Merge remote-tracking branch 'origin' into feature/CPF-56-organizatio…

…n-creation-by-usdr-admins
usdigitalresponse · Jan 11, 2024 · 783beed · 783beed
2 parents d7073f9 + 933f857
commit 783beed
Show file tree

Hide file tree

Showing 18 changed files with 889 additions and 42 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -19,7 +19,7 @@ jobs:
     permissions:
       contents: read
       pull-requests: write
-    if: needs.qa.result != 'skipped' || needs.qa.result != 'cancelled'
+    if: always() && (needs.qa.result != 'skipped' && needs.qa.result != 'cancelled')
     needs:
       - qa
     uses: "./.github/workflows/publish-qa-results.yml"
@@ -105,7 +105,7 @@ jobs:
     permissions:
       contents: read
       pull-requests: write
-    if: needs.tf-plan.result != 'skipped' || needs.tf-plan.result != 'cancelled'
+    if: always() && (needs.tf-plan.result != 'skipped' && needs.tf-plan.result != 'cancelled')
     needs:
       - tf-plan
     uses: ./.github/workflows/publish-terraform-plan.yml

diff --git a/.github/workflows/publish-qa-results.yml b/.github/workflows/publish-qa-results.yml
@@ -23,7 +23,7 @@ on:
         required: true
       pr-number:
         type: string
-        required: false
+        required: true
       write-summary:
         type: boolean
         default: true
@@ -54,6 +54,8 @@ jobs:
           cat >> $REPORT_FILE << 'ENDOFREPORT'
           ## QA Summary
 
+          _[See our documentation for tips on how to resolve failing QA checks.](${{ env.GH_SERVER}}/${{ env.GH_REPO }}/blob/main/docs/resolving-qa-failures.md)_
+
           | QA Check        | Result  |
           |:----------------|:-------:|
           | 🌐 Web Tests | ${{ (env.WEB_TEST_OUTCOME == 'success' && '✅') || (env.WEB_TEST_OUTCOME == 'skipped' && '➖') || '❌' }} |
@@ -101,19 +103,16 @@ jobs:
           echo "REPORT_CONTENT<<ENDOFREPORT" >> $GITHUB_OUTPUT
           echo "$CONTENT" >> $GITHUB_OUTPUT
           echo "ENDOFREPORT" >> $GITHUB_OUTPUT
-      - name: Warn on missing comment requirements
-        if: inputs.write-comment && inputs.pr-number == ''
-        run: "echo 'WARNING: Cannot write a comment because pr-number is not set'"
       - name: Find previous report comment
         id: find-comment
-        if: inputs.write-comment && inputs.pr-number != ''
+        if: inputs.write-comment
         uses: peter-evans/find-comment@a54c31d7fa095754bfef525c0c8e5e5674c4b4b1 # v2.4.0
         with:
           issue-number: ${{ inputs.pr-number }}
           comment-author: 'github-actions[bot]'
           body-includes: QA Summary
       - name: Create or update comment
-        if: inputs.write-comment && inputs.pr-number != ''
+        if: inputs.write-comment
         uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0
         with:
           comment-id: ${{ steps.find-comment.outputs.comment-id }}

diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml
@@ -167,12 +167,10 @@ jobs:
         env:
           CI: 1
       - name: Run linter for api side
-        continue-on-error: true
-        run: |
-          yarn eslint api/src
+        run: yarn eslint api/src
       - name: Run linter for web side
-        run: |
-          yarn eslint web/src
+        if: ${{ !cancelled() }}
+        run: yarn eslint web/src
 
   tflint:
     name: Lint terraform
@@ -190,7 +188,7 @@ jobs:
       - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
         name: Cache plugin dir
         with:
-          path: .tflint.d/plugins
+          path: ~/.tflint.d/plugins
           key: ${{ runner.os }}-tflint-${{ hashFiles('terraform/.tflint.hcl') }}
       - uses: terraform-linters/setup-tflint@19a52fbac37dacb22a09518e4ef6ee234f2d4987 # v4.0.0
         name: Setup TFLint
@@ -205,4 +203,5 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ github.token }}
       - name: Run TFLint
+        working-directory: terraform
         run: tflint --format compact --recursive --minimum-failure-severity=error
diff --git a/api/package.json b/api/package.json
@@ -4,6 +4,7 @@
   "private": true,
   "dependencies": {
     "@aws-sdk/client-s3": "^3.472.0",
+    "@aws-sdk/client-secrets-manager": "^3.478.0",
     "@aws-sdk/client-ses": "^3.470.0",
     "@aws-sdk/client-sqs": "^3.470.0",
     "@aws-sdk/client-ssm": "^3.462.0",

diff --git a/api/src/functions/cpfValidation/cpfValidation.scenarios.ts b/api/src/functions/cpfValidation/cpfValidation.scenarios.ts
@@ -0,0 +1,8 @@
+import type { ScenarioData } from '@redwoodjs/testing/api'
+
+export const standard = defineScenario({
+  // Define the "fixture" to write into your test database here
+  // See guide: https://redwoodjs.com/docs/testing#scenarios
+})
+
+export type StandardScenario = ScenarioData<unknown>
diff --git a/api/src/functions/cpfValidation/cpfValidation.test.ts b/api/src/functions/cpfValidation/cpfValidation.test.ts
@@ -0,0 +1,57 @@
+// import { S3EventRecord } from 'aws-lambda'
+
+// import { handler } from './cpfValidation'
+
+//   Improve this test with help from the Redwood Testing Doc:
+//    https://redwoodjs.com/docs/testing#testing-functions
+
+describe('cpfValidation function', () => {
+  it('Dummy test', () => {
+    expect(1 + 1).toBe(2)
+  })
+  // it('Should respond with 200', async () => {
+  //   const record: S3EventRecord = {
+  //     eventVersion: '2.0',
+  //     eventSource: 'aws:s3',
+  //     eventName: 'ObjectCreated:Put',
+  //     eventTime: '1970-01-01T00:00:00.000Z',
+  //     userIdentity: { principalId: 'test-principalId' },
+  //     requestParameters: { sourceIPAddress: 'test-sourceIPAddress' },
+  //     responseElements: {
+  //       'x-amz-request-id': 'test-x-amz-request-id',
+  //       'x-amz-id-2': 'test-x-amz-id-2',
+  //     },
+  //     awsRegion: 'us-east-1',
+  //     s3: {
+  //       s3SchemaVersion: '1.0',
+  //       configurationId: 'test-configurationId',
+  //       bucket: {
+  //         name: 'test-bucket',
+  //         arn: 'test-arn',
+  //         ownerIdentity: {
+  //           principalId: 'test-principalId',
+  //         },
+  //       },
+  //       object: {
+  //         key: 'test-key',
+  //         size: 1234,
+  //         eTag: 'test-etag',
+  //         sequencer: 'test-sequencer',
+  //       },
+  //     },
+  //   }
+  //   const s3Event = {
+  //     Records: [record],
+  //   }
+  //   const response = await handler(s3Event, null, null)
+  //   const { data } = JSON.parse(response.body)
+  //   expect(response.statusCode).toBe(200)
+  //   expect(data).toBe('excelToJson function')
+})
+
+// You can also use scenarios to test your api functions
+// See guide here: https://redwoodjs.com/docs/testing#scenarios
+//
+// scenario('Scenario test', async () => {
+//
+// })
diff --git a/api/src/functions/cpfValidation/cpfValidation.ts b/api/src/functions/cpfValidation/cpfValidation.ts
@@ -0,0 +1,28 @@
+import { https } from 'https'
+
+import { S3Event, S3Handler } from 'aws-lambda'
+
+import { logger } from 'src/lib/logger'
+
+const apiEndpoint = 'https://example.com'
+
+/* eslint-disable @typescript-eslint/no-unused-vars */
+export const handler: S3Handler = async (event: S3Event): Promise<void> => {
+  try {
+    const bucket = event.Records[0].s3.bucket.name
+    const key = event.Records[0].s3.object.key
+
+    const options = {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+    }
+
+    // call API endpoint with S3 key
+    https.request(apiEndpoint, options, (res) => {})
+  } catch (error) {
+    logger.error('Error processing S3 event:', error)
+    throw error
+  }
+}
diff --git a/api/src/functions/excelToJson/excelToJson.scenarios.ts b/api/src/functions/excelToJson/excelToJson.scenarios.ts
@@ -0,0 +1,8 @@
+import type { ScenarioData } from '@redwoodjs/testing/api'
+
+export const standard = defineScenario({
+  // Define the "fixture" to write into your test database here
+  // See guide: https://redwoodjs.com/docs/testing#scenarios
+})
+
+export type StandardScenario = ScenarioData<unknown>
diff --git a/api/src/functions/excelToJson/excelToJson.test.ts b/api/src/functions/excelToJson/excelToJson.test.ts
@@ -0,0 +1,57 @@
+// import { S3EventRecord } from 'aws-lambda'
+
+// import { handler } from './excelToJson'
+
+//   Improve this test with help from the Redwood Testing Doc:
+//    https://redwoodjs.com/docs/testing#testing-functions
+
+describe('excelToJson function', () => {
+  it('Dummy test', () => {
+    expect(1 + 1).toBe(2)
+  })
+  // it('Should respond with 200', async () => {
+  //   const record: S3EventRecord = {
+  //     eventVersion: '2.0',
+  //     eventSource: 'aws:s3',
+  //     eventName: 'ObjectCreated:Put',
+  //     eventTime: '1970-01-01T00:00:00.000Z',
+  //     userIdentity: { principalId: 'test-principalId' },
+  //     requestParameters: { sourceIPAddress: 'test-sourceIPAddress' },
+  //     responseElements: {
+  //       'x-amz-request-id': 'test-x-amz-request-id',
+  //       'x-amz-id-2': 'test-x-amz-id-2',
+  //     },
+  //     awsRegion: 'us-east-1',
+  //     s3: {
+  //       s3SchemaVersion: '1.0',
+  //       configurationId: 'test-configurationId',
+  //       bucket: {
+  //         name: 'test-bucket',
+  //         arn: 'test-arn',
+  //         ownerIdentity: {
+  //           principalId: 'test-principalId',
+  //         },
+  //       },
+  //       object: {
+  //         key: 'test-key',
+  //         size: 1234,
+  //         eTag: 'test-etag',
+  //         sequencer: 'test-sequencer',
+  //       },
+  //     },
+  //   }
+  //   const s3Event = {
+  //     Records: [record],
+  //   }
+  //   const response = await handler(s3Event, null, null)
+  //   const { data } = JSON.parse(response.body)
+  //   expect(response.statusCode).toBe(200)
+  //   expect(data).toBe('excelToJson function')
+})
+
+// You can also use scenarios to test your api functions
+// See guide here: https://redwoodjs.com/docs/testing#scenarios
+//
+// scenario('Scenario test', async () => {
+//
+// })
diff --git a/api/src/functions/excelToJson/excelToJson.ts b/api/src/functions/excelToJson/excelToJson.ts
@@ -0,0 +1,49 @@
+import {
+  S3Client,
+  GetObjectCommand,
+  PutObjectCommand,
+} from '@aws-sdk/client-s3'
+import { NodeJsClient } from '@smithy/types'
+import { S3Event, S3Handler } from 'aws-lambda'
+import { Workbook } from 'exceljs'
+
+import { logger } from 'src/lib/logger'
+
+const s3 = new S3Client({}) as NodeJsClient<S3Client>
+
+export const handler: S3Handler = async (event: S3Event): Promise<void> => {
+  try {
+    const bucket = event.Records[0].s3.bucket.name
+    const key = event.Records[0].s3.object.key
+
+    // Download the Excel file from S3
+    const getObjectResponse = await s3.send(
+      new GetObjectCommand({ Bucket: bucket, Key: key })
+    )
+
+    if (getObjectResponse.Body) {
+      new Workbook().xlsx.read(getObjectResponse.Body)
+      const workbook = new Workbook()
+
+      const worksheet = workbook.worksheets[0]
+      const jsonData = worksheet.getSheetValues()
+
+      // Write JSON data to a file
+      const jsonFileName = `${key}.json` // Use the same key with .json extension
+      const jsonFileContent = JSON.stringify(jsonData)
+
+      // Upload the JSON file to the same bucket
+      s3.send(
+        new PutObjectCommand({
+          Bucket: bucket,
+          Key: jsonFileName,
+          Body: jsonFileContent,
+          ContentType: 'application/json',
+        })
+      )
+    }
+  } catch (error) {
+    logger.error('Error processing S3 event:', error)
+    throw error
+  }
+}
diff --git a/api/src/lib/auth.ts b/api/src/lib/auth.ts
@@ -1,3 +1,8 @@
+import {
+  SecretsManagerClient,
+  GetSecretValueCommand,
+} from '@aws-sdk/client-secrets-manager'
+
 import { Decoded } from '@redwoodjs/api'
 import { AuthenticationError, ForbiddenError } from '@redwoodjs/graphql-server'
 
@@ -119,3 +124,37 @@ export const requireAuth = ({ roles }: { roles?: AllowedRoles } = {}) => {
     throw new ForbiddenError("You don't have access to do that.")
   }
 }
+
+/**
+ * Gets the Passage API key to use for authenticating Passage SDK calls.
+ *
+ * @param setEnv - If true, caches the Passage API key to $PASSAGE_API_KEY environment variable.
+ * @param force - If true, forces retrieval of the Passage API key from AWS Secrets Manager,
+ *  even if the $PASSAGE_API_KEY environment variable is already set. This can be useful when
+ *  the secret API key value has changed (e.g. due to rotation). If the value returned by this
+ *  function is rejected by a subsequent Passage API operation, it may be worth calling this function
+ *  once more with `force = true` to attempt to retrieve a more recent, valid key, instead of
+ *  failing immediately.
+ *
+ * @returns The Passage API key
+ */
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+async function getPassageAPIKey(setEnv = true, force = false): Promise<string> {
+  if (process.env.PASSAGE_API_KEY && !force) {
+    // API key is already cached in env var
+    return process.env.PASSAGE_API_KEY
+  }
+
+  const client = new SecretsManagerClient()
+  const resp = await client.send(
+    new GetSecretValueCommand({
+      SecretId: process.env.PASSAGE_API_KEY_SECRET_ARN,
+    })
+  )
+
+  if (setEnv) {
+    process.env.PASSAGE_API_KEY = resp.SecretString
+  }
+
+  return resp.SecretString
+}