Release v2.0.0 (#1449)

Co-authored-by: Tim Arney <[email protected]> Co-authored-by: Paul Craig <[email protected]> Co-authored-by: James Eberhardt <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Clément JANIN <[email protected]> Co-authored-by: Dave Samojlenko <[email protected]> Co-authored-by: sre-read-write[bot] <92993749+sre-read-write[bot]@users.noreply.github.com> Co-authored-by: Tim Arney <[email protected]> Co-authored-by: Omar Nasr <[email protected]> Co-authored-by: Peter Thiessen <[email protected]> Co-authored-by: samsadasivan <[email protected]> Co-authored-by: Matt <[email protected]> Co-authored-by: Pete <[email protected]> Co-authored-by: Pat Heard <[email protected]>
cds-snc · Jan 4, 2023 · 874b6c2 · 874b6c2
1 parent a3d07ef
commit 874b6c2
Show file tree

Hide file tree

Showing 575 changed files with 42,298 additions and 13,511 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,4 +1,4 @@
-ARG VARIANT=16
+ARG VARIANT=16@sha256:1bbd8b82f5a78b6461d3285b62293db99ad60cf4eca35c715636d7143abb057c@sha256:b35e76ba744a975b9a5428b6c3cde1a1cf0be53b246e1e9a4874f87034222b5a@sha256:b35e76ba744a975b9a5428b6c3cde1a1cf0be53b246e1e9a4874f87034222b5a
 
 FROM node:${VARIANT}
 

diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -14,7 +14,7 @@ services:
       - 3000
 
   db:
-    image: postgres:11.2
+    image: postgres:11.16@sha256:5d2aa4a7b5f9bdadeddcf87cf7f90a176737a02a30d917de4ab2e6a329bd2d45
     environment:
       POSTGRES_USER: postgres
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
@@ -30,7 +30,7 @@ services:
 
   redis:
     restart: unless-stopped
-    image: redis:latest
+    image: redis:latest@sha256:fdaa0102e0c66802845aa5c961cb89a091a188056811802383660cd9e10889da
     ports:
       - "6379:6379"
     expose:

diff --git a/.env.example b/.env.example
@@ -9,7 +9,7 @@ RECAPTCHA_V3_SITE_KEY=
 
 # The secret key authorizes communication between your application backend
 # and the reCAPTCHA server to verify the user's response
-RECAPTACHA_V3_SECRET_KEY=
+RECAPTCHA_V3_SECRET_KEY=
 
 # Used by /api/notify-callback to authorize request
 GC_NOTIFY_CALLBACK_BEARER_TOKEN=
@@ -33,11 +33,10 @@ GOOGLE_CLIENT_ID=[retrieve from lastpass]
 GOOGLE_CLIENT_SECRET=[retrieve from lastpass]
 
 # Local dev 
-# Temporary token templateID
-TEMPORAY_TOKEN_TEMPLATE_ID=b6kdhaud-d10a-422a-973f-05e274d9aa86
-
-# An ID of the template to send a form's response
-TEMPLATE_ID=8pa6247s75-a1d6-4e3c-8421-042a2b4158b7
+# Temporary token template ID
+TEMPORARY_TOKEN_TEMPLATE_ID=something
+# Form response template ID
+TEMPLATE_ID=something
 
 # Used when no Redis instance or Database is available
 # The application returns all default flags values when this variable is set.

diff --git a/.eslintrc.js b/.eslintrc.js
@@ -11,9 +11,12 @@ module.exports = {
 
       parser: "@typescript-eslint/parser",
       parserOptions: {
-        project: "./tsconfig.json",
+        project: ["./tsconfig.json", "cypress/tsconfig.json"],
       },
       plugins: ["@typescript-eslint", "jsx-a11y", "prettier"],
+      rules: {
+        "@typescript-eslint/await-thenable": "error",
+      },
     },
   ],
   env: {
@@ -44,9 +47,9 @@ module.exports = {
     },
   },
   plugins: ["react", "jsx-a11y", "prettier", "cypress"],
-  ignorePatterns: ["**/storybook-static/*.*"],
   rules: {
     "prettier/prettier": "error",
     "no-console": "error",
+    "no-await-in-loop": "error",
   },
 };
diff --git a/.github/workflows/build-and-deploy-storybooks.yml b/.github/workflows/build-and-deploy-storybooks.yml
@@ -1,15 +1,25 @@
 name: Build and Deploy Storybooks
 on:
   pull_request:
+    paths-ignore:
+      # Ignore all files and folders that start with '.'
+      - ".**"
+      # Ignore all files and folder in fixtures, tests, utils, etc.
+      - "__*/**"
   push:
     branches: [main]
+    paths-ignore:
+      # Ignore all files and folders that start with '.'
+      - ".**"
+      # Ignore all files and folder in fixtures, tests, utils, etc.
+      - "__*/**"
 
 jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout 🛎️
-        uses: actions/checkout@v2.3.1 # If you're using actions/checkout@v2 you must set persist-credentials to false in most cases for the deployment to work correctly.
+        uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0 # If you're using actions/checkout@v2 you must set persist-credentials to false in most cases for the deployment to work correctly.
 
       - name: Install 🔧 # This example project is built using yarn and outputs the result to the 'build' folder. Replace with the commands required to build your project, or remove this step entirely if your site is pre-built.
         run: yarn install
@@ -23,7 +33,7 @@ jobs:
         id: extract_branch
 
       - name: Deploy 🚀
-        uses: JamesIves/[email protected]
+        uses: JamesIves/github-pages-deploy-action@e80c869f0057899fc2cd28819b5bbe9de890524a # tag=3.6.2
         with:
           TARGET_FOLDER: ${{ steps.extract_branch.outputs.branch }}
           BRANCH: gh-pages # The branch the action should deploy to.
@@ -32,7 +42,7 @@ jobs:
 
       - name: Find Comment
         if: ${{ github.event_name == 'pull_request' }}
-        uses: peter-evans/find-comment@v1
+        uses: peter-evans/find-comment@d2dae40ed151c634e4189471272b57e76ec19ba8 # v1.3.0
         id: fc
         with:
           issue-number: ${{ github.event.pull_request.number }}
@@ -43,7 +53,7 @@ jobs:
 
       - name: Create or update comment # comment in pull request storybooks link
         if: ${{ github.event_name == 'pull_request' }}
-        uses: peter-evans/create-or-update-comment@v1
+        uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae # v1.4.5
         with:
           comment-id: ${{ steps.fc.outputs.comment-id }}
           issue-number: ${{ github.event.pull_request.number }}

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -28,20 +28,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
-        with:
-          # We must fetch at least the immediate parents so that if this is
-          # a pull request then we can checkout the head.
-          fetch-depth: 2
-
-      # If this run was triggered by a pull request event, then checkout
-      # the head of the pull request instead of the merge commit.
-      - run: git checkout HEAD^2
-        if: ${{ github.event_name == 'pull_request' }}
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +43,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -66,4 +57,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml
@@ -9,23 +9,24 @@ jobs:
     name: Cypress
     runs-on: ubuntu-latest
     env:
-      AWS_ACCESS_KEY_ID: ${{ secrets.LAMBDA_AWS_ID }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.LAMBDA_AWS_SECRET}}
+      # Needed for Next Auth to initialize
       NEXTAUTH_URL: http://localhost:3000
+      TOKEN_SECRET: testKey
+      GOOGLE_CLIENT_ID: testClientID
+      GOOGLE_CLIENT_SECRET: testClientSecret
       APP_ENV: test
     steps:
       - name: Checkout
-        uses: actions/checkout@v1
-      - uses: cypress-io/github-action@v2
+        uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0
+      - uses: cypress-io/github-action@d79d2d530a66e641eb4a5f227e13bc985c60b964 # v4.2.2
         with:
+          browser: chrome
+          headed: false
           build: yarn build
           start: yarn start:test
           wait-on: "http://localhost:3000"
-          command: yarn cypress:headless
           config: baseUrl=http://localhost:3000
-          parallel: false
-          group: "Form E2E Tests"
-      - uses: actions/upload-artifact@v1
+      - uses: actions/upload-artifact@3446296876d12d4e3a0f3145a3c87e67bf0a16b5 # tag=v1
         if: failure()
         with:
           name: cypress-screenshots

diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml
@@ -10,9 +10,9 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event_name == 'push'
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0
       - name: Node.JS 16
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 # v2.5.1
         with:
           node-version: 16
       - name: Install Node Dependencies
@@ -28,9 +28,9 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event_name == 'pull_request'
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0
       - name: Node.JS 16
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 # v2.5.1
         with:
           node-version: 16
       - name: Install Node Dependencies
@@ -48,13 +48,13 @@ jobs:
         # Continue to the next step even if this fails
         continue-on-error: true
       - name: Annotate Code Linting Results
-        uses: ataylorme/[email protected]
+        uses: ataylorme/eslint-annotate-action@47568f60ae08ffa4d3b1bab645e21e9ae8266980 # tag=1.1.2
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
           report-json: "eslint_report.json"
         continue-on-error: true
       - name: Upload ESLint report
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@3446296876d12d4e3a0f3145a3c87e67bf0a16b5 # tag=v1
         with:
           name: eslint_report.json
           path: eslint_report.json
diff --git a/.github/workflows/generate-sbom.yml b/.github/workflows/generate-sbom.yml
@@ -19,10 +19,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0
 
       - name: Generate app SBOM
-        uses: cds-snc/security-tools/.github/actions/generate-sbom@4c6b386722985552f3f008d04279a3f01402cc35 # renovate: tag=v1
+        uses: cds-snc/security-tools/.github/actions/generate-sbom@4368a5486da1f0bb698ffe717687612d4231c6cd # v1.1.7
         with:
           dependency_track_api_key: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
           project_name: forms-client/app

diff --git a/.github/workflows/jest.yml b/.github/workflows/jest.yml
@@ -9,7 +9,7 @@ jobs:
     name: Jest
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0
       - name: "Install dependencies"
         run: yarn install
       - name: Jest Tests

diff --git a/.github/workflows/prod-build-push-container.yml b/.github/workflows/prod-build-push-container.yml
@@ -3,59 +3,72 @@ name: Production — Push container to ECR
 on:
   push:
     branches: [main]
+    paths-ignore:
+      # Ignore all files and folders that start with '.'
+      - ".**"
+      # Ignore all files and folder in fixtures, tests, utils, etc.
+      - "__*/**"
 
 env:
   ECR_REPOSITORY: form_viewer_production
   GITHUB_SHA: ${{ github.sha }}
+  GOOGLE_CLIENT_SECRET: ${{ secrets.PRODUCTION_GOOGLE_CLIENT_SECRET }}
+  GOOGLE_CLIENT_ID: ${{ secrets.PRODUCTION_GOOGLE_CLIENT_ID }}
+  COGNITO_APP_CLIENT_ID: ${{secrets.PRODUCTION_COGNITO_APP_CLIENT_ID}}
+  COGNITO_USER_POOL_ID: ${{ secrets.PRODUCTION_COGNITO_USER_POOL_ID}}
 
 jobs:
   push-production:
     runs-on: ubuntu-latest
     steps:
       - name: Wait for Jest tests to pass
-        uses: fountainhead/action-wait-for-check@v1.0.0
+        uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 # v1.1.0
         id: wait-for-jest-tests
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           checkName: Jest
           ref: ${{ github.sha }}
 
       - name: Wait for Cypress tests to pass
-        uses: fountainhead/action-wait-for-check@v1.0.0
+        uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 # v1.1.0
         id: wait-for-cypress-tests
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           checkName: Cypress
           ref: ${{ github.sha }}
 
       - name: Wait for ESLint tests to pass
-        uses: fountainhead/action-wait-for-check@v1.0.0
+        uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 # v1.1.0
         id: wait-for-eslint-tests
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           checkName: eslint_merge
           ref: ${{ github.sha }}
 
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0
 
       - name: Build Form Viewer
         run: |
           docker build -t base \
           --build-arg PRODUCTION_ENV=true \
-          --build-arg GITHUB_SHA_ARG=$GITHUB_SHA .
+          --build-arg GITHUB_SHA_ARG=$GITHUB_SHA \
+          --build-arg GOOGLE_CLIENT_SECRET=$GOOGLE_CLIENT_SECRET \
+          --build-arg GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID \
+          --build-arg COGNITO_APP_CLIENT_ID=$COGNITO_APP_CLIENT_ID \
+          --build-arg COGNITO_USER_POOL_ID=$COGNITO_USER_POOL_ID .
 
       - name: Configure Production AWS credentials
         id: aws-form-viewer
-        uses: aws-actions/configure-aws-credentials@51e2d042f8c5cf77f151685c9338e989dc0b8fc8
+        uses: aws-actions/configure-aws-credentials@3654529dc6db288721684d6c54fefa0c1182728f
         with:
           aws-access-key-id: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}
           aws-region: ca-central-1
 
       - name: Login to Production Amazon ECR
         id: login-ecr-production
-        uses: aws-actions/amazon-ecr-login@b9c809dc38d74cd0fde3c13cc4fe4ac72ebecdae
+        uses: aws-actions/amazon-ecr-login@d2897b5335975f749897eb8cb16345b12a17042f
 
       - name: Tag Images for Production
         env:

diff --git a/.github/workflows/s3-backup.yml b/.github/workflows/s3-backup.yml
@@ -10,12 +10,12 @@ jobs:
     steps:
 
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
       with:
         fetch-depth: 0 # retrieve all history
 
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v1
+      uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # tag=v1.7.0
       with:
         aws-access-key-id: ${{ secrets.AWS_S3_BACKUP_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_S3_BACKUP_SECRET_ACCESS_KEY }}