From 89d431480b285d4ea8d085059f9703ad00d4f05f Mon Sep 17 00:00:00 2001
From: James Person <james.person@gsa.gov>
Date: Mon, 6 Jan 2025 13:18:15 -0500
Subject: [PATCH 1/7] Revise Auditor Certification Checklist (#4580)

* Update auditor certification

Change copy on all attestations
Remove attestation number 5

* Schema formatting via jsonnetfmt

* Auditor certification

Remove additional references to the removed attestation
---
 backend/audit/admin.py                        |  1 -
 .../audit/fixtures/single_audit_checklist.py  |  1 -
 backend/audit/forms.py                        |  1 -
 .../audit/auditor-certification-step-1.html   | 23 ++++---------------
 backend/audit/test_views.py                   |  1 -
 .../sac_general_lib/auditor_certification.py  |  1 -
 .../cypress/support/auditor-certification.js  |  1 -
 .../sections/AuditorCertification.schema.json |  4 ----
 .../sections/AdditionalEINs.schema.jsonnet    |  6 ++---
 .../sections/AdditionalUEIs.schema.jsonnet    |  4 ++--
 .../sections/AuditFindingsText.schema.jsonnet |  4 ++--
 .../AuditorCertification.schema.jsonnet       |  2 --
 .../CorrectiveActionPlan.schema.jsonnet       |  4 ++--
 .../sections/FederalAwards.schema.jsonnet     |  4 ++--
 .../FederalAwardsAuditFindings.schema.jsonnet |  4 ++--
 .../sections/NotesToSefa.schema.jsonnet       |  4 ++--
 .../sections/SecondaryAuditors.schema.jsonnet |  4 ++--
 17 files changed, 22 insertions(+), 47 deletions(-)

diff --git a/backend/audit/admin.py b/backend/audit/admin.py
index d4da244da4..8de8916982 100644
--- a/backend/audit/admin.py
+++ b/backend/audit/admin.py
@@ -393,7 +393,6 @@ def handle_auditor_certification(self, request, obj, sac):
                         "is_auditee_responsible": True,
                         "has_used_auditors_report": True,
                         "has_no_auditee_procedures": True,
-                        "is_accurate_and_complete": True,
                         "is_FAC_releasable": True,
                     },
                     "auditor_signature": {
diff --git a/backend/audit/fixtures/single_audit_checklist.py b/backend/audit/fixtures/single_audit_checklist.py
index 84f96b5250..65bc6b13e8 100644
--- a/backend/audit/fixtures/single_audit_checklist.py
+++ b/backend/audit/fixtures/single_audit_checklist.py
@@ -85,7 +85,6 @@ def fake_auditor_certification():
         "is_auditee_responsible": True,
         "has_used_auditors_report": True,
         "has_no_auditee_procedures": True,
-        "is_accurate_and_complete": True,
         "is_FAC_releasable": True,
     }
     data_step_2 = {
diff --git a/backend/audit/forms.py b/backend/audit/forms.py
index 14901246ea..23ee30490e 100644
--- a/backend/audit/forms.py
+++ b/backend/audit/forms.py
@@ -80,7 +80,6 @@ class AuditorCertificationStep1Form(forms.Form):
     has_used_auditors_report = forms.BooleanField()
     has_no_auditee_procedures = forms.BooleanField()
     is_FAC_releasable = forms.BooleanField()
-    is_accurate_and_complete = forms.BooleanField()
 
 
 class AuditorCertificationStep2Form(forms.Form):
diff --git a/backend/audit/templates/audit/auditor-certification-step-1.html b/backend/audit/templates/audit/auditor-certification-step-1.html
index 1e458de807..b3fd913597 100644
--- a/backend/audit/templates/audit/auditor-certification-step-1.html
+++ b/backend/audit/templates/audit/auditor-certification-step-1.html
@@ -21,7 +21,7 @@ <h2 class="font-sans-md">Check the box next to each item confirm your report mee
                                value="True"
                                {% if form.cleaned_data.is_OMB_limited %}checked{% endif %} />
                         <label class="usa-checkbox__label" for="is_OMB_limited">
-                            The SF-SAC contains only the data and information required by the Office of Management and Budget.
+                            The data elements and information included in these workbooks are limited to those prescribed by the Office of Management and Budget;
                         </label>
                         <span class="usa-error-message">{{ form.errors.is_OMB_limited|striptags }}</span>
                     </div>
@@ -34,7 +34,7 @@ <h2 class="font-sans-md">Check the box next to each item confirm your report mee
                                value="True"
                                {% if form.cleaned_data.is_auditee_responsible %}checked{% endif %} />
                         <label class="usa-checkbox__label" for="is_auditee_responsible">
-                            The information in Part II of this Form SF-SAC is the responsibility of the auditee and is based on information included in the reporting package required by the Uniform Guidance.
+                            The information in these workbooks is the responsibility of the auditee and is based on information included in the reporting package required by the Uniform Guidance;
                         </label>
                         <span class="usa-error-message">{{ form.errors.is_auditee_responsible|striptags }}</span>
                     </div>
@@ -47,7 +47,7 @@ <h2 class="font-sans-md">Check the box next to each item confirm your report mee
                                value="True"
                                {% if form.cleaned_data.has_used_auditors_report %}checked{% endif %} />
                         <label class="usa-checkbox__label" for="has_used_auditors_report">
-                            The auditor completed the Federal Award Audit Findings and Audit Findings Text workbooks using the auditor's report.
+                            The information included in Major Program Information and Financial statements was transferred by the auditor from the auditor's report(s) for the period described in the General Information, and is not a substitute for such reports;
                         </label>
                         <span class="usa-error-message">{{ form.errors.has_used_auditors_report|striptags }}</span>
                     </div>
@@ -60,23 +60,10 @@ <h2 class="font-sans-md">Check the box next to each item confirm your report mee
                                value="True"
                                {% if form.cleaned_data.has_no_auditee_procedures %}checked{% endif %} />
                         <label class="usa-checkbox__label" for="has_no_auditee_procedures">
-                            No auditor has performed any audit work since the completion of the auditor's report or the single audit submission workbooks.
+                            The auditor has not performed any auditing procedures since the date of the auditor's report(s) or any additional auditing procedures in connection with the completion of this single audit submission; and
                         </label>
                         <span class="usa-error-message">{{ form.errors.has_no_auditee_procedures|striptags }}</span>
                     </div>
-                    <div class="usa-checkbox margin-top-4">
-                        <input id="is_accurate_and_complete"
-                               name="is_accurate_and_complete"
-                               class="usa-checkbox__input"
-                               required
-                               type="checkbox"
-                               value="True"
-                               {% if form.cleaned_data.is_accurate_and_complete %}checked{% endif %} />
-                        <label class="usa-checkbox__label" for="is_accurate_and_complete">
-                            All information required to be reported in this Form SF-SAC in its entirety and such information is accurate and complete.
-                        </label>
-                        <span class="usa-error-message">{{ form.errors.is_accurate_and_complete|striptags }}</span>
-                    </div>
                     <div class="usa-checkbox margin-top-4">
                         <input id="is_FAC_releasable"
                                name="is_FAC_releasable"
@@ -86,7 +73,7 @@ <h2 class="font-sans-md">Check the box next to each item confirm your report mee
                                value="True"
                                {% if form.cleaned_data.is_FAC_releasable %}checked{% endif %} />
                         <label class="usa-checkbox__label" for="is_FAC_releasable">
-                            The full reporting package and auditor's report may be shared publicly by the Federal Audit Clearinghouse or the report auditee, as required by the Uniform Guidance.
+                            A copy of the reporting package required by the Uniform Guidance, which includes the complete auditor’s report(s), may be made available by the Federal Audit Clearinghouse (FAC) on the FAC website or from the auditee at the address listed in the Auditee information.
                         </label>
                         <span class="usa-error-message">{{ form.errors.is_FAC_releasable|striptags }}</span>
                     </div>
diff --git a/backend/audit/test_views.py b/backend/audit/test_views.py
index 4ad864b08b..7301d2b359 100644
--- a/backend/audit/test_views.py
+++ b/backend/audit/test_views.py
@@ -1954,7 +1954,6 @@ def test_post_valid_form(self):
             "has_used_auditors_report": True,
             "has_no_auditee_procedures": True,
             "is_FAC_releasable": True,
-            "is_accurate_and_complete": True,
         }
 
         response = self.client.post(self.url, form_data)
diff --git a/backend/census_historical_migration/sac_general_lib/auditor_certification.py b/backend/census_historical_migration/sac_general_lib/auditor_certification.py
index 513df15dbc..f0665ec7a6 100644
--- a/backend/census_historical_migration/sac_general_lib/auditor_certification.py
+++ b/backend/census_historical_migration/sac_general_lib/auditor_certification.py
@@ -16,7 +16,6 @@
     FormFieldMap("is_auditee_responsible", None, FormFieldInDissem, "Y", bool),
     FormFieldMap("has_used_auditors_report", None, FormFieldInDissem, "Y", bool),
     FormFieldMap("has_no_auditee_procedures", None, FormFieldInDissem, "Y", bool),
-    FormFieldMap("is_accurate_and_complete", None, FormFieldInDissem, "Y", bool),
     FormFieldMap("is_FAC_releasable", None, FormFieldInDissem, "Y", bool),
 ]
 
diff --git a/backend/cypress/support/auditor-certification.js b/backend/cypress/support/auditor-certification.js
index 8e46a20a44..0d0fbff40d 100644
--- a/backend/cypress/support/auditor-certification.js
+++ b/backend/cypress/support/auditor-certification.js
@@ -4,7 +4,6 @@ export function testAuditorCertification() {
   cy.get('label[for=is_auditee_responsible]').click();
   cy.get('label[for=has_used_auditors_report]').click();
   cy.get('label[for=has_no_auditee_procedures]').click();
-  cy.get('label[for=is_accurate_and_complete]').click();
   cy.get('label[for=is_FAC_releasable]').click();
   cy.get('.usa-button').contains('Agree to auditor certification').click();
 
diff --git a/backend/schemas/output/sections/AuditorCertification.schema.json b/backend/schemas/output/sections/AuditorCertification.schema.json
index d2666a51f9..18b64ee332 100644
--- a/backend/schemas/output/sections/AuditorCertification.schema.json
+++ b/backend/schemas/output/sections/AuditorCertification.schema.json
@@ -16,9 +16,6 @@
             "is_OMB_limited": {
                "type": "boolean"
             },
-            "is_accurate_and_complete": {
-               "type": "boolean"
-            },
             "is_auditee_responsible": {
                "type": "boolean"
             }
@@ -28,7 +25,6 @@
             "is_auditee_responsible",
             "has_used_auditors_report",
             "has_no_auditee_procedures",
-            "is_accurate_and_complete",
             "is_FAC_releasable"
          ],
          "type": "object"
diff --git a/backend/schemas/source/sections/AdditionalEINs.schema.jsonnet b/backend/schemas/source/sections/AdditionalEINs.schema.jsonnet
index cc0804c3cf..8bcddbeb25 100644
--- a/backend/schemas/source/sections/AdditionalEINs.schema.jsonnet
+++ b/backend/schemas/source/sections/AdditionalEINs.schema.jsonnet
@@ -9,10 +9,10 @@ local Meta = Types.object {
     section_name: Types.string {
       enum: [Sheets.section_names.ADDITIONAL_EINS],
     },
-    //Because we now pass the version to the SAC record, 
-    //we want to make sure we allow backwards compatibility 
+    //Because we now pass the version to the SAC record,
+    //we want to make sure we allow backwards compatibility
     version: Types.string {
-      enum: ["1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.1.0", "1.1.1", "1.1.2", Sheets.WORKBOOKS_VERSION]
+      enum: ['1.0.0', '1.0.1', '1.0.2', '1.0.3', '1.0.4', '1.0.5', '1.1.0', '1.1.1', '1.1.2', Sheets.WORKBOOKS_VERSION],
     },
   },
   required: ['section_name'],
diff --git a/backend/schemas/source/sections/AdditionalUEIs.schema.jsonnet b/backend/schemas/source/sections/AdditionalUEIs.schema.jsonnet
index 5149a24ef8..e59142d188 100644
--- a/backend/schemas/source/sections/AdditionalUEIs.schema.jsonnet
+++ b/backend/schemas/source/sections/AdditionalUEIs.schema.jsonnet
@@ -9,10 +9,10 @@ local Meta = Types.object {
     section_name: Types.string {
       enum: [Sheets.section_names.ADDITIONAL_UEIS],
     },
-    //Because we now pass the version to the SAC record, 
+    //Because we now pass the version to the SAC record,
     //we want to make sure we allow backwards compatibility
     version: Types.string {
-      enum: ["1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.1.0", "1.1.1", "1.1.2", Sheets.WORKBOOKS_VERSION]
+      enum: ['1.0.0', '1.0.1', '1.0.2', '1.0.3', '1.0.4', '1.0.5', '1.1.0', '1.1.1', '1.1.2', Sheets.WORKBOOKS_VERSION],
     },
   },
   required: ['section_name'],
diff --git a/backend/schemas/source/sections/AuditFindingsText.schema.jsonnet b/backend/schemas/source/sections/AuditFindingsText.schema.jsonnet
index 1e34117fa8..aff6d3db39 100644
--- a/backend/schemas/source/sections/AuditFindingsText.schema.jsonnet
+++ b/backend/schemas/source/sections/AuditFindingsText.schema.jsonnet
@@ -9,10 +9,10 @@ local Meta = Types.object {
     section_name: Types.string {
       enum: [Sheets.section_names.AUDIT_FINDINGS_TEXT],
     },
-    //Because we now pass the version to the SAC record, 
+    //Because we now pass the version to the SAC record,
     //we want to make sure we allow backwards compatibility
     version: Types.string {
-      enum: ["1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.1.0", "1.1.1", "1.1.2", Sheets.WORKBOOKS_VERSION]
+      enum: ['1.0.0', '1.0.1', '1.0.2', '1.0.3', '1.0.4', '1.0.5', '1.1.0', '1.1.1', '1.1.2', Sheets.WORKBOOKS_VERSION],
     },
   },
   required: ['section_name'],
diff --git a/backend/schemas/source/sections/AuditorCertification.schema.jsonnet b/backend/schemas/source/sections/AuditorCertification.schema.jsonnet
index bee33cf168..34b8f78a6d 100644
--- a/backend/schemas/source/sections/AuditorCertification.schema.jsonnet
+++ b/backend/schemas/source/sections/AuditorCertification.schema.jsonnet
@@ -12,7 +12,6 @@ local AuditorCertification = Types.object {
         is_auditee_responsible: Types.boolean,
         has_used_auditors_report: Types.boolean,
         has_no_auditee_procedures: Types.boolean,
-        is_accurate_and_complete: Types.boolean,
         is_FAC_releasable: Types.boolean,
       },
       required: [
@@ -20,7 +19,6 @@ local AuditorCertification = Types.object {
         'is_auditee_responsible',
         'has_used_auditors_report',
         'has_no_auditee_procedures',
-        'is_accurate_and_complete',
         'is_FAC_releasable',
       ],
     },
diff --git a/backend/schemas/source/sections/CorrectiveActionPlan.schema.jsonnet b/backend/schemas/source/sections/CorrectiveActionPlan.schema.jsonnet
index 33ff8bac80..1596235558 100644
--- a/backend/schemas/source/sections/CorrectiveActionPlan.schema.jsonnet
+++ b/backend/schemas/source/sections/CorrectiveActionPlan.schema.jsonnet
@@ -9,10 +9,10 @@ local Meta = Types.object {
     section_name: Types.string {
       enum: [Sheets.section_names.CORRECTIVE_ACTION_PLAN],
     },
-    //Because we now pass the version to the SAC record, 
+    //Because we now pass the version to the SAC record,
     //we want to make sure we allow backwards compatibility
     version: Types.string {
-      enum: ["1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.1.0", "1.1.1", "1.1.2", Sheets.WORKBOOKS_VERSION]
+      enum: ['1.0.0', '1.0.1', '1.0.2', '1.0.3', '1.0.4', '1.0.5', '1.1.0', '1.1.1', '1.1.2', Sheets.WORKBOOKS_VERSION],
     },
   },
   required: ['section_name'],
diff --git a/backend/schemas/source/sections/FederalAwards.schema.jsonnet b/backend/schemas/source/sections/FederalAwards.schema.jsonnet
index 74b4203b0f..43873807c0 100644
--- a/backend/schemas/source/sections/FederalAwards.schema.jsonnet
+++ b/backend/schemas/source/sections/FederalAwards.schema.jsonnet
@@ -377,10 +377,10 @@ local Meta = Types.object {
     section_name: Types.string {
       enum: [Sheets.section_names.FEDERAL_AWARDS, Sheets.section_names.FEDERAL_AWARDS_EXPENDED],
     },
-    //Because we now pass the version to the SAC record, 
+    //Because we now pass the version to the SAC record,
     //we want to make sure we allow backwards compatibility
     version: Types.string {
-      enum: ["1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.1.0", "1.1.1", "1.1.2", Sheets.WORKBOOKS_VERSION]
+      enum: ['1.0.0', '1.0.1', '1.0.2', '1.0.3', '1.0.4', '1.0.5', '1.1.0', '1.1.1', '1.1.2', Sheets.WORKBOOKS_VERSION],
     },
   },
   required: ['section_name'],
diff --git a/backend/schemas/source/sections/FederalAwardsAuditFindings.schema.jsonnet b/backend/schemas/source/sections/FederalAwardsAuditFindings.schema.jsonnet
index b42d991d07..07ba898ff0 100644
--- a/backend/schemas/source/sections/FederalAwardsAuditFindings.schema.jsonnet
+++ b/backend/schemas/source/sections/FederalAwardsAuditFindings.schema.jsonnet
@@ -12,10 +12,10 @@ local Meta = Types.object {
     section_name: Types.string {
       enum: [Sheets.section_names.FEDERAL_AWARDS_AUDIT_FINDINGS],
     },
-    //Because we now pass the version to the SAC record, 
+    //Because we now pass the version to the SAC record,
     //we want to make sure we allow backwards compatibility
     version: Types.string {
-      enum: ["1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.1.0", "1.1.1", "1.1.2", Sheets.WORKBOOKS_VERSION]
+      enum: ['1.0.0', '1.0.1', '1.0.2', '1.0.3', '1.0.4', '1.0.5', '1.1.0', '1.1.1', '1.1.2', Sheets.WORKBOOKS_VERSION],
     },
   },
   required: ['section_name'],
diff --git a/backend/schemas/source/sections/NotesToSefa.schema.jsonnet b/backend/schemas/source/sections/NotesToSefa.schema.jsonnet
index 60a2eac535..e7cca0f15c 100644
--- a/backend/schemas/source/sections/NotesToSefa.schema.jsonnet
+++ b/backend/schemas/source/sections/NotesToSefa.schema.jsonnet
@@ -9,10 +9,10 @@ local Meta = Types.object {
     section_name: Types.string {
       enum: [Sheets.section_names.NOTES_TO_SEFA],
     },
-    //Because we now pass the version to the SAC record, 
+    //Because we now pass the version to the SAC record,
     //we want to make sure we allow backwards compatibility
     version: Types.string {
-      enum: ["1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.1.0", "1.1.1", "1.1.2", Sheets.WORKBOOKS_VERSION]
+      enum: ['1.0.0', '1.0.1', '1.0.2', '1.0.3', '1.0.4', '1.0.5', '1.1.0', '1.1.1', '1.1.2', Sheets.WORKBOOKS_VERSION],
     },
   },
   required: ['section_name'],
diff --git a/backend/schemas/source/sections/SecondaryAuditors.schema.jsonnet b/backend/schemas/source/sections/SecondaryAuditors.schema.jsonnet
index 08caf56f30..290f365c77 100644
--- a/backend/schemas/source/sections/SecondaryAuditors.schema.jsonnet
+++ b/backend/schemas/source/sections/SecondaryAuditors.schema.jsonnet
@@ -9,10 +9,10 @@ local Meta = Types.object {
     section_name: Types.string {
       enum: [Sheets.section_names.SECONDARY_AUDITORS],
     },
-    //Because we now pass the version to the SAC record, 
+    //Because we now pass the version to the SAC record,
     //we want to make sure we allow backwards compatibility
     version: Types.string {
-      enum: ["1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.1.0", "1.1.1", "1.1.2", Sheets.WORKBOOKS_VERSION]
+      enum: ['1.0.0', '1.0.1', '1.0.2', '1.0.3', '1.0.4', '1.0.5', '1.1.0', '1.1.1', '1.1.2', Sheets.WORKBOOKS_VERSION],
     },
   },
   required: ['section_name'],

From cbd9ad5cbae00c835da4d1c9257d6fd55efcdcee Mon Sep 17 00:00:00 2001
From: Jason Rothacker <jason.rothacker@gsa.gov>
Date: Mon, 6 Jan 2025 10:21:08 -0800
Subject: [PATCH 2/7] Remove the sling ARM requirement (#4581)

---
 backend/requirements.txt | 2 --
 1 file changed, 2 deletions(-)

diff --git a/backend/requirements.txt b/backend/requirements.txt
index c10366fda1..8e5516914f 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -1196,8 +1196,6 @@ six==1.16.0 \
 sling==1.3.4 \
     --hash=sha256:70541da99b48313a0cfd5e61c52d984e4d50113b7945308697d32cd50a6bb183
     # via -r ./requirements/requirements.in
-sling-linux-arm64==1.3.4 \
-    --hash=sha256:08977df437742b415232e8c09c2f7f43181a3b764bef601fa6ebd369f6777783
 sling-linux-amd64==1.3.4 \
     --hash=sha256:d5f3b71fb191e8b9663f88890c464d84ab4c36df3a5fd6148a51cdd2ea9a5099
     # via sling

From fc5cdd7dd527a6e8bf2d45320b7ea409eddec4ea Mon Sep 17 00:00:00 2001
From: Dan Swick <2365503+danswick@users.noreply.github.com>
Date: Mon, 6 Jan 2025 11:01:26 -0800
Subject: [PATCH 3/7] Bump app disk to 3G (#4582)

---
 backend/manifests/manifest-fac.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/manifests/manifest-fac.yml b/backend/manifests/manifest-fac.yml
index b29d59b53a..68257cacf0 100644
--- a/backend/manifests/manifest-fac.yml
+++ b/backend/manifests/manifest-fac.yml
@@ -7,7 +7,7 @@ applications:
     memory: ((mem_amount))
     path: ../
     timeout: 180
-    disk_quota: 2G
+    disk_quota: 3G
     env:
       ENV: ((cf_env_name))
       DJANGO_BASE_URL: https://((endpoint))

From 448c3f9584acfe6088765cfa5e181767a5f68589 Mon Sep 17 00:00:00 2001
From: Dan Swick <2365503+danswick@users.noreply.github.com>
Date: Mon, 6 Jan 2025 12:17:03 -0800
Subject: [PATCH 4/7] Temporarily limit backups to prod (#4583)

---
 .github/workflows/deploy-application.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy-application.yml b/.github/workflows/deploy-application.yml
index 4f811e4a0c..1c9541eff8 100644
--- a/.github/workflows/deploy-application.yml
+++ b/.github/workflows/deploy-application.yml
@@ -70,7 +70,7 @@ jobs:
           cf_command: update-user-provided-service fac-key-service -p '"{\"SAM_API_KEY\":\"${{ secrets.SAM_API_KEY }}\", \"DJANGO_SECRET_LOGIN_KEY\":\"${{ secrets.DJANGO_SECRET_LOGIN_KEY }}\", \"LOGIN_CLIENT_ID\":\"${{ secrets.LOGIN_CLIENT_ID }}\", \"SECRET_KEY\":\"${{ secrets.SECRET_KEY}}\"}"'
 
       - name: Backup the database
-        # if: startsWith(github.ref, 'refs/tags/v1.')
+        if: startsWith(github.ref, 'refs/tags/v1.')
         uses: cloud-gov/cg-cli-tools@main
         with:
           cf_username: ${{ secrets.CF_USERNAME }}

From 116e65d9dc0d28b9c5baaf9ef4bdde2989c90d50 Mon Sep 17 00:00:00 2001
From: Bobby Novak <176936850+rnovak338@users.noreply.github.com>
Date: Mon, 6 Jan 2025 17:41:27 -0500
Subject: [PATCH 5/7] Update create_staffusers.py (#4584)

---
 .../users/management/commands/create_staffusers.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/backend/users/management/commands/create_staffusers.py b/backend/users/management/commands/create_staffusers.py
index 0ceff37c4b..7a8c4b718b 100644
--- a/backend/users/management/commands/create_staffusers.py
+++ b/backend/users/management/commands/create_staffusers.py
@@ -16,6 +16,9 @@ class Command(BaseCommand):
 
     def handle(self, *args, **kwargs):
         """Create a group with readonly permissions."""
+        logger.info(f"Permission dump ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~")
+        logger.info(Permission.objects.all().values())
+
         group_readonly, created = Group.objects.get_or_create(name="Read-only")
         readonly_codenames = [
             "view_access",
@@ -40,7 +43,10 @@ def handle(self, *args, **kwargs):
         ]
         group_readonly.permissions.clear()
         for code in readonly_codenames:
-            group_readonly.permissions.add(Permission.objects.get(codename=code))
+            try:
+                group_readonly.permissions.add(Permission.objects.get(codename=code))
+            except Exception as e:
+                logger.error(f"1. Failed to get ({code}) -- {e}")
         group_readonly.save()
 
         """Create a group with helpdesk permissions."""
@@ -58,7 +64,10 @@ def handle(self, *args, **kwargs):
         ]
         group_helpdesk.permissions.clear()
         for code in helpdesk_codenames:
-            group_helpdesk.permissions.add(Permission.objects.get(codename=code))
+            try:
+                group_helpdesk.permissions.add(Permission.objects.get(codename=code))
+            except Exception as e:
+                logger.error(f"2. Failed to get ({code}) -- {e}")
         group_helpdesk.save()
 
         # read in staffusers JSON.
@@ -99,7 +108,6 @@ def handle(self, *args, **kwargs):
                                 case "readonly":
                                     user.groups.add(group_readonly)
                                 case "helpdesk":
-                                    user.groups.clear()
                                     user.groups.add(group_helpdesk)
                                 case "superuser":
                                     user.is_superuser = True

From 12364b425458bba9bad9ab4035265499f059d2cb Mon Sep 17 00:00:00 2001
From: Bobby Novak <176936850+rnovak338@users.noreply.github.com>
Date: Mon, 6 Jan 2025 17:52:22 -0500
Subject: [PATCH 6/7] Hotfix -- staffuser logging (#4585)

* Update create_staffusers.py

* Linting
---
 backend/users/management/commands/create_staffusers.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/backend/users/management/commands/create_staffusers.py b/backend/users/management/commands/create_staffusers.py
index 7a8c4b718b..29cc805d11 100644
--- a/backend/users/management/commands/create_staffusers.py
+++ b/backend/users/management/commands/create_staffusers.py
@@ -1,3 +1,4 @@
+# flake8: noqa
 from django.conf import settings
 from django.contrib.auth import get_user_model
 from django.contrib.auth.models import Group, Permission

From b7273466bf5a6d41c1282de961d8f22b78a5971b Mon Sep 17 00:00:00 2001
From: Dan Swick <2365503+danswick@users.noreply.github.com>
Date: Mon, 6 Jan 2025 16:14:46 -0800
Subject: [PATCH 7/7] Bump disk to 5G (#4586)

---
 backend/manifests/manifest-fac.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/manifests/manifest-fac.yml b/backend/manifests/manifest-fac.yml
index 68257cacf0..54e25b44d3 100644
--- a/backend/manifests/manifest-fac.yml
+++ b/backend/manifests/manifest-fac.yml
@@ -7,7 +7,7 @@ applications:
     memory: ((mem_amount))
     path: ../
     timeout: 180
-    disk_quota: 3G
+    disk_quota: 5G
     env:
       ENV: ((cf_env_name))
       DJANGO_BASE_URL: https://((endpoint))