Skip to content

Commit

Permalink
Merge branch 'main' into 2271-my-profile-breadcrumbs
Browse files Browse the repository at this point in the history
  • Loading branch information
TylerHendrickson authored Dec 8, 2023
2 parents 48729d5 + c350f99 commit d537de0
Show file tree
Hide file tree
Showing 36 changed files with 2,682 additions and 826 deletions.
9 changes: 6 additions & 3 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
# Require admin approval for GitHub settings and workflow modifications
/.github/ @usdigitalresponse/grants-admins

# Require admin approval for Terraform IAC modifications
/terraform/ @usdigitalresponse/grants-admins

# Require admin approval when Postgres root CA bundle is modified
/packages/server/rds-combined-ca-bundle.pem @usdigitalresponse/grants-admins

# Require admin approval for special doc modifications
README.md @usdigitalresponse/grants-admins
LICENSE @usdigitalresponse/grants-admins
CODE_OF_CONDUCT.md @usdigitalresponse/grants-admins
CONTRIBUTING.md @usdigitalresponse/grants-admins
53 changes: 53 additions & 0 deletions .github/next_release_version.bash
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
#! /bin/bash

# Defaults
next_version_release_year=$(TZ='UTC' date '+%Y')
next_version_release_number=1

if [[ $1 == 'test' ]]; then
echo 'Running tests...' >&2
dotest() {
result=$(bash $0 "release/${1}" 2> /dev/null | tail -n 1)
expect="${2}"
if [[ $result != $expect ]]; then
printf "Test failed:\n Expected: $expect\n Received: $result\n" >&2
exit 1
fi
}
dotest 'release/1234.987' "$next_version_release_year.1"
dotest 'release/0.0' "$next_version_release_year.1"
dotest 'release/0' "$next_version_release_year.1"
dotest 'sometag' "$next_version_release_year.1"
dotest "release/$next_version_release_year.1" "$next_version_release_year.2"
dotest "release/$next_version_release_year.19" "$next_version_release_year.20"
dotest "release/$next_version_release_year.399" "$next_version_release_year.400"
echo 'Tests complete' >&2
exit 0
fi

if [[ -z $1 ]]; then
# Ensure tag history is available
git fetch --prune --unshallow
tag=$(git describe --tags --match='release/[0-9][0-9][0-9][0-9].[0-9]*' refs/heads/main)
else
tag=$1
fi

regex='release\/([0-9]{4})\.([0-9]+)'
if [[ $tag =~ $regex ]]; then
echo "Found tag for previous release: $tag" >&2
prev_version_release_number="${BASH_REMATCH[2]}"
echo "Previous version number: $prev_version_release_number" >&2
if [[ $next_version_release_year == "${BASH_REMATCH[1]}" ]]; then
((next_version_release_number=prev_version_release_number+1))
else
echo "Ignoring previous version number because it pertains to a different year" >&2
fi
else
echo "Could not locate a previous release version" >&2
fi

next_version="$next_version_release_year.$next_version_release_number"
echo "Next version: $next_version" >&2
# Output result to stdout
printf "$next_version"
133 changes: 133 additions & 0 deletions .github/release-drafter.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/release-drafter/release-drafter/master/schema.json
name-template: 'v$RESOLVED_VERSION'
tag-template: 'release/$RESOLVED_VERSION'
tag-prefix: 'release/'
version-template: '2023.$MINOR'
version-resolver:
default: minor
prerelease: true
categories:
- title: 🚀 New features and enhancements
collapse-after: 10
labels:
- enhancement
- title: 🐛 Bug fixes
collapse-after: 10
labels:
- bug
- title: 📖 Documentation improvements
collapse-after: 10
labels:
- documentation
- title: 🔧 Dependency updates
collapse-after: 3
labels:
- dependencies
- title: 🔍 Federal Grant Finder updates
collapse-after: 3
labels:
- Grant Finder
- title: 🧾 ARPA Reporter updates
collapse-after: 3
labels:
- arpa validations
- arpa subrecipients
- arpa web tool
- arpa audit report
- arpa output templates
- arpa quarterly reporter
- performance reporter
- title: Other changes
labels:
- '*'
category-template: '### $TITLE'
exclude-labels:
- skip-changelog
exclude-contributors:
- dependabot
- 'dependabot[bot]'
- step-security-bot
autolabeler:
- label: javascript
files:
- '**/*.js'
- '**/package.json'
- 'packages/**'
- '**/yarn.lock'
- '**/.npmrc'
- '**/.nvmrc'
- '**/.nycrc'
- '**/.node-version'
- '**/.huskyrc.json'
- '**/lerna.json'
- '**/eslintrc.js'
- '**/.browserslistrc'
- label: database-changes
files:
- 'packages/server/migrations/**'
- 'packages/server/knexfile.js'
- 'packages/server/rds-combined-ca-bundle.pem'
- label: terraform
files:
- 'terraform/**'
- label: Infra
files:
- 'terraform/**'
- 'docker/**'
- '**/docker-compose.yml'
- '**/docker-compose.yaml'
- 'localstack/**'
- label: dependencies
files:
- '**/yarn.lock'
- '**/.terraform.lock.hcl'
branch:
- '/^dependabot\/.+$/i'
- label: documentation
files:
- README
- '**/doc/**'
- '**/docs/**'
- '**/*.md'
- .adr-dir
branch:
- '/^docs?\/.+$/'
- label: bug
branch:
- '/^fix\/.+$/i'
- '/^bug\/.+$/i'
title:
- '/\bfix(es)?\b/i'
- '/\bbug\b/i'
- '/\brevert(s)?\b/i'
- label: enhancement
branch:
- '/^feat(ures?)?\/.+$/i'
- '/^enhance(s|ments?)?\/.+$/i'
title:
- '/\b(?<!^chores?\b.*)feat(ures?)?\b/i'
- '/\b(?<!^chores?\b.*)enhance(s|ment)?\b/i'
- label: github
files:
- '.github/**'
- '**/.gitignore'
change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
change-title-escapes: '\<*_&'
no-contributors-template: >-
'*All changes in this release were crafted by robots (and reviewed by humans).*'
template: |
## 📚 Summary
The releaser should provide a high-level summary here (or remove this section).
## 🛠️ Changes
$CHANGES
## 🤝 Contributors
We would like to thank the following people who made this release possible:
$CONTRIBUTORS
## Deployment History
20 changes: 20 additions & 0 deletions .github/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
changelog:
exclude:
labels:
- skip-changelog
categories:
- title: 🚀 New features and enhancements
labels:
- enhancement
- title: 🐛 Bug fixes
labels:
- bug
- title: 📖 Documentation improvements
labels:
- documentation
- title: 🔧 Dependency updates
labels:
- dependencies
- title: Other Changes
labels:
- "*"
69 changes: 69 additions & 0 deletions .github/workflows/aws-auth.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
name: Configure AWS Credentials

on:
workflow_call:
inputs:
aws-region:
type: string
required: true
secrets:
role-to-assume:
required: true
gpg-passphrase:
required: true
outputs:
aws-access-key-id:
value: ${{ jobs.oidc-auth.outputs.aws-access-key-id }}
aws-secret-access-key:
value: ${{ jobs.oidc-auth.outputs.aws-secret-access-key }}
aws-session-token:
value: ${{ jobs.oidc-auth.outputs.aws-session-token }}

permissions:
contents: read
id-token: write

jobs:
oidc-auth:
name: OIDC Auth
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
outputs:
aws-access-key-id: ${{ steps.encrypt-aws-access-key-id.outputs.out }}
aws-secret-access-key: ${{ steps.encrypt-aws-secret-access-key.outputs.out }}
aws-session-token: ${{ steps.encrypt-aws-session-token.outputs.out }}
steps:
- uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
sts.us-west-2.amazonaws.com:443
- id: auth
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
with:
aws-region: us-west-2
role-to-assume: "${{ secrets.role-to-assume }}"
- name: Encrypt aws-access-key-id
id: encrypt-aws-access-key-id
run: |
encrypted=$(gpg --batch --yes --passphrase "$GPG_PASSPHRASE" -c --cipher-algo AES256 -o - <(echo "$AWS_ACCESS_KEY_ID") | base64 -w0)
echo "out=$encrypted" >> $GITHUB_OUTPUT
env:
GPG_PASSPHRASE: ${{ secrets.gpg-passphrase }}
- name: Encrypt aws-secret-access-key
id: encrypt-aws-secret-access-key
run: |
encrypted=$(gpg --batch --yes --passphrase "$GPG_PASSPHRASE" -c --cipher-algo AES256 -o - <(echo "$AWS_SECRET_ACCESS_KEY") | base64 -w0)
echo "out=$encrypted" >> $GITHUB_OUTPUT
env:
GPG_PASSPHRASE: ${{ secrets.gpg-passphrase }}
- name: Encrypt aws-session-token
id: encrypt-aws-session-token
run: |
encrypted=$(gpg --batch --yes --passphrase "$GPG_PASSPHRASE" -c --cipher-algo AES256 -o - <(echo "$AWS_SESSION_TOKEN") | base64 -w0)
echo "out=$encrypted" >> $GITHUB_OUTPUT
env:
GPG_PASSPHRASE: ${{ secrets.gpg-passphrase }}
Loading

0 comments on commit d537de0

Please sign in to comment.