Manually upload pdfs

.github/workflows/acknowledgment-request-template.md

@@ -0,0 +1,15 @@
+# Generate infosec acknowledgment issues
+
+It's time to generate infosec acknowledgement issues for all of the ROAR team.
+
+Perform these commands on your command line:
+
+```shell
+TEAM_MEMBERS=$(gh api orgs/yeatmanlab/teams/roar/members --jq '.[].login')
+
+for MEMBER in $TEAM_MEMBERS
+do
+  ISSUE_BODY="Please acknowledge that you have reviewed the Data Privacy and Information Security Manual and accompanying documents by commenting 'Acknowledged' below."
+  gh issue create --title "Acknowledgment Request for $MEMBER" --body "$ISSUE_BODY" --assignee $MEMBER
+done
+```

.github/workflows/offboarding.yml

@@ -25,16 +25,21 @@ jobs:
 
       - name: Read offboarding checklist
         id: offboarding_checklist
+        env:
+          EMPLOYEE_NAME: ${{ github.event.inputs.employee_name }}
+          EMPLOYEE_EMAIL: ${{ github.event.inputs.employee_email }}
         run: |
+          sed -i "s/{{ employee_name }}/$EMPLOYEE_NAME/g" employee-lifecycle/onboarding-checklist.md
+          sed -i "s/{{ employee_email }}/$EMPLOYEE_EMAIL/g" employee-lifecycle/onboarding-checklist.md
           CONTENT=$(cat employee-lifecycle/offboarding-checklist.md)
-          CONTENT="**Employee Name:** ${{ github.event.inputs.employee_name }}\\n**Employee Email:** ${{ github.event.inputs.employee_email }}\\n\\n$CONTENT"
           echo "content<<EOF" >> $GITHUB_ENV
           echo "$CONTENT" >> $GITHUB_ENV
           echo "EOF" >> $GITHUB_ENV
 
       - name: Create GitHub issue for offboarding
         env:
           ISSUE_BODY: ${{ env.content }}
+          EMPLOYEE_NAME: ${{ github.event.inputs.employee_name }}
           GH_TOKEN: ${{ github.token }}
         run: |
-          gh issue create --title "Employee Offboarding Checklist for ${{ github.event.inputs.employee_name }}" --body "$ISSUE_BODY" --label offboarding --assignee richford
+          gh issue create --title "Employee Offboarding Checklist for $EMPLOYEE_NAME" --body "$ISSUE_BODY" --label offboarding --assignee richford

.github/workflows/onboarding.yml

@@ -25,16 +25,21 @@ jobs:
 
       - name: Read onboarding checklist
         id: onboarding_checklist
+        env:
+          EMPLOYEE_NAME: ${{ github.event.inputs.employee_name }}
+          EMPLOYEE_EMAIL: ${{ github.event.inputs.employee_email }}
         run: |
+          sed -i "s/{{ employee_name }}/$EMPLOYEE_NAME/g" employee-lifecycle/onboarding-checklist.md
+          sed -i "s/{{ employee_email }}/$EMPLOYEE_EMAIL/g" employee-lifecycle/onboarding-checklist.md
           CONTENT=$(cat employee-lifecycle/onboarding-checklist.md)
-          CONTENT="**Employee Name:** ${{ github.event.inputs.employee_name }}\\n**Employee Email:** ${{ github.event.inputs.employee_email }}\\n\\n$CONTENT"
           echo "content<<EOF" >> $GITHUB_ENV
           echo "$CONTENT" >> $GITHUB_ENV
           echo "EOF" >> $GITHUB_ENV
 
       - name: Create GitHub issue for onboarding
         env:
           ISSUE_BODY: ${{ env.content }}
+          EMPLOYEE_NAME: ${{ github.event.inputs.employee_name }}
           GH_TOKEN: ${{ github.token }}
         run: |
-          gh issue create --title "New Employee Onboarding Checklist for ${{ github.event.inputs.employee_name }}" --body "$ISSUE_BODY" --label onboarding --assignee richford
+          gh issue create --title "New Employee Onboarding Checklist for $EMPLOYEE_NAME" --body "$ISSUE_BODY" --label onboarding --assignee richford

.github/workflows/request-acknowledgment.yml

@@ -17,20 +17,18 @@ jobs:
       - name: Install GitHub CLI
         run: sudo apt-get install gh
 
+      - name: Read issue body
+        id: acknowledgment_request
+        run: |
+          CONTENT=$(cat .github/workflows/acknowledgment-request-template.md)
+          echo "content<<EOF" >> $GITHUB_ENV
+          echo "$CONTENT" >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+
       - name: Get team members and create issues
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ISSUE_BODY: ${{ env.content }}
+          GH_TOKEN: ${{ github.token }}
         run: |
-          ISSUE_BODY="It's time to generate infosec acknowledgement issues for all of the ROAR team.\n\n"
-          ISSUE_BODY+="Perform these commands on your command line:\n"
-          ISSUE_BODY+="\`\`\`\n"
-          ISSUE_BODY+="TEAM_MEMBERS=\$(gh api orgs/yeatmanlab/teams/roar/members --jq '.[].login')\n"
-          ISSUE_BODY+="for MEMBER in \$TEAM_MEMBERS\n"
-          ISSUE_BODY+="do\n"
-          ISSUE_BODY+="  ISSUE_BODY=\"Please acknowledge that you have reviewed the Data Privacy and Information Security Manual and accompanying documents by commenting 'Acknowledged' below.\"\n"
-          ISSUE_BODY+="  gh issue create --title \"Acknowledgment Request for \$MEMBER\" --body \"\$ISSUE_BODY\" --assignee \$MEMBER\n"
-          ISSUE_BODY+="done\n"
-          ISSUE_BODY+="\`\`\`\n"
-
           gh issue create --title "Create Acknowledgement Requests" --body "$ISSUE_BODY" --assignee richford
 

.gitignore

@@ -1,3 +0,0 @@
-roar-data-privacy-and-information-security-manual.pdf
-roar-sdlc.pdf
-roar-bcdr.pdf

employee-lifecycle/offboarding-checklist.md

@@ -1,5 +1,8 @@
 # ROAR Employee Onboarding Checklist
 
+**Employee Name**: {{ employee_name }}\
+**Employee Email**: {{ employee_email }}
+
 - [ ] Google Workspace
   - [ ] Transfer ownership of files and documents to relevant managers or team members.
   - [ ] Revoke access to shared drives.
@@ -9,14 +12,6 @@
   - [ ] Revoke access to all repositories.
   - [ ] Ensure any personal access tokens related to the organization are revoked.
 
-- [ ] Sentry
-  - [ ] Remove the employee's Sentry account or revoke access to projects.
-  - [ ] Reassign monitoring tasks previously managed by the employee.
-
-- [ ]  Cypress Cloud
-  - [ ] Remove the employee's access to Cypress Cloud.
-  - [ ] Transfer ownership of any tests or projects managed by the employee.
-
 - [ ] Clever: Revoke access to Clever accounts and integrations.
 
 - [ ] ClassLink: Remove access to ClassLink accounts and integrations.
@@ -36,5 +31,27 @@
 
 - [ ] General Cleanup
   - [ ] Review and reassign any tasks or projects the employee was responsible for.
-  - [ ] Ensure that any ROAR data on personal devices has been deleted or destroyed.
+  - [ ] Employee attests that any ROAR data on personal devices has been deleted or destroyed.
   - [ ] Ensure that all ROAR devices and physical security passes are returned.
+
+## Developer Integrations
+
+- [ ] Sentry
+  - [ ] Remove the employee's Sentry account or revoke access to projects.
+  - [ ] Reassign monitoring tasks previously managed by the employee.
+
+- [ ] Cypress Cloud
+  - [ ] Remove the employee's access to Cypress Cloud.
+  - [ ] Transfer ownership of any tests or projects managed by the employee.
+
+- [ ] Namecheap
+  - [ ] Transfer ownership/management of any ROAR domains.
+  - [ ] Remove access to ROAR domains.
+
+- [ ] Qualys
+  - [ ] Transfer ownership/management of any ROAR applications.
+  - [ ] Remove access to ROAR applications.
+
+- [ ] Beagle Security
+  - [ ] Transfer ownership/management of any ROAR applications.
+  - [ ] Remove access to ROAR applications.

employee-lifecycle/onboarding-checklist.md

@@ -1,5 +1,8 @@
 # ROAR Employee Onboarding Checklist
 
+**Employee Name**: {{ employee_name }}\
+**Employee Email**: {{ employee_email }}
+
 ## All employees
 
 - [ ] Google Workspace
@@ -34,6 +37,19 @@
   - [ ] Invite employee to the development Firebase projects using their Stanford email.
   - [ ] After verifying that employee is listed on ROAR IRBs, invite them to the staging and production Firebase projects.
 
+- [ ] Namecheap
+  - [ ] If employee will manage ROAR domain names, invite them as a domain manager in Namecheap using their Stanford email.
+
+## Employees requiring access to ROAR security tools
+
+- [ ] Qualys
+  - [ ] Invite employee to ROAR project using their Stanford email.
+  - [ ] Share all relevant applications with employee
+
+- [ ] Beagle Security
+  - [ ] Invite employee to ROAR project using their Stanford email.
+  - [ ] Share all relevant applications with employee
+
 ## Employees requiring access to SSO or rostering integrations
 
 - [ ] Clever

roar-bcdr.md

@@ -5,10 +5,6 @@ keywords: [ROAR, Business Continuity, Disaster Recovery]
 lang: "en"
 ...
 
-**Version**: `{{ version }}`\
-**Last Updated by Commit**: `{{ commit }}`\
-**Last updated on**: `{{ commit_date }}`
-
 > Note: This document is in draft form and is not currently enforced.
 
 The Business Continuity and Disaster Recovery (BC/DR) Plan for ROAR outlines the processes and strategies in place to ensure the continuation of critical operations and the rapid recovery of essential services in the event of a disruption. The plan is designed to address a range of potential disruptions, including system failures, security incidents, natural disasters, and other unforeseen events that could impact ROAR's ability to provide its services.

roar-data-privacy-and-information-security-manual.md

@@ -8,10 +8,6 @@ titlepage-color: "8C1515"
 titlepage-text-color: "FFFFFF"
 ...
 
-**Version**: `{{ version }}`\
-**Last Updated by Commit**: `{{ commit }}`\
-**Last updated on**: `{{ commit_date }}`
-
 ## Introduction
 
 ### Purpose

roar-sdlc.md

@@ -5,10 +5,6 @@ keywords: [Software development lifecycle, ROAR]
 lang: "en"
 ...
 
-**Version**: `{{ version }}`\
-**Last Updated by Commit**: `{{ commit }}`\
-**Last updated on**: `{{ commit_date }}`
-
 ## Overview
 
 The secure Software Development Lifecycle (SDLC) at ROAR outlines the procedures, policies, and security measures that govern how software changes are managed, implemented, and deployed within the ROAR platform. The SDLC process ensures that changes to the system are tracked, reviewed, tested, and implemented in a manner that prioritizes security, confidentiality, and compliance with industry best practices.