeForPhilly/cfp-live-cluster/blob/main/code-for-philly.secrets/saml2.yaml) with the new content and then merging the generated deploy PR. After the deploy, you may need to delete the existing secret in order for the `sealed-secrets` operator to replace it with the updated secret*
+
+6. Finally, visit <https://my-org.slack.com/admin/auth/saml?sudo=1> and edit the **Public Certificate**, pasting the contents of `./laddr-slack-public-cert.pem`:
+
+    ```bash
+    cat ./laddr-slack-public-cert.pem
+    # paste output to Slack admin webpage
+    ```
+
+    *Slack will not let you save the new public certificate until it's been successfully applied to the host*

From 9389a337c6c60857ec235fb3ffc28acb7a1fef70 Mon Sep 17 00:00:00 2001
From: Chris Alfano <chris@jarv.us>
Date: Tue, 4 Oct 2022 20:43:05 -0400
Subject: [PATCH 2/4] fix: correct gettext syntax within {tif}

---
 html-templates/project-buzz/projectBuzzSaved.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html-templates/project-buzz/projectBuzzSaved.tpl b/html-templates/project-buzz/projectBuzzSaved.tpl
index 5ae84e87..9bb74121 100644
--- a/html-templates/project-buzz/projectBuzzSaved.tpl
+++ b/html-templates/project-buzz/projectBuzzSaved.tpl
@@ -3,7 +3,7 @@
 {block title}{_ 'Buzz Saved'} &mdash; {$dwoo.parent}{/block}
 
 {block content}
-    {capture assign=buzzHeadlineLink}<a href="{$data->getURL()}">{$data->Headline|escape}</a> {tif $data->isNew ? {_ posted} : {_ updated}}{/capture}
+    {capture assign=buzzHeadlineLink}<a href="{$data->getURL()}">{$data->Headline|escape}</a> {tif $data->isNew ? _('posted') : _('updated')}{/capture}
     {capture assign=projectNameLink}{projectLink $data->Project}{/capture}
     <p>{sprintf(_("%s for %s"), $buzzHeadlineLink, $projectNameLink)}</p>
 {/block}

From 8ec2b9024852aafeaf85e7726c269e51fa54bb0a Mon Sep 17 00:00:00 2001
From: Chris Alfano <chris@jarv.us>
Date: Tue, 4 Oct 2022 20:51:14 -0400
Subject: [PATCH 3/4] feat(fixtures): add basic project+buzz+update

---
 fixtures/project_buzz.sql    | 21 ++++++++++++++++
 fixtures/project_members.sql | 16 ++++++++++++
 fixtures/project_updates.sql | 36 +++++++++++++++++++++++++++
 fixtures/projects.sql        | 48 ++++++++++++++++++++++++++++++++++++
 4 files changed, 121 insertions(+)
 create mode 100644 fixtures/project_buzz.sql
 create mode 100644 fixtures/project_members.sql
 create mode 100644 fixtures/project_updates.sql
 create mode 100644 fixtures/projects.sql

diff --git a/fixtures/project_buzz.sql b/fixtures/project_buzz.sql
new file mode 100644
index 00000000..eb03df2e
--- /dev/null
+++ b/fixtures/project_buzz.sql
@@ -0,0 +1,21 @@
+/*!40103 SET TIME_ZONE='+00:00' */;
+/*!40101 SET character_set_client = utf8 */;
+
+CREATE TABLE `project_buzz` (
+  `ID` int(10) unsigned NOT NULL AUTO_INCREMENT,
+  `Class` enum('Laddr\\ProjectBuzz') NOT NULL,
+  `Created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `CreatorID` int(11) DEFAULT NULL,
+  `ProjectID` int(10) unsigned NOT NULL,
+  `Handle` varchar(255) NOT NULL,
+  `Headline` varchar(255) NOT NULL,
+  `URL` varchar(255) NOT NULL,
+  `Published` timestamp NOT NULL,
+  `ImageID` int(10) unsigned DEFAULT NULL,
+  `Summary` text,
+  PRIMARY KEY (`ID`),
+  UNIQUE KEY `Handle` (`Handle`),
+  KEY `ProjectID` (`ProjectID`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+INSERT INTO `project_buzz` VALUES (1,'Laddr\\ProjectBuzz','2022-10-05 00:42:40',2,1,'laddr_v3.1.1_released','Laddr v3.1.1 released!','https://github.com/CodeForPhilly/laddr/releases/tag/v3.1.1','2022-08-06 19:15:00',NULL,'## Technical\r\n\r\n- chore(deps): bump emergence-slack to v1.0.2 @themightychris');
diff --git a/fixtures/project_members.sql b/fixtures/project_members.sql
new file mode 100644
index 00000000..417502b6
--- /dev/null
+++ b/fixtures/project_members.sql
@@ -0,0 +1,16 @@
+/*!40103 SET TIME_ZONE='+00:00' */;
+/*!40101 SET character_set_client = utf8 */;
+
+CREATE TABLE `project_members` (
+  `ID` int(10) unsigned NOT NULL AUTO_INCREMENT,
+  `Class` enum('Laddr\\ProjectMember') NOT NULL,
+  `Created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `CreatorID` int(11) DEFAULT NULL,
+  `ProjectID` int(10) unsigned NOT NULL,
+  `MemberID` int(10) unsigned NOT NULL,
+  `Role` varchar(255) DEFAULT NULL,
+  PRIMARY KEY (`ID`),
+  UNIQUE KEY `ProjectMember` (`ProjectID`,`MemberID`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+INSERT INTO `project_members` VALUES (1,'Laddr\\ProjectMember','2022-10-05 00:41:02',2,1,2,'Founder');
diff --git a/fixtures/project_updates.sql b/fixtures/project_updates.sql
new file mode 100644
index 00000000..e248b146
--- /dev/null
+++ b/fixtures/project_updates.sql
@@ -0,0 +1,36 @@
+/*!40103 SET TIME_ZONE='+00:00' */;
+/*!40101 SET character_set_client = utf8 */;
+
+CREATE TABLE `project_updates` (
+  `ID` int(10) unsigned NOT NULL AUTO_INCREMENT,
+  `Class` enum('Laddr\\ProjectUpdate') NOT NULL,
+  `Created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `CreatorID` int(11) DEFAULT NULL,
+  `Modified` timestamp NULL DEFAULT NULL,
+  `ModifierID` int(10) unsigned DEFAULT NULL,
+  `ProjectID` int(10) unsigned NOT NULL,
+  `Number` int(10) unsigned NOT NULL,
+  `Body` text NOT NULL,
+  PRIMARY KEY (`ID`),
+  KEY `ProjectID` (`ProjectID`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+INSERT INTO `project_updates` VALUES (1,'Laddr\\ProjectUpdate','2022-10-05 00:41:20',2,NULL,NULL,1,1,'Today we set up sample data to add to the project repository');
+
+
+CREATE TABLE `history_project_updates` (
+  `RevisionID` int(10) unsigned NOT NULL AUTO_INCREMENT,
+  `ID` int(10) unsigned NOT NULL,
+  `Class` enum('Laddr\\ProjectUpdate') NOT NULL,
+  `Created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `CreatorID` int(11) DEFAULT NULL,
+  `Modified` timestamp NULL DEFAULT NULL,
+  `ModifierID` int(10) unsigned DEFAULT NULL,
+  `ProjectID` int(10) unsigned NOT NULL,
+  `Number` int(10) unsigned NOT NULL,
+  `Body` text NOT NULL,
+  PRIMARY KEY (`RevisionID`),
+  KEY `ID` (`ID`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+INSERT INTO `history_project_updates` SELECT NULL AS RevisionID, project_updates.* FROM `project_updates`;
diff --git a/fixtures/projects.sql b/fixtures/projects.sql
new file mode 100644
index 00000000..caec80b6
--- /dev/null
+++ b/fixtures/projects.sql
@@ -0,0 +1,48 @@
+/*!40103 SET TIME_ZONE='+00:00' */;
+/*!40101 SET character_set_client = utf8 */;
+
+CREATE TABLE `projects` (
+  `ID` int(10) unsigned NOT NULL AUTO_INCREMENT,
+  `Class` enum('Laddr\\Project') NOT NULL,
+  `Created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `CreatorID` int(11) DEFAULT NULL,
+  `Modified` timestamp NULL DEFAULT NULL,
+  `ModifierID` int(10) unsigned DEFAULT NULL,
+  `Title` varchar(255) NOT NULL,
+  `Handle` varchar(255) NOT NULL,
+  `MaintainerID` int(10) unsigned DEFAULT NULL,
+  `UsersUrl` varchar(255) DEFAULT NULL,
+  `DevelopersUrl` varchar(255) DEFAULT NULL,
+  `README` text,
+  `NextUpdate` int(10) unsigned NOT NULL DEFAULT '1',
+  `Stage` enum('Commenting','Bootstrapping','Prototyping','Testing','Maintaining','Drifting','Hibernating') NOT NULL DEFAULT 'Commenting',
+  `ChatChannel` varchar(255) DEFAULT NULL,
+  PRIMARY KEY (`ID`),
+  UNIQUE KEY `Handle` (`Handle`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+INSERT INTO `projects` VALUES (1,'Laddr\\Project','2022-10-05 00:41:02',2,'2022-10-05 00:41:20',2,'Laddr','laddr',2,'http://codeforphilly.github.io/laddr/','https://github.com/CodeForPhilly/laddr',NULL,2,'Maintaining','laddr');
+
+
+CREATE TABLE `history_projects` (
+  `RevisionID` int(10) unsigned NOT NULL AUTO_INCREMENT,
+  `ID` int(10) unsigned NOT NULL,
+  `Class` enum('Laddr\\Project') NOT NULL,
+  `Created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `CreatorID` int(11) DEFAULT NULL,
+  `Modified` timestamp NULL DEFAULT NULL,
+  `ModifierID` int(10) unsigned DEFAULT NULL,
+  `Title` varchar(255) NOT NULL,
+  `Handle` varchar(255) NOT NULL,
+  `MaintainerID` int(10) unsigned DEFAULT NULL,
+  `UsersUrl` varchar(255) DEFAULT NULL,
+  `DevelopersUrl` varchar(255) DEFAULT NULL,
+  `README` text,
+  `NextUpdate` int(10) unsigned NOT NULL DEFAULT '1',
+  `Stage` enum('Commenting','Bootstrapping','Prototyping','Testing','Maintaining','Drifting','Hibernating') NOT NULL DEFAULT 'Commenting',
+  `ChatChannel` varchar(255) DEFAULT NULL,
+  PRIMARY KEY (`RevisionID`),
+  KEY `ID` (`ID`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+INSERT INTO `history_projects` SELECT NULL AS RevisionID, projects.* FROM `projects`;

From 4e5d21d8d647cb617ec5f77f97254cbd4beaa6a1 Mon Sep 17 00:00:00 2001
From: Chris Alfano <chris@jarv.us>
Date: Tue, 4 Oct 2022 20:53:10 -0400
Subject: [PATCH 4/4] fix(fixtures): add local fixtures to fixtures holobranch

---
 .holo/branches/fixtures/_laddr.toml | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .holo/branches/fixtures/_laddr.toml

diff --git a/.holo/branches/fixtures/_laddr.toml b/.holo/branches/fixtures/_laddr.toml
new file mode 100644
index 00000000..5d74ce4a
--- /dev/null
+++ b/.holo/branches/fixtures/_laddr.toml
@@ -0,0 +1,3 @@
+[holomapping]
+root = "fixtures"
+files = "**/*.sql"