Merge remote-tracking branch 'origin' into 582-footer-updates

GSA-TTS · Feb 6, 2023 · ee70739 · ee70739
2 parents 4d2c6e1 + 03d2a43
commit ee70739
Show file tree

Hide file tree

Showing 9 changed files with 32 additions and 16 deletions.
diff --git a/.babelrc b/.babelrc
@@ -1,6 +1,7 @@
 {
   "env": {
     "test": {
+      "compact": false,
       "presets": [
         [
           "@babel/preset-env",

diff --git a/.github/workflows/megalinter.yml b/.github/workflows/megalinter.yml
@@ -5,8 +5,8 @@ name: MegaLinter
 
 # yamllint disable-line rule:truthy
 on:
-  # Trigger mega-linter at every push. Action will also be visible from Pull Requests to main
-  push:
+  # Triggers mega-linter when a pull_request event's activity type is opened, synchronize, or reopened by default.
+  pull_request:
   workflow_dispatch:
 
 env: # Comment env block if you do not want to apply fixes
@@ -59,7 +59,7 @@ jobs:
       - name: Create Pull Request with applied fixes
         id: cpr
         if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository)
-        uses: peter-evans/create-pull-request@v3
+        uses: peter-evans/create-pull-request@v4
         with:
           token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
           commit-message: "[MegaLinter] Apply linters automatic fixes"

diff --git a/.github/workflows/owasp_zap_full.yml b/.github/workflows/owasp_zap_full.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: OWASP ZAP Full Scan
-        uses: zaproxy/action-full-scan@v0.3.0
+        uses: zaproxy/action-full-scan@v0.4.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           docker_name: "owasp/zap2docker-stable"

diff --git a/.github/workflows/pa11y.yml b/.github/workflows/pa11y.yml
@@ -14,6 +14,8 @@ jobs:
   build:
     name: Building site and running pa11y-ci tests
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
 
     steps:
       - name: Install Chrome

diff --git a/Dockerfile b/Dockerfile
@@ -4,6 +4,7 @@ ARG APPHOME=/usr/src/app
 ARG HOST=0.0.0.0
 ARG PORT=3000
 ARG NODE_ENVIRONMENT=production
+ARG RUNNER=runner
 
 FROM ${IMAGE_NAME}:${IMAGE_TAG}
 
@@ -13,11 +14,19 @@ ARG APPHOME
 ARG HOST
 ARG PORT
 ARG NODE_ENVIRONMENT
+ARG RUNNER
 
 RUN mkdir -p ${APPHOME}
 
 WORKDIR ${APPHOME}
 
+RUN getent passwd "${RUNNER}" > /dev/null \
+    || adduser ${RUNNER} \
+    && chown -R ${RUNNER} ${APPHOME}
+
+
+USER ${RUNNER}
+
 COPY . ${APPHOME}
 
 RUN npm set unsafe-perm true \

diff --git a/README.md b/README.md
@@ -65,7 +65,7 @@ To build an image of the BEARS software, use the following command:
 ```bash
 (
   cd "$(git rev-parse --show-toplevel)" \
-  && docker build -t bears .
+  && bash build_docker_image.bash
 )
 ```
 
@@ -82,13 +82,13 @@ docker run \
   --rm \
   --interactive \
   --tty \
-  --expose 3000:3000 \
+  --publish 3000:3000 \
   bears
 ```
 
 This will run the container in the foreground (replace the `--interactive`
 and `--tty` flags with `--detach` to have it run in the background). The
-`--expose` flag makes it so that connection attempts to the port BEARS
+`--publish` flag makes it so that connection attempts to the port BEARS
 runs on is accessible outside of the container (e.g., from a web browser
 on the local system).
 
@@ -166,7 +166,7 @@ docker build -t bears . \
 ## Design considerations
 
 - Some items we only render client-side this is because the data
-  relationships are not fully captured by [Nuxt.js](<(https://nuxtjs.org)>)
+  relationships are not fully captured by [Nuxt.js](<(<https://nuxtjs.org>)>)
   and by moving them client-side [Vue.js](https://vuejs.org/)
   is able to track those relationships.
 - The current print philosophy is that print is a different

diff --git a/build_docker_image.bash b/build_docker_image.bash
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# The build script that makes sure that the user that is running the process is the current user.docker
+docker build --build-arg "RUNNER=$(id -u)" -t bears .
diff --git a/nuxt.config.js b/nuxt.config.js
@@ -5,7 +5,7 @@ const getLifeEvents = function () {
   return files.map((f) => f.replace(/.md$/gi, ""))
 }
 // https://federalist.18f.gov/documentation/env-vars-on-federalist-builds/#default-environment-variables
-const sitePrefix = `${process.env.BASEURL}/` // basepath for assets
+const sitePrefix = process.env.BASEURL ? `${process.env.BASEURL}/` : ""
 
 const SITE_URLPREFIX =
   process.env.SITE_URLPREFIX || "https://federalist-edd11e6f-8be2-4dc2-a85e-1782e0bcb08e.app.cloud.gov"
@@ -146,7 +146,7 @@ export default {
   },
 
   router: {
-    base: process.env.NODE_ENV !== "production" ? undefined : sitePrefix,
+    base: process.env.NODE_ENV !== "production" ? "" : sitePrefix,
     linkActiveClass: "usa-current",
     linkExactActiveClass: "usa-current",
     extendRoutes(routes, resolve) {

diff --git a/package-lock.json b/package-lock.json