From 01b13a3c4a3c6679eb02397bd69165191d4f4122 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Dec 2023 18:51:28 -0600 Subject: [PATCH 01/19] chore(deps): bump @aws-sdk/s3-request-presigner from 3.462.0 to 3.465.0 (#2296) Bumps [@aws-sdk/s3-request-presigner](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/s3-request-presigner) from 3.462.0 to 3.465.0. - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/s3-request-presigner/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.465.0/packages/s3-request-presigner) --- updated-dependencies: - dependency-name: "@aws-sdk/s3-request-presigner" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 66 +++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 59 insertions(+), 7 deletions(-) diff --git a/yarn.lock b/yarn.lock index 16f97c2d0..426f1a1db 100644 --- a/yarn.lock +++ b/yarn.lock @@ -734,6 +734,21 @@ "@smithy/util-config-provider" "^2.0.0" tslib "^2.5.0" +"@aws-sdk/middleware-sdk-s3@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.465.0.tgz#fd417ce7a958066afb5c293b49eacd2f807e853e" + integrity sha512-P4cpNv0EcMSSLojjqKKQjKSGZc13QJQAscUs+fcvpBg2BNR9ByxrQgXXMqQiIqr8fgAhADqN2Tp8hJk0CzfnAg== + dependencies: + "@aws-sdk/types" "3.465.0" + "@aws-sdk/util-arn-parser" "3.465.0" + "@smithy/node-config-provider" "^2.1.5" + "@smithy/protocol-http" "^3.0.9" + "@smithy/signature-v4" "^2.0.0" + "@smithy/smithy-client" "^2.1.15" + "@smithy/types" "^2.5.0" + "@smithy/util-config-provider" "^2.0.0" + tslib "^2.5.0" + "@aws-sdk/middleware-sdk-sqs@3.460.0": version "3.460.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-sqs/-/middleware-sdk-sqs-3.460.0.tgz#5ac724662ea467997d8ca8fa943a350397b82e30" @@ -818,13 +833,13 @@ tslib "^2.5.0" "@aws-sdk/s3-request-presigner@^3.312.0": - version "3.462.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/s3-request-presigner/-/s3-request-presigner-3.462.0.tgz#050bd5137a713af18aab20ab9eb3cd2e1aca2f41" - integrity sha512-yZbO45lJdJ8P8Q+ODWZeg84ORaCy+ZzAZouTsNcBfwxnhatrk4E6sP1xsUCF4knL/vC53frM4LnY858E9Z/NVg== + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/s3-request-presigner/-/s3-request-presigner-3.465.0.tgz#e54e7f190c277ed53c53c5b6060150d5339e64fc" + integrity sha512-wQTddmwGR+5GZR6KLXMejFuTHzuKRcbwgfTrIemYQDt6DDT4fbQGAvnIZnzpHbqnfx1bQEXquM/oB7LZrASiQQ== dependencies: - "@aws-sdk/signature-v4-multi-region" "3.461.0" - "@aws-sdk/types" "3.460.0" - "@aws-sdk/util-format-url" "3.460.0" + "@aws-sdk/signature-v4-multi-region" "3.465.0" + "@aws-sdk/types" "3.465.0" + "@aws-sdk/util-format-url" "3.465.0" "@smithy/middleware-endpoint" "^2.2.0" "@smithy/protocol-http" "^3.0.9" "@smithy/smithy-client" "^2.1.15" @@ -843,6 +858,18 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" +"@aws-sdk/signature-v4-multi-region@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.465.0.tgz#c4c5b00d5998ea8e2a675cc592a0fb5eaa691147" + integrity sha512-p620S4YCr2CPNIdSnRvBqScAqWztjef9EwtD1MAkxTTrjNAyxSCf4apeQ2pdaWNNkJT1vSc/YKBAJ7l2SWn7rw== + dependencies: + "@aws-sdk/middleware-sdk-s3" "3.465.0" + "@aws-sdk/types" "3.465.0" + "@smithy/protocol-http" "^3.0.9" + "@smithy/signature-v4" "^2.0.0" + "@smithy/types" "^2.5.0" + tslib "^2.5.0" + "@aws-sdk/token-providers@3.460.0": version "3.460.0" resolved "https://registry.yarnpkg.com/@aws-sdk/token-providers/-/token-providers-3.460.0.tgz#8122fe281fe7d454166893409f280f6b026f47c2" @@ -886,7 +913,7 @@ "@smithy/util-utf8" "^2.0.2" tslib "^2.5.0" -"@aws-sdk/types@3.460.0", "@aws-sdk/types@^3.222.0": +"@aws-sdk/types@3.460.0": version "3.460.0" resolved "https://registry.yarnpkg.com/@aws-sdk/types/-/types-3.460.0.tgz#f87602928a57473f724b6efca0158e64f658be71" integrity sha512-MyZSWS/FV8Bnux5eD9en7KLgVxevlVrGNEP3X2D7fpnUlLhl0a7k8+OpSI2ozEQB8hIU2DLc/XXTKRerHSefxQ== @@ -894,6 +921,14 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" +"@aws-sdk/types@3.465.0", "@aws-sdk/types@^3.222.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/types/-/types-3.465.0.tgz#74977008020f3ed2e5fa0d61daef70d1cbfbfc37" + integrity sha512-Clqu2eD50OOzwSftGpzJrIOGev/7VJhJpc02SeS4cqFgI9EVd+rnFKS/Ux0kcwjLQBMiPcCLtql3KAHApFHAIA== + dependencies: + "@smithy/types" "^2.5.0" + tslib "^2.5.0" + "@aws-sdk/util-arn-parser@3.310.0": version "3.310.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-arn-parser/-/util-arn-parser-3.310.0.tgz#861ff8810851be52a320ec9e4786f15b5fc74fba" @@ -901,6 +936,13 @@ dependencies: tslib "^2.5.0" +"@aws-sdk/util-arn-parser@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-arn-parser/-/util-arn-parser-3.465.0.tgz#2896f6b06f69770378586853c97a0f283cbb2e20" + integrity sha512-zOJ82vzDJFqBX9yZBlNeHHrul/kpx/DCoxzW5UBbZeb26kfV53QhMSoEmY8/lEbBqlqargJ/sgRC845GFhHNQw== + dependencies: + tslib "^2.5.0" + "@aws-sdk/util-endpoints@3.460.0": version "3.460.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-endpoints/-/util-endpoints-3.460.0.tgz#5f47f8716e7e3a008061aaa82d60b23257deaf55" @@ -920,6 +962,16 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" +"@aws-sdk/util-format-url@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-format-url/-/util-format-url-3.465.0.tgz#fdd30792b788736fdb772e8e1e346bd97d9c595a" + integrity sha512-jJmIeMFQMADPw5DfyIzqqsIyS4p+duc1fhnOK+GfEkyja1cjafUQOcvovpQ4rCRHGffjTG2LCkOdyrSRDTFzfQ== + dependencies: + "@aws-sdk/types" "3.465.0" + "@smithy/querystring-builder" "^2.0.13" + "@smithy/types" "^2.5.0" + tslib "^2.5.0" + "@aws-sdk/util-locate-window@^3.0.0": version "3.310.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-locate-window/-/util-locate-window-3.310.0.tgz#b071baf050301adee89051032bd4139bba32cc40" From f6641d41aac506ed0c13ca44c52883d1c6538783 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 00:55:05 +0000 Subject: [PATCH 02/19] chore(deps): bump @aws-sdk/client-sqs from 3.462.0 to 3.465.0 (#2298) Bumps [@aws-sdk/client-sqs](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-sqs) from 3.462.0 to 3.465.0. - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-sqs/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.465.0/clients/client-sqs) --- updated-dependencies: - dependency-name: "@aws-sdk/client-sqs" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 363 ++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 341 insertions(+), 22 deletions(-) diff --git a/yarn.lock b/yarn.lock index 426f1a1db..37751c7c7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -377,26 +377,26 @@ tslib "^2.5.0" "@aws-sdk/client-sqs@^3.345.0": - version "3.462.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-sqs/-/client-sqs-3.462.0.tgz#c81e9d562dcaa2b4c57da0c923b01ee826742d8d" - integrity sha512-QkaBbLZC+8QjUisqdyYjxcNEY+Wc3kNcyjqhKBFxxJeV+tLBy9choQMJgo6wKmEeLdtU8xXBScH7XPEUPfS2fg== + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-sqs/-/client-sqs-3.465.0.tgz#baae99b7f929f05c4a957855cb471bb1769c7d3f" + integrity sha512-yLUEWxSG4VJu/bK9p+OLSL/qc4vOQ57Dgj3aPwtk29u5JEEkGN4KTJZ70VgMDsqgcoWFUm7zWty9pRdNWF4vAw== dependencies: "@aws-crypto/sha256-browser" "3.0.0" "@aws-crypto/sha256-js" "3.0.0" - "@aws-sdk/client-sts" "3.462.0" - "@aws-sdk/core" "3.451.0" - "@aws-sdk/credential-provider-node" "3.460.0" - "@aws-sdk/middleware-host-header" "3.460.0" - "@aws-sdk/middleware-logger" "3.460.0" - "@aws-sdk/middleware-recursion-detection" "3.460.0" - "@aws-sdk/middleware-sdk-sqs" "3.460.0" - "@aws-sdk/middleware-signing" "3.461.0" - "@aws-sdk/middleware-user-agent" "3.460.0" - "@aws-sdk/region-config-resolver" "3.451.0" - "@aws-sdk/types" "3.460.0" - "@aws-sdk/util-endpoints" "3.460.0" - "@aws-sdk/util-user-agent-browser" "3.460.0" - "@aws-sdk/util-user-agent-node" "3.460.0" + "@aws-sdk/client-sts" "3.465.0" + "@aws-sdk/core" "3.465.0" + "@aws-sdk/credential-provider-node" "3.465.0" + "@aws-sdk/middleware-host-header" "3.465.0" + "@aws-sdk/middleware-logger" "3.465.0" + "@aws-sdk/middleware-recursion-detection" "3.465.0" + "@aws-sdk/middleware-sdk-sqs" "3.465.0" + "@aws-sdk/middleware-signing" "3.465.0" + "@aws-sdk/middleware-user-agent" "3.465.0" + "@aws-sdk/region-config-resolver" "3.465.0" + "@aws-sdk/types" "3.465.0" + "@aws-sdk/util-endpoints" "3.465.0" + "@aws-sdk/util-user-agent-browser" "3.465.0" + "@aws-sdk/util-user-agent-node" "3.465.0" "@smithy/config-resolver" "^2.0.18" "@smithy/fetch-http-handler" "^2.2.6" "@smithy/hash-node" "^2.0.15" @@ -465,6 +465,48 @@ "@smithy/util-utf8" "^2.0.2" tslib "^2.5.0" +"@aws-sdk/client-sso@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso/-/client-sso-3.465.0.tgz#a732c640767d8d82c3c73d798720d0a8d355184d" + integrity sha512-JXDBa3Sl+LS0KEOs0PZoIjpNKEEGfeyFwdnRxi8Y1hMXNEKyJug1cI2Psqu2olpn4KeXwoP1BuITppZYdolOew== + dependencies: + "@aws-crypto/sha256-browser" "3.0.0" + "@aws-crypto/sha256-js" "3.0.0" + "@aws-sdk/core" "3.465.0" + "@aws-sdk/middleware-host-header" "3.465.0" + "@aws-sdk/middleware-logger" "3.465.0" + "@aws-sdk/middleware-recursion-detection" "3.465.0" + "@aws-sdk/middleware-user-agent" "3.465.0" + "@aws-sdk/region-config-resolver" "3.465.0" + "@aws-sdk/types" "3.465.0" + "@aws-sdk/util-endpoints" "3.465.0" + "@aws-sdk/util-user-agent-browser" "3.465.0" + "@aws-sdk/util-user-agent-node" "3.465.0" + "@smithy/config-resolver" "^2.0.18" + "@smithy/fetch-http-handler" "^2.2.6" + "@smithy/hash-node" "^2.0.15" + "@smithy/invalid-dependency" "^2.0.13" + "@smithy/middleware-content-length" "^2.0.15" + "@smithy/middleware-endpoint" "^2.2.0" + "@smithy/middleware-retry" "^2.0.20" + "@smithy/middleware-serde" "^2.0.13" + "@smithy/middleware-stack" "^2.0.7" + "@smithy/node-config-provider" "^2.1.5" + "@smithy/node-http-handler" "^2.1.9" + "@smithy/protocol-http" "^3.0.9" + "@smithy/smithy-client" "^2.1.15" + "@smithy/types" "^2.5.0" + "@smithy/url-parser" "^2.0.13" + "@smithy/util-base64" "^2.0.1" + "@smithy/util-body-length-browser" "^2.0.0" + "@smithy/util-body-length-node" "^2.1.0" + "@smithy/util-defaults-mode-browser" "^2.0.19" + "@smithy/util-defaults-mode-node" "^2.0.25" + "@smithy/util-endpoints" "^1.0.4" + "@smithy/util-retry" "^2.0.6" + "@smithy/util-utf8" "^2.0.2" + tslib "^2.5.0" + "@aws-sdk/client-sts@3.462.0": version "3.462.0" resolved "https://registry.yarnpkg.com/@aws-sdk/client-sts/-/client-sts-3.462.0.tgz#7168e8c29e2c3b67aca64841a72acd041c409a65" @@ -511,6 +553,52 @@ fast-xml-parser "4.2.5" tslib "^2.5.0" +"@aws-sdk/client-sts@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-sts/-/client-sts-3.465.0.tgz#b356b90b0e31a82dc41995282245f74d023ea8b5" + integrity sha512-rHi9ba6ssNbVjlWSdhi4C5newEhGhzkY9UE4KB+/Tj21zXfEP8r6uIltnQXPtun2SdA95Krh/yS1qQ4MRuzqyA== + dependencies: + "@aws-crypto/sha256-browser" "3.0.0" + "@aws-crypto/sha256-js" "3.0.0" + "@aws-sdk/core" "3.465.0" + "@aws-sdk/credential-provider-node" "3.465.0" + "@aws-sdk/middleware-host-header" "3.465.0" + "@aws-sdk/middleware-logger" "3.465.0" + "@aws-sdk/middleware-recursion-detection" "3.465.0" + "@aws-sdk/middleware-sdk-sts" "3.465.0" + "@aws-sdk/middleware-signing" "3.465.0" + "@aws-sdk/middleware-user-agent" "3.465.0" + "@aws-sdk/region-config-resolver" "3.465.0" + "@aws-sdk/types" "3.465.0" + "@aws-sdk/util-endpoints" "3.465.0" + "@aws-sdk/util-user-agent-browser" "3.465.0" + "@aws-sdk/util-user-agent-node" "3.465.0" + "@smithy/config-resolver" "^2.0.18" + "@smithy/fetch-http-handler" "^2.2.6" + "@smithy/hash-node" "^2.0.15" + "@smithy/invalid-dependency" "^2.0.13" + "@smithy/middleware-content-length" "^2.0.15" + "@smithy/middleware-endpoint" "^2.2.0" + "@smithy/middleware-retry" "^2.0.20" + "@smithy/middleware-serde" "^2.0.13" + "@smithy/middleware-stack" "^2.0.7" + "@smithy/node-config-provider" "^2.1.5" + "@smithy/node-http-handler" "^2.1.9" + "@smithy/protocol-http" "^3.0.9" + "@smithy/smithy-client" "^2.1.15" + "@smithy/types" "^2.5.0" + "@smithy/url-parser" "^2.0.13" + "@smithy/util-base64" "^2.0.1" + "@smithy/util-body-length-browser" "^2.0.0" + "@smithy/util-body-length-node" "^2.1.0" + "@smithy/util-defaults-mode-browser" "^2.0.19" + "@smithy/util-defaults-mode-node" "^2.0.25" + "@smithy/util-endpoints" "^1.0.4" + "@smithy/util-retry" "^2.0.6" + "@smithy/util-utf8" "^2.0.2" + fast-xml-parser "4.2.5" + tslib "^2.5.0" + "@aws-sdk/core@3.451.0": version "3.451.0" resolved "https://registry.yarnpkg.com/@aws-sdk/core/-/core-3.451.0.tgz#ecd30da40d8e02050a772920485f450ea2a1b804" @@ -519,6 +607,14 @@ "@smithy/smithy-client" "^2.1.15" tslib "^2.5.0" +"@aws-sdk/core@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/core/-/core-3.465.0.tgz#bfc9dd0fbd953f0839666e9b24c50c4543f49112" + integrity sha512-fHSIw/Rgex3KbrEKn6ZrUc2VcsOTpdBMeyYtfmsTOLSyDDOG9k3jelOvVbCbrK5N6uEUSM8hrnySEKg94UB0cg== + dependencies: + "@smithy/smithy-client" "^2.1.15" + tslib "^2.5.0" + "@aws-sdk/credential-provider-cognito-identity@3.462.0": version "3.462.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-cognito-identity/-/credential-provider-cognito-identity-3.462.0.tgz#c3dfa822df91c482e5d6ee1c10c069c81d27f253" @@ -540,6 +636,16 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" +"@aws-sdk/credential-provider-env@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-env/-/credential-provider-env-3.465.0.tgz#9bb1c2086165872ad024786e5a48ccb31c5438da" + integrity sha512-fku37AgkB9KhCuWHE6mfvbWYU0X84Df6MQ60nYH7s/PiNEhkX2cVI6X6kOKjP1MNIwRcYt+oQDvplVKdHume+A== + dependencies: + "@aws-sdk/types" "3.465.0" + "@smithy/property-provider" "^2.0.0" + "@smithy/types" "^2.5.0" + tslib "^2.5.0" + "@aws-sdk/credential-provider-http@3.460.0": version "3.460.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-http/-/credential-provider-http-3.460.0.tgz#f61316a5178e817a161f734a167936aac5a878fd" @@ -571,6 +677,22 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" +"@aws-sdk/credential-provider-ini@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.465.0.tgz#d3c3596cc5ff5ebe372bbd62d7aac044cbf3e2e3" + integrity sha512-B1MFufvdToAEMtfszilVnKer2S7P/OfMhkCizq2zuu8aU/CquRyHvKEQgWdvqunUDrFnVTc0kUZgsbBY0uPjLg== + dependencies: + "@aws-sdk/credential-provider-env" "3.465.0" + "@aws-sdk/credential-provider-process" "3.465.0" + "@aws-sdk/credential-provider-sso" "3.465.0" + "@aws-sdk/credential-provider-web-identity" "3.465.0" + "@aws-sdk/types" "3.465.0" + "@smithy/credential-provider-imds" "^2.0.0" + "@smithy/property-provider" "^2.0.0" + "@smithy/shared-ini-file-loader" "^2.0.6" + "@smithy/types" "^2.5.0" + tslib "^2.5.0" + "@aws-sdk/credential-provider-node@3.460.0": version "3.460.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-node/-/credential-provider-node-3.460.0.tgz#8dff013f8e2a2e2837eaf7400ff42714de7dec4d" @@ -588,6 +710,23 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" +"@aws-sdk/credential-provider-node@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-node/-/credential-provider-node-3.465.0.tgz#b11cbc927aa17aacd0b7208cef5a88045c0bcf62" + integrity sha512-R3VA9yJ0BvezvrDxcgPTv9VHbVPbzchLTrX5jLFSVuW/lPPYLUi/Cjtyg9C9Y7qRfoQS4fNMvSRhwO5/TF68gA== + dependencies: + "@aws-sdk/credential-provider-env" "3.465.0" + "@aws-sdk/credential-provider-ini" "3.465.0" + "@aws-sdk/credential-provider-process" "3.465.0" + "@aws-sdk/credential-provider-sso" "3.465.0" + "@aws-sdk/credential-provider-web-identity" "3.465.0" + "@aws-sdk/types" "3.465.0" + "@smithy/credential-provider-imds" "^2.0.0" + "@smithy/property-provider" "^2.0.0" + "@smithy/shared-ini-file-loader" "^2.0.6" + "@smithy/types" "^2.5.0" + tslib "^2.5.0" + "@aws-sdk/credential-provider-process@3.460.0": version "3.460.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-process/-/credential-provider-process-3.460.0.tgz#3f56d03ed5a0c44d87455465701906bd115ebcd9" @@ -599,6 +738,17 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" +"@aws-sdk/credential-provider-process@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-process/-/credential-provider-process-3.465.0.tgz#78134b19f7a02e7fb78afda16d7cae5b93ff324e" + integrity sha512-YE6ZrRYwvb8969hWQnr4uvOJ8RU0JrNsk3vWTe/czly37ioZUEhi8jmpQp4f2mX/6U6buoFGWu5Se3VCdw2SFQ== + dependencies: + "@aws-sdk/types" "3.465.0" + "@smithy/property-provider" "^2.0.0" + "@smithy/shared-ini-file-loader" "^2.0.6" + "@smithy/types" "^2.5.0" + tslib "^2.5.0" + "@aws-sdk/credential-provider-sso@3.460.0": version "3.460.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.460.0.tgz#e44a768899d3fca30e0eaf2ed0c3c15e2cd2b5ac" @@ -612,6 +762,19 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" +"@aws-sdk/credential-provider-sso@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.465.0.tgz#622d03eb5c8a0d7a48ba12e849351c841eb48ca6" + integrity sha512-tLIP/4JQIJpn8yIg6RZRQ2nmvj5i4wLZvYvY4RtaFv2JrQUkmmTfyOZJuOBrIFRwJjx0fHmFu8DJjcOhMzllIQ== + dependencies: + "@aws-sdk/client-sso" "3.465.0" + "@aws-sdk/token-providers" "3.465.0" + "@aws-sdk/types" "3.465.0" + "@smithy/property-provider" "^2.0.0" + "@smithy/shared-ini-file-loader" "^2.0.6" + "@smithy/types" "^2.5.0" + tslib "^2.5.0" + "@aws-sdk/credential-provider-web-identity@3.460.0": version "3.460.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.460.0.tgz#480ac1daa62e667672f5ecaa7dbefde808c191a2" @@ -622,6 +785,16 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" +"@aws-sdk/credential-provider-web-identity@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.465.0.tgz#9db18766eeb0c58a99f7fb5d4bd95f0cf9008d4d" + integrity sha512-B4Y75fMTZIniEU0yyqat+9NsQbYlXdqP5Y3bShkaG3pGLOHzF/xMlWuG+D3kkQ806PLYi+BgfVls4BcO+NyVcA== + dependencies: + "@aws-sdk/types" "3.465.0" + "@smithy/property-provider" "^2.0.0" + "@smithy/types" "^2.5.0" + tslib "^2.5.0" + "@aws-sdk/credential-providers@3.462.0": version "3.462.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-providers/-/credential-providers-3.462.0.tgz#633ce0b9f4989f065e175d6d36e587814d6ed281" @@ -691,6 +864,16 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" +"@aws-sdk/middleware-host-header@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-host-header/-/middleware-host-header-3.465.0.tgz#4f353f6ea063e1ba1df968f9f0126a53d746217d" + integrity sha512-nnGva8eplwEJqdVzcb+xF2Fwua0PpiwxMEvpnIy73gNbetbJdgFIprryMLYes00xzJEqnew+LWdpcd3YyS34ZA== + dependencies: + "@aws-sdk/types" "3.465.0" + "@smithy/protocol-http" "^3.0.9" + "@smithy/types" "^2.5.0" + tslib "^2.5.0" + "@aws-sdk/middleware-location-constraint@3.461.0": version "3.461.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.461.0.tgz#e9f6d8d1f7a65d5807c7d092cabdc6fc443c3b91" @@ -709,6 +892,15 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" +"@aws-sdk/middleware-logger@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-logger/-/middleware-logger-3.465.0.tgz#7d66b375ee343f00e35c64ba79b37656828bf171" + integrity sha512-aGMx1aSlzDDgjZ7fSxLhGD5rkyCfHwq04TSB5fQAgDBqUjj4IQXZwmNglX0sLRmArXZtDglUVESOfKvTANJTPg== + dependencies: + "@aws-sdk/types" "3.465.0" + "@smithy/types" "^2.5.0" + tslib "^2.5.0" + "@aws-sdk/middleware-recursion-detection@3.460.0": version "3.460.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.460.0.tgz#4583a78fb15d0b18046a582dd6e0d3f554ad2eb8" @@ -719,6 +911,16 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" +"@aws-sdk/middleware-recursion-detection@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.465.0.tgz#d0cb1fd9c63dbe997406253b5e0ce402103d910f" + integrity sha512-ol3dlsTnryBhV5qkUvK5Yg3dRaV1NXIxYJaIkShrl8XAv4wRNcDJDmO5NYq5eVZ3zgV1nv6xIpZ//dDnnf6Z+g== + dependencies: + "@aws-sdk/types" "3.465.0" + "@smithy/protocol-http" "^3.0.9" + "@smithy/types" "^2.5.0" + tslib "^2.5.0" + "@aws-sdk/middleware-sdk-s3@3.461.0": version "3.461.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.461.0.tgz#615cffecb02b03a5a41730b7b561967195ca7e48" @@ -749,12 +951,12 @@ "@smithy/util-config-provider" "^2.0.0" tslib "^2.5.0" -"@aws-sdk/middleware-sdk-sqs@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-sqs/-/middleware-sdk-sqs-3.460.0.tgz#5ac724662ea467997d8ca8fa943a350397b82e30" - integrity sha512-l/KJAgq4J9QcXxtRaQVj7UqUvagR/gm9bngIwde3tkA6B01pXfdXNVshbGrPqFBlfYp8tlyV89p3ET/PhHUAsA== +"@aws-sdk/middleware-sdk-sqs@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-sqs/-/middleware-sdk-sqs-3.465.0.tgz#2cae0091ad73d854349347c0e4b717c71786f154" + integrity sha512-vEROtdj6ZaUm39Lv9K5UBo4k5OUiaWD1MwL3IdTikFBFbuYfNuZoq8MQxxziOq5pH6DTfXZwuAC1LvYx6b2+gw== dependencies: - "@aws-sdk/types" "3.460.0" + "@aws-sdk/types" "3.465.0" "@smithy/types" "^2.5.0" "@smithy/util-hex-encoding" "^2.0.0" "@smithy/util-utf8" "^2.0.2" @@ -770,6 +972,16 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" +"@aws-sdk/middleware-sdk-sts@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-sts/-/middleware-sdk-sts-3.465.0.tgz#73ad1f0940f924be1141125ceffcf4204c54c9bf" + integrity sha512-PmTM5ycUe1RLAPrQXLCR8JzKamJuKDB0aIW4rx4/skurzWsEGRI47WHggf9N7sPie41IBGUhRbXcf7sfPjvI3Q== + dependencies: + "@aws-sdk/middleware-signing" "3.465.0" + "@aws-sdk/types" "3.465.0" + "@smithy/types" "^2.5.0" + tslib "^2.5.0" + "@aws-sdk/middleware-signing@3.461.0": version "3.461.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-signing/-/middleware-signing-3.461.0.tgz#e7393f755660eb65a160e64584ad9383724bd2e1" @@ -783,6 +995,19 @@ "@smithy/util-middleware" "^2.0.6" tslib "^2.5.0" +"@aws-sdk/middleware-signing@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-signing/-/middleware-signing-3.465.0.tgz#2a040c39bfd6f2528ef9798944b4de2d33d2bdd1" + integrity sha512-d90KONWXSC3jA0kqJ6u8ygS4LoMg1TmSM7bPhHyibJVAEhnrlB4Aq1CWljNbbtphGpdKy5/XRM9O0/XCXWKQ4w== + dependencies: + "@aws-sdk/types" "3.465.0" + "@smithy/property-provider" "^2.0.0" + "@smithy/protocol-http" "^3.0.9" + "@smithy/signature-v4" "^2.0.0" + "@smithy/types" "^2.5.0" + "@smithy/util-middleware" "^2.0.6" + tslib "^2.5.0" + "@aws-sdk/middleware-ssec@3.460.0": version "3.460.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-ssec/-/middleware-ssec-3.460.0.tgz#e5fa963d6d43cf4764310da4de5604ef51964473" @@ -803,6 +1028,17 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" +"@aws-sdk/middleware-user-agent@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.465.0.tgz#2820d55ff7d774a4afe60f85fe88d959171f9052" + integrity sha512-1MvIWMj2nktLOJN8Kh4jiTK28oL85fTeoXHZ+V8xYMzont6C6Y8gQPtg7ka+RotHwqWMrovfnANisnX8EzEP/Q== + dependencies: + "@aws-sdk/types" "3.465.0" + "@aws-sdk/util-endpoints" "3.465.0" + "@smithy/protocol-http" "^3.0.9" + "@smithy/types" "^2.5.0" + tslib "^2.5.0" + "@aws-sdk/rds-signer@^3.315.0": version "3.462.0" resolved "https://registry.yarnpkg.com/@aws-sdk/rds-signer/-/rds-signer-3.462.0.tgz#d016820f31d3e2aa591d3019d688684bb4a82df2" @@ -832,6 +1068,17 @@ "@smithy/util-middleware" "^2.0.6" tslib "^2.5.0" +"@aws-sdk/region-config-resolver@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/region-config-resolver/-/region-config-resolver-3.465.0.tgz#87c3d2fe96e1e759d818f179f1e72204791145e6" + integrity sha512-h0Phd2Ae873dsPSWuxqxz2yRC5NMeeWxQiJPh4j42HF8g7dZK7tMQPkYznAoA/BzSBsEX87sbr3MmigquSyUTA== + dependencies: + "@smithy/node-config-provider" "^2.1.5" + "@smithy/types" "^2.5.0" + "@smithy/util-config-provider" "^2.0.0" + "@smithy/util-middleware" "^2.0.6" + tslib "^2.5.0" + "@aws-sdk/s3-request-presigner@^3.312.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/s3-request-presigner/-/s3-request-presigner-3.465.0.tgz#e54e7f190c277ed53c53c5b6060150d5339e64fc" @@ -913,6 +1160,49 @@ "@smithy/util-utf8" "^2.0.2" tslib "^2.5.0" +"@aws-sdk/token-providers@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/token-providers/-/token-providers-3.465.0.tgz#e063a30c73878462a5a1542a3eb28ac5e72c5921" + integrity sha512-NaZbsyLs3whzRHGV27hrRwEdXB/tEK6tqn/aCNBy862LhVzocY1A+eYLKrnrvpraOOd2vyAuOtvvB3RMIdiL6g== + dependencies: + "@aws-crypto/sha256-browser" "3.0.0" + "@aws-crypto/sha256-js" "3.0.0" + "@aws-sdk/middleware-host-header" "3.465.0" + "@aws-sdk/middleware-logger" "3.465.0" + "@aws-sdk/middleware-recursion-detection" "3.465.0" + "@aws-sdk/middleware-user-agent" "3.465.0" + "@aws-sdk/region-config-resolver" "3.465.0" + "@aws-sdk/types" "3.465.0" + "@aws-sdk/util-endpoints" "3.465.0" + "@aws-sdk/util-user-agent-browser" "3.465.0" + "@aws-sdk/util-user-agent-node" "3.465.0" + "@smithy/config-resolver" "^2.0.18" + "@smithy/fetch-http-handler" "^2.2.6" + "@smithy/hash-node" "^2.0.15" + "@smithy/invalid-dependency" "^2.0.13" + "@smithy/middleware-content-length" "^2.0.15" + "@smithy/middleware-endpoint" "^2.2.0" + "@smithy/middleware-retry" "^2.0.20" + "@smithy/middleware-serde" "^2.0.13" + "@smithy/middleware-stack" "^2.0.7" + "@smithy/node-config-provider" "^2.1.5" + "@smithy/node-http-handler" "^2.1.9" + "@smithy/property-provider" "^2.0.0" + "@smithy/protocol-http" "^3.0.9" + "@smithy/shared-ini-file-loader" "^2.0.6" + "@smithy/smithy-client" "^2.1.15" + "@smithy/types" "^2.5.0" + "@smithy/url-parser" "^2.0.13" + "@smithy/util-base64" "^2.0.1" + "@smithy/util-body-length-browser" "^2.0.0" + "@smithy/util-body-length-node" "^2.1.0" + "@smithy/util-defaults-mode-browser" "^2.0.19" + "@smithy/util-defaults-mode-node" "^2.0.25" + "@smithy/util-endpoints" "^1.0.4" + "@smithy/util-retry" "^2.0.6" + "@smithy/util-utf8" "^2.0.2" + tslib "^2.5.0" + "@aws-sdk/types@3.460.0": version "3.460.0" resolved "https://registry.yarnpkg.com/@aws-sdk/types/-/types-3.460.0.tgz#f87602928a57473f724b6efca0158e64f658be71" @@ -952,6 +1242,15 @@ "@smithy/util-endpoints" "^1.0.4" tslib "^2.5.0" +"@aws-sdk/util-endpoints@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-endpoints/-/util-endpoints-3.465.0.tgz#b3800364bd856bdfe94e0a1c72979d1bda27a0b8" + integrity sha512-lDpBN1faVw8Udg5hIo+LJaNfllbBF86PCisv628vfcggO8/EArL/v2Eos0KeqVT8yaINXCRSagwfo5TNTuW0KQ== + dependencies: + "@aws-sdk/types" "3.465.0" + "@smithy/util-endpoints" "^1.0.4" + tslib "^2.5.0" + "@aws-sdk/util-format-url@3.460.0": version "3.460.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-format-url/-/util-format-url-3.460.0.tgz#108af532d0deb25ce39ab20c1059247399079663" @@ -989,6 +1288,16 @@ bowser "^2.11.0" tslib "^2.5.0" +"@aws-sdk/util-user-agent-browser@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.465.0.tgz#2cb792c48770fe650cbb2b66ac21a8d65b0ca5ba" + integrity sha512-RM+LjkIsmUCBJ4yQeBnkJWJTjPOPqcNaKv8bpZxatIHdvzGhXLnWLNi3qHlBsJB2mKtKRet6nAUmKmzZR1sDzA== + dependencies: + "@aws-sdk/types" "3.465.0" + "@smithy/types" "^2.5.0" + bowser "^2.11.0" + tslib "^2.5.0" + "@aws-sdk/util-user-agent-node@3.460.0": version "3.460.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.460.0.tgz#d4adb7b924d89e5d33fc4ae83cfe067b7bb045c4" @@ -999,6 +1308,16 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" +"@aws-sdk/util-user-agent-node@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.465.0.tgz#5838e93a0f2102fb555131f40bd454707caba3f9" + integrity sha512-XsHbq7gLCiGdy6FQ7/5nGslK0ij3Iuh051djuIICvNurlds5cqKLiBe63gX3IUUwxJcrKh4xBGviQJ52KdVSeg== + dependencies: + "@aws-sdk/types" "3.465.0" + "@smithy/node-config-provider" "^2.1.5" + "@smithy/types" "^2.5.0" + tslib "^2.5.0" + "@aws-sdk/util-utf8-browser@^3.0.0": version "3.259.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz#3275a6f5eb334f96ca76635b961d3c50259fd9ff" From 6686fbb1e7294bdc5df2d69e81496cfa1c3e3588 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 00:58:26 +0000 Subject: [PATCH 03/19] chore(deps-dev): bump @babel/core from 7.23.3 to 7.23.5 (#2293) Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.23.3 to 7.23.5. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.23.5/packages/babel-core) --- updated-dependencies: - dependency-name: "@babel/core" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 107 ++++++++++++++++++++++++++---------------------------- 1 file changed, 51 insertions(+), 56 deletions(-) diff --git a/yarn.lock b/yarn.lock index 37751c7c7..33aa61159 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1339,12 +1339,12 @@ dependencies: "@babel/highlight" "^7.10.4" -"@babel/code-frame@^7.0.0", "@babel/code-frame@^7.16.0", "@babel/code-frame@^7.22.13": - version "7.22.13" - resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.22.13.tgz#e3c1c099402598483b7a8c46a721d1038803755e" - integrity sha512-XktuhWlJ5g+3TJXc5upd9Ks1HutSArik6jf2eAjYFyIOf4ej3RN+184cZbzDvbPnuTJIUhPKKJE3cIsYTiAT3w== +"@babel/code-frame@^7.0.0", "@babel/code-frame@^7.16.0", "@babel/code-frame@^7.22.13", "@babel/code-frame@^7.23.5": + version "7.23.5" + resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.23.5.tgz#9009b69a8c602293476ad598ff53e4562e15c244" + integrity sha512-CgH3s1a96LipHCmSUmYFPwY7MNx8C3avkq7i4Wl3cfa662ldtUe4VM1TPXX70pfmrlWTb6jLqTYrZyT2ZTJBgA== dependencies: - "@babel/highlight" "^7.22.13" + "@babel/highlight" "^7.23.4" chalk "^2.4.2" "@babel/compat-data@^7.17.7", "@babel/compat-data@^7.18.8", "@babel/compat-data@^7.19.3": @@ -1358,32 +1358,32 @@ integrity sha512-5UamI7xkUcJ3i9qVDS+KFDEK8/7oJ55/sJMB1Ge7IEapr7KfdfV/HErR+koZwOfd+SgtFKOKRhRakdg++DcJpQ== "@babel/core@^7.1.6", "@babel/core@^7.10.3", "@babel/core@^7.12.16", "@babel/core@^7.12.3", "@babel/core@^7.18.13", "@babel/core@^7.7.5": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.23.3.tgz#5ec09c8803b91f51cc887dedc2654a35852849c9" - integrity sha512-Jg+msLuNuCJDyBvFv5+OKOUjWMZgd85bKjbICd3zWrKAo+bJ49HJufi7CQE0q0uR8NGyO6xkCACScNqyjHSZew== + version "7.23.5" + resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.23.5.tgz#6e23f2acbcb77ad283c5ed141f824fd9f70101c7" + integrity sha512-Cwc2XjUrG4ilcfOw4wBAK+enbdgwAcAJCfGUItPBKR7Mjw4aEfAFYrLxeRp4jWgtNIKn3n2AlBOfwwafl+42/g== dependencies: "@ampproject/remapping" "^2.2.0" - "@babel/code-frame" "^7.22.13" - "@babel/generator" "^7.23.3" + "@babel/code-frame" "^7.23.5" + "@babel/generator" "^7.23.5" "@babel/helper-compilation-targets" "^7.22.15" "@babel/helper-module-transforms" "^7.23.3" - "@babel/helpers" "^7.23.2" - "@babel/parser" "^7.23.3" + "@babel/helpers" "^7.23.5" + "@babel/parser" "^7.23.5" "@babel/template" "^7.22.15" - "@babel/traverse" "^7.23.3" - "@babel/types" "^7.23.3" + "@babel/traverse" "^7.23.5" + "@babel/types" "^7.23.5" convert-source-map "^2.0.0" debug "^4.1.0" gensync "^1.0.0-beta.2" json5 "^2.2.3" semver "^6.3.1" -"@babel/generator@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.23.3.tgz#86e6e83d95903fbe7613f448613b8b319f330a8e" - integrity sha512-keeZWAV4LU3tW0qRi19HRpabC/ilM0HRBBzf9/k8FFiG4KVpiv0FIy4hHfLfFQZNhziCTPTmd59zoyv6DNISzg== +"@babel/generator@^7.23.5": + version "7.23.5" + resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.23.5.tgz#17d0a1ea6b62f351d281350a5f80b87a810c4755" + integrity sha512-BPssCHrBD+0YrxviOa3QzpqwhNIXKEtOa2jQrm4FlmkC2apYgRnQcmPWiGZDlGxiNtltnUFolMe8497Esry+jA== dependencies: - "@babel/types" "^7.23.3" + "@babel/types" "^7.23.5" "@jridgewell/gen-mapping" "^0.3.2" "@jridgewell/trace-mapping" "^0.3.17" jsesc "^2.5.1" @@ -1594,10 +1594,10 @@ dependencies: "@babel/types" "^7.22.5" -"@babel/helper-string-parser@^7.22.5": - version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz#533f36457a25814cf1df6488523ad547d784a99f" - integrity sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw== +"@babel/helper-string-parser@^7.23.4": + version "7.23.4" + resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.23.4.tgz#9478c707febcbbe1ddb38a3d91a2e054ae622d83" + integrity sha512-803gmbQdqwdf4olxrX4AJyFBV/RTr3rSmOj0rKwesmzlfhYNDEs+/iOcznzpNWlJlIlTJC2QfPFcHB6DlzdVLQ== "@babel/helper-validator-identifier@^7.18.6": version "7.19.1" @@ -1609,11 +1609,6 @@ resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz#c4ae002c61d2879e724581d96665583dbc1dc0e0" integrity sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A== -"@babel/helper-validator-identifier@^7.22.5": - version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.5.tgz#9544ef6a33999343c8740fa51350f30eeaaaf193" - integrity sha512-aJXu+6lErq8ltp+JhkJUfk1MTGyuA4v7f3pA+BJ5HLfNC6nAQ0Cpi9uOquUj8Hehg0aUiHzWQbOVJGao6ztBAQ== - "@babel/helper-validator-option@^7.18.6": version "7.18.6" resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.18.6.tgz#bf0d2b5a509b1f336099e4ff36e1a63aa5db4db8" @@ -1634,14 +1629,14 @@ "@babel/traverse" "^7.19.0" "@babel/types" "^7.19.0" -"@babel/helpers@^7.23.2": - version "7.23.2" - resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.23.2.tgz#2832549a6e37d484286e15ba36a5330483cac767" - integrity sha512-lzchcp8SjTSVe/fPmLwtWVBFC7+Tbn8LGHDVfDp9JGxpAY5opSaEFgt8UQvrnECWOTdji2mOWMz1rOhkHscmGQ== +"@babel/helpers@^7.23.5": + version "7.23.5" + resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.23.5.tgz#52f522840df8f1a848d06ea6a79b79eefa72401e" + integrity sha512-oO7us8FzTEsG3U6ag9MfdF1iA/7Z6dz+MtFhifZk8C8o453rGJFFWUP1t+ULM9TUIAzC9uxXEiXjOiVMyd7QPg== dependencies: "@babel/template" "^7.22.15" - "@babel/traverse" "^7.23.2" - "@babel/types" "^7.23.0" + "@babel/traverse" "^7.23.5" + "@babel/types" "^7.23.5" "@babel/highlight@^7.10.4": version "7.18.6" @@ -1652,19 +1647,19 @@ chalk "^2.0.0" js-tokens "^4.0.0" -"@babel/highlight@^7.22.13": - version "7.22.13" - resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.22.13.tgz#9cda839e5d3be9ca9e8c26b6dd69e7548f0cbf16" - integrity sha512-C/BaXcnnvBCmHTpz/VGZ8jgtE2aYlW4hxDhseJAWZb7gqGM/qtCK6iZUb0TyKFf7BOUsBH7Q7fkRsDRhg1XklQ== +"@babel/highlight@^7.23.4": + version "7.23.4" + resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.23.4.tgz#edaadf4d8232e1a961432db785091207ead0621b" + integrity sha512-acGdbYSfp2WheJoJm/EBBBLh/ID8KDc64ISZ9DYtBmC8/Q204PZJLHyzeB5qMzJ5trcOkybd78M4x2KWsUq++A== dependencies: - "@babel/helper-validator-identifier" "^7.22.5" + "@babel/helper-validator-identifier" "^7.22.20" chalk "^2.4.2" js-tokens "^4.0.0" -"@babel/parser@^7.1.6", "@babel/parser@^7.14.7", "@babel/parser@^7.16.4", "@babel/parser@^7.18.4", "@babel/parser@^7.22.15", "@babel/parser@^7.23.3", "@babel/parser@^7.7.0": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.23.3.tgz#0ce0be31a4ca4f1884b5786057cadcb6c3be58f9" - integrity sha512-uVsWNvlVsIninV2prNz/3lHCb+5CJ+e+IUBfbjToAHODtfGYLfCFuY4AU7TskI+dAKk+njsPiBjq1gKTvZOBaw== +"@babel/parser@^7.1.6", "@babel/parser@^7.14.7", "@babel/parser@^7.16.4", "@babel/parser@^7.18.4", "@babel/parser@^7.22.15", "@babel/parser@^7.23.5", "@babel/parser@^7.7.0": + version "7.23.5" + resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.23.5.tgz#37dee97c4752af148e1d38c34b856b2507660563" + integrity sha512-hOOqoiNXrmGdFbhgCzu6GiURxUgM27Xwd/aPuu8RfHEZPBzL1Z54okAHAQjXfcQNwvrlkAmAp4SlRTZ45vlthQ== "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.18.6": version "7.18.6" @@ -2382,28 +2377,28 @@ "@babel/parser" "^7.22.15" "@babel/types" "^7.22.15" -"@babel/traverse@^7.0.0", "@babel/traverse@^7.19.0", "@babel/traverse@^7.19.1", "@babel/traverse@^7.23.2", "@babel/traverse@^7.23.3", "@babel/traverse@^7.7.0": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.23.3.tgz#26ee5f252e725aa7aca3474aa5b324eaf7908b5b" - integrity sha512-+K0yF1/9yR0oHdE0StHuEj3uTPzwwbrLGfNOndVJVV2TqA5+j3oljJUb4nmB954FLGjNem976+B+eDuLIjesiQ== +"@babel/traverse@^7.0.0", "@babel/traverse@^7.19.0", "@babel/traverse@^7.19.1", "@babel/traverse@^7.23.5", "@babel/traverse@^7.7.0": + version "7.23.5" + resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.23.5.tgz#f546bf9aba9ef2b042c0e00d245990c15508e7ec" + integrity sha512-czx7Xy5a6sapWWRx61m1Ke1Ra4vczu1mCTtJam5zRTBOonfdJ+S/B6HYmGYu3fJtr8GGET3si6IhgWVBhJ/m8w== dependencies: - "@babel/code-frame" "^7.22.13" - "@babel/generator" "^7.23.3" + "@babel/code-frame" "^7.23.5" + "@babel/generator" "^7.23.5" "@babel/helper-environment-visitor" "^7.22.20" "@babel/helper-function-name" "^7.23.0" "@babel/helper-hoist-variables" "^7.22.5" "@babel/helper-split-export-declaration" "^7.22.6" - "@babel/parser" "^7.23.3" - "@babel/types" "^7.23.3" + "@babel/parser" "^7.23.5" + "@babel/types" "^7.23.5" debug "^4.1.0" globals "^11.1.0" -"@babel/types@^7.0.0", "@babel/types@^7.12.12", "@babel/types@^7.18.6", "@babel/types@^7.18.9", "@babel/types@^7.19.0", "@babel/types@^7.19.3", "@babel/types@^7.22.15", "@babel/types@^7.22.5", "@babel/types@^7.23.0", "@babel/types@^7.23.3", "@babel/types@^7.4.4", "@babel/types@^7.7.0": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.23.3.tgz#d5ea892c07f2ec371ac704420f4dcdb07b5f9598" - integrity sha512-OZnvoH2l8PK5eUvEcUyCt/sXgr/h+UWpVuBbOljwcrAgUl6lpchoQ++PHGyQy1AtYnVA6CEq3y5xeEI10brpXw== +"@babel/types@^7.0.0", "@babel/types@^7.12.12", "@babel/types@^7.18.6", "@babel/types@^7.18.9", "@babel/types@^7.19.0", "@babel/types@^7.19.3", "@babel/types@^7.22.15", "@babel/types@^7.22.5", "@babel/types@^7.23.0", "@babel/types@^7.23.5", "@babel/types@^7.4.4", "@babel/types@^7.7.0": + version "7.23.5" + resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.23.5.tgz#48d730a00c95109fa4393352705954d74fb5b602" + integrity sha512-ON5kSOJwVO6xXVRTvOI0eOnWe7VdUcIpsovGo9U/Br4Ie4UVFQTboO2cYnDhAGU6Fp+UxSiT+pMft0SMHfuq6w== dependencies: - "@babel/helper-string-parser" "^7.22.5" + "@babel/helper-string-parser" "^7.23.4" "@babel/helper-validator-identifier" "^7.22.20" to-fast-properties "^2.0.0" From 7f2302d8a3b160b3a5980a8a4b8393f2db220bad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 01:02:03 +0000 Subject: [PATCH 04/19] chore(deps): bump @aws-sdk/rds-signer from 3.462.0 to 3.465.0 (#2297) Bumps [@aws-sdk/rds-signer](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/rds-signer) from 3.462.0 to 3.465.0. - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/rds-signer/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.465.0/packages/rds-signer) --- updated-dependencies: - dependency-name: "@aws-sdk/rds-signer" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 108 +++++++++++++++++++++++++----------------------------- 1 file changed, 49 insertions(+), 59 deletions(-) diff --git a/yarn.lock b/yarn.lock index 33aa61159..0e93b4c7f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -221,26 +221,26 @@ "@aws-sdk/util-utf8-browser" "^3.0.0" tslib "^1.11.1" -"@aws-sdk/client-cognito-identity@3.462.0": - version "3.462.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-cognito-identity/-/client-cognito-identity-3.462.0.tgz#9c88a07e0a6b80a567e990a143b3f78124784640" - integrity sha512-NGsFxb2ysXWUPKCRoa4KIJTcL8kddY73EV0hbw9li7+pTFzzkiYiNg6RxfHp3U+sBlhN8poItQrkAXZTDIJ1yQ== +"@aws-sdk/client-cognito-identity@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-cognito-identity/-/client-cognito-identity-3.465.0.tgz#4d9082c9e9003f180649abeb216e9cbcdac8396b" + integrity sha512-Ku1034M9jjsXbLBS5DwQfcTwWwu2oxtmdbsxvEm4I7IUA/h1++hKPzZuJ6L9zo7I7GbA+WnCryviUdtbgCqTfA== dependencies: "@aws-crypto/sha256-browser" "3.0.0" "@aws-crypto/sha256-js" "3.0.0" - "@aws-sdk/client-sts" "3.462.0" - "@aws-sdk/core" "3.451.0" - "@aws-sdk/credential-provider-node" "3.460.0" - "@aws-sdk/middleware-host-header" "3.460.0" - "@aws-sdk/middleware-logger" "3.460.0" - "@aws-sdk/middleware-recursion-detection" "3.460.0" - "@aws-sdk/middleware-signing" "3.461.0" - "@aws-sdk/middleware-user-agent" "3.460.0" - "@aws-sdk/region-config-resolver" "3.451.0" - "@aws-sdk/types" "3.460.0" - "@aws-sdk/util-endpoints" "3.460.0" - "@aws-sdk/util-user-agent-browser" "3.460.0" - "@aws-sdk/util-user-agent-node" "3.460.0" + "@aws-sdk/client-sts" "3.465.0" + "@aws-sdk/core" "3.465.0" + "@aws-sdk/credential-provider-node" "3.465.0" + "@aws-sdk/middleware-host-header" "3.465.0" + "@aws-sdk/middleware-logger" "3.465.0" + "@aws-sdk/middleware-recursion-detection" "3.465.0" + "@aws-sdk/middleware-signing" "3.465.0" + "@aws-sdk/middleware-user-agent" "3.465.0" + "@aws-sdk/region-config-resolver" "3.465.0" + "@aws-sdk/types" "3.465.0" + "@aws-sdk/util-endpoints" "3.465.0" + "@aws-sdk/util-user-agent-browser" "3.465.0" + "@aws-sdk/util-user-agent-node" "3.465.0" "@smithy/config-resolver" "^2.0.18" "@smithy/fetch-http-handler" "^2.2.6" "@smithy/hash-node" "^2.0.15" @@ -615,13 +615,13 @@ "@smithy/smithy-client" "^2.1.15" tslib "^2.5.0" -"@aws-sdk/credential-provider-cognito-identity@3.462.0": - version "3.462.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-cognito-identity/-/credential-provider-cognito-identity-3.462.0.tgz#c3dfa822df91c482e5d6ee1c10c069c81d27f253" - integrity sha512-oTN5PXFidfadOC+Ar1gZrRkvOTDzk4FZCf47Eqf6Spfm/Z58iQ8GuZ99uh98oQJZlcbYx8hCeuffRLQtPZS20Q== +"@aws-sdk/credential-provider-cognito-identity@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-cognito-identity/-/credential-provider-cognito-identity-3.465.0.tgz#e278ba1849c3cd38e6a8eb655a931ac2fdddc88a" + integrity sha512-bvZNgA2Cx54eTSZm2bXCUbz5rQjcNqTONuvjNIl1CFK9lEj3o3rRU1EqAwX6AIrT1OIstnDr1Z6llxjwvTLqiA== dependencies: - "@aws-sdk/client-cognito-identity" "3.462.0" - "@aws-sdk/types" "3.460.0" + "@aws-sdk/client-cognito-identity" "3.465.0" + "@aws-sdk/types" "3.465.0" "@smithy/property-provider" "^2.0.0" "@smithy/types" "^2.5.0" tslib "^2.5.0" @@ -646,12 +646,12 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/credential-provider-http@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-http/-/credential-provider-http-3.460.0.tgz#f61316a5178e817a161f734a167936aac5a878fd" - integrity sha512-tLnuLDsGcBRemj8jxt1MkerjwsQlYdwnlfQXvrYOO8qMrbFP2sEjAx165GeCbsjmY/y0w1UFQEV+xRpFg5dxUw== +"@aws-sdk/credential-provider-http@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-http/-/credential-provider-http-3.465.0.tgz#77031a962c139a62078d7c72c4fb5ccfc2628df0" + integrity sha512-Rj/zFgP0i0tpuaO+sm1csGU7NLQa1F9eE9c3VKbYECiXAZwrGJnY1TdG2iSsLpkMtyfOhRrRvAuYAUCUemWg3g== dependencies: - "@aws-sdk/types" "3.460.0" + "@aws-sdk/types" "3.465.0" "@smithy/fetch-http-handler" "^2.2.6" "@smithy/node-http-handler" "^2.1.9" "@smithy/property-provider" "^2.0.0" @@ -795,23 +795,23 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/credential-providers@3.462.0": - version "3.462.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-providers/-/credential-providers-3.462.0.tgz#633ce0b9f4989f065e175d6d36e587814d6ed281" - integrity sha512-M5XBK3NPbuDmZPUPlpiKeS0NxLNq/ihpEP0ZjFKwOi2fToXt3x8LqZ0e6o8NDl4UqjHtgEewu8Wwrl4paTmc1A== +"@aws-sdk/credential-providers@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-providers/-/credential-providers-3.465.0.tgz#841000b3d548fac20df3011d7945af0283d1bcf9" + integrity sha512-mtndyew33Fnv30zVCQLBkqvUeFvjAlgAe3yM/10U//dxsOW3pfYWZ6sMzDbuXHLCyROQXJqZfnsQKQs0rOaO0Q== dependencies: - "@aws-sdk/client-cognito-identity" "3.462.0" - "@aws-sdk/client-sso" "3.460.0" - "@aws-sdk/client-sts" "3.462.0" - "@aws-sdk/credential-provider-cognito-identity" "3.462.0" - "@aws-sdk/credential-provider-env" "3.460.0" - "@aws-sdk/credential-provider-http" "3.460.0" - "@aws-sdk/credential-provider-ini" "3.460.0" - "@aws-sdk/credential-provider-node" "3.460.0" - "@aws-sdk/credential-provider-process" "3.460.0" - "@aws-sdk/credential-provider-sso" "3.460.0" - "@aws-sdk/credential-provider-web-identity" "3.460.0" - "@aws-sdk/types" "3.460.0" + "@aws-sdk/client-cognito-identity" "3.465.0" + "@aws-sdk/client-sso" "3.465.0" + "@aws-sdk/client-sts" "3.465.0" + "@aws-sdk/credential-provider-cognito-identity" "3.465.0" + "@aws-sdk/credential-provider-env" "3.465.0" + "@aws-sdk/credential-provider-http" "3.465.0" + "@aws-sdk/credential-provider-ini" "3.465.0" + "@aws-sdk/credential-provider-node" "3.465.0" + "@aws-sdk/credential-provider-process" "3.465.0" + "@aws-sdk/credential-provider-sso" "3.465.0" + "@aws-sdk/credential-provider-web-identity" "3.465.0" + "@aws-sdk/types" "3.465.0" "@smithy/credential-provider-imds" "^2.0.0" "@smithy/property-provider" "^2.0.0" "@smithy/types" "^2.5.0" @@ -1040,14 +1040,14 @@ tslib "^2.5.0" "@aws-sdk/rds-signer@^3.315.0": - version "3.462.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/rds-signer/-/rds-signer-3.462.0.tgz#d016820f31d3e2aa591d3019d688684bb4a82df2" - integrity sha512-Hy0qJpLdfa4+mhOFnjqZGYwJtBqNkzhc9dLYZVl266NzKd6ech0IgXx4N0cHRq+dz6wS2LFdYagMikvVCp7ipQ== + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/rds-signer/-/rds-signer-3.465.0.tgz#cef22fd48db12bc185a0492dc6f0e38dc66111ff" + integrity sha512-fhui4CZz7khGsnok93HHSziSMYw8/K4o99Bk8UKSDtkmBMnmkJ87Kl2pCjrqk4iywmJHqO6WjbTmi+WXN3nbgg== dependencies: "@aws-crypto/sha256-browser" "3.0.0" "@aws-crypto/sha256-js" "3.0.0" - "@aws-sdk/credential-providers" "3.462.0" - "@aws-sdk/util-format-url" "3.460.0" + "@aws-sdk/credential-providers" "3.465.0" + "@aws-sdk/util-format-url" "3.465.0" "@smithy/config-resolver" "^2.0.18" "@smithy/hash-node" "^2.0.15" "@smithy/invalid-dependency" "^2.0.13" @@ -1251,16 +1251,6 @@ "@smithy/util-endpoints" "^1.0.4" tslib "^2.5.0" -"@aws-sdk/util-format-url@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/util-format-url/-/util-format-url-3.460.0.tgz#108af532d0deb25ce39ab20c1059247399079663" - integrity sha512-TfXehLG9wS8bvsFujggkvLy284JJxdot0m/yfzp+nc0PANP5VuQoePvBpXzUvGEAUHoDdu5Eh2gs1nOkPN05/g== - dependencies: - "@aws-sdk/types" "3.460.0" - "@smithy/querystring-builder" "^2.0.13" - "@smithy/types" "^2.5.0" - tslib "^2.5.0" - "@aws-sdk/util-format-url@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-format-url/-/util-format-url-3.465.0.tgz#fdd30792b788736fdb772e8e1e346bd97d9c595a" From 0423a167d5f3086a235bb29712933c1198930341 Mon Sep 17 00:00:00 2001 From: adele-usdr <146878468+adele-usdr@users.noreply.github.com> Date: Tue, 5 Dec 2023 08:40:41 -0800 Subject: [PATCH 05/19] fix: #2273 use stacked table layout for narrow windows (#2291) --- packages/client/src/components/GrantsTableNext.vue | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/client/src/components/GrantsTableNext.vue b/packages/client/src/components/GrantsTableNext.vue index 4712b269d..4ef439527 100644 --- a/packages/client/src/components/GrantsTableNext.vue +++ b/packages/client/src/components/GrantsTableNext.vue @@ -22,7 +22,7 @@ - From 510814cae989f1fe9d566aad8bd1f74301efc0cc Mon Sep 17 00:00:00 2001 From: adele-usdr <146878468+adele-usdr@users.noreply.github.com> Date: Tue, 5 Dec 2023 09:56:54 -0800 Subject: [PATCH 06/19] fix: update size of logo to match profile badge size (#2307) --- packages/client/src/components/Layout.vue | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/client/src/components/Layout.vue b/packages/client/src/components/Layout.vue index d988fd887..4ae29e5ba 100755 --- a/packages/client/src/components/Layout.vue +++ b/packages/client/src/components/Layout.vue @@ -2,8 +2,8 @@
- - + +

Federal Grant Finder

 From 6ec1b14bff5b8cb0cb5468a2179ffc5b98f2c87d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 20:13:22 +0000 Subject: [PATCH 07/19] chore(deps): bump @aws-sdk/client-ses from 3.462.0 to 3.465.0 (#2299) Bumps [@aws-sdk/client-ses](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-ses) from 3.462.0 to 3.465.0. - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-ses/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.465.0/clients/client-ses) --- updated-dependencies: - dependency-name: "@aws-sdk/client-ses" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/yarn.lock b/yarn.lock index 0e93b4c7f..e97e365d3 100644 --- a/yarn.lock +++ b/yarn.lock @@ -330,25 +330,25 @@ tslib "^2.5.0" "@aws-sdk/client-ses@^3.312.0": - version "3.462.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-ses/-/client-ses-3.462.0.tgz#7c20cdd5f7d921429d628f25af4404188df82bf9" - integrity sha512-6hK0DpXtvmgqwQpolPG9HOC5aDvgESoBLvd2z/5tOfrmkKcav7NQOniKY11i/6gfNCFbjYpSnR4xW9Q7w0gchQ== + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-ses/-/client-ses-3.465.0.tgz#a298c592a4e8fafc81234e9ca9aa2a43c0af064d" + integrity sha512-eRIe4XjBOPRjk0nG0XdE+s6T2mxrQMJG1Z/L87YminZwIWhE9eL2EqyA8urARw6x/ovL3F3RsEjVBoNmr4TU6Q== dependencies: "@aws-crypto/sha256-browser" "3.0.0" "@aws-crypto/sha256-js" "3.0.0" - "@aws-sdk/client-sts" "3.462.0" - "@aws-sdk/core" "3.451.0" - "@aws-sdk/credential-provider-node" "3.460.0" - "@aws-sdk/middleware-host-header" "3.460.0" - "@aws-sdk/middleware-logger" "3.460.0" - "@aws-sdk/middleware-recursion-detection" "3.460.0" - "@aws-sdk/middleware-signing" "3.461.0" - "@aws-sdk/middleware-user-agent" "3.460.0" - "@aws-sdk/region-config-resolver" "3.451.0" - "@aws-sdk/types" "3.460.0" - "@aws-sdk/util-endpoints" "3.460.0" - "@aws-sdk/util-user-agent-browser" "3.460.0" - "@aws-sdk/util-user-agent-node" "3.460.0" + "@aws-sdk/client-sts" "3.465.0" + "@aws-sdk/core" "3.465.0" + "@aws-sdk/credential-provider-node" "3.465.0" + "@aws-sdk/middleware-host-header" "3.465.0" + "@aws-sdk/middleware-logger" "3.465.0" + "@aws-sdk/middleware-recursion-detection" "3.465.0" + "@aws-sdk/middleware-signing" "3.465.0" + "@aws-sdk/middleware-user-agent" "3.465.0" + "@aws-sdk/region-config-resolver" "3.465.0" + "@aws-sdk/types" "3.465.0" + "@aws-sdk/util-endpoints" "3.465.0" + "@aws-sdk/util-user-agent-browser" "3.465.0" + "@aws-sdk/util-user-agent-node" "3.465.0" "@smithy/config-resolver" "^2.0.18" "@smithy/fetch-http-handler" "^2.2.6" "@smithy/hash-node" "^2.0.15" From 5029a621f1687a9c2cb3c19a84383902d76b71c4 Mon Sep 17 00:00:00 2001 From: Weronika Tomaszewska Date: Tue, 5 Dec 2023 15:16:42 -0500 Subject: [PATCH 08/19] chore/1090 remove unused validate-data files from ARPA Reporter (#2244) --- .../services/validate-data/index.spec.js | 76 --- .../services/validate-data/validate.spec.js | 455 ------------------ .../services/validate-data/certification.js | 19 - .../services/validate-data/contracts.js | 238 --------- .../services/validate-data/cover.js | 18 - .../services/validate-data/direct.js | 119 ----- .../validate-data/expenditure-categories.js | 24 - .../services/validate-data/grants.js | 235 --------- .../services/validate-data/helpers.js | 40 -- .../services/validate-data/index.js | 44 -- .../services/validate-data/loans.js | 110 ----- .../services/validate-data/subrecipients.js | 54 --- .../services/validate-data/transfers.js | 155 ------ .../services/validate-data/validate.js | 392 --------------- 14 files changed, 1979 deletions(-) delete mode 100644 packages/server/__tests__/arpa_reporter/server/services/validate-data/index.spec.js delete mode 100644 packages/server/__tests__/arpa_reporter/server/services/validate-data/validate.spec.js delete mode 100644 packages/server/src/arpa_reporter/services/validate-data/certification.js delete mode 100644 packages/server/src/arpa_reporter/services/validate-data/contracts.js delete mode 100644 packages/server/src/arpa_reporter/services/validate-data/cover.js delete mode 100644 packages/server/src/arpa_reporter/services/validate-data/direct.js delete mode 100644 packages/server/src/arpa_reporter/services/validate-data/expenditure-categories.js delete mode 100644 packages/server/src/arpa_reporter/services/validate-data/grants.js delete mode 100644 packages/server/src/arpa_reporter/services/validate-data/helpers.js delete mode 100644 packages/server/src/arpa_reporter/services/validate-data/index.js delete mode 100644 packages/server/src/arpa_reporter/services/validate-data/loans.js delete mode 100644 packages/server/src/arpa_reporter/services/validate-data/subrecipients.js delete mode 100644 packages/server/src/arpa_reporter/services/validate-data/transfers.js delete mode 100644 packages/server/src/arpa_reporter/services/validate-data/validate.js diff --git a/packages/server/__tests__/arpa_reporter/server/services/validate-data/index.spec.js b/packages/server/__tests__/arpa_reporter/server/services/validate-data/index.spec.js deleted file mode 100644 index 88d898b65..000000000 --- a/packages/server/__tests__/arpa_reporter/server/services/validate-data/index.spec.js +++ /dev/null @@ -1,76 +0,0 @@ -/* eslint no-unused-expressions: "off" */ - -const { validateData } = requireSrc(__filename); -const { expect } = require('chai'); - -describe.skip('validateData', () => { - const records = [ - { - type: 'cover', - content: { - 'agency code': '1', - 'project id': '100', - }, - }, - { - type: 'subrecipient', - content: { - 'duns number': '1001', - 'legal name': 'Acme', - 'organization type': 'Other', - }, - }, - { - type: 'certification', - content: { - 'agency financial reviewer name': 'John Doe', - date: 44175, - }, - }, - { - type: 'grants', - content: { - compliance: 'Yes', - 'project id': '100', - 'subrecipient id': '1001', - 'award number': '1', - 'award amount': 10, // v2 validation requires >= 50K - 'current quarter obligation': 10, - 'award payment method': 'Lump Sum Payment(s)', - 'award date': 44044, - 'period of performance start date': 44050, - 'primary place of performance address line 1': '85 Pike St', - 'primary place of performance city name': 'Seattle', - 'primary place of performance country name': 'United States', - 'primary place of performance state code': 'WA', - }, - }, - ]; - it('ignores tagged validations by default', () => { - const reportingPeriod = { - start_date: new Date(2020, 3, 1), - end_date: new Date(2020, 9, 30), - period_of_performance_end_date: new Date(2020, 12, 30), - crf_end_date: new Date(2020, 12, 30), - validation_rule_tags: [], - }; - const fileParts = { agencyCode: '1', projectId: '100' }; - const result = validateData(records, fileParts, reportingPeriod, {}, new Date(2020, 3, 1)); - expect(result, JSON.stringify(result)).to.be.empty; - }); - it('includes tagged validations', () => { - const reportingPeriod = { - start_date: new Date(2020, 3, 1), - end_date: new Date(2020, 9, 30), - period_of_performance_end_date: new Date(2020, 12, 30), - crf_end_date: new Date(2020, 12, 30), - validation_rule_tags: ['v2'], - }; - const fileParts = { agencyCode: '1', projectId: '100' }; - const result = validateData(records, fileParts, reportingPeriod, {}, new Date(2020, 3, 1)); - expect(result, JSON.stringify(result)).to.have.length(1); - expect(result[0].info.message).to.equal('Contract amount must be at least $50,000'); - }); -}); - -// NOTE: This file was copied from tests/server/services/validate-data/index.spec.js (git @ ada8bfdc98) in the arpa-reporter repo on 2022-09-23T20:05:47.735Z diff --git a/packages/server/__tests__/arpa_reporter/server/services/validate-data/validate.spec.js b/packages/server/__tests__/arpa_reporter/server/services/validate-data/validate.spec.js deleted file mode 100644 index 407f653bd..000000000 --- a/packages/server/__tests__/arpa_reporter/server/services/validate-data/validate.spec.js +++ /dev/null @@ -1,455 +0,0 @@ -const { - contractMatches, - cumulativeAmountIsEqual, - dateIsInPeriodOfPerformance, - dateIsInReportingPeriod, - isAtLeast50K, - isNotBlank, - isNumber, - isNumberOrBlank, - isPositiveNumber, - isPositiveNumberOrZero, - isSum, - isValidDate, - isValidState, - isValidSubrecipient, - isValidZip, - matchesFilePart, - messageValue, - numberIsLessThanOrEqual, - numberIsGreaterThanOrEqual, - validateFields, - validateRecords, - whenBlank, - whenGreaterThanZero, - whenUS, -} = requireSrc(__filename); -const { expect } = require('chai'); - -describe('validation helpers', () => { - const validateContext = { - fileParts: { - projectId: 'DOH', - }, - subrecipientsHash: { - 1010: { - name: 'Payee', - }, - }, - reportingPeriod: { - startDate: '2020-03-01', - endDate: '2020-09-30', - periodOfPerformanceEndDate: '2020-12-30', - crfEndDate: '2020-12-30', - }, - firstReportingPeriodStartDate: '2020-03-01', - periodSummaries: { - periodSummaries: [ - { - project_code: '1', - award_number: '1001', - award_type: 'contracts', - current_obligation: 100.0, - current_expenditure: 10.00, - }, - { - project_code: '1', - award_number: '1001', - award_type: 'contracts', - current_obligation: 200.0, - current_expenditure: 20.00, - }, - { - project_code: '2', - award_number: '2002', - award_type: 'contracts', - current_obligation: 200.0, - current_expenditure: 20.00, - }, - ], - }, - }; - const testCases = [ - - ['blank string', isNotBlank(''), false], - ['non blank string', isNotBlank('Test'), true], - ['number', isNumber(1), true], - ['number', isNumber(''), false], - ['numberOrBlank', isNumberOrBlank(1), true], - ['numberOrBlank', isNumberOrBlank(''), true], - ['non number', isNumber('Test'), false], - ['positive number', isPositiveNumber(100), true], - ['non positive number', isPositiveNumber(-100), false], - ['positive number or zero', isPositiveNumberOrZero(0), true], - ['positive number or zero', isPositiveNumberOrZero(100), true], - ['positive number or zero allows blanks', isPositiveNumberOrZero(''), true], - ['not a positive number or zero', isPositiveNumberOrZero(-10), false], - ['valid date', isValidDate('2020-10-03'), true], - ['invalid date', isValidDate('2020-15-99'), false], - [ - 'file part matches', - matchesFilePart('projectId')('DOH', {}, validateContext), - true, - ], - [ - 'file part does not match', - matchesFilePart('projectId')('OMB', {}, validateContext), - false, - ], - [ - 'valid subrecipient', - isValidSubrecipient('1010', {}, validateContext), - true, - ], - [ - 'invalid subrecipient', - isValidSubrecipient('1020', {}, validateContext), - false, - ], - [ - 'sum is correct', - isSum(['amount1', 'amount2'])( - 100.0, - { amount1: 40.0, amount2: 60.0 }, - validateContext, - ), - true, - ], - [ - 'sum is not correct', - isSum(['amount1', 'amount2'])( - 90.0, - { amount1: 40.0, amount2: 60.0 }, - validateContext, - ), - false, - ], - [ - 'sum convert strings to float', - isSum(['amount1', 'amount2'])( - '100.0', - { amount1: '40.0', amount2: '60.0' }, - validateContext, - ), - true, - ], - [ - 'number is less than or equal', - numberIsLessThanOrEqual('total')(100, { total: 200 }, validateContext), - true, - ], - [ - 'number is not less than or equal', - numberIsLessThanOrEqual('total')(500, { total: 200 }, validateContext), - false, - ], - [ - 'number is greater than or equal', - numberIsGreaterThanOrEqual('total')( - 1000, - { total: 200 }, - validateContext, - ), - true, - ], - [ - 'number is not greater than or equal', - numberIsGreaterThanOrEqual('total')(50, { total: 200 }, validateContext), - false, - ], - [ - 'date is in reporting period', - dateIsInReportingPeriod(43929, {}, validateContext), - true, - ], - [ - 'date is before reporting period', - dateIsInReportingPeriod(43800, {}, validateContext), - false, - ], - [ - 'date is after reporting period', - dateIsInReportingPeriod(44197, {}, validateContext), - false, - ], - [ - 'date is in period or performance', - dateIsInPeriodOfPerformance(44166, {}, validateContext), - true, - ], - [ - 'whenBlank conditional validation passes', - whenBlank('duns number', isNotBlank)( - '123', - { 'duns number': '' }, - validateContext, - ), - true, - ], - [ - 'whenBlank conditional validation fails', - whenBlank('duns number', isNotBlank)( - '', - { 'duns number': '' }, - validateContext, - ), - false, - ], - [ - 'whenBlank conditional validation ignored', - whenBlank('duns number', isNotBlank)( - '', - { 'duns number': '123' }, - validateContext, - ), - true, - ], - [ - 'whenGreaterThanZero conditional validation passes', - whenGreaterThanZero( - 'total expenditure amount', - dateIsInPeriodOfPerformance, - )(44166, { 'total expenditure amount': 1000.0 }, validateContext), - true, - ], - [ - 'whenGreaterThanZero conditional validation fails', - whenGreaterThanZero( - 'total expenditure amount', - dateIsInPeriodOfPerformance, - )(45000, { 'total expenditure amount': 1000.0 }, validateContext), - false, - ], - [ - 'whenGreaterThanZero conditional validation ignored', - whenGreaterThanZero( - 'total expenditure amount', - dateIsInPeriodOfPerformance, - )(45000, { 'total expenditure amount': '' }, validateContext), - true, - ], - [ - 'valid US zip passes', - isValidZip( - 98101, - {}, - validateContext, - ), - true, - ], - [ - 'valid US zip fails', - isValidZip( - 981, - {}, - validateContext, - ), - false, - ], - [ - 'whenUS conditional validation passes', - whenUS('country', isValidZip)( - 98101, - { country: 'usa' }, - validateContext, - ), - true, - ], - [ - 'whenUS conditional validation passes', - whenUS('country', isValidZip)( - 98101, - { country: 'united states' }, - validateContext, - ), - true, - ], - [ - 'whenUS conditional validation fails', - whenUS('country', isValidZip)( - 981, - { country: 'usa' }, - validateContext, - ), - false, - ], - [ - 'whenUS conditional validation fails', - whenUS('country', isValidZip)( - 981, - { country: 'united states' }, - validateContext, - ), - false, - ], - [ - 'whenUS conditional validation skipped', - whenUS('country', isValidZip)( - 981, - { country: 'hk' }, - validateContext, - ), - true, - ], - [ - 'whenUS conditional validation skipped', - whenUS('country', isValidZip)( - '', - { country: 'hk' }, - validateContext, - ), - true, - ], - ['isAtLeast50K fails', isAtLeast50K(undefined), false], - ['isAtLeast50K fails', isAtLeast50K(''), false], - ['isAtLeast50K fails', isAtLeast50K(5000.00), false], - ['isAtLeast50K passes', isAtLeast50K(50000.00), true], - ['isAtLeast50K passes', isAtLeast50K(150000.00), true], - - [ - 'cumulativeAmountIsEqual passes for obligation', - cumulativeAmountIsEqual('current quarter obligation', contractMatches)( - 600.0, - { 'project id': '1', 'contract number': '1001', 'current quarter obligation': 300.0 }, - validateContext, - ), - true, - ], - [ - 'cumulativeAmountIsEqual passes for expenditure', - cumulativeAmountIsEqual('total expenditure amount', contractMatches)( - 60.0, - { 'project id': '1', 'contract number': '1001', 'total expenditure amount': 30.0 }, - validateContext, - ), - true, - ], - [ - 'cumulativeAmountIsEqual fails', - cumulativeAmountIsEqual('current quarter obligation', contractMatches)( - 200.0, - { 'current quarter obligation': 300.0 }, - validateContext, - ), - false, - ], - ]; - testCases.forEach(([name, b, expectedResult]) => { - it(`${name} should return ${expectedResult}`, () => { - expect(b).to.equal(expectedResult); - }); - }); - // isValidState() doesn't work in the testCases array, - // because it has to run after beforeEach() has initialized - // the dropdowns, so it has to be invoked inside an it() function. - it.skip('isValidState("WA") should return true', () => { - expect(isValidState('WA', {}, validateContext)).to.equal(true); - }); - it.skip('isValidState("ZZ") should return false', () => { - expect(isValidState('ZZ', {}, validateContext)).to.equal(false); - }); -}); - -describe('validateFields', () => { - const requiredFields = [ - ['name', isNotBlank], - ['date', isValidDate], - ['description', isNotBlank, 'Description is required'], - ]; - it('can validate a record', () => { - const content = { - name: 'George', - date: '2020-10-02', - description: 'testing', - }; - const r = validateFields(requiredFields, content, 'Test', 1); - expect(r).to.have.length(0); - }); - it('can report multiple errors, with custom message', () => { - const content = { name: '', date: '2020-10-02' }; - const r = validateFields(requiredFields, content, 'Test', 5); - expect(r).to.have.length(2); - expect(r[0].info.message).to.equal('Empty or invalid entry for name: ""'); - expect(r[0].info.tab).to.equal('Test'); - expect(r[0].info.row).to.equal(5); - expect(r[1].info.message).to.equal('Description is required'); - expect(r[1].info.tab).to.equal('Test'); - expect(r[1].info.row).to.equal(5); - }); -}); - -describe('can exclude filters based on tags', () => { - const requiredFields = [ - ['name', isNotBlank, 'Name is required', { tags: ['v2'] }], - ]; - const content = { name: '' }; - it('includes filter with matching tag', () => { - const r = validateFields( - requiredFields, - content, - 'Test Tab', - 1, - { tags: ['v2'] }, - ); - expect(r).to.have.length(1); - }); - it('ignores filter with non matching tag', () => { - const r = validateFields( - requiredFields, - content, - 'Test Tab', - 1, - { tags: ['v3'] }, - ); - expect(r).to.have.length(0); - }); - it('ignores filter when context has no tags', () => { - const r = validateFields(requiredFields, content, 'Test Tab', 1, {}); - expect(r).to.have.length(0); - }); -}); - -describe('custom message', () => { - it('can include the invalid value in the message', () => { - const validations = [ - ['type', (v) => v === 'FOO' || v === 'BAR', 'Type "{}" is not valid'], - ]; - const content = { type: 'BAZ' }; - const r = validateFields(validations, content, 'Test', 5); - expect(r).to.have.length(1); - expect(r[0].info.message).to.equal('Type "BAZ" is not valid'); - }); -}); - -describe('validateRecords', () => { - const records = { - test: [ - { content: { name: 'George' } }, - { content: { name: 'John' } }, - { content: { name: 'Thomas' } }, - { content: { name: 'James' } }, - { content: { name: '' } }, - ], - }; - const validations = [['name', isNotBlank]]; - it('can validate a collection of records', () => { - const log = validateRecords('test', validations)(records, {}); - expect(log).to.have.length(1); - }); -}); - -describe('date conversion for messages', () => { - it('can convert spreadsheet dates', () => { - expect(messageValue(44195, { isDateValue: true })).to.equal('12/30/2020'); - }); - it('only converts valid dates', () => { - expect(messageValue('Friday', { isDateValue: true })).to.equal('Friday'); - }); - it('only converts dates', () => { - expect(messageValue(44195)).to.equal(44195); - }); -}); - -/* * * * */ - -// NOTE: This file was copied from tests/server/services/validate-data/validate.spec.js (git @ ada8bfdc98) in the arpa-reporter repo on 2022-09-23T20:05:47.735Z diff --git a/packages/server/src/arpa_reporter/services/validate-data/certification.js b/packages/server/src/arpa_reporter/services/validate-data/certification.js deleted file mode 100644 index 99bbe0039..000000000 --- a/packages/server/src/arpa_reporter/services/validate-data/certification.js +++ /dev/null @@ -1,19 +0,0 @@ -const { isNotBlank, isValidDate } = require('./validate'); -const { validateSingleRecord } = require('./validate'); - -const requiredFields = [ - [ - 'agency financial reviewer name', - isNotBlank, - 'Agency financial reviewer name must not be blank', - ], - ['date', isValidDate, 'Date must be a valid date', { isDate: true }], -]; - -module.exports = validateSingleRecord( - 'certification', - requiredFields, - 'certification requires a row with "agency financial reviewer name" and "date"', -); - -// NOTE: This file was copied from src/server/services/validate-data/certification.js (git @ ada8bfdc98) in the arpa-reporter repo on 2022-09-23T20:05:47.735Z diff --git a/packages/server/src/arpa_reporter/services/validate-data/contracts.js b/packages/server/src/arpa_reporter/services/validate-data/contracts.js deleted file mode 100644 index f5d938739..000000000 --- a/packages/server/src/arpa_reporter/services/validate-data/contracts.js +++ /dev/null @@ -1,238 +0,0 @@ -const { - contractMatches, - cumulativeAmountIsEqual, - cumulativeAmountIsLessThanOrEqual, - dateIsInPeriodOfPerformance, - dateIsInReportingPeriod, - dateIsOnOrBefore, - dateIsOnOrBeforeCRFEndDate, - dropdownIncludes, - isEqual, - isAtLeast50K, - isNotBlank, - isNumber, - isNumberOrBlank, - isPositiveNumberOrZero, - isSum, - isValidDate, - isValidState, - isValidSubrecipient, - isValidZip, - matchesFilePart, - numberIsLessThanOrEqual, - validateRecords, - whenGreaterThanZero, - whenNotBlank, - whenUS, -} = require('./validate'); - -const expenditureCategories = require('./expenditure-categories'); - -// type pattern for this elements of the fields array is -// [ -// columnName: string, -// validator: (val: any, content: obj?) => bool, -// message: string? -// ] -const requiredFields = [ - [ - 'project id', - matchesFilePart('projectId'), - 'The contract project id "{}" does not match the project id in the filename', - ], - [ - 'subrecipient id', - isValidSubrecipient, - 'Each contract row must have a "subrecipient id" which is included in the "subrecipient" tab', - ], - [ - 'period of performance end date', - isValidDate, - 'Period of performance end date "{}" is not a valid date', - { isDateValue: true }, - ], - [ - 'period of performance start date', - dateIsInPeriodOfPerformance, - 'Period of performance start date "{}" must be in the period of performance', - { isDateValue: true }, - ], - [ - 'period of performance end date', - dateIsOnOrBeforeCRFEndDate, - 'Period of performance end date "{}" must be on or before CRF end date', - { isDateValue: true }, - ], - ['contract number', isNotBlank, 'Contract number cannot be blank'], - [ - 'contract type', - dropdownIncludes('contract type'), - 'Contract type is not valid', - ], - [ - 'contract amount', - isPositiveNumberOrZero, - 'Contract {{contract number}} contract amount must be an amount greater than or equal to zero', - ], - [ - 'contract amount', - isEqual('current quarter obligation'), - 'Contract amount must equal obligation amount', - { tags: ['v2'] }, - ], - [ - 'contract amount', - cumulativeAmountIsEqual('current quarter obligation', contractMatches), - 'Contract {{contract number}} contract amount must equal cumulative obligation amount', - { tags: ['cumulative'] }, - ], - [ - 'contract amount', - isAtLeast50K, - 'Contract amount must be at least $50,000', - { tags: ['v2'] }, - ], - - [ - 'contract date', - isValidDate, - 'Contract date "{}" is not valid', - { isDateValue: true }, - ], - [ - 'contract date', - dateIsInReportingPeriod, - 'Contract date "{}" is not in reporting report', - { isDateValue: true }, - ], - [ - 'contract date', - dateIsInPeriodOfPerformance, - 'Contract date "{}" must be in the period of performance', - { isDateValue: true }, - ], - [ - 'contract date', - whenGreaterThanZero( - 'total expenditure amount', - dateIsOnOrBefore('expenditure start date'), - ), - 'Contract date "{}" must be on or before the expenditure start date', - { isDateValue: true }, - ], - - [ - 'period of performance start date', - isValidDate, - 'Period of performance start date "{}" is not valid', - { isDateValue: true }, - ], - [ - 'period of performance start date', - dateIsOnOrBefore('period of performance end date'), - 'Period of performance start date "{}" must be on or before the period of performance end date', - { isDateValue: true }, - ], - - [ - 'expenditure start date', - whenGreaterThanZero('total expenditure amount', isValidDate), - 'Expenditure state date "{}" is not a valid date', - { isDateValue: true }, - ], - [ - 'expenditure start date', - whenGreaterThanZero('total expenditure amount', dateIsInReportingPeriod), - 'Expenditure state date "{}" is not in the reporting period', - { isDateValue: true }, - ], - [ - 'expenditure start date', - whenGreaterThanZero( - 'total expenditure amount', - dateIsOnOrBefore('expenditure end date'), - ), - 'Expenditure start date "{}" must be before expenditure end date', - { isDateValue: true }, - ], - - [ - 'expenditure end date', - whenGreaterThanZero('total expenditure amount', isValidDate), - 'Expenditure end date "{}" is not a valid date', - { isDateValue: true }, - ], - [ - 'expenditure end date', - whenGreaterThanZero('total expenditure amount', dateIsInReportingPeriod), - 'Expenditure end date "{}" must be in the reporting period', - { isDateValue: true }, - ], - - [ - 'primary place of performance address line 1', - isNotBlank, - 'Primary place of performance address line 1 cannot be blank', - ], - [ - 'primary place of performance city name', - isNotBlank, - 'Primary place of performance city name cannot be blank', - ], - [ - 'primary place of performance state code', - isValidState, - 'Primary place of performance state code "{}" is not valid', - ], - [ - 'primary place of performance zip', - whenUS('primary place of performance country name', isValidZip), - 'Primary place of performance zip "{}" is not valid', - ], - [ - 'primary place of performance country name', - dropdownIncludes('country'), - 'Primary place of performance country name "{}" is not valid', - ], - [ - 'current quarter obligation', - isNumberOrBlank, - - 'Contract {{contract number}} current quarter obligation must be an amount greater than zero', - ], - [ - 'current quarter obligation', - whenNotBlank('current quanter obligation', numberIsLessThanOrEqual('contract amount')), - 'Contract {{contract number}} current quarter obligation {{current quarter obligation}} must be less than or equal to the contract amount', - ], - [ - 'total expenditure amount', - isNumberOrBlank, - 'Total expenditure amount must be a number', - ], - [ - 'total expenditure amount', - isSum(expenditureCategories), - 'Total expenditure amount must be the sum of all expenditure amount columns', - ], - [ - 'contract amount', - cumulativeAmountIsLessThanOrEqual('total expenditure amount', contractMatches), - 'Cumulative expenditure amount must be less than or equal to contract amount', - { tags: ['cumulative'] }, - ], - [ - 'other expenditure categories', - whenNotBlank('other expenditure amount', isNotBlank), - 'Other Expenditure Categories cannot be blank if Other Expenditure Amount has an amount', - ], - [ - 'other expenditure amount', - whenNotBlank('other expenditure categories', isNumber), - 'Other Expenditure Amount must be a number', - ], -]; - -module.exports = validateRecords('contracts', requiredFields); - -// NOTE: This file was copied from src/server/services/validate-data/contracts.js (git @ ada8bfdc98) in the arpa-reporter repo on 2022-09-23T20:05:47.735Z diff --git a/packages/server/src/arpa_reporter/services/validate-data/cover.js b/packages/server/src/arpa_reporter/services/validate-data/cover.js deleted file mode 100644 index c44d32166..000000000 --- a/packages/server/src/arpa_reporter/services/validate-data/cover.js +++ /dev/null @@ -1,18 +0,0 @@ -const { matchesFilePart } = require('./validate'); -const { validateSingleRecord } = require('./validate'); - -const requiredFields = [ - [ - 'agency code', - matchesFilePart('agencyCode'), - 'The agency code "{}" in the file name does not match the cover\'s agency code', - ], -]; - -module.exports = validateSingleRecord( - 'cover', - requiredFields, - 'cover requires a row with "agency code"', -); - -// NOTE: This file was copied from src/server/services/validate-data/cover.js (git @ ada8bfdc98) in the arpa-reporter repo on 2022-09-23T20:05:47.735Z diff --git a/packages/server/src/arpa_reporter/services/validate-data/direct.js b/packages/server/src/arpa_reporter/services/validate-data/direct.js deleted file mode 100644 index 14995db16..000000000 --- a/packages/server/src/arpa_reporter/services/validate-data/direct.js +++ /dev/null @@ -1,119 +0,0 @@ -const { - directMatches, - cumulativeAmountIsEqual, - cumulativeAmountIsLessThanOrEqual, - dateIsInReportingPeriod, - dateIsOnOrBefore, - isAtLeast50K, - isNumberOrBlank, - isSum, - isValidDate, - isValidSubrecipient, - matchesFilePart, - numberIsLessThanOrEqual, - validateRecords, - whenGreaterThanZero, - whenNotBlank, -} = require('./validate'); - -const expenditureCategories = require('./expenditure-categories'); - -// type pattern for this elements of the fields array is -// [ -// columnName: string, -// validator: (val: any, content: obj?) => bool, -// message: string? -// ] -const requiredFields = [ - [ - 'project id', - matchesFilePart('projectId'), - 'The direct project id "{}" does not match the project id in the filename', - ], - - [ - 'subrecipient id', - isValidSubrecipient, - 'Each direct row must have a "subrecipient id" which is included in the "subrecipient" tab', - ], - - [ - 'obligation amount', - isAtLeast50K, - 'Obligation amount must be at least $50,000', - { tags: ['v2'] }, - ], - - ['obligation date', isValidDate, 'Obligation date "{}" is not valid'], - [ - 'obligation date', - dateIsInReportingPeriod, - 'Obligation date "{}" is not in the reporting period', - { isDateValue: true }, - ], - - [ - 'current quarter obligation', - isNumberOrBlank, - 'Current quarter obligation must be an amount', - ], - [ - 'current quarter obligation', - whenNotBlank('current quarter obligation', numberIsLessThanOrEqual('obligation amount')), - 'Current quarter obligation must be less than or equal to obligation amount', - ], - [ - 'obligation amount', - cumulativeAmountIsEqual('current quarter obligation', directMatches), - 'Obligation amount must equal cumulative obligation amount', - { tags: ['cumulative'] }, - ], - [ - 'expenditure start date', - whenGreaterThanZero('total expenditure amount', isValidDate), - 'Expenditure start date "{}" is not valid', - { isDateValue: true }, - ], - [ - 'expenditure start date', - whenGreaterThanZero('total expenditure amount', dateIsInReportingPeriod), - 'Expenditure state date "{}" is not in the reporting period', - { isDateValue: true }, - ], - [ - 'expenditure start date', - whenGreaterThanZero( - 'total expenditure amount', - dateIsOnOrBefore('expenditure end date'), - ), - 'Expenditure start date "{}" is not on or before the expenditure end date', - { isDateValue: true }, - ], - [ - 'expenditure start date', - whenGreaterThanZero('total expenditure amount', dateIsInReportingPeriod), - 'Expenditure start date "{}" is not in the reporting period', - { isDateValue: true }, - ], - - [ - 'total expenditure amount', - isNumberOrBlank, - 'Total expenditure amount must be a number', - ], - [ - 'total expenditure amount', - isSum(expenditureCategories), - 'Total expenditure amount is not the sum of all expenditure amount columns', - ], - [ - 'obligation amount', - cumulativeAmountIsLessThanOrEqual('total expenditure amount', directMatches), - 'Cumulative expenditure amount must be less than or equal to obligation amount', - { tags: ['cumulative'] }, - ], -]; - -module.exports = validateRecords('direct', requiredFields); - -// NOTE: This file was copied from src/server/services/validate-data/direct.js (git @ ada8bfdc98) in the arpa-reporter repo on 2022-09-23T20:05:47.735Z diff --git a/packages/server/src/arpa_reporter/services/validate-data/expenditure-categories.js b/packages/server/src/arpa_reporter/services/validate-data/expenditure-categories.js deleted file mode 100644 index 6eb6aa7b2..000000000 --- a/packages/server/src/arpa_reporter/services/validate-data/expenditure-categories.js +++ /dev/null @@ -1,24 +0,0 @@ -const expenditureCategories = [ - 'budgeted personnel and services diverted to a substantially different use', - 'covid-19 testing and contact tracing', - 'economic support (other than small business, housing, and food assistance)', - 'facilitating distance learning', - 'food programs', - 'housing support', - 'improve telework capabilities of public employees', - 'medical expenses', - 'nursing home assistance', - 'payroll for public health and safety employees', - 'personal protective equipment', - 'public health expenses', - 'small business assistance', - 'unemployment benefits', - 'workers’ compensation', - 'expenses associated with the issuance of tax anticipation notes', - 'administrative expenses', - 'other expenditure amount', -]; - -module.exports = expenditureCategories; - -// NOTE: This file was copied from src/server/services/validate-data/expenditure-categories.js (git @ ada8bfdc98) in the arpa-reporter repo on 2022-09-23T20:05:47.735Z diff --git a/packages/server/src/arpa_reporter/services/validate-data/grants.js b/packages/server/src/arpa_reporter/services/validate-data/grants.js deleted file mode 100644 index 9a4987607..000000000 --- a/packages/server/src/arpa_reporter/services/validate-data/grants.js +++ /dev/null @@ -1,235 +0,0 @@ -const { - cumulativeAmountIsEqual, - cumulativeAmountIsLessThanOrEqual, - dateIsInPeriodOfPerformance, - dateIsInReportingPeriod, - dateIsOnOrBefore, - dateIsOnOrBeforeCRFEndDate, - dropdownIncludes, - grantMatches, - isEqual, - isAtLeast50K, - isNotBlank, - isNumber, - isNumberOrBlank, - isSum, - isValidDate, - isValidState, - isValidSubrecipient, - isValidZip, - matchesFilePart, - numberIsLessThanOrEqual, - validateRecords, - whenGreaterThanZero, - whenNotBlank, - whenUS, -} = require('./validate'); - -const expenditureCategories = require('./expenditure-categories'); - -// type pattern for this elements of the fields array is -// [ -// columnName: string, -// validator: (val: any, content: obj?) => bool, -// message: string? -// ] -const requiredFields = [ - [ - 'project id', - matchesFilePart('projectId'), - 'The grant project id "{}" does not match the project id in the filename', - ], - [ - 'subrecipient id', - isValidSubrecipient, - 'Each grant row must have a "subrecipient id" which is included in the "subrecipient" tab', - ], - ['award number', isNotBlank, 'Award number must not be blank'], - [ - 'award payment method', - dropdownIncludes('award payment method'), - 'Award payment method "{}" is not valid', - ], - [ - 'award amount', - isAtLeast50K, - 'Contract amount must be at least $50,000', - { tags: ['v2'] }, - ], - - ['award date', isValidDate, 'Award date must be a valid date'], - [ - 'award date', - dateIsOnOrBefore('period of performance start date'), - 'Award date "{}" is not on or before the period of performance start date', - { isDateValue: true }, - ], - [ - 'award date', - whenGreaterThanZero( - 'total expenditure amount', - dateIsOnOrBefore('expenditure start date'), - ), - 'Award date "{}" is not on or before the expenditure start date', - { isDateValue: true }, - ], - [ - 'award date', - dateIsInReportingPeriod, - 'Award date "{}" is not in the reporting period', - { isDateValue: true }, - ], - - [ - 'period of performance start date', - whenGreaterThanZero('total expenditure amount', isValidDate), - 'Period of performance start date "{}" is not a valid date', - { isDateValue: true }, - ], - [ - 'period of performance start date', - dateIsInPeriodOfPerformance, - 'Period of performance start date "{}" must be in the period of performance', - { isDateValue: true }, - ], - [ - 'period of performance end date', - whenGreaterThanZero('total expenditure amount', isValidDate), - 'Period of performance end date "{}" is not a valid date', - { isDateValue: true }, - ], - [ - 'period of performance end date', - whenGreaterThanZero( - 'total expenditure amount', - dateIsOnOrBeforeCRFEndDate, - ), - 'Period of performance end date "{}" must be on or before CRF end date', - { isDateValue: true }, - ], - [ - 'period of performance start date', - whenGreaterThanZero( - 'total expenditure amount', - dateIsOnOrBefore('period of performance end date'), - ), - 'period of performance start date "{}" is not on or before period of performance end date', - { isDateValue: true }, - ], - - [ - 'expenditure start date', - whenGreaterThanZero('total expenditure amount', isValidDate), - 'Expenditure start date "{}" is not a valid date', - { isDateValue: true }, - ], - [ - 'expenditure start date', - whenGreaterThanZero('total expenditure amount', dateIsInReportingPeriod), - 'Expenditure state date "{}" is not in the reporting period', - { isDateValue: true }, - ], - [ - 'expenditure start date', - whenGreaterThanZero( - 'total expenditure amount', - dateIsOnOrBefore('expenditure end date'), - ), - 'Expenditure start date "{}" is not on or before the expenditure end date', - { isDateValue: true }, - ], - [ - 'expenditure end date', - whenGreaterThanZero('total expenditure amount', isValidDate), - 'Expenditure end date "{}" is not a valid date', - ], - - [ - 'primary place of performance address line 1', - isNotBlank, - 'primary place of performance address line 1 must not be blank', - ], - [ - 'primary place of performance city name', - isNotBlank, - 'primary place of performance city must not be blank', - ], - [ - 'primary place of performance state code', - isValidState, - 'primary place of performance state is not valid', - ], - [ - 'primary place of performance zip', - whenUS('primary place of performance country name', isValidZip), - 'primary place of performance zip must not be blank', - ], - [ - 'primary place of performance country name', - dropdownIncludes('country'), - 'primary place of performance country name "{}" is not valid', - ], - - [ - 'compliance', - dropdownIncludes( - 'is awardee complying with terms and conditions of the grant?', - ), - 'Compliance "{}" is not valid', - ], - - [ - 'current quarter obligation', - isNumberOrBlank, - 'Current quarter obligation must be an amount', - ], - [ - - 'current quarter obligation', - whenNotBlank('current quarter obligation', numberIsLessThanOrEqual('award amount')), - 'Award {{award number}}: current quarter obligation quarter obligation must be less than or equal to award amount', - ], - [ - 'award amount', - isEqual('current quarter obligation'), - 'Award amount must equal obligation amount', - { tags: ['v2'] }, - ], - [ - 'award amount', - cumulativeAmountIsEqual('current quarter obligation', grantMatches), - 'Award {{award number}}: award amount {{award amount}} must equal cumulative obligation amount {{cumulative obligation amount}} for award', - { tags: ['cumulative'] }, - ], - - [ - 'total expenditure amount', - isNumberOrBlank, - 'Total expenditure amount must be an amount', - ], - [ - 'total expenditure amount', - isSum(expenditureCategories), - 'Total expenditure amount is not the sum of all expenditure amount columns', - ], - [ - 'award amount', - cumulativeAmountIsLessThanOrEqual('total expenditure amount', grantMatches), - 'Cumulative expenditure amount must be less than or equal to award amount', - { tags: ['cumulative'] }, - ], - [ - 'other expenditure categories', - whenNotBlank('other expenditure amount', isNotBlank), - 'Other Expenditure Categories cannot be blank if Other Expenditure Amount has an amount', - ], - [ - 'other expenditure amount', - whenNotBlank('other expenditure categories', isNumber), - 'Other Expenditure Amount must be a number', - ], -]; - -module.exports = validateRecords('grants', requiredFields); - -// NOTE: This file was copied from src/server/services/validate-data/grants.js (git @ ada8bfdc98) in the arpa-reporter repo on 2022-09-23T20:05:47.735Z diff --git a/packages/server/src/arpa_reporter/services/validate-data/helpers.js b/packages/server/src/arpa_reporter/services/validate-data/helpers.js deleted file mode 100644 index c6411f3bc..000000000 --- a/packages/server/src/arpa_reporter/services/validate-data/helpers.js +++ /dev/null @@ -1,40 +0,0 @@ -const _ = require('lodash'); - -const subrecipientKey = (subrecipient) => ( - // keep duns number first or tests fail - // console.log(`subrecipientKey()`) - // console.dir(subrecipient) - subrecipient['duns number'] || subrecipient['identification number'] -); - -/* getSubrecipientsHash() returns a KV table where k is the subrecipient id - and v is the subrecipient record: - { '48262': { - type: 'subrecipient', - user_id: 1, - content: { - 'identification number': '48262', - 'duns number': undefined, - 'legal name': 'HOLOGIC INC', - 'address line 1': '250 CAMPUS DR', - 'address line 2': undefined, - 'address line 3': undefined, - 'city name': 'MARLBOROUGH', - 'state code': 'MA', - zip: '01752', - 'country name': 'United States', - 'organization type': 'County Government' - }, - sourceRow: 3 - }, - ... - } - */ -const getSubrecipientsHash = (subrecipientRecords) => _.keyBy(subrecipientRecords, ({ content }) => subrecipientKey(content)); - -module.exports = { - subrecipientKey, - getSubrecipientsHash, -}; - -// NOTE: This file was copied from src/server/services/validate-data/helpers.js (git @ ada8bfdc98) in the arpa-reporter repo on 2022-09-23T20:05:47.735Z diff --git a/packages/server/src/arpa_reporter/services/validate-data/index.js b/packages/server/src/arpa_reporter/services/validate-data/index.js deleted file mode 100644 index 1942b1eeb..000000000 --- a/packages/server/src/arpa_reporter/services/validate-data/index.js +++ /dev/null @@ -1,44 +0,0 @@ -const _ = require('lodash'); -const { format } = require('date-fns'); - -const { getSubrecipientsHash } = require('./helpers'); - -/* eslint-disable global-require */ -const tabValidators = [ - require('./certification'), - require('./cover'), - // require('./subrecipients'), - // require('./contracts'), - // require('./grants'), - // require('./loans'), - // require('./transfers'), - // require('./direct') -]; -/* eslint-enable global-require */ - -const validateData = (records, fileParts, reportingPeriod, periodSummaries, firstReportingPeriodStartDate) => { - const groupedRecords = _.groupBy(records, 'type'); - const subrecipientsHash = getSubrecipientsHash(groupedRecords.subrecipient); - - const validateContext = { - fileParts, - firstReportingPeriodStartDate: format(firstReportingPeriodStartDate, 'yyyy-MM-dd'), - reportingPeriod: { - startDate: format(reportingPeriod.start_date, 'yyyy-MM-dd'), - endDate: format(reportingPeriod.end_date, 'yyyy-MM-dd'), - periodOfPerformanceEndDate: format( - reportingPeriod.period_of_performance_end_date, - 'yyyy-MM-dd', - ), - crfEndDate: format(reportingPeriod.crf_end_date, 'yyyy-MM-dd'), - }, - subrecipientsHash, - tags: reportingPeriod.validation_rule_tags, - periodSummaries, - }; - return _.flatMap(tabValidators, (tabValidator) => _.take(tabValidator(groupedRecords, validateContext), 100)); -}; - -module.exports = { validateData }; - -// NOTE: This file was copied from src/server/services/validate-data/index.js (git @ ada8bfdc98) in the arpa-reporter repo on 2022-09-23T20:05:47.735Z diff --git a/packages/server/src/arpa_reporter/services/validate-data/loans.js b/packages/server/src/arpa_reporter/services/validate-data/loans.js deleted file mode 100644 index 255edf49c..000000000 --- a/packages/server/src/arpa_reporter/services/validate-data/loans.js +++ /dev/null @@ -1,110 +0,0 @@ -const { - cumulativeAmountIsEqual, - dateIsInReportingPeriod, - dropdownIncludes, - isNotBlank, - isNumberOrBlank, - isPositiveNumberOrZero, - isValidDate, - isValidState, - isValidSubrecipient, - isValidZip, - loanMatches, - matchesFilePart, - numberIsLessThanOrEqual, - validateRecords, - whenNotBlank, - whenUS, -} = require('./validate'); - -// type pattern for this elements of the fields array is -// [ -// columnName: string, -// validator: (val: any, content: obj?) => bool, -// message: string? -// ] -const requiredFields = [ - [ - 'project id', - matchesFilePart('projectId'), - 'The loan project id "{}" does not match the project id in the filename', - ], - [ - 'subrecipient id', - isValidSubrecipient, - 'Each loan row must have a "subrecipient id" which is included in the "subrecipient" tab', - ], - - ['loan number', isNotBlank, 'Load number must not be blank'], - [ - - 'loan amount', - isPositiveNumberOrZero, - 'Loan amount must be a number greater than or equal to zero', - ], - ['loan date', isValidDate, 'Loan date must be a valid date'], - [ - 'loan date', - dateIsInReportingPeriod, - 'Loan date "{}" is not in the reporting period', - { isDateValue: true }, - ], - - [ - 'primary place of performance address line 1', - isNotBlank, - 'primary place of business address line 1 must not be blank ', - ], - [ - 'primary place of performance city name', - isNotBlank, - 'primary place of business city name must not be blank ', - ], - [ - 'primary place of performance state code', - isValidState, - 'primary place of business state code must not be blank ', - ], - [ - 'primary place of performance zip', - whenUS('primary place of performance country name', isValidZip), - 'primary place of business zip is not valid', - ], - [ - 'primary place of performance country name', - dropdownIncludes('country'), - 'primary place of business country name "{}" is not valid', - ], - - [ - 'current quarter obligation', - isNumberOrBlank, - 'Current quarter obligation must be an amount', - ], - [ - 'current quarter obligation', - whenNotBlank('current quarter obligation', numberIsLessThanOrEqual('loan amount')), - 'Current quarter obligation must be less than or equal to loan amount', - ], - [ - 'loan amount', - cumulativeAmountIsEqual('current quarter obligation', loanMatches), - 'Loan amount must equal cumulative obligation amount', - { tags: ['cumulative'] }, - ], - [ - 'payment amount', - whenNotBlank('payment amount', isNumberOrBlank), - 'Payment amount must be a number', - ], - [ - 'payment date', - whenNotBlank('payment amount', isValidDate), - 'Payment date must be a valid date', - { isDateValue: true }, - ], -]; - -module.exports = validateRecords('loans', requiredFields); - -// NOTE: This file was copied from src/server/services/validate-data/loans.js (git @ ada8bfdc98) in the arpa-reporter repo on 2022-09-23T20:05:47.735Z diff --git a/packages/server/src/arpa_reporter/services/validate-data/subrecipients.js b/packages/server/src/arpa_reporter/services/validate-data/subrecipients.js deleted file mode 100644 index e24d92e40..000000000 --- a/packages/server/src/arpa_reporter/services/validate-data/subrecipients.js +++ /dev/null @@ -1,54 +0,0 @@ -const { - dropdownIncludes, - hasSubrecipientKey, - isNotBlank, - isValidState, - isValidZip, - validateRecords, - whenBlank, - whenUS, -} = require('./validate'); - -const requiredFields = [ - [ - '', - hasSubrecipientKey, - 'Each subrecipient must have either an "identification number" or a "duns number"', - ], - ['legal name', isNotBlank, 'Legal name must not be blank'], - [ - 'organization type', - dropdownIncludes('organization type'), - 'Organization type "{}" is not valid', - ], - - [ - 'address line 1', - whenBlank('duns number', isNotBlank), - 'Address line 1 must not be blank when DUNS number is not provided', - ], - [ - 'city name', - whenBlank('duns number', isNotBlank), - 'City name must not be blank when DUNS number is not provided', - ], - [ - 'state code', - whenBlank('duns number', whenUS('country name', isValidState)), - 'State code must be a valid state code when DUNS number is not provided', - ], - [ - 'zip', - whenBlank('duns number', whenUS('country name', isValidZip)), - 'Zip must be a valid zip when DUNS number is not provided', - ], - [ - 'country name', - whenBlank('duns number', dropdownIncludes('country')), - 'Country name must be a valid country name when DUNS number is not provided', - ], -]; - -module.exports = validateRecords('subrecipient', requiredFields); - -// NOTE: This file was copied from src/server/services/validate-data/subrecipients.js (git @ ada8bfdc98) in the arpa-reporter repo on 2022-09-23T20:05:47.735Z diff --git a/packages/server/src/arpa_reporter/services/validate-data/transfers.js b/packages/server/src/arpa_reporter/services/validate-data/transfers.js deleted file mode 100644 index c6f4364f0..000000000 --- a/packages/server/src/arpa_reporter/services/validate-data/transfers.js +++ /dev/null @@ -1,155 +0,0 @@ -const { - cumulativeAmountIsEqual, - cumulativeAmountIsLessThanOrEqual, - dateIsInReportingPeriod, - dateIsOnOrBefore, - dropdownIncludes, - isEqual, - isAtLeast50K, - isNotBlank, - isNumber, - isNumberOrBlank, - isSum, - isValidDate, - isValidSubrecipient, - matchesFilePart, - numberIsLessThanOrEqual, - transferMatches, - validateRecords, - whenNotBlank, - whenGreaterThanZero, -} = require('./validate'); - -const expenditureCategories = require('./expenditure-categories'); - -// type pattern for this elements of the fields array is -// [ -// columnName: string, -// validator: (val: any, content: obj?) => bool, -// message: string? -// ] -const requiredFields = [ - [ - 'project id', - matchesFilePart('projectId'), - 'The transfer project id "{}" does not match the project id in the filename', - ], - [ - 'subrecipient id', - isValidSubrecipient, - 'Each transfer row must have a "subrecipient id" which is included in the "subrecipient" tab', - ], - ['transfer number', isNotBlank, 'Transfer number cannot be blank'], - [ - - 'award amount', - whenNotBlank('total expenditure amount', isAtLeast50K), - 'Award amount must be at least $50,000', - { tags: ['v2'] }, - ], - [ - 'transfer type', - dropdownIncludes('award payment method'), - 'Transfer type "{}" is not valid', - ], - - ['transfer date', isValidDate, 'Transfer date is not a valid date'], - [ - 'transfer date', - dateIsInReportingPeriod, - 'Transfer date "{}" is not in reporting period', - { isDateValue: true }, - ], - - [ - 'current quarter obligation', - isNumberOrBlank, - 'Current quarter obligation must be an amount', - ], - [ - - 'current quarter obligation', - whenNotBlank('current quarter obligation', numberIsLessThanOrEqual('award amount')), - 'Transfer {{transfer number}} current quarter obligation {{current quarter obligation}} must be less than or equal to the award amount', - ], - [ - 'award amount', - isEqual('current quarter obligation'), - 'Award amount must equal obligation amount', - { tags: ['v2'] }, - ], - [ - 'award amount', - cumulativeAmountIsEqual('current quarter obligation', transferMatches), - 'Award amount must equal cumulative obligation amount', - { tags: ['cumulative'] }, - ], - [ - 'award amount', - cumulativeAmountIsLessThanOrEqual('total expenditure amount', transferMatches), - 'Cumulative expenditure amount must be less than or equal to award amount', - { tags: ['cumulative'] }, - ], - - [ - 'expenditure start date', - whenGreaterThanZero('total expenditure amount', isValidDate), - 'Expenditure start date "{}" is not a valid date', - { isDateValue: true }, - ], - [ - 'expenditure start date', - whenGreaterThanZero('total expenditure amount', isValidDate), - 'Expenditure end date "{}" is not a valid date', - { isDateValue: true }, - ], - [ - 'expenditure start date', - whenGreaterThanZero( - 'total expenditure amount', - dateIsOnOrBefore('transfer date'), - ), - 'Expenditure start date "{}" must be on or before transfer date', - { isDateValue: true }, - ], - [ - 'expenditure start date', - whenGreaterThanZero( - 'total expenditure amount', - dateIsOnOrBefore('expenditure end date'), - ), - 'Expenditure start date "{}" must be on or before expenditure end date', - { isDateValue: true }, - ], - [ - 'expenditure start date', - whenGreaterThanZero('total expenditure amount', dateIsInReportingPeriod), - 'Expenditure start date "{}" must be in reporting period', - { isDateValue: true }, - ], - - [ - 'total expenditure amount', - isNumberOrBlank, - 'Total expenditure amount must an amount', - ], - [ - 'total expenditure amount', - isSum(expenditureCategories), - 'Total expenditure amount is not the sum of all expenditure amount columns', - ], - [ - 'other expenditure categories', - whenNotBlank('other expenditure amount', isNotBlank), - 'Other Expenditure Categories cannot be blank if Other Expenditure Amount has an amount', - ], - [ - 'other expenditure amount', - whenNotBlank('other expenditure categories', isNumber), - 'Other Expenditure Amount must be a number', - ], -]; - -module.exports = validateRecords('transfers', requiredFields); - -// NOTE: This file was copied from src/server/services/validate-data/transfers.js (git @ ada8bfdc98) in the arpa-reporter repo on 2022-09-23T20:05:47.735Z diff --git a/packages/server/src/arpa_reporter/services/validate-data/validate.js b/packages/server/src/arpa_reporter/services/validate-data/validate.js deleted file mode 100644 index 20c5b03b9..000000000 --- a/packages/server/src/arpa_reporter/services/validate-data/validate.js +++ /dev/null @@ -1,392 +0,0 @@ -const ssf = require('ssf'); -const mustache = require('mustache'); -const _ = require('lodash'); -const { ValidationItem } = require('../../lib/validation-log'); -const { log } = require('../../lib/log'); -const { subrecipientKey } = require('./helpers'); - -function dateIsInPeriodOfPerformance(val, content, { reportingPeriod }) { - const dt = ssf.format('yyyy-MM-dd', val); - return dt >= '2020-03-01' && dt <= reportingPeriod.periodOfPerformanceEndDate; -} - -function dateIsInReportingPeriod(val, content, { firstReportingPeriodStartDate, reportingPeriod }) { - const dt = ssf.format('yyyy-MM-dd', val); - return dt >= firstReportingPeriodStartDate && dt <= reportingPeriod.endDate; -} - -function dateIsOnOrBefore(key) { - return (val, content) => new Date(val).getTime() <= new Date(content[key]).getTime(); -} - -function dateIsOnOrBeforeCRFEndDate(val, content, { reportingPeriod }) { - const dt = ssf.format('yyyy-MM-dd', val); - return dt <= reportingPeriod.crfEndDate; -} - -function dateIsOnOrAfter(key) { - return (val, content) => new Date(val).getTime() >= new Date(content[key]).getTime(); -} - -function hasSubrecipientKey(val, content) { - return !!subrecipientKey(content); -} - -function isNotBlank(val) { - return _.isNumber(val) || !_.isEmpty(val); -} - -function isNumber(val) { - return _.isNumber(val); -} - -function isNumberOrBlank(val) { - return _.isEmpty(val) || _.isNumber(val); -} - -function isPositiveNumber(val) { - return _.isNumber(val) && val > 0; -} - -function isPositiveNumberOrZero(val) { - return _.isNumber(val) ? val >= 0 : _.isEmpty(val); -} - -function isAtLeast50K(val) { - return _.isNumber(val) && val >= 50000; -} - -function isEqual(column) { - return (val, content) => { - const f1 = parseFloat(val) || 0.0; - const f2 = parseFloat(content[column]) || 0.0; - return Math.abs(f1 - f2) < 0.01; - }; -} - -function isSum(columns) { - return (val, content) => { - let sum = _.reduce( - columns, - (acc, c) => { - if (!c) { - return acc; - } - const f = parseFloat(content[c]) || 0.0; - return acc + f; - }, - 0.0, - ); - val = Number(val) || 0; // can come in as a string - val = _.round(val, 2); - sum = _.round(sum, 2); // parseFloat returns junk in the 11th decimal place - if (val !== sum) { - // console.log(`val is ${val}, sum is ${sum}`); - } - return val === sum; - }; -} - -function periodSummaryKey(key) { - switch (key) { - case 'current quarter obligation': - return 'current_obligation'; - case 'total expenditure amount': - return 'current_expenditure'; - default: - return ''; - } -} - -function withoutLeadingZeroes(v) { - return `${v}`.replace(/^0+/, ''); -} - -function summaryMatches(type, id, content) { - return (s) => { - const isMatch = s.award_type === type - && withoutLeadingZeroes(s.project_code) === withoutLeadingZeroes(content['project id']) - && `${content[id]}` === s.award_number; - // console.log('summary:', s); - // console.log('content:', content); - // console.log(s.award_type === type); - // console.log(withoutLeadingZeroes(s.project_code) === withoutLeadingZeroes(content['project id'])); - // console.log(content[id] === s.award_number); - return isMatch; - }; -} - -function contractMatches(content) { - return summaryMatches('contracts', 'contract number', content); -} - -function directMatches(content) { - return (s) => { - const awardNumber = `${content['subrecipient id']}:${content['obligation date']}`; - const isMatch = s.award_type === 'direct' - && withoutLeadingZeroes(s.project_code) === withoutLeadingZeroes(content['project id']) - && awardNumber === s.award_number; - return isMatch; - }; -} - -function grantMatches(content) { - return summaryMatches('grants', 'award number', content); -} - -function loanMatches(content) { - return summaryMatches('loans', 'loan number', content); -} - -function transferMatches(content) { - return summaryMatches('transfers', 'transfer number', content); -} - -function cumulativeAmount(key, content, periodSummaries, filterPredicate) { - const summaries = _.get(periodSummaries, 'periodSummaries'); - return _.chain(summaries) - .filter(filterPredicate(content)) - .map(periodSummaryKey(key)) - .reduce((acc, s) => acc + Number(s) || 0.0, 0.0) - .value(); -} - -function cumulativeAmountIsEqual(key, filterPredicate) { - return (val, content, { periodSummaries }) => { - const currentPeriodAmount = Number(content[key]) || 0.0; - const previousPeriodsAmount = cumulativeAmount(key, content, periodSummaries, filterPredicate); - const b = _.round(val, 2) === _.round(currentPeriodAmount + previousPeriodsAmount, 2); - if (!b) { - log('validate.js/cumulativeAmountIsEqual():', - key, - val, - 'current:', currentPeriodAmount, - 'previous:', previousPeriodsAmount, - 'total:', currentPeriodAmount + previousPeriodsAmount); - log('content:'); - log(JSON.stringify(content)); - } - return b; - }; -} - -function cumulativeAmountIsLessThanOrEqual(key, filterPredicate) { - return (val, content, { periodSummaries }) => { - const currentPeriodAmount = Number(content[key]) || 0.0; - const previousPeriodsAmount = cumulativeAmount(key, content, periodSummaries, filterPredicate); - const b = _.round(currentPeriodAmount + previousPeriodsAmount, 2) <= _.round(val, 2); - if (!b) { - console.log('cumulativeAmountIsLessThanOrEqual:', - key, - val, - 'current:', currentPeriodAmount, - 'previous:', previousPeriodsAmount, - 'total:', currentPeriodAmount + previousPeriodsAmount); - console.log('content:', JSON.stringify(content)); - } - return b; - }; -} - -function isValidDate(val) { - return !_.isNaN(new Date(val).getTime()); -} - -function isValidSubrecipient(val, content, { subrecipientsHash }) { - return _.has(subrecipientsHash, val); -} - -function isUnitedStates(value) { - return value === 'usa' || value === 'united states'; -} - -// TODO: re-write this -// eslint-disable-next-line no-unused-vars -function dropdownIncludes(key) { - // eslint-disable-next-line no-unused-vars - return (val) => true; -} - -function isValidState(val) { - log(`isValidState(${val})`); - return ( - dropdownIncludes('state code')(val) - ); -} - -function isValidZip(val) { - return /^\d{5}(-\d{4})?$/.test(`${val}`); -} - -function matchesFilePart(key) { - return function (val, content, { fileParts }) { - const fileValue = fileParts[key].replace(/^0*/, ''); - const documentValue = (val || '').toString().replace(/^0*/, ''); - return documentValue === fileValue; - }; -} - -function numberIsLessThanOrEqual(key) { - return (val, content) => { - const other = _.isNumber(content[key]) ? content[key] : 0.00; - const b = _.isNumber(val) && _.isNumber(other) && val <= other; - if (!b) { - console.log('numberIsLessThanOrEqual fails:', key, val, _.isNumber(val), other, _.isNumber(other), val <= other); - } - return b; - }; -} - -function numberIsGreaterThanOrEqual(key) { - return (val, content) => { - const other = _.isNumber(content[key]) ? content[key] : 0.00; - return _.isNumber(val) && _.isNumber(other) && val >= other; - }; -} - -function whenBlank(key, validator) { - return (val, content, context) => !!content[key] || validator(val, content, context); -} - -function whenNotBlank(key, validator) { - return (val, content, context) => !content[key] || validator(val, content, context); -} - -function whenUS(key, validator) { - return (val, content, context) => !isUnitedStates(content[key]) - || validator(val, content, context); -} - -function whenGreaterThanZero(key, validator) { - return (val, content, context) => (content[key] > 0 ? validator(val, content, context) : true); -} - -function addValueToMessage(message, value, content) { - const s = message.replace('{}', `${value || ''}`); - return mustache.render(s, content); -} - -function messageValue(val, options) { - if (options && options.isDateValue && val) { - const dt = new Date(val).getTime(); - return _.isNaN(dt) ? val : ssf.format('MM/dd/yyyy', val); - } - return val; -} - -function includeValidator(options, context) { - const tags = _.get(options, 'tags'); - if (!tags) { - return true; - } - if (!context.tags) { - return false; - } - return !_.isEmpty(_.intersection(tags, context.tags)); -} - -function validateFields(requiredFields, content, tab, row, context = {}) { - // console.log("------ required fields are:"); - // console.dir(requiredFields); - // console.log("------content is"); - // console.dir(content); - // console.log("------content end"); - const valog = []; - requiredFields.forEach(([key, validator, message, options]) => { - if (includeValidator(options, context)) { - const val = content[key] || ''; - if (!validator(val, content, context)) { - // console.log(`val ${val}, content:`); - // console.dir(content); - // console.log(`val ${val}, context:`); - // console.dir(context); - const finalMessage = addValueToMessage( - message || `Empty or invalid entry for ${key}: "{}"`, - messageValue(val, options), - content, - ); - console.log(finalMessage); - valog.push( - new ValidationItem({ - message: finalMessage, - tab, - row, - }), - ); - } - } - }); - return valog; -} - -function validateRecords(tab, validations) { - return function (groupedRecords, validateContext) { - const records = groupedRecords[tab]; - return _.flatMap(records, ({ content, sourceRow }) => validateFields( - validations, - content, - tab, - sourceRow, - validateContext, - )); - }; -} - -function validateSingleRecord(tab, validations, message) { - return function (groupedRecords, validateContext) { - const records = groupedRecords[tab]; - let valog = []; - - if (records && records.length === 1) { - const { content } = records[0]; - const row = 2; - const results = validateFields(validations, content, tab, row, validateContext); - valog = valog.concat(results); - } else { - valog.push(new ValidationItem({ message, tab })); - } - return valog; - }; -} - -module.exports = { - contractMatches, - cumulativeAmountIsEqual, - cumulativeAmountIsLessThanOrEqual, - dateIsInPeriodOfPerformance, - dateIsInReportingPeriod, - dateIsOnOrBefore, - dateIsOnOrBeforeCRFEndDate, - dateIsOnOrAfter, - directMatches, - grantMatches, - dropdownIncludes, - hasSubrecipientKey, - isEqual, - isAtLeast50K, - isNotBlank, - isNumber, - isNumberOrBlank, - isPositiveNumber, - isPositiveNumberOrZero, - isSum, - isValidDate, - isValidState, - isValidSubrecipient, - isValidZip, - loanMatches, - matchesFilePart, - messageValue, - numberIsLessThanOrEqual, - numberIsGreaterThanOrEqual, - transferMatches, - validateRecords, - validateFields, - validateSingleRecord, - whenBlank, - whenGreaterThanZero, - whenNotBlank, - whenUS, -}; - -// NOTE: This file was copied from src/server/services/validate-data/validate.js (git @ ada8bfdc98) in the arpa-reporter repo on 2022-09-23T20:05:47.735Z From 4522feff7e81697a337ffab96e492d27db92035a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 20:20:36 +0000 Subject: [PATCH 09/19] chore(deps): bump cloudposse/efs/aws in /terraform/modules/gost_api (#2305) Bumps [cloudposse/efs/aws](https://github.com/cloudposse/terraform-aws-efs) from 0.34.0 to 0.35.0. - [Release notes](https://github.com/cloudposse/terraform-aws-efs/releases) - [Commits](https://github.com/cloudposse/terraform-aws-efs/compare/0.34.0...0.35.0) --- updated-dependencies: - dependency-name: cloudposse/efs/aws dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- terraform/modules/gost_api/storage.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/gost_api/storage.tf b/terraform/modules/gost_api/storage.tf index 188cd64df..3450ae7cd 100644 --- a/terraform/modules/gost_api/storage.tf +++ b/terraform/modules/gost_api/storage.tf @@ -1,6 +1,6 @@ module "efs_data_volume" { source = "cloudposse/efs/aws" - version = "0.34.0" + version = "0.35.0" context = module.this.context name = "${var.namespace}-data_volume" From c9fc2aa18a21d9a1dac3cb16a0fd2ac62ffa6740 Mon Sep 17 00:00:00 2001 From: Steven Bowen Date: Tue, 5 Dec 2023 15:35:07 -0500 Subject: [PATCH 10/19] feat: digest email design update (#2248) * feat: digest email design update * refactor: remove all html tags from description --- .../server/__tests__/db/seeds/fixtures.js | 6 +-- packages/server/__tests__/email/email.test.js | 8 +++- packages/server/src/lib/email.js | 17 ++++--- .../_additional_grants_button.html | 41 ++++++++-------- .../email_templates/_content_spacer.html | 10 ++-- .../email_templates/_formatted_body.html | 14 +++--- .../static/email_templates/_grant_detail.html | 48 +++++++------------ .../src/static/email_templates/base.html | 29 +++++------ 8 files changed, 84 insertions(+), 89 deletions(-) diff --git a/packages/server/__tests__/db/seeds/fixtures.js b/packages/server/__tests__/db/seeds/fixtures.js index ee3c303a1..8f0a93a97 100644 --- a/packages/server/__tests__/db/seeds/fixtures.js +++ b/packages/server/__tests__/db/seeds/fixtures.js @@ -117,7 +117,7 @@ const grants = { search_terms: '[in title/desc]+', reviewer_name: 'none', opportunity_category: 'Discretionary', - description: '

The Division of Earth Sciences (EAR) awards Postdoctoral Fellowships

', + description: 'The Division of Earth Sciences (EAR) awards Postdoctoral Fellowships', eligibility_codes: '25', opportunity_status: 'posted', raw_body: 'raw body', @@ -141,7 +141,7 @@ const grants = { search_terms: '[in title/desc]+', reviewer_name: 'none', opportunity_category: 'Discretionary', - description: '

Health Aide Program for Covid

', + description: ' Health Aide Program for Covid', eligibility_codes: '11 07 25', opportunity_status: 'posted', raw_body: 'raw body', @@ -165,7 +165,7 @@ const grants = { search_terms: '[in title/desc]+', reviewer_name: 'none', opportunity_category: 'Discretionary', - description: '

The Tactical Technology Office (TTO) of the Defense Advanced Research Projects Agency (DARPA)

', + description: 'The Tactical Technology Office (TTO) of the Defense Advanced Research Projects Agency (DARPA)', eligibility_codes: '11', opportunity_status: 'posted', raw_body: 'raw body', diff --git a/packages/server/__tests__/email/email.test.js b/packages/server/__tests__/email/email.test.js index 625baca46..e58c1be56 100644 --- a/packages/server/__tests__/email/email.test.js +++ b/packages/server/__tests__/email/email.test.js @@ -364,13 +364,15 @@ describe('Email sender', () => { const agencies = await db.getAgency(fixtures.agencies.accountancy.id); const agency = agencies[0]; agency.matched_grants = [fixtures.grants.healthAide]; - const body = await email.buildDigestBody(agency.matched_grants); + const body = await email.buildDigestBody({ name: 'Saved search test', openDate: '2021-08-05', matchedGrants: agency.matched_grants }); expect(body).to.include(fixtures.grants.healthAide.description); }); it('builds only first 3 grants if >3 available', async () => { const agencies = await db.getAgency(fixtures.agencies.accountancy.id); const agency = agencies[0]; const ignoredGrant = { ...fixtures.grants.healthAide }; + const name = 'Saved search test'; + const openDate = moment().subtract(1, 'day').format('YYYY-MM-DD'); ignoredGrant.description = 'Added a brand new description'; const updateFn = (int) => { @@ -380,7 +382,7 @@ describe('Email sender', () => { }; const additionalGrants = [...Array(30).keys()].map(updateFn); agency.matched_grants = [...additionalGrants, ...[fixtures.grants.healthAide, fixtures.grants.earFellowship, fixtures.grants.redefiningPossible]]; - const body = await email.buildDigestBody(agency.matched_grants); + const body = await email.buildDigestBody({ name, openDate, matchedGrants: agency.matched_grants }); /* the last 3 grants should not be included in the email */ expect(body).to.not.include(fixtures.grants.healthAide.description); @@ -389,6 +391,8 @@ describe('Email sender', () => { /* the first 30 grants should be included in the email */ additionalGrants.forEach((grant) => expect(body).to.include(grant.description)); + expect(body).to.include(name); + expect(body).to.include(moment(openDate).format('MMMM Do YYYY')); }); }); context('getAndSendGrantForSavedSearch', () => { diff --git a/packages/server/src/lib/email.js b/packages/server/src/lib/email.js index ec9a070ea..bf1a25190 100644 --- a/packages/server/src/lib/email.js +++ b/packages/server/src/lib/email.js @@ -117,10 +117,13 @@ function sendWelcomeEmail(email, httpOrigin) { function getGrantDetail(grant, emailNotificationType) { const grantDetailTemplate = fileSystem.readFileSync(path.join(__dirname, '../static/email_templates/_grant_detail.html')); + + const description = grant.description.substring(0, 380).replace(/(<([^>]+)>)/ig, ''); + const grantDetail = mustache.render( grantDetailTemplate.toString(), { title: grant.title, - description: grant.description && grant.description.length > 400 ? `${grant.description.substring(0, 400)}...` : grant.description, + description, status: grant.opportunity_status, show_date_range: grant.open_date && grant.close_date, open_date: grant.open_date ? new Date(grant.open_date).toLocaleDateString('en-US', { timeZone: 'UTC' }) : undefined, @@ -193,7 +196,7 @@ async function sendGrantAssignedEmail({ grantId, agencyIds, userId }) { agencies.forEach((agency) => module.exports.sendGrantAssignedNotficationForAgency(agency, grantDetail, userId)); } -async function buildDigestBody(matchedGrants) { +async function buildDigestBody({ name, openDate, matchedGrants }) { const grantDetails = []; matchedGrants.slice(0, 30).forEach((grant) => grantDetails.push(module.exports.getGrantDetail(grant, notificationType.grantDigest))); @@ -201,14 +204,14 @@ async function buildDigestBody(matchedGrants) { const contentSpacerTemplate = fileSystem.readFileSync(path.join(__dirname, '../static/email_templates/_content_spacer.html')); const contentSpacerStr = contentSpacerTemplate.toString(); - let additionalBody = grantDetails.join(contentSpacerStr); + let additionalBody = grantDetails.join(contentSpacerStr).concat(contentSpacerStr); const additionalButtonTemplate = fileSystem.readFileSync(path.join(__dirname, '../static/email_templates/_additional_grants_button.html')); additionalBody += mustache.render(additionalButtonTemplate.toString(), { additional_grants_url: `${process.env.WEBSITE_DOMAIN}/#/grants` }); const formattedBody = mustache.render(formattedBodyTemplate.toString(), { - body_title: 'New grants have been posted', - body_detail: `There are ${matchedGrants.length} new grants matching your keywords and settings.`, + body_title: `${name} - ${matchedGrants.length} NEW GRANTS`, + body_detail: moment(openDate).format('MMMM Do YYYY'), additional_body: additionalBody, }); @@ -230,10 +233,10 @@ async function sendGrantDigest({ return; } - const formattedBody = await buildDigestBody(matchedGrants); + const formattedBody = await buildDigestBody({ name, openDate, matchedGrants }); const emailHTML = module.exports.addBaseBranding(formattedBody, { - tool_name: 'Grants Identification Tool', + tool_name: 'Federal Grant Finder', title: 'New Grants Digest', notifications_url: `${process.env.WEBSITE_DOMAIN}/#/grants?manageSettings=true`, }); diff --git a/packages/server/src/static/email_templates/_additional_grants_button.html b/packages/server/src/static/email_templates/_additional_grants_button.html index 40333acc4..4b6f1209f 100644 --- a/packages/server/src/static/email_templates/_additional_grants_button.html +++ b/packages/server/src/static/email_templates/_additional_grants_button.html @@ -1,13 +1,13 @@ -
+ diff --git a/packages/server/src/static/email_templates/_content_spacer.html b/packages/server/src/static/email_templates/_content_spacer.html index 31a297a6d..404d54d57 100644 --- a/packages/server/src/static/email_templates/_content_spacer.html +++ b/packages/server/src/static/email_templates/_content_spacer.html @@ -1,11 +1,11 @@
+ style="padding:0;Margin:0;padding-top:28px;padding-bottom:28px;padding-left:20px;padding-right:20px"> @@ -17,22 +17,25 @@ role="presentation" style="mso-table-lspace:0pt;mso-table-rspace:0pt;border-collapse:collapse;border-spacing:0px"> - +
- - See - all new grants - - +
+ + See all new grants + + +
+
-
+ - + style="mso-table-lspace:0pt;mso-table-rspace:0pt;border-collapse:collapse;border-spacing:0px;background-color:#f6f6f6;width:640px" + cellspacing="0" cellpadding="0" bgcolor="#f6f6f6" align="center"> +
+ style="padding:0;Margin:0;background:#FFFFFF none repeat scroll 0% 0%;height:1px;width:100%;margin:0px">
diff --git a/packages/server/src/static/email_templates/_formatted_body.html b/packages/server/src/static/email_templates/_formatted_body.html index d3b5246d1..bb171ab4f 100644 --- a/packages/server/src/static/email_templates/_formatted_body.html +++ b/packages/server/src/static/email_templates/_formatted_body.html @@ -1,12 +1,12 @@ -
+ -
+ @@ -15,19 +15,19 @@ style="mso-table-lspace:0pt;mso-table-rspace:0pt;border-collapse:collapse;border-spacing:0px"> {{#body_title}} - {{/body_title}} {{#body_detail}} - diff --git a/packages/server/src/static/email_templates/_grant_detail.html b/packages/server/src/static/email_templates/_grant_detail.html index 31ad24e34..ede16230e 100644 --- a/packages/server/src/static/email_templates/_grant_detail.html +++ b/packages/server/src/static/email_templates/_grant_detail.html @@ -1,7 +1,7 @@
+

- {{body_title}} + style="Margin:0;-webkit-text-size-adjust:none;-ms-text-size-adjust:none;mso-line-height-rule:exactly;font-family:arial, 'helvetica neue', helvetica, sans-serif;line-height:normal;letter-spacing: 1px; text-transform: uppercase; color:#000000;font-size:14px"> + {{body_title}}

+

+ style="Margin:0;-webkit-text-size-adjust:none;-ms-text-size-adjust:none;mso-line-height-rule:exactly;font-family:arial, 'helvetica neue', helvetica, sans-serif;line-height:normal;letter-spacing: 1px;color:#43464A;font-size:14px"> {{{body_detail}}}

-
+ @@ -13,57 +13,45 @@
- - - - - diff --git a/packages/server/src/static/email_templates/base.html b/packages/server/src/static/email_templates/base.html index 08e55a1c5..116d004a6 100644 --- a/packages/server/src/static/email_templates/base.html +++ b/packages/server/src/static/email_templates/base.html @@ -388,15 +388,15 @@
-

+

+ +

{{title}}

+
+

- {{{description}}} + {{{description}}}... View on Grants.gov

- - - - -
-
-
+ style="Margin:0">

- Status: {{status}}
+ Status: {{status}}
{{#show_date_range}} - Valid from: {{open_date}} - {{close_date}}
+ Valid From: {{open_date}} - {{close_date}}
{{/show_date_range}} - Award Range: {{award_floor}} – {{award_ceiling}}
+ Award Range: {{award_floor}} - {{award_ceiling}}
{{#estimated_funding}} - Estimated Total Program Funding:{{estimated_funding}}
+ Estimated Total Program Funding: {{estimated_funding}}
{{/estimated_funding}} {{#cost_sharing}} - Cost Sharing:{{cost_sharing}}
+ Cost Sharing: {{cost_sharing}}
{{/cost_sharing}} - View in Grants.gov

-
- +
- @@ -476,11 +473,11 @@
+ style="padding:0;Margin:0;font-size:0px">
+ + style="mso-table-lspace:0pt;mso-table-rspace:0pt;border-collapse:collapse;border-spacing:0px;background-color:#F6F6F6;width:640px" + cellspacing="0" cellpadding="0" bgcolor="#F6F6F6" align="center"> -
@@ -458,9 +458,6 @@ cellpadding="0" border="0" role="presentation" style="mso-table-lspace:0pt;mso-table-rspace:0pt;border-collapse:collapse;border-spacing:0px">
-
+ style="mso-table-lspace:0pt;mso-table-rspace:0pt;border-collapse:collapse;border-spacing:0px;table-layout:fixed !important;width:100%;background-color:#F0F0F0;background-repeat:repeat;background-position:center top">
+ style="mso-table-lspace:0pt;mso-table-rspace:0pt;border-collapse:collapse;border-spacing:0px;background-color:#F0F0F0;width:640px"> {{/notifications_url}} From c3baf55005c06292799f3af63c3b37cbe2263c05 Mon Sep 17 00:00:00 2001 From: rowena Date: Tue, 5 Dec 2023 15:35:58 -0500 Subject: [PATCH 11/19] Feat: Update docs to add more Windows instructions (#2250) (#2266) * updating Windows doc with more info on WSL, plus a bit of the getting started and development docs * adding screenshots for Windows setup doc --- docs/development.md | 2 +- docs/getting-started.md | 3 +- docs/img/setup-windows-docker-integration.png | Bin 0 -> 70000 bytes docs/img/setup-windows-linux-files.png | Bin 0 -> 7263 bytes docs/img/setup-windows-linux-path.png | Bin 0 -> 3404 bytes docs/img/setup-windows-wsl-connect.png | Bin 0 -> 2838 bytes docs/img/setup-windows-wsl-running.png | Bin 0 -> 4201 bytes docs/setup-windows.md | 82 ++++++++++++++---- 8 files changed, 66 insertions(+), 21 deletions(-) create mode 100644 docs/img/setup-windows-docker-integration.png create mode 100644 docs/img/setup-windows-linux-files.png create mode 100644 docs/img/setup-windows-linux-path.png create mode 100644 docs/img/setup-windows-wsl-connect.png create mode 100644 docs/img/setup-windows-wsl-running.png diff --git a/docs/development.md b/docs/development.md index 396eb7700..6b7beb771 100644 --- a/docs/development.md +++ b/docs/development.md @@ -60,7 +60,7 @@ See [here](../docker/README.md) for more information about commands to use when ![AWS SES Error](./img/error-aws-ses.png) -1. Visit `client_url/login` (e.g ) and login w/ user `grant-admin@usdigitalresponse.org`. +1. Visit `client_url/login` (e.g ) and login w/ user `grant-admin@usdigitalresponse.org`. You'll see a confirmation message on the screen. Check your logs to find the generated session link. **NOTE:** if you only see a blank screen then ensure you've set up the `packages/client/.env` diff --git a/docs/getting-started.md b/docs/getting-started.md index 4cbaa4636..62106ef4c 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -21,10 +21,11 @@ Find instructions for using Docker-compose to do local development [here](../doc - For Mac/Linux, see [here](./setup-mac.md) - For Windows, see [here](./setup-windows.md) + - Note: these instructions also use Docker ## Development -See [here](./development.md) for more information about setting up local development +See [here](./development.md) for more information on setting up for development with Docker or with a local environment. Includes details on running code, linting, debugging and styling. ## Common Tasks diff --git a/docs/img/setup-windows-docker-integration.png b/docs/img/setup-windows-docker-integration.png new file mode 100644 index 0000000000000000000000000000000000000000..1458dc17b27696e33152dff0bf6658f73316b1f1 GIT binary patch literal 70000 zcmeFYRahL~5-*wr5+GP`XJBv(?iSqLJ-7|-p5X4T!QDMraEIXTGPq5E8T4fD{om)D zhx2;w!@c*RyQ}J3{e7#tf2+FIud5=I6{S!=5`KL1<_)Thw7BYi0-^*JURVmRoHB-dLe-(I35e1PqZ|dWapN!xC)sY;fbzI)O!KM1w@m5Ba^6IbA z)LLEJRn6YoQNi5R*v#0~_^<8F8y}!4$l6ia!P?%{1<0r81M~#)u`mL?{+|69|E;mI z^057%4V>I;|BU(19skk|{90uliQl|=<&qH>QTH@F%Xy!zIk-98qcnWiP$$>u>fuqU z3j6^q!2e1Cq%J5}X2NZeM*2Wz@D5XTb|Ys^NqG7(55gF3c-gi4*nMBYzl9#=HA8K|b+Y+Aa;x-vj7``wuDosv zEO<#-k$2H4+5hxv!7Oe{1zZ$-&Uklgclz=OR4y=%$?%8Y<1kxeUXS;j$xXZ={xHSEd6I@uxXc-g5}fO z#LY7H+OB8v%5I~HAwX)K|B66KH+w26svN=6YjGWB{ZWi|`DQtD|7CZMEx&pn@g3p) z0%(=m#$AFv@cSF%daX`%nUBTcSD#aXA zaflac`_G&St*^qA`!f5MD>p>-O`XQ=VL|p0R#Xz}?YMgR>PV&)!3zE~IJhE2;kxah z0((9b?x^wdld~tTu{dezS(!6^0nwA%BDMVhiiv+9@q%B1iDUa@pF?nSV8S#PJ>3KS zmO2PB%Uz#t5ww)9R*q?qSa-CC^Q$462(%O0J;S&WFnoH85$aq!YSw$?&BZUmQB@v{J$IKaH@#0_z9#UvMX)eh-PlC82a?y;NJ0hZ-2zSR3^;q~W zK*5tc1LxS>uPm~k^y)R+64F=gidyr7jXrn@cLu&LE2XQ}P_~G0``YI9GCQ&A7)Z8h z5F#w7Nv#A{* zuA(b6lzwL>WrOwqUZI(7!mqR zgCBn+Hl5_qkQ<|J2Toq)r<@wX5jYQ&0;M>6S36CTt&E(iExUsuJ-|+?J*RY(%hw2* zVrK$|gUn{jFH4F=)Ptr@l)vkokMU2K3R4aOMbJ~(f@G}xaK1AE;yb+FVt5Gd65djK zdeY@jbiv0lrp1QfxyWP4lgFus13%=X>qn&b0oCEiVL6dZth^-&Sd*Mpi;nYP@k9O0Z&+? zGmR)14O4*OURLU$ApXBGBjB(>yq-NXq5IbrxdN5bM3dWKTz#FzeKOvrOA}Z?I7JupCWx-Yx?vj2gTc$*kOGwi~c}Xt<%-~ zWYOW*!bVo3!^%4@5)5NdhimZN{ipbV5GSrKfZPyD16~)M$tBD8{ti}N6C_Iza33UL zQo4pnsux*!-LY&Sbp=?CE`F*WXg!JwcyyI7=l-YLCjtbt6qH`;Ou!X)y_~?nu>cbvFt6sY(opl8hnyvWtO-)`Y4*O zZnD}bF5gvIk6Rg4=m_lXa=FUGRnf0RzT4%jPdy3k&;*REC~nUSRUL$WT6z#VJ0@|` zu$F@U@eTyX8An>nf=cV#=-oe&uMD8 z0}KGBAtgowgw63*BfrtaTA}U8)lrakcQU}^lBQflE_7=i$#PqOd7b}T!!7^y^{l}_ zDyYAXT*K?&fLx%%DsSg7R-*RzeT$aY)t!`=-HC5M=y8mIE#Rc3>f1)9Z*xltuxW1#-XSD$`!)gJ@fh;T;!7wECKH*E^aVD%1|&B zLf4d$EkSV&z;h~{AVx~3RCqUx{#DL_=6>)i!)oFPY#|tk8g9q??YEMW^F^bGXQTKp zuJ&Gha$G993tq(YtRV2V%2OC_e24wJk^+N>@`X3k1^hhR2c&%wlTK-ss3Ce7YK{Kg zu#MoP%pLl*cX}(mZIL2(+}sIW`^bSpqyBQP`s-#M7^}iDRSx#lmgAc13igA$j6qb* z_%906F8;G`ZWOhhmQJZ!?05**zY9KLWf*OUFGey;2;BFdILi&w;hAK8TC;~Ih9!39 zY{@O3&m`<3m;K??i^j0zR1ilp+EaGluT|@_Vb)bUd+u#t`X`A>8#RwG;q(TN@Q*Q| zqwS0lNwWG~Q?tp}tJ^P!(ilO%)fxdLD<);DWpB%|DY(NmLGvwu!i$awT`Ch)?nsRa zirqgbmN)ZZIt2z@mOM@;0+vcSR17q0ED$djUf*35Aq=J0ws4X8ui(49^!h&tCHDHg z{{73rVtsg91#C84Co8BfP-vrr_U+!s!*iYz5Pl!S8E@YdoaO$6LTzu{_3D-F^(#*h ze=Xpb+MN5IYh?N}f^YzWa}xQh*{K%t99LzQ-R-LP|U%9oNh+T&1bXs+oFQggM>i2-UJst zhmHKSy@5<4!b-gylU2};u!x(EejdjV#4OC8NRAlVV5#ZWIGt6ZPJ4@#K({uMB*L#Q4BH$L+ zV2oz__Bmkzk8-^i65Pp~ZZf~Fcl|g)EzmJ#s(2Z}BoU)8wZW;gEl6mh&3taQdQn?DB5S{kZW z&gUDot`ctv#M$z56&v>;XnV1I(M@St_jKc(@sLF!Tx5pBs5#t&y8DI|n;Dtdcu*%o zuzKe@2Gua)L^yBz>4C~;MIdHRud-${PMU$K$4_ST}JFR6@KYkH)9SQ-02T+B}px)cEYZW zqH6wp2fyH@QlL3s#ZDl#BB`Btx>M##V)6R<-OB8-G#x$ApU8NNw`z1WeNqu=R_JLs z*0grnaDx6TlLy7MLEbMQ2|)_M_YJkt=N%$qRMH`prly1vyaZRogIsc#9qnUrGkl7n zmL_`bDD}RC&E()abW;Uda{s4%MOU0(tLjv!7Z zy2aCYp-kGN(xD_cUbA8;!P-GU2DufkHq)6*KV9-isb7x{&PiVwoU_Z9W>w3o7 z7)GsJ^IlA=u;~fSUR#IxPh*YA>B&ZHWpbhf8$m{R9PZ zQzUJ!!d-S+zPd0*I`ekTET%6_jLLkS7Rd@wo*l{Zj4IhF+L2b=bBmHK%`c|<&TqiO z`<+zzuE{HL{&No(Gx)GXG2scvIZpa3*8A=>iI~3@_hA+&a9!wj@rtI;X+D z!CDv0%~lZJsqzmgirud~v6eP0r{nR;>h5biust3qOJNh=mXqpD*8}aB?|<8{OXe1< zv;9xFdqQZda*I?*VDWk@eEW0r*9bYBwO*mw3(kl@L(KJM=a4NHZW2+na+8fuuJ4n* zH)pl8imAQ6Kn#sk&qQC&aQUq7o4qaH@DuCL7&?!~zguYZvQc5qPskh$DYWnIu={O1 ziq6LKT(llfOuIJA{Oa+$!amt7@nDH?y1Y%|f7=+$dp3&gayyd;#rkv~ zVEnmnzG}VB)P0!XC6p>pevFCpT!aq?!^wy#Uy@8qya`&pjscdh@kH_tjvuB8T&M_L z9~8{f5AP+WuqOT!4p=eSA}}!0t~MgpbU-6cH(>SjU?Ow0DTU^j1R?@MW2}j7u=SC4 zqNrF*iWESFL@^wbIuMx`@4^H3NG}e>P0T z9JQ~%+&k(Px=KqKajq5B-sKsDzWj>upC%0lDP zS(H*M(S_;Wa<(dGFOMWC@Jh(N$T0SEnzUq^BG38rE_JmTU$N@0GCNmbF5_Lek(V*U z=MG+@Cc_Vj)TwP8j55Uqfl330FTbqRp9tPv^;wlu#Ai#tG9o&x!YG|b8L5z`_| z+i+q^Bg2;2;A?+swHMEd&T7SwfwLcA-N>{(C}{!IKz{*zv2_`%mce()$N=0nG>gq1-sKf@;* zb+rlN&!wy;1o19eli&M|hrlV2uLIEEQ^$2tG$I1KirT>i8m<{s^#TCJ=fuMrKlz;N zF7Z0j=NhZvEJjiQPdqm+sGkH(b_9`lRw2jgIYUFrTCM71fx(4qFF?Kq5ShwwH9ow# z@hGVw9~iuFaQpb*Yy|)nD}YW%ViuEokUwlbytzj|QyhI-!N^tffw`^|2|QkVc+QXE z;RSd6Cuqk=Qan|Q*NYFQmn0CesL>1N^j+I5L?CWX%$;op5ECn&y=KjP{SN_1IJuSB zlR-O0gE<6-U`!ab_kmh=9hYNZ{r@15aIzNW6KV3#=$J#c5u?N}|C3m3vr?)0FUffI z|0X#-GNqPu^tJjQ=Vq{_8FQ)W{B1(DxB`UE& z@>KMTzyG)KGnGpJB{4q==wkl^N~`~0{twXpzw;b2dr)?ii= zE$U^n*-yALM`QHoed;b+nTnLVaLnRAg$e+lA zBbN8EKjO%iD675;4uThFM4+(1Oo~!2^};js1^eX^FMmv84vW9Iz~d1W;q0Q8hBD{e z&yFTJlOTrvSwo9C6pkjPTl_m!|3Lq#m8h#L{yd0urK%@-)xpIYsd=?LjGFxtKNUabbi!nlNIePXjS+!8~U$yeC8S6)!`W z9XZ!$(o$Y&O?NJTr?DMJ6EuXY@D6tv3Ep00Y#>4>=4U{!Z?R>Ic7#($z20QcCk2tb zWr!!U`-dv`uw@rxmBM2@sGBY#S6CE&8XTnf?lUr{)}WH6#b=Quja{NBgIz+Tu#wTR zK0rMt0558?;_Urs0`wu!!i3Tw8?)`(mSvF-EwS6ANh21+PD_O~8xXCr!39y;n`&s- zB;ku};uH1Q`ibjKOUUT>Xp&+w)$5orjdL$6(j_4FE_<7H$YHtjA896fZ4 zPec@f8rX8bvZAJQ<@<+X$}|OJ+9fHsjUSaNwY#3%!tF}KZIN**xJ!(0)kg$}BfYj< zz96lB`NpPUGh3x;?j#V!DRJB0BlV>&vXB4+BhDQ|ogCwPdr@+w%=ib+h}O#AQanCZL~@#-K2xXd zIvvFKzMc}%i&pc2dAx8Y(C;wSPbuh>^B5?_uL0ZzMzveFUJwLXd}nO z;B+gggS>qBcFaAl<1f;Hy@tJ)9*KzUc*KAn*Wd{*qC@339`%vF9BzE53Jk}78wORY zc+^ArMkh8LuSiX_|6V=*Op*6h`>PBN<`I~K1s79!+e`UK_AMrI$g+hY0cT<>_zVbQS1FQZ&-K1R@?K)jaiAEBfFtrcn4y7M z9lK8)k||;^q6^$%FL{(pW#`uwn&qtyw&CR-q%h+q9mwt1%mA*}bD9SWyHMbs74(jCPsw>Y<=o3d z;dAjA*Vo0!QFRte)*>ZlYR1j)UET;5)3Ef=8dLp+I^?X47%zu)d|j9^V59gShWmK#H@0E}!-E2qEChOKaD zUJO>)hx>Q48}9C~JYb;IrPxYuyyFPg2F|ZxOf|a*i1R9 zg_GWa6pu-tMao5rtMWWOtp#U6HJ_;S20aPpz)NvuVHt}y69(Hfg7xCHe=f0R9w(q{ zYAr z;1(kZd8GTjp~UGR*CmVc;T?>cFy^rK3nez?qwfdsR1Wy8osn4P*!5V8fgaO&x^6H@ z#Bf>ho$;R~#;U;mA+2uON0-Iyf!{N=jy_sc;c$$PcP_bp)&i$!mY7;aK#DxC+$?^r zc&@>)tt{K%q$*J7!+!j{Og8coV1YBcU#N~j5tZ%cBjG49x$xhzhuWtzk;zvYTeWYn=ma@+l>iP(tOZ%6h* z$qb<@a(|9J1pOS^^WJv^Hnl(4521nLnAn5l<9HG>nEKdFqN`qTZ7QNBu@C!8rGEST z>SA0^7V*uF+TShGJ6cr624(sw7mfQRLf0rAezuBDz_^>Qe~b40IM$*gx! zGo_OuePfeFo*1J-e>Z!ImcV0kTN!*CwOSLt^3iMY2F0u8-$ZRTN62S_Bsc@4)6D(Y zr!0FASac_w4kKlRPN15bRrXN!WAZ*_6?}1Y`6&Kh7~S8rVh@rZr#wF2e7$)L*t?3r zMQc_<|1I5&RAW1LtCwdvnv9 zmfFLSL(R>N)NBr~B9Un}QzT2S921&;FT{eiT`?*YVKa|IkJ>&%aqW&wAKWX&137a( z9LV9{Eh=UGDlE)BJfI=ntqIGuSXqq$33#S1i(-svosRstOBv9Nm$($_y%i%pjIflP z@z~yAT%!Okr}kAZ87cgfTg^Cf-5cMXkG*Wa8@u2*pAW)dRw{Z_fV0vQ4bFW1R2a4~ zVHel^tIj8knWqk5-y?ZSu_wwkQUMwu1|8NuiE-57N`&(YcJGrPC?sbV%Hhim3&>{O@wE3Vp*->;hkxs2C+ zW!bDq7PEOdMuVT>x0s;-DwJBm-&xXz0^D1|xmtiq%Yppf-v~O;gTncW_+Pea;Ch=O zS{v-?9r@5W)mbF(O9=D9i&eTsz|BX$6Ksk{{SQvo=1`MG#>0RoQmoCak)MEpxIuQW z*ZQ~EjXtl+I`dW^=>zyxst!j62Zz-f)U9Qc8L6a3jfkn_QpgQ!@MILsk2d<-Al(RU zkWCEiG+P_EZ?CBS4x|JG1lehO>oAlCmw=a}gPy1d?O}1vNsZ{VrEq^;E|TfA% zM6lcjXuqjKEuT58)0iYmH=4crM=%Mumg9n1qx546J>M0KxiFNVcH8*2!AoARF)8}2 z(afA?u2Yq>|LG~NQs<``a;j)ZxW}3{+p(#nz_UP{@HLku$*8M!VK5)Da9!$pI-Bc- zH&wL_F3o)rW;qZhTclQN6%1F|N(hcE;Pkq$ZuPVp_>`%I2)Ri2X}hWDj?V7J5Ady$ z9v>I)yA1c_X|Y8jaMtbef5&QlV3lr&U^EoR$m1OO@jzF#H9l*-_=|-$K;5$7bQiv*Ta(3W2wd%SJ z4IOWS^X=NFw5~k5EhdWo9Ld)X(gKZg?M)wu+ajsT0a+HzsAn)ZLpWZw7-w(OFLz4A z6lT#U5}2io!$E_2Uw%CcxX( z#XcVpH$w|?;WWiG>*0{1C)eceD0uVhvo)R;x>ux%-&mdcz@K@TPxRHLHdmU~X5JuO zZB~Iq5^Xa5Mwl|L%)%P`%OvOmKH zfVbm!&38^YNv>61Ne84Fb_;OYEaIx1O?wuG+4soAoFTUEVkz& z`gFy|yjSi+0WTSd@ywnMXNbDVa%42j;Y>_?7~GC8JXtrQJXM-Vv52Bt!3!Cdh2DZC z*s*Q1vo-qu2>d1*_Pq6L6WWXtj%$U0n;hY+s9~BzOoFTp2^LFaK!;{Xj$Pu_oSf5#6_AlGRKF_WpiW^)pKAr^Cw+m^D(s^Cssmi z2KW~W;*EAJt;D=*=9t5f=`>>|%`Ajm?+h=OZsP|_2bV_;H%Gm9X317^eEJ@Ox5Z%g*C;#! zp%brMPZJI`ZcEiRe;3^*dig9;JIC#V+xq*N*OL4{ozFrg#3~T4LI&yJ1FwQ*=q*cTQ){;gu*pk2%lr~iG1=FERFjlE#8k2}CvnA$WxEL#gYcJkudZ!rK^D&4w`wtIG z`HVr2F6y8{tD;}An6b(6TAa)C`Mt|{bt{|qDj#t%k+VkL5VX_3PnEfE7|-SY_gj78 zeZ$MP{D(44K``F7#AAwCc(3P9Sg zzj2Bj9Q~NQd>iiLMcPh%XlUvx`_%ST3oWkxPvWvhjD@xW(TuH;&C5fu;yE}cjMVg~ z4x!C<;xYRZlbKTar~&tVemv(_MkCzogL_Ge_KC*}A|a?5CKk0KXRMM?&abdM#r-{p zRMSR2p87-E4}Ur$D=+W|+u}-D0v6n#YDAlUn!EwT_+%bZDePNFZHZ;sDPk505!^~E zkRVFXTCn39U}>a^(8iMw!2m%rIdNr65*0rywp5p132anY%oRAtsRd?*#K8dmDqM{F zicP{;X+d1N&vq#bCRD%|BW=-(w#LCT>30g=^WnKJ>?{%oJX zv{3YXwM!xb$WWMkMptqWI4HSxA$r)*H)v;r2y?9aiFfd0Qoo4RlE|ICKqy@?ZmWj9 z1gBOy6;Vsw-7w%PUCm1U68EGC2YA2zcJVTL+kJJEw?0AT9<{^{OyqfUJFN}f!ys&G z3v3=LEqgUUCg_!xAt$J?Hu@`(4hb85nh*7uO zVBTQz=$=U5@^w88!qeaaSG&G3T!;0EygIeNu@e0nK58R&ygYR%%AdA$_1=*(qzQU+ z!#|<4bxCa%Lq3$)KdaDzLUe6?Vi)L5Dm{8-F&1#6chg66-dzyApqQQ9A)HuBs35ZM zKo^OAu{Qq1+o;{?NLr~?!y;4yfprdDhPYTZ`V70b*uO-0YM5OL$5 z1{;1(2>&zNUrgYCSy+^p!z_63zwWyv_~*=pgn5#8_=j=p><>rr0qZZ~4&PKYPJY+8 zF|2Y_N?~yStyCqhN1CtJ3mY?^wO(zYveV@#kuS*lv8)wioXag<@62hnRzhW`$5CL_ znWEpWl+3+gyIA7AaMA?Y3?w|Zzj1y}F8guTf*FvhQZJ3-kFj?0y<%}+9Z>m~I&+h! zZbT$xuy2j>8}B}t8=TSl9V2mdYoAU}GWh1@Rw}~(!ov8zbGpszcZ|O9pU)pqxF8yReVd}@XO$;~09w!KCEqqz>6u3XQ&MrRNCc8ew()r6$V7X015 z#6-ok6N!)38wm00bh%hqoi;?cEXwJV%vC~Cid0K5omo^==Bu2z zau%8s8RUnPW|75DL^gIEu*;}GKxpz!SH{DEdaD03skt0w{ml>8zW0|If&$)K=lTJV z^K~AxvL}+MWv#94?yy`_*o*4Tqu8N8Z?2*BiU8-?=NbZz@Tm<4vlV;JWAfC>T9EXN zHuJ1Qx39eWM1oiqZ`*tQ!K2?jSS*Jf_4si9@V#c9{ofEWjv*}Eu^vLNrHnbYvO=>zsNTk z?kQ1vTotDvQk~VRjOv7C{qDw`C>XtX33ZhzY{@>}3rI1Cao4R_gB88B`jiXlX!*Fq zmmBwllCj>2j{ri6*SA5^((*;3#bfFfsworED5(KG=@855#N=e(>xHF*Pe{=E)C$G^ z3a6^<8=Nqu5473%VGBOV+>-0^uRcZx=>q$K-w~@3&`ei@(Y;*Gtb|}!Slyl%hLKVY zGK>Zp)1`{$hu};0ix5jFXcxYl^q#gDvnqS~PWg3gE#qczxbyiesq=nk*cW!!udZ;N zl%gd;>T1LSK4nh7nbBKcu7+oN*cd!3&%2pwEcDuIzK5P9X&vkGA=QREGlg*m(8&J{ zp%?(gS32tG*JLppB@_?qP&CpnG9Kw&M2A<+-gyqr&Znl#H+NVbzsqFJSO0Y8USpNq z^cQ5HTQJ$2J3U?z`9Bz+`VW zMpOH{(2b;m+iG-#wYJgh1w<{(5AShBS&wrvTi|6YDZm<-Rbx+=a|)lBge4;%9cxor zj!&8=-7H*InyjeT10}Obwbu<1&0g&a!RZKGjy*F!{n{!88tt8s!hl-=|>6jobH@u2Cx+ccCrEGS@5N zIYUHsY!RG-PF?RmNIbMYudyCzhb#nMK?j>EDVm(m9!#udF?sMG|GxCcXq(HpT6ZK& zn*h+IdM>M8LFh66QYoY9CNkr)gJsWt>(|>HI zAz(kDY9XFBhFLn?JpH+KPK&Y7LODFWJgm3xb8p)oRHS0MdECA%Ea`s?&mI#L}499AWow%0e%5Xf8iCm!w2O7VriE=EjgYW*cEe`?LcjG&%2mMU%v}8k9M5D6@+dzqdHdD3903X+v z=5Y(w68tAuW%18+(Zqro;EUtl_4^@q+i~6#SE8YlK}h=RBnR#^>9n5GrbNuL0Cim6 zfN@@kEx%ZD8<&S6i2MlNgjlSD# zqv2cPr!HwL%7|-hUyCkjzcoN-fo*iqWs&jLWJfq*5n*k2WMHMYGbHi(Ny;KveRS!` znGiguceaPfcSCIo2Ufn*i{g5`%p>EVagvBTu86aowgwSSUJhXz(Ym?5T=u-TF{~qm zZPZ;z-CeH9)nihX>lcTzR__ikFu;sgRNXI@hcW@0(s0f3mw3!96KLTE&Gy$JS~@*x z(!ZsO%-k?qNqG3cM2DbdB^X*4fwKg%ZqsS+?K9z3|3qtD%6Z?0VAhW8XG{6|wgxf3 zSvBN(k8$trt(?j2?(+=33zhEGcoE7{9>H3>$x-H>uLdiz(Vg7{PEHc-1rA0JO}4V$ z5q-haOy;|Rpqln_e*PZMsC!&HwmxUySDlkv!ht%y$GLI^u`z6gy{kJq-|G$Q%$8HB z@rDffY?dtcMAAiJKFXq*r_u=N;lAFsd2cy)y^Xa~c>h{%Bq= zy4t`r%;v+`_zNLl3|$Q{WFn4}>)BpBvme|=PdR-x$+-OcJ`3wUJ%4i)$6 zXPE1()@1bUn{RIcVs`Nf`0*lU>ZDUz$py?&kUnP~Ro1lh%7pn|YD~Jx$D~Zn^xzRM z>S?1`t+Dg=pi=ElUy`ut+)pz`iP}`b5VZQMuo!F^hw$Tl>TbQd(0-q|dgp%JLdFzE zUGbZ#@wnMzuRrB@+HUi5q9)`OOBFJAn=!r}UvWx1(PTBNL}BTlh*Fu1S7L+2i7QNh z{OvO%3Fsg>PcGvW5*i=xw`s;?M*qQgODHaJT>%(L4lD2$E*o$u9@8kN9nRh0Uum?Z zarbFT3*ZfgYllx-W%20s44k_tJ?&2-VYXO3Tn} zbcfiqV|pT5K9>H9OA* zj>KVW;>xn*TDl`hf92qFONTyBGwtG2h;lI}{uL2mrW`{vYs39oBh88Fh+BwHja_0P z+`x5hGn}>5u=&J<0v%uELq&~E)i zwSBu?S4%R{Z8Qtc6BBrQmXRgo@y^TJ^XZQ)8Z!%ixbvxzs3GMURi}Q!$hUl6NPdHb zf%7>pSZ=ivc~hbXm1SoFz2oPPO?abktq=ws?8W$5l*@CTblr4r(^ zeaBCGfzWsKAR8P&3cN*>!Yn22#2H8K-~1w#vnd}l5h3N$#Nv<5p&8B&r?|v+=z*~@ z`*Gy>>C9evvBe+tTmQ$TR%DzgzOMMaFdbRnUl zT%l++5Tpm=bnu5_jC+vM7>YNodaJiaWcKh?pb(*ZQCTIAL=X~{+2U4`gt>xJ;-N5P z|K^5obDw&+_H_R!i>g%nfAXuYF>IC+UR8r=FfXgz8GPnO6I0(`A}e=9D|Mv}FrT(w z9><%4(FQO#mkRB>ReBW;wPRY-ugm_D+H*bD>{Hpdc^M9#@icH8{=SyN9A3CcX>ewu zG%54El54P%7@k0T|vEVCTbG}3C?Mq}*!3_vsqAxv)DuHiKL#2}x@L8>F}#Y&ksOp!N$RPuKQ8PM^{FpSRvXRDF87Yuc>ti0=HkxObwR z>h6c9@&6p1Rtb^jtGAn&k!X*vDQ!)|T~7WwbtMuN@>ZJ9LDqLwda2lY<n)8i0&QTxfr<=W$cjWj{P9ASv2ru$dJO<_t=w^?z-Fl`Q zxp^Er(dP-I*BC5udY7oqm@{QZ*x+{nS_F(xaMchS{G2~%L)=aoR@~zro^8|MC)AKl zGL%mjJWZ>&n&b++bN%UVD|!*D!MNrm{tlBGQ!83AXH}&oK1ogL-i3`=iu_WgJF_uY z7IjsvRU6F({PZPs!N#|&=wHQaTi*rv`+DCP8hwE;%AY(iU11`qdcO~W8%cld1Ki* z78T({RLiXK6}Us@Wdn(MV!D`5`%`ZpHuKxU9K0JHF>J?;_3?3JY@#2RNGf{L`&y_r z^N70a{g&y5BF4yDHg*>le$(*DfM)_UC?$&55V0%{z~%4914P5R8N$t+CD4-r4c4ym zZu(bA=gXU!a(v-JDKpN@9^?Qyl_wvhvbfLU@wyOj{(t+_KT-#D@D8R0VfLMf5i*7U z(=Yvz>;3;K=H&SJf1{mV&NqL42G;Wm!S^vYop{&Ln=1)1+OBOCwiCBg@gL1! zjd_jIP6ry_I5)=F&B7ToxMxLtWw8Pwzm_UcEm(Z;Gb=matmdlHlzR!uL;CP8nAMc4 zCF>P6nP}&ePKFLVkc;>(z;#b`9v3!a*0XIGTvy-xJiSID1(76>fE=cI-8HrYiDT`J zUjP1~%`V%5U5vmk+oeL7`Ps3ImILSPsjxp{CO$G*2vQfpdcb(*e;US)d%i5BDSw-& z0s*NPxSmh>ym`y&-usa{@gu}Bhc6s%b7v;J>krVut{hUvA#kI8Nqa9wNIPb8PL{xJkTHFU-?q&|#AD|Q! zVkW;;9&3HD1Y-U%{cITX-LGSp-y=H->{6%gkLz=iPn?$>K3*_;-rC4d{Lwf)7NH8vy6^lCzi_Bb+nJ9<950>v|CI7*i{7Vv6^QZb(;mi7#c@H)HPAZ9SB zlD@pyFaX`eG!VoP<(}0JHt^#4ERyeq!x4ACs#-tXUrK(H@RU*F*k>4yT4ValV z*?;56d^J)hiTcFT9whyXqV!c?`-%5c0&oYVJ+a;5$T8G#1u+ScGV7ia(D?-1vvl}{ zeYzVbMD3faKih$_lf^Cdm9H~O27qqqWr(~9@WK&u=!{*-Y6y3Ee)#^nMU$KrQTwyKGlZrBGoUhU<>3;1daPl&qCjcdo)*udptHx5Rf_pL;6iu^57OT9D~@1mD^A%IuolqY)NnDC8LiteLJR)n?Y|x zDZ_icZoB0#OD(Os69}XHcD!{+YStR@N6w#Cv3u9QFuaBSH7SiL)s>M}7mvrl>0?(^PY>p9Nj?); ztKtm?v3>u^C{_O^AArm7(0r%Qx&Z@YJ@W{KAn&)`B`qa7i;WU9hYGPxEUDStJN)DC1qKFVY<{b^$u4L72itO5sD9W^5+nJ8TV$aoxiL3x_ z0W6+rWswN~{O!^)b4>Y<#g@)PtJFJS+rua-zlcFhBwCQ*i{d$lxqIRl+e(?g zz`7YN^wuP7`A^zAwLlaCsxxbbDvoAS-jVe<4jO7p;GiEX10N;>kno+dt7%qJl_E&( z_*VV6m%vIdnK+S3W~fwiC^mJZT$qFdrAJU%#tT?*T->T`%~a!3!=HbQ$Y>;KE> zPWQ!KHn_K7sGKEsvtNPqghK_$M!%ZQf%_4_M)iyeVoZ9_?C*n zmI2Fg5S+F2{g!VjqLb#VMep^w`udGx`{B!-7wWMbMFv8qXIQcx3)c$lyh2cz9$YDDHYROp}{M z3uHkJ8d^%sq`J;0lXIZb$i&{*jN)Wgr@Vjgj?nH%A;*u|9;HAfyj@q1NKuL7OtsNN zmZ$qyG8A%ZChr&5%oGiw~NtEZwu7?2~WZcW$jwAWkkbQ5{4r6^U>ciei75 zzdca~$9?#x-9Vg@MyXNz804z5F4jEcML-a&M1D8k|9pW-o8&I>F2kql2~NgvJuI33 zJvgWB`S2@VbbIPg7-*=`kvOfv6938Iid(f6#_5tm8%rGpcU3MT`KHqWG{=3o0 zPzy`ZOZH#LcyXpseTvns82;^I$8k$w*md;B>&xS%5Nn=c=etuf6-%V;PLfe19`t6= zFsspGA*1j0;d<6fv|Q=8r@@dTvUs!3MK@9R>^{xlma-h5uryvk5gH5rYR@qcR~o28{S|uH60fLJ2JyyCfy^^=|;XsuQ;37toMH@ z^Ct};aLx9<@-MLvcbd6YzWKo+-=9QNt4Ti zMU59VUe0oM+;%SlZwXq~l}Mp>tX@ZxYckOo81^59&9Non-$nVdnnOK^`Pyyd0(+yu zBR-D;j|Q!BN*&JY!nPK8)FMYg;b(M?uVmmWvvs1(%2CTb@Se9 z{AQTn{Rg{;lm&sqJR-JqfYg|)8k<$KUzCShK8&xe8}agK~_Ph~4&z~YlLD1n;4v#in6fQ4@x{`US2dLq$h6j=e zCNoi9!p9(tt`N$dh#3IGwszNai-7wOO^wa7KS%6N9aY80w*|-UPOA}p+7T`fYpg21 zT|w=lA5*J_QTdD%XB%0lS%dlO{n+$#x!(GV1rN=_cf@DqjBUlQumBz>^RgyiCz%eD z9u7NymsR~%zL25LteXe!=7;GHG8GL)KCsVLMZtS0VzRD`IQ{6Tvw!FOMPFrpaV5%{qLGeb1k;E{Qs}^PZG@ zZ!S^XPb=L{N*F%hctej<(G~3{RAWESY+W@cksYJ!0t9;mshrrXPE1iJ>1clW;3_Q? z?ldn!ve*==sV}Nsy;vbn|T;;M}AJ3^aZmB8--+kVl$hcJC*>ji1 zH{h#?7C7OqtW}0Mer0><^H9}5;P}R7;nzITJ&96*pG)aIbWbQ=)7uIE?)HYiL`IGy znvpt4FAY@Bvh^{K+EOlm;duz$S)lJQ_lnnpw#SyVoLp2t?#NC*&4qro%O_bCaDmq5 z6X>b)qMjZzmIcE7h_v)|G#?1MUj|`9`7S!skZcX>_|f*FnvVTY+wBV2Z_0w_4jQ&f zQ=;WP(gsHd%;#%ylfDDrg2g;h#YRA>n zO6IwsBk=lSo=;IA*&su9#TP6Z3_I)cEhBWhIfx>h$XwWt*hF)%y1v6+y1A5HTB#`A z`jx$-Ya)FkD9@bU`m64Bb%go3w@4De4~aYm@-x~LG)8MGT;+d;A}NHoy(kZ^S)C8J zP0ZW!KGtM?z5vRD7@hSB)m3=JoFs_b8*|%dwKLx( zPfAHBj72?}*a@1`!$o}SZ}?%kid3qul!rl`J|>}I5jgc1jl{Suh#Wn;7Z9t`QjM`D zMIAmSa=)AQruW)!`89EP*MP8gfiuj@_HR}x>%&NAsS|*3_D~Ba(lhV zequ0!H1!Xwwsb<+JE{0~sL}G+-=74Adi;y&^Gt?&zO@hLbyd#TOLo0*)gIfcP@9>p z?U_Y;akVF?i7emzb5D|O4@(p3Uq6SpLSu#F6}}cjDPdHKK}$PUtH9q%LbM$M5uz3Q zYTUh}9^qxJx64XCw`dU%7MzmtuuMRU!trys_v%T$-N_>2@Cs8aj4NI*S5y)}EO(gh z&a4-J5vd)`{$UUs)8m3`lVF}U9fjO)u%?-)?c(;nzUFW(+sT9dp%xJ?~@FJ`sO zCo{nql@l?xo8Ui^@pWw??qt##pKbQ-1NE=ZkVsgTvzb*rNsdSsg{s%H>U<1|>2m2TQBtln ziJdt9)sR0;mtX8RHSnC!+0P4HgeR*?wlahJbWMiWRFd@s0?3eRC2zCmF-$Ofk9>`k zS!Trx$Mj<87zjCI6Z9nnk&X`PPA}L5zUrHhh~+F+75@}C%uSx_D3m7DffmK8Yg^R?}JSpuuR_)cN@^Ap2HXWci81T^QiD`9+^tG{z?xWGz=K}~uhEB+^_ zKGRC^AE<+Kbd41syC6#7njd2?0*G6r5V@j1)GpT;T==Y1vrO%QYH^4StKFp%5$&P; zwb6l{@lF;85xrzsk!a_PfbaRD5J6p6hU1MPfw)d0u#p*GWJ~64C{pOzW=tagR_E^M zC@o*VWU|L{Geo&X*yzJ#xg=l9XX5UatlvJdtn0|}*_af=n~8WcQTl=p-su9C+dk6L z8ORZFBlAsJ#DevIW`3jO^R;9OE#mJy-iNw$lX|+qcVYCib}#!G9-qk#(=;QNFP`7v zKV~5oBD%x`)~>D`X?iFQk78NNXC@8uhjPXO8QzuuP76hpBjf&sbWma*pUs z9m;%@66@`R^u%D8c1-Irk;Ia!=I*4rlv@#*FrPbdcB@++NQoeFd8F`t)zlwD{Dmv8 zA1pcCcW(4-zedRYL|D>D(cZM))B+a??PleQl$UFhR4;4qF7WkJkMcFMUF$0~vx2fj z4uv7;bu^(iG&v`uuq|kjiN#8kE$AK^mPJi2bVJgCFk9*9q9$#WqmC5u^#C%;o>P4< zTJ4S-FCDF7 z>7O-SKVwT(&%0+?T5SL9gmxldR*6-$(o`n^L5cl*#A3C;bVU;}XxHyyjejD1MbEe7 zP2RL3lF$SdRJi{~N>5|;yQF!ls5BO->R9{$Akw@aGb>;G?ZCQt;$ZKU9{>^?(+eADZ{qSAAYBqN!>s@`ryFQ%3=W=c z3Uwq?%zEa|xKj-d;9{~JMUHOo4D@NYU2YhatczNMF2ATk`BZ-~YzxC+v#QIg%e2OX zH;$jtqsZjLr?{GP6>Szg+JBXq=E$}ho)mgka3X-NgP(TJNAkM!(cE@QkxXc5D@ept zd~-fj2u<0aB6DgUjF&nJzczJK7yuLgCtp8m`m37zc%R2b-r_T}0yPfi>%AUFYzj5r z?4g-Yb>IGJG+L+8Cs_C8N}=|?$4w;D2B&1fh0oNp)3MF zDX+@HOGQjQ_#$U*)Y|1`TiosYZnaIhZbK8@ z_UBU2c4ETRW-&6G-SxTwGxJBy@QzkwjE;7u zkKAzAsSMMat}zr-j|!CFuj`8!e{p4cI(xN-&hgXf%lcdP7{9fBLE6Sf-Q(#7Un?OF z-&Q*2NaXM>pdfCfQZWxvU1kG38B(c}i3AU0r!i+0x~6c+wFA@}kBFQiyb!W}^X-sl2S&6Ri+fT6ToJFf9`ByTza8qSJU=0W zWTvr@6TUc?71iUF3mp5oz?aTj^M64umrm+2ha(PM8hzT{s9x7~k8|>vnmV8&zIAm$ zwlQ_6hxji?6JcQ0(Qd&V)LD4@dH@8oba5CD$?-ZcLMoy<= zlOcsR1>&;^a~|nAKia_QK3z`l+@QU>CW2|k=<+C|F07i|1}0~p{twnCSVGd8^U&S5 z``oPw^1iO$)gj2Cd@zgtvx|H@dGp~Qx{~E)wla}$t@7*`h}wITCv!n!ynx|Trm}>@ zRK-7*=v=0t=o#oasL7SEu76p6tW>_O_8Te`xajpbKiK0&G!`r74~uN#URy+8wOqKn zkbykF<$AisOCmJ&4qsLagv&3h5 zSn>%ipn&H}qqBijM0t%@w+et9^mcg&es*jKu03f>=TD6mEU@4Z7-GL3Whgg(B86R7 zNgmG|{Yv5AB>ot%^ZFV**0miI&q<1!ZnrjqS9azh(;&=iE0oojNo0GU4}^FgP;{Yb zpD?O7eCM?9c*qH~Va}({nCJ9<-CDQ#JwdC7;2rXNVF$4s*{sE}<0x#B)9u=WQ+bPH zp8?;bsY(4r>pQlecrUc39o1NUB9D`Ww?QPqw%VdAh~GUY!#i$(H#bo3@T#1al%Oo2 zR~s#s#gQJBe;b+DHBON*_lRZi8v+X)N(Yk0VtS6Ub!l&Qsp;TI)sI&f@YRp*`=~+E z{E>Q%3#Ye!?*eblH7U%8&3Og`DSp7jYIPwp!k;~g( z{(*kslR>hXLZd970N9?Q2+peIspK>{w9c^j2&}$uPyN~-ll^%ea?j6y?UVipNp>HdJ{ zAIgX13thF2_j{A;yp?4{TaW1QnyvdhZs>)HUE!^M%et%zqTG#?HzD2_+w0pds@oAz z5Fg9P_ouj2pzrkr~OI5FJ*Y-#rV_-``toHU(<*CStX0L-_Xy#ejmrqm%UCN zb@vRJo;E_0I=&9oG5Ws9${?8dM+aIxp4N1k!t)vcN{tXKXSv(+I}jz~QGU1{>Rp|- zEfwXSZFsW3!#LgSV}5dp($SFZq&%{@r;t9^kuubPbn8r(>^CUat+~J?ljb;wN)h5d z&U4ueV1K;3D(c1MtMPu;U&6AP5eVNg_D8U;+th)Dwui=9Z}hdOeykRMI)0Z)?OPum z+0z>CqL5jR#lH%b6g-#FkGs^i`r6=W*NeB^bQTY;WqkH7C?_Jve3H?7`Ybj4AKKPK zcujb*aJ?0;X48)IVOXOMG@`ff!PxtBiIe)|-ALqz3^pu~b1)a!?sD5;byu zHW@3PoqAZGtWf`2poy;MUbqD?&J?{{2@d^bH_o=a*5!p@qA+i&wwq!d<7Wg~fT2lp zOj5(Nqa`_8Jw+MM7KE1MpVVtTY!yY4FE*-Z0|+;o@f!oMsuSu#Kou5PwD zW4Ds`gJJp3?j2+}x=fZq=j5DN3aLVWYm@?70j6SrcMi00|qD54t%Y%Lv6l-r6asYs?>1_#p^xOHlVlJ~JGoxoFAT2oV=Nh9cm?w?QH7p{7HuF#VTBQFFr z8K&{?;591yW#iLUrq;8{4o*unQ;*;BMzgJ{RzBoxHfn{eOb5EkpG|+C$=;{ILJ7{5 z5Nhdj56b!xUMAD__c9eg(duxLuT#ynWwO)q-QNX{nH z&E&djwYS!o7C^$E*0P--UojciT6q#^({0XMDb&pq3+>%Xb)u=ZA%uyEy=19=O;@dA zlo@P)y-NB#GI!{|0iTTtT zB&7#4(F?Dp#} zU(du9Vp#c&?q~4t3$1AIQ@5$*zaX1p0?~n?_XqS^RXnJ}5dLO3#xYjI?rH_0S!}Qw z8+17I=4R`3=)LgmCI3Gg!S7mh(P@_kApTp;5N<__^&WKZ>tI-QPja4)HfCMNK0l+a zt$TlhMt=2lFn1;C_2-*L7Ff?2xyxmFXu;}Z7*jiOlY9|71#1egNM(^}vX{;%;^#}HyuuQKcN#d|IHq#jE*@9D%N zU+8)lMY8P~(OZXRBVn!jIr=}@I_^?V-~s)!s>Z!HCnCd}4GY;`s19o12V zUilmRyEj_Eh7Rn<`I=~Xz%w$1{i4^G{^%y&Q=IVS{}EIf7OSi%YB9%DXX`S%_|R;Q zIo#m~CgX{~ewv}roIj>?Iw0~O9oc?Z87&te>8rCR&-@3barSuo2`vk&2Gh^|9{sFk zDZY&rH$me z-lO_Z?}WaCkb3a-tZ|%reVT3F8zW3YsrBHC?=p2{A)sB8DLm3)vA3iTy6QSA2j6{Q z^S{drQxSr!d>O53j<&jhT8-&yrad2}Mg{m3@8*87D-v!951G-Zh|mw!zTn=mpcc$BMF}#xD{?ldnXGn(od%`vM8thkDZGz*)7n$(-D(~ z4u4+Y1$sk;FN)YWk2w6ku{9$TW*aWu+MT38Ot4>19%>oJz*VvBp?bMWR=OeKMb9RQ zf_?uR6j;Ow?Zo&Qc6W|{YTi6#gg`9i=vr{Zv@J+E(%MCO$;`xOlN2Qsi$aX9Tv8Bp z&o^duJSNP^TfWtQBpb$n1A9tdWq&x6pC(0o9L9%PP25xQ3thY=3viI0RvQ~4r_g>qT8}AHcLk=h{Np(P%Bd? zxmZA=3ow>rXW6z~pF0uWnt!&?4XeI5Wv~XF3p#2op(EWP5L*@+w*bn$2wVo+; z19puuRm?=rhKNblSXpf;Au|=de`O(hi`g`t*nY9P{uGPnGP>zhXMF~u72}KB#s;tV z&bNlYi{;umgA3@l@d5Eiw(qM%f1k#mG@mr2TVh+d$ys1y4=i1?po^Zpcl;2$GXWh< zzu%$H$$`elR|WL-ZGTFCp7>6b?6Rp#DsHRgzg+qF26A~&hJUeO*$Eik+$@sivI0_` zD5VeX2d{FrSdp-;@MX}nj%~P=@M#SJF7X0Q`RVD-*{B_Jc^ary+qrUzs*WO9`mz0d zZ|F8VT2x&AJdvBTsq@{Hu8#m}Q`-Tb+n*VwU-BH!0{`vxnLnM?E7DV=xb~KEpusQF z@Zre9vNS#RevuT#%8nY>ztFP_8k@CBb?ARe=2Yt2#MA;;QPf>|u|DGdu{7h8MI)!? z;**FH{;hzox;`EMm^Fr`UT;a5kZp2JD*O|M?h>rg3mvWo$6FLC1-nukbY}^GgUb}` z3!ygztD?S4H*L^3ewQ+(`C6P9;M(ZeU*dWU6sx+EaRH6UWZL=l^}m0x-%0((__&6$ z$YA=X%}fmIvf2p_7`vmKU`b)Kjqi^C5*(RI!<*0vwIEEBqQ+xnJe~*61#EG5R=)=- zVQnkQ3CED_80nCWHA_t@;%z?+N|K0S7b-zC^e)DnceezDf4(}FpeatsVXUR<+N1KF z0}6lgG!nK_NbLc;gmo9Sou5V*xXoitVhZ$iCeELax4J!0OUOMaGnhnl;i2^Z#70QZ zNlW-AM5a*l^mUB|%Dz;WJJ=!K{#cPIf6NCZ_FE-?;O(@4z3yc3{y zdm>a~oT~Bm5uI6{36FF@Io5O)Ga%VL8n`DB|BGk?4z6Mmf!VO2dzvw27PCiDzMtHN zW=cY^`JixhD3v(Uwj%D%R(!YR*3es%gr3c-c)fCF+z6V;v`;Skr)1X=u&ni|L(N31VqC%N8xhk#j z`gbU*Us6ScJb)$znae?RmW5hA-kTX>Y=NJ_?{%qD{WMsozb{KuKT@6>v1kjDn)aE+ zo=r3BM zFm}a4w+ZSPa?!t#r7yG)6Y2AQvLW-PtxVaW=V1O1+qcJZa(M|!6Kcou9!Fv_F{bB5 z8qyltZ4Znlt^DNdn+ZAd1$iU>gR|5qnk@)iOkW$AVn)Od5x>J%MX)>MdGivZ5@D1{ z0xvGrTE7#su1PbF_nbdf(+>T3Vxiqf(` zZUPHO#eZX*Zdq(&^ zX#*?7TplarRp|BM)_^xTK>nguqpD7Yd~+*ZsRSFqs9p9$;D&pV=0V)%O)`_tmlZ3H zr6q_gOS*OLcNY}Z^6-?@3E3gz<`VwdX0&w=8Q9I<^n-ZFIg+}4y5$De-Z z<3IxP$#9`b-eLh?kI+vIgg*=p#V}Hk>h9R(h@L)OAK5)wD)6j$o!~P1dYpA%Pfa_l zzarHu_Eb6vpq6@(Axr_TYbx&#f5`o?ilRL)MRT32&zeO*( z-aImCHA@V!goh61^U`44P*VPwHWH`mdTo)WNxjC z5=qP@6-?R*W{yLm3#JP=3b8kBms;@59F1!4iSC)sZQ;fZm$_=!MeLL{&C&FO*4ZIk zaid1qbQ+{=Wr`w7<17`uf%Q6X2ZTg90n#zVAvPNhNVW%gxvAIh^sAH9$fwst?rQ() z{WFxgrOnNxy+kc?0Z)^ix`4-b?>2k_z~SQlEydihUWr8ekkcM_zv9CsMQ|Cw`e;53 zbL^7`2rG6sYsWMh+gnY zN+z>cM7u~LL2SQUv%w)RgX<`%9*@+*!GBZRN~N+ynXO9$E^JqC(jFhjURrJR#X!oh zPgtWtUB<2ZllBu$fIpK-#~PfS&?SjIm_}^6KUO_p=6ZW#MqMcZCbJS2YA3bYOlzj0 zLUi;aiB6mArLD=?sM%TrSTOUTukA!*%v$*K_xaSHo{9$@_b&J&WNhIO&6b$8nV`2A zy#J&K6=)v+u+69bD@mIH%xD^Y&V1$?X4tnw(RZbIE?zy~L!K;qd$myd(4f!u54ibO zmOk-F2oF$Je;}77 zO8FgDj5U+t;s^VO6W)M1B-&RW+wtud3gkD}+RSm%&AV+6do|pxFlFy#@wGvMISYYe zTCp4`>7H|5@uJ#zW)67a%A&t3Niz8*^ufp$6n}r&9PVbT4_0B>Po!!$=P|Hs(33)x zx}aW_QaOZK@eCSWHLpCG)B2*5^7)vhhH?YE?SiCy)NaLf-z?kJ5mHIN80gt?2Yjff zhmzz{<&jxrYF^acMDLudH;kudN;k3vb(2b#BbyuNyi9{EfT_I@x~nX& z^7qJtsLJm%m%y~7QhTW;rPt=QpHgOPmcVM&_U>R^h@8$F0p32_rTYur&JJ`7!gRHd zk^o4sDwuREKUIc(J2_s-`$Dsk@mu-S0{PkMRoo3f zCLY+-3i`>gRsU>Jo6opm{&yOT0j=UnJT6AztDiP>9NF-&v zhil2Pge)7NYn zS&}xBS`q)v#<*2gj~u>zKu$(0HLrg+xjR^J`XPVm!G4~MXO_vXa!CisR2S`=`}7#E zHTgduLN1GNwj@Ep=bHdLOyA>u5$adc+fB%mZ9oKi1#QbgT!KYvELJy7BwnG%jO&)S zU%6gWa)ebxqDe0OiE56rj1F4U<$=N?ZG){*D%a^WF^r^7+V>`rOk-e&Zrt1xVs_{I)-o7*?6D=i_ZK!=gIFX{!fN;<48%aG9CZVoZ;s<4UX(aGd}YIW!Du zF>I|3%sW_cw}1*FwAje{C%Dq7ljxNL&!y?L+Hg>ZXyU!^-oYhU_u==NfAoa)ZN?(R z68^1!F_V3xe4tyT(wmT^;NkpGzZDwvW$P1Gsz#O$DwC#2JAW{#SxokjgkQ;JzpMNO z{7Z)KpK|O{B$^_hgxLQu^gr?j_^KOKNZ7u38>UpQ^sGU%OTJL*Ln?XS(wi2hoh5JW zgFOf+y$_B9Nd#PWYNcK16Qrt+S;9p+Vq$lWD8G5A*MFD(U^Ej3G)z64uic!s{}+8j z-kJkw7@nxN`cw%}4>>yEt2wGqHw;DFnKu+vuW}W*yRuWwob-5MBd1%u7Mfk=PUAa1 z6yH=RfYjOxRTigrweTFw?|ZtO0Ao4JOS7A7DwEaH2(C}x3NO^qJE=VXw9`d3AA0oL zoh&7D92SZ~G_?Tet5zq1eQ+oDX4_dtBQx~c?&!uACcO|pg}n0vu%g!VgZu0!hS%x_?xb?>_HOd|pg{ET8lKn26UGVD?{P@k_x&FF9r;ad<0R1v@Y71 zel~@^ross8?)Jqr5DP?mOP;&!2&>^Mq(r|dRdT3tt2{9b^;-qW3`1`ww`*+E6qEBj z)R_u;+KVd7x^vH}rVbb4>xrLOJBO6L9KK3gK+=Eo^b#YynRElb{OBh)<}p?#M)9um zIy&UVo!4 z3D+)(vn-NZ)=_#|v)vI93L|piHCJq@u{_)yp7$-8^LtgdLZVVs|C!AH?k#kMJl}Qr z13woUhyRKWNQbMH@1ck8B38Xlfs|1p%@32uQ&8;HM*)a)<-boOq5(;J#Axx`F9cE< z+cSG1)2bC2DZ#gkIf|DsYB!sd*y=0^Dk6zDLN*7^~xwcuY=J9O^+6uINUh ze4aRH(M|@^XSkZ-%QRUr{51!i(*NfG5rF-4T`S|bqz={Ma6K0;Uv3-Lt8Vvx+}BcK zGm9#()N6`1FA0{5iXAnz+l&2!SG&^Wg7PZF?w;^FoH4&nQ42d9F@o?# ziS&g$ADXS)A{0#?EI(MR-Uj*KwDqJygq4f?Zr!a=ld!fiC1B= z{@)X4bi94}864gq(d!n{N84#zPma)xnACTN2kxSA1bn{= z2dfL=(a`oLxP0e28C_6bgzAnrDv{XKdbmzo6oR~&#F$OH`nhJEInC*4*XSBu{b)M` zgC+$Q2?h4GLt?U}Cq7>78ZC}JZD%6WrJ8?>tPOH)r`D!dUFGeatMTL#@}mR*{}dy1 zC$Xrr;uHocQ6{o8SuxA(c8alj51L53vy2i|W`@>>hbbx)n0EX)QpA%t=OEVPG4(j* zgsry@3vYHF+g^_3WXaWAjCJ=w7NU#@xgI z0OE1{AjCrBwehcVZVX^G&9sVTSj1;v)Yg|F&vv?9{JOqEEi90@k;4i2qd$jeSXC3e zIVIcT>Naeb;&AHX40FwS@}UzsA?rMc_18W``^t&b{A(3srtsJ=ufT8i+{S)hXj`RepE<#>BWjR*2mH2QFBw{}AqzcroR=16UsZ<;`{L zV4TKL)z;I;z*c=X)$dhpNSZ+P8gIlv^0(9{JXKKgjH&S0mAeCo%a%oUY@zv3MCJeW zV#$A~@Tk8CuXZ%)AmY0@GG}JEJ`_saEBC0kH$jhGb#hp9*|_vp$sT3j!AMnNQgVnI zPLo;3Sm!qhI^T~LidyXev#-m2Mm^B&O!kc1UQ~$)f8UXBx4pnqvUgeMwXG9#_giD8 zl)Ey{T*->x{~Mc_gIEL`PN#!vuJmRpPGl42HM|C}OzV-Ie40Up80Fx0d~xIrHj;V+ zDc5gJHZE#wCZPq*m1vhSYENw-d)M+O;Zpo`z;jwsb@h?n$K|NAJYt=0e2R|)$5G|r zq1vf&cE*U^lMMfJSZ|&U62R)h(oN&NVp8YtQAbwK z4Wn2-!Q`(&HPT1sbY^OX!e!`N(?-TLxndc-s!|sMn6Om7cXn8WS&0V}4jveAjb8?i z5ttmjL#L5nV{K^_SuztJ5a0~Q5QGnqkaXIPlYwL@Z~;WHvPi#v|8PE z-B5dtA<_8?VuCpq!ndD+pt3CxKEI`2g8p7F&_C~InRRf@#55W;#YsN-pVSxl^Ce){ zDMp8Fm@oD1W7&+^U^2bokm*_NxC>LcwLbhuOL-ko$DAp1G5g=_{>zrZy6r?4f!q0e z!HU%!By7XnixI-@ z`j;_&l3!|He2Q0#N3Xi>UPhlRLjP|%y#Y3vHi5_~bCloQrBtN}LPZF%C`Eha z@BGeJ14>X3&(xH^Oi5ECee4Tl$6tiggi#q36`%m_{Cf?70tt z?EOXJ^l1UxtKZuGaITA;zJ-V>zsR`$b^S-){SoUwFD|14sV^xU86_M1*SH8B^Vv!T zmBWyNWb5Hl==xZ~Wg@)jhz8U3row?!oi~(pxFg%2fMV?i z`?GYlo+JNZ%5W*AI`x=_D(LBpPV3uDoRVh`q6ZQ+neJ zF^>QFKEF5xjhd#)4Pew(617+N;L%_Wa7i6^h-|$s>G@8*8{dKVhOP;dzwyje1St+fnRsxvapiM1VCs%|W0rNk_DB`fZMKo1L7$!xwwkE?#etJ-_XA~Ew+A1MB5uF< z4`HWqf?CKZ!{X z8cBW)pVPAXI?9P2Dj_HL`L$K!0)t5@H6SvSBsK}M8jtjBDkU|skQGdCT+6=RCX7-S zbPf)Z?H#5oWrsSW45cv2M2SdP$H)qrq~iN0tMYo16e#AKecW0@DR!2-lLKGQTJ=$9 z3#tO}<`Yyr_O|q=uhhQoE91Q`u}90CL9T)&GMSyp91+}X#bqbrS7<_ir@#<0nWj z+3{6mZzUp$8&C5Z>@zqPe~q@teDB)LGC9V?mP+xcAG%1_Cz$Z)0bA5|1Afl>6@EYG z{+Rz{waojK?S#x^`AldNd%(t&mhvDC3>+XH=5;=xT-9s%;_d5bTozC9Yv*QdbhuDv z*aUR`kDwGEm;l#gdVByTy{cJE!g+w5*L8@y);ZR9+^MgS3#FN>pg+?NJbTLZQ^D{H z0UfQkTk~dGQSZ(aL=7B09Pqd(I`9n@}&M`;2;VG*K`!68)Qys>9J zYYDIOtokE=x;&>7g$RAAR#m}h1}lQQT`D8Pjs#?Ha1TYS-Du1CWnPndi&|LJ(ks*! zqyAww(P3gXk>NTjK)%MWx2lE6dsxX3n`x^03PT-1YA7h+iIk$Y?)OZxD%VZmMAF#c zZ?$b15Mqp}z9NVDIIQ%!C@re3NnyqQ;|IZ_XV+q~O7J+j*V1`Sh4uT05wA~gj-cdvTk*sdF-e;Xlu~WKNEMkJC?;6P$wt!Mrszi*+vvnhead% zW2%{${`H!vlxdr;5B+o{6)h0l6a6V~*rY@fzcg;%oX5mI^o_~+w0qSF{0_irQ8z4k zmtc#*$c(>qhV-m1!dT%HTeIP|n2-LA77ObS9Jkf~xfkEth=1;TASy+#VC#ry4xP=5lp6?Vk7_Pr+n;f08X)o?I^%E#r}2SZqAM z($igX$UMcmqi#N6SqRc>j44FTh)2D+JWFZc;>S1kc@DNy;Bug3WoYD%XoFadbj==+ zdZ1=(abhi*qsRNh%4roZS+v%7{L4cCOS#pMo5g{#xH z{4onc0)8q^QAflBD3bdo+#m#iGd6-|=VP8i&SGxlVz-2IEYf5xTh?2<9e4z1kxKTtjGdei1wtsKBb>Q;oETy7o5N7q3=S|j&w@?KkhaG)EM8-=8 zw;EJKGpE%C8U4D7?i!YuPORE5iq7uv&7LHEzMg2tsZrETChfyPf2?^C^vQ<@+ zYq00`1>b*PNl{;ss8Shpw2E0l%$N;2-_pt(=JmFgu7>1Zb(Zc2&fSOB77P{e#U>ti zMLmERW6>Rk_JFzN@3nKLkt8Cg*R zMRMSgY&wt~D<0`j*dW8nN`JCnSZ$8lT#b06Xm6GXFu>bGO`R(1bNETDRE0C=i zb>iKMmBJ+elEo%pmANoz6z3yw=~J*IzfN*FgwwQx1U`oU)z(xbIhHEbD)|~tJ;#0} za!e=`)4pSAr&}f6Foaud&_JZEh~LZTO@=H-l)0=`{Qq$EmQisnTi0+-gg|h2Y24j4 zxO;F5?$Wpuym4vVU4pwqaCi66xYM}va?icb7~lB%SFhb;SJm!awW?~>Tyv^qrp?o; zvJNvqRK^%-?BnJ8`mytEmeC3lrMPA)wI9$@`p=ho3U_rO$}EIUYJKi~3M^qdg^*#* zfcV93*vjTSh`m<)+>g8GMzzGYoCLx;x-8oH-^#@jnBjfeODX=~_lq7}C_f&^J z@>R5SlRmT%q4$rf$9aW2?8#vblFcj+T}k=g*H9GU?hX#ElGc!p&1V?X_=(G?w&=2C zV1-qYn`X?#(8g!iK)^?_pD8kCI&zwK%%f;AOI2FFx%^HVIE}66_-H(^d%^1U;8-hS zT9T!U)YVsKRFQN<%HnbqhlVXm&Jlds5MJ$adsmK_up9DZNA3juoL1i+u;Ejc_Yh^w z!gbKotI^c$D+qQn%u}U(m0njbq4O=pXDr2^FViSiPps`*F3^`wIaS~qY^*ZAADS*- z0;*@}{e{<|)~Zygw@GB8xse}9CySQhuu`f}@%SyRtwEbZ9T6?{O}D$Y(m_@bz>?fWZ!op8@JYls z2(eJNURgF2n6-?{6#RG>_O8>8b{;Ov`B}>ml$EW^Jq9k@yQjSLe6~w%`G8uD1ldW~CCkT_b<-OPkTsLv zZpqaHe%=xGlE%E+_mD25JM(_!VH5O0kX-sv8Z#Q_hFOO>wS)nGOpaW+$YjvXfU8@jffeYkAsY$l_UI&`3OqBvpe z${NT}%+B*jG+KL}N*{ajB+c%)L)!FtqNv(f4o&%)qThsw?H3WDVg-2J_>O8GOC-9v z_ryh92}>T}@Be!4OLEAOCC*lS^+>2kvf7*I*3}1@%q9_F zjG6T?Y!$k|a~c#9N#h~erAdPVQ2TBZSR;w<01=&;e-_b&jMrufYk~{cK;JY}h45~g z!AxBlJv+!7rXdB;`{_>(p&9k|TtU8vaO6q9ho6`PWg>9s!d%**hjTP4z8i_{FA1sO z!Rb0_Wrb{Z;7u%-)_uR!2$hNBqfJneUY5~e5Vj@t>rP1Tj0ZZt?=?Ko(a!u1vq~sh>s7pE|&=QI$Z?>vu0!vwmu)fW1Xnn9y zJMp>q;Nx62Jv@8=peUhYd=|&3sfI;GVNt?p``#^r`bD^)ps=mYYk9+muPgQHj27qa zsKZwy$m7h%R8c;Y$K01~U+B$JNp3J&6yE_(`FzMBPN@}*!8(D$PXvSJ7#qZSj@!BJ zi&y5}_zEkS91$>|el>lvUH_@DrR#zDRyHh;@pomYqv_Q_|%%{Xca9c zmwd8=C6HL`C7r{VaE@`|b%qf!vkfmn zM8i`f?7I?|{kT&s&4VkI#yvc#<5(bpp9wpx=zm!kbI(R1q_gJ>L4C6VtBG+t1_}Gx zfwP?&wlCRATy5>{g-&C-Ldz(t_fN^oL%kmrN?7~R9?oYAsh+3y z<{mOy1IUMxfG(8pI5pbd-Z!^WX-&ri#>5r*o9JYRv&|nA+$xta&*8f|_>BhyWV_+v zEobs55ZjO_T7EDMAe=`j@E>cqD&OQ8|767_WAcVpOALyGTU-R!dEJbr4lI9I@%_?g zkhxq@jkz3N>1~crW_}*tUv?;B7R^o(YZBQ%m@XxB(YY}aw&EEOaAA5V4~xVRkO75^ zBQ&?*pMH(nDiBrlj${``HDx#xE+3y*u|&7nco19&9#MHm;-jD8et$7LZSgx|^%UTZ zoR~*w=ez}?o}*?YW3hQ(W87xfp_{T9u^vHrz1a_3kiotwMrv zUTr^mkFSlwqx!uKzluKH6b$NZ=ZN5+ov2|~F|j)2u%%rXwEk%vmn_w8!lN*fn=8`~ zedpRrJ556;w9R!4#}i%Z@|O%%G+Kod`no^Ew4*1#MxqX825-4+qkFsJ4@y$&5#sfq<0iXU^fDVw{g~{V z>3jt@W~X(JG0t?ef%q;l)gp!VP%`4M31u)=J@F%6gS|&Ujb6mnGL<6q^>x%FV@+Zc zpjfR0nlziIi>-Z6uWEJ9(+?H4ab5h`lanqTYa530ixTYKw7)050O(knKu7ePhQ$@5 zx;%x8x!NrP?_{J;zT_KhOF3dJtnvKz1f=P8cGw7}i?{4G)L`0+ucE1MWWEXrWpTV` zQ!_x|ISNU%PW00w$AQtflY*mL_bX!tb@3G0o#RVh>9zJyXF<)n^qlp_b8*=z$>*hZ;8BTg6%y8>heCnGY`vWpz$n-P@oV3x^!4Qv zf>F<`BAcfs)wh24;p-HOIVa{ouQ{r}Lx7Yn{yT)OP%DajX7WVyi|SBZp(D6~H9tN~ zv~iP=sJU}K&|t{zez&B=#aIdIwS`hz>}r%j(B|(!!bn1ac&MVF*jsXQH_)Xcq4M*IAwaDAR672rvU0&p^TM@UM>m|q8(6ZSqnaz?zctEiARF^E7kqDJ$n<1vxZAP)xZjtk` zCYHf~GN(yPwa$&rqbqMm>&^CtxzJ8~4ZEV?9a33mhD_Txjp)8N!5Iw78h68$MY~i;0pFEUwd_u*D6%WN1T2fgeJ#CUFwwU= zg6f9HZ}%=9o9Dz($r;pPqj!TD!D&y$P=}+JK4-dLOnh~7DWJ>S6@yGQ`M122UO*;E z{5&Q_jOLZ+-4P&?7`SR0ml|}zU~^5FO-x+PRjMYFr(=hr|K>ayJ|+C^WHyL(TVVE0 z*-CgHEsw*Z$TY$XgXMuny%8pg4x=yow9q&^oyMML@Ge69Q>vMh%5#@P77KSnHJZjqkXn2ShT-+vv11cp@#Db?XlJZ|v>@L&&X z-vpraWy1=4m!b5bJAHv>XZsTihbj~A_4zl9=`@3aBe2-qhOHP)xf@Uw;=Vb<5W1$n z69mG33C#XZLXNkB;zQ)&&qZu84kavmID2X!;5`;IpVMO*!GV%lH)&pc1H==;!gpih z`X@@UgApokhAmTN|rSreePAXlb_L6mxoO8&bMfhv$sr95b6P#r!Dz zi~_W>s|)(gf^#hfr=0wAI?mCP7@yP5bn#4Y?B&8VB+4)1s@1~gk%TAt1t*F$1|mSB z=b#t%3^7TtgnN>*ngVMP^Gh1O;bJjpk3157g?<(136ndn0xjN0Few@WJmg`}E9IyJ zV{moqG3!QS_#|Pi09JjgRF|))57pt%IAeKZJA#&TUSC)Vhw(Xq%p7S?d~3pODm-#{ zPlUy_#ug8M0x{SquhwtT?}K+#-SkdiR;t=j~N?n_4=Dxj6Hm&mFXKT zl%rLu!zVJNV;0M{Z{t+mO{I*HZ1iZ3&SMDL4zO;NV2ZIl&^!=FJpp`Q0nZ*q)Lq}B zd)_wQB@0By|DiI!eFimsXCOM)Ne1)XI^NEC_^vgDrqJHtI;v7ARA>+O%hHfzSp7MO zi%}YOPl(yb82O{qHkYf9p@)P@NN6&G=;2 zhaG*bj}i}Iy59yohCC^ObOqhO753kly`4L%CI?YzOz)>KLw6 z_Qz4XGYXt%+GDkW*oRK4RA@|R`$Jo7IKI2a+TTdYc!36mZvL_DlPj<7IB%a<8XVhM z0(5Oe;l)9c)=T4i#C!3&)tnukKTOAKg9&7~497d-9F0;5X!P8;qekZ2R0XC*Btk+1 zOu<18F$MiKcR0ev7-!qExI$Ls@6yqMYJ9iAYq4kxL@}cJx`NmQvdaF0wVZzr@v&Gu z=g0*!n$ifgHX!8=O8{OOtrQ!$G`HwjE~(sj;H8K>#w*(CMi?Ibc_x8g^cr7SZ1@5* zU-Zd-O4kQ*x+KH%Xf^V5Bc3jG*exZB5iI)dkaa4laV)~9`yT%LIaN7=g3^uz zIZ*=-d1V`hbyi!vXc8$!9S)_=4%oe!MGOuQ%fc^xd0$NdtbzBD60K(@Ghm2tid zLnPdHkfCg_vyz(@Bc`FzAGxtmXwl?aWo1Ig=+T5uiqNEX5gyLK(k_M}+M@E~QeGZx_}BIAJ9IPwE1v|Uc%h+q0<($(J`2C}|P5R(({hR(aIAk}< z3Ps=|SfC1yMi-plh~bHvr`YEjPLbz*8&H*4w8HSTK>G9_hP%$5I|HAA#q5c{t4u=M zr!}HtCBin-z`j8#e~NxP94}{t2Z#|1E@Q3p&9}=2!m-PnW38@BRTwT=a)6*ew=7Br zOC-y0da!<4e|+$jCi521}*bJlyzaB@SAFxI$+P=F*XnkP#!(g7>u8Y99-Ox3Vu(q<&dEbT|BdC!3WZ9V_~vIE=7X zF7K+}DnfUtb}`J&Q_wo&*0kHE&e8EsLj8oBiBZ9LI{x&)2I7;AT|fXt;?@$pB19To z_<7dDL!ZT!-jsb9DXweXl)~K!mDSH`OYdg#?N3UC*Mjz{VEOR|t5aNBUMbSEiwMlJ&$n+6e{B?H{K3Uy{^EPH1bCKVpOYHW65$@gZSXE*F^swZBbm;kuPzF zhXLB}hKB?9xXVQ%M_HHrAOsJzh>$C{%>t`oO*D1Jo)dJy|P=>N-P-Aa2 znK9L|O5xPC!~Kb?NDYvj_{E<^bzkLb&wRPsnbD~$V=$?|N{Q1JT{W4Wf=`=Y2*SC+ z=1mU2KY=#6CWrMd%*BL!CY;bqq0NPweNC6)7(ZDwPEzS1q)wkTT5E59xs&q^vXM4r zeb@vtXNb0F%K{Hh#9LL3hHjScJyn@s%#)Ie2_|E)2 zQp!A1Z^VgA;>Bab>&8VT{MN|dowGBWE7?Qw#^|ctEw$q~=-`LuYcE$MI~hL4LTsYjbAVj@j8!n*Y>d8gSF1a0|9%} zHz=D3HFmLi3{oE-67 z$%s}tY~h^%$9^0}E)20$b!n`~rR{?9huKhO$AuY{F^wwz(;-LuJ0thIP`g4Ml^}3K z_%Nh`8WTL0W;;lu)JaKrjA1xg)R4Eu3`%bE{6hUoDP~M1prA=tKbTTgpahta;2^=1 zhTlWGVZp8x{*mc>u=|;IJmenRMJ;;e5W!usV$cs*g|%>=8}$u-D?KT3Y?{q-hr3o< zR*{N>Axai|qT1(;rJa%L$@SFayhaW%v||B|5%s#Ok!0_Aayx_kZJ|F^y(<;KPq`UK zKH+u>@+nq~C(C*P^SM@A4bnvJeehcFnS@srgeVnFIhqM%)nmBYEq512B1E4jWiK)1 zVhikMjE&M~^95R7aay}pc`%llXct=c?W#&H)olfmWs)g4ltlP7NR#DnyL;q&91sHkbyz{5w`p_C>}4YVWSwcl z!xBj)I_s~9>-$n9as53_C@m2XbVSsc-TYmB&jV1v6^Dt{vzXl5EidcgddYXvaY80j zqN(VK$M;T7?k&S@{6cgGDw8g)UpZ@KeI6dKae^;`O4diQd)NG&a_2n9Ldmc)@ z(x|;ULA}iunk)^ZT6WrL-?L(TnE_(aYxcn?pEnZoOC${$nvH02+Ad3KN9)g}=If5c z-6_nC>pj(f;l9Lb2c?jh#HS|qKu@hx+YV!wXrhB%3Up-vH&eXoFV*;=(~)ZYs!yDi zKX3d^#^-tgBR74WQF6YPw4=y{hUgv+MFqgy6Y-2_g40x4Y5D!0Fyj**Pna%cS7YbA z-ePpy9m+<6PWp|10F2oJV*&P9SNZN|u0*`0%W&oe8HS^`WEnzEaf#NP@u;u>s_HDh z_AnZzj{cB3g}eYp1!Dekfz89=;$`69&y1+&(YActp4|Z6baj>JQ?r|*-aH1*Ei4b+ zw!i3EUQgDnB4+e0WcT5INUcVgzu(px)Sf4yp6v;C-fY|FzbBuJvyC3KxRRy|KvyWzjGfeNu{_g%S_Xa$ZmJoq9Ea-i21I(0=G=4Zps7OL%Di-hNUW zae;NPrUI3DT$i)7O|cuB=SVR-;T?gCLi=P2SCf&g2OASo`Cu}50QhGqh>G|?G2xh% z$P3MNP_U@|m8Eq?&)re#t8VfnN#gH}m_N zUQ_gV)Hi5K&+--@mt?%}l4}yIDDgZs&i?VQKL_uj`2s@x?E86XoNp*=HM%05p3EWM zUT6LWWM34e*mJbB7{@#BMzonEry<69_49|%yy^F=q=8sHH2C&IQtbq#@DF05$A747 zgM&fwqc~rCJRuMxIFFru{cOsRo&D8nf``cH0V_`Nq?U24s2YI~i*yuFHwk0$rzS-O zB=nDpX=38bag^g8Os=Ww*|2PbnB|M;1vm;nOBI%^A0i?WuM zH0edIhfUoY;M`gHr?o(hI?zyr>vlH;9~o0-pIcTD@gtVqc^2Jg8-!1kzQOgi&h8(z zv)KK~c^PJk%Mc`ekCG_iy1#!Y198dhP>?{z7a$xc#MttG=q3_pS)V z23M+n>v#+yB{#YU!>Tf>(vNqa*05-b^Ms1|7D)S->s)Gs=PTEl;#Ai1t{~s=hp9$> z6e)VrIu3bKe`!@mE<`rUZ$4+q`-D0bE#2hmSc9ZRyemR9?Ragl79pn`dcp!+>gN-3 zJnyR`F$zOp9O;gu3)hQ~UGP)E)c`eQ}N|Dong3ff5x>Tq~dK9L!GkF@tUtC+c zbTYjZOtLWSmAw6jNg)AXG1xz8(GXVKl-tItf;yo%DWU&pnu&Fzyzc})ya1V#C^)nC zlaXA4w=rB~4Mw+sCPpajcC}mWPGa5jtyR!T*(p(*w_(FyV`vB<<56d0-)ksMA?@huFyA+t77ChY9QBRWGi|9k0W0#jU& z5EXiiyCaxMkCcNfJ$726RHYEs%;4{dsU<2FR+K1zB5g92_C7$5-4zD$ykD+b*! zxdK;z!?8E#Qu679dMZYYy+qbm(WB=}=KQ4&mF> zXv2E)f4(uZ!2)C!G8sQk_k9nSbx$C^ zZRd)KN|&ZmEU8F06&ZRKmqlfw<+V;U?kviv>a&}Z3E4#VXd2z^_Cam34;gCH$yItj zSIX1ORnirbLZ#;o*voTarc6Ld?>dz@T096MLCrgRR``f(9`yaetrH)^V`$jcgYuio z((W=V-7CS$uaFGyVsz6I!45hMKX@4oI*jmRc!1sRZx>YmjJEU5xH~L%oQ5jKZ^0tD z&Cq`Zq5Ncb`~B~KXuOm1N4)#+dY8QntvukPf7aJ7=k0hBj&kwImgev>H!^6h3^CsCmgox%GlgEEzoT@~pL+a85es4_&t!5%~STXB+B8N!N4` zIok~H3jV;T;rqDGlTkSyfr6k-t@4}SmbadQ#yM5*X#xWEf<8V&u)o_g!)+1tojPtq zA1mGDW%jJF68y7N43k7=cNss#Cp(`Jp^sEKxb^g|PQPFMd*b;%*e2{^3>! z*qFhn)#H992%M#1Net}&{uY7+>ep2`I758V`~gI6Hwzl@=4*z_@dDV0v4?@-w}Z(Y z=LqMy#3*lr<#GY<>s+AjMgMfEIa6!Bl}LqSu#})zq>UHw@#ZX&<>@`9h2VTRANu>D zgJ5z_xk=r$JvF&GAzsuw?DzHAd{m?Sk;)&){(UO^y$k0N$N7-Fp7wN(r^odKe1_r` z>_3%3|9!pT_@4?rD^Uyl#i+^UX+D1DS72qNL}yN~9!#}d>Ez>TDpO1lhCTSsuJ?qP z>(OC4 zhz5_5D={xKXFZ$A=jlfNGWAci0SXt*j>**}EH}MEJ7#zfy+6)yUu@|VM=tH036^R8_n7fj^jm#HA3;@ zM^kA~Shv-s3D*o-2{5-kT=9n18VNs zM1#~$|J#9qfjK6V9R5gc{eNzw=u$79W!sr|T{fO<{-LUSPKk`uDVW8d!bJ>XG(r1D zsZ5@WW7ibe^F>y90u3@}NF{#End8fYKNuZ)uvP&FG!#OGhs{J8)USOx3|iNsPkErs z&q^ITX6rH;jz*y6vJjU$LXr@={jBQ8EnUp_&a>nV8>5k`_&+zn@*l7V3BiJKgE-*E zK6=)Fbi3E2@h3|dAur)O38IY|v}s!IV$3edUQl6hHH77Cc+kVf!G6L{Z)Blf1fgwT zK_nFW;-tO>!*(uRM_Y{)1tIJ>KP-Bt&i={MwMdNZum9GX&<-O}%em_jR$bWVo$Up_ zkjs0YPlszIA5-@yfjng89yR|P+0Cd*8&t2Z1qKjiA~)V*g?A{?Z1A+joHyp^vfIpK zcU)?B&3181#xC~YM*<=5U$W68ls><}UYyM4(=qo(=wa~ha`i{@1VT>HvX+bi-2{w! zG5|V?RCKDzxH#9;z|iPzR8n1R2cY|)1m~&1K&kN{H;@LtZXC1?0VdJE`ilxNn|Kr<&R!_0~QfjougQ|4FTF+^69H>Eq+tZZ$ht4oIocNCp zABtBamaTe?;=#wdL5Nr(RfqRP?LwF&j`ea$p;s@5 z=>DGv{__9zz(-Hb?{2>)&cLAZnfD65zKX5IkM5PI-s|Gc;hpoTBdX8ibnQV%73R%g zw@^v<{9o7q`ptTv#fzF|Sf<>TA|ISOgS5kbQ`8;vjE=SY#(&*Y8_P<}WIju!{wK2uF-?F13 zd7Nr3U1z^{X0l}c4in+mEwyg9Bj_)KUhZc*xP{W1@bI^MedU<36RL4nvui75`;w24 zmhvP}@awkOacIc#O|icOtBQ?DA4R&zWV~^0tpVT~7~>bW(?#G%B9(g-)l#8@js^!; ziuWfjQ@Ro5p!*lGstBrnHcQ~3J;Sfwmqk#U(p1#OT%;wN;8rKE=><>l-*Ev-y7&xZ z;9|-CgFA#lGvE-TlzwKhbAsJr2PmJoSIQyhdenMjB6H1xeFG|t{Cwmrn6ckN*7PuIHolNOeN z4=z8>S%YX|kn=^BWJAhOM2UQpBzYI9GEPZs8dVjYgMKH}L+;*mle%QjpqqS(XYj#d z=aSiC`IJ#5DL4#vH}iK3Oh@7^zZ)#H>&O9B;1#a*;Rxe%ifjhCR+=PVMfsiAteatA zD;&NYg6}mP5&n{j?lHFED7T*wqQ+Uwvm^4(<*~8jgCD-y5qptgDd~auif?9FyLWIO zi$DV&XP)|@W`RwY<F*0uDZ_SsD2tqD){A}a}qr}u-Svh zy~kIUeqQfe)?WRs9O7ghn~0ar?C3Ak$GgQqV!KfGUX;P-IO9vFx@XNQaNam7k4Et# zJd}Lmg@&Mt6Ky}4%(}%gVaXV>#O=o0ptCU$V$7Jw;OQ;m+-#Zw;e8m^e`Uz*a2K$% zsz2(k_Lr~5%@DyDt%vaq@6App%6`URl)N%|?t&dWM$i0*$1FA7uW7I>HSlxr_xLTZ zzQ)OYY(L3pX-m?(MVoc7p&L6E)KfgI!y9_5$9^J^Wn5`tLwOiSdA=frrwg%v5Y|uA z9-4N*ZKAiX7&?+p(MK0pW&ZRSwLZ5k>Y3LR=fpn~{Naj}Li4bkz%xcZSE-tH{?lRI(| z{tlr{+!{iXjuy4qPqekmx;(2e%i4zfStnU@-#}Hmx$VnX7~w6^KjS(@VrQkV+=t#r z9&~~J$sUrVoNdUwEY>ORsYj|?VdHoVJ~7=X5>5+vz9ia9UA}iZ4s-3QETKvZB}qmv zUaHD;|5BSlwm9rP%)HJ`fE33>=&JWCIb>a?>1$CQm$uk*o}hu6pFrM3F#BxeQV``D zm&u333Ycjcw2!Jmfwexq|c$?(wKAmT;oW_Wd9wS-X5Z%O@Hk4bYf2oUvU_Y8;ni=mCH?LaGxPR+GV`{9D_6U1D0q% zv2jG?=zc8-5)Pdz;L>U{5iAoYu;y0Qn4zOc0vYq_*fe7KYMj^e|^8nm}3gAj^7h!G>UMg6Uigi+B1b<0V{ z9*sXi``d%_+V|>ikMD4ono0dL$m#pq zsA$8c&wa<>MfqaEN#QNJ_=1@)xXA1b(gVA4wDY(_JxoP2%z|R2N22b>sem8MoLjqh z11c3c*?F1gf9I70r7;eN9lw??TnoMfEc#XoH(8t@DBrY#4&L3>nM#78%->2X${LZi z^hAi@q@NrAIQ$^QDeU^5f9{ke)*g$|WWAQc`_@qiGCqS@Sig9aL#G}ZX75LPHtANL zbp;rwBNykT5_!h#Jha>JezddUIAVS1A7hV#{YCM?5>@Z>(l)lO~#XJ*PfccZo6Y{?0Fd$3+%c^B{Qj-xh(Jz=AKToY9p z$7;Wgqn;JN>J!MC+}X+mC1w^%)x3VA0j-O8Q!N}%)H8LOo+59uy}j(y5E;+(St<;D zpAF4|1c!Q}UhsCu{t+Ofsxzu7>B_V7;Xf3N?~yoS_Y2_4vR5Gaxs%0ZkZX|o{KMLb ztxm`zo2lzQX#A>pc7$?-x0GPA{T9`F_hz)ybcBp6?x#Z-yE{~JfB%eysa9exc|K2J z%==7VX7$D7YZU+EfcaSVBaRs`#^mew+-CKE7Yxs2vDtnCz5=H(f`cbaLVKgBvkz8# z*6iilkv7T6jvV+?onF|wPstZ&i}*BCt;CaS>z}L@cq^XP#sdjuSoXnp?py22VjMU_ zt1;^e>=P%O{Vo=P1lhY^ zG7V2QpR83(ZP=qfg%Oyjrksau6_*s2z(Lx+3@-JUMIky;i{i-cn7mRI>Q_26(iLx^h$x0AGbeMwnyC7I9T)Xp?GXFUBRC;m^tE! z2=+6mLMiap77rEdl4alZkd)6OI6=HNmQkn!dn`X^GZ#R~5nmq`e)A|e;5E6{-%zW8HZldoITRA{n{WxIz)k%`_Ak!!M0^WvK6W zqgGV4H2N!U(n<1N-b8m^_z9QC(OR}-0KZB|@;C^gGea31&jhc-j%l7|dx>1}ly zay6+_nL5)3Swv9>I-vi!aYgPOYq8y14J&&JJ)$uoo<^S6Mnt>u_siaKm>p)gxgXDR zu%EnfGYPICW}rRyPsNfXzY<`6Y^?q7E4rXI2$a@lPn%rfQAvfrFC-8 z>UMRxQ`63J;}Rn8?mr6GV7b`}@Yk)ucklw0s%QENSOL#=JO~Wo0S1)&PUX&avst8R zAHq-`FwT3)gkC~P!TTbbqmhaa#fDyFp6_VY%rneFsFLVa$s>Ty6D4wz}N2t`rE>^OI+X83Dgnm6#0BJsZn<_bex&O9hJ_4-YkCn)UGJQ`AON*7+fo z8Fi8FM)ZnZJfZ9OTr5Xn)ARxfA~xk}pgC2PwAC^#CP%u-i6_RBuyn646ISvi~3|!FsIDxL?iH_psfjRcqG;(vHyp zIfWji;GVJ|barrA9tXP<+>qLLu_b;bPM6Ek<+D51)tp-<@dcipSSqsI&NsQgmd0?$ znid%v0c>8c+BtncS52%3a!|rl(S`o7$6)y)6X6BcXseV+n@{+?7|1F9(ta}s=D(X@ zpGL(Sj=s{;9K)(O8@|sVwKdHAr;b4(A(7o0T6-Lt`W{nI-aF$Jml=6yTyhYZQ)ODk zVluav;q=T$^qXMJO1ofI>|)ORIp2zab$8M*Oon@R6e>q>#jPs1E}HxgmvW)SJ4Fv| z4-y>1nc?xsB#!$zx_1LbDs_bavc3FH&0;4OApyEXVHoBj^S?n?zt1Y(n!&KzH#b*n z9_N7wJ{N{C0_@RxgYh*w3@bc>_Pj7U{46!X0ByDlxb7WHM4v6Qjv#8EaIYtqe5VMB z1O-;h?99R-u&pyUNncgBT<0^KE}F=Zg~SKzjMy;|3)zBolPzy`w6WNC3C=(mL^Jm{ z#sdZWpNA_iIPxkfuSjV>k>eV5*mEQV<{*0Mg)l*>DzRQgu-B zLBRDf*RQR>ClyNP4Etaugu`%D^KTB`?+P=rAA!?m@@ql8sEL4Gx9_0h$m+OzZn~tB z%SfCTenlZ~Y=PCLBG=vc&th4-8LTguP>E$*oNEtoQBR(nkyPY};?dSDxdA))2fxss z({KiVnsE2QXCQmQ%j7ZK&zNZR099vNljg0mE@=8GB~tm?fTf1=V?%3L^t^MsAP{RG zA^330?*nGO552Ba#`ix3m~oN#ktz8$IO5YdK_%cj4o7Ox>iHi=F`odv6L^r95gJsy zmNE9W$5&?IXo!wU;je$Ez~NdYPygj0Yz+giLY|XK$4>&DWH(0<*tfm{F*(xSnJjg@ zQ#?8>@{xnR!B3Vr+vs7~A9a!vGwN^AAPFlW~$tZ-#Km~3LEF(^kfWgNaN&#PG?2ox01Z~!wH^J@fuG~$| zr&8%@YGLSJK53E>*{q&lNChBW3%`S5O$^Llq>-W0(s`c%J#U2_!S1d`V(VJhdlnKt z)v0!5l+_L!^aE?!U^dB#Z6sJIA;k=pT@Z)N&Lqhd!|5NV3;0~?$f$f1K|V^rnqoGO zjGPE6B)^Ww)r=`OMe|!S!bN|&$U#?I;zloJjl&ss@xEv0E<%tW@yM z-rRb59Bq3PESIkoZ}|l)qvMI3!1)`YSdPioDHo}N?2Bim(`FTmP(n)il4mMRt*sgk zzPIU|LHvhjd2pIZK8J*{BBH^4>(1W2$mL2E=Xs|8Ws*8{(ay-l;pJRlkN!zqrHhYsoGbHu*b6nZ+A>%Y-E?1=uX z*;26!Q&M%Ec4WxQy&fghE=kMEVmqoP`NQh0t^JJ~ZGPs&Q^UwiDraX6{==EF>!PtQ zE!tOweK&LNvhCdL=q3?QL6wv_ilp3bBkx*NLLt<7{efY{4YCKccNz;s0k2SW2^Z+Le`SQ9P7@16!(vrcMV-e0mse|` zU=b$8QiKz|ctTb=qE-;or+kKFQ_2wj2JYKabcusDW813?b(eY4EMgMsO3FwpYBS>N zIzG#ZQ>&NL^BiIiJ4=C+tZ*D_rCl)dj%}MDORN!iF6q-(x#rVc?NMA*h?2z7_x~jO zW@Cn1XO?9XyoV{9DdX7I5L1FgO4jSSde89sV*TA5HuVAzS6fO^z5>Ru@LkI=T2b#5 z&B_v~0qQr+JYHL*55Jp!-h&2lZjRUx&UNCc-%t58QKA|t3~Y(Kt}R25+L9Ls1f_Gw z*2{G}z67pEGspy?ql-Vj3V1)Sqk2Z-3?6S2Ln_-sShnk!aQLbLjEj?kk)~@f0QCw8 zZ=h0+Az&^)h$JpglL(w2)kqC*R_fa4`WwX$*ssI3GXcQ(X3qMOPmyrS5{X&fGYYdZV+_X)}lc`>8_ z<&TB?ihdWm0XR@b5teh;6Ul%U31-uFUEQ`VqQtYHOH?Wbc9CX0!H- z5hsKWW9BMFkMN?#EAM7!iqr**ynYYPI%?}wV&zAybZV-I15MB=|ISe7B)B(3ZLlUe za(iq*Pgh2udyQkTBmpIGyH6O2=*o!WkQt{!^E9trOmnLm+g?cl?PTnag1pql7v|;s z>a<-J+)ipCK2pI_ET?VsM|q|o-P<@58w%@-C6JfLbBhMfXD%JnNHew!ZL@^EiZ)qtbxR$45Z; z>rlFsH6w-g`|X;3qG#5A|I3ce_Hpi*1N21f8{kI8FI~Y6|0Oc75`^?i%VdQysI{3n z-rOIftGLl;a79*~DD9dc29fAb32<_{-o3r#>x_6Vw`2i>Odp-V@13fdXpK#e7&y0^ zBBO3@+nIDxke=lpIzkJ}07l+j&Z>nzdDj7d*c0t>wIKajRbrqH*VX)lvqYqK7R%k{ z1o}25^nkG8eJkPZN_3&zs(`Qm%kP9< zrKB5(V}uT`F!b_%{7YRaEs~pq@+G)bx8pP17uuO-L&BrE-_q;64e!hMz9u1?0=aqK z*!Dzmp)7I~RtsM<+X*&${kkOECk0fE-&lGpO$91~OC6^uTCbz!@62UBaWWVHDYFui z^|q#5i~EmE{2XB(I!r$ql|ZeDBMvsRc#Xu|Jz1GL7k!D_MU1u?;8Qg=r4Fq?GojmWmXa8UJ+wR9X zbLLFncXxGnRb9WT+X0jKx)-r%ScL^s;J~OlMPO-VKBsi6;Ejm{LAJHs(;>K-Y z1z;hjqF8MziVH_c^u<{;qb~TXiINTN2i<0?56U?h9hS;Y%cez=MYr5#>d99!jm`|C z;MX;wC3o(mF%5F_vblV@@pwD^x|q-Uh)74Q)n?;bFY?6$BZ=>t@d_+z-;KpIr0&)V=m>&X2@k0pBj>hM#^;3|v(2oLECF2Bt z3$(d1h@B4in#kp8Wy$NWHc9jczRMC%H#!J&x^}gh6nB#(hM@1-V4)`#O8 zd~1?Rlr&xOHdyq+sdzGeYykRv+!=D%hE{R)igohQ*6T8KY7V)J?tqu0z&x3|Q*K8c zWYF9v(4Mn8=5QPHi-}y22x*lxh9*qJ@RH@bV zXfYQZe3h2xfMjL^$=be{rIfKprIiSl+0gYozatH%k@QI;3up!4i->-b^-erbjSr7* zXVjMl_~3~TQQ6OE_?fhizzOjN9eCGd`)TPMDkE>4NLzG+8l>NvT}l^Bl=%d4D!xbq zJmUPJDpvw!lRR+|QP}e0)E`Q&A3xGz@A(U&!M%s=6Qr1lN@ zZn(t06L)xv|16tWg`mR*n<=-;#@t_4@0~=8Jq*)*+6+-(z@Y~lLCAToE=gYRq?dmO)jaH$2dFjln zl*2|(gXaCdbecb3I_hrhy1Qt8Qq8E2s8_&-)4hd@qpMIJ;>0+tkKp{_9d&<-=N*41 zHE*nnz&TlKM^pQ1YfgPuH>B`M-;rIfCW2e47jI=oF9NTzSq84oqK);%Ug62^p`8I| zf%C6GO4jn;B`?w|%ZiQeAwGdkAxB@qsC{vFH=4;P_zl@ilG(__JKqSZmQc~D@4Iw; z`8}jc_b~e8mcxfc)3ir6zRu&QmrXU9vf>Ty7oDDvx!oh36p_J7M*2d$HnKK>Eb{~Z zuIh(zqjp#Z3M&yt;Iz@V`lXGTqDlLDQL<$;UXVK{!DV;g(CtT; zH=o0qK3)!+o}SC>-o@xCzj&8SCIpjHmu^{2pl&Tp|5+}ea}-&IH6y(VVELI9m2o0& zG(>Ps5DAw}rlt3R12$wiz8V_K{Ozws|0?R{GX_U$iGK3+@G^!tN zFm?FcK z!4o@-+u9HaR{slokxN10m-o|ChwXMtt`VU`28Um|>UoEy>Lw{8HZ1d;7XnZY*CMw+ zfTn8BvQVt_kQ17HeVX8l)R&zP=|2~Wz&KhLDwP+n|HP*XUzgTZ_;EkOLO9n1Gx#ah zhV+TkSVO zq> z636oz$N~A^o6~=Yg6mGP*BZq3fE;?-tvC^au zFjFXnwxiaT_xlV@;+n~($uiIq_hb!7 zmw-h}O>M$SSY5_s*ks6hkadAZ|MAEEAQ*p2y;e;i5;rJ6Ja!v(I4Rm?_P-dMbJkC@ z37*g%s~)z{lj|yNwNh&;o5ZMIw&+N%5Q30^#>(gK5W243QOB-6I@e??QOamqDi`lB zhmbk%3r;!}U#sd%bm{IPr= z8Maa)Mz70EPQ6N_^b!aBT6u;@ct_{Vs#v{H81qa^my7s+hxaJSa^(lhmc$~DCbv`;Jo}}IuicK`G9-q|Kve$NcI0SuD`_T|2u&6e-Nr5&%Ybf83t0=#bdkIo=toYhF}(2!cypO zlO8MX{p>>Ms){^%_b(Q;&F9pzCUH+x{G|lzcbOKgs3=(u#t@xywgtFS1X_B@xM_)9 z*14P|qw?>M0-;v{C{Ifq^7*sX!q?NmGpd`4(VcvUlXMhvA3l~09vTV?qf^yT_FLE8 zMUG#S&rwSoV^q|v)v4p#tzwUis5^I011k$b!)8A+h<*l<2O^C9E$tagQbeq$!K{@q zvkFDTF1ot^3!*|lIKNQfm@l45Thq6eSd=^l}!}{%g z4KE2{8cxNR9LONbfU6BmI9oV7pF3jQ+5 zU7?bpA@7*Y)3G&=w4y#R=5am0PL++~7f4f(o~>zx`ZbF2qCYe=t($J|GNdzv;bgxN z@uA6Rir(7@hIw}N1X+p>VB^zlhh@+zL$YX%9c;Xj*C#w{Js#Dgh!;~!m|*&42wke) zCJ|wu`)TI$wNq;Co=$ylEn3+L-=3VHTl=<;xOYx7976beFaH3EZO5hJ5ovvgQ4hVw z8j6+^{1q2T?#qB2m5lqHn@5E2y>Ye@J+cH{vjcGuSU<8_mrU4R!OB7o$~d3Z7!neP zH*yTzzo%FXhHtfY7ci8p>MO$nBd40(1Tk*sV>km5h$qsR1^LBToVmsF{2zP3(uoJ; z^kE^i5AJxH1E4o926TNeN??gBCJ>T-D1Y?l7tu8{2SF&AKx1Rf7k*w1o}c)4sTAzm z{NjLtn{;}aJJ;~__Lj;qUK6BdmX-+&w=&re>}1-szlxLF*^P1BrRJ8%!~&|qqnP2p z<)U>M4j$1`alspXygXI?3sfUQFG&^!q}sS`=h3rnab+Jh{ub_YsCC>LdvRy=ZE z{iZ9y+8H3dN4;Uz>j_ff?oN{kg@4kM7B=JlohQjv+mtMA%3 zfYP4{r$7rt=Jz~rs=>NVEz+m*@a5&<{>9SD5HEARZ1yj^yC4LWT8Lp_pk{+l<^#l+ zre0WGt_PKBN=bFtEd>og1hPt#1@kQEwI*ANL^$=X0!uP&dV^Od#Q8&Xq4qBU=v;xX zDSpqlWqvO=+J5)P|7^RbF#LYD=zRO5NrZbBIe5H)T37FR9SL{cyXWSYcacmbffkOO zGAr((9D^|*K%qgp+n>B!`E>frkAg{8S#0Kb>df61VkVS%@4BWoJZ(_5QgY(SpS2B< zIB=h?_8r262#}!ZI}oZPG%>jt#ze4vT-L1;LYC(663&}KXzESmh;G9VOwh$- z7as9kMaZ}XZqGB11Sj=6#r%QaT=AE0qjWKOqecnZ8-8gSHqs$2+@9B`atTP&UQ!S& z14N&V`793_4>rKHK? zieY*R?i#^y)1;$(N4t=``LBT*now$Q)M!q4u7T+Ve2p&C|Ogi z*g@L1s?d4>Wcr|d~b+(jyrr*8I|#BCGNB9%lh z;i5yka;AiHWrQD?S$WI#$3{rQrNU6QxfV+nYD1cT5ug0g?%%vany$<@E0IknhWu)g z20lwvzm+M6Z-19Y(CAHH$Din| zi$Cg#%qzI_PPjY9iO`{|A;0)anR7sBU@wVOBhAoS6m#%rn##ci^3V3bEgU#8{>+~t z*%n)d_$Q&w9whh4o|bm_V3G3F3qo5JT5Kc`1ngV*5UQ|Cq1PTB07?3Lo-S}eO({&4 zPvPPLi-7Z3oXp3M8(oCsd)q0gvZ5l2_+juNAG=Oe0jaXZWB}cs0(ar3;b0ABTRQ&@ zO!+3vmFXI8ddI!)NYuPTE@P}{^F=E4XEk~X?I13cIFC5e;~$gX>oU5 zz9ApZjQz#ww)u}?;GIGC(MC-0^gyw?Fj>>A%y=XX$3DpTd?n}n@nuiewO1*&Ye?HM z)^c&v_u=bfcvMRVMcOdM@@;Bv;lq*)ARVl-Kk6x?+7W~SFUpfwc+Vr)@$Cm!l2bPm zpUd5=s2YqbVo5nWzyqI@k!ek>&CMWX>23uM!E~TNQ*R*#V1; zL~W}d1Cf_7;9zE67iDBKi~0V@i8KJWV0>pBhCp7CO}QpDSHd@^%<&x#(2A|tcxPcU zw89c`FIR_)4SY?pei`W^a83%*u#f01S;Z_|hjS%NO(G9i@GilrfDl%h4E>mdRaZTH zvQ*)m)X%hR(Y~Q%{*RYK3r`0w+V~QOIUJ`TRQ}9iMgKsw@Pr!z39?LOz7J(?rutpq z+XZ|ODq631dt#e7&VN2x8B&G{QP23fQ1!uG=e~%rZLuy#eEB`P`O;CVxjJSFINaOBqS5{(7!Tz2LGytLjXcLzYbeDd&C@U3Z6$mYBj#; zP*m3O6Cwdm9e2}E!=HD}EI||1akX;Ju=;7~2RxAw#h80R7m{XSiR-ubAw3cM14@~6 zIm0>r^hXUxBFgyhrh&<)du9P^toY)X$(aftDPuDKI%#|aP*WRNJocFWb%N1@+2-PZohMh)sOVVJn9(YXp_lRnFW;l9_^macc~s!7^O3ZJQKU^;WFuW~SwQ zk>8gzvgPIE0Gd|A*|E^+Y_#G}W$$9xj~inM18ZH6(l%&ROEz-G|mG zOHQlrdKB!|>T=-t*1+0a8+eE1A4mFu6LuKy0o)ULne~M(QpC)&G%~HGHd<86zR3f= ztVlnPp%}w&eRljJjl%7N_oB+#UES*%$ zk_pC{#naWF=O=9%YOhREk(UAuaoCJ%zF;@jzP{O(OO%uChojmuOq(N6k)Nu7zTXf$ zcVkD{Xn*G!?cB=5Xn~WU6bU=<1v|Ai+K<58#pc>>eLT{t__)%R;>rqhvwT}<0P;Zb zFJMaAmTI55H~h+(!C~t$?V^{iJbcowy7ke*R~S_fG~x5pk3=v*aY!xX^aO6|m!94! z!IX|Zg?Sy+8(M`H?0?3m2rHQWYPOMWpx^Ekv)Igk0fIa)&5|rOX-6mt++M95^w(UE z>p2sQaOO%O20UNDG6?b2@QwF(^H#{NxJO=rU1jY&;d46qFnu2#esyrCTa33=i)h3= z5%Ko!&fL0FHj!!Gm^>){0J{7bfRzqPJ$-ez>H*hdM1_ZI-@QpJl z#Cow8QkHss>?+K2Dsb8w_#U}2hlU>3$4^{{wTd51j1#R$Y9-OMWNL-!Vu+AO?1I#!%F#6n0epA@DeQlxOR+)#>aW={y6 zkOEwJ;gSjOYvO*6OgB!X5f%Qi6Zsd3$5r@?;~bTbJKQ~)3b1u-hA*Qn5$kbdy3>b` zZoj8j%iajuZjblc1{A7wm|JikjDGgnga|l_j;4Ap%(~v!jd{JX(4rp=##>Kb9vm@A zS#n2y?jC=Y1S3fC?VMPjar_FT>P!>-hMt@~kl`GU|I1HN|0KZgb-E43K{GVOQpH(d zq0o4w5JYV`gy?mtix!{l5(i2{L!tD?Pe|eL-O&|{A?XWIvZ?idWj1`a;A%qijhx)@ zPELPdb$(vd1$$AAdhCs8=ZWvohDsRoI^M@&gJXf;Pw${D<2L*3 zl{SC3*b-`72*b49?#?QuT@wijQ;6ec?+(oz}SN=Zjo zBtE8eKH0CgjcL7=+ z+VWdfTdlL1K{V2-9{lq92&rb6$LVWb5J18NH!f)h7^)l`sY=@3(jV^aDjcuYB#E>&CZxrETe6!Fd0ZLlp^2r7nob6+7Lxjj__8ed zU|WP|bJAQh=kS532&IFE;dN^E2sG0@^1QQbG^#Wr+>JU%cbAx|ahRn`@}wBl@;Dnx zwexI}MyLs6>uj!6r!mrb#L5xFKygM8)1}DhRQbfdW3j==hPElFCawZ6oIx8IlEJCCn=n%-C!F zgDal~TbS+DppDpPR_dIZ*Aif+l}MnmOY>@25PewkLrlt!>b9_TJs zo9pcd=-u$ZxBjJnqaLeH#c|tjbeEz>qmyZYu-?g&JA?S~IocKJwhg&fID5S$v>;TF zT&ph<&{cRDA;#^E`ipY#*3g3wh0h+fpg=EmUwqBcjWh+Gc?g;A4eLkkUhL@n-xd_R z*juoL9d%M9cnhumsbgBx^x*>=WD8uCX>w$LuT<>1E>by~oBMlfukyIpsriRe6#u)`m z^ZFRH%M-HAb`dImvkI0iYk$;)|2I7J31~8qBZB~A?VAQ|eO`z>i0NYKvN?q)Oc3z+ zT=rR?%}SvP`5VdnGlGnM<}ff@>}KL$0lYyjpk`Z)x_pThE_jAoLV3T&3j2E{!KUWl zAT(4_1J3<^gY!l)(^ZSxwiaVh_f0GKKU(+!G5r6jvHZWQ-2X?A^8b&F{{Q^JG;Y~v zk<6zi=&eKlDKrEFY1e_iQo{0|4h~Przwy^VxW7Xl5DO0?R-8U42X3Fxh`E(4Xv1dR zhao=IBKUGn5mvN3{eAKanU+eanvFAjF{9Jup>pN$-!`~!jAfW%+vGA+AkiA4UyPFM z)W5|o*^x;JMnt^w^AqAzKMxu|hl|pB1)v@%T^6SJ{<}`zVve+M!X+poQ|RTUw`tD3 zI}WaWrUSn7yL}~RO+oHhd_6+gxq3kO9>6N!(G#&`_RI#h0Z8KCZadwxubk*a!_~ZO zY_KjV!vQRN@b4RP*@?y}*Ye6=`>gy7(Zx{~ne)W8=wBHnMBO-OYIuD=_-i-^r|@Cl z3P_o2k**?8T@LknD?ENGwyuq zmb8_#@<`PrN7oOTy~9>6)Y`j&)P z-eYiPQ#W`x;{wUJ{HGw=-&qQ8c7Vfqg<0SDSM zC}N-d1aRnY5%dE6BJLbc2m6&|s*&TeJfG!XHB+^*KXR=N8pO7bGEv#arNxVXf@*X6 z%kQpU%S^pacij8IfbAAek*?hl{yqA3I*k22m9G2_YnTc+<$gkLQ*Hp!t{72_#D!ky z3tG97;h;`COC?Pc)`Vz`*OW^vBez6eLN1@l(RtWv_e)>*kf^|e^550_mV6|SqmY1T z->e?d9vp@QG{RhUz(*zG`7Ised9oNeY&IdHS5NLEa%f$WDdwrAkB67?;%$wGInZ!# za;TlC5Rmms)%9^jCqnNmr+c;u&(f_+&)adw+oas0U82DEg)*9wC`~bcDQetAnr%C2 zAH^Y-kCM#%3yL(#_m5#9RMUa&pJN1zu_=utSV~!TJ7bIXcy3!C$(o1*Kkw@r7WbJn z7;_MwH)m2B#9dAiDlMMyUUSaqs|p_oip*W{Ftpt9VU2!%wf?=6YOqRN4Gv%{Z4JJHk5y0pH>YX8v?YmazCjkF8we=Z& zA4gh6x^>v<4lcN3+sn{9bu5m*9yM$mi8Ak=h9YtWQPq!lD-%0Urc4p0Qo?6%DxvN}yEc8l9I4HPpKr-exnbVO^VwIG&8%6ZQ%Et)bRy=V8irW=Y z8|_w4X5CU2qt^nO>`gfVJjAQN1Z`tH^(gNiSDrojk$0$ z+#tioeCqv`bU)nF(Kozv!t^Fhcpo?hl1+v}&}TZORVgS#?Cu}24bwPc4=$;6+O7>n zTPxsA8;h>)3-GPAH{U1Fc1*;8-Yu`YprdchV6|D@v7Q)>D^w}%d=fXA#{tbdziz6wb9kWny)c|ruF7@M(SBCw`d(ycr2Kn5 z_TtkOwX$Ho)t4IfZ^y1Q@3wUrr1IivG=vUC=cy+bN zLR4m?Rrd;7Bk+;Bcx{gHo-PAei$V@kb&fsSXtUplxsZVCUuSx&!2s+DS@V}tE*v(k z=u67=P@9T}`!)O$2YJ&0bg^yL#R&BEz_1w2Ykjmq=Z(6m^SSYc#V%{q43&FttIL%r zQXQjFZT?LvI)VXvmCmuWedzILHbvEerDi<@3@hGif6s+dk}$tlSJ zAC?1m+rVv7$fCyq&a2Vl9h|V?by(@;Zkyxz{E@oX*^RbW0KmvTkx#Ib$iMX_&tH?6 zDWxi$64l#%CO>f)|D%5HyQ=mFVHSl@ody%sZq61*B*QPSWj5kXcukWV(OP7Qzm`wqFsf$G{I{ze^+0~gFO*h{ z&hmtI_GiRwBBAeFXKWw!i{VtKABq=ikfV`X39qK|qXI01@7C`GpV%IuO(Ytn?#ZU7 zhnydG;e4FYNm6b(pL?dGd~K*>{aX@?Id1^`)AdII*wG2?P&hQqlrE;$?oM=@sqv>n z$4DO6&bU(Hzb_D4(CPb;G|p(tf*R~fe%??@D*Y|s*!T_C8_c9xDSy(68W9uoASv;< zK^cttC72*m4-w&83ZZGy*PGr<5vNdtL%2vBm0ss(%9UFSRo*~3#+7TG_k@}Jjj_eg zQuGct=j&83gn}1L%y?9AzLev>3v{%J!@v+QVpw#)Oa?>FMifIMEEO5?c%r5BY-K7a z+Sc=vEL(pCS?ms_ctTSDq7@2dm3H#?X$LAd3n5cS;!m;PJZFpEK9TvIs{2W-jSM@x z6f8hyP1$~^JfDDfu54K$Hh2mjQ#~R&tV?zkMq*Xn81+RlFO&MFT4YgAuLOn=(uY&T zViYLQ)!5+seB|kfq#k5u%Qn~zeT*q%>&v=3?T`2q@cPZ3qr3mT6GBlU@|FPU$S_te zJ!X>CrtqZE;$i=ELr=}5=gof=K<<#FPNe4QIIIo5)zcYe1W^gN;+6CWQIp~ zH0kOKd2>SxQ^5O`IIiI00{18}twGNgYNE_&`D`pPs6(+2+8&eLi)T`NqEI>CUCX+7 z3Q2V*vxp&?i1MFS^uO^g?GKZ4e;l4C9A0cotQ^-<%h%OQcW(*HkP!we8)1~G#wxSH zHjq5Nhyb#wUf$aik$lS~uZmE~fHwMFmz%`gZg!ibm5fW;vueebRCJEi%^MmTo02Zr zv${Q_7@fEJG5aSJ13z%I%S>lUoLF!Jk&MU<0yfMFFv>}j!`=5d2%`I0@O;czb-3;M2w40TGnZ)){lQRBoRqO zt61hV>BSNC+D98Rj^(wUu!(z^);QCYr6@;7p4O|TuJHAM>^m47{;nYQ_jSv283w$k zXt~UhD$vVj5;0D#2HGD|dEeD0Wg_64XAXfY416!{7XvhyOa>uwq>&Nuh-I=>QQB|@>3B!6A_a8%pRyB*D;H}vV zUF~|CCJ4(_Qc%L|(ims;TDY~RHfsN*-|2M;VasJv!z4s}O%qma|9VO?{uE06Ff$+q z`9?`X4G{gqT`mX2+OuZpw@$eoXU|^gPL%=I+(R|5H6E;)g8h{s!Pc82g{m0n5#9~9 z#inDw3dh!wMDws;gC1Qc1WvB#%iPS9-_xo%{vvMuRKmw*elrJBVCSXIxe~$a5kjZ(@wNxw1^$kVKhbv@BPw_(Cpgy zbXdz%qFP44qt}!xIl2!`hh;Xh5GQ!J(80&=SR2mv&$KA;Z{1>Pw+dD;_SaZVyC|P- z^xp2I)gOBh^Lg4y$B##_FvM_`rCh94n$Fq%&ej35c7CbN3D(R|XPW5IzS7>jy$6=) zhvP{_`E_~G$avbDgLV1rTi3=|vQ}nFl@UFvvcb;{@aNxA-h4v!oOduUjhWZU{PhW+ z!CmhhzaK2UEGd`QpP^%7k=8Q>ZcClFkwS!bovo!4v$CRR_b?~h-+>NRU-*XTUqs>4 zbY09vsqhjm_*$z2;nMJ7e${p~bivSd;=YCUcOF?B|8=cijanS=&k$hWFTW>qzHpu^ zT?vv_N>{H@!yTK?5mA)ALTVZvI8rzKdN*;B&eRmR!2e1%qxk9ZCg~TP3s%PDk@UeQ zyP2G7VG5G&6V$H_OYFoqurH$e+pyM`6csprGcq;PQ3kBB%%P2=hsk}FI#F;eN-q7p zBuLx%54DSV9EW}BY$gJqZ1IidvBQEUK?;Kuy>p;X?%vU_jvxCH#a>hl87Kon%}HiD zY78Ig@gAlslOaH(&k^slSiaqo61fIk33_D77nv-C>pZV_w7VM_8K!n+q&CwRu$dA% zQllM;3G$(~Y=ufmRf;{5}_RApu~eR+i6ls9*?2I#jK*+eH^c zZaN-W*j)HAp|MVzH#Lxe;(cLIdo8sTf7cgA-As&UYswsqh%bIE8Nspyai83_Q*nN9 z+6lB4&Jt5*Q}jD~8?HMuum@sgaVjnyfVv9qqN{%tb@6Tc+_;P7hcWFW_VV*FtLiLM zw>i-VF|;zWbqR%`;g)AAc&N2%V8*cK^lTQb?*=bK$yj9Sn!5K*0H}1cr?Ud-Q0^AatwdT5lsM5|vGloacCaLy`>~RE0(Fz%kOOM>io=JQ%bh zWGI!AUA>rBP583g%v5bPYVxNx+ehiimDj4D;Cu_J@1zsV70eI2ClE4Bfhhu4xnI{0 zIOQELr~C}s2~5T# zdK%}Ya%mE)e0V@#s_2!!gM&ttoq*@3f?wJTtk)-tsqgMq`}7>!B^Dxq>5fi+uiO8v zSh>pXC2YK{z+<{MGw|HJtM@DVWGu~q$@{7AjDD?^oXW8b{PU)c;Pu>8SnvUvL{78i z?N_{_&n}^dVbE9t@qybD46{IvybfzSbf$j7w7NclHeBC!VpUoF61B4f;-9if!0~m; zt=Hs=P-nt=wt(^*HnI2i7E~a1?`6TZr1Y`$2ga^i_EGBFVaA-}O#G`OYsg}4y+cy$ z*G(HofxoW7{oB9G$+<5V-%+@WDVm(m5uBxysZ$qgeWqyqI`4)>tSR+{A*Fa0^g$t+ z-PMg;(UAPLITBj*-xf3{o3mEKF`arNIIh9>qb54(C^;cLTdE;Xt9Rcd%KOAM;Q5ad z5t#S_c`4(w8P%jx+W0^LUior6(38xeZ@5B1r^N<8c{R)?CZ_}75tHHyVY68oq(345 z_a&nLTa#p!J#}0VdTZy{-ojiJ`$JkAu|3hb#(+gWcoZ2m=J2rpA)VJ=p>AT$YNinz zCOcJHhuk^qp6PlfK`N0~jKc2y#u6#Y;qNp-`_`FOQ%fQ@vcZ`#e*K~a_CGya!slap znMjEia|L|f1uEFjOUf(+b-Ma?oF)?npJdbD|E1u#w~8l@_N*{yamVc( z?O!}BgA#3pQYlEwoKM@x`FDfxM9vCjUa)YO7lNDhd|;MGlHzjR2nwQW z7I_I#3-p!EUrSAOM)-_3gOqV%6!IoJV!13n*(!dpx!8~L^r{JzY-GESSHW|{d`Cc^ zMG&sbmGgsYF)r|`eRJ3TKLZN??|>ee?{;ncu9??eb zn`W>iCoJ}Yj5p~Aqz#KM*hMI0<}TH41Y`Va%BfbSu@>EA7&Tn z)_C!%T$jX79uC%6Bks@!C>C##mao+($4a{!gGzzJ`mSN^>#EN0ewQq(72iUJb zv?c$w)vo>T7wXW6>ubyN9nW#=@igD=dCD- z?gs8~ay24mQw5^i?=46n*ddyOFij6zCr1+7E-l&fk7(ehC%s4brK9{`w;qM*m*` z;}!})&Gj4M`IECCX>+FX`)@&wfAtX|Q+u725-!dtH_xxM-sTC~TK{f0efkSb%W_*s zR}b}p$oLHMP>>A~7Up=hHEeemgb9AJsJkxD@rBxdGhQ6ivM!Ngw?-phHaR)1lMnD< zW;Bd@u8vr|eXuV8<)PHXUL?Bu>isFt9a0>L+I!uLG(l z)^qhA!jN$B-V5{>g76ocPh}b%*1KEkEc?BU6=}JAI&6fYYMc06c*(eZoeV|V-PX{z zb7pAk%ZrFInkb%rU!@{G6J}TJ@4=`Sr+#VOTay5A59NrgJIUYOAr{&o%tV0l_@bGE za6FMwFNSvfi&cIfA`mD+{lrs;$dEd2!6lslyq?2pv|plzz5Jq_B`p4#Bt@a~j|NrV zXMNMq{JjLQwEEsT;@x8ZEhTThC)vEr8?@Ohcw4W)IC4ZduBW+R~}Q(QKkm z-dyJRO*YEaVFZx|x+s~$YS8^nP*ENjAxND^r;-bS5q{pGh~_zzUfyMXCA;Y<#g~5( zTd@&$ipWAa06otB{)$79J(yL;p4X48%0hzTLnTg^Rz}tU^1d++WwU?Esn;s2{k0B~ znt+QPubvagU!m(Q#(QII9#Hd&UN(ne7#sd$B5FK-1p~-4HvE~(2Mo`oTTP5WUHEkDO9&m8NEX!b zq~xNK#GZP~{(&*i8=1oTZ8&ADsG{ zaKXo9s?~3wQ;`~orfUs3u8nhew@EpQn$w3KxhzkeD0@sA+e^b$&POLO4;HtO_S;KWZmYS(QXX6Dh2;~~L`HRGu8MnC z1atbipImeqrCIP-Jx6`~HJjdKetQa>?AX^n=MRO8iG2eU<7T}~jqcllqOqV%5;})i z{MZE$v>q(@y$gai@&d#ev0g4Ed zb`<-WnF8+dCwjcre>*IQ?%imWX|`!CW2Mk*B4sp-I$o}mi)SBsSg7ZUtNiM?!-@Gl z+iZI6#`;tN0PpQI#ENdE`HmoCrqT2}%MErs5;{g(ed9R5=$)0)_~xPbA&yPM;YfKJ`Q<~D%F_Lb5Kg5| zv~hyrP6Z$B)fU94_Dkr^!zj9{D7nOD>&4;NwYL*V8Qvs**N3r8H*~poR26L^1FkCb z9|@v%fQRbMg#b}bwHNMF(Wnm_EMNETt{!e*EQ_@%zuSdl*Hy5ii@rc>!}yO9Vb1HR ztSSfOV=TPmG5b%NbvtMH@4Mp)_d^8YFzN${*OKzISQl#?#^r71O8fGuz%~{*34_t| zcA!`?LHbv+!V0^)`_zj>CL?j71-8mKkoP@Ifc?+d`+L8@#ZU>X>y{dPdvN$!yHt(q zD8c=ZnX*s?AkFTW3YVB~P z4F?ikm8b%3_8eEqqy@k2(JujSU(5tw>WKxj@x$jV9~Nf4TpuMO8v-M=WjuH0I?r^U zcdVb+QM3Z;e%Rxy7q4A8hHVQAr8V0L=&7B@ z>;~lN-CUl$a8>HNEKQ&OV|nzi;`;b`{DEp%K)Db78}Cry^7q}hT`p-xw96IKT=uM& z+i7%l)7(zi6Fjn7DSTqET*%dA1(Lrzfr^?n(D$tQ7p908oi{5+k?O#A}B zJ_l}QLMb=JcZ_uXdFZg1M4TpCTjyJsfHCv}>)=ts{=;NiB0*+6p%k>S?F+dCue}Fn zl)x*dNZupy6KEge-z8KxSTDyS9^(C2o0|`_fFvtGg^#8)=-e+RUs&i>JUdf3WY>*O z6^?Dxa{Oz5F+L&Rjd!PDy3+6^Pcn^F+?3S2}qPUD!*B^78Ge{N<98U)OOx zMuWgJe;|b~E7;jKCxH5K!sXh8(KwJ6qMVhdakW2J;viuuhv9vhkPwhYZqYIFW6M-0 zfLrRS_9ydyD1^_?*bg!wlkrvYh%rv{5$lBGg6?ad)dFg|9cN#ix=VOzk;ji4lQ~SV z8B)Y?Nwl~woNG-+lNR;-jn-?i>DJUT{L_7p zUN~QosKNj&DVh?3j6^*45p`F3Cavl3(z)re3d_Vc^WQ|7(@x!(ssiI&7g|mymD+IWtm) zAjn$G1_dpLiYf~E)*!7_kz;ZDIj>s?ITr*pS*+h6c(?k-uB6vU%SDAsq55Dvd^d(K zp{u++ON^4P8^$Ye!g%xOD{C|ar+jMA+iPCu?FV(I8rm-RXPYpI$9nK#LlCejM!2}R z!m6)dZQQ>kFranKihpSh>Ai`JvqE&4g3yY5mBMfD9x`rHEi-0Hcl#rm^S>Iq_HZWD zI9x|Ml4>#%V}>x-ql}i~xVN^k*3Bi7ShO{^PEr&{G|}>Cjok8Jbktl%a%oe|+!Myy zlervf8)B(XEq>Cf|=@Bi=e*Y|sW@B6&JH}-Du@HEX`WHo+3@0x{{PDUAB#9z+M z@2)-#_v9i*pgs+8uMsbiM{WUQFQ**r(lQXAIT2& zxX*2AA!U9ge-CJh08bPHCrDFz7s!VSnv#;*9~iES5}OP5H{_w}a=-L8ETI|3CyM;3 z{)d@|J#q~$oEsH2$UeC|BnVwJxc)I%-U`IUvhP&w_9{{N8)VAZ&|HtU?JQpBL;lk) zH^*D~nH>@ud?3;`kunW>-cGt2;Xjh#(n;D*u||#UQHqfij;S@tZB0hwHt5 z$g~V-WkqQQWzVU)y=P~u`*5Bv)RbbL+)?+zqlYKKm$Yd;8b?^RoI$&Ue&@M? z{>o|_c#53A)*gf^4SMk654<3$QFE)Gd^szw2IstpJj@`U+}NdMBSw`17@vIKzPx{+ zvx&+aiC)JsOG~Xia|-@AcL)9gIkfGP^`t5p*<<}M{BS|ypNF33!LpjSRkv@zWmFzV z=RDlH=(}K4lW8T5%E^chjP0xNQ!*EC*(vX`@qMyj?D$gl>^OUK-OxbB(Qf=X;%h=H z`fjswx;||dJlcc(_P3Fg$brmoDH*QlU*K-ju`~CsM|(nUxIHtNZ(6zaUUC_I5ONDI zD8IL1GGA0j9vgxa8%u2VT^cTu(Qq1Az!E!XBz_6@C~`P)nAk%d8&!X4q9~L2XwKkW z%yiisMaO{BmDYib%(w(oak{BeXA(B6YF-wr%hCs1lf2dtrOp7vqG|GV4 zW-`7ZIqtL4PV~6{*$KEA|DCY&AhKAc&1SsX*DA?lcN5?a+Oylvt-?%OYqBOq=IqqC z>Md0uQIc#XT_5_QIovLyiBj?#9jC5N((aAhq?i~@^`HPNI!>;La%a~_0c)b~7 z&ws=k;Nz!wwniq95E#!X+a6wsaWv=BjmC0_RM1VHE*!p)SI{hI-)H@rKEC^X%8fQc zDzBK9cpTKr?XSoxZgTd?qX~18Cg|9JoJ?(ThmIk~@Uls^!77+ub;+6uTlTZub;~wg zt6#2wJe=zF)6J&G!KO46V|NfViB+v&Borr3nMr?ejQnl}LY#J3GpXrnJ;IuJy!d>D zV6q-Ew^IHp>Dy@vh}t;Ts140*M?^ovq!fE?#RRE8cQ9i?!*rn{m zn5yM5j8(PFndLZBuiJIRk#;HA#}uTBH>&xD^H<%I6osOVd^1rY5)YX49bq1)yC$cG zTl8n6a5CBxL`onuM!dhOg|Nd3vNlc7$ugoW&Tt$$Iy(A1GrlXF3jc+ckh;jD$L!PZ zzA%fvOl;BDEJxQbSurrtDiBN4*ZF&{pfuWl-k3gx1tJ;QN$%d5C5~EWSx8}3-g=58 z?1y{Ym2`?coEp*r4xoAix%9g_Kadg70VJ#im+uvZ%BR2QjI8E19DEV>^BMn z)U4(fL8-(T5fX`Tqu=??bHC?)_qpdj-yhj~zwdtcev`F+>$iSuB~D*ggN^wTGaVfr zo906`L)w{2M|T2v`V{S|qs;Mub~@o}sG&+%Imm~l4Nf|%=%~=q)j(Me>=3S^PZw_;CqFw!J3l+x935SVkb}F6x4xH)r=PEoqGgCs zkdWd{387%xF-+pu=$4$!za7g+%m2CJAM20DR$=^ee{j>$@xIhlQ!x&*-k1%0#J7^e zh?DX<#oMm*oGmU@z*ecUQs|F>NM3|uQFJ<)k0_E@`c28$++aB3(uKMerD9bsRNK_# z{fvu{%VPqn=DG} zeLK{LzAZ{JN^=j1IV*4NTF~WkZWE90nSXeea`&u3Oy6y&nj=$8ZqF@NV2aa4uu$K- zgTz+L2G51AMBa-4z$E6kj1#lI2K@R`RdA*?*a)OGtf8*%y)wv;OpE;~ zftzOoQoMSz6rZ6wBV_ijUTML__EH8CtZBp_R zciB!2-%;dZLC8(%{3`X(vIpJXQki`N+NQxW;KB;g+Ky~hDPeEfnu($DsUCibrhN{9 z5L{qT&~D$wFv9j#YuAI{{Xk~TiQC3#%GJ4g~SxGd7Q6T8vkZii7<@+O8hJr|m)Q0Nw=hCmT!1{*hcZd!;yyW+5S_TYF3=XiV|^EMpdz2JF`8PG^=Olxw*Km%HmYpVs|iw z(A8AUD^0B>m6ctqaYqM=#;F#7!$OC1eW~KPsvmU3Z7t)7SS={QeIT8H)F&?v1TMgkE`A3x^d* zTHcM2>qAOc>fT>_yt3E_w@UaN+;EOLacyfBPN8~9KVRYCTD}9Iw1w2-=21Ho?Gq^; zhOY09b{I8q{ex#Wt==Y%|MWS;g;#w1&S`0k+p;GmB1r+WA!5yS&lzQ4)e8nDD}?a>mCZb&R~ zVy)s6xIYVXFOjljHo|YF=>=L9%=XOoylkz8r^!UO8-uu$a{pG3*nS zSre=oy5=53U3o&dPtWReAIgvWu!v_2wku|d8J*++V++^T);iO~O*yy@BogQXrOK9d z>YmW6$Bg@!OPU(@pp6#V5QlbkLyZ=MLU0B5j$%6gDFK{j$~&MX?4BjTZ^XQookYfb zk4ngM&1$jht(n;# zc?#*o-g*`xa(4><1k~$x0hi3&$ll!YW^x4PrH0j4nsFsZq~A8uFYUR#Th_w8MF*Z2Bz{9ey2QGH^0E14 z6D5VX4?|oo?~gonaxP!8$OCPE@PM(?v!N2!zt?-*x3+l76kQ^==^du3~1y z&P9n*jnu$v-xcoor+ciL&@!nUv;5}^elh!`1ke}QGi#1O;_*wxQ{mIy<0va2$23` zU;dDn`-sRc5JuKPM*pnj;_pnnSUw$bu|Y>k@Oi_bj!#H1MMMhpi`P6DJg1PktYEqy_+aW1EsGHxSesvIx}M+^84 zxz_D(a9mdtg5*HLe_Pt2#oTAp$^ui=$~dUiE=g6*#ndEchj_+;K-O6*w{U$*#D~wO z#w(%W9hh<69?NX#b~qVjuA%mVN~2CDKd_!!>C68YasE>{{l%=1V-=-iIHjityBHCZ zOC_khS!=I33-`EPisKQh9!A2It=?Ij4YogRaXH@^1TzCu_p=DuZL>aiK~Eb+rr z<30?8%%dFQ(Y@5ZaPZyd01I~}Lu3IFQPvNUY!s|ce7SOZB9$N$7Jwa-If@C5DO2~) z9u$L%euIGJ1`KRzsWo(ORJ;bfRL6=fh7yr1RnLsni9DoPXeg5`;Z`jYK9{yYC2T_i z?r36|Uas3j?g=85U!$o#4IQdd5zZjgw6ZqzAR#og3${@V$0EHR`@-^7vQt;c3g8Vt z2vHbK&jh4kmla{OuL0Q`eEgwMz{)3ExacB59Tz*q=?lsf-y1dJbNvV*6S$`cG&87` zUK{2OUN08a0@4n(tQ2gV1Sf`&8*6yxZ)d6hVeI2PckDUMtasJ$TrugdPv3#ika5DS zHVAcaDK`qF4JGL&*0~!Mwu522webGabFG=tTPRrM(Rym3+N-_P!G$$a>JTiLo(G%b zt;_9(0=ym7lM?0Ft1`l0xl0JyTmN`SrKDtKxlJf6)s=^@mKOJCl74N*afzIr%?C?M z%P%OPr|fO)ypV$8Ehe;mE7rNII>=b+6yIFUCi_T=Z~)0|r!~0Nx;GeJ4qdl_V-?im zGKPm~YMM{c?=+Q4wZ^e9Gq?Uj7_L$mxgLU0fa`f}l&Q{AVp_l*$x0odSgDuc^UZ{B z?YbY5Ih0WuH^5Bwya$CEP+g{jsi`;9GP>5W;~WC+4Z~mgXMbRei6ZI%O8FRN#(r<` z#sz|5&~lBM=J}q)yT^}x`t)g^(fZ_9y>L%3i|fAng&~z}D7Znn9GWAh!@vPvICVtY z{sHaI?cYO=7<{%#<%Y@zfRK%ukv zcC}^lrQ6vFUQlX}GO0=68D?j$fLEXE= z!zdB$$M=*;u#d{_p9d_r3TzDo+XB{D8p9~JbHnz`oqtPN{#sd0a|e+xPqM?C5}h&@GFi#z!8=1O&YZVx-p`q2|^Q{>yGHCjGkUn8&SNjlEG$$@2cDB7U>*uyP3ag6*tF@kEwKQ3VR=?f?Rc z*qn-1mgrgd7{DSmI|AH1BwwTwn!kSYs5Uw96xOO`Wk&tVgrwlzNe!AMi`x5{P)fCH zms^BU;7Sc}u(9?Gbyr9oMC}M>Eko>FBGx{!>Xd)HKcx%#B<4EdL*)lQr$R?ysfu z!x!(HmsEZE)NJC47ecqCN@3n?q5HV~yT%toUAp(_q2(Eq@}4^LaGTa>Bj=}=HsWq+ zbVcRH9(>8B`3oQYpE2{FqL}8lCtNi4`Q84@iG(4+M3Zv<7+v^wq&fZG=X-D1I&}s;Dt`AbDLc3O%tc7$s!rF`h<{NMj*=# zzr5vrs|)z7!9@?2(!i(-_6g8@(zcBPW9GU0dRVDzlZ0DE8F||CA|#p+?HSBPYcQ3= zmCK#m8iEVWT^?ccw)Bgmd}N90gt5s0+r|cS4?!(9&6X5V;SkkGz(WvqEO-Buabd6f z^LkB<9BiH!{iUpkbXp-4JdoyEm3f`;;cb~)!TID5w9q@mjuuNRDwak5J6RS)#uhn4 zO86_@dj#Yau>l8-oOvIeD@q_#n24p&lLv1QjK@oiUX(o0!7fqa3{?#8O9@lzJ-#Pr zWE5*0uyEgaBk5axnMz0j4__&4Z5h*SRvP(cU8YX;k)wF2xezsz@G!&ITwt17!g2=4 z4DnC11E)1cgsZPAYklUDVj`rTcI6`!lJNw8QvO~6sFmXGT1xFzY?FGT+b%Gup4(5U1v@W{vrZ++6UP1@!u z0#pJrC5imykZdozMO{cHuCn=*_q2sH@F7nYMY6eu z@waS0o1WD-#mDmxH0frj6=q7D$^;ir*6f|%4xpZk@aImn9)#4x`7 zErhY}p+Vh>nc3&GgFUKPrBw(cAZYQy%DuLSspaQw*6$^hDHg!eV8eZ}tzneCsM|A7 z6n8uvB@KOp8|GCREppK&g6&v|x%yEbKEQMB)6n~PvA8_lNo$DnY@+2$ZU zHg57awcZ_bx1z~8K^J+vqodw4+;23EIl&Xo?!T&eCT94?nt#pguLZ&`G$DEb+bo9H z$SC(q96xiVG+z%20S9y$J=L_pj26J>yqpgbj_-)jum^{b&2qMLFsn@MDe@uQK!dWL zH|?XyV~$SPR~I-og{CVe?%9IK?k4b@~sr&F_8(d6*CQr}y)$IFNdEXIwz|@(N)rQWK@p7 zc};-@LbPtih)j9npaMWe5!`~&VPlZsW9^{oDA<`k(ve??{SGP$``w<6KBoISL_*0DdsmliHGo{u`NGY%ae zVd7|6-FlRB~)`Ieu28XHDevq*-jRl zYcqMaccs^TB7p!8dPc`E%|UX%ut#IfG=_!|+(Jf;g4796rw;6tA^06!&)@&uO5jnJ za&Gp@BDSg>?8XGPMn|FBg4_9G#5RiDFNz!qmFvepNspGYiaGx$nbSu*DDz# zmJQz;Ba(t(d26Tm0;x+oD0JeUmubQF)QvnqNl9Y@VBOUOBp+;bPkr-Z4tU{Q8NVLjYaN(!e*xbqQsM z38KU7;H;~chE3MA4JyCgKI4!WYp;oIA#xl{+JswiTWR6qU%l#2zk^dPPsiEz`BKHI zOgesSR)w=T>nRD}nBXpam^kP>6S22Av~7Q+cphDxYjdf~^1~`P@O9NKrEosY8ta1zV6cao3eq#HGVM9 zbYE|8a#j{XT)X_Jf1PZzbMi&9?&A4?#oyO0Z4&zUur6E^2RVoPQc@qker~!xoD#U=l#+rj zkN;|OR7|X`-V$~C`A`izkm=zg6HJ;1xT?*N(tuD(HOFeOP Z=7zUp)2x6y>iDld%?G+_m8!Nc{tMUr-4*}< literal 0 HcmV?d00001 diff --git a/docs/img/setup-windows-linux-path.png b/docs/img/setup-windows-linux-path.png new file mode 100644 index 0000000000000000000000000000000000000000..0ed453d4cb2ebdbe9ccf920603eeedb38c64c692 GIT binary patch literal 3404 zcmV-S4YTrzP)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D0AFcTSaefvX>d(t zbYWy+bYTDh0001cB4cc6a8Pe)Zgg`ZI$L`pcp^G5EFyU#Ixu}Kdm?xuIx#shEFyU# zIxu}Kdm?xuIx#shEFyU#Ix;YQEPEn&B04ZEB6%V@GBABzeYJEYasU7fc1c7*RA@u( znh9`JMHrli%>bRAXzb*h+;T|HHwNNvBUt2U?Hhu4Hba}3e*BB zyNYW-0apyHhzO$5h+$b21tq}}!WN;H5M)9Qj>$EX%su;czn5#AB)C#mVdhu$=JnnE z`hETNzh5GYj*j-gkDoz^T)O-5GwARezn?*i-}nbLv!S^oUkVRCZh7OE&CGzZXaMLYf_<@UzQ_JqdsI>+nEihv12JT(H2s2srp9w^6 z$Iv-x7(&ley&>Bxei~u<*|?2$Mznmp2e!B=&I$4C zWw08pJgS=T5Y%M&a`H;BQ{jzIA%F~DW~zh3OmSTT0#;3c$KvAUe~JYjBi#y~LBMna zrn$;=5aTDmNsr^VOL#=R89<5ynSrb?Q?&=yiOl0^}MiFfwBVGt$F+FZ-22}A% zYWpbcTbz)un+63L39H*pBotXxcC=_z-ngsE$Z+>bSGknRu)(?gJyppJ1~LnJy8^X%tAw5TD6R3yRH)P7g%_-ERuH z2)-kRkEivU&GefJP0mWh-cHWRQis+HHE5#Ca;1&usUKYn{p~T7cNwiT79lJF@dHUE zMHSi(mZI^JjYqZPXCjgepE&|Hhq9yth@F#-$PwWXDA8%P!NEKuA)89DfBbyt(5r^J72{RgT=r2oAuxhJM!)Nq$mpOWlI*Fi>uvb{j{Hk}e*vYzU7 z(L(8zS1cMFf#V=2xb4NPKI*NH3|3kY8OOJ$H^a&yvYp}b7bS+(* z=1XaWGP4x1`KJ;4bfA46zxRhV&RiRQUgSOI1X;3|$M3ZBJZD(J8RcVRDRr0%*C$^*j#P8vwUF-c{oJ71)|aaEr{2T443IgW|v2oVh#X(mYCLq>I7 zWm57D&}W-nu>lJbr; z1e3>X*s>m1XzJzKG%g<$>*aPb@^uF1U zhXwQen~L=Md=eIp0Co>bf&SSIFg$x-FZbHlI6EnQ>7S_Nc>?tJFGKN~i9FpGH*EZ# z+E&qn>W0!wpnG5<dC&n*ZoC0|?(|8mP9SJ#$-$OpP_#_;B#B|Cong!uq@vD&Y7|DV!>${|d zv+8p=s8{ZhnMC^NAZ>RnLiJu-ihxg^flxF9Dte%PA(`u(z#Pxnj$!@Ia>Z$^+diHgO@d2!R??!FWRJ7Ok@AcW&9QD)#&^^koR}nE< zT=1^O8sN+~XyVfvgW(HG5xzkDf@7)J$qiLp&@s@@J%I3s*_WP99wf=N9sxShmgHIk zG!z#ilPR_mZT}TbTsv_yez)i_!dTyv=xkyvMKhOGF(hkFL;w8O2xoay*HT(P<4n%S zidPD;rSN{RV{h`D2T1*sl0JTbP6NL2GX6xUre{IZx#hC2ITTk-piV5+aJ*awyNUd7 z&@d( zlaA+dii{(jb{Qkp=NaVT%g*z#Dm@F>vIXsQAh$iT4IO`cgO|7wW_PMXzr@xkpUuA`C*D0ih!d(8h&BVZDZ?ANJtljy%fSfaaa0 zxPG0CRU3n#z*e;UuoDf3cLBCMG*?{X??R~!gZxqz6S@SGN@)n0JQY!KqVXdv1u+!Y zC5WG_?ECX@>DwAutTxDk!f_kxJCfDg1@oKvFj8Kdnfla(KudX{act-5XPlKAu%Tcb zzT)%Lgv!s}!QU3=;Hj52t#GU2z!cq}hofja{$@z#t2d@QB*#V!3W&9cSQAWR@R6h!);;ywS!=BFpK z5xig-B1x;aez^iyzZ=Lb1_%EC=N}YIfsnZnVM#XB7yVYf{?Es6{C);4UI$)3eg+S+ i#Kc6u=l3%R0saR@bMv2{LA>Dr0000kPsj!O$aT55J3o`mwXly(mbP zCWPLL2ZBfqO(2RM((!RO^UAy*`)!-u*&n;#Y^;fq9y>@71ONco^^pkEQ$2kucYwd0 zV#vJ9$*DTyYpMqaR1AUFPaP&_Eki8;pfaBI2*Z5pvv?t`eE|Rt+TU`f+q1|K005Qh zBeYOY9&TlM8lWr%yK*8)i-2=iz88YbH$*>_UsF(+5OYOO6^RNODyweXUCdJu9Go`h zHzZk;L(rqkc4iQKy={KHzWL#pnqVGj+N&c8$Ec| zN_F;&#$os+Z9)hWO`9?XMZYd_p>Zfy8f;;aTjQsOl9eMHH%490A@$08_&*TL3fAyL zzDQj-%Sy)N0saH;J<-@30gR57!3=XU<|G`WN91b4vUyrz*|?cQ!k9NsO2U_RSAUh^ zTFPu1xW)?%Y1y}eQTOa`pX@pC@bJvfw>`yrcqH$xtgiMSWZejm4ITX>heCmVZS-FH zjRUNH`ICl*Mo6E3RaMm+{DuWdKuLFE=UB;U;C&Zah*MNl{*#cPVAGOhfWE$d;^QEX z@Ni9|ERCppDc5?v<*loj@OXTxnrC(hnPIl%*+dAH{h)_Nr`OGnk3+lPh8+i4J4c__ z_OC7}k)CM|whZI@>zzqaZLLMNudna&)Uprt_3I01X=znPVlP|#G?n+)zDX6_S&KcM zZ#x(0X>Bbq<5A~k*XUoqX}5bXwc7wbI_WvrLhdA9>OYJbeW?e9LbV^>@LnWb_sIlrccS3*Ln;p$C4~SzH!t zYia^Fm<+$^#fv~7khV`N7ktFR&x&)7D-C5{hi=fHpC&pZnOPle>$p$5YX=3r+r6&5 zzutV2eiN!oy5r+hRi+twz*A_Pll&MBE6Pq!m$vm;?1-(BkDP_FxX#pjpXqLgVV1GV zR1wWES(;XQ#L4CE+>2yMNR+dRii#-;6`&4Y+uVFk$&%b)d~UptMjza5o1*p_Q!*r* zvZRc&t)?HK(R8Jn)Pa$j)#04dblxvd55`PHOD$g~6WN4)R|XQlZksz`qSYWQWJFE) zuduX2n|d#;Xzl8t!>3>(LFby+uanU0R2Ngztaj;JS9{BQB=o&DCdw)9ZCpL5!3d$>}10X)!xCUmRgi_Nwp~A*4CD3LUpkg z9yGbh1cK^+IPrmVDK4A!r^u(^(M%I%)=T3?138*=VhoeqZAxRgRVBQJjSDNw#y#fL zQwkp7FvO+L@FcGfa{8!(T6;bNxe_>NSJ-a((2*mLa=jDQT;4`9=4#!APM3LQ+(<9i zwx8;=_YKp)zZTZt-@mM@pIdqH`S@Vwbu-;DvxRh=JU6lx!)OmZV zf&q^`wV7Gn4IK7AM+%fXS=YYVn^}ruqan`bY#pb>reUq?AB43+X|TjLJ?v>%WN7r? zNB!T*|Ff)a>j}kp=RzUpo8x$zV(>*4(U|tmMXYcv_qOuwES)YGXO~#D$b#eF{fHwE zyGSMy(HJon&uG}+bDa+NW>Z78ApF(c*HSLp5{j7-s|LJwW%O*@*&H3sGpThpTFT>OBW$OKZNYOSWVl{%gS~~vG;_Y5F!x}(&Kj9p%i=K zyGMB8Mpu`T?VVc}6ct&`g+ErAAVk;)*9?R=wpedSIt0}TshQU>l8fso`FjXpLM$7` zEn0ao?Zb0UNkNZgt=)!=Xh8n>V~1BHAt9Z$D?{ka#TNoHE{juAA4g(^R~12WJGw?| z=d%ve^n2@w%t#v?NHYphHu*M@+6h7S&ON(dMb8i#YyNsIU!SpxHbKn?h>Fm7F}--_ zsK%p89=n(cIlJVSS8DijTqm!y@}wcKD?~oEq(XYJYt$a9etb|VC90@uyBNeGt`sZNcY9B8l%k^m(qioIkPgqD@Hy87Fa`NPK*0&U}m6+A{b*L(tAa3%>7qtN!r zD*|v_1CDf`(EfcZewceGzamW=y)AMu8WcW({WL#bx%aZ-VUBc&u%`97%vtWPSL56o62rzwe(_l^W#1~FRKSy&HOtQ5 zzedqa+cNC9+R3eIlD6R~5CrS=i)JGa?dXX1e3xhDDlT;01nFnbgfw$dIBK%q4Lk_1l~cQ$w2%Q`O*;FvfHdg>jqq2d_^!9~eump3 z%j&;nce=1y;+hLfR2|jTORb_~W{-%O*PIolks<6mi*~&i#OvR7H5)hrjj=)a0FBNL zVLzsuenN3tPqN-e_&~pQMf3%3%Cs!2tQZ2rGa!$aJuIoYljiiqcm&Q>y3=7j6CU#= zecL+c{Dogj;WC&jPd<-+cY}gOM)pgTE>U(=4ucbRnJJ}$9OmCHnHkkOaDp6>MPK|G z4Wnt4_&l(K^Jv6DFML#yvPZC&7pYqb5;v0cAzZD-{e>^i8yH622Nph%8Qc_fIwLK% zP5mBmeN{nA^y&)S$R^7T3KG_(@`gzaB{rR4b#}DG$!3K}p1?Mw5rLyt;Dj#2~(=C2E7epa}{$6!& zx!mp2^O#p^2uB$ZHX4(0YFro00QL{DTM>Q^5m!q(UqUL8=uYdFPx#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D5B^C+K~#8N?VJy6 z71f@{zqh4-xYsU4pe?lgDY30mP^t;VR}6mwsI(?aFlpQxlA;0K;O+`M{6kUqDgMDC z??vAOyN2=_h+&oBQ@RO+ycTWUh-->MU)WY{i(a1sO4)kb!fnf*@40hsr?+!^|FnhM zaz4pq=A4;1bLO1y`JLaKIWxADl$5K8U?xnMfM0+8)d*=cK$Nl8XhsZLw3-ozbPohZ zF!Ipu!Ht8>W;3=1CMuEztGThD7X2+|w0oc#5tzlRMXMQ6P`I|_&G@stzVXpQXakBi zH#Zlz-F6$Iqoa|QmWIibC!?dI12bmKkODq)<_x;KyJdW0Vxo+@`|i7O>#euSb2wxb z7Z)dmJ5cNKhZgOPft6s*aecOzEnBAhUroeu`SNA7wzlGzUw-il*1HxKQ;Sv;am2>P z%7<{5%Y};EC?f7bEI&UV6%`e7J(O(TycxT8?ZVWlQ;nFRgK2Ny zzTF6Et`+^>h_P~?efC*Qnl#CX0nVR4kC$J58Q*>Poe?woVdGi3awXn;^G!J+NU?hL zYRsNJTMCxT#EBE-dZ=MzxNzY@*o}huT)K3r%=<03+|sB1cyEP;g*b5F04gghW!xQi z+<_;actTEq;uKS}1~@Tl$BrE`Ep@Mf^2Ouk&6_8;&F8E0f-SR*j11J**9U$h#zEck z@^U=*;Dd5$Yiq+p4?Se;)kHcpJa^r7mlWl(W5*B^6VqqzGbb@|MqYMywh;q48H%q= z&z(Cb1>4lrrqG1ddZi_*Ff zUTpdDMLuQ96xmXJTPZCQnK^T&oWi(o-#&Ss*|HI~ z`ctP)$!U=+^l!iYwomKib(jYEbq%I_&pr3Z{U=VG2-}(| z%z63n!w;pKLm1DpQ(-GBP0VFswsMT;xh%h;q9VU(`LcNNV)^c#X|ay@I+Q|H@I02M zx;~+RIZ5TmAAgiai`Gr?-h1yETfxCPFxLaq%FN7^a|syF8Gj2GF7#UYPzmVMQk0x( z$N~$NS+i#0@ZrOj=dm|o1%}ebsrQlt*uqP2ZN<(DVXBo zV!Z$U`_fuafU1QD11mtaA{GP-M`e(eq0(aJX+_xrePL_obyuf4}V7f`P~JctT6Wu-OWQiurzc&&;Q}+Z~8t%OV_@4+Ya^x-2^`>-+D&_s-%9hk!mUMMF~_E}Rt3^sHd!*)0YGt%ZW; z@Z7<|dt(I-CFXpFLMUZ15Ht=n5@uB6q+iO0&ph(pX^oX3Ahd=Gik0=D^}Y}v9UY*)aFfbIdU5?jPzy3nD97Rmfzz-`72C8|;QK7go7_Xqt%vz5EnST#h( zvCF^n&O4=RM9WLKW_bGa>3!S@GZZg-&R}~Fg>vEO>R6>a7y^oxUB<^Bf9&-=S()?; z)zc_P6_S#Y zCE6oLj!5xv-^Ps_@x>Qk$oOEO515ma*9W61n}oG)6mnutWrO)&pmMxp=Z z6$Tun=Mb9}98~9ARn6d_g{5Hm){LT6!j;<-CQP{MJIOYZ7&mU56iKAOL2kaQXPN!< z(@#dMhvejBxxcx&89hBcMy$pkz7~|2#p%2DZd0^!D?*7h(Gn$G3R4MJ3AUxBMGH1a zln8yX5^SIK#EBENXv2U4oi=TnSD*}^J$qIQHUt8RmRJebmYJCu(e6Pc!vf?CH?C=M zbvX_WB}`%#sd-IoXhJ1kW{sd0?RDjye>65U#IJ~_z4%o>r3w`rTh`de zTt$1Ab%L5fQ0Dm>H)Im0W7ZVlhrhL;)rcBC5;1)`(9$yaEBO;;AZ*jNoes^s#$LfQ z^RA%%%uV=1c;E18{PFe*VeV{C+ub z^xrn%oga+IYm9B$%YO@Av_i03gkaHR$2O;a13cvHzR%bQfPEo;`}<II{@o);`=8hG+ihmSl6E+c{}E5Va10%} zkKn0%|F4saOAq4ULC;cJY(xfN?z#ssv*j;%{q?_~W#$7|H`mw^fN-wm3&pD3i6~3I z;vX(!?JYt8UfkH6D=Pn6J6;N8VH={+l+cadyt%P>oLI&8AkPya=oVdC6zUtq4dr$s z^HMxk9ZQf)l{milxCkdxG&GU_Yl(g38Z395z*}YYXwN9Z+M*0&kHEeNYu7G9)nY~}u-`!)(HK9a6R&3U7;(|K;0BTsd*JXrw%;-am%6SZEyW0@bRkQe-)!r_ z5*3%#gPFgM!CqSz(#G1*_+za1{Jmc~@Tsw_m;TFrx#{@f^KyJGwjFUdA?tysvGv~Z zusL$^#H)`WH#rV*VqeDxwP?I)CYH?hO=AI;WZ7`?gT0>cr`u57JQK6m_#W4HS+Maw zB-QW7-n0$ay?X=F_U=c0(tX&t!1{R4656$b#oBCk#bEn?$Km4S4!j~QZZyij7>oLZ zPP{V99iVl^pz4w^LX(ZZrHm6U^QBlEGR5WDd*HepEw((z=FD*gZs`Waxos%TGy-9e zIkyc5mwFa&I=&Xu6wVXJSIq51$wK42h3%f6fX7Vh0TSFYz9iW#k10u(rwM$+LqQ(0 zQ{8B7@OYB#^<~)fTrCodOR;OmlbCyc5B}w)qs9nAC7PW{NcH?}(?li`9p~VzHG+bM zRu_^|2k752*5l!9Co11MDXPpN|9cUGlX$DriR_2h3x~xYVO%Q+{P*>~!tEM^vd`=| zDTKRY_Q1leZI6OuoTr;F9^Zp=?J=IXI5q%}yU_4=&m(W`N#Pcp1q#f97%pPEu^5Ic zaw-~0(}HU(j)|hNouT^@k2>Mntfbf*93tPM_}XG*dN1{z@HI@h(eDpajWuXE=Ri`D z8_hK*hT*};j{Jv(@@x0tkWb?6hxVWr^YHKhzVmP}u!BnBel`X%Q#;}L@1d}`Lb!E~ zD_Gb2&*lEmuZ_7X+L;@v@gCo`*VpyR+P?jeiU0-{?67|(Pv2jlmvJ2M<+b8T}{&L~LG@z>Y4^9RR zXmts_uy@A3>g{;+@tru4k&mYe)6sC?ZQ*(PQj02a&p9iNyUi=X zVqr<^t*l7i2HZR8H1?HSf2HBUiSm7?G3nk77CmGL*9rmK^jH74|H}m_*iJb9ZpSlU zhb~x&5JknDZZw=S`FqC0OPxiWqUo&a{)On4x?%qH8TZwXZ$tJ)KQ4k#TI|+WD|dkT zx%Dc}p$F+klsO-43#C4;w>a%$HAhu5Q94ei@;odyTw1h{=dzQaetUGo~AjQu3wA%+%z~$PiOAdX4LF^4P~{1e~oKT%|Lo$uz#bxg4U)+c-zk~ zVl7(D^&u3|nvmkMx1*`idCgy|UJnL-5YvnZ+MSK4zd-~`v}iRW4lP>Eh{N{RzgBCX zb`%pEI}GD)*BRTzi~pxZJBqQ}P2<#~0^t7vEY|55QM3$X00000NkvXXu0mjfiBL`} literal 0 HcmV?d00001 diff --git a/docs/setup-windows.md b/docs/setup-windows.md index 635cf90e2..4378c1c02 100644 --- a/docs/setup-windows.md +++ b/docs/setup-windows.md @@ -1,34 +1,78 @@ # Setup - Windows -See below for how to set up your development environment in Windows. +See below for how to set up your development environment in Windows. You'll be installing Windows Subsystem for Linux (WSL 2), Docker, and the WSL extension for Visual Studio Code. This allows you to run a Linux environment directly on Windows and enables full use of Docker for running the app. -* Requires: *Some Linux command line knowledge* +* Requires: *Some Linux command line familiarity* * Takes: *A few hours depending on your machine and network connection (more if you hit errors). Requires multiple reboots.* -## Prerequisites +These steps are for an install on a Windows machine. Mac instructions are [here](./setup-mac.md). -1. [Install Windows Subsystem for Linux](https://github.com/usdigitalresponse/usdr-gost/wiki/How-to-create-an-Ubuntu-instance-in-Windows-Subsystem-for-Linux) +## Install -1. Install Docker Desktop for Windows - * See instructions [here](https://docs.docker.com/desktop/install/windows-install/) - * *Might want to read the system requirements* - * Take defaults - * Run Docker Desktop and accept license. - * Let it start. - * Verify in (restarted) Ubuntu terminal: +1. Follow these instructions to [install Windows Subsystem for Linux](https://github.com/usdigitalresponse/usdr-gost/wiki/How-to-create-an-Ubuntu-instance-in-Windows-Subsystem-for-Linux). - ```sh - $ docker --version - Docker version 20.10.17, build 100c701 - ``` +2. [Install Docker Desktop for Windows](https://docs.docker.com/desktop/install/windows-install/) - note system requirements + * Take defaults. + * Run Docker Desktop and accept license. + * Let it start. You can continue without signing in. + * Restart Ubuntu terminal and verify the Docker installation: -1. Install (and run) Visual Studio Code - * Instructions [here](https://code.visualstudio.com/docs/remote/wsl) + ```sh + $ docker --version + ``` -1. Run `git clone` as described in [platform-independent steps](https://github.com/usdigitalresponse/usdr-gost/wiki/Platform-independent-install-instructions). + You should see a version and build as the output. + +3. Install [Visual Studio Code](https://code.visualstudio.com/) if needed. + +## Set up WSL with VS Code and Docker +### VS Code +1. In VS Code, install the [WSL extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-wsl) from Marketplace. This allows you to run VS Code in the WSL environment just as you would in Windows. + +2. Start typing into the search bar/command palette: `> WSL: Connect to WSL`. Select the command that comes up: + +![WSL: Connect to WSL option highlighted in VS Code](./img/setup-windows-wsl-connect.png) + +3. After that runs, VS Code will reopen in Ubuntu, as indicated by the status bar: + +![VS Code status bar showing that it's running in Ubuntu](./img/setup-windows-wsl-running.png) + +VS Code will remember this setting. If you want to exit WSL, go to the search bar and type `Close Remote Connection`. + +### Docker +To enable WSL integration with Docker: +- Go to Settings (in the header) > Resources > WSL Integration +- Check off "Enable integration with my default WSL distro" and toggle on "Ubuntu" (it should be there if you have it installed - try the Refresh button if it isn't) +- Apply & restart + ![Resources - WSL integration settings](./img/setup-windows-docker-integration.png) + +## Clone the repository +1. Now you'll create a folder in the Linux (Ubuntu) file system to clone the `usdr-gost` repo in. You should see the Ubuntu file system represented in your file explorer. + +- Navigate to `\\wsl.localhost\Ubuntu\home\`. + +Example: + +![Linux folders expanded in Windows file explorer](./img/setup-windows-linux-files.png) + +- Within this folder, create a folder called `sources`. This is where you'll clone the repo. + +> Note: If you've already cloned the repo in Windows, you can just move it to this `sources` folder. + +2. Open the sources folder in VS Code and open up a Terminal. You should now be in `@:~/sources` + +Example: + +![Directory is the newly created 'sources' folder](./img/setup-windows-linux-path.png) + +3. Clone the repo to `sources`: +- `git clone https://github.com/usdigitalresponse/usdr-gost.git` + +4. Get your Docker containers set up with the [Docker instructions](../docker/README.md). You can also run the rest of the [platform-independent steps](https://github.com/usdigitalresponse/usdr-gost/wiki/Platform-independent-install-instructions), which refer to the Docker instructions. -1. Run the rest of the steps in [platform-independent steps](https://github.com/usdigitalresponse/usdr-gost/wiki/Platform-independent-install-instructions). ## Notes * After rebooting, you might have to run the Docker Desktop to start the Docker daemon (or add it to your startup as described [here](https://support.microsoft.com/en-us/windows/add-an-app-to-run-automatically-at-startup-in-windows-10-150da165-dcd9-7230-517b-cf3c295d89dd)). + +* For further reference: [VS Code docs on developing in WSL](https://code.visualstudio.com/docs/remote/wsl) \ No newline at end of file From cf22801687f1039acfd72d7dc063dbcba2bdddcf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Dec 2023 10:40:45 -0600 Subject: [PATCH 12/19] chore(deps): bump @aws-sdk/client-s3 from 3.462.0 to 3.465.0 (#2314) Bumps [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3) from 3.462.0 to 3.465.0. - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.465.0/clients/client-s3) --- updated-dependencies: - dependency-name: "@aws-sdk/client-s3" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 469 +++++++----------------------------------------------- 1 file changed, 54 insertions(+), 415 deletions(-) diff --git a/yarn.lock b/yarn.lock index e97e365d3..35b4540da 100644 --- a/yarn.lock +++ b/yarn.lock @@ -267,34 +267,34 @@ tslib "^2.5.0" "@aws-sdk/client-s3@^3.312.0": - version "3.462.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-s3/-/client-s3-3.462.0.tgz#f58855040c38af6ad127066a0413b044d86eff90" - integrity sha512-nyBmsS45b5/YI926dtJp6OA8Fx7yItcdK8lqJq5bgfbskyEqycFCXzykog1AkIBETOeUn3Saztw7HCGZKRad0g== + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-s3/-/client-s3-3.465.0.tgz#7bad33ccfaa3d460247bbdb0e59c5ac7f4c3e2aa" + integrity sha512-S2W8aUs/SR7wabyKRldl5FKtAq2gsXo3BpbKjBvuCILwNl84ooQrsOmKtcVsINRdi+q/mZvwGenqqp/98+yjdg== dependencies: "@aws-crypto/sha1-browser" "3.0.0" "@aws-crypto/sha256-browser" "3.0.0" "@aws-crypto/sha256-js" "3.0.0" - "@aws-sdk/client-sts" "3.462.0" - "@aws-sdk/core" "3.451.0" - "@aws-sdk/credential-provider-node" "3.460.0" - "@aws-sdk/middleware-bucket-endpoint" "3.460.0" - "@aws-sdk/middleware-expect-continue" "3.460.0" - "@aws-sdk/middleware-flexible-checksums" "3.461.0" - "@aws-sdk/middleware-host-header" "3.460.0" - "@aws-sdk/middleware-location-constraint" "3.461.0" - "@aws-sdk/middleware-logger" "3.460.0" - "@aws-sdk/middleware-recursion-detection" "3.460.0" - "@aws-sdk/middleware-sdk-s3" "3.461.0" - "@aws-sdk/middleware-signing" "3.461.0" - "@aws-sdk/middleware-ssec" "3.460.0" - "@aws-sdk/middleware-user-agent" "3.460.0" - "@aws-sdk/region-config-resolver" "3.451.0" - "@aws-sdk/signature-v4-multi-region" "3.461.0" - "@aws-sdk/types" "3.460.0" - "@aws-sdk/util-endpoints" "3.460.0" - "@aws-sdk/util-user-agent-browser" "3.460.0" - "@aws-sdk/util-user-agent-node" "3.460.0" - "@aws-sdk/xml-builder" "3.310.0" + "@aws-sdk/client-sts" "3.465.0" + "@aws-sdk/core" "3.465.0" + "@aws-sdk/credential-provider-node" "3.465.0" + "@aws-sdk/middleware-bucket-endpoint" "3.465.0" + "@aws-sdk/middleware-expect-continue" "3.465.0" + "@aws-sdk/middleware-flexible-checksums" "3.465.0" + "@aws-sdk/middleware-host-header" "3.465.0" + "@aws-sdk/middleware-location-constraint" "3.465.0" + "@aws-sdk/middleware-logger" "3.465.0" + "@aws-sdk/middleware-recursion-detection" "3.465.0" + "@aws-sdk/middleware-sdk-s3" "3.465.0" + "@aws-sdk/middleware-signing" "3.465.0" + "@aws-sdk/middleware-ssec" "3.465.0" + "@aws-sdk/middleware-user-agent" "3.465.0" + "@aws-sdk/region-config-resolver" "3.465.0" + "@aws-sdk/signature-v4-multi-region" "3.465.0" + "@aws-sdk/types" "3.465.0" + "@aws-sdk/util-endpoints" "3.465.0" + "@aws-sdk/util-user-agent-browser" "3.465.0" + "@aws-sdk/util-user-agent-node" "3.465.0" + "@aws-sdk/xml-builder" "3.465.0" "@smithy/config-resolver" "^2.0.18" "@smithy/eventstream-serde-browser" "^2.0.13" "@smithy/eventstream-serde-config-resolver" "^2.0.13" @@ -423,48 +423,6 @@ "@smithy/util-utf8" "^2.0.2" tslib "^2.5.0" -"@aws-sdk/client-sso@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso/-/client-sso-3.460.0.tgz#3eeb38eebcecada1153399c598527d1f12c8f0b2" - integrity sha512-p5D9C8LKJs5yoBn5cCs2Wqzrp5YP5BYcP774bhGMFEu/LCIUyWzudwN3+/AObSiq8R8SSvBY2zQD4h+k3NjgTQ== - dependencies: - "@aws-crypto/sha256-browser" "3.0.0" - "@aws-crypto/sha256-js" "3.0.0" - "@aws-sdk/core" "3.451.0" - "@aws-sdk/middleware-host-header" "3.460.0" - "@aws-sdk/middleware-logger" "3.460.0" - "@aws-sdk/middleware-recursion-detection" "3.460.0" - "@aws-sdk/middleware-user-agent" "3.460.0" - "@aws-sdk/region-config-resolver" "3.451.0" - "@aws-sdk/types" "3.460.0" - "@aws-sdk/util-endpoints" "3.460.0" - "@aws-sdk/util-user-agent-browser" "3.460.0" - "@aws-sdk/util-user-agent-node" "3.460.0" - "@smithy/config-resolver" "^2.0.18" - "@smithy/fetch-http-handler" "^2.2.6" - "@smithy/hash-node" "^2.0.15" - "@smithy/invalid-dependency" "^2.0.13" - "@smithy/middleware-content-length" "^2.0.15" - "@smithy/middleware-endpoint" "^2.2.0" - "@smithy/middleware-retry" "^2.0.20" - "@smithy/middleware-serde" "^2.0.13" - "@smithy/middleware-stack" "^2.0.7" - "@smithy/node-config-provider" "^2.1.5" - "@smithy/node-http-handler" "^2.1.9" - "@smithy/protocol-http" "^3.0.9" - "@smithy/smithy-client" "^2.1.15" - "@smithy/types" "^2.5.0" - "@smithy/url-parser" "^2.0.13" - "@smithy/util-base64" "^2.0.1" - "@smithy/util-body-length-browser" "^2.0.0" - "@smithy/util-body-length-node" "^2.1.0" - "@smithy/util-defaults-mode-browser" "^2.0.19" - "@smithy/util-defaults-mode-node" "^2.0.25" - "@smithy/util-endpoints" "^1.0.4" - "@smithy/util-retry" "^2.0.6" - "@smithy/util-utf8" "^2.0.2" - tslib "^2.5.0" - "@aws-sdk/client-sso@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso/-/client-sso-3.465.0.tgz#a732c640767d8d82c3c73d798720d0a8d355184d" @@ -507,52 +465,6 @@ "@smithy/util-utf8" "^2.0.2" tslib "^2.5.0" -"@aws-sdk/client-sts@3.462.0": - version "3.462.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-sts/-/client-sts-3.462.0.tgz#7168e8c29e2c3b67aca64841a72acd041c409a65" - integrity sha512-oO6SVGB9kR0dwc4T/M3++TcioBVv26cEpxZGS4BcKMDxSjkCLqJ/jE37aCNNPGTlCAhnuOAwqGjFqYrsehsI1Q== - dependencies: - "@aws-crypto/sha256-browser" "3.0.0" - "@aws-crypto/sha256-js" "3.0.0" - "@aws-sdk/core" "3.451.0" - "@aws-sdk/credential-provider-node" "3.460.0" - "@aws-sdk/middleware-host-header" "3.460.0" - "@aws-sdk/middleware-logger" "3.460.0" - "@aws-sdk/middleware-recursion-detection" "3.460.0" - "@aws-sdk/middleware-sdk-sts" "3.461.0" - "@aws-sdk/middleware-signing" "3.461.0" - "@aws-sdk/middleware-user-agent" "3.460.0" - "@aws-sdk/region-config-resolver" "3.451.0" - "@aws-sdk/types" "3.460.0" - "@aws-sdk/util-endpoints" "3.460.0" - "@aws-sdk/util-user-agent-browser" "3.460.0" - "@aws-sdk/util-user-agent-node" "3.460.0" - "@smithy/config-resolver" "^2.0.18" - "@smithy/fetch-http-handler" "^2.2.6" - "@smithy/hash-node" "^2.0.15" - "@smithy/invalid-dependency" "^2.0.13" - "@smithy/middleware-content-length" "^2.0.15" - "@smithy/middleware-endpoint" "^2.2.0" - "@smithy/middleware-retry" "^2.0.20" - "@smithy/middleware-serde" "^2.0.13" - "@smithy/middleware-stack" "^2.0.7" - "@smithy/node-config-provider" "^2.1.5" - "@smithy/node-http-handler" "^2.1.9" - "@smithy/protocol-http" "^3.0.9" - "@smithy/smithy-client" "^2.1.15" - "@smithy/types" "^2.5.0" - "@smithy/url-parser" "^2.0.13" - "@smithy/util-base64" "^2.0.1" - "@smithy/util-body-length-browser" "^2.0.0" - "@smithy/util-body-length-node" "^2.1.0" - "@smithy/util-defaults-mode-browser" "^2.0.19" - "@smithy/util-defaults-mode-node" "^2.0.25" - "@smithy/util-endpoints" "^1.0.4" - "@smithy/util-retry" "^2.0.6" - "@smithy/util-utf8" "^2.0.2" - fast-xml-parser "4.2.5" - tslib "^2.5.0" - "@aws-sdk/client-sts@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/client-sts/-/client-sts-3.465.0.tgz#b356b90b0e31a82dc41995282245f74d023ea8b5" @@ -599,14 +511,6 @@ fast-xml-parser "4.2.5" tslib "^2.5.0" -"@aws-sdk/core@3.451.0": - version "3.451.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/core/-/core-3.451.0.tgz#ecd30da40d8e02050a772920485f450ea2a1b804" - integrity sha512-SamWW2zHEf1ZKe3j1w0Piauryl8BQIlej0TBS18A4ACzhjhWXhCs13bO1S88LvPR5mBFXok3XOT6zPOnKDFktw== - dependencies: - "@smithy/smithy-client" "^2.1.15" - tslib "^2.5.0" - "@aws-sdk/core@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/core/-/core-3.465.0.tgz#bfc9dd0fbd953f0839666e9b24c50c4543f49112" @@ -626,16 +530,6 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/credential-provider-env@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-env/-/credential-provider-env-3.460.0.tgz#9649ee6662df2f39027a1497bdb202b50332ef63" - integrity sha512-WWdaRJFuYRc2Ue9NKDy2NIf8pQRNx/QRVmrsk6EkIID8uWlQIOePk3SWTVV0TZIyPrbfSEaSnJRZoShphJ6PAg== - dependencies: - "@aws-sdk/types" "3.460.0" - "@smithy/property-provider" "^2.0.0" - "@smithy/types" "^2.5.0" - tslib "^2.5.0" - "@aws-sdk/credential-provider-env@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-env/-/credential-provider-env-3.465.0.tgz#9bb1c2086165872ad024786e5a48ccb31c5438da" @@ -661,22 +555,6 @@ "@smithy/util-stream" "^2.0.20" tslib "^2.5.0" -"@aws-sdk/credential-provider-ini@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.460.0.tgz#26432ba3cd18084130ea9397a39f1b30cf3893ff" - integrity sha512-1IEUmyaWzt2M3mONO8QyZtPy0f9ccaEjCo48ZQLgptWxUI+Ohga9gPK0mqu1kTJOjv4JJGACYHzLwEnnpltGlA== - dependencies: - "@aws-sdk/credential-provider-env" "3.460.0" - "@aws-sdk/credential-provider-process" "3.460.0" - "@aws-sdk/credential-provider-sso" "3.460.0" - "@aws-sdk/credential-provider-web-identity" "3.460.0" - "@aws-sdk/types" "3.460.0" - "@smithy/credential-provider-imds" "^2.0.0" - "@smithy/property-provider" "^2.0.0" - "@smithy/shared-ini-file-loader" "^2.0.6" - "@smithy/types" "^2.5.0" - tslib "^2.5.0" - "@aws-sdk/credential-provider-ini@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.465.0.tgz#d3c3596cc5ff5ebe372bbd62d7aac044cbf3e2e3" @@ -693,23 +571,6 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/credential-provider-node@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-node/-/credential-provider-node-3.460.0.tgz#8dff013f8e2a2e2837eaf7400ff42714de7dec4d" - integrity sha512-PbPo92WIgNlF6V4eWKehYGYjTqf0gU9vr09LeQUc3bTm1DJhJw1j+HU/3PfQ8LwTkBQePO7MbJ5A2n6ckMwfMg== - dependencies: - "@aws-sdk/credential-provider-env" "3.460.0" - "@aws-sdk/credential-provider-ini" "3.460.0" - "@aws-sdk/credential-provider-process" "3.460.0" - "@aws-sdk/credential-provider-sso" "3.460.0" - "@aws-sdk/credential-provider-web-identity" "3.460.0" - "@aws-sdk/types" "3.460.0" - "@smithy/credential-provider-imds" "^2.0.0" - "@smithy/property-provider" "^2.0.0" - "@smithy/shared-ini-file-loader" "^2.0.6" - "@smithy/types" "^2.5.0" - tslib "^2.5.0" - "@aws-sdk/credential-provider-node@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-node/-/credential-provider-node-3.465.0.tgz#b11cbc927aa17aacd0b7208cef5a88045c0bcf62" @@ -727,17 +588,6 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/credential-provider-process@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-process/-/credential-provider-process-3.460.0.tgz#3f56d03ed5a0c44d87455465701906bd115ebcd9" - integrity sha512-ng+0FMc4EaxLAwdttCwf2nzNf4AgcqAHZ8pKXUf8qF/KVkoyTt3UZKW7P2FJI01zxwP+V4yAwVt95PBUKGn4YQ== - dependencies: - "@aws-sdk/types" "3.460.0" - "@smithy/property-provider" "^2.0.0" - "@smithy/shared-ini-file-loader" "^2.0.6" - "@smithy/types" "^2.5.0" - tslib "^2.5.0" - "@aws-sdk/credential-provider-process@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-process/-/credential-provider-process-3.465.0.tgz#78134b19f7a02e7fb78afda16d7cae5b93ff324e" @@ -749,19 +599,6 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/credential-provider-sso@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.460.0.tgz#e44a768899d3fca30e0eaf2ed0c3c15e2cd2b5ac" - integrity sha512-KnrQieOw17+aHEzE3SwfxjeSQ5ZTe2HeAzxkaZF++GxhNul/PkVnLzjGpIuB9bn71T9a2oNfG3peDUA+m2l2kw== - dependencies: - "@aws-sdk/client-sso" "3.460.0" - "@aws-sdk/token-providers" "3.460.0" - "@aws-sdk/types" "3.460.0" - "@smithy/property-provider" "^2.0.0" - "@smithy/shared-ini-file-loader" "^2.0.6" - "@smithy/types" "^2.5.0" - tslib "^2.5.0" - "@aws-sdk/credential-provider-sso@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.465.0.tgz#622d03eb5c8a0d7a48ba12e849351c841eb48ca6" @@ -775,16 +612,6 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/credential-provider-web-identity@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.460.0.tgz#480ac1daa62e667672f5ecaa7dbefde808c191a2" - integrity sha512-7OeaZgC3HmJZGE0I0ZiKInUMF2LyA0IZiW85AYFnAZzAIfv1cXk/1UnDAoFIQhOZfnUBXivStagz892s480ryw== - dependencies: - "@aws-sdk/types" "3.460.0" - "@smithy/property-provider" "^2.0.0" - "@smithy/types" "^2.5.0" - tslib "^2.5.0" - "@aws-sdk/credential-provider-web-identity@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.465.0.tgz#9db18766eeb0c58a99f7fb5d4bd95f0cf9008d4d" @@ -817,53 +644,43 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/middleware-bucket-endpoint@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.460.0.tgz#1128147c266ea401a03f2d2e4e5f6a9559b5c428" - integrity sha512-AmrCDT/r+m7q3OogZ3UeWpVdllMeR4Wdo+3YEfefPfcZc6SilnP2uCBUHletxbw3tXhNt56bUMUzQ+SUhyuUmA== +"@aws-sdk/middleware-bucket-endpoint@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.465.0.tgz#215489d3cbdac037c3d5abaeabda173c3bc16b95" + integrity sha512-cyIR9Nwyie6giLypuLSUmZF3O5GqVRwia3Nq1B/6/Ho0LccH0/HT2x/nM8fFcnskWSNGTVZVvZzSrVYXynTtjA== dependencies: - "@aws-sdk/types" "3.460.0" - "@aws-sdk/util-arn-parser" "3.310.0" + "@aws-sdk/types" "3.465.0" + "@aws-sdk/util-arn-parser" "3.465.0" "@smithy/node-config-provider" "^2.1.5" "@smithy/protocol-http" "^3.0.9" "@smithy/types" "^2.5.0" "@smithy/util-config-provider" "^2.0.0" tslib "^2.5.0" -"@aws-sdk/middleware-expect-continue@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.460.0.tgz#a4f07167b3c19950ca21af4c7d7e220ae007c169" - integrity sha512-8VxMFTR+IszcMZLUZvxVCBOO1CUBmIWmDIQKd7w/U9xyMEXmBA0cx6ZEfMOIZF9NNh9OGCzTvwK+++8OTGBwAw== +"@aws-sdk/middleware-expect-continue@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.465.0.tgz#760aec6a19898972a4d97857ea2760bcd191c791" + integrity sha512-kthlPQDASsdtdVqKVKkJn9bHptcEpsQ6ptWeGBCYigicULvWI1fjSTeXrYczxNMVg+1Sv8xkb/bh+kUEu7mvZg== dependencies: - "@aws-sdk/types" "3.460.0" + "@aws-sdk/types" "3.465.0" "@smithy/protocol-http" "^3.0.9" "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/middleware-flexible-checksums@3.461.0": - version "3.461.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.461.0.tgz#a91e3414facf8c34b6b1130deb9d61b56be283d0" - integrity sha512-MNY7xMl2Qzoinj6Pos23TgD+WQtC9/G/VkNW/v8Ky5faRAt7bbS+ZEkkK3KcCrjnb8x4Bl/FzYNTCZRzRoQOtA== +"@aws-sdk/middleware-flexible-checksums@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.465.0.tgz#7b629873182bc107159665f0af5b6515161c8891" + integrity sha512-joWEWN0v1CpI4q9JlZki0AchVwLL8Les0+V+3JHVDcDgL4RQ04YUk9lMYbtldDwdyBNquKwW2+sGtIo/6ng0Tg== dependencies: "@aws-crypto/crc32" "3.0.0" "@aws-crypto/crc32c" "3.0.0" - "@aws-sdk/types" "3.460.0" + "@aws-sdk/types" "3.465.0" "@smithy/is-array-buffer" "^2.0.0" "@smithy/protocol-http" "^3.0.9" "@smithy/types" "^2.5.0" "@smithy/util-utf8" "^2.0.2" tslib "^2.5.0" -"@aws-sdk/middleware-host-header@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-host-header/-/middleware-host-header-3.460.0.tgz#ee198c7c03b44338b7f0190201c19e5436cc8ff8" - integrity sha512-qBeDyuJkEuHe87Xk6unvFO9Zg5j6zM8bQOOZITocTLfu9JN0u5V4GQ/yopvpv+nQHmC/MGr0G7p+kIXMrg/Q2A== - dependencies: - "@aws-sdk/types" "3.460.0" - "@smithy/protocol-http" "^3.0.9" - "@smithy/types" "^2.5.0" - tslib "^2.5.0" - "@aws-sdk/middleware-host-header@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-host-header/-/middleware-host-header-3.465.0.tgz#4f353f6ea063e1ba1df968f9f0126a53d746217d" @@ -874,21 +691,12 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/middleware-location-constraint@3.461.0": - version "3.461.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.461.0.tgz#e9f6d8d1f7a65d5807c7d092cabdc6fc443c3b91" - integrity sha512-dibimciNOV2kuhBBmHbS+29X559xNw4BdZviGzjGAQPkqPx+7Adgvp5BHqSDgh7FIJpgN2+QGbrubIQ+V1Bn4A== - dependencies: - "@aws-sdk/types" "3.460.0" - "@smithy/types" "^2.5.0" - tslib "^2.5.0" - -"@aws-sdk/middleware-logger@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-logger/-/middleware-logger-3.460.0.tgz#3353b146a158a197e2f520dd7f48c75076d06492" - integrity sha512-w2AJ6HOJ+Ggx9+VDKuWBHk5S0ZxYEo2EY2IFh0qtCQ1RDix/ur1QEzOOL5vNjHlZKPv/dseIwhgsTCac8UHXbQ== +"@aws-sdk/middleware-location-constraint@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.465.0.tgz#ce2f09d3257bd288990e567f406e74bbe08a5663" + integrity sha512-2+mwaI/ltE2ibr5poC+E9kJRfVIv7aHpAJkLu7uvESch9cpuFuGJu6fq0/gA82eKZ/gwpBj+AaXBsDFfsDWFsw== dependencies: - "@aws-sdk/types" "3.460.0" + "@aws-sdk/types" "3.465.0" "@smithy/types" "^2.5.0" tslib "^2.5.0" @@ -901,16 +709,6 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/middleware-recursion-detection@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.460.0.tgz#4583a78fb15d0b18046a582dd6e0d3f554ad2eb8" - integrity sha512-wmzm1/2NzpcCVCAsGqqiTBK+xNyLmQwTOq63rcW6eeq6gYOO0cyTZROOkVRrrsKWPBigrSFFHvDrEvonOMtKAg== - dependencies: - "@aws-sdk/types" "3.460.0" - "@smithy/protocol-http" "^3.0.9" - "@smithy/types" "^2.5.0" - tslib "^2.5.0" - "@aws-sdk/middleware-recursion-detection@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.465.0.tgz#d0cb1fd9c63dbe997406253b5e0ce402103d910f" @@ -921,21 +719,6 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/middleware-sdk-s3@3.461.0": - version "3.461.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.461.0.tgz#615cffecb02b03a5a41730b7b561967195ca7e48" - integrity sha512-sOFUBWROq0xQxNoXp+3eepXrUAuMc/JPH+sI/r5QOznk7JVemYoBj99lknbTzJ4ssSK0yVrSUxxwGiGvDQb0Gg== - dependencies: - "@aws-sdk/types" "3.460.0" - "@aws-sdk/util-arn-parser" "3.310.0" - "@smithy/node-config-provider" "^2.1.5" - "@smithy/protocol-http" "^3.0.9" - "@smithy/signature-v4" "^2.0.0" - "@smithy/smithy-client" "^2.1.15" - "@smithy/types" "^2.5.0" - "@smithy/util-config-provider" "^2.0.0" - tslib "^2.5.0" - "@aws-sdk/middleware-sdk-s3@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.465.0.tgz#fd417ce7a958066afb5c293b49eacd2f807e853e" @@ -962,16 +745,6 @@ "@smithy/util-utf8" "^2.0.2" tslib "^2.5.0" -"@aws-sdk/middleware-sdk-sts@3.461.0": - version "3.461.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-sts/-/middleware-sdk-sts-3.461.0.tgz#746afa5958c22989e4c1a1217fc2a008f7e04bf3" - integrity sha512-sgNxkwKdJ/NZm7SJZBnbYPkbspmzn3lDyRSJH7PTCvyzDBzY2PB6yS/dfnGkitR+PYwromuOYMha37W4su2SOw== - dependencies: - "@aws-sdk/middleware-signing" "3.461.0" - "@aws-sdk/types" "3.460.0" - "@smithy/types" "^2.5.0" - tslib "^2.5.0" - "@aws-sdk/middleware-sdk-sts@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-sts/-/middleware-sdk-sts-3.465.0.tgz#73ad1f0940f924be1141125ceffcf4204c54c9bf" @@ -982,19 +755,6 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/middleware-signing@3.461.0": - version "3.461.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-signing/-/middleware-signing-3.461.0.tgz#e7393f755660eb65a160e64584ad9383724bd2e1" - integrity sha512-aM/7VupHlsgeRG1UZSAQMWJX+2Jam4GG8ZGVAbLfBr9yh9cBwnUUndpUpYI9rU7atA8n+vISr162EbR7WTiFhQ== - dependencies: - "@aws-sdk/types" "3.460.0" - "@smithy/property-provider" "^2.0.0" - "@smithy/protocol-http" "^3.0.9" - "@smithy/signature-v4" "^2.0.0" - "@smithy/types" "^2.5.0" - "@smithy/util-middleware" "^2.0.6" - tslib "^2.5.0" - "@aws-sdk/middleware-signing@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-signing/-/middleware-signing-3.465.0.tgz#2a040c39bfd6f2528ef9798944b4de2d33d2bdd1" @@ -1008,23 +768,12 @@ "@smithy/util-middleware" "^2.0.6" tslib "^2.5.0" -"@aws-sdk/middleware-ssec@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-ssec/-/middleware-ssec-3.460.0.tgz#e5fa963d6d43cf4764310da4de5604ef51964473" - integrity sha512-1PSCmkq9BRX8isxyDyf785xvjldtwhdUzI+37oZ1qfDXGmRyB+KjtRBNnz5Fz+VSiOfVzfhp3sjrc4fs4BfJ0w== - dependencies: - "@aws-sdk/types" "3.460.0" - "@smithy/types" "^2.5.0" - tslib "^2.5.0" - -"@aws-sdk/middleware-user-agent@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.460.0.tgz#d3f5a420e667b7d9ead4694415748f990f50c7c0" - integrity sha512-0gBSOCr+RtwRUCSRLn9H3RVnj9ercvk/QKTHIr33CgfEdyZtIGpHWUSs6uqiQydPTRzjCm5SfUa6ESGhRVMM6A== +"@aws-sdk/middleware-ssec@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-ssec/-/middleware-ssec-3.465.0.tgz#ca6aff262527f0089a003afa33e901b81908f486" + integrity sha512-PHc1guBGp7fwoPlJkAEaHVkiYPfs93jffwsBvIevCsHcfYPv6L26/5Nk7KR+6IyuGQHpUbSC080SP1jYjOy01A== dependencies: - "@aws-sdk/types" "3.460.0" - "@aws-sdk/util-endpoints" "3.460.0" - "@smithy/protocol-http" "^3.0.9" + "@aws-sdk/types" "3.465.0" "@smithy/types" "^2.5.0" tslib "^2.5.0" @@ -1057,17 +806,6 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/region-config-resolver@3.451.0": - version "3.451.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/region-config-resolver/-/region-config-resolver-3.451.0.tgz#f4de34ebe435832dd6bcdc0a7b9fae14a42fc6de" - integrity sha512-3iMf4OwzrFb4tAAmoROXaiORUk2FvSejnHIw/XHvf/jjR4EqGGF95NZP/n/MeFZMizJWVssrwS412GmoEyoqhg== - dependencies: - "@smithy/node-config-provider" "^2.1.5" - "@smithy/types" "^2.5.0" - "@smithy/util-config-provider" "^2.0.0" - "@smithy/util-middleware" "^2.0.6" - tslib "^2.5.0" - "@aws-sdk/region-config-resolver@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/region-config-resolver/-/region-config-resolver-3.465.0.tgz#87c3d2fe96e1e759d818f179f1e72204791145e6" @@ -1093,18 +831,6 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/signature-v4-multi-region@3.461.0": - version "3.461.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.461.0.tgz#0ef0951bc39647d20099c69a99957ad1d429bf54" - integrity sha512-9tsdJ5KMPZzJN1x28AZKoS9J3xfwftFwutqcU1qsXXeouck0CztLfX+wr3etO4acPQO2zU305fnR2ulSsnns4g== - dependencies: - "@aws-sdk/middleware-sdk-s3" "3.461.0" - "@aws-sdk/types" "3.460.0" - "@smithy/protocol-http" "^3.0.9" - "@smithy/signature-v4" "^2.0.0" - "@smithy/types" "^2.5.0" - tslib "^2.5.0" - "@aws-sdk/signature-v4-multi-region@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.465.0.tgz#c4c5b00d5998ea8e2a675cc592a0fb5eaa691147" @@ -1117,49 +843,6 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/token-providers@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/token-providers/-/token-providers-3.460.0.tgz#8122fe281fe7d454166893409f280f6b026f47c2" - integrity sha512-EvSIPMI1gXk3gEkdtbZCW+p3Bjmt2gOR1m7ibQD7qLj4l0dKXhp4URgTqB1ExH3S4qUq0M/XSGKbGLZpvunHNg== - dependencies: - "@aws-crypto/sha256-browser" "3.0.0" - "@aws-crypto/sha256-js" "3.0.0" - "@aws-sdk/middleware-host-header" "3.460.0" - "@aws-sdk/middleware-logger" "3.460.0" - "@aws-sdk/middleware-recursion-detection" "3.460.0" - "@aws-sdk/middleware-user-agent" "3.460.0" - "@aws-sdk/region-config-resolver" "3.451.0" - "@aws-sdk/types" "3.460.0" - "@aws-sdk/util-endpoints" "3.460.0" - "@aws-sdk/util-user-agent-browser" "3.460.0" - "@aws-sdk/util-user-agent-node" "3.460.0" - "@smithy/config-resolver" "^2.0.18" - "@smithy/fetch-http-handler" "^2.2.6" - "@smithy/hash-node" "^2.0.15" - "@smithy/invalid-dependency" "^2.0.13" - "@smithy/middleware-content-length" "^2.0.15" - "@smithy/middleware-endpoint" "^2.2.0" - "@smithy/middleware-retry" "^2.0.20" - "@smithy/middleware-serde" "^2.0.13" - "@smithy/middleware-stack" "^2.0.7" - "@smithy/node-config-provider" "^2.1.5" - "@smithy/node-http-handler" "^2.1.9" - "@smithy/property-provider" "^2.0.0" - "@smithy/protocol-http" "^3.0.9" - "@smithy/shared-ini-file-loader" "^2.0.6" - "@smithy/smithy-client" "^2.1.15" - "@smithy/types" "^2.5.0" - "@smithy/url-parser" "^2.0.13" - "@smithy/util-base64" "^2.0.1" - "@smithy/util-body-length-browser" "^2.0.0" - "@smithy/util-body-length-node" "^2.1.0" - "@smithy/util-defaults-mode-browser" "^2.0.19" - "@smithy/util-defaults-mode-node" "^2.0.25" - "@smithy/util-endpoints" "^1.0.4" - "@smithy/util-retry" "^2.0.6" - "@smithy/util-utf8" "^2.0.2" - tslib "^2.5.0" - "@aws-sdk/token-providers@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/token-providers/-/token-providers-3.465.0.tgz#e063a30c73878462a5a1542a3eb28ac5e72c5921" @@ -1203,14 +886,6 @@ "@smithy/util-utf8" "^2.0.2" tslib "^2.5.0" -"@aws-sdk/types@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/types/-/types-3.460.0.tgz#f87602928a57473f724b6efca0158e64f658be71" - integrity sha512-MyZSWS/FV8Bnux5eD9en7KLgVxevlVrGNEP3X2D7fpnUlLhl0a7k8+OpSI2ozEQB8hIU2DLc/XXTKRerHSefxQ== - dependencies: - "@smithy/types" "^2.5.0" - tslib "^2.5.0" - "@aws-sdk/types@3.465.0", "@aws-sdk/types@^3.222.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/types/-/types-3.465.0.tgz#74977008020f3ed2e5fa0d61daef70d1cbfbfc37" @@ -1219,13 +894,6 @@ "@smithy/types" "^2.5.0" tslib "^2.5.0" -"@aws-sdk/util-arn-parser@3.310.0": - version "3.310.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/util-arn-parser/-/util-arn-parser-3.310.0.tgz#861ff8810851be52a320ec9e4786f15b5fc74fba" - integrity sha512-jL8509owp/xB9+Or0pvn3Fe+b94qfklc2yPowZZIFAkFcCSIdkIglz18cPDWnYAcy9JGewpMS1COXKIUhZkJsA== - dependencies: - tslib "^2.5.0" - "@aws-sdk/util-arn-parser@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-arn-parser/-/util-arn-parser-3.465.0.tgz#2896f6b06f69770378586853c97a0f283cbb2e20" @@ -1233,15 +901,6 @@ dependencies: tslib "^2.5.0" -"@aws-sdk/util-endpoints@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/util-endpoints/-/util-endpoints-3.460.0.tgz#5f47f8716e7e3a008061aaa82d60b23257deaf55" - integrity sha512-myH6kM5WP4IWULHDHMYf2Q+BCYVGlzqJgiBmO10kQEtJSeAGZZ49eoFFYgKW8ZAYB5VnJ+XhXVB1TRA+vR4l5A== - dependencies: - "@aws-sdk/types" "3.460.0" - "@smithy/util-endpoints" "^1.0.4" - tslib "^2.5.0" - "@aws-sdk/util-endpoints@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-endpoints/-/util-endpoints-3.465.0.tgz#b3800364bd856bdfe94e0a1c72979d1bda27a0b8" @@ -1268,16 +927,6 @@ dependencies: tslib "^2.5.0" -"@aws-sdk/util-user-agent-browser@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.460.0.tgz#a4e9fda5d4e2ecafa28d056240e10bddffa1d748" - integrity sha512-FRCzW+TyjKnvxsargPVrjayBfp/rvObYHZyZ2OSqrVw8lkkPCb4e/WZOeIiXZuhdhhoah7wMuo6zGwtFF3bYKg== - dependencies: - "@aws-sdk/types" "3.460.0" - "@smithy/types" "^2.5.0" - bowser "^2.11.0" - tslib "^2.5.0" - "@aws-sdk/util-user-agent-browser@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.465.0.tgz#2cb792c48770fe650cbb2b66ac21a8d65b0ca5ba" @@ -1288,16 +937,6 @@ bowser "^2.11.0" tslib "^2.5.0" -"@aws-sdk/util-user-agent-node@3.460.0": - version "3.460.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.460.0.tgz#d4adb7b924d89e5d33fc4ae83cfe067b7bb045c4" - integrity sha512-+kSoR9ABGpJ5Xc7v0VwpgTQbgyI4zuezC8K4pmKAGZsSsVWg4yxptoy2bDqoFL7qfRlWviMVTkQRMvR4D44WxA== - dependencies: - "@aws-sdk/types" "3.460.0" - "@smithy/node-config-provider" "^2.1.5" - "@smithy/types" "^2.5.0" - tslib "^2.5.0" - "@aws-sdk/util-user-agent-node@3.465.0": version "3.465.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.465.0.tgz#5838e93a0f2102fb555131f40bd454707caba3f9" @@ -1315,10 +954,10 @@ dependencies: tslib "^2.3.1" -"@aws-sdk/xml-builder@3.310.0": - version "3.310.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/xml-builder/-/xml-builder-3.310.0.tgz#f0236f2103b438d16117e0939a6305ad69b7ff76" - integrity sha512-TqELu4mOuSIKQCqj63fGVs86Yh+vBx5nHRpWKNUNhB2nPTpfbziTs5c1X358be3peVWA4wPxW7Nt53KIg1tnNw== +"@aws-sdk/xml-builder@3.465.0": + version "3.465.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/xml-builder/-/xml-builder-3.465.0.tgz#0914bc0b9708848f1fa509dd6e474e8c691a0cb2" + integrity sha512-9TKW5ZgsReygePTnAUdvaqxr/k1HXsEz2yDnk/jTLaUeRPsd5la8fFjb6OfgYYlbEVNlxTcKzaqOdrqxpUkmyQ== dependencies: tslib "^2.5.0" From 4d37ccc15bdd6bc48b6a6ff84c3525092bb3cb57 Mon Sep 17 00:00:00 2001 From: Tyler Hendrickson Date: Thu, 7 Dec 2023 21:49:18 -0600 Subject: [PATCH 13/19] Improve CI/CD automations (#2227) * Add coverage config file to packages/server * Manage website distribution artifacts in Terraform * Configure automatic labels and release drafts * Configure static analysis workflows * Harden dependabot workflow security * Remove old CI/CD workflows * Add common/reusable workflows for CI/CD activities * Add new CI workflow * Add new Staging deployment workflow * Add new Production deployment workflow * Require admin approval for special doc modifications * Update Contribution Guide * Document release process * Remove outdated documentation for deployments --- .github/CODEOWNERS | 9 +- .github/next_release_version.bash | 53 ++++ .github/release-drafter.yml | 133 ++++++++ .github/release.yml | 20 ++ .github/workflows/aws-auth.yml | 69 +++++ .github/workflows/build-and-deploy.yml | 216 ------------- .github/workflows/build-api.yml | 64 ---- .github/workflows/build-website.yml | 52 ---- .github/workflows/build.yml | 283 ++++++++++++++++++ .github/workflows/ci.yaml | 117 -------- .github/workflows/ci.yml | 117 ++++++++ .github/workflows/code-scanning.yml | 80 +++++ .github/workflows/dependabot-auto-approve.yml | 23 +- .github/workflows/deploy-production.yml | 189 ++++++++++++ .github/workflows/deploy-staging.yml | 129 ++++++++ .github/workflows/pr-tidying.yml | 211 +++++++++++++ .github/workflows/publish-qa-results.yml | 128 ++++++++ .github/workflows/publish-terraform-plan.yml | 139 +++++++++ .github/workflows/qa.yml | 282 +++++++++++++++++ .github/workflows/release-drafter.yml | 82 +++++ .../workflows/select-target-environment.yml | 36 --- .github/workflows/terraform-apply.yml | 140 +++++++++ .github/workflows/terraform-ci.yml | 153 ---------- .github/workflows/terraform-plan.yml | 211 +++++++++++++ .github/workflows/validate-deployment.yml | 76 +++++ CONTRIBUTING.md | 183 +++++------ README.md | 7 + docs/deployment.md | 64 ---- docs/releasing.md | 174 +++++++++++ packages/server/.nycrc | 3 + terraform/main.tf | 3 + terraform/modules/gost_website/storage.tf | 18 ++ terraform/modules/gost_website/variables.tf | 5 + terraform/prod.tfvars | 1 - terraform/staging.tfvars | 1 - terraform/variables.tf | 6 + 36 files changed, 2651 insertions(+), 826 deletions(-) create mode 100755 .github/next_release_version.bash create mode 100644 .github/release-drafter.yml create mode 100644 .github/release.yml create mode 100644 .github/workflows/aws-auth.yml delete mode 100644 .github/workflows/build-and-deploy.yml delete mode 100644 .github/workflows/build-api.yml delete mode 100644 .github/workflows/build-website.yml create mode 100644 .github/workflows/build.yml delete mode 100644 .github/workflows/ci.yaml create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/code-scanning.yml create mode 100644 .github/workflows/deploy-production.yml create mode 100644 .github/workflows/deploy-staging.yml create mode 100644 .github/workflows/pr-tidying.yml create mode 100644 .github/workflows/publish-qa-results.yml create mode 100644 .github/workflows/publish-terraform-plan.yml create mode 100644 .github/workflows/qa.yml create mode 100644 .github/workflows/release-drafter.yml delete mode 100644 .github/workflows/select-target-environment.yml create mode 100644 .github/workflows/terraform-apply.yml delete mode 100644 .github/workflows/terraform-ci.yml create mode 100644 .github/workflows/terraform-plan.yml create mode 100644 .github/workflows/validate-deployment.yml delete mode 100644 docs/deployment.md create mode 100644 docs/releasing.md create mode 100644 packages/server/.nycrc diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 49ec5eeb8..2068964cd 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,8 +1,11 @@ # Require admin approval for GitHub settings and workflow modifications /.github/ @usdigitalresponse/grants-admins -# Require admin approval for Terraform IAC modifications -/terraform/ @usdigitalresponse/grants-admins - # Require admin approval when Postgres root CA bundle is modified /packages/server/rds-combined-ca-bundle.pem @usdigitalresponse/grants-admins + +# Require admin approval for special doc modifications +README.md @usdigitalresponse/grants-admins +LICENSE @usdigitalresponse/grants-admins +CODE_OF_CONDUCT.md @usdigitalresponse/grants-admins +CONTRIBUTING.md @usdigitalresponse/grants-admins diff --git a/.github/next_release_version.bash b/.github/next_release_version.bash new file mode 100755 index 000000000..f6a8d1e48 --- /dev/null +++ b/.github/next_release_version.bash @@ -0,0 +1,53 @@ +#! /bin/bash + +# Defaults +next_version_release_year=$(TZ='UTC' date '+%Y') +next_version_release_number=1 + +if [[ $1 == 'test' ]]; then + echo 'Running tests...' >&2 + dotest() { + result=$(bash $0 "release/${1}" 2> /dev/null | tail -n 1) + expect="${2}" + if [[ $result != $expect ]]; then + printf "Test failed:\n Expected: $expect\n Received: $result\n" >&2 + exit 1 + fi + } + dotest 'release/1234.987' "$next_version_release_year.1" + dotest 'release/0.0' "$next_version_release_year.1" + dotest 'release/0' "$next_version_release_year.1" + dotest 'sometag' "$next_version_release_year.1" + dotest "release/$next_version_release_year.1" "$next_version_release_year.2" + dotest "release/$next_version_release_year.19" "$next_version_release_year.20" + dotest "release/$next_version_release_year.399" "$next_version_release_year.400" + echo 'Tests complete' >&2 + exit 0 +fi + +if [[ -z $1 ]]; then + # Ensure tag history is available + git fetch --prune --unshallow + tag=$(git describe --tags --match='release/[0-9][0-9][0-9][0-9].[0-9]*' refs/heads/main) +else + tag=$1 +fi + +regex='release\/([0-9]{4})\.([0-9]+)' +if [[ $tag =~ $regex ]]; then + echo "Found tag for previous release: $tag" >&2 + prev_version_release_number="${BASH_REMATCH[2]}" + echo "Previous version number: $prev_version_release_number" >&2 + if [[ $next_version_release_year == "${BASH_REMATCH[1]}" ]]; then + ((next_version_release_number=prev_version_release_number+1)) + else + echo "Ignoring previous version number because it pertains to a different year" >&2 + fi +else + echo "Could not locate a previous release version" >&2 +fi + +next_version="$next_version_release_year.$next_version_release_number" +echo "Next version: $next_version" >&2 +# Output result to stdout +printf "$next_version" diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 000000000..312a28762 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,133 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/release-drafter/release-drafter/master/schema.json +name-template: 'v$RESOLVED_VERSION' +tag-template: 'release/$RESOLVED_VERSION' +tag-prefix: 'release/' +version-template: '2023.$MINOR' +version-resolver: + default: minor +prerelease: true +categories: + - title: 🚀 New features and enhancements + collapse-after: 10 + labels: + - enhancement + - title: 🐛 Bug fixes + collapse-after: 10 + labels: + - bug + - title: 📖 Documentation improvements + collapse-after: 10 + labels: + - documentation + - title: 🔧 Dependency updates + collapse-after: 3 + labels: + - dependencies + - title: 🔍 Federal Grant Finder updates + collapse-after: 3 + labels: + - Grants Finder + - title: 🧾 ARPA Reporter updates + collapse-after: 3 + labels: + - arpa validations + - arpa subrecipients + - arpa web tool + - arpa audit report + - arpa output templates + - arpa quarterly reporter + - performance reporter + - title: Other changes + labels: + - '*' +category-template: '### $TITLE' +exclude-labels: + - skip-changelog +exclude-contributors: + - dependabot + - 'dependabot[bot]' + - step-security-bot +autolabeler: + - label: javascript + files: + - '**/*.js' + - '**/package.json' + - 'packages/**' + - '**/yarn.lock' + - '**/.npmrc' + - '**/.nvmrc' + - '**/.nycrc' + - '**/.node-version' + - '**/.huskyrc.json' + - '**/lerna.json' + - '**/eslintrc.js' + - '**/.browserslistrc' + - label: database-changes + files: + - 'packages/server/migrations/**' + - 'packages/server/knexfile.js' + - 'packages/server/rds-combined-ca-bundle.pem' + - label: terraform + files: + - 'terraform/**' + - label: Infra + files: + - 'terraform/**' + - 'docker/**' + - '**/docker-compose.yml' + - '**/docker-compose.yaml' + - 'localstack/**' + - label: dependencies + files: + - '**/yarn.lock' + - '**/.terraform.lock.hcl' + branch: + - '/^dependabot\/.+$/i' + - label: documentation + files: + - README + - '**/doc/**' + - '**/docs/**' + - '**/*.md' + - .adr-dir + branch: + - '/^docs?\/.+$/' + - label: bug + branch: + - '/^fix\/.+$/i' + - '/^bug\/.+$/i' + title: + - '/\bfix(es)?\b/i' + - '/\bbug\b/i' + - '/\brevert(s)?\b/i' + - label: enhancement + branch: + - '/^feat(ures?)?\/.+$/i' + - '/^enhance(s|ments?)?\/.+$/i' + title: + - '/\b(?- + '*All changes in this release were crafted by robots (and reviewed by humans).*' +template: | + ## 📚 Summary + + The releaser should provide a high-level summary here (or remove this section). + + ## 🛠️ Changes + + $CHANGES + + ## 🤝 Contributors + + We would like to thank the following people who made this release possible: + + $CONTRIBUTORS + + ## Deployment History diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 000000000..98688b994 --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,20 @@ +changelog: + exclude: + labels: + - skip-changelog + categories: + - title: 🚀 New features and enhancements + labels: + - enhancement + - title: 🐛 Bug fixes + labels: + - bug + - title: 📖 Documentation improvements + labels: + - documentation + - title: 🔧 Dependency updates + labels: + - dependencies + - title: Other Changes + labels: + - "*" diff --git a/.github/workflows/aws-auth.yml b/.github/workflows/aws-auth.yml new file mode 100644 index 000000000..03d6221c4 --- /dev/null +++ b/.github/workflows/aws-auth.yml @@ -0,0 +1,69 @@ +name: Configure AWS Credentials + +on: + workflow_call: + inputs: + aws-region: + type: string + required: true + secrets: + role-to-assume: + required: true + gpg-passphrase: + required: true + outputs: + aws-access-key-id: + value: ${{ jobs.oidc-auth.outputs.aws-access-key-id }} + aws-secret-access-key: + value: ${{ jobs.oidc-auth.outputs.aws-secret-access-key }} + aws-session-token: + value: ${{ jobs.oidc-auth.outputs.aws-session-token }} + +permissions: + contents: read + id-token: write + +jobs: + oidc-auth: + name: OIDC Auth + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + outputs: + aws-access-key-id: ${{ steps.encrypt-aws-access-key-id.outputs.out }} + aws-secret-access-key: ${{ steps.encrypt-aws-secret-access-key.outputs.out }} + aws-session-token: ${{ steps.encrypt-aws-session-token.outputs.out }} + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + sts.us-west-2.amazonaws.com:443 + - id: auth + uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + with: + aws-region: us-west-2 + role-to-assume: "${{ secrets.role-to-assume }}" + - name: Encrypt aws-access-key-id + id: encrypt-aws-access-key-id + run: | + encrypted=$(gpg --batch --yes --passphrase "$GPG_PASSPHRASE" -c --cipher-algo AES256 -o - <(echo "$AWS_ACCESS_KEY_ID") | base64 -w0) + echo "out=$encrypted" >> $GITHUB_OUTPUT + env: + GPG_PASSPHRASE: ${{ secrets.gpg-passphrase }} + - name: Encrypt aws-secret-access-key + id: encrypt-aws-secret-access-key + run: | + encrypted=$(gpg --batch --yes --passphrase "$GPG_PASSPHRASE" -c --cipher-algo AES256 -o - <(echo "$AWS_SECRET_ACCESS_KEY") | base64 -w0) + echo "out=$encrypted" >> $GITHUB_OUTPUT + env: + GPG_PASSPHRASE: ${{ secrets.gpg-passphrase }} + - name: Encrypt aws-session-token + id: encrypt-aws-session-token + run: | + encrypted=$(gpg --batch --yes --passphrase "$GPG_PASSPHRASE" -c --cipher-algo AES256 -o - <(echo "$AWS_SESSION_TOKEN") | base64 -w0) + echo "out=$encrypted" >> $GITHUB_OUTPUT + env: + GPG_PASSPHRASE: ${{ secrets.gpg-passphrase }} diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml deleted file mode 100644 index e7625212d..000000000 --- a/.github/workflows/build-and-deploy.yml +++ /dev/null @@ -1,216 +0,0 @@ -name: Build and deploy GOST - -on: - push: - branches: - - _staging - - main - -concurrency: - group: ${{ github.workflow_ref }} - -permissions: - contents: read - id-token: write - packages: write - -jobs: - changes: - name: Detect changes - runs-on: ubuntu-latest - outputs: - api: ${{ steps.filter.outputs.api }} - website: ${{ steps.filter.outputs.website }} - terraform: ${{ steps.filter.outputs.terraform }} - steps: - - uses: actions/checkout@v3 - - uses: dorny/paths-filter@v2 - id: filter - with: - base: ${{ github.ref }} - filters: | - api: - - ".github/workflows/build-api.yml" - - '.github/workflows/build-and-deploy.yml' - - 'packages/server/**' - - 'docker/production-api.Dockerfile' - - '.nvmrc' - - 'yarn.lock' - website: - - ".github/workflows/build-website.yml" - - '.github/workflows/build-and-deploy.yml' - - 'packages/client/**' - - '.node-version' - - '.nvmrc' - - 'yarn.lock' - terraform: - - 'terraform/**' - - build_api: - name: Build and push GOST API Docker image - needs: - - changes - if: needs.changes.outputs.api == 'true' - uses: "./.github/workflows/build-api.yml" - permissions: - contents: read - packages: write - - build_website: - name: Build website deployment artifact - needs: - - changes - if: needs.changes.outputs.website == 'true' - uses: "./.github/workflows/build-website.yml" - permissions: - contents: read - - select_target_environment: - name: Select target environment - uses: "./.github/workflows/select-target-environment.yml" - with: - ref_name: "${{ github.ref_name }}" - - deploy_terraform: - name: Deploy terraform - runs-on: ubuntu-latest - needs: - - select_target_environment - - changes - if: needs.changes.outputs.terraform == 'true' - concurrency: - group: run_terraform-${{ needs.select_target_environment.outputs.selected }} - cancel-in-progress: false - environment: ${{ needs.select_target_environment.outputs.selected }} - env: - TF_PLUGIN_CACHE_DIR: ~/.terraform.d/plugin-cache - TF_VAR_version_identifier: ${{ github.sha }} - TF_VAR_datadog_api_key: ${{ secrets.DATADOG_API_KEY }} - TF_VAR_datadog_app_key: ${{ secrets.DATADOG_APP_KEY }} - steps: - - uses: actions/checkout@v3 - - name: Get project TF version - id: get_version - run: echo "TF_VERSION=$(cat .terraform-version | tr -d '[:space:]')" | tee -a $GITHUB_OUTPUT - working-directory: terraform - - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: ${{ steps.get_version.outputs.TF_VERSION }} - - name: Ensure Terraform plugin cache exists - run: mkdir -p $TF_PLUGIN_CACHE_DIR - - name: Save/Restore Terraform plugin cache - uses: actions/cache@v3 - with: - path: ${{ env.TF_PLUGIN_CACHE_DIR }} - key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }} - restore-keys: | - ${{ runner.os }}-terraform- - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-region: us-west-2 - role-to-assume: "${{ secrets.AWS_ROLE_TO_ASSUME }}" - - name: Terraform Init - id: init - run: terraform init -backend-config="${{ needs.select_target_environment.outputs.selected }}.s3.tfbackend" - working-directory: terraform - - name: Terraform Validate - id: validate - run: terraform validate -no-color - working-directory: terraform - - name: Terraform Apply - if: steps.validate.outcome == 'success' - id: apply - run: terraform apply -auto-approve -input=false -no-color -var-file="${{ needs.select_target_environment.outputs.selected }}.tfvars" - working-directory: terraform - - deploy_website: - name: Deploy website - runs-on: ubuntu-latest - needs: - - build_website - - select_target_environment - - deploy_terraform - if: | - always() && - needs.build_website.result == 'success' && - (needs.deploy_terraform.result == 'success' || needs.deploy_terraform.result == 'skipped') - environment: ${{ needs.select_target_environment.outputs.selected }} - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-region: us-west-2 - role-to-assume: "${{ secrets.AWS_ROLE_TO_ASSUME }}" - - name: Get deployment parameters - uses: dkershner6/aws-ssm-getparameters-action@v1 - with: - withDecryption: "true" - parameterPairs: | - /gost/${{ needs.select_target_environment.outputs.selected }}/deploy-config/website/s3-uri = S3_DEPLOYMENT_URI, - /gost/${{ needs.select_target_environment.outputs.selected }}/deploy-config/website/distribution-id = CLOUDFRONT_DISTRIBUTION_ID - - name: Download build - uses: actions/download-artifact@v3 - with: - name: ${{ needs.build_website.outputs.artifact }} - path: dist - - name: Upload artifact to S3 - run: aws s3 sync ./dist ${{ env.S3_DEPLOYMENT_URI }} --sse --delete --no-progress - - name: Invalidate CloudFront cache - run: aws cloudfront create-invalidation --paths "/*" --distribution-id ${{ env.CLOUDFRONT_DISTRIBUTION_ID }} - - deploy_api: - name: Deploy API - runs-on: ubuntu-latest - needs: - - build_api - - select_target_environment - - deploy_terraform - if: | - always() && - needs.build_api.result == 'success' && - (needs.deploy_terraform.result == 'success' || needs.deploy_terraform.result == 'skipped') - environment: ${{ needs.select_target_environment.outputs.selected }} - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-region: us-west-2 - role-to-assume: "${{ secrets.AWS_ROLE_TO_ASSUME }}" - - name: Get deployment parameters - uses: dkershner6/aws-ssm-getparameters-action@v1 - with: - withDecryption: "true" - parameterPairs: | - /gost/${{ needs.select_target_environment.outputs.selected }}/deploy-config/api/cluster-name = ECS_CLUSTER_NAME, - /gost/${{ needs.select_target_environment.outputs.selected }}/deploy-config/api/service-name = ECS_SERVICE_NAME - - name: Update ECS service - run: aws ecs update-service --cluster ${{ env.ECS_CLUSTER_NAME }} --service ${{ env.ECS_SERVICE_NAME }} --force-new-deployment > /dev/null - - deploy_grants_consumer: - name: Deploy Grants Consumer - runs-on: ubuntu-latest - needs: - - build_api - - select_target_environment - - deploy_terraform - if: | - always() && - needs.build_api.result == 'success' && - (needs.deploy_terraform.result == 'success' || needs.deploy_terraform.result == 'skipped') - environment: ${{ needs.select_target_environment.outputs.selected }} - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-region: us-west-2 - role-to-assume: "${{ secrets.AWS_ROLE_TO_ASSUME }}" - - name: Get deployment parameters - uses: dkershner6/aws-ssm-getparameters-action@v1 - with: - withDecryption: "true" - parameterPairs: | - /gost/${{ needs.select_target_environment.outputs.selected }}/deploy-config/consume-grants/cluster-name = ECS_CLUSTER_NAME, - /gost/${{ needs.select_target_environment.outputs.selected }}/deploy-config/consume-grants/service-name = ECS_SERVICE_NAME - - name: Update ECS service - run: aws ecs update-service --cluster ${{ env.ECS_CLUSTER_NAME }} --service ${{ env.ECS_SERVICE_NAME }} --force-new-deployment > /dev/null diff --git a/.github/workflows/build-api.yml b/.github/workflows/build-api.yml deleted file mode 100644 index 1deccefab..000000000 --- a/.github/workflows/build-api.yml +++ /dev/null @@ -1,64 +0,0 @@ -name: Build Docker image for GOST API - -on: - pull_request: - paths: - - ".github/workflows/build-api.yml" - - "packages/server/**" - - "docker/production-api.Dockerfile" - - "yarn.lock" - workflow_call: {} - -permissions: - contents: read - packages: write - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }}-api - -jobs: - build-and-push: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Authenticate docker - uses: docker/login-action@v2 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Set date/time-based version string as env var - run: echo "DATETIME_VERSION=$(TZ=UTC date +'%Y%m%d.%H%M')" >> $GITHUB_ENV - - name: Extract metadata for Docker - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=sha,enable=true,priority=100,prefix=,suffix=,format=short - type=raw,enable=true,priority=200,prefix=,suffix=,value=${{ env.DATETIME_VERSION }} - type=raw,enable=${{ github.event_name != 'pull_request' }},priority=300,value=latest - type=raw,enable=${{ github.ref == 'refs/heads/main' }},priority=300,value=stable - labels: | - org.opencontainers.image.title=${{ env.IMAGE_NAME }} - org.opencontainers.image.version=${{ env.DATETIME_VERSION }} - com.datadoghq.tags.service=gost - com.datadoghq.tags.version=${{ github.sha }} - - name: Build and push Docker image - uses: docker/build-push-action@v3 - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - file: docker/production-api.Dockerfile - tags: ${{ steps.meta.outputs.tags }} - platforms: linux/amd64,linux/arm64 - labels: ${{ steps.meta.outputs.labels }} - build-args: | - GIT_COMMIT=${{ github.sha }} - GIT_REF=${{ github.ref }} - TIMESTAMP=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} diff --git a/.github/workflows/build-website.yml b/.github/workflows/build-website.yml deleted file mode 100644 index c637231a4..000000000 --- a/.github/workflows/build-website.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Build GOST Website - -on: - pull_request: - paths: - - ".github/workflows/build-website.yml" - - "packages/client/**" - - ".node-version" - - ".nvmrc" - - "yarn.lock" - workflow_call: - outputs: - artifact: - description: "Identifier for the website build artifact" - value: ${{ jobs.build.outputs.artifact }} - -concurrency: - group: build-website-${{ github.workflow_ref }} - cancel-in-progress: ${{ github.event_name == 'pull_request' }} - -permissions: - contents: read - -jobs: - build: - name: Build website deployment artifact - runs-on: ubuntu-latest - permissions: - contents: read - outputs: - artifact: website-${{ github.sha }} - env: - BUILD_DIR: packages/client - steps: - - uses: actions/checkout@v3 - - name: Install Node.js - uses: actions/setup-node@v2 - with: - node-version-file: '.nvmrc' - cache: yarn - - name: Install dependencies - working-directory: ${{ env.BUILD_DIR }} - run: yarn install --frozen-lockfile - - name: Build the website - working-directory: ${{ env.BUILD_DIR }} - run: yarn build - - name: Upload build artifact - # if: ${{ github.event_name != 'pull_request' }} - uses: actions/upload-artifact@v3 - with: - name: website-${{ github.sha }} - path: ${{ env.BUILD_DIR }}/dist diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..5760bc8b1 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,283 @@ +name: Build + +permissions: + contents: read + packages: write + +on: + workflow_call: + inputs: + ref: + type: string + required: true + build-server-image: + description: Whether to build a `usdr-gost-api` Docker image using the `production-api.Dockerfile`. + type: boolean + default: true + build-website: + description: Whether to build website distribution artifacts for the client package. + type: boolean + default: true + server-image-args-ref: + description: Ref name for the build commit, like refs/heads/my-feature-branch-1. + type: string + required: true + server-image-artifacts-retention-days: + description: Number of days to store Docker attestation artifacts. + type: number + default: 90 + server-image-upload-attestations: + description: Whether to upload attestation files for the Docker build as artifacts. + type: boolean + default: false + server-image-push: + description: Whether to push Docker images to the registry after building. + type: boolean + default: true + server-image-name: + description: Name of the docker image. Use caution when setting a non-default value. + type: string + default: ${{ github.repository }}-api + server-image-registry: + description: The Docker image registry. Use caution when setting a non-default value. + type: string + default: ghcr.io + server-image-tag-latest: + description: Tags image builds with `latest`. + type: boolean + default: false + server-image-tag-production: + description: Tags image builds with `production`. + type: boolean + required: false + server-image-tag-pr: + description: A PR number to add as a Docker image tag (as `pr-`) when building for a pull request. + type: string + required: false + server-image-tag-release: + description: A tag value that, if provided, signifies the release version associated with the Docker image. + type: string + required: false + server-image-version: + description: Value to set for the `org.opencontainers.image.version label`. + type: string + default: "" + website-artifact-retention-days: + description: Number of days to retain website build artifacts. + type: number + default: 90 + outputs: + build-server-image-result: + value: ${{ jobs.server-docker-image.result }} + build-website-result: + value: ${{ jobs.website-bundle.result }} + server-image-digest: + value: ${{ jobs.server-docker-image.outputs.digest }} + server-attestation-artifacts-key: + value: ${{ jobs.server-docker-image.outputs.attestation-artifacts-key }} + server-attestation-artifacts-path: + value: ${{ jobs.server-docker-image.outputs.attestation-artifacts-path }} + website-artifacts-key: + value: ${{ jobs.website-bundle.outputs.artifacts-key }} + website-artifacts-path: + value: ${{ jobs.website-bundle.outputs.artifacts-path }} + website-checksums-sha256: + value: ${{ jobs.website-bundle.outputs.checksums-sha256 }} + +jobs: + server-docker-image: + name: Build server Docker image + if: inputs.build-server-image + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + env: + ATTESTATION_ARTIFACTS_KEY: "server-image-attestations-${{ inputs.ref }}" + outputs: + commit-tag: ${{ inputs.ref }} + digest: ${{ steps.build-push.outputs.digest }} + attestation-artifacts-key: ${{ env.ATTESTATION_ARTIFACTS_KEY }} + attestation-artifacts-path: ${{ steps.store-attestations.outputs.path }} + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: audit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + id: checkout + with: + ref: ${{ inputs.ref }} + show-progress: 'false' + persist-credentials: 'false' + - name: Set build info for the checked-out commit + id: commit-sha + run: echo "long=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + with: + platforms: linux/amd64,linux/arm64 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + with: + platforms: linux/amd64,linux/arm64 + - name: Authenticate docker + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata for Docker + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ inputs.server-image-registry }}/${{ inputs.server-image-name }} + tags: | + type=raw,enable=true,priority=100,prefix=sha-,value=${{ steps.commit-sha.outputs.long }} + type=raw,enable=${{ inputs.server-image-tag-release != '' }},priority=200,value=${{ inputs.server-image-tag-release }} + type=raw,enable=${{ inputs.server-image-tag-latest }},priority=300,value=latest + type=raw,enable=${{ inputs.server-image-tag-pr != '' }},priority=600,prefix=pr-,value=${{ inputs.server-image-tag-pr }} + labels: | + org.opencontainers.image.title=${{ inputs.server-image-name }} + org.opencontainers.image.version=${{ inputs.server-image-version }} + org.opencontainers.image.revision=${{ steps.commit-sha.outputs.long }} + com.datadoghq.tags.service=gost + com.datadoghq.tags.version=${{ steps.commit-sha.outputs.long }} + - name: Set bake file definition as step output + id: bakefile + run: | + BAKEFILE_CONTENTS="$(cat $BAKEFILE_PATH)" + echo "result<> $GITHUB_OUTPUT + echo "$BAKEFILE_CONTENTS" >> $GITHUB_OUTPUT + echo "ENDOFBAKEFILE" >> $GITHUB_OUTPUT + env: + BAKEFILE_PATH: ${{ steps.meta.outputs.bake-file }} + - name: Build and push Docker image + id: build-push + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + with: + context: . + github-token: ${{ secrets.GITHUB_TOKEN }} + push: ${{ inputs.server-image-push }} + file: docker/production-api.Dockerfile + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + provenance: true + sbom: true + build-args: | + GIT_COMMIT=${{ inputs.ref }} + GIT_REF=${{ inputs.server-image-args-ref }} + TIMESTAMP=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} + - name: Publish build results + run: | + REPORT_FILE=$(mktemp -t summary.md.XXXXX) + cat >> $REPORT_FILE << 'ENDOFREPORT' + ## Docker Build Summary + + **Image ID:** `${{ steps.build-push.outputs.imageid }}` + **Image Digest:** `${{ steps.build-push.outputs.digest }}` + +
+ Bake File + + ```json + ${{ steps.bakefile.outputs.result }} + ``` + +
+
+ Build Metadata + + ```json + ${{ steps.build-push.outputs.metadata }} + ``` + +
+ ENDOFREPORT + cat "$REPORT_FILE" >> $GITHUB_STEP_SUMMARY + - name: Store attestations + id: store-attestations + if: inputs.server-image-upload-attestations + run: | + ATTESTATIONS_DIR=$(mktemp -d) + echo "path=$ATTESTATIONS_DIR" >> $GITHUB_OUTPUT + docker buildx imagetools inspect "$INSPECT_NAME" --format "{{ json .SBOM }}" > $ATTESTATIONS_DIR/sbom.sdpx.json + docker buildx imagetools inspect "$INSPECT_NAME" --format "{{ json .Provenance }}" > $ATTESTATIONS_DIR/provenance.json + env: + INSPECT_NAME: ${{ inputs.server-image-registry }}/${{ inputs.server-image-name }}@${{ steps.build-push.outputs.digest }} + - name: Upload attestations + if: steps.store-attestations.outcome == 'success' + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: ${{ env.ATTESTATION_ARTIFACTS_KEY }} + path: ${{ steps.store-attestations.outputs.path }} + if-no-files-found: error + retention-days: ${{ inputs.server-image-artifacts-retention-days }} + + website-bundle: + name: Build website deployment artifact + if: inputs.build-website + runs-on: ubuntu-latest + permissions: + contents: read + packages: none + env: + ARTIFACTS_KEY: website-${{ inputs.ref }} + ARTIFACTS_PATH: ${{ github.workspace }}/packages/client/dist + outputs: + artifacts-key: ${{ env.ARTIFACTS_KEY }} + artifacts-path: ${{ env.ARTIFACTS_PATH }} + checksums-sha256: ${{ steps.checksums.outputs.sha256 }} + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: audit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ inputs.ref }} + show-progress: 'false' + persist-credentials: 'false' + - name: Setup Node + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + with: + node-version-file: .nvmrc + cache: yarn + cache-dependency-path: yarn.lock + - name: Install dependencies + run: yarn workspace client install --frozen-lockfile + - name: Build the website + run: yarn workspace client build + - name: Compute build artifact checksums + id: checksums + run: | + DIST_CHECKSUMS=$(find "$ARTIFACTS_PATH" -type f -exec sha256sum {} \;) + echo "sha256<> $GITHUB_OUTPUT + echo "$DIST_CHECKSUMS" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + - name: Publish build results + run: | + REPORT_FILE=$(mktemp -t summary.md.XXXXX) + cat >> $REPORT_FILE << 'ENDOFREPORT' + ## Build Website Summary + +
+ Checksums + + ``` + ${{ steps.checksums.outputs.sha256 }} + ``` + +
+ ENDOFREPORT + cat "$REPORT_FILE" >> $GITHUB_STEP_SUMMARY + - name: Upload build artifact + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: ${{ env.ARTIFACTS_KEY }} + path: ${{ env.ARTIFACTS_PATH }} + if-no-files-found: error + retention-days: ${{ inputs.website-artifact-retention-days }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index 2bef50450..000000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,117 +0,0 @@ -name: Continuous Integration - -on: - pull_request: {} - push: - branches: - - main - paths-ignore: - - "docs/**" - -jobs: - test-e2e-integration: - name: "Cypress Integration Tests" - runs-on: ubuntu-latest - services: - postgres: - image: "postgres:13" - env: - POSTGRES_DB: usdr_grants_test - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - ports: - - 5432:5432 - # Set health checks to wait until postgres has started - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 5s - --health-retries 5 - - steps: - - uses: actions/checkout@v2 - - name: Install Node.js - uses: actions/setup-node@v2 - with: - node-version: 16.14.0 - cache: yarn - - name: Install dependencies - run: yarn setup - - name: Run migrations - env: - POSTGRES_TEST_URL: "postgresql://postgres:password@localhost:${{ job.services.postgres.ports[5432] }}/usdr_grants_test" - # This is intentional to set POSTGRES_URL=POSTGRES_TEST_URL; ARPA Reporter test runner gates - # dev vs. CI differences based on whether these are the same. - POSTGRES_URL: "postgresql://postgres:password@localhost:${{ job.services.postgres.ports[5432] }}/usdr_grants_test" - run: yarn db:migrate - - name: Start Applications - env: - POSTGRES_TEST_URL: "postgresql://postgres:password@localhost:${{ job.services.postgres.ports[5432] }}/usdr_grants_test" - # This is intentional to set POSTGRES_URL=POSTGRES_TEST_URL; ARPA Reporter test runner gates - # dev vs. CI differences based on whether these are the same. - POSTGRES_URL: "postgresql://postgres:password@localhost:${{ job.services.postgres.ports[5432] }}/usdr_grants_test" - AWS_ACCESS_KEY_ID: "Fake AWS Key" - AWS_SECRET_ACCESS_KEY: "Fake AWS Secret" - NOTIFICATIONS_EMAIL: grants-identification@usdigitalresponse.org - DATA_DIR: './data' - run: yarn serve & - - name: Run e2e tests - uses: cypress-io/github-action@v5 - env: - CYPRESS_BASE_URL: 'http://localhost:8080' - with: - publish-summary: true - working-directory: packages/e2e - - test-server-client: - name: "Server and Client Unit Tests" - runs-on: ubuntu-latest - services: - postgres: - image: "postgres:13" - env: - POSTGRES_DB: usdr_grants_test - POSTGRES_USER: postgres - POSTGRES_PASSWORD: password - ports: - - 5432:5432 - # Set health checks to wait until postgres has started - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 5s - --health-retries 5 - - steps: - - uses: actions/checkout@v2 - - name: Install Node.js - uses: actions/setup-node@v2 - with: - node-version: 16.14.0 - cache: yarn - - name: Install dependencies - run: yarn setup - - name: Run Linter - run: yarn lint - - name: Run unit tests - env: - POSTGRES_TEST_URL: "postgresql://postgres:password@localhost:${{ job.services.postgres.ports[5432] }}/usdr_grants_test" - # This is intentional to set POSTGRES_URL=POSTGRES_TEST_URL; ARPA Reporter test runner gates - # dev vs. CI differences based on whether these are the same. - POSTGRES_URL: "postgresql://postgres:password@localhost:${{ job.services.postgres.ports[5432] }}/usdr_grants_test" - AWS_ACCESS_KEY_ID: "Fake AWS Key" - AWS_SECRET_ACCESS_KEY: "Fake AWS Secret" - NOTIFICATIONS_EMAIL: grants-identification@usdigitalresponse.org - run: | - # The .env file needs to be present; the example file is good enough. - cp packages/server/.env.example packages/server/.env - cp packages/client/.env.example packages/client/.env - cp packages/e2e/.env.example packages/e2e/.env - export CI=true; yarn coverage - - name: Publish coverage report to CodeClimate - uses: paambaati/codeclimate-action@v3.2.0 - env: - CC_TEST_REPORTER_ID: c0ab87c312e9ca57ec34d55ebec07ed396f96f039b3c725221918a75be71a0eb - with: - coverageLocations: | - ${{github.workspace}}/coverage/lcov.info:lcov diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000..bf4eecba8 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,117 @@ +name: Continuous Integration + +on: + pull_request_target: {} + +permissions: + contents: read + +jobs: + qa: + permissions: + contents: read + uses: ./.github/workflows/qa.yml + with: + ref: ${{ github.event.pull_request.head.sha }} + + publish-qa-results: + name: Publish QA Results + permissions: + contents: read + pull-requests: write + if: needs.qa.result != 'skipped' || needs.qa.result != 'cancelled' + needs: + - qa + uses: "./.github/workflows/publish-qa-results.yml" + with: + client-test-outcome: ${{ needs.qa.outputs.client-test-outcome }} + client-test-coverage-markdown-report: ${{ needs.qa.outputs.client-test-coverage-markdown-report }} + server-test-outcome: ${{ needs.qa.outputs.server-test-outcome }} + server-test-coverage-markdown-report: ${{ needs.qa.outputs.server-test-coverage-markdown-report }} + eslint-outcome: ${{ needs.qa.outputs.eslint-outcome }} + tflint-outcome: ${{ needs.qa.outputs.tflint-outcome }} + e2e-test-outcome: ${{ needs.qa.outputs.e2e-test-outcome }} + pr-number: ${{ github.event.pull_request.number }} + write-summary: true + write-comment: true + + build: + permissions: + contents: read + packages: write + name: Build deployment artifacts + uses: ./.github/workflows/build.yml + with: + ref: ${{ github.event.pull_request.head.sha }} + build-server-image: true + server-image-push: true + server-image-args-ref: ${{ github.ref }} + server-image-tag-latest: false + server-image-tag-pr: "${{ github.event.pull_request.number }}" + server-image-version: "rc-pr-${{ github.event.pull_request.number }}" + server-image-upload-attestations: true + server-image-artifacts-retention-days: 14 + build-website: true + website-artifact-retention-days: 14 + + aws-auth: + name: Configure AWS Credentials + permissions: + contents: read + id-token: write + uses: ./.github/workflows/aws-auth.yml + with: + aws-region: us-west-2 + secrets: + role-to-assume: ${{ secrets.CI_ROLE_ARN }} + gpg-passphrase: ${{ secrets.TFPLAN_SECRET }} + + tf-plan: + name: Plan Terraform + permissions: + contents: read + needs: + - aws-auth + - build + uses: ./.github/workflows/terraform-plan.yml + if: needs.build.outputs.build-server-image-result == 'success' && needs.build.outputs.build-website-result == 'success' && needs.aws-auth.result == 'success' + with: + ref: ${{ github.event.pull_request.head.sha }} + concurrency-group: run_terraform-staging + server-image-tag: ${{ github.event.pull_request.head.sha }} + server-image-digest: ${{ needs.build.outputs.server-image-digest }} + website-artifacts-key: ${{ needs.build.outputs.website-artifacts-key }} + website-artifacts-path: ${{ needs.build.outputs.website-artifacts-path }} + aws-region: us-west-2 + environment-key: staging + tf-backend-config-file: staging.s3.tfbackend + tf-var-file: staging.tfvars + upload-artifacts: false + artifacts-retention-days: 14 + secrets: + aws-access-key-id: ${{ needs.aws-auth.outputs.aws-access-key-id }} + aws-secret-access-key: ${{ needs.aws-auth.outputs.aws-secret-access-key }} + aws-session-token: ${{ needs.aws-auth.outputs.aws-session-token }} + datadog-api-key: ${{ secrets.DATADOG_API_KEY }} + datadog-app-key: ${{ secrets.DATADOG_APP_KEY }} + gpg-passphrase: ${{ secrets.TFPLAN_SECRET }} + + publish-tf-plan: + name: Publish Terraform Plan + permissions: + contents: read + pull-requests: write + if: needs.tf-plan.result != 'skipped' || needs.tf-plan.result != 'cancelled' + needs: + - tf-plan + uses: ./.github/workflows/publish-terraform-plan.yml + with: + write-summary: true + write-comment: true + pr-number: ${{ github.event.pull_request.number }} + tf-fmt-outcome: ${{ needs.tf-plan.outputs.fmt-outcome }} + tf-init-outcome: ${{ needs.tf-plan.outputs.init-outcome }} + tf-plan-outcome: ${{ needs.tf-plan.outputs.plan-outcome }} + tf-plan-output: ${{ needs.tf-plan.outputs.plan-output }} + tf-validate-outcome: ${{ needs.tf-plan.outputs.validate-outcome }} + tf-validate-output: ${{ needs.tf-plan.outputs.validate-output }} diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml new file mode 100644 index 000000000..3827edc8d --- /dev/null +++ b/.github/workflows/code-scanning.yml @@ -0,0 +1,80 @@ +name: "Code Scanning" + +on: + push: + branches: + - main + pull_request: + branches: + - main + schedule: + - cron: '35 8 * * 1-5' + +permissions: + contents: read + +jobs: + dependency-review: + name: Dependency Review + runs-on: ubuntu-latest + if: github.event_name == 'pull_request' + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 + github.com:443 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + show-progress: 'false' + persist-credentials: 'false' + - uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0 + + codeql: + name: CodeQL + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: audit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + show-progress: 'false' + persist-credentials: 'false' + - name: Initialize CodeQL + uses: github/codeql-action/init@8e0b1c74b1d5a0077b04d064c76ee714d3da7637 # v2.14.6 + with: + languages: javascript-typescript + queries: security-extended,security-and-quality + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@8e0b1c74b1d5a0077b04d064c76ee714d3da7637 # v2.14.6 + with: + category: "/language:javascript-typescript" + + gha-workflow-security: + name: GHA Workflow Security + runs-on: ubuntu-latest + if: github.event_name == 'pull_request' + permissions: + contents: read + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 + github.com:443 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + show-progress: 'false' + persist-credentials: 'false' + - name: Ensure GitHub action versions are pinned to SHAs + uses: zgosalvez/github-actions-ensure-sha-pinned-actions@fdc1a0099560840b2be12459d0a61c7bc95b9db1 # v3.0.0 diff --git a/.github/workflows/dependabot-auto-approve.yml b/.github/workflows/dependabot-auto-approve.yml index 70485e64c..05344175b 100644 --- a/.github/workflows/dependabot-auto-approve.yml +++ b/.github/workflows/dependabot-auto-approve.yml @@ -13,21 +13,28 @@ jobs: runs-on: ubuntu-latest if: ${{ github.actor == 'dependabot[bot]' }} steps: + - name: Harden Runner + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 - name: Dependabot metadata id: dependabot-metadata - uses: dependabot/fetch-metadata@v1 + uses: dependabot/fetch-metadata@c9c4182bf1b97f5224aee3906fd373f6b61b4526 # v1.6.0 - name: Approve a PR if dependency semver changes are minor or patch - if: ${{contains(fromJson('["version-update:semver-patch", "version-update:semver-minor"]'), steps.dependabot-metadata.outputs.update-type)}} + if: ${{ contains(fromJson('["version-update:semver-patch", "version-update:semver-minor"]'), steps.dependabot-metadata.outputs.update-type) }} run: gh pr review --approve "$PR_URL" env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Enable auto-merge if dependency semver changes are minor or patch - if: ${{contains(fromJson('["version-update:semver-patch", "version-update:semver-minor"]'), steps.dependabot-metadata.outputs.update-type)}} + if: ${{ contains(fromJson('["version-update:semver-patch", "version-update:semver-minor"]'), steps.dependabot-metadata.outputs.update-type) }} run: | echo "Enabling auto-merge for Dependabot $UPDATE_TYPE" gh pr merge --auto --squash "$PR_URL" env: - PR_URL: ${{github.event.pull_request.html_url}} - GH_TOKEN: ${{secrets.GITHUB_TOKEN}} - UPDATE_TYPE: ${{steps.dependabot-metadata.outputs.update-type}} + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + UPDATE_TYPE: ${{ steps.dependabot-metadata.outputs.update-type }} diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml new file mode 100644 index 000000000..9f2548f1c --- /dev/null +++ b/.github/workflows/deploy-production.yml @@ -0,0 +1,189 @@ +name: Deploy to Production +run-name: Deploy ${{ github.ref }} + +on: + push: + tags: + - 'release/**' + workflow_dispatch: + +concurrency: + group: deploy-production + cancel-in-progress: false + +permissions: + contents: read + id-token: write + +jobs: + validate: + name: Validate commits for deployment + permissions: + contents: read + uses: ./.github/workflows/validate-deployment.yml + with: + protected-ref: ${{ github.event.repository.default_branch }} + deployment-ref: ${{ github.ref }} + + build: + name: Build deployment artifacts + permissions: + contents: read + packages: write + needs: + - validate + uses: ./.github/workflows/build.yml + with: + ref: ${{ github.sha }} + build-server-image: true + server-image-push: true + server-image-args-ref: ${{ github.ref }} + server-image-version: ${{ github.ref_name }} + server-image-tag-latest: false + server-image-tag-release: ${{ github.ref_name }} + server-image-upload-attestations: true + server-image-artifacts-retention-days: 90 + build-website: true + website-artifact-retention-days: 90 + + aws-auth: + name: Configure AWS Credentials + permissions: + contents: read + id-token: write + needs: + - validate + uses: ./.github/workflows/aws-auth.yml + with: + aws-region: us-west-2 + secrets: + gpg-passphrase: ${{ secrets.PRODUCTION_GPG_PASSPHRASE }} + role-to-assume: ${{ secrets.PRODUCTION_ROLE_ARN }} + + tf-plan: + name: Plan Terraform + permissions: + contents: read + needs: + - validate + - aws-auth + - build + uses: ./.github/workflows/terraform-plan.yml + with: + ref: ${{ github.sha }} + concurrency-group: run_terraform-production + server-image-tag: ${{ github.sha }} + server-image-digest: ${{ needs.build.outputs.server-image-digest }} + website-artifacts-key: ${{ needs.build.outputs.website-artifacts-key }} + website-artifacts-path: ${{ needs.build.outputs.website-artifacts-path }} + aws-region: us-west-2 + environment-key: production + tf-backend-config-file: prod.s3.tfbackend + tf-var-file: prod.tfvars + upload-artifacts: true + artifacts-retention-days: 90 + secrets: + aws-access-key-id: ${{ needs.aws-auth.outputs.aws-access-key-id }} + aws-secret-access-key: ${{ needs.aws-auth.outputs.aws-secret-access-key }} + aws-session-token: ${{ needs.aws-auth.outputs.aws-session-token }} + datadog-api-key: ${{ secrets.DATADOG_API_KEY }} + datadog-app-key: ${{ secrets.DATADOG_APP_KEY }} + gpg-passphrase: ${{ secrets.PRODUCTION_GPG_PASSPHRASE }} + + publish-tf-plan: + name: Publish Terraform Plan + permissions: + contents: read + pull-requests: write + if: needs.tf-plan.result != 'skipped' || needs.tf-plan.result != 'cancelled' + needs: + - tf-plan + uses: ./.github/workflows/publish-terraform-plan.yml + with: + write-summary: true + write-comment: false + tf-fmt-outcome: ${{ needs.tf-plan.outputs.fmt-outcome }} + tf-init-outcome: ${{ needs.tf-plan.outputs.init-outcome }} + tf-plan-outcome: ${{ needs.tf-plan.outputs.plan-outcome }} + tf-plan-output: ${{ needs.tf-plan.outputs.plan-output }} + tf-validate-outcome: ${{ needs.tf-plan.outputs.validate-outcome }} + tf-validate-output: ${{ needs.tf-plan.outputs.validate-output }} + + tf-apply: + name: Deploy to Production + needs: + - build + - aws-auth + - tf-plan + if: needs.tf-plan.outputs.plan-exitcode == 2 + uses: ./.github/workflows/terraform-apply.yml + with: + website-artifacts-key: ${{ needs.build.outputs.website-artifacts-key }} + website-artifacts-path: ${{ needs.build.outputs.website-artifacts-path }} + tf-plan-artifacts-key: ${{ needs.tf-plan.outputs.artifacts-key }} + aws-region: us-west-2 + concurrency-group: run_terraform-production + tf-backend-config-file: prod.s3.tfbackend + environment-name: production + secrets: + aws-access-key-id: ${{ needs.aws-auth.outputs.aws-access-key-id }} + aws-secret-access-key: ${{ needs.aws-auth.outputs.aws-secret-access-key }} + aws-session-token: ${{ needs.aws-auth.outputs.aws-session-token }} + datadog-api-key: ${{ secrets.DATADOG_API_KEY }} + datadog-app-key: ${{ secrets.DATADOG_APP_KEY }} + gpg-passphrase: ${{ secrets.PRODUCTION_GPG_PASSPHRASE }} + + update-release: + name: Update release + runs-on: ubuntu-latest + if: startsWith('refs/tags/release/', github.ref) + permissions: + contents: write + needs: + - build + - tf-apply + env: + GH_TOKEN: ${{ github.token }} + RELEASE_TAG: ${{ github.ref_name }} + steps: + - name: Harden Runner + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 + github.com:443 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Download website build artifacts + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: ${{ needs.build.outputs.website-artifacts-key }} + path: ${{ needs.build.outputs.website-artifacts-path }} + - name: Download docker build attestation artifacts + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: ${{ needs.build.outputs.server-attestation-artifacts-key }} + path: ${{ needs.build.outputs.server-attestation-artifacts-path }} + - name: Upload release assets + run: | + WEBSITE_TAR_FILE="client-dist.tar.gz" + tar -czf "$WEBSITE_TAR_FILE" -C $(dirname "$WEBSITE_DIST_PATH") . + gh release upload --clobber "$RELEASE_TAG" \ + "$WEBSITE_TAR_FILE#Client website bundle" \ + "$PROVENANCE_FILE#Server Docker image provenance attestations" \ + "$SBOM_FILE#Server Docker image SBOM attestations" + env: + WEBSITE_DIST_PATH: ${{ needs.build.outputs.website-artifacts-path }} + PROVENANCE_FILE: ${{ needs.build.outputs.server-attestation-artifacts-path }}/provenance.json + SBOM_FILE: ${{ needs.build.outputs.server-attestation-artifacts-path }}/sbom.sdpx.json + - name: Get release notes + id: get + continue-on-error: true + run: gh release view "$RELEASE_TAG" --json body --jq .body > release_notes.md + - name: Add deployment history to release notes + if: always() && steps.get.outcome == 'success' + run: printf "\n- Deployed at $(date --iso-8601=seconds)\n" >> release_notes.md + - name: Update release notes and status + if: always() && steps.get.outcome == 'success' + run: gh release edit "$RELEASE_TAG" --draft=false --prerelease=false --latest --verify-tag -F release_notes.md diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml new file mode 100644 index 000000000..101148b0b --- /dev/null +++ b/.github/workflows/deploy-staging.yml @@ -0,0 +1,129 @@ +name: Deploy to Staging + +on: + push: + branches: + - main + +concurrency: + group: deploy-staging + cancel-in-progress: false + +permissions: + contents: read + id-token: write + +jobs: + validate: + name: Validate commits for deployment + permissions: + contents: read + uses: ./.github/workflows/validate-deployment.yml + with: + protected-ref: ${{ github.event.repository.default_branch }} + deployment-ref: ${{ github.ref }} + + build: + name: Build deployment artifacts + permissions: + contents: read + packages: write + needs: + - validate + uses: ./.github/workflows/build.yml + with: + ref: ${{ github.sha }} + build-server-image: true + server-image-push: true + server-image-args-ref: ${{ github.ref }} + server-image-version: "rc-${{ github.sha }}" + server-image-tag-latest: true + build-website: true + website-artifact-retention-days: 14 + + aws-auth: + name: Configure AWS Credentials + permissions: + contents: read + id-token: write + needs: + - validate + uses: ./.github/workflows/aws-auth.yml + with: + aws-region: us-west-2 + secrets: + gpg-passphrase: ${{ secrets.STAGING_GPG_PASSPHRASE }} + role-to-assume: ${{ secrets.STAGING_ROLE_ARN }} + + tf-plan: + name: Plan Terraform + permissions: + contents: read + needs: + - validate + - aws-auth + - build + uses: ./.github/workflows/terraform-plan.yml + with: + ref: ${{ github.sha }} + concurrency-group: run_terraform-staging + server-image-tag: ${{ github.sha }} + server-image-digest: ${{ needs.build.outputs.server-image-digest }} + website-artifacts-key: ${{ needs.build.outputs.website-artifacts-key }} + website-artifacts-path: ${{ needs.build.outputs.website-artifacts-path }} + aws-region: us-west-2 + environment-key: staging + tf-backend-config-file: staging.s3.tfbackend + tf-var-file: staging.tfvars + upload-artifacts: true + artifacts-retention-days: 30 + secrets: + aws-access-key-id: ${{ needs.aws-auth.outputs.aws-access-key-id }} + aws-secret-access-key: ${{ needs.aws-auth.outputs.aws-secret-access-key }} + aws-session-token: ${{ needs.aws-auth.outputs.aws-session-token }} + datadog-api-key: ${{ secrets.DATADOG_API_KEY }} + datadog-app-key: ${{ secrets.DATADOG_APP_KEY }} + gpg-passphrase: ${{ secrets.STAGING_GPG_PASSPHRASE }} + + publish-tf-plan: + name: Publish Terraform Plan + permissions: + contents: read + pull-requests: write + if: needs.tf-plan.result != 'skipped' || needs.tf-plan.result != 'cancelled' + needs: + - tf-plan + uses: ./.github/workflows/publish-terraform-plan.yml + with: + write-summary: true + write-comment: false + tf-fmt-outcome: ${{ needs.tf-plan.outputs.fmt-outcome }} + tf-init-outcome: ${{ needs.tf-plan.outputs.init-outcome }} + tf-plan-outcome: ${{ needs.tf-plan.outputs.plan-outcome }} + tf-plan-output: ${{ needs.tf-plan.outputs.plan-output }} + tf-validate-outcome: ${{ needs.tf-plan.outputs.validate-outcome }} + tf-validate-output: ${{ needs.tf-plan.outputs.validate-output }} + + tf-apply: + name: Deploy to Staging + needs: + - build + - aws-auth + - tf-plan + if: needs.tf-plan.outputs.plan-exitcode == 2 + uses: ./.github/workflows/terraform-apply.yml + with: + website-artifacts-key: ${{ needs.build.outputs.website-artifacts-key }} + website-artifacts-path: ${{ needs.build.outputs.website-artifacts-path }} + tf-plan-artifacts-key: ${{ needs.tf-plan.outputs.artifacts-key }} + aws-region: us-west-2 + concurrency-group: run_terraform-staging + tf-backend-config-file: staging.s3.tfbackend + environment-name: staging + secrets: + aws-access-key-id: ${{ needs.aws-auth.outputs.aws-access-key-id }} + aws-secret-access-key: ${{ needs.aws-auth.outputs.aws-secret-access-key }} + aws-session-token: ${{ needs.aws-auth.outputs.aws-session-token }} + datadog-api-key: ${{ secrets.DATADOG_API_KEY }} + datadog-app-key: ${{ secrets.DATADOG_APP_KEY }} + gpg-passphrase: ${{ secrets.STAGING_GPG_PASSPHRASE }} diff --git a/.github/workflows/pr-tidying.yml b/.github/workflows/pr-tidying.yml new file mode 100644 index 000000000..5516923bc --- /dev/null +++ b/.github/workflows/pr-tidying.yml @@ -0,0 +1,211 @@ +name: Pull Request Tidying + +on: + pull_request_target: + types: + - opened + - reopened + - ready_for_review + - unassigned + - edited + - unlocked + +permissions: + contents: read + pull-requests: write + +jobs: + default-assignee: + # Disabled for now + if: false + name: Assign contributor + continue-on-error: true + permissions: + pull-requests: write + runs-on: ubuntu-latest + outputs: + check-passed: ${{ steps.check.outputs.result == 'passed' }} + fixed: ${{ steps.fix.outputs.result == 'fixed' }} + env: + DEFAULT_ASSIGNEE: ${{ github.actor }} + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: audit + - name: Check if PR already has assignee + id: check + run: | + if [[ -n $CURRENT_ASSIGNEE ]]; then + echo "result=passed" >> $GITHUB_OUTPUT + fi + env: + CURRENT_ASSIGNEE: ${{ github.event.pull_request.assignee.login || '' }} + - id: skip-edited-event + if: github.event.action == 'edited' + run: | + echo "Fix will be skipped because the triggering action is an edit event" + exit 1 + - id: prevent-reassignment + if: github.event.action == 'unassigned' && env.DEFAULT_ASSIGNEE == github.event.assignee.login + run: | + echo "Fix will be skipped to avoid reassigning the unassigned user" + exit 1 + - name: Add assignee + id: fix + if: steps.check.outputs.result != 'passed' + run: | + level=$(gh api /repos/$REPO/collaborators/$AUTHOR/permission --jq .permission) + if [[ $level = "write" || $level = "admin" ]]; then + gh pr edit "$PR_NUMBER" --repo "$REPO" --add-assignee "$AUTHOR" + echo "result=fixed" >> $GITHUB_OUTPUT + fi + env: + REPO: ${{ github.repository }} + AUTHOR: ${{ env.DEFAULT_ASSIGNEE }} + PR_NUMBER: ${{ github.event.pull_request.number }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + issue-in-title: + # Disabled for now + if: false + name: Add issue references to title + continue-on-error: true + runs-on: ubuntu-latest + outputs: + check-passed: ${{ steps.check.outputs.result == 'passed' }} + fixed: ${{ steps.fix.outputs.result == 'fixed' }} + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: audit + - name: Check the current PR title + id: check + run: | + regex='\s\([#][0-9]+\s?\)$' + if [[ $PR_TITLE =~ $regex ]]; then + echo "result=passed" >> $GITHUB_OUTPUT + fi + - id: skip-unassigned-event + if: github.event.action == 'unassigned' + run: | + echo "Fix will be skipped because the triggering action is an unassignment event" + exit 1 + - id: skip-non-title-edits + if: github.event.action == 'edited' && github.event.changes.title.from == github.event.pull_request.title + run: | + echo "Fix will be skipped because the triggering edit action did not modify the PR title" + exit 1 + - name: Parse issue(s) from Ticket heading + id: parse + if: steps.check.outputs.result != 'passed' + run: | + regex='^[#][#][#] Ticket (([#][0-9]+\s?)+)' + line=$(gh pr view "$PR_NUMBER" --json body --jq .body | head -n 1) + issues='' + if [[ $line =~ $regex ]]; then + issues="${BASH_REMATCH[1]}" + fi + echo "issue-numbers=$(tr -s '[:blank:]' <<< $issues)" >> $GITHUB_OUTPUT + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - id: skip-empty-issues + if: steps.parse.outputs.issue-numbers == '' + run: | + echo "Fix will be skipped because no issue numbers were parsed" + exit 1 + - name: Format the new title + id: new-title + run: echo result="$ORIGINAL_TITLE (issue $ISSUE_NUMBERS)" >> $GITHUB_OUTPUT + env: + ORIGINAL_TITLE: ${{ github.event.pull_request.title }} + ISSUE_NUMBERS: ${{ steps.parse.outputs.issue-numbers }} + - id: skip-prevent-revert + if: github.event.action == 'edited' && github.event.changes.title.from == steps.new-title.outputs.result + run: | + echo "Fix will be skipped to avoid setting the title back to its previous value" + exit 1 + - name: Update PR title + id: fix + if: steps.check.outputs.result != 'passed' && steps.parse.outputs.issue-numbers != '' + run: | + gh pr edit "$PR_NUMBER" --title "$ORIGINAL_TITLE (issue $ISSUE_NUMBERS)" + echo "result=fixed" >> $GITHUB_OUTPUT + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + ORIGINAL_TITLE: ${{ github.event.pull_request.title }} + ISSUE_NUMBERS: ${{ steps.parse.outputs.issue-numbers }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + comment: + name: Create/update PR comment + # Disabled for now + if: always() && github.actor != 'dependabot[bot]' && false + needs: + - default-assignee + - issue-in-title + runs-on: ubuntu-latest + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: audit + - name: Create comment file + run: | + COMMENT_FILE=$(mktemp -t comment.md.XXXXX) + echo "COMMENT_FILE=$COMMENT_FILE" >> $GITHUB_ENV + cat >> $COMMENT_FILE << 'ENDOFCOMMENT' + ## PR Helper Bot 🤖 + + **Thanks for your pull request!** + My job is to check for any missing conventions and automatically tidy things up (if I can). + You'll find the results below, along with any suggested actions for you to take. + +
+ Result key + ✅ = Already passing + 🛠️ = Fixed (now passing) + ⚠️ = Consider fixing +
+ + | Convention | Result | + |:-------------------------------------|:------:| + | PR has assignee (defaults to author) | ${{ env.DEFAULT_ASSIGNEE }} | + | PR title ends with `(#issue)` | ${{ env.ISSUE_IN_TITLE }} | + + *Pusher: @${{ env.GH_ACTOR }}, Action: `${{ env.GH_ACTION }}`, Workflow: [`${{ env.GH_WORKFLOW }}`](${{ env.GH_SERVER}}/${{ env.GH_REPO }}/actions/runs/${{ env.GH_RUN_ID }})* + ENDOFCOMMENT + env: + DEFAULT_ASSIGNEE: ${{ (needs.default-assignee.outputs.check-passed && '✅' ) || (needs.default-assignee.outputs.fixed && '🛠️') || '⚠️' }} + ISSUE_IN_TITLE: ${{ (needs.issue-in-title.outputs.check-passed && '✅' ) || (needs.issue-in-title.outputs.fixed && '🛠️') || '⚠️' }} + GH_ACTOR: ${{ github.actor }} + GH_ACTION: ${{ github.event_name }} + GH_WORKFLOW: ${{ github.workflow }} + GH_SERVER: ${{ github.server_url }} + GH_REPO: ${{ github.repository }} + GH_RUN_ID: ${{ github.run_id }} + - name: Output comment body to step summary + run: cat $COMMENT_FILE >> $GITHUB_STEP_SUMMARY + - name: Write the comment body + id: comment-body + run: | + CONTENT=$(cat $COMMENT_FILE) + echo "COMMENT_CONTENT<> $GITHUB_OUTPUT + echo "$CONTENT" >> $GITHUB_OUTPUT + echo "ENDOFREPORT" >> $GITHUB_OUTPUT + - name: Find previous report comment + id: find-comment + uses: peter-evans/find-comment@a54c31d7fa095754bfef525c0c8e5e5674c4b4b1 # v2.4.0 + with: + issue-number: ${{ github.event.pull_request.number }} + comment-author: 'github-actions[bot]' + body-includes: 'PR Helper Bot 🤖' + - name: Create or update comment + uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0 + with: + comment-id: ${{ steps.find-comment.outputs.comment-id }} + issue-number: ${{ github.event.pull_request.number }} + body: ${{ steps.comment-body.outputs.COMMENT_CONTENT }} + edit-mode: replace diff --git a/.github/workflows/publish-qa-results.yml b/.github/workflows/publish-qa-results.yml new file mode 100644 index 000000000..8b4a3e48b --- /dev/null +++ b/.github/workflows/publish-qa-results.yml @@ -0,0 +1,128 @@ +name: Publish QA Results + +on: + workflow_call: + inputs: + client-test-outcome: + type: string + required: true + client-test-coverage-markdown-report: + type: string + required: true + server-test-outcome: + type: string + required: true + server-test-coverage-markdown-report: + type: string + required: true + e2e-test-outcome: + type: string + required: true + eslint-outcome: + type: string + required: true + tflint-outcome: + type: string + required: true + pr-number: + type: string + required: false + write-summary: + type: boolean + default: true + write-comment: + type: boolean + default: false + +permissions: + contents: read + pull-requests: write + +jobs: + publish: + name: Publish QA Results + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: audit + - name: Write the report markdown file + run: | + REPORT_FILE=$(mktemp -t summary.md.XXXXX) + echo "REPORT_FILE=$REPORT_FILE" >> $GITHUB_ENV + cat >> $REPORT_FILE << 'ENDOFREPORT' + ## QA Summary + + | QA Check | Result | + |:----------------|:-------:| + | 🌐 Client Tests | ${{ (env.CLIENT_TEST_OUTCOME == 'success' && '✅') || (env.CLIENT_TEST_OUTCOME == 'skipped' && '➖') || '❌' }} | + | 🔗 Server Tests | ${{ (env.SERVER_TEST_OUTCOME == 'success' && '✅') || (env.SERVER_TEST_OUTCOME == 'skipped' && '➖') || '❌' }} | + | 🤝 E2E Tests | ${{ (env.E2E_TEST_OUTCOME == 'success' && '✅') || (env.E2E_TEST_OUTCOME == 'skipped' && '➖') || '❌' }} | + | 📏 ESLint | ${{ (env.ESLINT_OUTCOME == 'success' && '✅') || (env.ESLINT_OUTCOME == 'skipped' && '➖') || '❌' }} | + | 🧹 TFLint | ${{ (env.TFLINT_OUTCOME == 'success' && '✅') || (env.TFLINT_OUTCOME == 'skipped' && '➖') || '❌' }} | + + ### Test Coverage + +
+ Coverage report for `packages/client` + + ${{ env.CLIENT_COVERAGE_REPORT }} + +
+ +
+ Coverage report for `packages/server` + + ${{ env.SERVER_COVERAGE_REPORT }} + +
+ + *Pusher: @${{ env.GH_ACTOR }}, Action: `${{ env.GH_ACTION }}`, Workflow: [`${{ env.GH_WORKFLOW }}`](${{ env.GH_SERVER}}/${{ env.GH_REPO }}/actions/runs/${{ env.GH_RUN_ID }})* + ENDOFREPORT + env: + CLIENT_TEST_OUTCOME: ${{ inputs.client-test-outcome }} + CLIENT_COVERAGE_REPORT: ${{ inputs.client-test-coverage-markdown-report }} + SERVER_TEST_OUTCOME: ${{ inputs.server-test-outcome }} + SERVER_COVERAGE_REPORT: ${{ inputs.server-test-coverage-markdown-report }} + E2E_TEST_OUTCOME: ${{ inputs.e2e-test-outcome }} + ESLINT_OUTCOME: ${{ inputs.eslint-outcome }} + TFLINT_OUTCOME: ${{ inputs.tflint-outcome }} + GH_ACTOR: ${{ github.actor }} + GH_ACTION: ${{ github.event_name }} + GH_WORKFLOW: ${{ github.workflow }} + GH_SERVER: ${{ github.server_url }} + GH_REPO: ${{ github.repository }} + GH_RUN_ID: ${{ github.run_id }} + - name: Write the step summary + if: inputs.write-summary + run: cat $REPORT_FILE | head -c 65500 >> $GITHUB_STEP_SUMMARY # Observe GitHub's 65535 character limit + - name: Write the comment body + id: comment-body + run: | + CONTENT=$(cat $REPORT_FILE) + echo "REPORT_CONTENT<> $GITHUB_OUTPUT + echo "$CONTENT" >> $GITHUB_OUTPUT + echo "ENDOFREPORT" >> $GITHUB_OUTPUT + - name: Warn on missing comment requirements + if: inputs.write-comment && inputs.pr-number == '' + run: "echo 'WARNING: Cannot write a comment because pr-number is not set'" + - name: Find previous report comment + id: find-comment + if: inputs.write-comment && inputs.pr-number != '' + uses: peter-evans/find-comment@a54c31d7fa095754bfef525c0c8e5e5674c4b4b1 # v2.4.0 + with: + issue-number: ${{ inputs.pr-number }} + comment-author: 'github-actions[bot]' + body-includes: QA Summary + - name: Create or update comment + if: inputs.write-comment && inputs.pr-number != '' + uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0 + with: + comment-id: ${{ steps.find-comment.outputs.comment-id }} + issue-number: ${{ github.event.pull_request.number }} + body: ${{ steps.comment-body.outputs.REPORT_CONTENT }} + edit-mode: replace diff --git a/.github/workflows/publish-terraform-plan.yml b/.github/workflows/publish-terraform-plan.yml new file mode 100644 index 000000000..9bb93a39a --- /dev/null +++ b/.github/workflows/publish-terraform-plan.yml @@ -0,0 +1,139 @@ +name: Publish Terraform Plan + +on: + workflow_call: + inputs: + tf-fmt-outcome: + type: string + required: true + tf-init-outcome: + type: string + required: true + tf-plan-outcome: + type: string + required: true + tf-plan-output: + type: string + required: true + tf-validate-outcome: + type: string + required: true + tf-validate-output: + type: string + required: true + pr-number: + type: string + required: false + write-summary: + type: boolean + default: true + write-comment: + type: boolean + default: false + +permissions: + contents: read + pull-requests: write + +jobs: + publish: + name: Publish Terraform Plan + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 + - name: Reformat Plan + run: | + PLAN=$(echo "$PLAN_RAW_OUTPUT" | sed -E 's/^([[:space:]]+)([-+])/\2\1/g') + echo "PLAN_REFORMATTED<> $GITHUB_ENV + echo "$PLAN" >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + env: + PLAN_RAW_OUTPUT: ${{ inputs.tf-plan-output }} + - name: Write the report markdown file + run: | + REPORT_FILE=$(mktemp -t summary.md.XXXXX) + echo "REPORT_FILE=$REPORT_FILE" >> $GITHUB_ENV + cat >> $REPORT_FILE << 'ENDOFREPORT' + ## Terraform Summary + + | Step | Result | + |:-----------------------------|:-------:| + | 🖌 Terraform Format & Style | ${{ (env.TF_FMT_OUTCOME == 'success' && '✅') || (env.TF_FMT_OUTCOME == 'skipped' && '➖') || '❌' }} | + | ⚙️ Terraform Initialization | ${{ (env.TF_INIT_OUTCOME == 'success' && '✅') || (env.TF_INIT_OUTCOME == 'skipped' && '➖') || '❌' }} | + | 🤖 Terraform Validation | ${{ (env.TF_VALIDATE_OUTCOME == 'success' && '✅') || (env.TF_VALIDATE_OUTCOME == 'skipped' && '➖') || '❌' }} | + | 📖 Terraform Plan | ${{ (env.TF_PLAN_OUTCOME == 'success' && '✅') || (env.TF_PLAN_OUTCOME == 'skipped' && '➖') || '❌' }} | + + _**Hint:** If "Terraform Format & Style" failed, run `terraform fmt -recursive` from the `terraform/` directory and commit the results._ + + ### Output + +
+ Validation Output + + ``` + ${{ env.TF_VALIDATE_OUTPUT }} + ``` + +
+ +
+ Plan Output + + ```diff + ${{ env.TF_PLAN_OUTPUT }} + ``` + +
+ + *Pusher: @${{ env.GH_ACTOR }}, Action: `${{ env.GH_ACTION }}`, Workflow: [`${{ env.GH_WORKFLOW }}`](${{ env.GH_SERVER}}/${{ env.GH_REPO }}/actions/runs/${{ env.GH_RUN_ID }})* + ENDOFREPORT + env: + TF_FMT_OUTCOME: ${{ inputs.tf-fmt-outcome }} + TF_INIT_OUTCOME: ${{ inputs.tf-init-outcome }} + TF_VALIDATE_OUTCOME: ${{ inputs.tf-validate-outcome }} + TF_VALIDATE_OUTPUT: ${{ inputs.tf-validate-output }} + TF_PLAN_OUTCOME: ${{ inputs.tf-plan-outcome }} + TF_PLAN_OUTPUT: ${{ env.PLAN_REFORMATTED }} + GH_ACTOR: ${{ github.actor }} + GH_ACTION: ${{ github.event_name }} + GH_WORKFLOW: ${{ github.workflow }} + GH_SERVER: ${{ github.server_url }} + GH_REPO: ${{ github.repository }} + GH_RUN_ID: ${{ github.run_id }} + - name: Write the step summary + if: inputs.write-summary + run: cat $REPORT_FILE | head -c 65500 >> $GITHUB_STEP_SUMMARY # Observe GitHub's 65535 character limit + - name: Write the comment body + id: comment-body + run: | + CONTENT=$(cat $REPORT_FILE) + echo "REPORT_CONTENT<> $GITHUB_OUTPUT + echo "$CONTENT" >> $GITHUB_OUTPUT + echo "ENDOFREPORT" >> $GITHUB_OUTPUT + - name: Warn on missing comment requirements + if: inputs.write-comment && inputs.pr-number == '' + run: "echo 'WARNING: Cannot write a comment because pr-number is not set'" + - name: Find previous report comment + id: find-comment + if: inputs.write-comment && inputs.pr-number != '' + uses: peter-evans/find-comment@a54c31d7fa095754bfef525c0c8e5e5674c4b4b1 # v2.4.0 + with: + issue-number: ${{ inputs.pr-number }} + comment-author: 'github-actions[bot]' + body-includes: Terraform Summary + - name: Create or update comment + if: inputs.write-comment && inputs.pr-number != '' + uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0 + with: + comment-id: ${{ steps.find-comment.outputs.comment-id }} + issue-number: ${{ github.event.pull_request.number }} + body: ${{ steps.comment-body.outputs.REPORT_CONTENT }} + edit-mode: replace diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml new file mode 100644 index 000000000..5701c769d --- /dev/null +++ b/.github/workflows/qa.yml @@ -0,0 +1,282 @@ +name: QA Checks + +on: + workflow_call: + inputs: + ref: + type: string + required: true + outputs: + server-test-outcome: + value: ${{ jobs.test-server.result }} + server-test-coverage-markdown-report: + value: ${{ jobs.test-server.outputs.coverage-markdown-report }} + client-test-outcome: + value: ${{ jobs.test-client.result }} + client-test-coverage-markdown-report: + value: ${{ jobs.test-client.outputs.coverage-markdown-report }} + e2e-test-outcome: + value: ${{ jobs.test-e2e.result }} + eslint-outcome: + value: ${{ jobs.eslint.result }} + tflint-outcome: + value: ${{ jobs.tflint.result }} + +permissions: + contents: read + +jobs: + prepare-qa: + name: Prepare for QA + runs-on: ubuntu-latest + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: audit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ inputs.ref }} + show-progress: 'false' + persist-credentials: 'false' + - name: Setup Node + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + with: + node-version-file: .nvmrc + cache: yarn + cache-dependency-path: yarn.lock + - name: Install dependencies + run: yarn install --frozen-lockfile + env: + CI: "true" + + test-server: + name: Test server-side code + runs-on: ubuntu-latest + needs: + - prepare-qa + outputs: + coverage-markdown-report: ${{ steps.coverage-markdown.outputs.markdownReport }} + services: + postgres: + image: "postgres:13" + env: + POSTGRES_DB: usdr_grants_test + POSTGRES_USER: postgres + POSTGRES_PASSWORD: password + ports: + - 5432:5432 + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: audit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ inputs.ref }} + show-progress: 'false' + persist-credentials: 'false' + - name: Setup Node + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + with: + node-version-file: .nvmrc + cache: yarn + cache-dependency-path: yarn.lock + - name: Install dependencies + run: yarn workspace server install -D --frozen-lockfile + env: + CI: "true" + - name: Prepare test execution environment + run: cp packages/server/.env.example packages/server/.env + - name: Run unit tests with coverage + run: yarn workspace server coverage + env: + AWS_ACCESS_KEY_ID: test + AWS_SECRET_ACCESS_KEY: test + CI: "true" + POSTGRES_TEST_URL: "postgresql://postgres:password@localhost:${{ job.services.postgres.ports[5432] }}/usdr_grants_test" + POSTGRES_URL: "postgresql://postgres:password@localhost:${{ job.services.postgres.ports[5432] }}/usdr_grants_test" + NOTIFICATIONS_EMAIL: grants-identification@usdigitalresponse.org + - name: Generate coverage text report + run: npx nyc report --reporter text --cwd packages/server > packages/server/coverage.txt + - name: Generate coverage markdown report + id: coverage-markdown + uses: fingerprintjs/action-coverage-report-md@b7fcda0d2891d215c6808d32ca249e43f55abe3f # v1.0.6 + with: + textReportPath: 'packages/server/coverage.txt' + srcBasePath: 'packages/server/' + + test-client: + name: Test client-side code + runs-on: ubuntu-latest + needs: + - prepare-qa + outputs: + coverage-markdown-report: ${{ steps.coverage-markdown.outputs.markdownReport }} + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: audit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ inputs.ref }} + show-progress: 'false' + persist-credentials: 'false' + - name: Setup Node + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + with: + node-version-file: .nvmrc + cache: yarn + cache-dependency-path: yarn.lock + - name: Install dependencies + run: yarn workspace client install -D --frozen-lockfile + env: + CI: "true" + - name: Prepare test execution environment + run: cp packages/client/.env.example packages/client/.env + - name: Run unit tests with coverage + run: yarn workspace client coverage + env: + CI: "true" + - name: Generate coverage text report + run: npx nyc report --reporter text --cwd packages/client > packages/client/coverage.txt + - name: Generate coverage markdown report + id: coverage-markdown + uses: fingerprintjs/action-coverage-report-md@b7fcda0d2891d215c6808d32ca249e43f55abe3f # v1.0.6 + with: + textReportPath: 'packages/client/coverage.txt' + srcBasePath: 'packages/client/' + + test-e2e: + name: Test end-to-end integration + runs-on: ubuntu-latest + needs: + - prepare-qa + services: + postgres: + image: "postgres:13" + env: + POSTGRES_DB: usdr_grants_test + POSTGRES_USER: postgres + POSTGRES_PASSWORD: password + ports: + - 5432:5432 + # Set health checks to wait until postgres has started + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: audit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ inputs.ref }} + show-progress: 'false' + persist-credentials: 'false' + - name: Install Node.js + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + with: + node-version-file: .nvmrc + cache: yarn + cache-dependency-path: yarn.lock + - name: Install dependencies + run: yarn install --frozen-lockfile + env: + CI: "1" + - name: Run migrations + env: + POSTGRES_TEST_URL: "postgresql://postgres:password@localhost:${{ job.services.postgres.ports[5432] }}/usdr_grants_test" + # This is intentional to set POSTGRES_URL=POSTGRES_TEST_URL; ARPA Reporter test runner gates + # dev vs. CI differences based on whether these are the same. + POSTGRES_URL: "postgresql://postgres:password@localhost:${{ job.services.postgres.ports[5432] }}/usdr_grants_test" + run: yarn db:migrate + - name: Start Applications + env: + POSTGRES_TEST_URL: "postgresql://postgres:password@localhost:${{ job.services.postgres.ports[5432] }}/usdr_grants_test" + # This is intentional to set POSTGRES_URL=POSTGRES_TEST_URL; ARPA Reporter test runner gates + # dev vs. CI differences based on whether these are the same. + POSTGRES_URL: "postgresql://postgres:password@localhost:${{ job.services.postgres.ports[5432] }}/usdr_grants_test" + AWS_ACCESS_KEY_ID: "Fake AWS Key" + AWS_SECRET_ACCESS_KEY: "Fake AWS Secret" + NOTIFICATIONS_EMAIL: grants-identification@usdigitalresponse.org + DATA_DIR: './data' + run: yarn serve & + - name: Run e2e tests + uses: cypress-io/github-action@ebe8b24c4428922d0f793a5c4c96853a633180e3 # v6.6.0 + env: + CYPRESS_BASE_URL: 'http://localhost:8080' + with: + publish-summary: true + working-directory: packages/e2e + wait-on: ${{ env.CYPRESS_BASE_URL }} + + eslint: + name: Lint JavaScript + runs-on: ubuntu-latest + needs: + - prepare-qa + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: audit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ inputs.ref }} + show-progress: 'false' + persist-credentials: 'false' + - name: Setup Node + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + with: + node-version-file: .nvmrc + cache: yarn + cache-dependency-path: yarn.lock + - name: Install dependencies + run: yarn install -D --frozen-lockfile + env: + CI: "true" + - name: Run linter + run: yarn lint + + tflint: + name: Lint terraform + runs-on: ubuntu-latest + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: audit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ inputs.ref }} + show-progress: 'false' + persist-credentials: 'false' + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + name: Cache plugin dir + with: + path: .tflint.d/plugins + key: ${{ runner.os }}-tflint-${{ hashFiles('terraform/.tflint.hcl') }} + - uses: terraform-linters/setup-tflint@19a52fbac37dacb22a09518e4ef6ee234f2d4987 # v4.0.0 + name: Setup TFLint + with: + tflint_version: latest + tflint_wrapper: true + - name: Show TFLint version + run: tflint --version + - name: Init TFLint + run: tflint --init + working-directory: terraform + env: + GITHUB_TOKEN: ${{ github.token }} + - name: Run TFLint + run: tflint --format compact --recursive --minimum-failure-severity=error diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml new file mode 100644 index 000000000..cfbf08fd6 --- /dev/null +++ b/.github/workflows/release-drafter.yml @@ -0,0 +1,82 @@ +name: Release Drafter + +on: + push: + branches: + - main + pull_request_target: + types: + - opened + - synchronize + - reopened + workflow_dispatch: + +permissions: + contents: read + +jobs: + label_pull_requests: + name: "Label pull requests" + if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' + permissions: + contents: read + pull-requests: write + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 + github.com:443 + - name: "Run auto-labeler" + uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5.25.0 + with: + disable-releaser: true + disable-autolabeler: false + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + draft_release: + name: Create or update next release draft + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + permissions: + contents: write + pull-requests: write + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 + github.com:443 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + show-progress: false + persist-credentials: 'false' + - name: Get tag of "latest" release + id: latest_release + run: echo "tag=$(gh release view --json tagName --jq .tagName)" >> $GITHUB_OUTPUT + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: "Determine next release version" + id: next_release + run: | + chmod +x .github/next_release_version.bash + echo "version=$(bash .github/next_release_version.bash $LATEST_TAG)" >> $GITHUB_OUTPUT + env: + LATEST_TAG: ${{ steps.latest_release.outputs.tag || '' }} + - name: "Generate release notes and label pull requests" + uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5.25.0 + with: + version: ${{ steps.next_release.outputs.version }} + publish: false + disable-releaser: false + disable-autolabeler: false + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/select-target-environment.yml b/.github/workflows/select-target-environment.yml deleted file mode 100644 index c98531a0b..000000000 --- a/.github/workflows/select-target-environment.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: Select target environment - -on: - workflow_call: - inputs: - ref_name: - type: string - required: true - outputs: - selected: - description: Name of the environment to target - value: ${{ jobs.select.outputs.selected }} - -jobs: - select: - runs-on: ubuntu-latest - steps: - - uses: kanga333/variable-mapper@master - with: - key: "${{ inputs.ref_name }}" - map: | - { - "_staging": { - "selected": "staging" - }, - "main": { - "selected": "prod" - }, - ".*": { - "selected": "sandbox" - } - } - export_to: log,env - mode: first_match - outputs: - selected: ${{ env.selected }} diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml new file mode 100644 index 000000000..0692f788b --- /dev/null +++ b/.github/workflows/terraform-apply.yml @@ -0,0 +1,140 @@ +name: Terraform Apply + +permissions: + contents: read + +on: + workflow_call: + inputs: + website-artifacts-key: + type: string + required: true + website-artifacts-path: + type: string + required: true + tf-plan-artifacts-key: + type: string + required: true + tf-backend-config-file: + type: string + required: true + aws-region: + type: string + required: true + environment-name: + type: string + required: true + concurrency-group: + description: Name of the concurrency group (avoids simultaneous Terraform execution against the same environment) + type: string + default: run_terraform + secrets: + aws-access-key-id: + required: true + aws-secret-access-key: + required: true + aws-session-token: + required: true + datadog-api-key: + required: true + datadog-app-key: + required: true + gpg-passphrase: + required: true + +jobs: + do: + name: Apply Terraform from Plan + runs-on: ubuntu-latest + permissions: + contents: read + defaults: + run: + working-directory: terraform + env: + AWS_DEFAULT_REGION: ${{ inputs.aws-region }} + AWS_REGION: ${{ inputs.aws-region }} + TF_CLI_ARGS: "-no-color" + TF_IN_AUTOMATION: "true" + TF_INPUT: 0 + TF_PLUGIN_CACHE_DIR: ~/.terraform.d/plugin-cache + environment: ${{ inputs.environment-name }} + concurrency: + group: ${{ inputs.concurrency-group }} + cancel-in-progress: false + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + *.amazonaws.com:443 + actions-results-receiver-production.githubapp.com:443 + api.datadoghq.com:443 + checkpoint-api.hashicorp.com:443 + github.com:443 + objects.githubusercontent.com:443 + registry.terraform.io:443 + releases.hashicorp.com:443 + - name: Download Terraform artifacts + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: ${{ inputs.tf-plan-artifacts-key }} + path: ${{ github.workspace }}/terraform + - name: Clear any cached provider plugins in artifact + run: rm -rf "$TF_PLUGIN_CACHE_DIR" + - name: Get project TF version + id: get_tf_version + run: echo "TF_VERSION=$(cat .terraform-version | tr -d '[:space:]')" | tee -a $GITHUB_OUTPUT + - uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0 + with: + terraform_version: ${{ steps.get_tf_version.outputs.TF_VERSION }} + - name: Download website artifacts + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: ${{ inputs.website-artifacts-key }} + path: ${{ inputs.website-artifacts-path }} + - name: Decrypt plan file + run: gpg -qd --batch --yes --passphrase "$GPG_PASSPHRASE" -o tfplan tfplan.gpg + env: + GPG_PASSPHRASE: ${{ secrets.gpg-passphrase }} + - name: Get AWS access key ID + id: decrypt-aws-access-key-id + run: | + decrypted=$(gpg -qd --batch --yes --passphrase "$GPG_PASSPHRASE" -o - <(echo "$VALUE" | base64 -d)) + echo "::add-mask::${decrypted}" + echo "out=${decrypted}" >> $GITHUB_OUTPUT + env: + GPG_PASSPHRASE: ${{ secrets.gpg-passphrase }} + VALUE: ${{ secrets.aws-access-key-id }} + - name: Get AWS secret access key + id: decrypt-aws-secret-access-key + run: | + decrypted=$(gpg -qd --batch --yes --passphrase "$GPG_PASSPHRASE" -o - <(echo "$VALUE" | base64 -d)) + echo "::add-mask::${decrypted}" + echo "out=${decrypted}" >> $GITHUB_OUTPUT + env: + GPG_PASSPHRASE: ${{ secrets.gpg-passphrase }} + VALUE: ${{ secrets.aws-secret-access-key }} + - name: Get AWS session token + id: decrypt-aws-session-token + run: | + decrypted=$(gpg -qd --batch --yes --passphrase "$GPG_PASSPHRASE" -o - <(echo "$VALUE" | base64 -d)) + echo "::add-mask::${decrypted}" + echo "out=${decrypted}" >> $GITHUB_OUTPUT + env: + GPG_PASSPHRASE: ${{ secrets.gpg-passphrase }} + VALUE: ${{ secrets.aws-session-token }} + - name: Terraform Init + run: terraform init + env: + AWS_ACCESS_KEY_ID: "${{ steps.decrypt-aws-access-key-id.outputs.out }}" + AWS_SECRET_ACCESS_KEY: "${{ steps.decrypt-aws-secret-access-key.outputs.out }}" + AWS_SESSION_TOKEN: "${{ steps.decrypt-aws-session-token.outputs.out }}" + TF_CLI_ARGS_init: "-backend-config=${{ inputs.tf-backend-config-file }}" + - name: Terraform Apply + run: terraform apply tfplan + env: + AWS_ACCESS_KEY_ID: "${{ steps.decrypt-aws-access-key-id.outputs.out }}" + AWS_SECRET_ACCESS_KEY: "${{ steps.decrypt-aws-secret-access-key.outputs.out }}" + AWS_SESSION_TOKEN: "${{ steps.decrypt-aws-session-token.outputs.out }}" diff --git a/.github/workflows/terraform-ci.yml b/.github/workflows/terraform-ci.yml deleted file mode 100644 index feb619f28..000000000 --- a/.github/workflows/terraform-ci.yml +++ /dev/null @@ -1,153 +0,0 @@ -name: Terraform CI - -on: - pull_request: - paths: - - 'terraform/**' - - '.github/workflows/terraform-ci.yml' - -permissions: - pull-requests: write - contents: read - id-token: write - -concurrency: - group: ${{ github.workflow_ref }} - -jobs: - lint: - name: Lint terraform - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v3 - - uses: hashicorp/setup-terraform@v2 - - name: Terraform fmt - id: fmt - run: terraform fmt -check -diff -recursive ./terraform - - select_target_environment: - uses: "./.github/workflows/select-target-environment.yml" - with: - ref_name: "${{ github.base_ref }}" - - validate_plan_report: - name: Validate and plan terraform - runs-on: ubuntu-latest - needs: - - lint - - select_target_environment - environment: ${{ needs.select_target_environment.outputs.selected }} - env: - TF_PLUGIN_CACHE_DIR: ~/.terraform.d/plugin-cache - TF_VAR_version_identifier: ${{ github.sha }} - TF_VAR_datadog_api_key: ${{ secrets.DATADOG_API_KEY }} - TF_VAR_datadog_app_key: ${{ secrets.DATADOG_APP_KEY }} - concurrency: - group: run_terraform-${{ needs.select_target_environment.outputs.selected }} - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-region: us-west-2 - role-to-assume: "${{ secrets.AWS_ROLE_TO_ASSUME }}" - - name: Checkout Repo - uses: actions/checkout@v3 - - name: Get project TF version - id: get_version - run: echo "TF_VERSION=$(cat .terraform-version | tr -d '[:space:]')" | tee -a $GITHUB_OUTPUT - working-directory: terraform - - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: ${{ steps.get_version.outputs.TF_VERSION }} - - name: Ensure Terraform plugin cache exists - run: mkdir -p $TF_PLUGIN_CACHE_DIR - - name: Save/Restore Terraform plugin cache - uses: actions/cache@v3 - with: - path: ${{ env.TF_PLUGIN_CACHE_DIR }} - key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }} - restore-keys: | - ${{ runner.os }}-terraform- - - name: Ensure Terraform plugin cache still exists - run: mkdir -p $TF_PLUGIN_CACHE_DIR - - name: Terraform Init - id: init - run: terraform init -backend-config="${{ needs.select_target_environment.outputs.selected }}.s3.tfbackend" - working-directory: terraform - - name: Terraform Validate - id: validate - run: terraform validate -no-color - working-directory: terraform - - name: Terraform Plan - if: steps.validate.outcome == 'success' - id: plan - run: terraform plan -input=false -no-color -out=tfplan -var-file="${{ needs.select_target_environment.outputs.selected }}.tfvars" && terraform show -no-color tfplan - working-directory: terraform - - name: Reformat Plan - if: steps.plan.outcome != 'cancelled' && steps.plan.outcome != 'skipped' - run: | - echo '${{ steps.plan.outputs.stdout || steps.plan.outputs.stderr }}' \ - | sed -E 's/^([[:space:]]+)([-+])/\2\1/g' > plan.txt - - name: Put Plan in Env Var - if: steps.plan.outcome != 'cancelled' && steps.plan.outcome != 'skipped' - run: | - PLAN=$(cat plan.txt) - echo "PLAN<> $GITHUB_ENV - echo "$PLAN" >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - - uses: actions/github-script@v6 - if: github.event_name == 'pull_request' - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - // 1. Retrieve existing bot comments for the PR - const { data: comments } = await github.rest.issues.listComments({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - }) - const botComment = comments.find(comment => { - return comment.user.type === 'Bot' && comment.body.includes('Report for project: \`terraform\`') - }) - - // 2. Prepare format of the comment - const output = `### Report for project: \`terraform\` - #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` - #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` -
Validation Output - - \`\`\`\n - ${{ steps.validate.outputs.stdout }} - \`\`\` - -
- - #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` - -
Show Plan - - \`\`\`diff\n - ${process.env.PLAN} - \`\`\` - -
- - *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Workflow: \`${{ github.workflow }}\`*`; - - // 3. If we have a comment, update it, otherwise create a new one - if (botComment) { - github.rest.issues.updateComment({ - owner: context.repo.owner, - repo: context.repo.repo, - comment_id: botComment.id, - body: output - }) - } else { - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: output - }) - } diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml new file mode 100644 index 000000000..e794ac99d --- /dev/null +++ b/.github/workflows/terraform-plan.yml @@ -0,0 +1,211 @@ +name: Terraform Plan + +permissions: + contents: read + +on: + workflow_call: + inputs: + ref: + type: string + required: true + environment-key: + type: string + required: true + aws-region: + type: string + required: true + tf-backend-config-file: + type: string + required: true + tf-var-file: + type: string + required: true + artifacts-retention-days: + description: Number of days to retain build artifacts + type: number + default: 90 + upload-artifacts: + type: boolean + default: false + concurrency-group: + description: Name of the concurrency group (avoids simultaneous Terraform execution against the same environment) + type: string + default: run_terraform + server-image-tag: + type: string + required: true + server-image-digest: + type: string + required: true + website-artifacts-key: + type: string + required: true + website-artifacts-path: + type: string + required: true + secrets: + aws-access-key-id: + required: true + aws-secret-access-key: + required: true + aws-session-token: + required: true + datadog-api-key: + required: true + datadog-app-key: + required: true + gpg-passphrase: + required: true + outputs: + artifacts-key: + value: ${{ jobs.do.outputs.artifacts-key }} + fmt-outcome: + value: ${{ jobs.do.outputs.fmt_outcome }} + init-outcome: + value: ${{ jobs.do.outputs.init_outcome }} + validate-outcome: + value: ${{ jobs.do.outputs.validate_outcome }} + validate-output: + value: ${{ jobs.do.outputs.validate_output }} + plan-exitcode: + value: ${{ jobs.do.outputs.plan_exitcode }} + plan-outcome: + value: ${{ jobs.do.outputs.plan_outcome }} + plan-output: + value: ${{ jobs.do.outputs.plan_output }} + +jobs: + do: + name: Validate and plan terraform + runs-on: ubuntu-latest + permissions: + contents: read + defaults: + run: + working-directory: terraform + outputs: + artifacts-key: ${{ env.ARTIFACTS_KEY }} + fmt_outcome: ${{ steps.fmt.outcome }} + init_outcome: ${{ steps.init.outcome }} + validate_outcome: ${{ steps.validate.outcome }} + validate_output: ${{ steps.validate.outputs.stdout }} + plan_exitcode: ${{ steps.plan.outputs.exitcode }} + plan_outcome: ${{ steps.plan.outcome }} + plan_output: ${{ steps.show_plan.outputs.stdout || steps.show_plan.outputs.stderr }} + env: + ARTIFACTS_KEY: terraform-${{ inputs.environment-key }}-${{ inputs.ref }} + AWS_DEFAULT_REGION: ${{ inputs.aws-region }} + AWS_REGION: ${{ inputs.aws-region }} + TF_CLI_ARGS: "-no-color" + TF_IN_AUTOMATION: "true" + TF_INPUT: 0 + concurrency: + group: ${{ inputs.concurrency-group }} + cancel-in-progress: false + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: audit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ inputs.ref }} + show-progress: 'false' + persist-credentials: 'false' + - name: Validate workflow configuration + if: inputs.upload-artifacts && (env.GPG_PASSPHRASE == '') + run: | + echo 'gpg-passphrase is required when upload-artifacts is true' + exit 1 + env: + GPG_PASSPHRASE: ${{ secrets.gpg-passphrase }} + - name: Download website artifacts + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: ${{ inputs.website-artifacts-key }} + path: ${{ inputs.website-artifacts-path }} + - name: Get project TF version + id: get_tf_version + run: echo "TF_VERSION=$(cat .terraform-version | tr -d '[:space:]')" | tee -a $GITHUB_OUTPUT + - uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0 + with: + terraform_version: ${{ steps.get_tf_version.outputs.TF_VERSION }} + - name: Terraform fmt + id: fmt + run: terraform fmt -check -diff -recursive + - name: Get AWS access key ID + id: decrypt-aws-access-key-id + run: | + decrypted=$(gpg -qd --batch --yes --passphrase "$GPG_PASSPHRASE" -o - <(echo "$VALUE" | base64 -d)) + echo "::add-mask::${decrypted}" + echo "out=${decrypted}" >> $GITHUB_OUTPUT + env: + GPG_PASSPHRASE: ${{ secrets.gpg-passphrase }} + VALUE: ${{ secrets.aws-access-key-id }} + - name: Get AWS secret access key + id: decrypt-aws-secret-access-key + run: | + decrypted=$(gpg -qd --batch --yes --passphrase "$GPG_PASSPHRASE" -o - <(echo "$VALUE" | base64 -d)) + echo "::add-mask::${decrypted}" + echo "out=${decrypted}" >> $GITHUB_OUTPUT + env: + GPG_PASSPHRASE: ${{ secrets.gpg-passphrase }} + VALUE: ${{ secrets.aws-secret-access-key }} + - name: Get AWS session token + id: decrypt-aws-session-token + run: | + decrypted=$(gpg -qd --batch --yes --passphrase "$GPG_PASSPHRASE" -o - <(echo "$VALUE" | base64 -d)) + echo "::add-mask::${decrypted}" + echo "out=${decrypted}" >> $GITHUB_OUTPUT + env: + GPG_PASSPHRASE: ${{ secrets.gpg-passphrase }} + VALUE: ${{ secrets.aws-session-token }} + - name: Terraform Init + id: init + run: terraform init + env: + AWS_ACCESS_KEY_ID: "${{ steps.decrypt-aws-access-key-id.outputs.out }}" + AWS_SECRET_ACCESS_KEY: "${{ steps.decrypt-aws-secret-access-key.outputs.out }}" + AWS_SESSION_TOKEN: "${{ steps.decrypt-aws-session-token.outputs.out }}" + TF_CLI_ARGS_init: "-backend-config=${{ inputs.tf-backend-config-file }}" + - name: Terraform Validate + id: validate + run: terraform validate -no-color + - name: Terraform Plan + if: always() && steps.validate.outcome == 'success' + id: plan + run: terraform plan -out="tfplan" -detailed-exitcode + env: + AWS_ACCESS_KEY_ID: "${{ steps.decrypt-aws-access-key-id.outputs.out }}" + AWS_SECRET_ACCESS_KEY: "${{ steps.decrypt-aws-secret-access-key.outputs.out }}" + AWS_SESSION_TOKEN: "${{ steps.decrypt-aws-session-token.outputs.out }}" + GPG_PASSPHRASE: "" # Just in case + TF_CLI_ARGS_plan: "-var-file=${{ inputs.tf-var-file }}" + TF_VAR_version_identifier: ${{ inputs.ref }} + TF_VAR_git_commit_sha: ${{ inputs.ref }} + TF_VAR_datadog_api_key: ${{ secrets.datadog-api-key }} + TF_VAR_datadog_app_key: ${{ secrets.datadog-app-key }} + TF_VAR_api_container_image_tag: "${{ inputs.server-image-tag }}@sha256:${{ inputs.server-image-digest }}" + TF_VAR_website_origin_artifacts_dist_path: "${{ inputs.website-artifacts-path }}" + - name: Generate plaintext plan + id: show_plan + run: terraform show tfplan + - name: Encrypt terraform plan file + id: encrypt_plan + if: success() && inputs.upload-artifacts + env: + GPG_PASSPHRASE: ${{ secrets.gpg-passphrase }} + run: | + gpg --batch --yes --passphrase "$GPG_PASSPHRASE" -c --cipher-algo AES256 tfplan + rm tfplan + - name: Store terraform artifacts + if: success() && inputs.upload-artifacts + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: ${{ env.ARTIFACTS_KEY }} + path: | + ${{ github.workspace }}/terraform + !${{ github.workspace }}/terraform/.terraform + if-no-files-found: error + retention-days: ${{ inputs.artifacts-retention-days }} diff --git a/.github/workflows/validate-deployment.yml b/.github/workflows/validate-deployment.yml new file mode 100644 index 000000000..6ee042860 --- /dev/null +++ b/.github/workflows/validate-deployment.yml @@ -0,0 +1,76 @@ +name: Validate commits for deployment + +permissions: + contents: read + +on: + workflow_call: + inputs: + protected-ref: + type: string + required: true + deployment-ref: + type: string + required: true + outputs: + valid: + value: ${{ jobs.validate.result == 'skipped' || jobs.validate.result == 'success' }} + workflow_dispatch: + inputs: + protected-ref: + type: string + required: true + deployment-ref: + type: string + required: true + +jobs: + validate: + name: Validate + runs-on: ubuntu-latest + if: inputs.deployment-ref != inputs.protected-ref + env: + PROTECTED_REF: ${{ inputs.protected-ref }} + DEPLOYMENT_REF: ${{ inputs.deployment-ref }} + steps: + - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + disable-sudo: true + egress-policy: audit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ env.PROTECTED_REF }} + show-progress: 'false' + persist-credentials: 'false' + - name: Count commits in candidate ref that are not in protected ref + id: all-cherries + run: | + CHERRY_FILE=$(mktemp -t cherries.XXXXX) + git cherry -v "$PROTECTED_REF" "$DEPLOYMENT_REF" > $CHERRY_FILE + echo "count=$(cat $CHERRY_FILE | wc -l)" >> $GITHUB_OUTPUT + echo "file=$CHERRY_FILE" >> $GITHUB_OUTPUT + - name: Count commits that were not cherry-picked from protected ref + id: missing-cherries + run: echo "count=$(cat $CHERRY_FILE | grep -E '^[+]' | wc -l)" >> $GITHUB_OUTPUT + env: + CHERRY_FILE: ${{ steps.all-cherries.outputs.file }} + - name: Report outcome to step summary + run: | + echo "Result: $VALIDATION_RESULT" >> $GITHUB_STEP_SUMMARY + echo "Found $TOTAL_CHERRY_COUNT commits in $DEPLOYMENT_REF not in $PROTECTED_REF." >> $GITHUB_STEP_SUMMARY + echo "Of these, $INVALID_CHERRY_COUNT were not cherry-picked from $PROTECTED_REF." >> $GITHUB_STEP_SUMMARY + echo "Only commits from pull requests that were approved and merged to $PROTECTED_REF are eligible for deployment." >> $GITHUB_STEP_SUMMARY + echo '```' >> $GITHUB_STEP_SUMMARY + cat "$CHERRY_FILE" >> $GITHUB_STEP_SUMMARY + echo '```' >> $GITHUB_STEP_SUMMARY + env: + VALIDATION_RESULT: ${{ fromJson(steps.missing-cherries.outputs.count) == 0 && 'SUCCESS' || 'FAIL' }} + TOTAL_CHERRY_COUNT: ${{ steps.all-cherries.outputs.count }} + INVALID_CHERRY_COUNT: ${{ steps.missing-cherries.outputs.count }} + CHERRY_FILE: ${{ steps.all-cherries.outputs.file }} + - name: Fail validation + if: fromJson(steps.missing-cherries.outputs.count) > 0 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + script: | + core.setFailed('Invalid commits detected') diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 746cadee5..6f21b8fb2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,140 +1,101 @@ # How to contribute to U.S. Digital Response projects -Everyone is welcome to contribute, and we value everybody's contribution. Code -is not the only way to help the community. Answering questions, helping -others, reaching out, and improving the documentation are all immensely valuable -to the community. +Everyone is welcome to contribute, and we value everybody's contribution. +Code is not the only way to help the community. +Answering questions, helping others, reaching out, and improving documentation are all immensely valuable to the community. ## You can contribute in so many ways! -There are 3 ways you can contribute to this project: +There are several ways you can contribute to this repository: -- Fixing outstanding issues with the existing code; -- Contributing to the examples or to the documentation; -- Submitting issues related to bugs or desired new features. +- Enhancing and/or fixing outstanding issues with the existing code +- Contributing useful improvements, clarifications, and updates to existing documentation +- Submitting [issues](https://github.com/usdigitalresponse/usdr-gost/issues/new/choose) related to bugs or desired new features +- Reporting security vulnerabilities _All are equally valuable to the community._ -We also onboard new volunteers to USDR projects in general at [https://www.usdigitalresponse.org/raisingyourhand](https://www.usdigitalresponse.org/raisingyourhand). Please sign up if you’d like to help on other projects. +We also onboard new volunteers to USDR projects in general at https://www.usdigitalresponse.org/volunteer. +Please sign up if you’d like to help on other projects. ## Submitting a new issue or feature request -Do your best to follow these guidelines when submitting an issue or a feature -request. It will make it easier for us to come back to you quickly and with good -feedback. +Do your best to follow these guidelines when submitting an issue or a feature request. +It will make it easier for us to come back to you quickly and with good feedback. +First, please check whether your issue or feature request has already been submitted by searching our [open issues](https://github.com/usdigitalresponse/usdr-gost/issues?q=is%3Aopen+is%3Aissue). -### Did you find a bug? -Open source code is robust and reliable thanks to the users who notify us of -the problems they encounter, so thank you for reporting an issue. +### Bugs -First, we would really appreciate it if you could **make sure the bug was not -already reported** (use the search bar on GitHub under the “Issues” tab). +If you find an [open bug](https://github.com/usdigitalresponse/usdr-gost/issues?q=is%3Aopen+is%3Aissue+label%3Abug) that sounds like your issue, please consider adding a comment to the existing issue with details that will help us better understand the problem. -Did not find it? :( So we can act quickly on it, please include the following: +To submit something new, please fill out and submit [this form](https://github.com/usdigitalresponse/usdr-gost/issues/new?template=default_issue.yml&title=%5BBug%5D%3A+). -- Your **operating system**. -- If the problem is with the API, your **client (e.g. cURL, Python Requests)**. -- If the problem was with the demo UI or docs pages, your **browser (e.g. Firefox, Chrome, Edge, Internet Explorer)**. -- Any code errors that you have access to. +### Security vulnerabilities -### Do you want a new feature? +Please fill out and submit [this form](https://github.com/usdigitalresponse/usdr-gost/security/advisories/new) +if you believe you have discovered a security-related problem. -A world-class feature request addresses the following points: - -1. Motivation first: - -- Is it related to a problem/frustration with the current system? If so, please explain why. -- Is it related to something you would need for a project? We'd love to hear about it! -- Is it something you worked on and think could benefit the community? Awesome! Tell us what problem it solved for you. -2. Write a _full paragraph_ describing the feature; -3. Provide a **code snippet** or **design mockup or sketch** if possible, to demonstrate its future use. +### New features -If your issue is well written, we’re already 80% of the way there by the time you -post it. - - -## Start contributing! (Pull Requests) - -Before writing code, we strongly advise you to search through the exising PRs or -issues to make sure that nobody is already working on the same thing. If you are -unsure, it is always a good idea to open an issue to get some feedback. +A world-class feature request addresses the following points: -You will need basic `git` proficiency to be able to contribute to -this project. `git` is not the easiest tool to use but it has the greatest -manual. Type `git --help` in a shell and enjoy. +1. Motivation first: + - Is it related to a problem/frustration with the current system? If so, ease explain why. + - Is it related to something you would need for a project? We'd love to hear about it! + - Is it something you worked on and think could benefit the community? + Awesome! + Tell us what problem it solved for you. + - Do you think you have a neat idea and want to share it? + We love those too! + Tell us your use-case and what value it might bring to the project. +2. Write a _full paragraph_ describing why you think the feature is important. +3. Provide a **code snippet** or **design mockup or sketch** if possible, to demonstrate its +future use. + +By the way, your suggestions do not need to be restricted to changes to how this project works in a production environment! +We would love to hear your ideas for improving all types of things, including: +- Ways to enhance the developer experience. +- Testing and other maintainability strategies. +- Automated CI/CD workflows. + + +## Start contributing! (pull requests) + +Before writing code, we strongly advise you to search through the existing PRs or issues to make sure that nobody is already working on the same thing. +If you are unsure, it is always a good idea to open an issue to get some feedback. + +Things you will need: +- Basic `git` proficiency. +- Knowledge of one or more of the languages used in this project, such as JavaScript and/or Terraform. +- A development environment. +See the [Development](https://github.com/usdigitalresponse/usdr-gost/blob/main/README.md#development) section of our README for more information. +- A positive attitude. Follow these steps to start contributing: -1. Fork the repository by - clicking on the 'Fork' button on the repository's page. This creates a copy of the code - under your GitHub user account. - -2. Clone your fork to your local disk - -3. Create a new branch to hold your development changes: - - ```bash - $ git checkout -b a-descriptive-name-for-my-changes - ``` - - please avoid working on the `main` or `gh-pages` branch directly. - -4. Develop the features on your branch. - - Once you're happy with your changes, add changed files using `git add` and - make a commit with `git commit` to record your changes locally: - - ```bash - $ git add modified_file.py - $ git commit - ``` - - Commit messages must follow the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) style. - - It is a good idea to sync your copy of the code with the original - repository regularly. This way you can quickly account for changes: - - ```bash - $ git fetch origin - $ git rebase origin/_staging - ``` - - Push the changes to your account using: - - ```bash - $ git push -u origin a-descriptive-name-for-my-changes - ``` - -5. Once you are satisfied (**and the checklist below is happy, too**), go to the - webpage of your fork on GitHub. Click on 'Pull request' to send your changes - to the project maintainers for review. - -6. It's ok if maintainers ask you for changes. It happens to core contributors - too! So everyone can see the changes in the Pull request, work in your local - branch and push the changes to your fork. They will automatically appear in - the pull request. - - -### Checklist - -1. The title of your pull request should be a summary of its contribution; - -2. If your pull request adresses an issue, please [mention the issue number in - the pull request description to make sure they are linked](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword) (and so people consulting the issue know you are working on it); - -3. To indicate a work in progress, please submit your pull request as a draft. - This is useful to avoid duplicated work, and to differentiate it from PRs - ready to be merged. - - ![Creating a draft pull request](./docs/_assets/draft-pr.png) - -4. If there are any tests, make sure that they pass and cover your new features and bugfixes. - - -#### This guide was based on [HuggingFace/transformers](https://github.com/huggingface/transformers/blob/master/CONTRIBUTING.md) which was itself based on [SciKit-Learn](https://github.com/scikit-learn/scikit-learn/blob/master/CONTRIBUTING.md) +1. Fork the repository by clicking on the 'Fork' button on the repository's page. +This creates a copy of the code under your GitHub user account. + - **Note:** If you are an active volunteer with contributor access to this repository, + you may alternatively clone and make branches against this repository directly. +2. Clone your fork to your development environment. +3. Create a new branch to hold your development changes. +We recommend that you use the following conventions when naming your branch: + | **Branch Prefix** | **Type of Contribution** | **Example** | + |-------------------|------------------------------------------------------------------------|-------------------------------------| + | `feat/` | New features and enhancements. | `feat/generate-jetpacks` | + | `bug/` or `fix/` | Changes that resolve or mitigate a problem. | `fix/jetpack-fuel-gauge-inaccuracy` | + | `docs/` | Improvements, clarifications, and/or updates to existing documentation | `docs/clarify-landing-instructions` | + +4. Develop, commit, and push the features on your branch. +5. Once you are satisfied, submit your pull request! + - Make sure the title of your PR represents a short summary of the contribution. + - Fill out the different sections that appear in the pull request template. + - Please include unit tests for all JavaScript code! + - If your work isn't quite ready but you want early feedback, submit your pull request as a draft. +6. Don't worry if maintainers ask you for changes - it's all part of the collaborative process! diff --git a/README.md b/README.md index e1e6d1781..acbb5a0f9 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,13 @@ This repository falls under [U.S. Digital Response’s Code of Conduct](./CODE_O This project wouldn’t exist without the hard work of many people. Please see [`CONTRIBUTING.md`](./CONTRIBUTING.md) to find out how you can help. +## Release Management + +Releases are versioned using a `YYYY.inc` scheme that represents the year of the release, and the incremental release number for that year. +You can view a list of all historical releases on the [Releases page](https://github.com/usdigitalresponse/usdr-gost/releases). + +For details on deploying releases to Production, see our [Release Process](./docs/releasing.md) documentation. + ## License & Copyright Copyright (C) 2020-2021 U.S. Digital Response (USDR) diff --git a/docs/deployment.md b/docs/deployment.md deleted file mode 100644 index a950eb168..000000000 --- a/docs/deployment.md +++ /dev/null @@ -1,64 +0,0 @@ -# Deployment - -(Note, as of Mar 12, 2023, information in this file needs updating to account for the new AWS-based deployment process) - -## Render - -1. Create web service - - ![create-web-service](./img/create-web-service.png) - -2. Create database - - ![create-database](./img/create-database.png) - -3. Update web service environment variables - - ![update-web-env-vars](./img/update-web-env-vars.png) - - **NOTE:** Don't set `NODE_ENV=production` else NPM dev deps will not be installed and prod deployments will fail [(source)](https://github.com/vuejs/vue-cli/issues/5107#issuecomment-586701382) - - ![prod-env-error](./img/prod-env-error.png) - - ```sh - POSTGRES_URL= # Render Internal connection string ie postgres://cares_opportunity_user:@/cares_opportunity_1e53 - - COOKIE_SECRET= - - WEBSITE_DOMAIN= # Render web service url ie. https://cares-grant-opportunities-qi8i.onrender.com - - NODE_ENV=development or production or test - - NOTIFICATIONS_EMAIL="grants-identification@usdigitalresponse.org" - AWS_ACCESS_KEY_ID= - AWS_SECRET_ACCESS_KEY= - - ENABLE_GRANTS_SCRAPER=true - GRANTS_SCRAPER_DATE_RANGE=7 # date range of grants that will be scraped - GRANTS_SCRAPER_DELAY=1000 # delay in milliseconds for scraper - - NODE_OPTIONS=--max_old_space_size=1024 # increase node max memory, had problems with node not using all of renders server memory. This will depend on the plan - ``` - -## DB Migrations - -1. Get the postgres external connection string from render. Set it as an environment variable - - `export POSTGRES_URL="postgres://user:{pass}@{domain}/{db}?ssl=true"` - - NOTE: must add `?ssl=true` - -1. Change directory to packages/server - -1. Update seeds/dev files accordingly - - seeds/dev/ref/agencies.js - list of agencies to be created. You can update this with the state provided agency. Note: We add a special USDR agency for our accounts in the system - - seeds/dev/index.js - Update the admin list variable accordingly - -1. Run the following commands - - ```sh - npx knex migrate:latest - npx knex seed:run - ``` - - After that you should be able to access the site and login with the users set in the migration. diff --git a/docs/releasing.md b/docs/releasing.md new file mode 100644 index 000000000..cff98c2f9 --- /dev/null +++ b/docs/releasing.md @@ -0,0 +1,174 @@ +# Release Process + +## Release changes to Staging + +_"As a contributor whose pull request has been been approved, I want to deploy my changes to Staging."_ + +Simple – just merge your pull request! + +Any pull request merged to the `main` branch will automatically activate the deployment pipeline that targets the Staging environment. +You can check the status of a Staging deployment by viewing the ["Deploy to Staging" workflow history](https://github.com/usdigitalresponse/usdr-gost/actions/workflows/deploy-staging.yml) + +## Release changes to Production + +_"As a team member with sufficient access to manage GitHub releases, I want to deploy a set of changes to Production."_ + +### Scenario 1: All changes deployed to Staging have been successfully QA'd + +> [!TIP] +> This is the simplest scenario, and our **preferred way** to deploy changes to Production. + +1. Navigate to the repository [Releases page](https://github.com/usdigitalresponse/usdr-gost/releases). +2. Locate the current draft release. This will displayed at the top, along with a "Draft" label. +3. Click the pencil icon for the draft release to edit it. +4. In the "Write" tab for the release notes: + - Edit the placeholder text under the **Summary** heading to provide a brief description of the release as a benefit to stakeholders. Summaries are encouraged ("bug fixes and dependency updates" is fine), but if you don't want to provide one, be sure to delete the heading and its placeholder text. + - Optional: check for any uncategorized changes under the **Other changes** heading (this heading will only be present if there are uncategorized changes), and move/copy them to more appropriate category headings. +5. Switch to the "Preview" tab and review the release notes to confirm that the release notes look suitable for publishing. +6. Ensure that the "Set as pre-release" box is checked (it should be preselected), and then click "Publish Release". + +At this point, the deployment will start preparing to ship the changes associated with the published release. +Once the changes are ready to ship, administrators will be notified to review the deployment plan created by Terraform and give final approval. +For more information, refer to **What happens when a release is published?** + +### Scenario 2: Not all changes on Staging have been successfully QA'd, but we still want to deploy _some_ things to Production + +#### Scenario 2.1: Desired changes to deploy are contained in sequential commits directly following the latest release + +> [!TIP] +> Use this workflow when there are consecutive commits that should be deployed to Production, up to a certain point. +> That is, if the latest Production deployment/release tag point to commit A, and commits B, C, and D have since been added to `main`, +> this workflow can be used to deploy commits B and C only. +> +> If non-sequential commits to `main` need to be deployed, refer to Scenario 2.2 below. + +Example scenario (all commits on `main`): +``` +commit-A <- Deployed to Production, tagged as the latest release +commit-B <- Successfully QA'd, ready for Production +commit-C <- Successfully QA'd, ready for Production +commit-D <- NOT successfully QA'd +``` + +1. Follow Steps 1-4 in **Scenario 1** to prepare the release notes. +2. While editing the next draft release, select the "Target" dropdown menu, switch to the "Recent commits" tab, and select the final/latest commit in the series that you want to deploy. +3. Edit the release notes to remove documented changes that come after the selected target commit (i.e. remove changes that will not be deployed in this release). +4. Follow the remaining steps in **Scenario 1** to deploy the release. + +#### Scenario 2.2: Desired changes to deploy are contained in nonsequential commits + +> [!TIP] +> Use this workflow when there are **nonconsecutive** commits that should be deployed to Production. +> That is, if the latest Production deployment/release tag point to commit A, and commits B, C, D, and E have since been added to `main`, +> this workflow can be used to deploy commits B and D only. +> +> If non-sequential commits to `main` need to be deployed, refer to Scenario 2.2 below. + +Example scenario (all commits on `main`): +``` +commit-A <- Deployed to Production, tagged as the latest release +commit-B <- Successfully QA'd, ready for Production +commit-C <- NOT successfully QA'd +commit-D <- Successfully QA'd, ready for Production +commit-E <- NOT successfully QA'd +``` + +> [!WARNING] +> Check with a repository admin first to ensure that database migrations will not be affected and are compatible with the desired changes. + +> [!NOTE] +> This use-case requires working knowledge of `git cherry-pick`. + +> [!IMPORTANT] +> - Only commits that exist on `main` may cherry-picked for a release. +> The deployment workflow checks that the contents of the specified release tag satisfy this requirement; +> if the release tag contains any commit that is not also on `main` _or_ was not cherry-picked from a commit on `main`, the workflow execution will fail. +> - Always be sure to provide the `-x` flag when running `git cherry-pick` so that the resulting commit message [includes a reference to the source commit](https://git-scm.com/docs/git-cherry-pick#Documentation/git-cherry-pick.txt--x). + +1. Check out a new branch based on the revision currently deployed to Production (i.e. the latest release tag). +2. Cherry-pick the commit(s) onto the new branch from `main` that you want to include in the release. +3. Push your branch that now contains the cherry-picked commits that you want to release. +4. Follow Steps 1-4 in **Scenario 1** to prepare the release notes. +5. While editing the next draft release, select the "Target" dropdown menu and use the "Branches" tab to select the branch that contains the cherry-picked commits that you want to release. +6. Edit the release notes to remove documented changes were not cherry-picked (i.e. remove changes that will not be deployed in this release). +7. Follow the remaining steps in **Scenario 1** to deploy the release. +8. Optional: Delete the release branch (the release commit is now tagged; the branch is no longer needed) +9. Optional: Generate the next draft release. + - Using the GitHub web UI: + 1. Navigate to the ["Release Drafter" workflow](https://github.com/usdigitalresponse/usdr-gost/actions/workflows/release-drafter.yml) + 2. Click "Run workflow" + 3. Select the "Branch" dropdown menu and choose the `main` branch + 4. Click the "Run workflow" button located beneath the selected branch. + - Using the GitHub CLI: + ```cli + gh workflow run "Release Drafter" --ref main + ``` + +> [!TIP] +> You can skip the final step if you want to wait for a new draft release to be created automatically the next time `main` is updated. + +### Scenario 3: Retry a failed deployment without making code changes. + +1. Use the ["Deploy to Production" workflow history](https://github.com/usdigitalresponse/usdr-gost/actions/workflows/deploy-production.yml) to locate and navigate to the failed workflow run. +2. Click the "Re-run jobs" button. If prompted, select "Re-run all jobs". +3. Wait for the new workflow run to generate a deployment plan and prompt administrators for review and approval. + +### Scenario 4: Revert the Production environment to a previous deployment. + +> [!WARNING] +> Check with a repository admin first to ensure that database migrations will not be affected! + +- Using the GitHub web UI, using a recent deployment workflow: + 1. Use the ["Deploy to Production" workflow history](https://github.com/usdigitalresponse/usdr-gost/actions/workflows/deploy-production.yml) to locate and navigate to the workflow run that you want to re-execute. + 2. Click "Re-run all jobs". + 3. Wait for the new workflow to generate a deployment plan and prompt administrators for review and approval. +- Using the GitHub web UI, as a new workflow run: + 1. Navigate to the ["Deploy to Production" workflow](https://github.com/usdigitalresponse/usdr-gost/actions/workflows/deploy-production.yml). + 2. Click "Run workflow" + 3. Select the "Branch" dropdown menu, switch to the "Tags" tab, and select the release tag that you want to deploy. + 4. Wait for the new workflow to generate a deployment plan and prompt administrators for review and approval. +- Using the GitHub CLI: + ```cli + gh workflow run "Deploy to Production" --ref release/1979.33 + ``` + +## What happens when a release is published? + +When a release is published, its configured tag is pushed based on the configured "Target" (usually the `main` branch). +A push to any tag prefixed with `release/` will trigger the "Deploy to Production" workflow to execute for that tag, which performs the following steps: + +1. Validates the contents of the release tag to ensure that it only contains commits (and/or cherry-picked commits) from `main`. +2. Builds and publishes deployment artifacts for the release. +3. Generates a deployment plan for the changes associated with the release. +4. Once a deployment plan has been generated and is ready to ship, repository administrators will be notified with a request to review and approve the deployment plan. +5. Once approved, the pipeline execution will proceed with deploying the changes to Production. +6. Following successful deployment, the deployment pipeline will update the release to: + - Remove its "Pre-release" label + - Add the "Latest" label + - Append the date and time of deployment under the "Release History" heading of the release notes. + - Upload build artifacts as release assets. + +## Useful Information + +### What is a tag, and how do we use them for releases? + +A tag is an alias that (for the purposes of this document) provides an alias that points to a specific commit. There are many different tagging conventions, but for the purposes of our release process, we are specifically talking about tags formatted as `release/`, where `` is comprised of two delimited elements: the year of the release, and a number that increments for each subsequent release for that year (i.e. `yyyy.N`). For example, `2023.5` would represent the fifth release published in 2023; `2024.16` would represent the 16th release published in 2024, etc. + +#### Why not semantic versioning? + +Many software projects (especially libraries) follow versioning schemes like [semantic versioning](https://semver.org/) because it standardizes an explicit way of communicating compatibility changes from one version to the next. You probably recognize semantic versions, like `v1.2.3`. However, because the usdsr-gost repository provides multiple services and offers no single, concrete contract (i.e. an API) about which downstream consumers contend with compatibility decisions, a semantic versioning scheme is less relevant and would likely create ambiguilties rather than clarifying them. + +### What is a release? + +[GitHub releases](https://docs.github.com/en/repositories/releasing-projects-on-github/managing-releases-in-a-repository) are a repository-level feature in GitHub that add documentation ("release notes") and static file assets (a repo snapshot, and optionally platform-specific build outputs) for a specific tag, which generally serves as a version identifier for the release. + +GitHub releases can be in either a **draft** or **published** state. When a release is a **draft**, it is still being assembled and not generally visible to the public. Furthermore, drafts do not have to be associated with a tag that exists in the repository. As mentioned elsewhere, we will use automation to do most of the work around creating release drafts and keeping their contents up-to-date, although humans are responsible for applying final edits to release notes and saving the final outcome as a **published** release. The most-recently published release to successfully deploy to Production is automatically marked as "latest" in GitHub. + +Ideally, the repository will always have exactly 1 draft release at any moment (provided there are pull requests that have been merged since the last published release), which can be thought of as the "next release". While no release tag will exist for a draft, we can determine what that tag will be at the time the draft is created by looking at the current year and the tag associated with the latest published release. For example, if the latest published release associated with a tag of `release/2023.4` and the current year is still 2023, we know that the tag associated with the next release will be associated with a tag of `release/2023.5`; if the year is 2024, the next release tag will be `release/2024.1`. + +#### Release Terminology + +- **Draft release:** A release which has been created in GitHub but is not yet available for public viewing. Ideally, exactly one release draft exists as long as there are changes on `main` that have not yet been deployed to Production. +- **Published release:** Any release that is not a draft, i.e. is publicly viewable, and is considered to be a finalized representation of at least one change to Production. +- **Latest release:** A label indicating the last (published) release that has successfully deployed to Production. +- **Pre-release:** A label indicating that a published release has not yet fully and/or successfully deployed to Production. diff --git a/packages/server/.nycrc b/packages/server/.nycrc new file mode 100644 index 000000000..628a3e549 --- /dev/null +++ b/packages/server/.nycrc @@ -0,0 +1,3 @@ +{ + "include": "src/**" +} diff --git a/terraform/main.tf b/terraform/main.tf index c5b7807af..e829a0143 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -66,6 +66,9 @@ module "website" { gost_api_domain = local.api_domain_name managed_waf_rules = var.website_managed_waf_rules feature_flags = var.website_feature_flags + origin_artifacts_dist_path = coalesce( + var.website_origin_artifacts_dist_path, "${path.root}/../packages/client/dist" + ) } module "api_to_postgres_security_group" { diff --git a/terraform/modules/gost_website/storage.tf b/terraform/modules/gost_website/storage.tf index e1aaa7fad..de0d1b61c 100644 --- a/terraform/modules/gost_website/storage.tf +++ b/terraform/modules/gost_website/storage.tf @@ -111,6 +111,24 @@ module "origin_bucket" { ] } +locals { + origin_artifacts_dist_path = trimsuffix(var.origin_artifacts_dist_path, "/") + origin_artifacts_dist_key_prefix = trim(var.origin_bucket_dist_path, "/") +} + +resource "aws_s3_object" "origin_dist_artifact" { + for_each = fileset(local.origin_artifacts_dist_path, "**") + + bucket = module.origin_bucket.bucket_id + key = "${local.origin_artifacts_dist_key_prefix}/${each.value}" + source = "${local.origin_artifacts_dist_path}/${each.value}" + source_hash = filemd5("${local.origin_artifacts_dist_path}/${each.value}") + etag = filemd5("${local.origin_artifacts_dist_path}/${each.value}") + server_side_encryption = "AES256" + + depends_on = [module.origin_bucket] +} + module "logs_bucket" { source = "cloudposse/s3-bucket/aws" version = "4.0.1" diff --git a/terraform/modules/gost_website/variables.tf b/terraform/modules/gost_website/variables.tf index 3a16a0ff9..336661527 100644 --- a/terraform/modules/gost_website/variables.tf +++ b/terraform/modules/gost_website/variables.tf @@ -77,6 +77,11 @@ variable "origin_bucket_dist_path" { } } +variable "origin_artifacts_dist_path" { + description = "Path to the local directory from which website build artifacts are sourced and uploaded to the S3 origin bucket." + type = string +} + variable "origin_bucket_config_path" { description = "Path to the directory where non-build configuration files should be stored in the S3 origin bucket." default = "/config" diff --git a/terraform/prod.tfvars b/terraform/prod.tfvars index e675c98e0..607fa46a7 100644 --- a/terraform/prod.tfvars +++ b/terraform/prod.tfvars @@ -49,7 +49,6 @@ cluster_container_insights_enabled = true // API / Backend api_enabled = true -api_container_image_tag = "stable" api_default_desired_task_count = 3 api_minumum_task_count = 2 api_maximum_task_count = 5 diff --git a/terraform/staging.tfvars b/terraform/staging.tfvars index a62b75542..33c639429 100644 --- a/terraform/staging.tfvars +++ b/terraform/staging.tfvars @@ -46,7 +46,6 @@ cluster_container_insights_enabled = true // API / Backend api_enabled = true -api_container_image_tag = "latest" api_default_desired_task_count = 1 api_minumum_task_count = 1 api_maximum_task_count = 5 diff --git a/terraform/variables.tf b/terraform/variables.tf index 91856b2af..2982291dc 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -112,6 +112,12 @@ variable "website_managed_waf_rules" { default = {} } +variable "website_origin_artifacts_dist_path" { + description = "Path to the local directory from which website build artifacts are sourced and uploaded to the S3 origin bucket." + type = string + default = "" +} + variable "website_feature_flags" { description = "Map of website feature flag names and their values." type = any From 7304342036043f312ec554dc4bac3f8721ec6822 Mon Sep 17 00:00:00 2001 From: tyler Date: Fri, 8 Dec 2023 04:16:06 +0000 Subject: [PATCH 14/19] Set protected ref --- .github/workflows/deploy-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index 101148b0b..3af3a6413 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -20,7 +20,7 @@ jobs: contents: read uses: ./.github/workflows/validate-deployment.yml with: - protected-ref: ${{ github.event.repository.default_branch }} + protected-ref: main deployment-ref: ${{ github.ref }} build: From e23dddb8445ad794e8e942d5ea2935e78762f63c Mon Sep 17 00:00:00 2001 From: tyler Date: Fri, 8 Dec 2023 04:39:03 +0000 Subject: [PATCH 15/19] Set immutable API image tag --- .github/workflows/terraform-plan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml index e794ac99d..10f084047 100644 --- a/.github/workflows/terraform-plan.yml +++ b/.github/workflows/terraform-plan.yml @@ -186,7 +186,7 @@ jobs: TF_VAR_git_commit_sha: ${{ inputs.ref }} TF_VAR_datadog_api_key: ${{ secrets.datadog-api-key }} TF_VAR_datadog_app_key: ${{ secrets.datadog-app-key }} - TF_VAR_api_container_image_tag: "${{ inputs.server-image-tag }}@sha256:${{ inputs.server-image-digest }}" + TF_VAR_api_container_image_tag: "${{ inputs.server-image-tag }}@${{ inputs.server-image-digest }}" TF_VAR_website_origin_artifacts_dist_path: "${{ inputs.website-artifacts-path }}" - name: Generate plaintext plan id: show_plan From 169503b92f7c78a7d1f0b1e7bdacf4b13777e808 Mon Sep 17 00:00:00 2001 From: tyler Date: Fri, 8 Dec 2023 04:43:09 +0000 Subject: [PATCH 16/19] Map file extensions to mime types --- terraform/modules/gost_website/storage.tf | 30 +++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/terraform/modules/gost_website/storage.tf b/terraform/modules/gost_website/storage.tf index de0d1b61c..625fb5685 100644 --- a/terraform/modules/gost_website/storage.tf +++ b/terraform/modules/gost_website/storage.tf @@ -114,6 +114,35 @@ module "origin_bucket" { locals { origin_artifacts_dist_path = trimsuffix(var.origin_artifacts_dist_path, "/") origin_artifacts_dist_key_prefix = trim(var.origin_bucket_dist_path, "/") + + extension_mime_types = { + bmp = "image/bmp" + css = "text/css" + csv = "text/csv" + gif = "image/gif" + htm = "text/html" + html = "text/html" + ico = "image/vnd.microsoft.icon" + jpeg = "image/jpeg" + jpg = "image/jpeg" + js = "text/javascript" + json = "application/json" + jsonld = "application/ld+json" + otf = "font/otf" + pdf = "application/pdf" + png = "image/png" + svg = "image/svg+xml" + tif = "image/tiff" + tiff = "image/tiff" + ttf = "font/ttf" + txt = "text/plain" + woff = "font/woff" + woff2 = "font/woff2" + xls = "application/vnd.ms-excel" + xlsx = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" + xml = "application/xml" + webp = "image/webp" + } } resource "aws_s3_object" "origin_dist_artifact" { @@ -125,6 +154,7 @@ resource "aws_s3_object" "origin_dist_artifact" { source_hash = filemd5("${local.origin_artifacts_dist_path}/${each.value}") etag = filemd5("${local.origin_artifacts_dist_path}/${each.value}") server_side_encryption = "AES256" + content_type = local.extension_mime_types[reverse(split(".", each.value))[0]] depends_on = [module.origin_bucket] } From e6a09667470fe5337c273adcae447dd9376d449c Mon Sep 17 00:00:00 2001 From: tyler Date: Fri, 8 Dec 2023 05:00:02 +0000 Subject: [PATCH 17/19] Map file extensions to mime types --- terraform/modules/gost_website/storage.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/modules/gost_website/storage.tf b/terraform/modules/gost_website/storage.tf index 625fb5685..657711449 100644 --- a/terraform/modules/gost_website/storage.tf +++ b/terraform/modules/gost_website/storage.tf @@ -128,6 +128,7 @@ locals { js = "text/javascript" json = "application/json" jsonld = "application/ld+json" + map = "application/json" # assumes .js.map otf = "font/otf" pdf = "application/pdf" png = "image/png" From f31d4493b63c9eb64083f5961439c03a6f35ecdf Mon Sep 17 00:00:00 2001 From: tyler Date: Fri, 8 Dec 2023 05:24:21 +0000 Subject: [PATCH 18/19] Set protected ref for prod deployments --- .github/workflows/deploy-production.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml index 9f2548f1c..9419a3349 100644 --- a/.github/workflows/deploy-production.yml +++ b/.github/workflows/deploy-production.yml @@ -22,7 +22,7 @@ jobs: contents: read uses: ./.github/workflows/validate-deployment.yml with: - protected-ref: ${{ github.event.repository.default_branch }} + protected-ref: main deployment-ref: ${{ github.ref }} build: From c350f993c221c14c51d3dd11864046175618b7b9 Mon Sep 17 00:00:00 2001 From: tyler Date: Fri, 8 Dec 2023 05:27:10 +0000 Subject: [PATCH 19/19] Categorize Grant Finder updates --- .github/release-drafter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index 312a28762..aae1a99ce 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -26,7 +26,7 @@ categories: - title: 🔍 Federal Grant Finder updates collapse-after: 3 labels: - - Grants Finder + - Grant Finder - title: 🧾 ARPA Reporter updates collapse-after: 3 labels:
@@ -496,9 +493,9 @@ {{#notifications_url}}

- Change - Notification Preferences + style="Margin:0;-webkit-text-size-adjust:none;-ms-text-size-adjust:none;mso-line-height-rule:exactly;font-family:'open sans', 'helvetica neue', helvetica, arial, sans-serif;line-height:21px;color:#999999;font-size:14px;"> + Change + notification preferences