diff --git a/.dockerignore b/.dockerignore index fc6bfedec..8fc54ff3b 100644 --- a/.dockerignore +++ b/.dockerignore @@ -13,6 +13,5 @@ README.md bower.json circle.yml log/* -smoke_test spec tmp/* diff --git a/.env.example b/.env.example index b025340bd..88ceb18dc 100755 --- a/.env.example +++ b/.env.example @@ -9,11 +9,5 @@ # NOTE: .env file will override vars defined here. # GOVUK_NOTIFY_API_KEY=govuk_notify_api_key -GPLUS_CLIENT_ID=localdev_gplus_client_id -GPLUS_CLIENT_SECRET=localdev_gplus_client_secret SSL_ON=false MAX_TOKENS_PER_HOUR=8 -KEEN_PROJECT_ID=aaaaaaaaaaaaaaa -KEEN_MASTER_KEY=xxxxxxxxxxxxxxx -KEEN_WRITE_KEY=yyyyyyyyyyyyyyy -KEEN_READ_KEY=zzzzzzzzzzzzzzz diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index feea44f81..15965b34e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -44,11 +44,6 @@ jobs: with: bundler-cache: true - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 14.17.5 - - name: Precompile assets run: bin/rails assets:precompile diff --git a/Gemfile b/Gemfile index 977a12d26..753ca7f6f 100644 --- a/Gemfile +++ b/Gemfile @@ -23,7 +23,6 @@ gem "govuk_template", "~> 0.26.0" gem "haml-rails" gem "jbuilder", "~> 2.11" gem "jquery-rails" -gem "keen" gem "mail", ">= 2.8" gem "mini_magick", ">= 4.9.4" gem "netaddr", "~> 2.0.6" @@ -31,10 +30,8 @@ gem "opensearch-model", github: "compliance-innovations/opensearch-rails" gem "opensearch-rails", github: "compliance-innovations/opensearch-rails" gem "paper_trail" gem "pg" -gem "prometheus_exporter" gem "puma" gem "pundit", "~> 2.3" -gem "rack-protection" gem "rails", "~> 7.1.3" gem "sanitize" gem "sass-rails" @@ -62,8 +59,10 @@ group :test do gem "database_cleaner" gem "rails-controller-testing" gem "rspec-json_expectations" + gem "selenium-webdriver" gem "simplecov", require: false gem "site_prism" + gem "timecop" gem "webmock" end @@ -72,15 +71,10 @@ group :development, :test do gem "brakeman" gem "capybara" gem "debug" + gem "dotenv-rails" gem "factory_bot_rails" gem "listen" gem "rspec-rails" gem "rubocop-govuk" - gem "selenium-webdriver" gem "shoulda-matchers" - gem "timecop" -end - -group :development, :test, :assets do - gem "dotenv-rails" end diff --git a/Gemfile.lock b/Gemfile.lock index c903d2c3a..5fbd6c6d4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -323,9 +323,6 @@ GEM thor (>= 0.14, < 2.0) json (2.6.3) jwt (2.7.0) - keen (1.1.1) - addressable (~> 2.5) - multi_json (~> 1.12) kramdown (2.4.0) rexml listen (3.8.0) @@ -597,8 +594,6 @@ GEM activesupport (>= 3.0.0) racc (1.8.0) rack (3.1.5) - rack-protection (2.2.0) - rack rack-proxy (0.7.7) rack rack-session (2.0.0) @@ -838,7 +833,6 @@ DEPENDENCIES haml-rails jbuilder (~> 2.11) jquery-rails - keen listen logstasher (~> 2.1.5) mail (>= 2.8) @@ -848,10 +842,8 @@ DEPENDENCIES opensearch-rails! paper_trail pg - prometheus_exporter puma pundit (~> 2.3) - rack-protection rails (~> 7.1.3) rails-controller-testing rspec-json_expectations diff --git a/README.md b/README.md index 6ef50acf7..88ac56b10 100644 --- a/README.md +++ b/README.md @@ -8,84 +8,88 @@ # MoJ People Finder -[![CircleCI](https://circleci.com/gh/ministryofjustice/peoplefinder/tree/main.svg?style=svg)](https://circleci.com/gh/ministryofjustice/peoplefinder/tree/main) [![repo standards badge](https://img.shields.io/endpoint?labelColor=231f20&color=005ea5&style=for-the-badge&label=MoJ%20Compliant&url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fendpoint%2Fpeoplefinder&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAAABmJLR0QA/wD/AP+gvaeTAAAHJElEQVRYhe2YeYyW1RWHnzuMCzCIglBQlhSV2gICKlHiUhVBEAsxGqmVxCUUIV1i61YxadEoal1SWttUaKJNWrQUsRRc6tLGNlCXWGyoUkCJ4uCCSCOiwlTm6R/nfPjyMeDY8lfjSSZz3/fee87vnnPu75z3g8/kM2mfqMPVH6mf35t6G/ZgcJ/836Gdug4FjgO67UFn70+FDmjcw9xZaiegWX29lLLmE3QV4Glg8x7WbFfHlFIebS/ANj2oDgX+CXwA9AMubmPNvuqX1SnqKGAT0BFoVE9UL1RH7nSCUjYAL6rntBdg2Q3AgcAo4HDgXeBAoC+wrZQyWS3AWcDSUsomtSswEtgXaAGWlVI2q32BI0spj9XpPww4EVic88vaC7iq5Hz1BvVf6v3qe+rb6ji1p3pWrmtQG9VD1Jn5br+Knmm70T9MfUh9JaPQZu7uLsR9gEsJb3QF9gOagO7AuUTom1LpCcAkoCcwQj0VmJregzaipA4GphNe7w/MBearB7QLYCmlGdiWSm4CfplTHwBDgPHAFmB+Ah8N9AE6EGkxHLhaHU2kRhXc+cByYCqROs05NQq4oR7Lnm5xE9AL+GYC2gZ0Jmjk8VLKO+pE4HvAyYRnOwOH5N7NhMd/WKf3beApYBWwAdgHuCLn+tatbRtgJv1awhtd838LEeq30/A7wN+AwcBt+bwpD9AdOAkYVkpZXtVdSnlc7QI8BlwOXFmZ3oXkdxfidwmPrQXeA+4GuuT08QSdALxC3OYNhBe/TtzON4EziZBXD36o+q082BxgQuqvyYL6wtBY2TyEyJ2DgAXAzcC1+Xxw3RlGqiuJ6vE6QS9VGZ/7H02DDwAvELTyMDAxbfQBvggMAAYR9LR9J2cluH7AmnzuBowFFhLJ/wi7yiJgGXBLPq8A7idy9kPgvAQPcC9wERHSVcDtCfYj4E7gr8BRqWMjcXmeB+4tpbyG2kG9Sl2tPqF2Uick8B+7szyfvDhR3Z7vvq/2yqpynnqNeoY6v7LvevUU9QN1fZ3OTeppWZmeyzRoVu+rhbaHOledmoQ7LRd3SzBVeUo9Wf1DPs9X90/jX8m/e9Rn1Mnqi7nuXXW5+rK6oU7n64mjszovxyvVh9WeDcTVnl5KmQNcCMwvpbQA1xE8VZXhwDXAz4FWIkfnAlcBAwl6+SjD2wTcmPtagZnAEuA3dTp7qyNKKe8DW9UeBCeuBsbsWKVOUPvn+MRKCLeq16lXqLPVFvXb6r25dlaGdUx6cITaJ8fnpo5WI4Wuzcjcqn5Y8eI/1F+n3XvUA1N3v4ZamIEtpZRX1Y6Z/DUK2g84GrgHuDqTehpBCYend94jbnJ34DDgNGArQT9bict3Y3p1ZCnlSoLQb0sbgwjCXpY2blc7llLW1UAMI3o5CD4bmuOlwHaC6xakgZ4Z+ibgSxnOgcAI4uavI27jEII7909dL5VSrimlPKgeQ6TJCZVQjwaOLaW8BfyWbPEa1SaiTH1VfSENd85NDxHt1plA71LKRvX4BDaAKFlTgLeALtliDUqPrSV6SQCBlypgFlbmIIrCDcAl6nPAawmYhlLKFuB6IrkXAadUNj6TXlhDcCNEB/Jn4FcE0f4UWEl0NyWNvZxGTs89z6ZnatIIrCdqcCtRJmcCPwCeSN3N1Iu6T4VaFhm9n+riypouBnepLsk9p6p35fzwvDSX5eVQvaDOzjnqzTl+1KC53+XzLINHd65O6lD1DnWbepPBhQ3q2jQyW+2oDkkAtdt5udpb7W+Q/OFGA7ol1zxu1tc8zNHqXercfDfQIOZm9fR815Cpt5PnVqsr1F51wI9QnzU63xZ1o/rdPPmt6enV6sXqHPVqdXOCe1rtrg5W7zNI+m712Ir+cer4POiqfHeJSVe1Raemwnm7xD3mD1E/Z3wIjcsTdlZnqO8bFeNB9c30zgVG2euYa69QJ+9G90lG+99bfdIoo5PU4w362xHePxl1slMab6tV72KUxDvzlAMT8G0ZohXq39VX1bNzzxij9K1Qb9lhdGe931B/kR6/zCwY9YvuytCsMlj+gbr5SemhqkyuzE8xau4MP865JvWNuj0b1YuqDkgvH2GkURfakly01Cg7Cw0+qyXxkjojq9Lw+vT2AUY+DlF/otYq1Ixc35re2V7R8aTRg2KUv7+ou3x/14PsUBn3NG51S0XpG0Z9PcOPKWSS0SKNUo9Rv2Mmt/G5WpPF6pHGra7Jv410OVsdaz217AbkAPX3ubkm240belCuudT4Rp5p/DyC2lf9mfq1iq5eFe8/lu+K0YrVp0uret4nAkwlB6vzjI/1PxrlrTp/oNHbzTJI92T1qAT+BfW49MhMg6JUp7ehY5a6Tl2jjmVvitF9fxo5Yq8CaAfAkzLMnySt6uz/1k6bPx59CpCNxGfoSKA30IPoH7cQXdArwCOllFX/i53P5P9a/gNkKpsCMFRuFAAAAABJRU5ErkJggg==)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-github-repositories.html#peoplefinder) -## Installing for development +## Development -This is not how people finder is actually deployed but provides an environment to do development on the app. +### Working on the Code -### Ubuntu install +Work should be based off of, and PRed to, the main branch. We use the GitHub +PR approval process so once your PR is ready you'll need to have one person +approve it, and the CI tests passing, before it can be merged. -On a Ubuntu 12.04 LTE box: -- install curl, git, postgresql, postgresql-dev-all, nodejs -- install rails through rvm. One way is: - - `gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3` - - `\curl -L https://get.rvm.io | bash -s stable --ruby` -- start a new shell -- `rvm gemset use global` -- `gem install bundler` -- `gem install rails` -- `clone this repository` -- `cd peoplefinder` -- `bundle install` -- `sudo su postgres createuser ubuntu` (or the name of the user the application will be running as) -- `createdb peoplefinder_development` (as the user the application will be running as) -- `bin/rake db:migrate RAILS_ENV=development` -- `bundle exec rails s -b 0.0.0.0` +### Basic Setup -Point your browser to http://0.0.0.0:3000 and you should see the application's start page. +#### Cloning This Repository -### Mac OSX install +Clone this repository then `cd` into the new directory -PeopleFinder uses Ruby 3.2.2 and bundler 2.4.19 +``` +$ git clone git@github.com:ministryofjustice/peoplefinder.git +$ cd peoplefinder +``` -Install Ruby 3.2.2 using rbenv or rvm then install bundler using +### Installing the app for development -`gem install bundler:2.4.19` +#### Latest Version of Ruby + +If you don't have `rbenv` already installed, install it as follows: +``` +$ brew install rbenv ruby-build +$ rbenv init +``` -[Install Homebrew](http://brew.sh/) if it is not on your machine. +Follow the instructions printed out from the `rbenv init` command and update your `~/.bash_profile` or equivalent file accordingly, then start a new terminal and navigate to the repo directory. -Install opensearch through brew (opensearch is an open source version of elasticsearch) +Use `rbenv` to install the latest version of ruby as defined in `.ruby-version` (make sure you are in the repo path): ``` -brew install opensearch +$ rbenv install ``` +#### Dependencies + +Postgresql + +``` +$ brew install postgresql +``` -Install remaining dependencies on Mac OSX: +Opensearch -```cmd -brew install postgresql -brew install imagemagick -brew cask install phantomjs +``` +$ brew install opensearch +``` -git clone git@github.com:ministryofjustice/peoplefinder.git -cd peoplefinder +#### Setup -gem install eventmachine -v 1.0.5 -- --with-cppflags=-I/usr/local/opt/openssl/include +Use the following commands to install gems and javascript packages then create the database -# if you encounter issues with the bundler version -# for example if you have a later version installed in this ruby, -# add _1.14.6_ to the following commands e.g.: -# `bundle _1.14.6_` -bundle -bundle exec rake db:setup -bundle exec rake peoplefinder:db:reload # includes demo data -bundle exec rake # runs tests - make sure Opensearch is running -bundle exec rails s -b 0.0.0.0 +``` +$ bin/setup ``` -In a separate terminal, run job worker for sending emails: +#### Seeds -```cmd -cd peoplefinder -bundle exec rake jobs:work +Create some demo teams + +``` +$ DOMAIN=fake.gov.uk be rake peoplefinder:data:demo ``` +#### Running locally: + +To just run the web server without any background jobs (usually sufficient): + +``` +$ bin/rails server +``` + +The site will be accessible at http://localhost:3000. + ## Configuration These should be defined in the config/application.rb or in the enviroments/__environment__.rb files if the settings need to be @@ -95,8 +99,6 @@ defined on a per environment basis. `config.default_url_options` e.g. { host: mail.peoplefinder.example.com } -`config.disable_token_auth` Disable the 'token-based authentication' feature - `config.open_search_url` Required for production (see Search section below) `config.support_email` e.g. 'peoplefinder-support@example.com' @@ -117,41 +119,9 @@ Adding a new domain to the production database from bash/zsh etc: - Example: `email@` 6. If successful, you should be navigated to a page which states 'Link sent - check your email' -## Authentication - -Authentication for Log in to People Finder in the various environments (dev/staging/prod) is handled by the setting of `GPLUS_CLIENT_ID` and `GP_CLIENT_SECRET` environment variables in the [private People Finder Deployment repo](https://github.com/ministryofjustice/pf-deploy/) - -You can configure your local machine for authentication by obtaining an OAuth Client ID and Secret from google+ and setting them in a `.env.local` file (.gitignore'd). - -To create your own ID and SECRET: - - * visit the [Google Developers Console](https://console.developers.google.com/). - * Create a project, optionally naming it `PeopleFinder-local`, and wait for the process to complete. - - * Select **Google+ API** from the central panel "Overview", then hit the Enable button. Wait for process to complete then follow link to **Go to Credentials** or choose **Credentials** from left sidebar, then follow the steps required to create an **OAuth 2.0 client ID** for a **Web application**. - - * On **OAuth consent page** you can optonally set the **Product name** to `PeopleFinder-local` - * On the credentials page: - * set Application type to Web application - * set Name to `PeopleFinder-local` - * set **Authorized JavaScript origins** to the root (e.g. `http://localhost:3000`) - * set **Authorized redirect URIs** to the OAuth redirect path, currently `http://localhost:3000/auth/gplus/callback`, but check routes.rb - -Hit create/continue until process is complete and you will receive a client ID and client SECRET. - -For local development purposes the ID and SECRET can be stored in your bash profile or you can create an `.env.local` file based on `.env.example` and set them, as below. - -``` -GPLUS_CLIENT_ID=your_gplus_client_id -GPLUS_CLIENT_SECRET=your_gplus_client_secret -``` - -The permitted domains are configured in `config/application.rb`. - ## Token-based authentication -An alternative 'token-based' authentication method is also supported. The -token authentication method relies upon the users access to their email +The token authentication method relies upon the users access to their email account to authenticate them. Each time the user wishes to start a session, they need to generate an @@ -167,17 +137,15 @@ For local testing - There are a few ways you can get the token ``` http://localhost:3000/tokens/ -2. you can view the server logs and copy the token from there, then paste it into the URL. See the image below: +1. you can view the server logs and copy the token from there, then paste it into the URL. See the image below: ![image](https://user-images.githubusercontent.com/22935203/114713734-4e6e3f00-9d29-11eb-86f2-a7a18a4f9eb7.png) -Then use the token on this URL: http://localhost:3000/tokens/3da4f4e2-8001-4437-b3ab-7e2b3f6e768c <-- replace with your token.3 +Then use the token on this URL: http://localhost:3000/tokens/3da4f4e2-8001-4437-b3ab-7e2b3f6e768c <-- replace with your token. ## E-mails -People Finder sends a few types of e-mail. E-mails are delivered using `delayed_job` adapter for `activejob`. - -Run `bundle exec rake jobs:work` to activate the worker. +People Finder sends a few types of e-mail using GOV.UK Notify In production, periodic emails are sent to users that have: - never logged in before; @@ -262,20 +230,6 @@ If your shell is Zsh, you have to escape `~` by using `\~`. > config.fog_public = false # default: true > ``` -## Testing - -You'll need to install PhantomJS in order to run the headless browser tests and the smoke_test. - -On OSX: - -`brew install phantomjs` - -On a Linux box, you won't find a [pre-packaged headless phantomjs](http://phantomjs.org/download.html) as of this writing. You might need to recompile it from source (we have it in a private apt repository). - -Also, if you'd like test coverage for Javascript you'll need to have Node and Istanbul installed. The easiest way to do this is installing Node via nvm and then use npm to install Istanbul like so: - -`npm install -g istanbul` - ## View templates The application layout is set by the [moj_internal_template](https://github.com/ministryofjustice/moj_internal_template) that is installed as part of this engine. @@ -334,57 +288,10 @@ rake peoplefinder:import:csv_check[path] # Check validity of CSV file befo rake peoplefinder:import:csv_import[path] # Import valid CSV file ``` -### Mail previews - -Mail previews can be found at `http://localhost:3000/rails/mailers`, assuming the server is running locally on port 3000. - - -### Front end development - -A large part of the audience for Peoplefinder are, at time of writing, still reliant on -Windows XP for their OS and IE7 for their browser. Consequently considerable styling and javascript needs IE7 workarounds. To assist, you can install Virtual Box VMs using the guide below - -1. install virtual box - [Virtualbox](https://www.virtualbox.org/wiki/Downloads) - -2. you can download fairly reliable MS Windows VMs using this site at [xdissent](http://xdissent.github.io/ievms/). The simplest method is to download the Windows 7 with IE10 VM and use the Developer tools in IE10 to change ***Browser mode*** and ***Document mode*** to IE7. - ``` - curl -s https://raw.githubusercontent.com/xdissent/ievms/master/ievms.sh | env IEVMS_VERSIONS="10" bash - ``` -3. once command above has completed power on the machine in virtual box, start IE and use http://10.0.2.2:3000 (i.e. 10.0.2.2 maps to the host's `localhost` IP) - -4. you can map the VMs localhost to 10.0.2.2 to allow GPlus OAuth login to function by amending the hosts file, `C:\Windows\System32\drivers\etc\hosts`, to add the line below: -``` -10.0.2.2 localhost -``` - -#### Optional config for your VM for local development: - - * enable host to VM copy/paste - - ``` - vbox > machine > settings > General(tab) > Advanced(tab) > Shared clipboard(dropdown) > Bidirectionl - ``` - -### Development tools - -CI by [Travis](https://travis-ci.org/ministryofjustice/peoplefinder). - ## Reminders If the Peoplefinder is to be successful, profiles need to be populated and maintained. -###Support - -A support email address is set as SUPPORT_EMAIL. - -## Keeping secrets and sensitive information secure +## Exceptions -There should be *absolutely no secure credentials* committed in this repo. Information about secret management can be found in the related confluence pages. - -### prometheus_exporter -if you want to check/debug prometheus_exporter under local development environment, just open a separated terminial and get into this project root foler -and run the following command from command line -``` ->prometheus_exporter -``` -and also comment out the line for checking Rails.env from puma.rb and prometheus_exporter.rb temporarily +Any exceptions raised in any deployed environment will be sent to [Sentry](https://ministryofjustice.sentry.io/projects/peoplefinder). diff --git a/deploy.sh b/deploy.sh deleted file mode 100755 index 61f3525aa..000000000 --- a/deploy.sh +++ /dev/null @@ -1,181 +0,0 @@ -#!/bin/sh - -# exit when any command fails -set -e - -p() { - printf "\e[33m$1\e[0m\n" -} - -function _deploy() { - - # Define variables for use in the script - team_name=peoplefinder - ecr_repo_name=peoplefinder - component=peoplefinder - docker_endpoint=754256621582.dkr.ecr.eu-west-2.amazonaws.com - docker_registry=${docker_endpoint}/${team_name}/${ecr_repo_name} - - usage="deploy -- deploy image from ECR to an environment - Usage: ./deploy.sh image-tag environment - Where: - environment - one of development|staging|qa|production - image-tag - any valid ECR image tag for app generated by build script - Prerequisites: - Build an image to deploy using build.sh in a checked out - copy of the head of the branch you want to deploy. Supply the - resulting image tag to this deploy script. - Example: - # build the app to get an image tag - ./build.sh - ...many lines of output... - Image created with tag: pf-CT-1234-6bece953 - - # deploy image-tag to development - ./deploy.sh pf-CT-1234-6bece953 development - - # deploy latest image of main to production - ./deploy.sh pf-CT-1234-6bece953 production - " - - # Ensure the script is called with two or three arguments - if [ $# -lt 2 ] || [ $# -gt 3 ] - then - echo "$usage" - return 0 - fi - - # Ensure that the first argument is a reasonable image name if not circleci (regexp diff in linux) - if [[ "$3" == "circleci" ]] - then - image_tag=$1 - else - if [[ "$1" =~ ^pf- ]] - then - image_tag=$1 - else - p "\e[31mFatal error: Image tag not recognised: $1\e[0m" - p "\e[31mPlease supply an image tag generated by the build script as the first argument\e[0m\n" - echo "$usage" - return 0 - fi - fi - - # Ensure that the second argument is a valid stage - case "$2" in - development | staging | production) - environment=$2 - ;; - *) - p "\e[31mFatal error: deployment environment not recognised: $2\e[0m" - p "\e[31mEnvironment must be one of development | staging | qa | production\e[0m\n" - echo "$usage" - return 0 - ;; - esac - - # Confirm what's going to happen and ask for confirmation if not circle ci - docker_image_tag=${docker_registry}:${image_tag} - - namespace=$component-${environment} - p "--------------------------------------------------" - p "Deploying People Finder to kubernetes cluster: Live" - p "Environment: \e[32m$environment\e[0m" - p "Docker image: \e[32m$image_tag\e[0m" - p "Target namespace: \e[32m$namespace\e[0m" - p "--------------------------------------------------" - - if [[ "$3" != "circleci" ]] - then - if [[ $environment == "production" ]] - then - read -p "Do you wish to deploy this image to production? (Enter 'deploy' to continue): " confirmation_message - if [[ $confirmation_message == "deploy" ]] - then - p "Deploying app to production..." - else - return 0 - fi - else - read -p "Do you wish to deploy this image to $environment? (Enter Y to continue): " confirmation_message - if [[ $confirmation_message =~ ^[Yy]$ ]] - then - p "Deploying app to $environment..." - else - return 0 - fi - fi - fi - - if [[ "$3" == "circleci" ]] - then - #authenticate to live cluster - p "Authenticating to live..." - echo -n $KUBE_ENV_LIVE_CA_CERT | base64 -d > ./live_ca.crt - kubectl config set-cluster $KUBE_ENV_LIVE_CLUSTER_NAME --certificate-authority=./live_ca.crt --server=https://$KUBE_ENV_LIVE_CLUSTER_NAME - - if [[ $environment == "development" ]] - then - live_token=$KUBE_ENV_LIVE_DEVELOPMENT_TOKEN - fi - - if [[ $environment == "staging" ]] - then - live_token=$KUBE_ENV_LIVE_STAGING_TOKEN - fi - - if [[ $environment == "production" ]] - then - live_token=$KUBE_ENV_LIVE_PRODUCTION_TOKEN - fi - - kubectl config set-credentials circleci --token=$live_token - kubectl config set-context $KUBE_ENV_LIVE_CLUSTER_NAME --cluster=$KUBE_ENV_LIVE_CLUSTER_NAME --user=circleci --namespace=$namespace - kubectl config use-context $KUBE_ENV_LIVE_CLUSTER_NAME - kubectl config current-context - kubectl --namespace=$namespace get pods - fi - - #deploy to live cluster - p "Authenticated, deploying to live..." - - - # Apply config map updates - kubectl apply \ - -f config/kubernetes/${environment}/env-configmap.yaml -n $namespace - - # Apply image specific config - kubectl set image -f config/kubernetes/${environment}/deployment.yaml \ - webapp=${docker_image_tag} \ - metrics=${docker_image_tag} \ - jobs=${docker_image_tag} --local --output yaml | kubectl apply -n $namespace -f - - - # Apply non-image specific config - kubectl apply \ - -f config/kubernetes/${environment}/service.yaml \ - -f config/kubernetes/${environment}/ingress-live.yaml \ - -n $namespace - - #Add cron jobs if production - if [[ $environment == "production" ]] - then - kubectl set image -f config/kubernetes/${environment}/cron-person-notifier.yaml \ - jobs=${docker_image_tag} --local --output yaml | kubectl apply -n $namespace -f - - - kubectl set image -f config/kubernetes/${environment}/cron-team-description-notifier.yaml \ - jobs=${docker_image_tag} --local --output yaml | kubectl apply -n $namespace -f - - - kubectl set image -f config/kubernetes/${environment}/cron-never-logged-in-notifier.yaml \ - jobs=${docker_image_tag} --local --output yaml | kubectl apply -n $namespace -f - - - kubectl set image -f config/kubernetes/${environment}/cron-person-update-reminder.yaml \ - jobs=${docker_image_tag} --local --output yaml | kubectl apply -n $namespace -f - - - kubectl set image -f config/kubernetes/${environment}/cron-user-behaviour-report.yaml \ - jobs=${docker_image_tag} --local --output yaml | kubectl apply -n $namespace -f - - - fi - -} - -_deploy $@ diff --git a/lib/tasks/peoplefinder/data.rake b/lib/tasks/peoplefinder/data.rake index 2d4299efb..d12254f21 100644 --- a/lib/tasks/peoplefinder/data.rake +++ b/lib/tasks/peoplefinder/data.rake @@ -62,7 +62,7 @@ namespace :peoplefinder do desc "create basic demonstration data" task demo: :environment do DemoGroupMemberships.new.each do |group, member_count| - RandomGenerator.new(group).generate_members(member_count, DOMAIN) + RandomGenerator.new(group).generate_members(member_count, ENV["DOMAIN"]) end puts "Generated random basic demonstration data" Rake::Task["peoplefinder:data:search_scenario_1"].invoke @@ -93,10 +93,10 @@ namespace :peoplefinder do names.each do |name| given_name = name.split.first surname = name.split.second - email = "#{given_name.downcase}.#{surname.downcase}@#{DOMAIN}" + email = "#{given_name.downcase}.#{surname.downcase}@#{ENV['DOMAIN']}" Person.find_or_initialize_by(given_name:, surname:, email:).tap do |person| person.memberships << Membership.new(person_id: person.id, group_id: demo_groups.sample.first.id) if person.memberships.empty? - person.description = "PA to Steve Richards" if email == "personal.assistant@#{DOMAIN}" + person.description = "PA to Steve Richards" if email == "personal.assistant@#{ENV['DOMAIN']}" person.save! end end diff --git a/smoke_test b/smoke_test deleted file mode 100755 index a1ec70965..000000000 --- a/smoke_test +++ /dev/null @@ -1,195 +0,0 @@ -#!/usr/bin/env ruby - -# Peoplefinder smoke test -# ======================= -# -# Set the following environment variables: -# -# * HOST - the root of the server to be tested, e.g. http://example.com/ -# * EMAIL_ADDRESS - the email address to sign in with -# * EMAIL_PASSWORD - the IMAP password -# -# Google Apps IMAP is assumed, and the account must have IMAP access -# configured. For the password, generate an app-specific password (this is -# necessary if two-factor authentication is enabled). -# -# Run the test: -# -# $ bundle exec ./smoke_test -# -# Successful output will look like this: -# -# Request token ... OK -# Fetch token email ... wait 2s ... OK -# Sign in ... OK -# Edit profile ... OK -# Search for profile ... wait 2s ... OK -# -# On success, the return code is zero. Failure will result in a non-zero return -# code. - -require "bundler/setup" -require "capybara" -require "capybara/dsl" -require "capybara/poltergeist" -require "mail" -require "net/imap" -require "securerandom" - -host = ENV.fetch("HOST") -email_address = ENV.fetch("EMAIL_ADDRESS") -email_password = ENV.fetch("EMAIL_PASSWORD") -search_name = ENV.fetch("SEARCH_NAME") - -Capybara.register_driver :poltergeist do |app| - Capybara::Poltergeist::Driver.new(app, phantomjs_options: ["--ignore-ssl-errors=yes"]) -end -Capybara.run_server = false -Capybara.current_driver = :poltergeist -Capybara.app_host = host - -class SmokeTest - include Capybara::DSL - - TIME_DRIFT_ALLOWANCE = 5 - - def initialize(email_address, imap, host, search_name) - @email_address = email_address - @imap = imap - @host = host - @search_name = search_name - @start_time = Time.zone.now.utc - end - - def run - step "Request token" do - # 300 secs is the TTL for the DNS based maintenance page - with_retries(initial_delay: 15, max_delay: 60) { request_token } - # request_token - end - - signin_path = nil - step "Fetch token email" do - token_mail = with_retries(initial_delay: 5, max_delay: 120) { fetch_token_mail } - raise "couldn't find token email" unless token_mail - - text_part = token_mail.text_part.decoded - signin_path = text_part[%r{/tokens/[0-9a-f-]+}] - raise "couldn't find sign-in token link" unless signin_path - end - - my_name = nil - step "Sign in" do - sign_in signin_path - my_name = find_own_name - end - - unique_string = SecureRandom.uuid - step "Edit profile" do - update_profile my_name, unique_string - end - - step "Search for own changed profile" do - found = with_retries { search_profile my_name, unique_string } - raise "couldn't find own profile via search" unless found - end - - step "Search for profile: #{@search_name}" do - found = with_retries { search_profile @search_name, @search_name } - raise "couldn't find profile for #{@search_name} via search" unless found - end - rescue StandardError => e - puts page.text - raise e - end - -private - - attr_reader :imap, :email_address - - def find_own_name - page.text[/Signed in as (.*?) Sign out/, 1].tap do |name| - raise "couldn't find own name" unless name - end - end - - def search_profile(name, search_term) - visit "/" - fill_in "Enter the name of a person or role", with: search_term - click_button "Submit search" - result = nil - within "#search_results" do - result = page.has_text?(name) - end - result - end - - def update_profile(name, uuid) - desc = "Smoke test started at #{@start_time.iso8601}\n\nUnique identifier: #{uuid}" - click_link name, match: :first - click_edit_profile - fill_in "Extra information", with: desc - click_button "Save", match: :first - raise "couldn't update profile" unless page.has_text?("Updated your profile") - end - - def request_token - visit "/" - page_loaded = page.has_text?("Request link to access People Finder") - if page_loaded - fill_in "Email address", with: email_address - click_button "Request link" - end - page_loaded - end - - def fetch_token_mail - imap.examine "INBOX" - candidate_ids = imap.search(["SINCE", @start_time.strftime("%-d-%b-%Y")]) - mails = candidate_ids.map do |id| - msg = imap.fetch(id, "RFC822")[0].attr["RFC822"] - Mail.read_from_string(msg) - end - mails.reverse.find do |mail| - mail.subject =~ /access request/i && - mail.date.to_time >= (@start_time - TIME_DRIFT_ALLOWANCE) && - mail.text_part.decoded.include?(@host) - end - end - - def sign_in(path) - visit path - raise "couldn't sign in via #{path}" unless page.body =~ /Signed in as/ - end - - def with_retries(tries: 5, initial_delay: 2, max_delay: 30) - delay = initial_delay - result = nil - tries.times do - result = yield - break if result - - wait delay - delay = [max_delay, delay * 2].min - end - result - end - - def wait(delay) - $stdout.print "wait #{delay} ... " - $stdout.flush - sleep delay - end - - def step(string) - $stdout.print string, " ... " - $stdout.flush - yield.tap { $stdout.puts "OK" } - end -end - -imap = Net::IMAP.new("imap.gmail.com", port: 993, ssl: true) -imap.login email_address, email_password -SmokeTest.new(email_address, imap, host, search_name).run -imap.logout -imap.disconnect