GSA · xlorepdarkhelm · Oct 16, 2024 · Sep 11, 2024 · Sep 11, 2024 · Sep 18, 2024
diff --git a/.ds.baseline b/.ds.baseline
@@ -209,7 +209,7 @@
         "filename": "tests/app/aws/test_s3.py",
         "hashed_secret": "67a74306b06d0c01624fe0d0249a570f4d093747",
         "is_verified": false,
-        "line_number": 27,
+        "line_number": 29,
         "is_secret": false
       }
     ],
@@ -384,5 +384,5 @@
       }
     ]
   },
-  "generated_at": "2024-09-10T18:12:39Z"
+  "generated_at": "2024-09-27T16:42:53Z"
 }
diff --git a/.github/actions/deploy-proxy/action.yml b/.github/actions/deploy-proxy/action.yml
@@ -1,6 +1,9 @@
 name: Deploy egress proxy
 description: Set egress space security groups and deploy proxy
 inputs:
+  cf_org:
+    description: The org the target app exists in.
+    required: true
   cf_space:
     description: The space the target app exists in.
     required: true
@@ -16,6 +19,19 @@ inputs:
 runs:
   using: composite
   steps:
+    - name: Install cf-cli
+      shell: bash
+      run: |
+        curl -A "cg-deploy-action" -v -L -o cf-cli_amd64.deb 'https://packages.cloudfoundry.org/stable?release=debian64&version=v8&source=github'
+        sudo dpkg -i cf-cli_amd64.deb
+    - name: Login to cf-cli
+      shell: bash
+      run: |
+        cf api api.fr.cloud.gov
+        cf auth
+    - name: Target org and space
+      shell: bash
+      run: cf target -o ${{ inputs.cf_org }} -s ${{ inputs.cf_space }}
     - name: Set restricted space egress
       shell: bash
       run: ./terraform/set_space_egress.sh -t -s ${{ inputs.cf_space }}

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -54,7 +54,7 @@ jobs:
     - name: Check for dead code
       run: make dead-code
     - name: Run tests with coverage
-      run: poetry run coverage run --omit=*/notifications_utils/*,*/migrations/* -m pytest --maxfail=10
+      run: poetry run coverage run --omit=*/migrations/*,*/tests/* -m pytest --maxfail=10
       env:
         SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
         NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
@@ -63,7 +63,7 @@ jobs:
         NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
     - name: Check coverage threshold
       # TODO get this back up to 95
-      run: poetry run coverage report --fail-under=95
+      run: poetry run coverage report -m --fail-under=91
 
   validate-new-relic-config:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/deploy-demo.yml b/.github/workflows/deploy-demo.yml
@@ -49,7 +49,7 @@ jobs:
       run: poetry export --without-hashes --format=requirements.txt > requirements.txt
 
     - name: Deploy to cloud.gov
-      uses: 18f/cg-deploy-action@main
+      uses: cloud-gov/cg-cli-tools@main
       env:
         DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
         SECRET_KEY: ${{ secrets.SECRET_KEY }}
@@ -64,7 +64,8 @@ jobs:
         cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
         cf_org: gsa-tts-benefits-studio
         cf_space: notify-demo
-        push_arguments: >-
+        cf_command: >-
+          push -f manifest.yml
           --vars-file deploy-config/demo.yml
           --var DANGEROUS_SALT="$DANGEROUS_SALT"
           --var SECRET_KEY="$SECRET_KEY"
@@ -73,6 +74,7 @@ jobs:
           --var NOTIFY_E2E_TEST_EMAIL="$NOTIFY_E2E_TEST_EMAIL"
           --var NOTIFY_E2E_TEST_PASSWORD="$NOTIFY_E2E_TEST_PASSWORD"
           --var LOGIN_DOT_GOV_REGISTRATION_URL="$LOGIN_DOT_GOV_REGISTRATION_URL"
+          --strategy rolling
 
     - name: Check for changes to templates.json
       id: changed-templates
@@ -95,6 +97,10 @@ jobs:
     - name: Deploy egress proxy
       if: steps.changed-egress-config.outputs.any_changed == 'true'
       uses: ./.github/actions/deploy-proxy
+      env:
+          CF_USERNAME: ${{ secrets.CLOUDGOV_USERNAME }}
+          CF_PASSWORD: ${{ secrets.CLOUDGOV_PASSWORD }}
       with:
-        cf_space: notify-demo
-        app: notify-api-demo
+        cf_org: gsa-tts-benefits-studio
+        cf_space: notify-staging
+        app: notify-api-staging
diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
@@ -53,7 +53,7 @@ jobs:
       run: poetry export --without-hashes --format=requirements.txt > requirements.txt
 
     - name: Deploy to cloud.gov
-      uses: 18f/cg-deploy-action@main
+      uses: cloud-gov/cg-cli-tools@main
       env:
         DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
         SECRET_KEY: ${{ secrets.SECRET_KEY }}
@@ -68,7 +68,8 @@ jobs:
         cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
         cf_org: gsa-tts-benefits-studio
         cf_space: notify-production
-        push_arguments: >-
+        cf_command: >-
+          push -f manifest.yml
           --vars-file deploy-config/production.yml
           --var DANGEROUS_SALT="$DANGEROUS_SALT"
           --var SECRET_KEY="$SECRET_KEY"
@@ -77,6 +78,7 @@ jobs:
           --var NOTIFY_E2E_TEST_EMAIL="$NOTIFY_E2E_TEST_EMAIL"
           --var NOTIFY_E2E_TEST_PASSWORD="$NOTIFY_E2E_TEST_PASSWORD"
           --var LOGIN_DOT_GOV_REGISTRATION_URL="$LOGIN_DOT_GOV_REGISTRATION_URL"
+          --strategy rolling
 
     - name: Check for changes to templates.json
       id: changed-templates
@@ -99,6 +101,10 @@ jobs:
     - name: Deploy egress proxy
       if: steps.changed-egress-config.outputs.any_changed == 'true'
       uses: ./.github/actions/deploy-proxy
+      env:
+          CF_USERNAME: ${{ secrets.CLOUDGOV_USERNAME }}
+          CF_PASSWORD: ${{ secrets.CLOUDGOV_PASSWORD }}
       with:
-        cf_space: notify-production
-        app: notify-api-production
+        cf_org: gsa-tts-benefits-studio
+        cf_space: notify-staging
+        app: notify-api-staging
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -55,7 +55,7 @@ jobs:
       run: poetry export --without-hashes --format=requirements.txt > requirements.txt
 
     - name: Deploy to cloud.gov
-      uses: 18f/cg-deploy-action@main
+      uses: cloud-gov/cg-cli-tools@main
       env:
         DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
         SECRET_KEY: ${{ secrets.SECRET_KEY }}
@@ -70,7 +70,8 @@ jobs:
         cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
         cf_org: gsa-tts-benefits-studio
         cf_space: notify-staging
-        push_arguments: >-
+        cf_command: >-
+          push -f manifest.yml
           --vars-file deploy-config/staging.yml
           --var DANGEROUS_SALT="$DANGEROUS_SALT"
           --var SECRET_KEY="$SECRET_KEY"
@@ -79,6 +80,7 @@ jobs:
           --var NOTIFY_E2E_TEST_EMAIL="$NOTIFY_E2E_TEST_EMAIL"
           --var NOTIFY_E2E_TEST_PASSWORD="$NOTIFY_E2E_TEST_PASSWORD"
           --var LOGIN_DOT_GOV_REGISTRATION_URL="$LOGIN_DOT_GOV_REGISTRATION_URL"
+          --strategy rolling
 
     - name: Check for changes to templates.json
       id: changed-templates
@@ -101,7 +103,11 @@ jobs:
     - name: Deploy egress proxy
       if: steps.changed-egress-config.outputs.any_changed == 'true'
       uses: ./.github/actions/deploy-proxy
+      env:
+          CF_USERNAME: ${{ secrets.CLOUDGOV_USERNAME }}
+          CF_PASSWORD: ${{ secrets.CLOUDGOV_PASSWORD }}
       with:
+        cf_org: gsa-tts-benefits-studio
         cf_space: notify-staging
         app: notify-api-staging
 

diff --git a/Makefile b/Makefile
@@ -81,9 +81,10 @@ test: ## Run tests and create coverage report
 	poetry run black .
 	poetry run flake8 .
 	poetry run isort --check-only ./app ./tests
-	poetry run coverage run --omit=*/notifications_utils/*,*/migrations/* -m pytest --maxfail=10
+	poetry run coverage run --omit=*/migrations/*,*/tests/* -m pytest --maxfail=10
 
-	poetry run coverage report -m --fail-under=95
+    ## TODO set this back to 95 asap
+	poetry run coverage report -m --fail-under=91
 	poetry run coverage html -d .coverage_cache
 
 .PHONY: py-lock