diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index f12595c90..849880f92 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -36,7 +36,7 @@ on: jobs: build-and-publish: name: Build and publish - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: contents: read diff --git a/.github/workflows/cd-analytics-infra.yml b/.github/workflows/cd-analytics-infra.yml index 978ed09ea..a8ad5e601 100644 --- a/.github/workflows/cd-analytics-infra.yml +++ b/.github/workflows/cd-analytics-infra.yml @@ -23,7 +23,7 @@ on: jobs: build-repository: name: Build Repository - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: contents: read id-token: write @@ -47,7 +47,7 @@ jobs: deploy-infra: name: Deploy Infrastructure - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: diff --git a/.github/workflows/cd-api-infra.yml b/.github/workflows/cd-api-infra.yml index 8a49b1588..aaadec395 100644 --- a/.github/workflows/cd-api-infra.yml +++ b/.github/workflows/cd-api-infra.yml @@ -24,7 +24,7 @@ on: jobs: build-repository: name: Build Repository - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: contents: read id-token: write @@ -47,7 +47,7 @@ jobs: deploy-infra: name: Deploy Infrastructure - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: diff --git a/.github/workflows/cd-frontend-infra.yml b/.github/workflows/cd-frontend-infra.yml index 3dcbbd4f8..e4ec14cfc 100644 --- a/.github/workflows/cd-frontend-infra.yml +++ b/.github/workflows/cd-frontend-infra.yml @@ -24,7 +24,7 @@ on: jobs: build-repository: name: Build Repository - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: contents: read id-token: write @@ -47,7 +47,7 @@ jobs: deploy-infra: name: Deploy Infrastructure - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: diff --git a/.github/workflows/cd-storybook.yml b/.github/workflows/cd-storybook.yml index 340f32ade..ff2ad67e3 100644 --- a/.github/workflows/cd-storybook.yml +++ b/.github/workflows/cd-storybook.yml @@ -23,7 +23,7 @@ concurrency: jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Checkout uses: actions/checkout@v4 @@ -51,7 +51,7 @@ jobs: environment: name: github-pages url: ${{ steps.hosting.outputs.page_url }} - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: build steps: - name: Deploy to GitHub Pages diff --git a/.github/workflows/check-infra-auth.yml b/.github/workflows/check-infra-auth.yml index 10cd5cf8f..4673518cd 100644 --- a/.github/workflows/check-infra-auth.yml +++ b/.github/workflows/check-infra-auth.yml @@ -18,7 +18,7 @@ permissions: jobs: caller-identity: name: Check caller identity - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Checkout code uses: actions/checkout@v4 diff --git a/.github/workflows/ci-analytics.yml b/.github/workflows/ci-analytics.yml index 2214079a5..47015d6c2 100644 --- a/.github/workflows/ci-analytics.yml +++ b/.github/workflows/ci-analytics.yml @@ -14,7 +14,7 @@ defaults: jobs: lint-test: name: Analytics Lint, Format & Tests - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 env: GH_TOKEN: ${{ secrets.GH_TOKEN_PROJECT_ACCESS }} ANALYTICS_SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/.github/workflows/ci-api.yml b/.github/workflows/ci-api.yml index 709a3f5b0..7d11d5b47 100644 --- a/.github/workflows/ci-api.yml +++ b/.github/workflows/ci-api.yml @@ -14,7 +14,7 @@ defaults: jobs: lint-test: name: API Lint, Format & Tests - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/ci-cron-vulnerability-scans.yml b/.github/workflows/ci-cron-vulnerability-scans.yml index 867e99915..5eb54a518 100644 --- a/.github/workflows/ci-cron-vulnerability-scans.yml +++ b/.github/workflows/ci-cron-vulnerability-scans.yml @@ -13,6 +13,7 @@ jobs: vulnerability-scans: name: Vulnerability Scans strategy: + fail-fast: false matrix: app_name: ["frontend", "api", "analytics"] uses: ./.github/workflows/vulnerability-scans.yml @@ -21,4 +22,5 @@ jobs: send-slack-notification: if: failure() + needs: vulnerability-scans uses: ./.github/workflows/send-slack-notification.yml diff --git a/.github/workflows/ci-frontend-a11y.yml b/.github/workflows/ci-frontend-a11y.yml index 2428d4bd9..ad6745656 100644 --- a/.github/workflows/ci-frontend-a11y.yml +++ b/.github/workflows/ci-frontend-a11y.yml @@ -9,7 +9,7 @@ on: jobs: build: name: Pa11y-ci tests - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 defaults: run: working-directory: ./frontend @@ -52,7 +52,7 @@ jobs: npm run build - name: Run Server - run: npm run start & + run: npm run start & - name: Wait for frontend to be ready run: | diff --git a/.github/workflows/ci-frontend-e2e.yml b/.github/workflows/ci-frontend-e2e.yml index 0fae5f04a..1a5b7388a 100644 --- a/.github/workflows/ci-frontend-e2e.yml +++ b/.github/workflows/ci-frontend-e2e.yml @@ -22,7 +22,7 @@ concurrency: jobs: e2e-tests: name: Run E2E Tests - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 strategy: matrix: @@ -82,7 +82,7 @@ jobs: name: Create Merged Test Report if: ${{ !cancelled() }} needs: [e2e-tests] - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Checkout code diff --git a/.github/workflows/ci-frontend.yml b/.github/workflows/ci-frontend.yml index 842031135..dca9542dc 100644 --- a/.github/workflows/ci-frontend.yml +++ b/.github/workflows/ci-frontend.yml @@ -23,7 +23,7 @@ concurrency: jobs: tests: name: FE Lint, Type Check, Format & Tests - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 @@ -58,7 +58,7 @@ jobs: # Confirms the front end still builds successfully check-frontend-builds: name: FE Build Check - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 @@ -86,7 +86,7 @@ jobs: # Confirms Storybook still builds successfully check-storybook-builds: name: FE Storybook Build Check - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/ci-infra.yml b/.github/workflows/ci-infra.yml index 1a82012e0..305351074 100644 --- a/.github/workflows/ci-infra.yml +++ b/.github/workflows/ci-infra.yml @@ -19,7 +19,7 @@ jobs: # Lint github actions files using https://github.com/rhysd/actionlint # This job configuration is largely copied from https://github.com/rhysd/actionlint/blob/main/docs/usage.md#use-actionlint-on-github-actions name: Lint GitHub Actions workflows - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - name: Download actionlint @@ -31,14 +31,14 @@ jobs: shell: bash lint-scripts: name: Lint scripts - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - name: Shellcheck run: make infra-lint-scripts check-terraform-format: name: Check Terraform format - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - uses: hashicorp/setup-terraform@v3 @@ -51,7 +51,7 @@ jobs: make infra-lint-terraform validate-terraform: name: Validate Terraform modules - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - uses: hashicorp/setup-terraform@v3 @@ -62,7 +62,7 @@ jobs: run: make infra-validate-modules check-compliance-with-checkov: name: Check compliance with checkov - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v5 @@ -81,7 +81,7 @@ jobs: quiet: true # only displays failed checks check-compliance-with-tfsec: name: Check compliance with tfsec - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: contents: read diff --git a/.github/workflows/ci-openapi.yml b/.github/workflows/ci-openapi.yml index 08006252b..acf8fddfb 100644 --- a/.github/workflows/ci-openapi.yml +++ b/.github/workflows/ci-openapi.yml @@ -19,10 +19,9 @@ concurrency: group: ${{ github.head_ref }} cancel-in-progress: true - jobs: update-openapi-docs: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 with: @@ -42,4 +41,4 @@ jobs: git add --all # Commit changes (if no changes then no-op) git diff-index --quiet HEAD || git commit -m "Create ERD diagram and Update OpenAPI spec" - git push \ No newline at end of file + git push diff --git a/.github/workflows/ci-project-linters.yml b/.github/workflows/ci-project-linters.yml index a566b53d3..63d2598c0 100644 --- a/.github/workflows/ci-project-linters.yml +++ b/.github/workflows/ci-project-linters.yml @@ -14,7 +14,7 @@ defaults: jobs: dry-run-project-linters: name: Dry run GitHub project linters - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 env: GH_TOKEN: ${{ secrets.GH_TOKEN_PROJECT_ACCESS }} # Test issue with points and sprint values unset diff --git a/.github/workflows/ci-wiki-links.yml b/.github/workflows/ci-wiki-links.yml index 9b7a9c726..841bc5dc5 100644 --- a/.github/workflows/ci-wiki-links.yml +++ b/.github/workflows/ci-wiki-links.yml @@ -16,7 +16,7 @@ defaults: jobs: check-wiki-links: name: Check wiki links in SUMMARY.md - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/database-migrations.yml b/.github/workflows/database-migrations.yml index 1c2293be7..dd09f4ba6 100644 --- a/.github/workflows/database-migrations.yml +++ b/.github/workflows/database-migrations.yml @@ -18,7 +18,7 @@ concurrency: database-migrations-${{ inputs.environment }} jobs: run-migrations: name: Run migrations - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: contents: read diff --git a/.github/workflows/deploy-metabase.yml b/.github/workflows/deploy-metabase.yml index 4aecf5942..8b2e0ba7b 100644 --- a/.github/workflows/deploy-metabase.yml +++ b/.github/workflows/deploy-metabase.yml @@ -18,7 +18,7 @@ concurrency: cd-${{ inputs.environment }} jobs: deploy: name: Deploy - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: contents: read id-token: write diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 2a86013cb..29be7fa52 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -33,7 +33,7 @@ jobs: deploy: name: Deploy - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: [database-migrations] permissions: contents: read diff --git a/.github/workflows/infra-service.yml b/.github/workflows/infra-service.yml index ac50af68d..108507232 100644 --- a/.github/workflows/infra-service.yml +++ b/.github/workflows/infra-service.yml @@ -11,7 +11,7 @@ on: jobs: infra-test-e2e: name: Test service - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: contents: read diff --git a/.github/workflows/lint-set-points-and-sprint.yml b/.github/workflows/lint-set-points-and-sprint.yml index f25adf78d..8c1a9309b 100644 --- a/.github/workflows/lint-set-points-and-sprint.yml +++ b/.github/workflows/lint-set-points-and-sprint.yml @@ -12,7 +12,7 @@ defaults: jobs: run-project-linters: name: Run set points and sprint values on close - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # Prevents duplicate runs of this linter for the same issue concurrency: group: issue-${{ github.event.issue.number }} diff --git a/.github/workflows/send-slack-notification.yml b/.github/workflows/send-slack-notification.yml index dce3b5ecd..740973d8a 100644 --- a/.github/workflows/send-slack-notification.yml +++ b/.github/workflows/send-slack-notification.yml @@ -5,7 +5,7 @@ on: workflow_call jobs: send-slack-notification: name: Send Slack notification on failure - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Send Slack notification run: | diff --git a/.github/workflows/vulnerability-scans.yml b/.github/workflows/vulnerability-scans.yml index 0cd5232b7..2f2321754 100644 --- a/.github/workflows/vulnerability-scans.yml +++ b/.github/workflows/vulnerability-scans.yml @@ -14,7 +14,7 @@ on: jobs: hadolint-scan: name: Hadolint Scan - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 @@ -34,7 +34,7 @@ jobs: cat hadolint-results.txt >> "$GITHUB_STEP_SUMMARY" build-and-cache: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 outputs: image: ${{ steps.shared-output.outputs.image }} @@ -88,7 +88,7 @@ jobs: trivy-scan: name: Trivy Scan - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: build-and-cache steps: @@ -172,7 +172,7 @@ jobs: anchore-scan: name: Anchore Scan - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: build-and-cache steps: @@ -215,7 +215,7 @@ jobs: dockle-scan: name: Dockle Scan - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 needs: build-and-cache steps: diff --git a/analytics/Dockerfile b/analytics/Dockerfile index cc4d8606f..e988ade47 100644 --- a/analytics/Dockerfile +++ b/analytics/Dockerfile @@ -11,15 +11,24 @@ FROM python:3.13-slim AS base RUN pip install --no-cache-dir poetry==1.8.2 --upgrade RUN apt-get update \ + # Remove existing packages before installing their never versions + && apt-get remove --yes \ + build-essential \ + libc-dev \ + libpq-dev \ + postgresql \ + wget \ + jq \ # Install security updates # https://pythonspeed.com/articles/security-updates-in-docker/ && apt-get upgrade --yes \ && apt-get install --no-install-recommends --yes \ - build-essential \ - libpq-dev \ - postgresql \ - wget \ - jq \ + build-essential \ + libc-dev \ + libpq-dev \ + postgresql \ + wget \ + jq \ # Reduce the image size by clear apt cached lists # Complies with https://github.com/codacy/codacy-hadolint/blob/master/codacy-hadolint/docs/description/DL3009.md && rm -fr /var/lib/apt/lists/* \ diff --git a/api/openapi.generated.yml b/api/openapi.generated.yml index ab83a8d54..c228c0e4c 100644 --- a/api/openapi.generated.yml +++ b/api/openapi.generated.yml @@ -23,6 +23,7 @@ tags: - name: Health - name: Opportunity v1 - name: Extract v1 +- name: Agency v1 - name: User v1 servers: . paths: @@ -86,6 +87,47 @@ paths: sort_direction: descending security: - ApiKeyAuth: [] + /v1/agencies: + post: + parameters: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/AgencyListResponse' + description: Successful response + '422': + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + description: Validation error + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + description: Authentication error + tags: + - Agency v1 + summary: Agencies Get + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AgencyListRequest' + examples: + example1: + summary: No filters + value: + pagination: + order_by: created_at + page_offset: 1 + page_size: 25 + sort_direction: descending + security: + - ApiKeyAuth: [] /v1/users/token: post: parameters: @@ -670,6 +712,169 @@ components: type: integer description: The HTTP status code example: 200 + AgencyFilterV1: + type: object + properties: + agency_id: + type: integer + AgencyPaginationV1: + type: object + properties: + order_by: + type: string + enum: + - created_at + description: The field to sort the response by + sort_direction: + description: Whether to sort the response ascending or descending + enum: + - ascending + - descending + type: + - string + page_size: + type: integer + minimum: 1 + description: The size of the page to fetch + example: 25 + page_offset: + type: integer + minimum: 1 + description: The page number to fetch, starts counting from 1 + example: 1 + required: + - order_by + - page_offset + - page_size + - sort_direction + AgencyListRequest: + type: object + properties: + filters: + type: + - object + allOf: + - $ref: '#/components/schemas/AgencyFilterV1' + pagination: + type: + - object + allOf: + - $ref: '#/components/schemas/AgencyPaginationV1' + required: + - pagination + AgencyContactInfo: + type: object + properties: + contact_name: + type: string + address_line_1: + type: string + address_line_2: + type: + - string + - 'null' + city: + type: string + state: + type: string + zip_code: + type: string + phone_number: + type: string + primary_email: + type: string + secondary_email: + type: + - string + - 'null' + AgencyResponse: + type: object + properties: + agency_id: + type: integer + agency_name: + type: string + agency_code: + type: string + sub_agency_code: + type: + - string + - 'null' + assistance_listing_number: + type: string + agency_submission_notification_setting: + type: string + agency_contact_info: + type: + - object + - 'null' + anyOf: + - $ref: '#/components/schemas/AgencyContactInfo' + - type: 'null' + is_test_agency: + type: boolean + is_multilevel_agency: + type: boolean + is_multiproject: + type: boolean + has_system_to_system_certificate: + type: boolean + can_view_packages_in_grace_period: + type: boolean + is_image_workspace_enabled: + type: boolean + is_validation_workspace_enabled: + type: boolean + ldap_group: + type: + - string + - 'null' + description: + type: + - string + - 'null' + label: + type: + - string + - 'null' + top_level_agency_id: + type: + - integer + - 'null' + agency_download_file_types: + type: array + items: + type: string + created_at: + type: string + format: date-time + updated_at: + type: string + format: date-time + AgencyListResponse: + type: object + properties: + pagination_info: + description: The pagination information for paginated endpoints + type: *id001 + allOf: + - $ref: '#/components/schemas/PaginationInfo' + message: + type: string + description: The message to return + example: Success + data: + type: array + description: A list of agency records + items: + type: + - object + allOf: + - $ref: '#/components/schemas/AgencyResponse' + status_code: + type: integer + description: The HTTP status code + example: 200 User: type: object properties: @@ -836,7 +1041,7 @@ components: - archived type: - string - AgencyFilterV1: + AgencyFilterV11: type: object properties: one_of: @@ -979,7 +1184,7 @@ components: type: - object allOf: - - $ref: '#/components/schemas/AgencyFilterV1' + - $ref: '#/components/schemas/AgencyFilterV11' assistance_listing_number: type: - object