Deploy to prod (#1737)

.github/ISSUE_TEMPLATE/release.yml

@@ -19,50 +19,82 @@ body:
         release process](https://docs.calitp.org/benefits/deployment/release/).
 
         Close this issue when the checklist is complete.
+    validations:
+      required: true
   - type: input
     id: manager
     attributes:
       label: Release manager
       description: GitHub handle of who is responsible for this release; assign this issue to this user
       placeholder: "@cal-itp-bot"
+    validations:
+      required: true
   - type: input
     id: version
     attributes:
       label: Release version
       description: Calver-formatted version for this release
       placeholder: YYYY.0M.R
+    validations:
+      required: true
   - type: markdown
     attributes:
       value: |
         ## Release type
 
         Reference the diagram and discussion on [the release process docs](https://docs.calitp.org/benefits/deployment/release/).
 
-        * `Regular` release: propogates from `dev` to `test`, and then `test` to `prod`. Only possible if `dev` is ready to deploy.
-        * `Hotfix` release: propogates from `test` to `prod`, skipping `dev`.
+        * `Regular` release: propagates from `dev` to `test`, and then `test` to `prod`. Only possible if `dev` is ready to deploy.
+        * `Hotfix` release: fix is merged into `prod`. After release, fix is propagated to `dev` and `test`.
   - type: dropdown
     id: type
     attributes:
       label: What type of release is this?
       options:
         - "Regular"
         - "Hotfix"
+    validations:
+      required: true
+  - type: markdown
+    attributes:
+      value: |
+        ## Release checklist
+
+        After this issue is created, edit the description to keep only the checklist for the release type.
   - type: checkboxes
-    id: checklist
+    id: regular-checklist
     attributes:
-      label: Release checklist
-      description: Complete these items in sequence as the release progresses
+      label: Regular release checklist
+      description: Complete these items in sequence as the `Regular` release progresses
       options:
+        - label: Ensure the `dev` branch and secrets are up to date
         - label: Create a branch called release/version from the source branch
         - label: Bump the application version
-        - label: Open a PR for the release branch into the staging target, merge
-        - label: "(If applicable): update staging data migrations"
-        - label: "(If applicable): open another PR from dev to test"
-        - label: "(If applicable): update data migrations"
+        - label: Open a PR for the release branch into `dev`, merge
+        - label: Ensure `test` secrets are up to date
+        - label: Open another PR from `dev` to `test`, merge
         - label: QA the app in test
-        - label: "(If applicable): prepare production data migrations"
-        - label: Open a PR to for the test branch into prod, merge
+        - label: Ensure `prod` secrets are up to date
+        - label: Open a PR for the `test` branch into `prod`, merge
         - label: QA the app in prod
-        - label: Tag the release on the prod branch, push the tag to GitHub
+        - label: Tag the release on the `prod` branch, push the tag to GitHub (see [docs](https://docs.calitp.org/benefits/deployment/release/#5-tag-the-release) for commands)
+        - label: Create a release in GitHub for the tag, generating release notes
+        - label: Edit release notes with additional context, images, animations, etc. as-needed
+  - type: checkboxes
+    id: hotfix-checklist
+    attributes:
+      label: Hotfix release checklist
+      description: Complete these items in sequence as the `Hotfix` release progresses
+      options:
+        - label: Make the hotfix in a branch from `prod`
+        - label: Bump the application version
+        - label: Ensure `prod` secrets are up to date
+        - label: Open a PR from the hotfix branch into `prod`, merge
+        - label: QA the fix in prod
+        - label: Tag the release on `prod`, push the tag to GitHub (see [docs](https://docs.calitp.org/benefits/deployment/release/#5-tag-the-release) for commands)
         - label: Create a release in GitHub for the tag, generating release notes
         - label: Edit release notes with additional context, images, animations, etc. as-needed
+        - label: Create a branch off `dev`
+        - label: Open a PR from `prod` into that branch, merge
+        - label: (optional) Adapt hotfix to current state of `dev` in that same branch
+        - label: Merge the PR into `dev`

.github/workflows/.python-version

@@ -1 +1 @@
-3.10
+3.11

.github/workflows/codeql.yml

@@ -30,7 +30,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2

.github/workflows/deploy.yml

@@ -20,24 +20,24 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Write commit SHA to file
         run: echo "${{ github.sha }}" >> benefits/static/sha.txt
 
       - name: Docker Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Build, tag, and push image to GitHub Container Registry
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           builder: ${{ steps.buildx.outputs.name }}
           build-args: GIT-SHA=${{ github.sha }}

.github/workflows/mkdocs.yml

@@ -23,7 +23,7 @@ jobs:
     if: github.event.workflow_run == null || github.event.workflow_run.conclusion == 'success'
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Download coverage report
         uses: dawidd6/action-download-artifact@v2

.github/workflows/tests-cypress.yml

@@ -11,15 +11,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Start app
         run: |
           touch .env
           docker compose up --detach client server
 
       - name: Run Cypress tests
-        uses: cypress-io/github-action@v5
+        uses: cypress-io/github-action@v6
         env:
           CYPRESS_baseUrl: http://localhost:8000
         with:

.github/workflows/tests-pytest.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Install system packages
         run: |

.github/workflows/tests-ui.yml

@@ -14,15 +14,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Start app
         run: |
           touch .env
           docker compose up --detach client
 
       - name: Run Lighthouse tests for a11y
-        uses: treosh/lighthouse-ci-action@9.6.8
+        uses: treosh/lighthouse-ci-action@10.1.0
         with:
           urls: |
             http://localhost:8000

.gitignore

@@ -3,6 +3,7 @@
 *.mo
 *.tfbackend
 *.tmp
+*.egg-info
 static/
 !benefits/static
 benefits/static/sha.txt

.pre-commit-config.yaml

@@ -15,7 +15,7 @@ default_stages:
 
 repos:
   - repo: https://github.com/compilerla/conventional-pre-commit
-    rev: v2.1.1
+    rev: v2.4.0
     hooks:
       - id: conventional-pre-commit
         stages: [commit-msg]
@@ -34,14 +34,14 @@ repos:
         args: ["--maxkb=1500"]
 
   - repo: https://github.com/psf/black
-    rev: 23.3.0
+    rev: 23.9.1
     hooks:
       - id: black
         types:
           - python
 
   - repo: https://github.com/PyCQA/flake8
-    rev: 6.0.0
+    rev: 6.1.0
     hooks:
       - id: flake8
         types:
@@ -55,12 +55,12 @@ repos:
         files: .py$
 
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v3.0.0-alpha.6
+    rev: v3.0.3
     hooks:
       - id: prettier
         types_or: [javascript, css]
 
   - repo: https://github.com/Riverside-Healthcare/djLint
-    rev: v1.23.0
+    rev: v1.32.1
     hooks:
       - id: djlint-django

.vscode/launch.json

@@ -12,7 +12,8 @@
       "args": ["runserver", "--insecure", "0.0.0.0:8000"],
       "django": true,
       "env": {
-        "DJANGO_DEBUG": "true"
+        "DJANGO_DEBUG": "true",
+        "PYTHONWARNINGS": "default"
       }
     },
     {

.vscode/settings.json

@@ -1,12 +1,10 @@
 {
-  "djlint.guessProfile": false,
   "editor.defaultFormatter": "esbenp.prettier-vscode",
   "editor.formatOnSave": true,
-  "[html]": {
-    "editor.defaultFormatter": "monosans.djlint"
-  },
-  "[django-html]": {
-    "editor.defaultFormatter": "monosans.djlint"
+  "[django-html][html]": {
+    "editor.defaultFormatter": "monosans.djlint",
+    "djlint.enableLinting": true,
+    "djlint.profile": "django"
   },
   "files.encoding": "utf8",
   "files.eol": "\n",

appcontainer/nginx.conf

@@ -44,15 +44,15 @@ http {
 
     # 404 known scraping path targets
     # case-insensitive regex matches the given path fragment anywhere in the request path
-    location ~* /(\.?git|api|app|assets|ats|bootstrap|bower|cgi|content|credentials|docker|doc|env|example|swagger|web) {
+    location ~* /(\.?git|api|app|assets|ats|bootstrap|bower|cgi|content|cpanel|credentials|debug|docker|doc|env|example|jenkins|robots|swagger|web|yq) {
         access_log off;
         log_not_found off;
         return 404;
     }
 
     # 404 known scraping file targets
     # case-insensitive regex matches the given file extension anywhere in the request path
-    location ~* /.*\.(asp|axd|cgi|com|env|json|php|xml|ya?ml) {
+    location ~* /.*\.(ash|asp|axd|cgi|com|env|json|php|ping|xml|ya?ml) {
         access_log off;
         log_not_found off;
         return 404;

benefits/__init__.py

@@ -1,3 +1,10 @@
-__version__ = "2023.04.2"
+from importlib.metadata import version, PackageNotFoundError
+
+try:
+    __version__ = version("benefits")
+except PackageNotFoundError:
+    # package is not installed
+    pass
+
 
 VERSION = __version__

benefits/core/context_processors.py

@@ -2,9 +2,37 @@
 The core application: context processors for enriching request context data.
 """
 from django.conf import settings
-from django.urls import reverse
 
-from . import session
+from . import models, session
+
+
+def _agency_context(agency):
+    return {
+        "eligibility_index_url": agency.eligibility_index_url,
+        "help_template": agency.help_template,
+        "info_url": agency.info_url,
+        "long_name": agency.long_name,
+        "phone": agency.phone,
+        "short_name": agency.short_name,
+        "slug": agency.slug,
+    }
+
+
+def agency(request):
+    """Context processor adds some information about the active agency to the request context."""
+    agency = session.agency(request)
+
+    if agency is None:
+        return {}
+
+    return {"agency": _agency_context(agency)}
+
+
+def active_agencies(request):
+    """Context processor adds some information about all active agencies to the request context."""
+    agencies = models.TransitAgency.all_active()
+
+    return {"active_agencies": [_agency_context(agency) for agency in agencies]}
 
 
 def analytics(request):
@@ -18,15 +46,12 @@ def authentication(request):
 
     if verifier:
         data = {
-            "required": verifier.is_auth_required,
             "logged_in": session.logged_in(request),
-            "sign_out_route": reverse("oauth:logout"),
         }
 
         if verifier.is_auth_required:
-            auth_provider = verifier.auth_provider
-            data["sign_in_button_label"] = auth_provider.sign_in_button_label
-            data["sign_out_button_label"] = auth_provider.sign_out_button_label
+            data["sign_out_button_template"] = verifier.auth_provider.sign_out_button_template
+            data["sign_out_link_template"] = verifier.auth_provider.sign_out_link_template
 
         return {"authentication": data}
     else:
@@ -36,3 +61,13 @@ def authentication(request):
 def debug(request):
     """Context processor adds debug information to request context."""
     return {"debug": session.context_dict(request)}
+
+
+def origin(request):
+    """Context processor adds session.origin to request context."""
+    origin = session.origin(request)
+
+    if origin:
+        return {"origin": origin}
+    else:
+        return {}