Merge branch 'main' of github.com:Enterprise-CMCS/macpro-mdct-carts

.env_example

@@ -32,12 +32,4 @@ princeApiPath=placeholder
 warmupSchedule="60 minutes"
 warmupConcurrency=5
 iamPath=/
-iamPermissionsBoundary="bound"
-runV2DataMigration=false
-
-# -- SET THESE TO JUNK IF NOT RUNNING MIGRATION
-postgresDatabase=placeholder
-postgresHost=placeholder
-postgresUser=placeholder
-postgresPassword=placeholder
-# --
+iamPermissionsBoundary="bound"

.github/workflows/dependabot-auto-merge.yml

@@ -15,7 +15,7 @@ jobs:
     steps:
       - name: Dependabotbot Gather Metadata
         id: metadata
-        uses: dependabot/fetch-metadata@v1.3.0
+        uses: dependabot/fetch-metadata@v1
       - name: Approve a PR
         run: gh pr review --approve "$PR_URL"
         env:

.github/workflows/deploy.yml

@@ -44,17 +44,14 @@ jobs:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           CODE_CLIMATE_ID: ${{ secrets.CODE_CLIMATE_ID }}
       - name: Configure AWS credentials for GitHub Actions
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
-      - name: read .nvmrc
-        id: node_version
-        run: echo ::set-output name=NODE_VERSION::$(cat .nvmrc)
-      - uses: actions/setup-node@v1
+      - uses: actions/setup-node@v3
         with:
-          node-version: ${{ steps.node_version.outputs.NODE_VERSION }}
-      - uses: actions/cache@v2
+          node-version-file: ".nvmrc"
+      - uses: actions/cache@v3
         with:
           path: "**/node_modules"
           key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock', 'plugins/**') }}
@@ -65,15 +62,15 @@ jobs:
         run: ./test-unit.sh
       - name: publish test coverage to code climate
         if: env.CODE_CLIMATE_ID != ''
-        uses: paambaati/codeclimate-action@v2.7.5
+        uses: paambaati/codeclimate-action@v5
         env:
           CC_TEST_REPORTER_ID: ${{ secrets.CODE_CLIMATE_ID }}
         with:
           coverageLocations: |
             ${{github.workspace}}/services/app-api/coverage/lcov.info:lcov
             ${{github.workspace}}/services/ui-src/coverage/lcov.info:lcov
       - name: Store unit test results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: unit_test_results
           path: ${{github.workspace}}/services/ui-src/coverage/lcov.info
@@ -85,7 +82,7 @@ jobs:
       - id: endpoint
         run: |
           APPLICATION_ENDPOINT=$(./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name)
-          echo ::set-output name=application_endpoint::$APPLICATION_ENDPOINT
+          echo "application_endpoint=$APPLICATION_ENDPOINT" >> $GITHUB_OUTPUT
           echo "## Application Endpoint" >> $GITHUB_STEP_SUMMARY
           echo "<$APPLICATION_ENDPOINT>" >> $GITHUB_STEP_SUMMARY
         working-directory: services
@@ -110,12 +107,11 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Run Cypress Tests
-        uses: cypress-io/github-action@v3.0.3
+        uses: cypress-io/github-action@v5
         with:
           working-directory: tests/cypress
           spec: tests/integration/*.spec.js
           browser: chrome
-          headless: true
           config: baseUrl=${{ needs.deploy.outputs.application_endpoint }}
           wait-on: ${{ needs.deploy.outputs.application_endpoint }}
           env: true
@@ -124,10 +120,8 @@ jobs:
           CYPRESS_STATE_USER_PASSWORD: ${{ secrets.CYPRESS_STATE_USER_PASSWORD }}
           CYPRESS_ADMIN_USER_EMAIL: ${{ secrets.CYPRESS_ADMIN_USER_EMAIL }}
           CYPRESS_ADMIN_USER_PASSWORD: ${{ secrets.CYPRESS_ADMIN_USER_PASSWORD }}
-          CYPRESS_REVIEWER_USER_EMAIL: ${{ secrets.CYPRESS_REVIEWER_USER_EMAIL }}
-          CYPRESS_REVIEWER_USER_PASSWORD: ${{ secrets.CYPRESS_REVIEWER_USER_PASSWORD }}
       - name: Upload screenshots
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: cypress-screenshots
@@ -143,12 +137,11 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Check Project A11y
-        uses: cypress-io/github-action@v3.0.3
+        uses: cypress-io/github-action@v5
         with:
           working-directory: tests/cypress
           spec: tests/a11y/*.spec.js
           browser: chrome
-          headless: true
           config: baseUrl=${{ needs.deploy.outputs.application_endpoint }}
           wait-on: ${{ needs.deploy.outputs.application_endpoint }}
           env: true
@@ -157,10 +150,8 @@ jobs:
           CYPRESS_STATE_USER_PASSWORD: ${{ secrets.CYPRESS_STATE_USER_PASSWORD }}
           CYPRESS_ADMIN_USER_EMAIL: ${{ secrets.CYPRESS_ADMIN_USER_EMAIL }}
           CYPRESS_ADMIN_USER_PASSWORD: ${{ secrets.CYPRESS_ADMIN_USER_PASSWORD }}
-          CYPRESS_REVIEWER_USER_EMAIL: ${{ secrets.CYPRESS_REVIEWER_USER_EMAIL }}
-          CYPRESS_REVIEWER_USER_PASSWORD: ${{ secrets.CYPRESS_REVIEWER_USER_PASSWORD }}
       - name: Upload screenshots
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: cypress-screenshots

.github/workflows/destroy.yml

@@ -40,7 +40,7 @@ jobs:
           AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
           STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
       - name: Configure AWS credentials for GitHub Actions
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}

.github/workflows/git-secrets.yaml

@@ -4,8 +4,8 @@ jobs:
   gitleaks-scan:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - name: Run gitlakes docker	    
-      uses: docker://zricethezav/gitleaks
-      with:
-        args: detect --source /github/workspace/ --no-git --verbose
+      - uses: actions/checkout@v3
+      - name: Run gitleaks docker
+        uses: docker://zricethezav/gitleaks
+        with:
+          args: detect --source /github/workspace/ --no-git --verbose

.github/workflows/pull-request.yml

@@ -7,14 +7,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: pre-commit/action@v2.0.2
+      - uses: pre-commit/action@v3.0.0
   jest-frontend:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: "14"
+          node-version-file: ".nvmrc"
       - name: Prepare for Jest (frontend)
         run: yarn install --frozen-lockfile
         working-directory: ./services/ui-src
@@ -27,7 +27,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: "14"
+          node-version-file: ".nvmrc"
       - name: Prepare for Jest (backend)
         run: yarn install --frozen-lockfile
         working-directory: ./services/app-api

.github/workflows/scan_security-hub-jira-integration.yml

@@ -16,12 +16,12 @@ jobs:
       - name: Check out repo
         uses: actions/checkout@v3
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
           role-to-assume: ${{ secrets.PRODUCTION_SYNC_OIDC_ROLE }}
       - name: Sync Security Hub and Jira
-        uses: Enterprise-CMCS/[email protected].3
+        uses: Enterprise-CMCS/[email protected].5
         with:
           jira-token: ${{ secrets.JIRA_SERVICE_USER_TOKEN }}
           jira-username: ${{ secrets.JIRA_SERVICE_USERNAME }}
@@ -31,3 +31,4 @@ jobs:
           jira-ignore-statuses: Done, Closed, Canceled
           jira-custom-fields: '{ "customfield_14154" : [{"id": "16955", "value": "CARTS"}] }'
           aws-severities: CRITICAL, HIGH, MEDIUM
+          assign-jira-ticket-to: ${{ secrets.ACCOUNT_ID_REHMAN }}

.github/workflows/scan_snyk-jira-integration.yml

@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: Check out repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Install Snyk and Run Snyk test
         run: |
@@ -32,7 +32,7 @@ jobs:
     if: github.event_name == 'schedule'
     steps:
       - name: Check out repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Install Snyk and Run Snyk test
         run: |
@@ -42,7 +42,7 @@ jobs:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
       - name: use the custom github  action to parse Snyk output
-        uses: Enterprise-CMCS/macfc-security-scan-report@v1.0.4
+        uses: Enterprise-CMCS/macfc-security-scan-report@v2.7.0
         with:
           jira-username: ${{ secrets.JIRA_SERVICE_USERNAME }}
           jira-token: ${{ secrets.JIRA_SERVICE_USER_TOKEN }}
@@ -52,6 +52,7 @@ jobs:
           jira-custom-field-key-value: '{ "customfield_10007" : "MDCT-2280", "customfield_14154" : [{"id": "16955", "value": "CARTS"}] }'
           jira-labels: "CARTS,snyk"
           jira-title-prefix: "[CARTS] - Snyk :"
-          assign-jira-ticket-to: "6268ac54d364ae006809a489" # pragma: allowlist secret (Jira user ID for Rehman)
+          is_jira_enterprise: false
+          assign-jira-ticket-to: ${{ secrets.ACCOUNT_ID_REHMAN }}
           scan-output-path: "snyk_output.txt"
           scan-type: "snyk"

.gitignore

@@ -14,5 +14,6 @@ tests_output
 *.log
 tests/cypress/videos
 tests/cypress/screenshots
+tests/cypress/downloads
 tests/cypress/package-lock.json
 package-lock.json

README.md

@@ -61,16 +61,6 @@ There are two mechanisms for seeding data.
   - This is useful for deploying data such as section base templates, and keeping it up to date with the code base.
   - Adding specific test seed data to environments may be useful for things like cypress tests. This can be accomplished with the test-tables directory, referencing the same seed-local tables if desired.
 
-### V2 Data Migration
-
-The data migration for v2 -> v3 is controlled via ssm parameters, and can be kicked off in an env on deploy by setting /configuration/{env}/runV2DataMigration. If you have access to the v2 databases.
-, it can also be run to write v2 data into the local database by setting the runV2DataMigration env flag to true, and invoking the function with:
-
-```aws lambda invoke /dev/null \
-  --endpoint-url http://localhost:3003 \
-  --function-name database-local-dataMigration
-```
-
 ### Local Development Random Info
 
 Local dev is configured in typescript project in `./src`. The entrypoint is `./src/dev.ts`, it manages running the moving pieces locally: the API, the database, the filestore, and the frontend.
@@ -98,6 +88,33 @@ It should be noted that while logged in as a state user, the download template b
 - After the deploy action runs on branch being pushed, you should see the bucket now lives in s3 with a name that resembles uploads-AddYourBranchNameHere!-carts-download
 - You'll then want to actually upload the document you want to see! Currently, the key is set to look for a file called "FFY_2021_CARTS_Template.pdf", but you can swap that out in the services/app-api/handlers/fiscalYearTemplate/get.ts file.
 
+## Adding a new Yearly Form
+
+Refer to [this walkthrough](services/database/YEARLY_UPDATE.md) for steps to take when adding a new annual form.
+
+## SEDS Data
+
+SEDS CHIP Data regarding enrollment counts is populated into Section 2 Part 1.
+
+This is accomplished by the setup in the `services/carts-bigmac-streams/handlers/sinkEnrollmentCounts.js` service, which sets up a listener on the topic `aws.mdct.seds.cdc.state-forms.v0`.
+
+When a message is kicked off, the process sorts the update into updates for the prior year or current year, and fills out an enrollments table based on that info.
+
+In the UI, when a user is filling out the form, those numbers are loaded into the table and require a user saving the submission to update the CARTS section.
+
+On the SEDS side, this topic is updated on every submission of seds data, but CARTS filters based the following:
+
+- current and prior year
+- 4th quarter data.
+- The rollover for a "new year" is October, and future submissions are not recognized until that threshold
+
+Updates outside of that time frame will need to be manually corrected in CARTS, or the integration will need to be modifed to collect data for old forms. CARTS additionally looks for the `enrollmentCounts` property which is only included in forms 21E and 64.21E (question 7), either by manual trigger or update. See SEDS files:
+
+- [generateEnrollmentTotals](https://github.com/Enterprise-CMCS/macpro-mdct-seds/blob/master/services/app-api/handlers/state-forms/post/generateEnrollmentTotals.js)
+- [updateStateForms](https://github.com/Enterprise-CMCS/macpro-mdct-seds/blob/master/services/app-api/handlers/state-forms/post/updateStateForms.js)
+
+For testing convenience, stateuser2 points at AL in CARTS and the stateuser points at AL in SEDS.
+
 ## Copyright and license
 
 [![License](https://img.shields.io/badge/License-CC0--1.0--Universal-blue.svg)](https://creativecommons.org/publicdomain/zero/1.0/legalcode)

package.json

@@ -39,10 +39,10 @@
     "eslint-plugin-react": "^7.24.0",
     "eslint-plugin-react-hooks": "^2.x",
     "prettier": "^2.4.1",
-    "serverless": "^3.19.0",
+    "serverless": "^3.35.2",
     "serverless-api-client-certificate": "^1.0.2",
-    "serverless-bundle": "^5.3.0",
-    "serverless-cloudfront-invalidate": "^1.11.0",
+    "serverless-bundle": "^6.0.0",
+    "serverless-cloudfront-invalidate": "^1.12.2",
     "serverless-dotenv-plugin": "^3.0.0",
     "serverless-iam-helper": "github:Enterprise-CMCS/serverless-iam-helper",
     "serverless-idempotency-helper": "github:Enterprise-CMCS/serverless-idempotency-helper",
@@ -57,13 +57,6 @@
     "typescript": "^4.6.3",
     "yargs": "^16.1.1"
   },
-  "dependencies": {
-    "aws-amplify": "^4.3.17"
-  },
-  "cypress-cucumber-preprocessor": {
-    "nonGlobalStepDefinitions": true,
-    "stepDefinitions": "tests"
-  },
   "resolutions": {
     "loader-utils": "^2.0.4"
   }

services/app-api/handlers/fiscalYearTemplate/get.ts

@@ -3,7 +3,7 @@ import s3 from "../../libs/s3-lib";
 import { ReportPdfs } from "../../types";
 
 export const getFiscalYearTemplateLink = handler(async (_context) => {
-  const filename = ReportPdfs[2022];
+  const filename = ReportPdfs[2023];
   const url = s3.getSignedUrl(
     "getObject",
     {

services/app-api/handlers/section/update.ts

@@ -1,3 +1,4 @@
+import { JSONPath } from "jsonpath-plus";
 import handler from "../../libs/handler-lib";
 import dynamoDb from "../../libs/dynamodb-lib";
 import { getUserCredentialsFromJwt } from "../../libs/authorization";
@@ -79,6 +80,16 @@ export const updateSections = handler(async (event, _context) => {
   const moveToInProgress =
     queryValue.Items && stateStatus.status === "not_started";
 
+  /*
+   * attempt to find programType from the reportData
+   * check current and previous year id
+   * otherwise use existing programType from state status
+   */
+  const programType =
+    getProgramType(year, reportData) ??
+    getProgramType(parseInt(year) - 1, reportData) ??
+    stateStatus?.programType;
+
   const statusParams = {
     TableName: process.env.stateStatusTableName!,
     Key: {
@@ -89,10 +100,20 @@ export const updateSections = handler(async (event, _context) => {
       {
         status: moveToInProgress ? "in_progress" : stateStatus.status,
         lastChanged: lastChanged,
+        programType: programType,
       },
       "post"
     ),
   };
 
   await dynamoDb.update(statusParams);
 });
+
+const PROGRAM_TYPE_QUESTION_ID = "-00-a-01-02";
+
+const getProgramType = (year: string | number, reportData: any) => {
+  const idExpression = `${year}${PROGRAM_TYPE_QUESTION_ID}`;
+  const jpexpr = `$..*[?(@ && @.id=='${idExpression}')]`;
+  const fragment = JSONPath({ path: jpexpr, json: reportData[0].contents });
+  return fragment?.[0]?.answer?.entry;
+};

services/app-api/libs/validation/backend-section.schema.ts

@@ -218,6 +218,12 @@ export const sectionSchema = {
         comment: {
           type: "string",
         },
+        addAnotherText: {
+          type: ["string", "null"],
+        },
+        hideOptionalHint: {
+          type: ["boolean", "null"],
+        },
         questions: {
           type: "array",
           items: {
@@ -420,6 +426,10 @@ export const sectionSchema = {
             ],
           },
         },
+        // If true, this prevents the first column from being bolded
+        all_columns_have_data: {
+          type: ["bool", "null"],
+        },
       },
       required: ["type", "questions"],
       additionalProperties: false,