Merge pull request #249 from NYPL/main

Merge Main to QA for Testing

.eslintrc

@@ -34,7 +34,8 @@
     "@typescript-eslint/explicit-function-return-type": 0,
     "react/prop-types": 0,
     "react/display-name": 0,
-    "@typescript-eslint/no-use-before-define": 0
+    "@typescript-eslint/no-use-before-define": 0,
+    "@typescript-eslint/camelcase": "off"
   },
   "settings": {
     "react": {

.github/workflows/ci.yml

@@ -0,0 +1,92 @@
+name: CI
+
+on: push
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    env:
+      CI: true
+    steps:
+      - uses: actions/checkout@v4
+      - name: Use Node.js 20
+        uses: actions/setup-node@v3
+        with:
+          node-version: 20
+      - name: Cache and install node modules
+        uses: bahmutov/npm-install@v1
+      - name: Test
+        run: npm run test
+  publish_qa:
+    needs: test
+    if: github.ref == 'refs/heads/qa'
+    name: Publish image to ECR and update ECS stack
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::946183545209:role/GithubActionsDeployerRole
+          aws-region: us-east-1
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Build, tag, and push image to Amazon ECR
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY: nypl-library-card-app
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+          docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:qa-latest
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:qa-latest
+
+      - name: Force ECS Update
+        run: |
+          aws ecs update-service --cluster nypl-library-card-app-qa --service nypl-library-card-app-qa --force-new-deployment
+  publish_production:
+    needs: test
+    if: github.ref == 'refs/heads/production'
+    name: Publish image to ECR and update ECS stack
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::946183545209:role/GithubActionsDeployerRole
+          aws-region: us-east-1
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Build, tag, and push image to Amazon ECR
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY: nypl-library-card-app
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+          docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:production-latest
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:production-latest
+
+      - name: Force ECS Update
+        run: |
+          aws ecs update-service --cluster nypl-library-card-app-production --service nypl-library-card-app-production --force-new-deployment

.nvmrc

@@ -1 +1 @@
-10.19.0
+20

CHANGELOG.md

@@ -1,5 +1,19 @@
 ## CHANGE LOG
 
+### v1.0.0 Remediation Project (security) update
+
+- Switch deployment to GitHub Actions
+- Remove EB related code and language, move to ECS
+- Update node version to 20
+- Update next version to 12
+- Updates to dependencies to match
+- Add script to package.json for clearing the test cache (this is just a convenience since I was updating so frequently, can be removed)
+- Update a bunch of packages related to testing (@testing-library/jest-dom, @testing-library/react, @types/jest, @types/jest-axe, jest, jest-axe)
+- Specify the testEnvironment as jsdom
+- Add package jest-environment-jsdom since this is not included automatically anymore
+- Replace @testing-library/jest-dom/extend-expect with @testing-library/jest-dom since this is now included
+- The only real substantive change is updating next to 12, which is as high as it can go without breaking anything
+
 ### v0.9.4 - New DS Header/Footer
 
 ---

Dockerfile

@@ -1,5 +1,5 @@
 # Build the environment.
-FROM node:12.2.0-alpine as production
+FROM node:20-alpine as production
 
 # Install git to resolve issues installing the
 # nypl/dgx-header-component package.

README.md

@@ -10,9 +10,8 @@ A JavaScript Application that allows NYPL patrons to request a library card and
 | 4.                | [Deployment](#deployment)                                         |
 | 5.                | [Git Workflow](#git-workflow)                                     |
 | 6.                | [Internationalization](#internationalization)                     |
-| 7.                | [AWS Elastic Beanstalk](#aws-elastic-beanstalk)                   |
-| 8.                | [Travis CI](#travis-ci)                                           |
-| 9.                | [Docker](#docker)                                                 |
+| 7.                | [CI/CD](#CI/CD)                                                   |
+| 8.                | [Docker](#docker)                                                 |
 
 ## Production Site and Version
 
@@ -22,7 +21,7 @@ The production site on NYPL.org:
 
 The current production version:
 
-- 0.7.11
+- 1.0.0
 
 ## Branch Statuses
 
@@ -47,7 +46,7 @@ At the moment, this app is intended to be run on Node v10.x due to AWS deploymen
 See `.env.example` for a checklist of the environment variables the app
 needs to run.
 
-Note: Nextjs uses `.env.development` and `.env.production` for their respective platform environment variables. The keys are not encrypted in the repo and are therefore directly added/updated through the AWS Elastic Beanstalk UI. These files are not not necessary to have to run the app locally.
+Note: Nextjs uses `.env.development` and `.env.production` for their respective platform environment variables. The keys are not encrypted in the repo and are therefore directly added/updated through Terraform. These files are not not necessary to have to run the app locally.
 
 ### Install & Running Locally
 
@@ -108,35 +107,11 @@ The `production` branch should be what's running in the production environment.
 
 The application is internationalized using the `next-i18next` package. For more information, see the [MULTILINGUAL_FEATURE.md](./MULTILINGUAL_FEATURE.md) file.
 
-## AWS Elastic Beanstalk
-
-1. `.ebextensions` directory needed at application's root directory
-2. `.ebextensions/environment.config` to store environment variables. For environment variables that needs to be hidden,
-3. `.ebextensions/nodecommand.config` to start node app after deployment.
-4. `eb init -i --profile <<your AWS profile>>`
-5. Initial creation of instance on Beanstalk:
-
-Please use the instance profile of _cloudwatchable-beanstalk_.
-Which has all the permissions needed for a traditional or Docker-flavored Beanstalk
-machine that wants to log to CloudWatch.
-
-```bash
-eb create <<environment name>> --instance_type <<size of instance>> \
-    --instance_profile cloudwatchable-beanstalk \
-    --envvars FOO="bar",MYVAR="myval" \
-    --cname <<cname prefix (XXX.us-east-1.elasticbeanstalk.com)>> \
-    --vpc.id <<ask for custom vpc_id>> \
-    --vpc.ec2subnets <<privateSubnetId1,privateSubnetId2>> \
-    --vpc.elbsubnets <<publicSubnetId1,publicSubnetId2>> \
-    --vpc.elbpublic \
-    --profile <<your AWS profile>>
-```
-
-## Travis CI
+## CI/CD
 
-Subsequent deployments are accomplished via pushing code into `qa` and `production` branches, which triggers Travis CI to build, test, and deploy.
+Subsequent deployments are accomplished via pushing code into `qa` and `production` branches, which triggers GitHub Actions to build, test, and deploy.
 
-Configuration can be adjusted via `.travis.yml`, located at the root directory of this code repository. Travis CI is set to watch `qa` and `production` branches and waits for code push, e.g. `git push origin qa` will trigger Travis CI to build. When build and test are successful, Travis CI will deploy to specified Elastic Beanstalk instance.
+Configuration can be adjusted via `.github/workflows/ci.yml`, located at the root directory of this code repository. GitHub Actions is set to watch `qa` and `production` branches and waits for code push, e.g. `git push origin qa` will trigger GitHub Actions to build. When build and test are successful, GitHub Actions will deploy to specified ECS instance.
 
 ## Docker
 

jest.config.js

@@ -21,4 +21,5 @@ module.exports = {
   moduleNameMapper: {
     "^.+\\.module\\.(css|sass|scss)$": "identity-obj-proxy",
   },
+  testEnvironment: "jsdom",
 };