chore: merges latest main

.dockerignore

@@ -0,0 +1,18 @@
+**/node_modules
+**/dist
+.redwood
+
+.env
+
+README.md
+LICENSE
+
+.git
+.gitignore
+
+.vscode
+.editorconfig
+
+Dockerfile
+docker-compose*
+.dockerignore

.env.defaults

@@ -0,0 +1,28 @@
+# These environment variables will be used by default if you do not create any
+# yourself in .env. This file should be safe to check into your version control
+# system. Any custom values should go in .env and .env should *not* be checked
+# into version control.
+
+# schema.prisma defaults
+DATABASE_URL=file:./dev.db
+DATABASE_URL_IAM_AUTH=false
+DATABASE_SECRET_SOURCE=''
+DATABASE_SECRET_PARAMETER_PATH=''
+
+# location of the test database for api service scenarios (defaults to ./.redwood/test.db if not set)
+# TEST_DATABASE_URL=file:./.redwood/test.db
+
+# disables Prisma CLI update notifier
+PRISMA_HIDE_UPDATE_MESSAGE=true
+
+# Option to override the current environment's default api-side log level
+# See: https://redwoodjs.com/docs/logger for level options, defaults to "trace" otherwise.
+# Most applications want "debug" or "info" during dev, "trace" when you have issues and "warn" in production.
+# Ordered by how verbose they are: trace | debug | info | warn | error | silent
+LOG_LEVEL=debug
+
+# AWS environment defaults
+AWS_REGION=us-west-2
+AWS_DEFAULT_REGION=us-west-2
+AWS_ACCESS_KEY_ID=test
+AWS_SECRET_ACCESS_KEY=test

.gitattributes

@@ -0,0 +1,21 @@
+# Consider all files text by default; enforce unix line endings
+*                   text eol=lf
+
+# Treat these files as binary so git doesn't show massive diffs
+/.yarn/releases/**  binary
+/.yarn/plugins/**   binary
+
+# Windows-specific files that need windows-style endings to work
+*.bat               text eol=crlf
+
+# Files that are actually binary
+*.data              binary
+*.eot               binary
+*.gif               binary
+*.ico               binary
+*.jar               binary
+*.jpg               binary
+*.png               binary
+*.ttf               binary
+*.woff              binary
+*.woff2             binary

.github/CODEOWNERS

@@ -0,0 +1,14 @@
+# Require admin approval for GitHub settings and workflow modifications
+/.github/  @usdigitalresponse/grants-admins
+
+# Require admin approval for Terraform IAC modifications
+/terraform/ @usdigitalresponse/grants-admins
+
+# Require admin approval when Postgres root CA bundle is modified
+/api/db/rds-combined-ca-bundle.pem @usdigitalresponse/grants-admins
+
+# Require admin approval for special doc modifications
+README.md  @usdigitalresponse/grants-admins
+LICENSE  @usdigitalresponse/grants-admins
+CODE_OF_CONDUCT.md  @usdigitalresponse/grants-admins
+CONTRIBUTING.md @usdigitalresponse/grants-admins

.github/ISSUE_TEMPLATE/default_template.yml

@@ -0,0 +1,57 @@
+name: Default Issue
+description: File an issue for a new feature or bug
+title: "[Issue]: "
+projects: "Grants Team Agile Planning"
+assignees:
+  - usdr-grants
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this issue!
+    validations:
+      required: false
+  - type: textarea
+    id: context
+    attributes:
+      label: Why is this issue important?
+      description: Provide any context on how this issue ties into the larger team objectives.
+      placeholder: Add context here!
+      value: "This issue stems from a conversation in Slack..."
+    validations:
+      required: true
+  - type: textarea
+    id: current-state
+    attributes:
+      label: Current State
+      description: Explain any current behavior
+      placeholder: Add current state here! If this is a net-new feature, then say feature does not exist.
+      value: "When user visits X page..."
+    validations:
+      required: true
+  - type: textarea
+    id: expected-state
+    attributes:
+      label: Expected State
+      description: Explain the expected behavior
+      placeholder: Add expected state here!
+      value: "When user visits X page..."
+    validations:
+      required: true
+  - type: textarea
+    id: implementation-plan
+    attributes:
+      label: Implementation Plan
+      description: Please add an engineering implementation plan if able. Otherwise, assign the ticket to an engineer on the team.
+      placeholder: Add implementation plan here!
+      value: "The following functions need to be added..."
+    validations:
+      required: false
+  - type: textarea
+    id: code-plan
+    attributes:
+      label: Relevant Code Snippets
+      description: If you have any implementation ideas please add the code here. This will be pre-formatted.
+      render: shell
+    validations:
+      required: false

.github/dependency-review-config.yml

@@ -0,0 +1,14 @@
+# Configuration for https://github.com/actions/dependency-review-action
+# Used in .github/workflows/code-scanning.yml
+
+fail_on_scopes:
+  - runtime
+
+# All allowances should provide details, including rationale.
+allow_ghsas:
+  # Only used during build / development:
+  - GHSA-pfrx-2q88-qq97  # Got allows a redirect to a UNIX socket (moderate severity)
+  - GHSA-9c47-m6qq-7p4h  # Prototype Pollution in JSON5 via Parse Method (high severity)
+  - GHSA-ww39-953v-wcq6  # glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex (high severity)
+  # Last remaining usage of vulnerable semver (7.0.0) is used for dev update notifications:
+  - GHSA-c2qf-rxjj-qqgw  # semver vulnerable to Regular Expression Denial of Service (moderate severity)

.github/next_release_version.bash

@@ -0,0 +1,53 @@
+#! /bin/bash
+
+# Defaults
+next_version_release_year=$(TZ='UTC' date '+%Y')
+next_version_release_number=1
+
+if [[ $1 == 'test' ]]; then
+    echo 'Running tests...' >&2
+    dotest() {
+        result=$(bash $0 "release/${1}" 2> /dev/null | tail -n 1)
+        expect="${2}"
+        if [[ $result != $expect ]]; then
+            printf "Test failed:\n  Expected: $expect\n  Received: $result\n" >&2
+            exit 1
+        fi
+    }
+    dotest 'release/1234.987' "$next_version_release_year.1"
+    dotest 'release/0.0' "$next_version_release_year.1"
+    dotest 'release/0' "$next_version_release_year.1"
+    dotest 'sometag' "$next_version_release_year.1"
+    dotest "release/$next_version_release_year.1" "$next_version_release_year.2"
+    dotest "release/$next_version_release_year.19" "$next_version_release_year.20"
+    dotest "release/$next_version_release_year.399" "$next_version_release_year.400"
+    echo 'Tests complete' >&2
+    exit 0
+fi
+
+if [[ -z $1 ]]; then
+    # Ensure tag history is available
+    git fetch --prune --unshallow
+    tag=$(git describe --tags --match='release/[0-9][0-9][0-9][0-9].[0-9]*' refs/heads/main)
+else
+    tag=$1
+fi
+
+regex='release\/([0-9]{4})\.([0-9]+)'
+if [[ $tag =~ $regex ]]; then
+    echo "Found tag for previous release: $tag" >&2
+    prev_version_release_number="${BASH_REMATCH[2]}"
+    echo "Previous version number: $prev_version_release_number" >&2
+    if [[ $next_version_release_year == "${BASH_REMATCH[1]}" ]]; then
+        ((next_version_release_number=prev_version_release_number+1))
+    else
+        echo "Ignoring previous version number because it pertains to a different year" >&2
+    fi
+else
+    echo "Could not locate a previous release version" >&2
+fi
+
+next_version="$next_version_release_year.$next_version_release_number"
+echo "Next version: $next_version" >&2
+# Output result to stdout
+printf "$next_version"

.github/release-drafter.yml

@@ -0,0 +1,120 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/release-drafter/release-drafter/master/schema.json
+name-template: 'v$RESOLVED_VERSION'
+tag-template: 'release/$RESOLVED_VERSION'
+tag-prefix: 'release/'
+version-template: '2023.$MINOR'
+version-resolver:
+  default: minor
+prerelease: true
+categories:
+  - title: 🚀 New features and enhancements
+    collapse-after: 10
+    labels:
+      - enhancement
+  - title: 🐛 Bug fixes
+    collapse-after: 10
+    labels:
+      - bug
+  - title: 📖 Documentation improvements
+    collapse-after: 10
+    labels:
+      - documentation
+  - title: 🔧 Dependency updates
+    collapse-after: 3
+    labels:
+      - dependencies
+  - title: Other changes
+    labels:
+      - '*'
+category-template: '### $TITLE'
+exclude-labels:
+  - skip-changelog
+exclude-contributors:
+  - dependabot
+  - 'dependabot[bot]'
+  - step-security-bot
+autolabeler:
+  - label: javascript
+    files:
+      - '**/*.js'
+      - '**/*.ts'
+      - '**/package.json'
+      - 'api/**'
+      - 'web/**'
+      - '**/yarn.lock'
+      - '**/.npmrc'
+      - '**/.nvmrc'
+      - '**/.nycrc'
+      - '**/eslintrc.js'
+      - '**/.browserslistrc'
+  - label: database
+    files:
+      - 'api/db/**'
+  - label: terraform
+    files:
+      - 'terraform/**'
+  - label: infra
+    files:
+      - 'terraform/**'
+      - 'Dockerfile'
+      - '**/docker-compose.yml'
+      - '**/docker-compose.yaml'
+      - '**/docker-compose.*.yml'
+      - '**/docker-compose.*.yaml'
+      - 'localstack/**'
+  - label: dependencies
+    files:
+      - '**/yarn.lock'
+      - '**/.terraform.lock.hcl'
+    branch:
+      - '/^dependabot\/.+$/i'
+  - label: documentation
+    files:
+      - README
+      - '**/doc/**'
+      - '**/docs/**'
+      - '**/*.md'
+      - .adr-dir
+    branch:
+      - '/^docs?\/.+$/'
+  - label: bug
+    branch:
+      - '/^fix\/.+$/i'
+      - '/^bug\/.+$/i'
+    title:
+      - '/\bfix(es)?\b/i'
+      - '/\bbug\b/i'
+      - '/\brevert(s)?\b/i'
+  - label: enhancement
+    branch:
+      - '/^feat(ures?)?\/.+$/i'
+      - '/^enhance(s|ments?)?\/.+$/i'
+    title:
+      - '/\b(?<!^chores?\b.*)feat(ures?)?\b/i'
+      - '/\b(?<!^chores?\b.*)enhance(s|ment)?\b/i'
+  - label: github
+    files:
+      - '.github/**'
+      - '**/.gitignore'
+      - '**/.gitattributes'
+      - '**/CODEOWNERS'
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+change-title-escapes: '\<*_&'
+no-contributors-template: >-
+  '*All changes in this release were crafted by robots (and reviewed by humans).*'
+template: |
+  ## 📚 Summary
+
+  The releaser should provide a high-level summary here (or remove this section).
+
+  ## 🛠️ Changes
+
+  $CHANGES
+
+  ## 🤝 Contributors
+
+  We would like to thank the following people who made this release possible:
+
+  $CONTRIBUTORS
+
+  ## Deployment History