Enterprise-CMCS · karla-vm · May 20, 2024 · Apr 14, 2024 · Apr 15, 2024 · Apr 15, 2024
@@ -1,2 +1,2 @@
 # Default repo owners
-*       @BearHanded @braxex @karla-vm
+*       @BearHanded @braxex @jessabean @karla-vm
@@ -20,10 +20,10 @@ CMDCT-
 ---
 ### Pre-review checklist
 <!-- Complete the following steps before opening for review -->
-
-- [ ] I have performed a self-review of my code
 - [ ] I have added [thorough](https://shorturl.at/aejkF) tests, if necessary
 - [ ] I have updated relevant documentation, if necessary
+- [ ] I have performed a self-review of my code
+- [ ] I have manually tested this PR in the deployed cloud environment
 
 ---
 ### Pre-merge checklist

@@ -57,7 +57,7 @@ jobs:
           [[ $(jq -r 'length' <<< "${UNTAGGED}") -gt 0 ]] && jq -r '(.[0] 
             | keys_unsorted) as $keys | $keys, map([.[ $keys[] ]])[] | @csv' <<< "${UNTAGGED}" > reports/untagged.csv
       - name: Upload reports
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: resource-reports
           path: .github/reports/

@@ -30,9 +30,9 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
@@ -24,10 +24,10 @@ jobs:
         run: ./.github/build-vars.sh set_values
         env:
           CODE_CLIMATE_ID: ${{ secrets.CODE_CLIMATE_ID }}
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version-file: ".nvmrc"
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: |
             **/node_modules
@@ -40,18 +40,22 @@ jobs:
         run: ./scripts/test-unit.sh
       - name: publish test coverage to code climate
         if: env.CODE_CLIMATE_ID != ''
-        uses: paambaati/codeclimate-action@v5
+        uses: paambaati/codeclimate-action@v6
         env:
           CC_TEST_REPORTER_ID: ${{ secrets.CODE_CLIMATE_ID }}
         with:
           coverageLocations: |
             ${{github.workspace}}/services/app-api/coverage/lcov.info:lcov
             ${{github.workspace}}/services/ui-src/coverage/lcov.info:lcov
       - name: Store unit test results
-        uses: actions/upload-artifact@v3
+        if: failure()
+        uses: actions/upload-artifact@v4
         with:
-          name: unit_test_results
-          path: ${{github.workspace}}/services/ui-src/coverage/lcov.info
+          name: unit-test-results
+          path: |
+            ${{github.workspace}}/services/app-api/coverage/lcov.info
+            ${{github.workspace}}/services/ui-src/coverage/lcov.info
+          retention-days: 14
 
   deploy:
     needs: unit-tests
@@ -80,10 +84,10 @@ jobs:
         with:
           role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version-file: ".nvmrc"
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: |
             **/node_modules
@@ -211,12 +215,14 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Run Cypress Tests
-        uses: cypress-io/github-action@v5
+        uses: cypress-io/github-action@v6
         with:
           working-directory: tests/cypress
           spec: |
-            tests/e2e/*.spec.js
-            tests/e2e/**/*.feature
+            e2e/*.cy.js
+            e2e/admin/*.cy.js
+            e2e/mcpar/*.cy.js
+            e2e/mlr/*.cy.js
           browser: chrome
           config: baseUrl=${{ needs.deploy.outputs.application_endpoint }}
           wait-on: ${{ needs.deploy.outputs.application_endpoint }}
@@ -226,15 +232,15 @@ jobs:
           CYPRESS_STATE_USER_PASSWORD: ${{ secrets.CYPRESS_STATE_USER_PASSWORD }}
           CYPRESS_ADMIN_USER_EMAIL: ${{ secrets.CYPRESS_ADMIN_USER_EMAIL }}
           CYPRESS_ADMIN_USER_PASSWORD: ${{ secrets.CYPRESS_ADMIN_USER_PASSWORD }}
-
       - name: Upload screenshots
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: failure()
         with:
-          name: cypress-screenshots
+          name: cypress-test-results
           path: |
-            tests/cypress/screenshots/
-            tests/cypress/videos/
+            ${{github.workspace}}/tests/cypress/screenshots/
+            ${{github.workspace}}/tests/cypress/videos/
+          retention-days: 14
 
 
   a11y-tests:
@@ -249,10 +255,10 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Check Project A11y
-        uses: cypress-io/github-action@v5
+        uses: cypress-io/github-action@v6
         with:
           working-directory: tests/cypress
-          spec: tests/accessibility/*.feature
+          spec: e2e/accessibility/*.cy.js
           browser: chrome
           config: baseUrl=${{ needs.deploy.outputs.application_endpoint }}
           wait-on: ${{ needs.deploy.outputs.application_endpoint }}
@@ -263,15 +269,15 @@ jobs:
           CYPRESS_ADMIN_USER_EMAIL: ${{ secrets.CYPRESS_ADMIN_USER_EMAIL }}
           CYPRESS_ADMIN_USER_PASSWORD: ${{ secrets.CYPRESS_ADMIN_USER_PASSWORD }}
           RUN_PA11Y: true
-
       - name: Upload screenshots
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: failure()
         with:
-          name: cypress-screenshots
+          name: a11y-test-results
           path: |
-            tests/cypress/screenshots/
-            tests/cypress/videos/
+            ${{github.workspace}}/tests/cypress/screenshots/
+            ${{github.workspace}}/tests/cypress/videos/
+          retention-days: 14
 
   cleanup:
     name: Delist GHA Runner CIDR Blocks

@@ -33,6 +33,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: ".nvmrc" 
       - name: set branch_name
         run: |
           BRANCH_NAME=$(./.github/setBranchName.sh ${{ inputs.environment || github.event.ref }})
@@ -54,4 +57,5 @@ jobs:
         run: ./.github/github-lock.sh $branch_name
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - run: ./scripts/destroy.sh $STAGE_PREFIX$branch_name
+      - name: Destroy
+        run: ./run destroy --stage $STAGE_PREFIX$branch_name --verify false
@@ -30,8 +30,6 @@ jobs:
     #only check branch names that begin with snyk-
     if: ${{ github.event.workflow_run.conclusion == 'failure' && startsWith(github.event.workflow_run.head_branch, 'snyk-') }}
     steps:
-      - name: Debug
-        run: echo "Ref is ${{ github.ref }}"
       - name: Slack Notification
         uses: rtCamp/action-slack-notify@v2
         env:

@@ -4,16 +4,57 @@ on:
   pull_request:
     types: [opened, reopened, ready_for_review]
 
+permissions:
+  id-token: write
+  contents: write
+  issues: write
+  pull-requests: write
+
 jobs:
+  endpoint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: set branch_name # Some integrations (Snyk) build very long branch names. This is a switch to make long branch names shorter.
+        run: |
+          BRANCH_NAME=$(./.github/setBranchName.sh ${{ github.event.pull_request.head.ref }})
+          echo "branch_name=${BRANCH_NAME}" >> $GITHUB_ENV
+      - uses: actions/checkout@v4
+      - name: set branch specific variable names
+        run: ./.github/build-vars.sh set_names
+      - name: set variable values
+        run: ./.github/build-vars.sh set_values
+      - name: Configure AWS credentials for GitHub Actions
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+      - name: get endpoint
+        id: getendpoint
+        run: |
+          set +e
+          application_endpoint_url=$(aws cloudformation describe-stacks --stack-name ui-${{ env.branch_name }} --output text --query "Stacks[0].Outputs[?OutputKey=='ApplicationEndpointUrl'].OutputValue")
+          set -e
+          if [[ -z $application_endpoint_url || ! $application_endpoint_url == http* ]]; then
+              application_endpoint_url="endpoint not found"
+          fi
+          echo "application_endpoint_url=$application_endpoint_url" >> $GITHUB_OUTPUT
+          
+    outputs:
+      application_endpoint_url: ${{ steps.getendpoint.outputs.application_endpoint_url }}
+
   notify_integrations_channel:
     runs-on: ubuntu-latest
+    needs:
+      - endpoint
     # avoiding notifications for automated Snyk Pull Requests and draft pull requests 
     if: github.actor != 'mdct-github-service-account' && !github.event.pull_request.draft
     steps:
       - name: Slack Notification
         uses: rtCamp/action-slack-notify@v2
         env:
           SLACK_TITLE: ":github: A new pull request has been created in ${{ github.repository }} by ${{ github.event.pull_request.user.login }}"
-          SLACK_MESSAGE: "${{ github.event.pull_request.html_url }}"
+          SLACK_MESSAGE: "${{ github.event.pull_request.html_url }} \n Cloudfront URL: ${{ needs.endpoint.outputs.application_endpoint_url }}"
           MSG_MINIMAL: true
           SLACK_WEBHOOK: ${{ secrets.INTEGRATIONS_SLACK_WEBHOOK }}
@@ -7,9 +7,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v3
-      - uses: pre-commit/action@v3.0.0
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+      - uses: pre-commit/action@v3.0.1
+      - uses: actions/setup-node@v4
         with:
           node-version-file: ".nvmrc"
       - name: run unit tests
@@ -29,3 +31,18 @@ jobs:
           PRNUM: ${{ github.event.pull_request.number }}
           PR_AUTHOR: ${{ github.event.pull_request.user.login }}
           PR_AUTHOR_TYPE: ${{ github.event.pull_request.user.type }}
+
+  #Notify the integrations channel only when a Snyk auto merge fails pr checks
+  notify_on_pr_failure:
+    runs-on: ubuntu-latest
+    needs: 
+      - prchecks
+    #only check branch names that begin with snyk-
+    if: ${{ failure() && startsWith(github.head_ref, 'snyk-') }}
+    steps:
+      - name: Slack Notification
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_TITLE: ":boom: A Synk auto merge has failed pull request checks in ${{ github.repository }}."
+          MSG_MINIMAL: true
+          SLACK_WEBHOOK: ${{ secrets.INTEGRATIONS_SLACK_WEBHOOK }}
@@ -41,7 +41,7 @@ jobs:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
       - name: use the custom github  action to parse Snyk output
-        uses: Enterprise-CMCS/macfc-security-scan-report@v2.7.4
+        uses: Enterprise-CMCS/mac-fc-security-scan-report@v2.8.4.3
         with:
           jira-username: "mdct_github_service_account"
           jira-token: ${{ secrets.JIRA_ENT_USER_TOKEN }}
@@ -55,3 +55,4 @@ jobs:
           assign-jira-ticket-to: "MWTW"
           scan-output-path: "snyk_output.txt"
           scan-type: "snyk"
+          major-version-only: 'true'
@@ -1 +1 @@
-v18.13.0
+v20.11.1
@@ -52,13 +52,13 @@ Before starting the project we're going to install some tools. We recommend havi
 
 ### Running the project locally
 
-In the root of the project run `./dev local`
+In the root of the project run `./run local`
 
 ### Logging in
 
 (Make sure you've finished setting up the project locally above before moving on to this step!)
 
-Once you've run `./dev local` you'll find yourself on a login page at localhost:3000. For local development there is a list of users that can be found at services/ui-auth/libs/users.json. That's where you can grab an email to fill in.
+Once you've run `./run local` you'll find yourself on a login page at localhost:3000. For local development there is a list of users that can be found at services/ui-auth/libs/users.json. That's where you can grab an email to fill in.
 
 For a password to that user, please ask a fellow developer.
 
@@ -75,11 +75,11 @@ In the terminal, any changes made to a program will show up as S3 updates with a
 #### DynamoDB Local failed to start with code 1 
 If you're getting an error such as `inaccessible host: 'localhost' at port '8000'`, some steps to try:
 - confirm that you're on the right Java version -- if you have an M1 mac, you need an [x86 install](https://www.azul.com/downloads/?version=java-18-sts&os=macos&architecture=x86-64-bit&package=jdk#zulu) 
-- delete your `services/database/.dynamodb` directory and then run `dev local` in your terminal
+- delete your `services/database/.dynamodb` directory and then run `./run local` in your terminal
 
 ### Local Development Additional Info
 
-Local dev is configured as a Typescript project. The entrypoint in `./src/dev.ts` manages running the moving pieces locally: the API, database, filestore, and frontend.
+Local dev is configured as a Typescript project. The entrypoint in `./src/run.ts` manages running the moving pieces locally: the API, database, filestore, and frontend.
 
 Local dev is built around the Serverless plugin [serverless-offline](https://github.com/dherault/serverless-offline). `serverless-offline` runs an API Gateway locally configured by `./services/app-api/serverless.yml` and hot reloads your Lambdas on every save. The plugins [serverless-dynamodb-local](https://github.com/99x/serverless-dynamodb-local) and [serverless-s3-local](https://github.com/ar90n/serverless-s3-local) stand up the local database and s3 in a similar fashion.
 

@@ -4,6 +4,7 @@
   "type": "module",
   "description": "",
   "main": "index.js",
+  "private": true,
   "directories": {
     "test": "tests"
   },
@@ -22,14 +23,16 @@
   },
   "homepage": "https://github.com/Enterprise-CMCS/macpro-mdct-mcr#readme",
   "dependencies": {
+    "@enterprise-cmcs/serverless-waf-plugin": "^1.4.0",
     "fast-xml-parser": "4.3.3",
-    "loader-utils": "2.0.3",
-    "@enterprise-cmcs/serverless-waf-plugin": "^1.3.2"
+    "loader-utils": "2.0.3"
   },
   "devDependencies": {
+    "@serverless/compose": "^1.3.0",
+    "@stratiformdigital/serverless-stage-destroyer": "^2.1.1",
     "@types/dotenv": "^8.2.0",
     "@types/flat": "^5.0.2",
-    "@types/node": "^18.11.18",
+    "@types/node": "^20.12.7",
     "@types/yargs": "^15.0.10",
     "@typescript-eslint/eslint-plugin": "5.18.0",
     "@typescript-eslint/parser": "5.18.0",
@@ -43,19 +46,16 @@
     "eslint-plugin-react": "^7.24.0",
     "eslint-plugin-react-hooks": "^4.6.0",
     "prettier": "^2.4.1",
-    "serverless": "^3.27.0",
+    "serverless": "^3.38.0",
     "serverless-api-client-certificate": "^1.0.2",
     "serverless-bundle": "^6.0.0",
     "serverless-cloudfront-invalidate": "^1.11.0",
     "serverless-dotenv-plugin": "^3.0.0",
     "serverless-iam-helper": "github:Enterprise-CMCS/serverless-iam-helper",
-    "serverless-idempotency-helper": "github:Enterprise-CMCS/serverless-idempotency-helper",
-    "serverless-offline": "^12.0.4",
-    "serverless-online": "github:Enterprise-CMCS/macpro-serverless-online",
+    "serverless-offline": "^13.5.0",
     "serverless-plugin-scripts": "^1.0.2",
-    "serverless-plugin-warmup": "^8.2.1",
     "serverless-s3-bucket-helper": "github:Enterprise-CMCS/serverless-s3-bucket-helper#master",
-    "serverless-s3-sync": "2.0.0",
+    "serverless-s3-sync": "^3.2.0",
     "serverless-stack-termination-protection": "^2.0.2",
     "typescript": "^4.6.3",
     "util": "^0.12.4",