From 19e8304a73f9b4723c32199af58132e9dff67335 Mon Sep 17 00:00:00 2001 From: Wesley Dean Date: Wed, 1 Feb 2023 11:34:10 -0500 Subject: [PATCH 01/10] Resolved 'undefined' URL prefixes --- nuxt.config.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nuxt.config.js b/nuxt.config.js index 89614c7b00..71be6afbb7 100644 --- a/nuxt.config.js +++ b/nuxt.config.js @@ -5,7 +5,7 @@ const getLifeEvents = function () { return files.map((f) => f.replace(/.md$/gi, "")) } // https://federalist.18f.gov/documentation/env-vars-on-federalist-builds/#default-environment-variables -const sitePrefix = `${process.env.BASEURL}/` // basepath for assets +const sitePrefix = process.env.BASEURL ? `${process.env.BASEURL}/` : ""; const SITE_URLPREFIX = process.env.SITE_URLPREFIX || "https://federalist-edd11e6f-8be2-4dc2-a85e-1782e0bcb08e.app.cloud.gov" @@ -145,7 +145,7 @@ export default { }, router: { - base: process.env.NODE_ENV !== "production" ? undefined : sitePrefix, + base: process.env.NODE_ENV !== "production" ? '' : sitePrefix, linkActiveClass: "usa-current", linkExactActiveClass: "usa-current", extendRoutes(routes, resolve) { From 9e603d2724d231698745273860c1c4b6f9935bba Mon Sep 17 00:00:00 2001 From: wesley-dean-gsa Date: Wed, 1 Feb 2023 16:35:33 +0000 Subject: [PATCH 02/10] [MegaLinter] Apply linters fixes --- nuxt.config.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nuxt.config.js b/nuxt.config.js index 71be6afbb7..022024637a 100644 --- a/nuxt.config.js +++ b/nuxt.config.js @@ -5,7 +5,7 @@ const getLifeEvents = function () { return files.map((f) => f.replace(/.md$/gi, "")) } // https://federalist.18f.gov/documentation/env-vars-on-federalist-builds/#default-environment-variables -const sitePrefix = process.env.BASEURL ? `${process.env.BASEURL}/` : ""; +const sitePrefix = process.env.BASEURL ? `${process.env.BASEURL}/` : "" const SITE_URLPREFIX = process.env.SITE_URLPREFIX || "https://federalist-edd11e6f-8be2-4dc2-a85e-1782e0bcb08e.app.cloud.gov" @@ -145,7 +145,7 @@ export default { }, router: { - base: process.env.NODE_ENV !== "production" ? '' : sitePrefix, + base: process.env.NODE_ENV !== "production" ? "" : sitePrefix, linkActiveClass: "usa-current", linkExactActiveClass: "usa-current", extendRoutes(routes, resolve) { From fd8bf34b1af9092d824290c588a1d534ffcf3a19 Mon Sep 17 00:00:00 2001 From: Fatma Bakir Date: Wed, 1 Feb 2023 15:58:58 -0500 Subject: [PATCH 03/10] Update Megalinter event triger to pull_request --- .github/workflows/megalinter.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/megalinter.yml b/.github/workflows/megalinter.yml index e4b43eaa1f..9e206f4e96 100644 --- a/.github/workflows/megalinter.yml +++ b/.github/workflows/megalinter.yml @@ -5,8 +5,8 @@ name: MegaLinter # yamllint disable-line rule:truthy on: - # Trigger mega-linter at every push. Action will also be visible from Pull Requests to main - push: + # Triggers mega-linter when a pull_request event's activity type is opened, synchronize, or reopened by default. + pull_request: workflow_dispatch: env: # Comment env block if you do not want to apply fixes From 8959085b5f30af65066ea301f1c9e3b7a6670da1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Feb 2023 21:46:54 +0000 Subject: [PATCH 04/10] Bump ua-parser-js from 0.7.31 to 0.7.33 Bumps [ua-parser-js](https://github.com/faisalman/ua-parser-js) from 0.7.31 to 0.7.33. - [Release notes](https://github.com/faisalman/ua-parser-js/releases) - [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/changelog.md) - [Commits](https://github.com/faisalman/ua-parser-js/compare/0.7.31...0.7.33) --- updated-dependencies: - dependency-name: ua-parser-js dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0a73bfb423..0e06fed044 100644 --- a/package-lock.json +++ b/package-lock.json @@ -24138,9 +24138,9 @@ } }, "node_modules/ua-parser-js": { - "version": "0.7.31", - "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.31.tgz", - "integrity": "sha512-qLK/Xe9E2uzmYI3qLeOmI0tEOt+TBBQyUIAh4aAgU05FVYzeZrKUdkAZfBNVGRaHVgV0TDkdEngJSw/SyQchkQ==", + "version": "0.7.33", + "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.33.tgz", + "integrity": "sha512-s8ax/CeZdK9R/56Sui0WM6y9OFREJarMRHqLB2EwkovemBxNQ+Bqu8GAsUnVcXKgphb++ghr/B2BZx4mahujPw==", "funding": [ { "type": "opencollective", @@ -45319,9 +45319,9 @@ "peer": true }, "ua-parser-js": { - "version": "0.7.31", - "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.31.tgz", - "integrity": "sha512-qLK/Xe9E2uzmYI3qLeOmI0tEOt+TBBQyUIAh4aAgU05FVYzeZrKUdkAZfBNVGRaHVgV0TDkdEngJSw/SyQchkQ==" + "version": "0.7.33", + "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.33.tgz", + "integrity": "sha512-s8ax/CeZdK9R/56Sui0WM6y9OFREJarMRHqLB2EwkovemBxNQ+Bqu8GAsUnVcXKgphb++ghr/B2BZx4mahujPw==" }, "ufo": { "version": "0.7.11", From 1c4bd6fab6a8c1006ddc2979220fb6d98dfc5ca2 Mon Sep 17 00:00:00 2001 From: Fatma Bakir Date: Thu, 2 Feb 2023 10:11:16 -0500 Subject: [PATCH 05/10] Add write permission to pull-requests --- .github/workflows/pa11y.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pa11y.yml b/.github/workflows/pa11y.yml index f97d64df09..dcd07d1064 100644 --- a/.github/workflows/pa11y.yml +++ b/.github/workflows/pa11y.yml @@ -14,6 +14,8 @@ jobs: build: name: Building site and running pa11y-ci tests runs-on: ubuntu-latest + permissions: + pull-requests: write steps: - name: Install Chrome From 357f3bba71fc538d8ce20fac99f126b1e76cd7de Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 2 Feb 2023 16:44:27 +0000 Subject: [PATCH 06/10] Bump zaproxy/action-full-scan from 0.3.0 to 0.4.0 Bumps [zaproxy/action-full-scan](https://github.com/zaproxy/action-full-scan) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/zaproxy/action-full-scan/releases) - [Changelog](https://github.com/zaproxy/action-full-scan/blob/master/CHANGELOG.md) - [Commits](https://github.com/zaproxy/action-full-scan/compare/v0.3.0...v0.4.0) --- updated-dependencies: - dependency-name: zaproxy/action-full-scan dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/owasp_zap_full.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/owasp_zap_full.yml b/.github/workflows/owasp_zap_full.yml index 3c971da1e2..1ebce6c10e 100644 --- a/.github/workflows/owasp_zap_full.yml +++ b/.github/workflows/owasp_zap_full.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v3 - name: OWASP ZAP Full Scan - uses: zaproxy/action-full-scan@v0.3.0 + uses: zaproxy/action-full-scan@v0.4.0 with: token: ${{ secrets.GITHUB_TOKEN }} docker_name: "owasp/zap2docker-stable" From 1660024bea202b26d4e05cff02b4a4c72fa9c244 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 2 Feb 2023 16:44:27 +0000 Subject: [PATCH 07/10] Bump peter-evans/create-pull-request from 3 to 4 Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3 to 4. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/v3...v4) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/megalinter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/megalinter.yml b/.github/workflows/megalinter.yml index 9e206f4e96..4761cdd6a0 100644 --- a/.github/workflows/megalinter.yml +++ b/.github/workflows/megalinter.yml @@ -59,7 +59,7 @@ jobs: - name: Create Pull Request with applied fixes id: cpr if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) - uses: peter-evans/create-pull-request@v3 + uses: peter-evans/create-pull-request@v4 with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} commit-message: "[MegaLinter] Apply linters automatic fixes" From 7c492cb717ec7b06e6880adb1b53578417c687c2 Mon Sep 17 00:00:00 2001 From: Fatma Bakir Date: Fri, 3 Feb 2023 10:33:31 -0500 Subject: [PATCH 08/10] Add non-priviliged User to Dockerfile and shell script to build image --- Dockerfile | 9 +++++++++ README.md | 4 ++-- build_docker_image.bash | 4 ++++ 3 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 build_docker_image.bash diff --git a/Dockerfile b/Dockerfile index c174f694ec..072185dcac 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,6 +4,7 @@ ARG APPHOME=/usr/src/app ARG HOST=0.0.0.0 ARG PORT=3000 ARG NODE_ENVIRONMENT=production +ARG RUNNER=runner FROM ${IMAGE_NAME}:${IMAGE_TAG} @@ -13,11 +14,19 @@ ARG APPHOME ARG HOST ARG PORT ARG NODE_ENVIRONMENT +ARG RUNNER RUN mkdir -p ${APPHOME} WORKDIR ${APPHOME} +RUN getent passwd "${RUNNER}" > /dev/null \ + || adduser ${RUNNER} \ + && chown -R ${RUNNER} ${APPHOME} + + +USER ${RUNNER} + COPY . ${APPHOME} RUN npm set unsafe-perm true \ diff --git a/README.md b/README.md index 0bb9995c82..2d0f79c804 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ To build an image of the BEARS software, use the following command: ```bash ( cd "$(git rev-parse --show-toplevel)" \ - && docker build -t bears . + && bash build_docker_image.bash ) ``` @@ -82,7 +82,7 @@ docker run \ --rm \ --interactive \ --tty \ - --expose 3000:3000 \ + --publish 3000:3000 \ bears ``` diff --git a/build_docker_image.bash b/build_docker_image.bash new file mode 100644 index 0000000000..f0c0c55e72 --- /dev/null +++ b/build_docker_image.bash @@ -0,0 +1,4 @@ +#!/bin/bash + +# The build script that makes sure that the user that is running the process is the current user.docker +docker build --build-arg "RUNNER=$(id -u)" -t bears . From 8dee786a0cc233b2161f2821df06c31aa574290e Mon Sep 17 00:00:00 2001 From: FatmaBakir Date: Fri, 3 Feb 2023 15:38:33 +0000 Subject: [PATCH 09/10] [MegaLinter] Apply linters fixes --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2d0f79c804..6e969af72c 100644 --- a/README.md +++ b/README.md @@ -166,7 +166,7 @@ docker build -t bears . \ ## Design considerations - Some items we only render client-side this is because the data - relationships are not fully captured by [Nuxt.js](<(https://nuxtjs.org)>) + relationships are not fully captured by [Nuxt.js](<()>) and by moving them client-side [Vue.js](https://vuejs.org/) is able to track those relationships. - The current print philosophy is that print is a different From f18e32210ec2953f5849613b2e90fd4c4a6de92d Mon Sep 17 00:00:00 2001 From: Fatma Bakir Date: Fri, 3 Feb 2023 15:51:48 -0500 Subject: [PATCH 10/10] Update .babelrc to silence Babel deoptimization warning --- .babelrc | 1 + README.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.babelrc b/.babelrc index 84c2e570ec..b2617be310 100644 --- a/.babelrc +++ b/.babelrc @@ -1,6 +1,7 @@ { "env": { "test": { + "compact": false, "presets": [ [ "@babel/preset-env", diff --git a/README.md b/README.md index 6e969af72c..28c429254d 100644 --- a/README.md +++ b/README.md @@ -88,7 +88,7 @@ docker run \ This will run the container in the foreground (replace the `--interactive` and `--tty` flags with `--detach` to have it run in the background). The -`--expose` flag makes it so that connection attempts to the port BEARS +`--publish` flag makes it so that connection attempts to the port BEARS runs on is accessible outside of the container (e.g., from a web browser on the local system).