Merge pull request #1406 from Enterprise-CMCS/develop

Sprint 79 and observability epic  merge

.github/oidc/develop.json

@@ -1,7 +1,7 @@
 [
   {
     "ParameterKey": "SubjectClaimFilters",
-    "ParameterValue": "repo:CMSgov/onemac:*"
+    "ParameterValue": "repo:Enterprise-CMCS/macpro-onemac:*"
   },
   {
     "ParameterKey": "Path",

.github/oidc/github-actions-oidc-template.yml

@@ -19,10 +19,10 @@ Parameters:
       Default is audience for the official AWS configure action from https://github.com/aws-actions/configure-aws-credentials
   SubjectClaimFilters:
     Type: CommaDelimitedList
-    Default: "repo:CMSgov/onemac:*"
+    Default: "repo:Enterprise-CMCS/macpro-onemac:*"
     Description: >
       Subject claim filter for valid tokens.
-      Default allows any branch or tag of the CMSgov/onemac to assume the role.
+      Default allows any branch or tag of the Enterprise-CMCS/macpro-onemac to assume the role.
       See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#example-subject-claims
       for examples of fitlering by branch or deployment environment.
   Path:

.github/oidc/production.json

@@ -1,7 +1,7 @@
 [
   {
     "ParameterKey": "SubjectClaimFilters",
-    "ParameterValue": "repo:CMSgov/onemac:ref:refs/heads/production"
+    "ParameterValue": "repo:Enterprise-CMCS/macpro-onemac:ref:refs/heads/production"
   },
   {
     "ParameterKey": "Path",

.github/oidc/val.json

@@ -1,7 +1,7 @@
 [
   {
     "ParameterKey": "SubjectClaimFilters",
-    "ParameterValue": "repo:CMSgov/onemac:ref:refs/heads/master"
+    "ParameterValue": "repo:Enterprise-CMCS/macpro-onemac:ref:refs/heads/master"
   },
   {
     "ParameterKey": "Path",

.github/workflows/codeql-analysis.yml

@@ -26,7 +26,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2

.github/workflows/deploy-support.yml

@@ -20,7 +20,7 @@ jobs:
           else
             echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
           fi
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Validate branch name
         run: ./.github/branchNameValidation.sh $STAGE_PREFIX$branch_name
       - name: set branch specific variable names
@@ -34,18 +34,18 @@ jobs:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           CODE_CLIMATE_ID: ${{ secrets.CODE_CLIMATE_ID }}
       - name: Configure AWS credentials for GitHub Actions
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
       - name: lock this branch to prevent concurrent builds
         run: ./.github/github-lock.sh $branch_name
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - uses: actions/setup-node@v1
+      - uses: actions/setup-node@v3
         with:
-          node-version: "14.x"
-      - uses: actions/cache@v2
+          node-version: "18.x"
+      - uses: actions/cache@v3
         with:
           path: "**/node_modules"
           key: deploy-support-${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock', 'plugins/**') }}

.github/workflows/deploy.yml

@@ -18,16 +18,16 @@ jobs:
     name: Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
         with:
-          node-version: "14.x"
+          node-version: "18.x"
       - name: Install dependencies
         run: |
-          npm ci
+          npm ci  --legacy-peer-deps
           for service in services/*/; do
             pushd "$service"
-            if [ -f package-lock.json ]; then npm ci; fi
+            if [ -f package-lock.json ]; then npm ci  --legacy-peer-deps; fi
             popd
           done
       - name: Run ESLint
@@ -36,12 +36,12 @@ jobs:
     name: Unit Test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
         with:
-          node-version: "14.x"
+          node-version: "18.x"
       - name: Unit Test & Publish Coverage
-        uses: paambaati/codeclimate-action@v2.7.5
+        uses: paambaati/codeclimate-action@v5.0.0
         env:
           CC_TEST_REPORTER_ID: ${{ secrets.CODECLIMATE_TEST_REPORTER_ID }}
         with:
@@ -81,7 +81,7 @@ jobs:
             """
             exit 1
           fi
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
       - name: Validate branch name
         run: ./.github/branchNameValidation.sh $STAGE_PREFIX$branch_name
       - name: set branch specific variable names
@@ -102,17 +102,17 @@ jobs:
           COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }}
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
       - name: Configure AWS credentials for GitHub Actions
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
-      - uses: actions/setup-node@v1
+      - uses: actions/setup-node@v3
         with:
-          node-version: "14.x"
+          node-version: "18.x"
       - name: Combine package-lock.json files to single file
         run: find services -maxdepth 3 -name package-lock.json | xargs cat package-lock.json > combined-package-lock.txt
       - name: cache service dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: |
             services/.sechub/node_modules
@@ -177,7 +177,7 @@ jobs:
             """
             exit 1
           fi
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
       - name: Validate branch name
         run: ./.github/branchNameValidation.sh $STAGE_PREFIX$branch_name
       - name: set branch specific variable names
@@ -198,17 +198,17 @@ jobs:
           COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }}
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
       - name: Configure AWS credentials for GitHub Actions
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
-      - uses: actions/setup-node@v1
+      - uses: actions/setup-node@v3
         with:
-          node-version: "14.x"
+          node-version: "18.x"
       - name: Combine package-lock.json files to single file
         run: find services -maxdepth 3 -name package-lock.json | xargs cat package-lock.json > combined-package-lock.txt
       - name: cache service dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: |
             services/.sechub/node_modules
@@ -237,10 +237,13 @@ jobs:
           pushd services
           echo "::notice::Endpoint URL - `./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name`"
           popd
+      - name: Consolidate Seed Data
+        if: ${{ env.branch_name != 'production'}}
+        run: cd services/app-api/seed-data && ./buildSeedData.py .
       - name: Seed Data
         # this "resets" any data explicitly provided in the seed files to what
         # is in the committed code
-        if: ${{ env.branch_name != 'production' && env.branch_name != 'master' }}
+        if: ${{ env.branch_name != 'production' }}
         env:
           SLS_DEBUG: 'true'
           BRANCH: ${{ env.STAGE_PREFIX }}${{ env.branch_name }}
@@ -332,12 +335,11 @@ jobs:
             Withdraw_Package_Form_Medicaid_SPA.spec.feature,
             Withdraw_Package_Form_Waiver_Amendment.spec.feature,
             Withdraw_Package_Form_Waiver_Renewal.spec.feature,
-
           ]
     steps:
       - name: set branch_name
         run: echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
       - name: set branch specific variable names
         run: ./.github/build_vars.sh set_names
       - name: set variable values
@@ -350,13 +352,13 @@ jobs:
           COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }}
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
       - name: Configure AWS credentials for GitHub Actions
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
       - uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version: 18
       - name: Combine package-lock.json files to single file
         run: find services -maxdepth 3 -name package-lock.json | xargs cat package-lock.json > combined-package-lock.txt
       - name: cache service dependencies
@@ -373,7 +375,7 @@ jobs:
           key: ${{ runner.os }}-${{ hashFiles('combined-package-lock.txt') }}
       - name: Install dependencies
         run: |
-          npm i --legacy-peer-deps
+          npm ci --legacy-peer-deps
       - name: set path
         run: |
           echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV
@@ -392,7 +394,7 @@ jobs:
           browser: chrome
           config: baseUrl=${{ env.APPLICATION_ENDPOINT }}
       - name: Upload screenshots
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: cypress-screenshots
@@ -428,8 +430,6 @@ jobs:
             spaTypePage,
             submissionType,
             PackageWaiverActionTypePage,
-            PackageSubmissionType,
-            PackageSpaTypePage,
             PackageRequestTempExtentionPage,
             PackageMedicaidSpaPage,
             PackageCHIPSPAPage,
@@ -441,7 +441,7 @@ jobs:
     steps:
       - name: set branch_name
         run: echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
       - name: set branch specific variable names
         run: ./.github/build_vars.sh set_names
       - name: set variable values
@@ -454,13 +454,13 @@ jobs:
           COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }}
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
       - name: Configure AWS credentials for GitHub Actions
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
       - uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version: 18
       - name: Combine package-lock.json files to single file
         run: find services -maxdepth 3 -name package-lock.json | xargs cat package-lock.json > combined-package-lock.txt
       - name: cache service dependencies

.github/workflows/destroy.yml

@@ -15,7 +15,7 @@ jobs:
     steps:
       - name: set branch_name
         run: echo "branch_name=${{ github.event.ref }}" >> $GITHUB_ENV
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
       - name: set branch specific variable names
         run: ./.github/build_vars.sh set_names
       - name: set variable values
@@ -25,7 +25,7 @@ jobs:
           AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
           STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
       - name: Configure AWS credentials for GitHub Actions
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}

.github/workflows/pull-request.yml

@@ -20,7 +20,7 @@ jobs:
       - name: set branch_name
         run: echo "branch_name=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
       - name: Configure AWS credentials for GitHub Actions
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
           aws-region: ${{ secrets.AWS_DEFAULT_REGION }}

CODEOWNERS

@@ -1 +1 @@
-* @Dark-Knight-1313 @kristin-at-theta @bflynn-cms @kevinhaube
+* @Dark-Knight-1313 @kristin-at-theta @bflynn-cms

deploy.sh

@@ -5,10 +5,10 @@ stage=${1:-dev}
 install_deps() {
   if [ "$CI" == "true" ]; then # If we're in a CI system
     if [ ! -d "node_modules" ]; then # If we don't have any node_modules (CircleCI cache miss scenario), run npm ci.  Otherwise, we're all set, do nothing.
-      npm ci
+      npm ci --legacy-peer-deps
     fi
   else # We're not in a CI system, let's npm install
-    npm install
+    npm install --legacy-peer-deps
   fi
 }