From b90c301062cd2d8cab22bb1a6c284911aed11bbd Mon Sep 17 00:00:00 2001 From: Tyler Burton Date: Thu, 5 Jan 2023 11:37:23 -0600 Subject: [PATCH 01/19] Adds NPM scripts; Updates bundler to 2.x.x --- .bundler-version | 1 + Gemfile.lock | 12 +++++++++--- Staticfile | 1 + package.json | 24 ++++++++++++++++++++++++ 4 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 .bundler-version create mode 100644 Staticfile create mode 100644 package.json diff --git a/.bundler-version b/.bundler-version new file mode 100644 index 00000000000..8e8299dcc06 --- /dev/null +++ b/.bundler-version @@ -0,0 +1 @@ +2.4.2 diff --git a/Gemfile.lock b/Gemfile.lock index 1d75017b43f..c2810c50baf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -62,15 +62,19 @@ GEM rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.3.6) - mini_portile2 (2.8.0) + mini_portile2 (2.8.1) nokogiri (1.13.10) mini_portile2 (~> 2.8.0) racc (~> 1.4) + nokogiri (1.13.10-x86_64-darwin) + racc (~> 1.4) + nokogiri (1.13.10-x86_64-linux) + racc (~> 1.4) parallel (1.22.1) pathutil (0.16.2) forwardable-extended (~> 2.6) public_suffix (5.0.1) - racc (1.6.1) + racc (1.6.2) rainbow (3.1.1) rb-fsevent (0.11.2) rb-inotify (0.10.1) @@ -90,6 +94,8 @@ GEM PLATFORMS ruby + x86_64-darwin-21 + x86_64-linux DEPENDENCIES html-proofer (~> 3.19, >= 3.19.2) @@ -100,4 +106,4 @@ DEPENDENCIES kramdown-parser-gfm (~> 1.1.0) BUNDLED WITH - 1.17.2 + 2.4.2 diff --git a/Staticfile b/Staticfile new file mode 100644 index 00000000000..36b40f0370b --- /dev/null +++ b/Staticfile @@ -0,0 +1 @@ +root: _site diff --git a/package.json b/package.json new file mode 100644 index 00000000000..17a02e1ab0b --- /dev/null +++ b/package.json @@ -0,0 +1,24 @@ +{ + "name": "sdg-indicators-usa", + "version": "1.0.0", + "description": "[![GitHub Actions](https://github.com/GSA/sdg-indicators-usa/actions/workflows/build.yml/badge.svg)](https://github.com/GSA/sdg-indicators-usa/actions/workflows/build.yml) [![GitHub Actions](https://github.com/GSA/sdg-indicators-usa/actions/workflows/qa.yml/badge.svg)](https://github.com/GSA/sdg-indicators-usa/actions/workflows/qa.yml)", + "main": "index.js", + "scripts": { + "build": "bundle exec jekyll build", + "pages": "", + "qa": "bundle exec htmlproofer --check-html _site", + "setup": "bundle install", + "start": "bundle exec jekyll serve", + "test": "bundle exec htmlproofer --check-html --disable-external _site" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/GSA/sdg-indicators-usa.git" + }, + "author": "Data.gov ", + "license": "CC0-1.0", + "bugs": { + "url": "https://github.com/GSA/sdg-indicators-usa/issues" + }, + "homepage": "https://github.com/GSA/sdg-indicators-usa#readme" +} From e6e6803b88bab28f959778f860d50b7dd548085a Mon Sep 17 00:00:00 2001 From: Tyler Burton Date: Thu, 5 Jan 2023 11:47:27 -0600 Subject: [PATCH 02/19] update gh actions --- .github/workflows/build.yml | 3 +-- .github/workflows/qa.yml | 4 ++-- .tool-versions | 1 + 3 files changed, 4 insertions(+), 4 deletions(-) create mode 100644 .tool-versions diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4b2a8725ca4..88bac68960e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,5 +14,4 @@ jobs: ruby-version: '2.6' bundler-cache: true - name: Build - run: | - bundle exec jekyll build + run: npm run build diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml index d4d112136a9..e20207792c1 100644 --- a/.github/workflows/qa.yml +++ b/.github/workflows/qa.yml @@ -17,6 +17,6 @@ jobs: ruby-version: '2.6' bundler-cache: true - name: Build static site - run: bundle exec jekyll build + run: npm run build - name: Test External Links - run: bundle exec htmlproofer --check-html _site + run: npm run qa diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 00000000000..cf8ec423837 --- /dev/null +++ b/.tool-versions @@ -0,0 +1 @@ +ruby 2.6.0 From 6868f84c041236a28b6d46d025a447c713489000 Mon Sep 17 00:00:00 2001 From: Tyler Burton Date: Thu, 5 Jan 2023 12:27:55 -0600 Subject: [PATCH 03/19] adding package-lock --- .tool-versions | 2 +- README.md | 20 ++++++++++++++++++++ package-lock.json | 13 +++++++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 package-lock.json diff --git a/.tool-versions b/.tool-versions index cf8ec423837..a4023dc70bc 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1 +1 @@ -ruby 2.6.0 +ruby 2.7.5 diff --git a/README.md b/README.md index f3dffa6dfbd..2fdfcdaf30a 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,26 @@ This is a development website for collecting and disseminating US data for the S For any guidance on how to use the website or develop it further for your own country, please refer to the [wiki](https://github.com/ONSdigital/sdg-indicators/wiki). +### Requirements + +- [Ruby](https://www.ruby-lang.org/en/) = 2.6.0 +- [Bundler](https://bundler.io/) > 2.0 +- [Node](https://nodejs.org/en/download/) > 16.0 + +NOTE: You must build this repo with Ruby 2.6.0. +### Setup + +After you've confirmed the above requirements, all lifecycle operations can be run with NPM scripts (ex. `npm run build`) + +| NPM Command | Description | +| ----------- | ------------------------------- | +| build | Build the site | +| setup | Install ruby gems | +| start | Serve a local build | +| test | Check for broken internal links | +| qa | Check for broken external links | + + ## Contributing See [CONTRIBUTING](CONTRIBUTING.md) for additional information. diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 00000000000..3874173f7df --- /dev/null +++ b/package-lock.json @@ -0,0 +1,13 @@ +{ + "name": "sdg-indicators-usa", + "version": "1.0.0", + "lockfileVersion": 2, + "requires": true, + "packages": { + "": { + "name": "sdg-indicators-usa", + "version": "1.0.0", + "license": "CC0-1.0" + } + } +} From 9fc64ac436805c1cce14b9d754a95007a75d7136 Mon Sep 17 00:00:00 2001 From: Tyler Burton Date: Thu, 5 Jan 2023 12:34:37 -0600 Subject: [PATCH 04/19] update snyk ignore --- .snyk | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.snyk b/.snyk index bb54289f368..6c02c2b3b22 100644 --- a/.snyk +++ b/.snyk @@ -1,11 +1,12 @@ # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.13.5 +version: v1.25.0 # ignores vulnerabilities until expiry date; change duration by modifying expiry date ignore: - SNYK-RUBY-NOKOGIRI-1726792: + SNYK-RUBY-NOKOGIRI-3164751: - '*': reason: >- - nokogiri input is from trusted sources so a XXE - Injenction is not a concern. Not able to be upgraded at - this time. - expires: '2021-12-30T21:40:40.202Z' \ No newline at end of file + native platform version contains fix as well + https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.10 + expires: 2023-06-30T00:00:00.000Z + created: 2023-01-04T00:00:00.000Z +patch: {} From 2d0ad7fdb5fb9f0c88d70c455f3a772477dc6654 Mon Sep 17 00:00:00 2001 From: Tyler Burton Date: Thu, 5 Jan 2023 12:50:48 -0600 Subject: [PATCH 05/19] test From 4955d60da8b5e4f65e03c52cae83a0318ceea08e Mon Sep 17 00:00:00 2001 From: Tyler Burton Date: Thu, 14 Sep 2023 11:04:02 -0500 Subject: [PATCH 06/19] updates contact emails; adds ruby version file and asdfrc to support local dev --- .asdfrc | 1 + .ruby-version | 1 + _config.yml | 4 ++-- 3 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 .asdfrc create mode 100644 .ruby-version diff --git a/.asdfrc b/.asdfrc new file mode 100644 index 00000000000..e600bd0c9b7 --- /dev/null +++ b/.asdfrc @@ -0,0 +1 @@ +legacy_version_file = yes diff --git a/.ruby-version b/.ruby-version new file mode 100644 index 00000000000..1f7da99d4e1 --- /dev/null +++ b/.ruby-version @@ -0,0 +1 @@ +2.7.7 diff --git a/_config.yml b/_config.yml index f7ecb879e64..ff1a5923772 100755 --- a/_config.yml +++ b/_config.yml @@ -30,8 +30,8 @@ analytics: ################################################################################################### email_contacts: - questions: mbx.omb.oirasdgs@omb.eop.gov - suggestions: mbx.omb.oirasdgs@omb.eop.gov + questions: USChiefStatistician@omb.eop.gov + suggestions: USChiefStatistician@omb.eop.gov functional: datagov@gsa.gov ################################################################################################### From 7dd277d2a319348710f05aeb55f940c7535a5c82 Mon Sep 17 00:00:00 2001 From: Tyler Burton Date: Thu, 14 Sep 2023 11:59:01 -0500 Subject: [PATCH 07/19] dont cache cg builds --- pages.json | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 pages.json diff --git a/pages.json b/pages.json new file mode 100644 index 00000000000..b39113d0528 --- /dev/null +++ b/pages.json @@ -0,0 +1,3 @@ +{ + "cache": false +} From f53bc57f403ca1635c7d590e143b5d0921b70b8e Mon Sep 17 00:00:00 2001 From: Tyler Burton Date: Thu, 14 Sep 2023 12:13:04 -0500 Subject: [PATCH 08/19] update contact page with mailto links --- _pages/contact.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/_pages/contact.md b/_pages/contact.md index c7c1e2b847c..57420786879 100755 --- a/_pages/contact.md +++ b/_pages/contact.md @@ -3,8 +3,9 @@ layout: page title: Contact permalink: /contact/ --- + ### We are interested in your feedback regarding this website and its contents. -For content questions, email: {{ site.email_contacts.questions }} +For content questions, email: {{ site.email_contacts.questions }} -For site functionality, email: {{ site.email_contacts.functional }} +For site functionality, email: {{ site.email_contacts.functional }} From f7a83c54c9b822ed1ee0fc96577e1e22ad8e1f0a Mon Sep 17 00:00:00 2001 From: Daniel Lennox Date: Fri, 27 Oct 2023 09:41:26 -0700 Subject: [PATCH 09/19] Adding GA4 integration --- _config.yml | 2 +- _includes/footer.html | 20 ++++++-------------- 2 files changed, 7 insertions(+), 15 deletions(-) diff --git a/_config.yml b/_config.yml index ff1a5923772..95893b26ba5 100755 --- a/_config.yml +++ b/_config.yml @@ -26,7 +26,7 @@ jekyll_get_json: json: 'https://gsa.github.io/sdg-translations/translations-0.6.1.json' analytics: - ga_prod: 'UA-42145528-4' + ga_prod: 'G-WP7FK9QXZD' ################################################################################################### email_contacts: diff --git a/_includes/footer.html b/_includes/footer.html index 1e43821005a..dde9c834c03 100755 --- a/_includes/footer.html +++ b/_includes/footer.html @@ -83,23 +83,15 @@ - + + From e233e7a96c33e12519545989e2d3251d7ca1d428 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Oct 2023 00:25:27 +0000 Subject: [PATCH 10/19] Bump nokogiri from 1.13.10 to 1.15.4 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.10 to 1.15.4. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.10...v1.15.4) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index c2810c50baf..46d04e36cab 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -62,19 +62,19 @@ GEM rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.3.6) - mini_portile2 (2.8.1) - nokogiri (1.13.10) - mini_portile2 (~> 2.8.0) + mini_portile2 (2.8.5) + nokogiri (1.15.4) + mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.13.10-x86_64-darwin) + nokogiri (1.15.4-x86_64-darwin) racc (~> 1.4) - nokogiri (1.13.10-x86_64-linux) + nokogiri (1.15.4-x86_64-linux) racc (~> 1.4) parallel (1.22.1) pathutil (0.16.2) forwardable-extended (~> 2.6) public_suffix (5.0.1) - racc (1.6.2) + racc (1.7.1) rainbow (3.1.1) rb-fsevent (0.11.2) rb-inotify (0.10.1) From 65cea16dbf426d88beecc218e509e31fc0ad7151 Mon Sep 17 00:00:00 2001 From: Jin Sun <104456257+Jin-Sun-tts@users.noreply.github.com> Date: Thu, 16 Nov 2023 18:42:59 -0500 Subject: [PATCH 11/19] Create SECURITY.md --- SECURITY.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000000..1bc7c06e858 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,27 @@ +# Security Policy + +As a U.S. Government agency, the General Services Administration (GSA) takes +seriously our responsibility to protect the public's information, including +financial and personal information, from unwarranted disclosure. + +Software developed by the U.S. General Services Administration (GSA) +is subject to the [GSA Vulnerability Disclosure Policy ](gsa.gov/vulnerability-disclosure-policy). + +Please consult our policy for: +* How to submit a report if you believe you have discovered a vulnerability. +* GSA's coordinated disclosure policy. +* Information on how you may conduct security research on GSA developed + software and systems. +* Important legal and policy guidelines. + +## Supported Versions + +Please note that only certain branches are supported with security updates. + +| Version (Branch) | Supported | +| ---------------- | ------------------ | +| main | :white_check_mark: | +| other | :x: | + +When using this code or reporting vulnerabilities please only use supported +versions. From 97e6d55f319d87459799b3bde260c73ebb542238 Mon Sep 17 00:00:00 2001 From: Tyler Burton Date: Mon, 20 Nov 2023 12:28:10 -0600 Subject: [PATCH 12/19] removes hard-codedd ruby version in actions script --- .github/workflows/build.yml | 1 - .github/workflows/qa.yml | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 88bac68960e..fe76266c6bd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,6 @@ jobs: uses: actions/checkout@v3 - uses: ruby/setup-ruby@v1 with: - ruby-version: '2.6' bundler-cache: true - name: Build run: npm run build diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml index e20207792c1..ad5373c6396 100644 --- a/.github/workflows/qa.yml +++ b/.github/workflows/qa.yml @@ -3,7 +3,7 @@ name: QA Static Site on: workflow_dispatch: schedule: - - cron: '0 15 * * 1' + - cron: "0 15 * * 1" jobs: qa: @@ -14,7 +14,6 @@ jobs: uses: actions/checkout@v3 - uses: ruby/setup-ruby@v1 with: - ruby-version: '2.6' bundler-cache: true - name: Build static site run: npm run build From 23b379e992e68dc45c9be6b88bcd8f29d654b56b Mon Sep 17 00:00:00 2001 From: Jin Sun <104456257+Jin-Sun-tts@users.noreply.github.com> Date: Tue, 21 Nov 2023 13:08:46 -0500 Subject: [PATCH 13/19] Create dependabot.yml --- .github/dependabot.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000000..b91a1c00266 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "npm" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" + - package-ecosystem: "bundler" # for Ruby Gemfile + directory: "/" # Location of package manifests + schedule: + interval: "weekly" From 5446f2078ffe03990e2185dd968fdfa05b2f107f Mon Sep 17 00:00:00 2001 From: brockfanning Date: Wed, 25 Sep 2024 13:41:36 -0400 Subject: [PATCH 14/19] Revert qa.yml --- .github/workflows/qa.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml index 1c9d9ac3c3a..562cc6b8aff 100644 --- a/.github/workflows/qa.yml +++ b/.github/workflows/qa.yml @@ -23,6 +23,6 @@ jobs: npm install npm run gulp - name: Build static site - run: npm run build + run: bundle exec jekyll build - name: Test External Links - run: npm run qa + run: bundle exec htmlproofer --check-html _site From 185825d2d4f86adbab74a885fc099167b7051d4b Mon Sep 17 00:00:00 2001 From: brockfanning Date: Wed, 25 Sep 2024 13:42:16 -0400 Subject: [PATCH 15/19] Update Gemfile.lock --- Gemfile.lock | 1 - 1 file changed, 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index c3fbcb374c0..deaf18744d5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -123,4 +123,3 @@ DEPENDENCIES BUNDLED WITH 2.4.3 - From ced3ca4bb8c15e6db0f751a500a719fe77fd8bb6 Mon Sep 17 00:00:00 2001 From: brockfanning Date: Wed, 25 Sep 2024 13:42:47 -0400 Subject: [PATCH 16/19] Update build.yml --- .github/workflows/build.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 74d5badc5e8..45b4d0b5f99 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -20,4 +20,3 @@ jobs: npm install npm run gulp bundle exec jekyll build - From f793c02ae83332c10b269b527cbd01bfb9949eb9 Mon Sep 17 00:00:00 2001 From: brockfanning Date: Wed, 25 Sep 2024 13:42:59 -0400 Subject: [PATCH 17/19] Update .ruby-version --- .ruby-version | 1 - 1 file changed, 1 deletion(-) diff --git a/.ruby-version b/.ruby-version index 19ef286ee57..be94e6f53db 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1,2 +1 @@ 3.2.2 - From c0eae5673a248c956e647a375c897c7aa3251a43 Mon Sep 17 00:00:00 2001 From: brockfanning Date: Wed, 25 Sep 2024 13:43:18 -0400 Subject: [PATCH 18/19] Update Staticfile --- Staticfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Staticfile b/Staticfile index 666994544ad..36b40f0370b 100644 --- a/Staticfile +++ b/Staticfile @@ -1,2 +1 @@ root: _site - From c5178c4524dee839c8f9813726d3674e63acd714 Mon Sep 17 00:00:00 2001 From: brockfanning Date: Wed, 25 Sep 2024 15:55:37 -0400 Subject: [PATCH 19/19] Delete .tool-versions --- .tool-versions | 1 - 1 file changed, 1 deletion(-) delete mode 100644 .tool-versions diff --git a/.tool-versions b/.tool-versions deleted file mode 100644 index a4023dc70bc..00000000000 --- a/.tool-versions +++ /dev/null @@ -1 +0,0 @@ -ruby 2.7.5