Skip to content

Commit

Permalink
Merge branch 'main' into 164-rel-noopener
Browse files Browse the repository at this point in the history
  • Loading branch information
wesley-dean-gsa authored Aug 26, 2024
2 parents f151edf + 0e1c080 commit 12911c0
Show file tree
Hide file tree
Showing 13 changed files with 369 additions and 320 deletions.
15 changes: 13 additions & 2 deletions .github/workflows/megalinter.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,15 @@ jobs:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
fetch-depth: 0

- name: "Import GPG key"
id: import-gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true

# MegaLinter
- name: MegaLinter
id: ml
Expand Down Expand Up @@ -74,14 +83,16 @@ jobs:
- name: Prepare commit
if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository)
run: sudo chown -Rc $UID .git/

- name: Commit and push applied linter fixes
if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository)
uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # pin@v5
with:
branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
commit_message: "[MegaLinter] Apply linters fixes"
commit_user_name: megalinter-bot
commit_user_email: [email protected]
commit_author: "${{ steps.import-gpg.outputs.name }} <${{ steps.import-gpg.outputs.email }}>"
commit_user_name: ${{ steps.import-gpg.outputs.name }}
commit_user_email: ${{ steps.import-gpg.outputs.email }}

- name: Check to see if the SARIF a was generated
id: sarif_file_exists
Expand Down
12 changes: 6 additions & 6 deletions _data/assetPaths.json
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"admin.js": "/assets/js/admin-FRDUYGSL.js",
"admin.map": "/assets/js/admin-FRDUYGSL.js.map",
"app.js": "/assets/js/app-SDZ4ULFW.js",
"app.map": "/assets/js/app-SDZ4ULFW.js.map",
"admin.js": "/assets/js/admin-RJYP54EU.js",
"admin.map": "/assets/js/admin-RJYP54EU.js.map",
"app.js": "/assets/js/app-XFKDNIAK.js",
"app.map": "/assets/js/app-XFKDNIAK.js.map",
"uswds.js": "/assets/js/uswds-init.js",
"styles.css": "/assets/styles/styles-J5DQM6RN.css",
"styles.map": "/assets/styles/styles-J5DQM6RN.css.map"
"styles.css": "/assets/styles/styles-ZVXT7TJI.css",
"styles.map": "/assets/styles/styles-ZVXT7TJI.css.map"
}
2 changes: 1 addition & 1 deletion _data/heroAlert.json
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
{
"message": "TTS is hiring, <a href=\"{{ '/join' | url }}\" class=\"usa-link\">Join us!</a>"
"message": "TTS is hiring, <a href=\"{{ '/join' | url }}\" class=\"usa-link\">Join us!!</a>"
}
3 changes: 1 addition & 2 deletions _data/site.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,6 @@ primary_navigation:
url: "/services/platforms/"
- name: People
url: "/services/people/"

# secondary_navigation:
# - name: Secondary link
# url: "#main-content"
Expand All @@ -100,7 +99,7 @@ primary_navigation:
# 1. Create an account with Search.gov https://search.usa.gov/signup
# 2. Add a new site.
# 3. Add your site/affiliate name here.
searchgov: "foobar"
# searchgov: "foobar"
# Only change this if you're using a CNAME. Learn more here: https://search.gov/manual/cname.html
# endpoint: https://search.usa.gov

Expand Down
1 change: 0 additions & 1 deletion _includes/header.html
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@
<span class="usa-banner__button-text">Here's how you know</span>
</button>
</div>
{% include "language-switcher.html" %}
</div>
</section>
<div class="usa-banner__content usa-accordion__content" id="gov-banner">
Expand Down
12 changes: 11 additions & 1 deletion _includes/hero.html
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,17 @@
{% endcomment %}

{% if site.show_site_alert %}
{% render "hero-alert.html", alert: heroAlert['message'] %}

<section class="usa-site-alert usa-site-alert--info usa-site-alert--slim" aria-label="Site alert,">
<div class="usa-alert">
<div class="usa-alert__body">
<p class="usa-alert__text">
TTS is hiring, <a href="{{ '/join' | url }}" class="usa-link">Join us!</a>
</p>
</div>
</div>
</section>

{% endif %}
<section class="position-relative tts-hero-wrap">
<div class="usa-hero--tts opacity-90"></div>
Expand Down
2 changes: 1 addition & 1 deletion _includes/layouts/jointts/home.html
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ <h2> Upcoming positions</h2>
{% endfor %}
</ul>
<h2> Other GSA Opportunities </h2>
<p> Check out <a href="https://www.gsa.gov/about-us/careers">careers at GSA</a> and more <a href="https://www.usajobs.gov/Search/Results?j=2210&d=GS&p=1">Information Technology opportunities.</a></p>
<p> Check out <a href="https://www.gsa.gov/about-us/find-apply-for-and-land-a-job-at-gsa">careers at GSA</a> and more <a href="https://www.usajobs.gov/Search/Results?j=2210&d=GS&p=1">Information Technology opportunities.</a></p>

<h2>Application process</h2>
<p>
Expand Down
4 changes: 2 additions & 2 deletions _includes/menu.html
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,6 @@
</li>
{% endfor %}
</ul> -->
<!-- {% include "searchgov/form.html" searchgov: site.searchgov %} -->

{% comment %}
This will redirect the results to /search template which will handle the js loading
Expand All @@ -87,6 +86,7 @@
</form>
{% endif %}

{% comment %}
<section aria-label="Small search component">
<form class="usa-search usa-search--small" role="search">
<label class="usa-sr-only" for="search-field-en-small">Search</label>
Expand All @@ -101,7 +101,7 @@
</button>
</form>
</section>

{% endcomment %}
{% include "searchgov/form.html" searchgov: site.searchgov %}
</div>
</div>
Expand Down
243 changes: 243 additions & 0 deletions bin/has_newer_commits.bash
Original file line number Diff line number Diff line change
@@ -0,0 +1,243 @@
#!/usr/bin/env bash

## @file has_newer_commits.bash
## @author TTS Website team
## @brief given two branches, compare the most recent commits' dates
## @details
## This is a compromise. It accepts two branches and, if the second
## branch is newer than the first, it returns 0 (True); if the first
## is newer than the second, it returns 2 (False).
##
## The context for this script is we wanted to know if another
## repository was updated more recently than ours; if so, we would
## run (continue) a workflow; otherwise, we would leave well
## enough alone. The workflow would make some changes to our
## repo and eventually push a commit to our branch which would
## make our repo (branch) newer than the other one.
##
## The "age" of branch is determined by looking at the most
## recent commit on a given branch and returning the date. By
## "looking," we mean querying the GitHub API endpoint that
## would return a JSON object describing the repository.
##
## A branch is specified with the following form:
##
## owner/repository@branch
##
## For example, for this repository (tts-website in GSA-TTS),
## the main branch would be referred to as
##
## GSA-TTS/tts-website@main
##
## We filter the incoming strings so that only characters that are
## valid for a GitHub repository name are used, plus the '@'
## separator between the repo and the branch.
##
## Two branches are supported; if 3 or more are provided, the
## extra repos are ignored; if 0 or 1 are provided, it'll error
## out.
##
## The script uses the environment variable `PAT` to pass
## a GitHub Personal Access Token (PAT). The PAT is used
## when querying the API; this allows us to query the API
## more often than an anonymous call plus it ensures that
## we're able to query repos with our credentials. As our
## repos are all public, this is less of an issue -- it
## really is just for the API request quota.
##
## The script, right now, has a few limitations:
##
## 1. only one PAT is used, so that PAT must have access to both repos
## 2. only GitHub.com is supposed, so GHE won't work
##
## When the program ends, it returns a value via result code:
##
## 0. True: the second branch is newer than the first
## 1. Error: something went wrong
## 2. False: the first branch is newer than the second
##
## @par Examples
## @code
## has_newer_commits.bash "GSA-TTS/tts-website@main" "18F/join.tts.gsa.gov@main"
## @endcode

set -euo pipefail

## @fn die
## @brief receive a trapped error and display helpful debugging details
## @details
## When called -- presumably by a trap -- die() will provide details
## about what happened, including the filename, the line in the source
## where it happened, and a stack dump showing how we got there. It
## will then exit with a result code of 1 (failure)
## @retval 1 always returns failure
## @par Example
## @code
## trap die ERR
## @endcode
die() {
printf "ERROR %s in %s AT LINE %s\n" "$?" "${BASH_SOURCE[0]}" "${BASH_LINENO[0]}" 1>&2

local i=0
local FRAMES=${#BASH_LINENO[@]}

# FRAMES-2 skips main, the last one in arrays
for ((i = FRAMES - 2; i >= 0; i--)); do
printf " File \"%s\", line %s, in %s\n" "${BASH_SOURCE[i + 1]}" "${BASH_LINENO[i]}" "${FUNCNAME[i + 1]}"
# Grab the source code of the line
sed -n "${BASH_LINENO[i]}{s/^/ /;p}" "${BASH_SOURCE[i + 1]}"
done
exit 1
}

## @fn fetch_data()
## @brief given a GitHub URL, query it and return the result
## @details
## This is a wrapper around curl; it provides extra headers
## (e.g., the expected result format and the PAT) used to
## make the call. The results are passed via STDOUT.
## @param url the URL to query
## @retval 0 (True) if the request was successful
## @retval 1 (False) if something went wrong
## @returns JSON object via STDOUT
## @par Examples
## @code
## json_data="$(fetch_data "$url")"
## @endcode
fetch_data() {

url="${1?Error: no URL provided}"

curl \
-s \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
-H "Authorization: Bearer ${PAT}" \
"$url"
}

## @fn compare_dates()
## @brief given 2 branches, determine if the first is newer than the second
## @details
## This will accept two branches (e.g., 'owner/repo@branch' strings) and
## use `jq` to extract the most recent commit dates and return the
## string "true" if the second branch is newer than the first or the string
## "false" if the first branch is newer than the second. The strings are
## returned via STDOUT.
## @param a the first branch to consider
## @param b the second branch to consider
## @retval 0 (True) if everything went successfully
## @retval 1 (False) if something went wrong
## @returns "true" or "false" via STDOUT
## @par Examples
## @code
## if [ "$(compare_dates "$branch1" "$branch2")" == "true" ] ; then
## echo "There's new stuff"
## else
## echo "Same old same old..."
## fi
## @endcode
compare_dates() {
local a="${1?Error: two branches must be passed}"
local b="${2?Error: two branches must be passed}"

{
fetch_data "$(build_url "$a")"
fetch_data "$(build_url "$b")"
} | jq \
--raw-output \
--slurp \
'if .[0].commit.commit.author.date < .[1].commit.commit.author.date then true else false end'
}

## @fn build_url()
## @brief given the name of a repo, construct a GitHub API URL
## @details
## This accepts one "branch" string of the format
## 'owner/repo@branch'
##
## An environment variabled `GITHUB_API_BASE` may be used to
## set the base URL for interating with GitHub (or GHE). The
## result is a URL passed via STDOUT.
##
## Note: there's no assurance that the URL provided is valid
## or points to anything meaningful -- it's just some string
## munging in a conveninently-named helper function.
## @param branch string representing owner/repo@branch
## @retval 0 (True) if a URL was constructed
## @retval 1 (False) if something went wrong
## @returns URL to GitHub API via STDOUT
## @par Examples
## @code
## url="$(build_url "GSA-TTS/tts.gsa.gov@main")"
## @endcode
build_url() {
item="${1?Error: no owner/repo@branch passed}"

local GITHUB_API_BASE="${GITHUB_API_BASE:-https://api.github.com}"

repo="${item%%@*}"
branch="${item##*@}"

if [ "$branch" == "$repo" ]; then
repo="$item"
branch="main"
fi

echo "${GITHUB_API_BASE}/repos/${repo}/branches/${branch}"
}

## @fn filter_branch_string()
## @brief remove potentially unsafe or invalid characters from branch names
## @details
## The names of the branches we're comparing come from outside,
## including potentially via workflow, so we want to be very safe and
## remove anything that could possibly lead to problematic strings
## being passed to `curl` or other CLI tools. This uses `tr` to
## remove anything that's not alphanumeric, dash, underscore, slash,
## period, or at symbol. The at symbol is used to separate the
## owner/repo from the branch name -- it's not actually a valid character
## for use in representing a git repository. Characters that are filtered
## out are deleted, thereby reducing the length of the resulting
## string. They are not replaced with another character (i.e., they're
## not "slugified"). The resulting string is returned via STDOUT.
## @param string the string to filter
## @retval 0 (True) if the filter was successful
## @retval 1 (False) if the filter failed for any reason
## @returns the filtered string via STDOUT
## @par Examples
## @code
## string="$(filter_branch_string "${1:-}")"
## @endcide
filter_branch_string() {
string="${1:-}"

echo "$string" | tr -cd '[:alnum:]\/\-\_\.\@'
}

## @fn main()
## @brief the main function
main() {
if [ -z "$PAT" ]; then
echo "Error: no Personal Access Token passed via PAT}"
exit 1
fi

trap die ERR

local raw_a="${1?Error: two owner/repo@branch values must be provided (0 were)}"
local raw_b="${2?Error: two owner/repo@branch values must be provided (1 was)}"

if [ -z "$PAT" ]; then
echo "Error: no Personal Access Token passed via PAT}"
exit 1
fi

a="$(filter_branch_string "$raw_a")"
b="$(filter_branch_string "$raw_b")"

[ "$(compare_dates "$a" "$b")" == "true" ] || return 2
}

# if we're not being sourced and there's a function named `main`, run it
[[ "$0" == "${BASH_SOURCE[0]}" ]] && [ "$(type -t "main")" == "function" ] && main "$@"
Loading

0 comments on commit 12911c0

Please sign in to comment.