Merge pull request #2417 from GSA/main

03/17/2025 Production Deploy

Author: ccostino

.ds.baseline

@@ -127,16 +127,6 @@
     }
   ],
   "results": {
-    ".github/workflows/checks.yml": [
-      {
-        "type": "Secret Keyword",
-        "filename": ".github/workflows/checks.yml",
-        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
-        "is_verified": false,
-        "line_number": 68,
-        "is_secret": false
-      }
-    ],
     "app/assets/js/uswds.min.js": [
       {
         "type": "Secret Keyword",
@@ -684,5 +674,5 @@
       }
     ]
   },
-  "generated_at": "2025-02-26T18:19:37Z"
+  "generated_at": "2025-03-17T23:26:44Z"
 }

.github/workflows/checks.yml

@@ -51,73 +51,75 @@ jobs:
       - name: Check coverage threshold
         run: poetry run coverage report --fail-under=90
 
-  end-to-end-tests:
-    if: ${{ github.actor != 'dependabot[bot]' }}
+  # TODO FIX
+  # end-to-end-tests:
+  #   if: ${{ github.actor != 'dependabot[bot]' }}
 
-    permissions:
-      checks: write
-      pull-requests: write
-      contents: write
-    runs-on: ubuntu-latest
-    environment: staging
-    services:
-      postgres:
-        image: postgres
-        env:
-          POSTGRES_USER: user
-          POSTGRES_PASSWORD: password
-          POSTGRES_DB: test_notification_api
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          # Maps tcp port 5432 on service container to the host
-          - 5432:5432
-      redis:
-        image: redis
-        options: >-
-          --health-cmd "redis-cli ping"
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          # Maps tcp port 6379 on service container to the host
-          - 6379:6379
+  #   permissions:
+  #     checks: write
+  #     pull-requests: write
+  #     contents: write
+  #   runs-on: ubuntu-latest
+  #   environment: staging
+  #   services:
+  #     postgres:
+  #       image: postgres
+  #       env:
+  #         POSTGRES_USER: user
+  #         POSTGRES_PASSWORD: password
+  #         POSTGRES_DB: test_notification_api
+  #       options: >-
+  #         --health-cmd pg_isready
+  #         --health-interval 10s
+  #         --health-timeout 5s
+  #         --health-retries 5
+  #       ports:
+  #         # Maps tcp port 5432 on service container to the host
+  #         - 5432:5432
+  #     redis:
+  #       image: redis
+  #       options: >-
+  #         --health-cmd "redis-cli ping"
+  #         --health-interval 10s
+  #         --health-timeout 5s
+  #         --health-retries 5
+  #       ports:
+  #         # Maps tcp port 6379 on service container to the host
+  #         - 6379:6379
 
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/setup-project
-      - uses: jwalton/gh-find-current-pr@v1
-        id: findPr
-      - name: Check API Server availability
-        run: |
-          curl --fail -v https://notify-api-staging.app.cloud.gov || exit 1
-      - name: Run Admin server
-        # If we want to log stuff and see what's broken,
-        # insert this line:
-        # tail -f admin-server.log &
-        # above make e2e-test
+    # steps:
+    #   - uses: actions/checkout@v4
+    #   - uses: ./.github/actions/setup-project
+    #   - uses: jwalton/gh-find-current-pr@v1
+    #     id: findPr
+    #   - name: Check API Server availability
+    #     run: |
+    #       curl --fail -v https://notify-api-staging.app.cloud.gov || exit 1
+    #   - name: Run Admin server
+    #     # If we want to log stuff and see what's broken,
+    #     # insert this line:
+    #     # tail -f admin-server.log &
+    #     # above make e2e-test
 
 
-        run: |
-          make run-flask > admin-server.log 2>&1 &
-          tail -f admin-server.log &
-          make e2e-test
+    #     run: |
+    #       make run-flask > admin-server.log 2>&1 &
+    #       tail -f admin-server.log &
+    #       make e2e-test
+
+    #     env:
+    #       API_HOST_NAME: https://notify-api-staging.app.cloud.gov/
+    #       SECRET_KEY: ${{ secrets.SECRET_KEY }}
+    #       DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
+    #       ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }}
+    #       ADMIN_CLIENT_USERNAME: notify-admin
+    #       NOTIFY_ENVIRONMENT: e2etest
+    #       NOTIFY_E2E_AUTH_STATE_PATH: ${{ secrets.NOTIFY_E2E_AUTH_STATE_PATH }}
+    #       NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
+    #       NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
+    #       NOTIFY_E2E_TEST_URI: http://localhost:6012/
+    #       VCAP_SERVICES: ${{ secrets.VCAP_SERVICES }}
 
-        env:
-          API_HOST_NAME: https://notify-api-staging.app.cloud.gov/
-          SECRET_KEY: ${{ secrets.SECRET_KEY }}
-          DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
-          ADMIN_CLIENT_SECRET: ${{ secrets.ADMIN_CLIENT_SECRET }}
-          ADMIN_CLIENT_USERNAME: notify-admin
-          NOTIFY_ENVIRONMENT: e2etest
-          NOTIFY_E2E_AUTH_STATE_PATH: ${{ secrets.NOTIFY_E2E_AUTH_STATE_PATH }}
-          NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
-          NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
-          NOTIFY_E2E_TEST_URI: http://localhost:6012/
-          VCAP_SERVICES: ${{ secrets.VCAP_SERVICES }}
   validate-new-relic-config:
     runs-on: ubuntu-latest
     environment: staging

.github/workflows/deploy-demo.yml

@@ -24,23 +24,13 @@ jobs:
           terraform_version: "^1.7.5"
           terraform_wrapper: false
 
-      - name: Check for changes to Terraform
-        id: changed-terraform-files
-        uses: tj-actions/changed-files@v45
-        with:
-          files: |
-            terraform/demo/**
-            terraform/shared/**
-            .github/workflows/deploy-demo.yml
       - name: Terraform init
-        if: steps.changed-terraform-files.outputs.any_changed == 'true'
         working-directory: terraform/demo
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
         run: terraform init
       - name: Terraform apply
-        if: steps.changed-terraform-files.outputs.any_changed == 'true'
         working-directory: terraform/demo
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
@@ -99,16 +89,7 @@ jobs:
             --var LOGIN_PEM="$LOGIN_PEM"
             --strategy rolling
 
-      - name: Check for changes to egress config
-        id: changed-egress-config
-        uses: tj-actions/changed-files@v45
-        with:
-          files: |
-            deploy-config/egress_proxy/notify-admin-demo.*.acl
-            .github/actions/deploy-proxy/action.yml
-            .github/workflows/deploy-demo.yml
       - name: Deploy egress proxy
-        if: steps.changed-egress-config.outputs.any_changed == 'true'
         uses: ./.github/actions/deploy-proxy
         env:
           CF_USERNAME: ${{ secrets.CLOUDGOV_USERNAME }}

.github/workflows/deploy-prod.yml

@@ -24,23 +24,13 @@ jobs:
           terraform_version: "^1.7.5"
           terraform_wrapper: false
 
-      - name: Check for changes to Terraform
-        id: changed-terraform-files
-        uses: tj-actions/changed-files@v45
-        with:
-          files: |
-            terraform/production/**
-            terraform/shared/**
-            .github/workflows/deploy-prod.yml
       - name: Terraform init
-        if: steps.changed-terraform-files.outputs.any_changed == 'true'
         working-directory: terraform/production
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
         run: terraform init
       - name: Terraform apply
-        if: steps.changed-terraform-files.outputs.any_changed == 'true'
         working-directory: terraform/production
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
@@ -99,16 +89,7 @@ jobs:
             --var LOGIN_PEM="$LOGIN_PEM"
             --strategy rolling
 
-      - name: Check for changes to egress config
-        id: changed-egress-config
-        uses: tj-actions/changed-files@v45
-        with:
-          files: |
-            deploy-config/egress_proxy/notify-admin-production.*.acl
-            .github/actions/deploy-proxy/action.yml
-            .github/workflows/deploy-prod.yml
       - name: Deploy egress proxy
-        if: steps.changed-egress-config.outputs.any_changed == 'true'
         uses: ./.github/actions/deploy-proxy
         env:
           CF_USERNAME: ${{ secrets.CLOUDGOV_USERNAME }}

.github/workflows/deploy.yml

@@ -29,23 +29,13 @@ jobs:
         terraform_version: "^1.7.5"
         terraform_wrapper: false
 
-    - name: Check for changes to Terraform
-      id: changed-terraform-files
-      uses: tj-actions/changed-files@v45
-      with:
-        files: |
-          terraform/staging/**
-          terraform/shared/**
-          .github/workflows/deploy.yml
     - name: Terraform init
-      if: steps.changed-terraform-files.outputs.any_changed == 'true'
       working-directory: terraform/staging
       env:
         AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
         AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
       run: terraform init
     - name: Terraform apply
-      if: steps.changed-terraform-files.outputs.any_changed == 'true'
       working-directory: terraform/staging
       env:
         AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
@@ -106,16 +96,7 @@ jobs:
           --strategy rolling
 
 
-    - name: Check for changes to egress config
-      id: changed-egress-config
-      uses: tj-actions/changed-files@v45
-      with:
-        files: |
-          deploy-config/egress_proxy/notify-admin-staging.*.acl
-          .github/actions/deploy-proxy/action.yml
-          .github/workflows/deploy.yml
     - name: Deploy egress proxy
-      if: steps.changed-egress-config.outputs.any_changed == 'true'
       uses: ./.github/actions/deploy-proxy
       env:
           CF_USERNAME: ${{ secrets.CLOUDGOV_USERNAME }}