Val -> Prod (#11483)

Enterprise-CMCS · Oct 12, 2023 · 421403e · 421403e
2 parents ab8e408 + be5f7b8
commit 421403e
Show file tree

Hide file tree

Showing 19 changed files with 105 additions and 71 deletions.
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
@@ -15,7 +15,7 @@ jobs:
     steps:
       - name: Dependabotbot Gather Metadata
         id: metadata
-        uses: dependabot/fetch-metadata@v1.3.0
+        uses: dependabot/fetch-metadata@v1
       - name: Approve a PR
         run: gh pr review --approve "$PR_URL"
         env:

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -7,6 +7,9 @@ on:
       - "dependabot/**"
       - "!skipci*"
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+
 permissions:
   id-token: write
   contents: read
@@ -25,7 +28,7 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version-file: ".nvmrc"
-      - uses: actions/cache@v2
+      - uses: actions/cache@v3
         with:
           path: |
             **/node_modules
@@ -38,15 +41,15 @@ jobs:
         run: ./scripts/test-unit.sh
       - name: publish test coverage to code climate
         if: env.CODE_CLIMATE_ID != ''
-        uses: paambaati/codeclimate-action@v2.7.5
+        uses: paambaati/codeclimate-action@v5
         env:
           CC_TEST_REPORTER_ID: ${{ secrets.CODE_CLIMATE_ID }}
         with:
           coverageLocations: |
             ${{github.workspace}}/services/app-api/coverage/lcov.info:lcov
             ${{github.workspace}}/services/ui-src/coverage/lcov.info:lcov
       - name: Store unit test results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: unit_test_results
           path: ${{github.workspace}}/services/ui-src/coverage/lcov.info
@@ -78,18 +81,14 @@ jobs:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           CODE_CLIMATE_ID: ${{ secrets.CODE_CLIMATE_ID }}
       - name: Configure AWS credentials for GitHub Actions
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
-      - name: lock this branch to prevent concurrent builds
-        run: ./.github/github-lock.sh $branch_name
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - uses: actions/setup-node@v3
         with:
           node-version-file: ".nvmrc"
-      - uses: actions/cache@v2
+      - uses: actions/cache@v3
         with:
           path: |
             **/node_modules
@@ -104,7 +103,11 @@ jobs:
           # This can optionally be set as an GitHub Actions Secret
           ./scripts/deploy.sh $STAGE_PREFIX$branch_name
       - id: endpoint
-        run: echo ::set-output name=application_endpoint::$(./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name)
+        run: |
+          APPLICATION_ENDPOINT=$(./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name)
+          echo "application_endpoint=$APPLICATION_ENDPOINT" >> $GITHUB_OUTPUT
+          echo "## Application Endpoint" >> $GITHUB_STEP_SUMMARY
+          echo "<$APPLICATION_ENDPOINT>" >> $GITHUB_STEP_SUMMARY
         working-directory: services
       - name: Slack Notification
         uses: rtCamp/action-slack-notify@v2
@@ -146,7 +149,7 @@ jobs:
           CYPRESS_ADMIN_USER_PASSWORD: ${{ secrets.CYPRESS_ADMIN_USER_PASSWORD }}
 
       - name: Upload screenshots
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: cypress-screenshots
@@ -180,7 +183,7 @@ jobs:
           RUN_PA11Y: true
 
       - name: Upload screenshots
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: cypress-screenshots

diff --git a/.github/workflows/destroy.yml b/.github/workflows/destroy.yml
@@ -7,7 +7,6 @@ permissions:
   contents: read
   actions: read
 
-
 jobs:
   destroy:
     # Protected branches should be designated as such in the GitHub UI.
@@ -35,12 +34,12 @@ jobs:
           AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
           STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
       - name: Configure AWS credentials for GitHub Actions
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
       - name: lock this branch to prevent concurrent builds
         run: ./.github/github-lock.sh $branch_name
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - run: ./scripts/destroy.sh $STAGE_PREFIX$branch_name
+      - run: ./scripts/destroy.sh $STAGE_PREFIX$branch_name
diff --git a/.github/workflows/git-secrets.yaml b/.github/workflows/git-secrets.yaml
@@ -4,8 +4,8 @@ jobs:
   gitleaks-scan:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - name: Run gitlakes docker	    
-      uses: docker://zricethezav/gitleaks
-      with:
-        args: detect --source /github/workspace/ --no-git --verbose
+      - uses: actions/checkout@v3
+      - name: Run gitleaks docker
+        uses: docker://zricethezav/gitleaks
+        with:
+          args: detect --source /github/workspace/ --no-git --verbose
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -7,8 +7,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/setup-python@v2
-      - uses: pre-commit/action@v2.0.2
+      - uses: actions/setup-python@v3
+      - uses: pre-commit/action@v3.0.0
       - uses: actions/setup-node@v3
         with:
           node-version-file: ".nvmrc"

diff --git a/.github/workflows/scan_security-hub-jira-integration.yml b/.github/workflows/scan_security-hub-jira-integration.yml
@@ -16,13 +16,13 @@ jobs:
       - name: Check out repo
         uses: actions/checkout@v3
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
           role-to-assume: ${{ secrets.PRODUCTION_SYNC_OIDC_ROLE }}
 
       - name: Sync Security Hub and Jira
-        uses: Enterprise-CMCS/[email protected].3
+        uses: Enterprise-CMCS/[email protected].5
         with:
           jira-token: ${{ secrets.JIRA_SERVICE_USER_TOKEN }}
           jira-username: ${{ secrets.JIRA_SERVICE_USERNAME }}
@@ -32,3 +32,4 @@ jobs:
           jira-ignore-statuses: Done, Closed, Canceled
           jira-custom-fields: '{ "customfield_14154" : [{"id": "16958", "value": "MCR"}] }'
           aws-severities: CRITICAL, HIGH, MEDIUM
+          assign-jira-ticket-to: ${{ secrets.ACCOUNT_ID_REHMAN }}
diff --git a/.github/workflows/scan_snyk-jira-integration.yml b/.github/workflows/scan_snyk-jira-integration.yml
@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: Check out repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Install Snyk and Run Snyk test
         run: |
@@ -32,7 +32,7 @@ jobs:
     if: github.event_name == 'schedule'
     steps:
       - name: Check out repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Install Snyk and Run Snyk test
         run: |
@@ -55,4 +55,4 @@ jobs:
           is_jira_enterprise: false
           assign-jira-ticket-to: ${{ secrets.ACCOUNT_ID_REHMAN }}
           scan-output-path: "snyk_output.txt"
-          scan-type: "snyk"
+          scan-type: "snyk"
diff --git a/services/app-api/forms/mcpar.json b/services/app-api/forms/mcpar.json
@@ -24,7 +24,13 @@
               "section": "Section A: Program Information",
               "subsection": "Point of Contact",
               "spreadsheet": "A_Program_Info"
-            }
+            },
+            "praDisclosure": [
+              {
+                "type": "span",
+                "content": "<b>PRA Disclosure Statement</b><br/>According to the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number. The valid OMB control number for this information collection is 0938-0920 (Expires: June 30, 2024). The time required to complete this information collection is estimated to average 6 hours per response, including the time to review instructions, search existing data resources, gather the data needed, and complete and review the information collection. If you have comments concerning the accuracy of the time estimate(s) or suggestions for improving this form, please write to: CMS, 7500 Security Boulevard, Attn: PRA Reports Clearance Officer, Mail Stop C4-26-05, Baltimore, Maryland 21244-1850"
+              }
+            ]
           },
           "form": {
             "id": "apoc",

diff --git a/services/topics/yarn.lock b/services/topics/yarn.lock
@@ -5816,10 +5816,10 @@ [email protected]:
   resolved "https://registry.yarnpkg.com/mute-stream/-/mute-stream-0.0.8.tgz#1630c42b2251ff81e2a283de96a5497ea92e5e0d"
   integrity sha512-nnbWWOkoWyUsTjKrhgD0dcz22mdkSnpYqbEjIm2nhwhuxlSkpywJmBo8h0ZqJdkp73mb90SssHkN4rsRaBAfAA==
 
-nanoid@^3.3.4:
-  version "3.3.4"
-  resolved "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz"
-  integrity sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==
+nanoid@^3.3.6:
+  version "3.3.6"
+  resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.6.tgz#443380c856d6e9f9824267d960b4236ad583ea4c"
+  integrity sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==
 
 nanomatch@^1.2.9:
   version "1.2.13"
@@ -6340,11 +6340,11 @@ postcss-value-parser@^4.1.0:
   integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==
 
 postcss@^8.2.15:
-  version "8.4.21"
-  resolved "https://registry.npmjs.org/postcss/-/postcss-8.4.21.tgz"
-  integrity sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg==
+  version "8.4.31"
+  resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.31.tgz#92b451050a9f914da6755af352bdc0192508656d"
+  integrity sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==
   dependencies:
-    nanoid "^3.3.4"
+    nanoid "^3.3.6"
     picocolors "^1.0.0"
     source-map-js "^1.0.2"
 

diff --git a/services/ui-src/src/components/cards/EntityCard/EntityCard.tsx b/services/ui-src/src/components/cards/EntityCard/EntityCard.tsx
@@ -55,7 +55,7 @@ export const EntityCard = ({
       const validPerPlanResponses = perPlanResponses?.filter(
         (el: any) => el.response
       );
-      entityStarted = validPerPlanResponses?.length;
+      entityStarted = !!validPerPlanResponses?.length;
       entityCompleted =
         entityStarted &&
         validPerPlanResponses?.length === report?.fieldData?.plans?.length;

diff --git a/services/ui-src/src/components/tables/Table.tsx b/services/ui-src/src/components/tables/Table.tsx
@@ -13,7 +13,11 @@ import {
 // utils
 import { sanitizeAndParseHtml } from "utils";
 // types
-import { AnyObject, TableContentShape } from "types";
+import {
+  AnyObject,
+  ScreenReaderOnlyHeaderName,
+  TableContentShape,
+} from "types";
 
 export const Table = ({
   content,
@@ -37,15 +41,26 @@ export const Table = ({
         <Thead>
           {/* Head Row */}
           <Tr>
-            {content.headRow.map((headerCell: string, index: number) => (
-              <Th
-                key={index}
-                scope="col"
-                sx={{ ...sx.tableHeader, ...sxOverride }}
-              >
-                {sanitizeAndParseHtml(headerCell)}
-              </Th>
-            ))}
+            {content.headRow.map(
+              (
+                headerCell: string | ScreenReaderOnlyHeaderName,
+                index: number
+              ) => (
+                <Th
+                  key={index}
+                  scope="col"
+                  sx={{ ...sx.tableHeader, ...sxOverride }}
+                >
+                  {typeof headerCell === "object" ? (
+                    <VisuallyHidden>
+                      {sanitizeAndParseHtml(headerCell.hiddenName)}
+                    </VisuallyHidden>
+                  ) : (
+                    sanitizeAndParseHtml(headerCell)
+                  )}
+                </Th>
+              )
+            )}
           </Tr>
         </Thead>
       )}

diff --git a/services/ui-src/src/types/other.ts b/services/ui-src/src/types/other.ts
@@ -42,9 +42,13 @@ export interface InputChangeEvent extends React.ChangeEvent<HTMLInputElement> {}
 
 export type { IconType } from "react-icons";
 
+export interface ScreenReaderOnlyHeaderName {
+  hiddenName: string;
+}
+
 export interface TableContentShape {
   caption?: string;
-  headRow?: string[];
+  headRow?: Array<string | ScreenReaderOnlyHeaderName>;
   bodyRows?: string[][];
 }