Skip to content

EREGCSC-2363 -- Prevent frontend from interpreting HTML characters #6299

EREGCSC-2363 -- Prevent frontend from interpreting HTML characters

EREGCSC-2363 -- Prevent frontend from interpreting HTML characters #6299

name: "Deploy Experimental"
on:
pull_request:
types: [opened, synchronize, reopened]
permissions:
id-token: write
contents: read
actions: read
concurrency: ${{ github.workflow }}-${{ github.ref }}
jobs:
deploy-static:
environment:
name: "dev"
url: ${{ steps.deploy-regulations-site-server.outputs.url }}
runs-on: ubuntu-22.04
steps:
# Checkout the code
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true
# Find the PR number. This is not always trivial which is why this uses an existign action
- name: Find PR number
uses: jwalton/gh-find-current-pr@v1
id: findPr
with:
# Can be "open", "closed", or "all". Defaults to "open".
state: open
# should build first and save the artifact
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18.14
# setup python
- uses: actions/setup-python@v5
if: success() && steps.findPr.outputs.number
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r ./solution/static-assets/requirements.txt
# build the static assets for the website
- name: build static assets
if: success() && steps.findPr.outputs.number
env:
STATIC_URL: http://localhost:8888/
STATIC_ROOT: ../static-assets/regulations
VITE_ENV: dev${{ steps.findPr.outputs.pr }}
run: |
pushd solution/backend
python manage.py collectstatic --noinput
cd ..
popd
# Configure AWS credentials for GitHub Actions
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: us-east-1
# deploy static assets to AWS
- name: deploy static assets
if: success() && steps.findPr.outputs.number
env:
PR: ${{ steps.findPr.outputs.pr }}
run: |
pushd solution/static-assets
npm install serverless@">=3.38.0 <4" -g
npm install
serverless deploy --stage dev${PR}
popd
deploy-zip-lambdas-cdk:
if: github.event.action != 'closed'
runs-on: ubuntu-22.04
environment:
name: "dev"
env:
ENVIRONMENT_NAME: "dev"
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true
- name: Find PR number
uses: jwalton/gh-find-current-pr@v1
id: findPr
with:
state: open
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: us-east-1
- name: Deploy ZIP-based Lambdas
if: success() && steps.findPr.outputs.number
env:
PR_NUMBER: ${{ steps.findPr.outputs.pr }}
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
CDK_DEBUG: true
run: |
pushd cdk-eregs
npm install -g aws-cdk@latest @aws-sdk/client-ssm
npm install
# Get exact stack names
REDIRECT_STACK="cms-eregs-eph-$PR_NUMBER-redirect-api"
MAINTENANCE_STACK="cms-eregs-eph-$PR_NUMBER-maintenance-api"
cdk deploy ${REDIRECT_STACK} ${MAINTENANCE_STACK} \
-c environment=${{ env.ENVIRONMENT_NAME }} \
--require-approval never \
--exclusively \
--app "npx ts-node bin/zip-lambdas.ts"
popd
deploy-text-extractor-cdk:
needs: deploy-zip-lambdas-cdk
if: github.event.action != 'closed'
runs-on: ubuntu-22.04
environment:
name: "dev"
env:
ENVIRONMENT_NAME: "dev"
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true
- name: Find PR number
uses: jwalton/gh-find-current-pr@v1
id: findPr
with:
state: open
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: us-east-1
- name: Deploy Text Extractor
if: success() && steps.findPr.outputs.number
env:
PR_NUMBER: ${{ steps.findPr.outputs.pr }}
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
CDK_DEBUG: true
run: |
pushd cdk-eregs
npm install -g aws-cdk@latest @aws-sdk/client-ssm
npm install
TEXT_EXTRACTOR_STACK="cms-eregs-eph-$PR_NUMBER-text-extractor"
cdk deploy $TEXT_EXTRACTOR_STACK \
-c environment=${{ env.ENVIRONMENT_NAME }} \
--require-approval never \
--exclusively \
--app "npx ts-node bin/docker-lambdas.ts"
popd
deploy-fr-parser-cdk:
needs: [deploy-zip-lambdas-cdk, deploy-text-extractor-cdk]
if: github.event.action != 'closed'
runs-on: ubuntu-22.04
environment:
name: "dev"
env:
ENVIRONMENT_NAME: "dev"
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true
- name: Find PR number
uses: jwalton/gh-find-current-pr@v1
id: findPr
with:
state: open
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: us-east-1
- name: Deploy FR Parser
if: success() && steps.findPr.outputs.number
env:
PR_NUMBER: ${{ steps.findPr.outputs.pr }}
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
CDK_DEBUG: true
run: |
pushd cdk-eregs
npm install -g aws-cdk@latest @aws-sdk/client-ssm
npm install
FR_PARSER_STACK="cms-eregs-eph-$PR_NUMBER-fr-parser"
cdk deploy $FR_PARSER_STACK \
-c environment=${{ env.ENVIRONMENT_NAME }} \
--require-approval never \
--exclusively \
--app "npx ts-node bin/docker-lambdas.ts"
popd
deploy-ecfr-parser-cdk:
needs: [deploy-zip-lambdas-cdk, deploy-text-extractor-cdk, deploy-fr-parser-cdk]
if: github.event.action != 'closed'
runs-on: ubuntu-22.04
environment:
name: "dev"
env:
ENVIRONMENT_NAME: "dev"
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true
- name: Find PR number
uses: jwalton/gh-find-current-pr@v1
id: findPr
with:
state: open
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: us-east-1
- name: Deploy ECFR Parser
if: success() && steps.findPr.outputs.number
env:
PR_NUMBER: ${{ steps.findPr.outputs.pr }}
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
CDK_DEBUG: true
run: |
pushd cdk-eregs
npm install -g aws-cdk@latest @aws-sdk/client-ssm
npm install
ECFR_PARSER_STACK="cms-eregs-eph-$PR_NUMBER-ecfr-parser"
cdk deploy $ECFR_PARSER_STACK \
-c environment=${{ env.ENVIRONMENT_NAME }} \
--require-approval never \
--exclusively \
--app "npx ts-node bin/docker-lambdas.ts"
popd
deployment-status-cdk:
needs: [deploy-zip-lambdas-cdk, deploy-text-extractor-cdk, deploy-fr-parser-cdk, deploy-ecfr-parser-cdk]
if: always()
runs-on: ubuntu-22.04
environment: "dev"
steps:
- name: Deployment Status Summary
run: |
echo "Deployment Summary for ${{ env.ENVIRONMENT_NAME }}"
echo "1. ZIP-based Lambdas: ${{ needs.deploy-zip-lambdas-cdk.result == 'success' && '✅' || '❌' }}"
echo "2. Text Extractor: ${{ needs.deploy-text-extractor-cdk.result == 'success' && '✅' || '❌' }}"
echo "3. FR Parser: ${{ needs.deploy-fr-parser-cdk.result == 'success' && '✅' || '❌' }}"
echo "4. ECFR Parser: ${{ needs.deploy-ecfr-parser-cdk.result == 'success' && '✅' || '❌' }}"
# deploy-hello-world-cdk:
# environment:
# name: "dev"
# runs-on: ubuntu-22.04
# steps:
# # Checkout the code
# - name: Checkout
# uses: actions/checkout@v3
# with:
# submodules: true
# # Find the PR number. This is not always trivial which is why this uses an existign action
# - name: Find PR number
# uses: jwalton/gh-find-current-pr@v1
# id: findPr
# with:
# # Can be "open", "closed", or "all". Defaults to "open".
# state: open
# # Configure AWS credentials for GitHub Actions
# - name: Configure AWS credentials for GitHub Actions
# uses: aws-actions/configure-aws-credentials@v4
# with:
# role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
# aws-region: us-east-1
# # Deploy the text extractor lambda to AWS
# - name: Deploy the hello world test lambda via CDK
# id: deploy-redirect-api-test
# if: success() && steps.findPr.outputs.number
# env:
# PR_NUMBER: ${{ steps.findPr.outputs.pr }}
# RUN_ID: ${{ github.run_id }}
# AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
# AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
# run: |
# pushd cdk-eregs
# npm install -g aws-cdk
# npm install
# STAGE=dev${PR_NUMBER} cdk synth -c stage=dev${PR_NUMBER} -c account=${AWS_ACCOUNT_ID} -c region=${AWS_DEFAULT_REGION}
# STAGE=dev${PR_NUMBER} cdk deploy -c stage=dev${PR_NUMBER} -c account=${AWS_ACCOUNT_ID} -c region=${AWS_DEFAULT_REGION} \
# dev${PR_NUMBER}-HelloWorldStack --require-approval never
# popd
deploy-text-extractor:
environment:
name: "dev"
runs-on: ubuntu-22.04
steps:
# Checkout the code
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true
# Find the PR number. This is not always trivial which is why this uses an existign action
- name: Find PR number
uses: jwalton/gh-find-current-pr@v1
id: findPr
with:
# Can be "open", "closed", or "all". Defaults to "open".
state: open
# Configure AWS credentials for GitHub Actions
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: us-east-1
# Deploy the text extractor lambda to AWS
- name: Deploy text extractor lambda
id: deploy-text-extractor
if: success() && steps.findPr.outputs.number
env:
PR: ${{ steps.findPr.outputs.pr }}
RUN_ID: ${{ github.run_id }}
run: |
pushd solution/text-extractor
npm install serverless@">=3.38.0 <4" -g
serverless deploy --stage dev${PR}
popd
deploy-django:
environment:
name: "dev"
outputs:
url: ${{ steps.deploy-regulations-site-server.outputs.url }}
runs-on: ubuntu-22.04
needs: [deploy-static, deploy-text-extractor]
steps:
# Checkout the code
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true
# Find the PR number. This is not always trivial which is why this uses an existign action
- name: Find PR number
uses: jwalton/gh-find-current-pr@v1
id: findPr
with:
# Can be "open", "closed", or "all". Defaults to "open".
state: open
# should build first and save the artifact
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18.14
# setup python
- uses: actions/setup-python@v5
if: success() && steps.findPr.outputs.number
with:
python-version: "3.12"
# Configure AWS credentials for GitHub Actions
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: us-east-1
# Deploy the regulation site to AWS
- name: deploy regulations site server
id: deploy-regulations-site-server
if: success() && steps.findPr.outputs.number
env:
PR: ${{ steps.findPr.outputs.pr }}
RUN_ID: ${{ github.run_id }}
run: |
pushd solution/backend
npm install serverless@">=3.38.0 <4" -g
npm install
serverless deploy --config ./serverless-experimental.yml --stage dev${PR} | tee output.log
serverless invoke --config ./serverless-experimental.yml --function create_database --stage dev${PR}
serverless invoke --config ./serverless-experimental.yml --function reg_core_migrate --stage dev${PR}
serverless invoke --config ./serverless-experimental.yml --function create_su --stage dev${PR}
url=$(cat output.log | grep -m1 'ANY -' | cut -c 9-)
url=${url%/}
echo "url=$(echo $url)" >> $GITHUB_OUTPUT
popd
test-python:
needs: [deploy-django]
runs-on: ubuntu-22.04
env:
STATIC_URL: http://localhost:8888/
DB_HOST: localhost
DB_NAME: eregs
DB_USER: eregs
DB_PASSWORD: sgere
DB_PORT: 5432
HTTP_AUTH_USER: ${{ secrets.HTTP_AUTH_USER }}
HTTP_AUTH_PASSWORD: ${{ secrets.HTTP_AUTH_PASSWORD }}
services:
postgres:
image: postgres
env:
STATIC_URL: http://localhost:8888/
POSTGRES_HOST: localhost
POSTGRES_DB: eregs
POSTGRES_USER: eregs
POSTGRES_PASSWORD: sgere
ports:
- 5432:5432
# needed because the postgres container does not provide a healthcheck
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
# checkout the code
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true
# setup Python
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r ./solution/static-assets/requirements.txt
# run Python unit tests
- name: Run Python unit tests
working-directory: ./solution/backend
run: |
DJANGO_SETTINGS_MODULE="cmcs_regulations.settings.test_settings" pytest -vv
build-and-deploy-vue:
environment:
name: "dev"
runs-on: ubuntu-22.04
needs: deploy-django
steps:
# Checkout the code
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true
# Find the PR number. This is not always trivial which is why this uses an existing action
- name: Find PR number
uses: jwalton/gh-find-current-pr@v1
id: findPr
with:
# Can be "open", "closed", or "all". Defaults to "open".
state: open
# Setup node environment
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version:
18.14
# setup python
- uses: actions/setup-python@v5
if: success() && steps.findPr.outputs.number
with:
python-version: "3.12"
- name: Make envfile
uses: SpicyPizza/create-envfile@v1.3
with:
envkey_VITE_API_URL: ${{ needs.deploy-django.outputs.url }}
directory: solution/ui/regulations/eregs-vite
file_name: .env
# build the static assets for the website
- name: build static assets
if: success() && steps.findPr.outputs.number
env:
STATIC_URL: http://localhost:8888/
STATIC_ROOT: ../static-assets/regulations
VITE_ENV: dev${{ steps.findPr.outputs.pr }}
run: |
pushd solution
make regulations
popd
# Configure AWS credentials for GitHub Actions
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: us-east-1
# deploy static assets to AWS
- name: deploy static assets
if: success() && steps.findPr.outputs.number
env:
PR: ${{ steps.findPr.outputs.pr }}
run: |
pushd solution/static-assets
npm install serverless@">=3.38.0 <4" -g
npm install
serverless deploy --stage dev${PR}
popd
deploy-go:
environment:
name: "dev"
runs-on: ubuntu-22.04
needs: deploy-django
steps:
# Checkout the code
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true
# Find the PR number. This is not always trivial which is why this uses an existign action
- name: Find PR number
uses: jwalton/gh-find-current-pr@v1
id: findPr
with:
# Can be "open", "closed", or "all". Defaults to "open".
state: open
# Configure AWS credentials for GitHub Actions
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: us-east-1
# deploy and run eCFR parser
- name: deploy and run eCFR parser
id: deploy-run-ecfr-parser
timeout-minutes: 20
env:
PR: ${{ steps.findPr.outputs.pr }}
run: |
pushd solution/parser
npm install serverless@">=3.38.0 <4" -g
serverless deploy --stage dev${PR} --config ./serverless-ecfr.yml
AWS_CLIENT_TIMEOUT=360000 serverless invoke --function ecfr_parser --stage dev${PR} --config ./serverless-ecfr.yml
popd
# deploy and run Federal Register parser
- name: deploy and run FR parser
id: deploy-run-fr-parser
env:
PR: ${{ steps.findPr.outputs.pr }}
run: |
pushd solution/parser
npm install serverless@">=3.38.0 <4" -g
serverless deploy --stage dev${PR} --config ./serverless-fr.yml
AWS_CLIENT_TIMEOUT=360000 serverless invoke --function fr_parser --stage dev${PR} --config ./serverless-fr.yml
popd
notify:
permissions:
pull-requests: write
runs-on: ubuntu-22.04
needs: [deploy-go, deploy-django]
steps:
- name: Find PR number
uses: jwalton/gh-find-current-pr@v1
id: findPr
with:
# Can be "open", "closed", or "all". Defaults to "open".
state: open
# Notify github that this is deployed and ready to look at
- name: Create deployment comment
uses: peter-evans/create-or-update-comment@v2
env:
django_url: ${{ needs.deploy-django.outputs.url }}
with:
issue-number: ${{ steps.findPr.outputs.pr }}
body: |
:sparkles: See the Django Site [in action][1] :sparkles:
[1]: ${{ env.django_url }}
reactions: "+1"
test-cypress:
environment:
name: "dev"
runs-on: ubuntu-22.04
needs: [deploy-django, build-and-deploy-vue]
#needs: [deploy-go, deploy-django, build-and-deploy-vue]
steps:
# Checkout the code
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true
# Configure AWS credentials for GitHub Actions
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: us-east-1
# Get test user credentials from AWS Parameter Store
- name: Get test user credentials
uses: dkershner6/aws-ssm-getparameters-action@v1
with:
parameterPairs: "/eregulations/http/user = CYPRESS_TEST_USERNAME,
/eregulations/http/password = CYPRESS_TEST_PASSWORD,
/eregulations/http/reader_user = CYPRESS_READER_USERNAME,
/eregulations/http/reader_password = CYPRESS_READER_PASSWORD"
withDecryption: "true" # defaults to true
# Setup node environment
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18.14
# Run the cypress tests
- name: end-to-end tests
uses: cypress-io/github-action@v6
with:
working-directory: solution/ui/e2e
config: baseUrl=${{ needs.deploy-django.outputs.url }}
env:
CYPRESS_DEPLOYING: true
- uses: actions/upload-artifact@v4
if: failure()
with:
name: cypress-screenshots
path: /home/runner/work/cmcs-eregulations/cmcs-eregulations/solution/ui/e2e/cypress/screenshots/*/*
# Test run video was always captured, so this action uses "always()" condition
- uses: actions/upload-artifact@v4
if: always()
with:
name: cypress-videos
path: /home/runner/work/cmcs-eregulations/cmcs-eregulations/solution/ui/e2e/cypress/videos/*