Merge pull request #2415 from responsible-ai-collaborative/staging

Deploy to Production

.github/workflows/deploy.yml

@@ -0,0 +1,206 @@
+name: Deploy
+on:
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        description: Environment to deploy to
+        required: true
+
+jobs:   
+  install-and-build:
+    name: NPM install and build site
+    environment: ${{ inputs.environment }}
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+        working-directory: site/gatsby-site
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      # Cache 'node_modules' and '~/.cache/Cypress' folder
+      - name: Cache node modules
+        id: cache-nodemodules
+        uses: actions/[email protected]
+        env:
+          cache-name: cache-install-folder
+        with:
+          # caching node_modules
+          path: |
+            site/gatsby-site/node_modules
+            ~/.cache/Cypress
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      # Install NPM dependencies
+      - name: Install NPM dependencies
+        if: steps.cache-nodemodules.outputs.cache-hit != 'true'
+        uses: cypress-io/github-action@v4
+        with:
+          working-directory: site/gatsby-site
+          # just perform install
+          runTests: false
+          install-command: npm ci --legacy-peer-deps
+
+      # Build Gatbsy site
+      - name: Build site
+        run: npm run build
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CYPRESS_PROJECT_ID: ${{ secrets.CYPRESS_PROJECT_ID }}
+          CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
+          E2E_ADMIN_USERNAME: ${{ secrets.E2E_ADMIN_USERNAME }}
+          E2E_ADMIN_PASSWORD: ${{ secrets.E2E_ADMIN_PASSWORD }}
+          ALGOLIA_ADMIN_KEY: ${{ secrets.ALGOLIA_ADMIN_KEY }}
+          GATSBY_ALGOLIA_APP_ID: ${{ secrets.GATSBY_ALGOLIA_APP_ID }}
+          GATSBY_ALGOLIA_SEARCH_KEY: ${{ secrets.GATSBY_ALGOLIA_SEARCH_KEY }}
+          GATSBY_AVAILABLE_LANGUAGES: ${{ secrets.GATSBY_AVAILABLE_LANGUAGES }}
+          GATSBY_REALM_APP_ID: ${{ secrets.GATSBY_REALM_APP_ID }}
+          GOOGLE_TRANSLATE_API_KEY: ${{ secrets.GOOGLE_TRANSLATE_API_KEY }}
+          MONGODB_CONNECTION_STRING: ${{ secrets.MONGODB_CONNECTION_STRING }}
+          MONGODB_REPLICA_SET: ${{ secrets.MONGODB_REPLICA_SET }}
+          MONGODB_TRANSLATIONS_CONNECTION_STRING: ${{ secrets.MONGODB_TRANSLATIONS_CONNECTION_STRING }}
+          MONGODB_MIGRATIONS_CONNECTION_STRING: ${{ secrets.MONGODB_MIGRATIONS_CONNECTION_STRING }}
+          GATSBY_REALM_APP_GRAPHQL_URL: ${{ secrets.GATSBY_REALM_APP_GRAPHQL_URL }}
+
+      # Extract commit hash to use as a cache key
+      - name: Extract commit hash
+        shell: bash
+        run: echo "##[set-output name=commit;]$(echo ${GITHUB_SHA})"
+        id: extract_commit_hash
+
+      # Cache 'public' folder
+      - name: Cache public folder
+        uses: actions/[email protected]
+        env:
+          cache-name: cache-public
+        with:
+          path: |
+            site/gatsby-site/public
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ steps.extract_commit_hash.outputs.commit }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+  test:
+    name: Run Cypress tests
+    environment: ${{ inputs.environment }}
+    runs-on: ubuntu-latest
+    needs: install-and-build
+    defaults:
+      run:
+        shell: bash
+        working-directory: site/gatsby-site
+    strategy:
+      # when one test fails, DO NOT cancel the other
+      # containers, because this will kill Cypress processes
+      # leaving the Dashboard hanging ...
+      # https://github.com/cypress-io/github-action/issues/48
+      fail-fast: false
+      matrix:
+        # run 10 copies of the current job in parallel
+        containers: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
+    # stop the job if it runs over 20 minutes
+    # to prevent a hanging process from using all your CI minutes
+    timeout-minutes: 20
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      # Cache node_modules folder
+      - name: Cache node modules
+        id: cache-nodemodules-2
+        uses: actions/[email protected]
+        env:
+          cache-name: cache-install-folder
+        with:
+          # caching node_modules
+          path: |
+            site/gatsby-site/node_modules
+            ~/.cache/Cypress
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      # Install NPM dependencies
+      - name: Install NPM dependencies
+        if: steps.cache-nodemodules-2.outputs.cache-hit != 'true'
+        uses: cypress-io/github-action@v4
+        with:
+          working-directory: site/gatsby-site
+          # just perform install
+          runTests: false
+          install-command: npm ci --legacy-peer-deps
+
+      # Extract commit hash to use as a cache key
+      - name: Extract commit hash
+        shell: bash
+        run: echo "##[set-output name=commit;]$(echo ${GITHUB_SHA})"
+        id: extract_commit_hash
+
+      # Cache 'public' folder
+      - name: Cache public folder
+        uses: actions/[email protected]
+        env:
+          cache-name: cache-public
+        with:
+          path: |
+            site/gatsby-site/public
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ steps.extract_commit_hash.outputs.commit }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      # Extract branch name
+      - name: Extract branch name
+        shell: bash
+        run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+        id: extract_branch
+
+      # Run all Cypress tests
+      - name: Cypress run
+        uses: cypress-io/github-action@v4
+        with:
+          working-directory: site/gatsby-site
+          # we have already installed all dependencies above
+          install: false
+          config-file: cypress.config.js
+          record: true
+          parallel: true
+          group: "Cypress e2e tests"
+          tag: ${{ steps.extract_branch.outputs.branch }}
+          start: npm run serve
+          wait-on: http://localhost:8000/
+          # wait for 10 minutes for the server to respond
+          wait-on-timeout: 600
+        env:
+          # Recommended: pass the GitHub token lets this action correctly
+          # determine the unique run id necessary to re-run the checks
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CYPRESS_PROJECT_ID: ${{ secrets.CYPRESS_PROJECT_ID }}
+          CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
+          E2E_ADMIN_USERNAME: ${{ secrets.E2E_ADMIN_USERNAME }}
+          E2E_ADMIN_PASSWORD: ${{ secrets.E2E_ADMIN_PASSWORD }}
+          ALGOLIA_ADMIN_KEY: ${{ secrets.ALGOLIA_ADMIN_KEY }}
+          GATSBY_ALGOLIA_APP_ID: ${{ secrets.GATSBY_ALGOLIA_APP_ID }}
+          GATSBY_ALGOLIA_SEARCH_KEY: ${{ secrets.GATSBY_ALGOLIA_SEARCH_KEY }}
+          GATSBY_AVAILABLE_LANGUAGES: ${{ secrets.GATSBY_AVAILABLE_LANGUAGES }}
+          GATSBY_REALM_APP_ID: ${{ secrets.GATSBY_REALM_APP_ID }}
+          GOOGLE_TRANSLATE_API_KEY: ${{ secrets.GOOGLE_TRANSLATE_API_KEY }}
+          MONGODB_CONNECTION_STRING: ${{ secrets.MONGODB_CONNECTION_STRING }}
+          MONGODB_REPLICA_SET: ${{ secrets.MONGODB_REPLICA_SET }}
+          MONGODB_TRANSLATIONS_CONNECTION_STRING: ${{ secrets.MONGODB_TRANSLATIONS_CONNECTION_STRING }}
+          MONGODB_MIGRATIONS_CONNECTION_STRING: ${{ secrets.MONGODB_MIGRATIONS_CONNECTION_STRING }}
+          GATSBY_REALM_APP_GRAPHQL_URL: ${{ secrets.GATSBY_REALM_APP_GRAPHQL_URL }}
+          # Since this is triggered on a pull request, we set the commit message to the pull request title
+          COMMIT_INFO_MESSAGE: ${{ github.event.pull_request.title }}
+

.github/workflows/test.yml

@@ -0,0 +1,19 @@
+name: Deploy Staging
+
+on:
+  push:
+    branches:
+      - feature-github-tests
+
+jobs:
+  # call-realm:
+  #   uses: ./.github/workflows/realm.yml
+  #   secrets: inherit
+  #   with:
+  #     environment: staging
+  call-deploy:
+    uses: ./.github/workflows/deploy.yml
+    secrets: inherit
+    with:
+      environment: staging
+    # needs: call-realm

README.md

@@ -317,24 +317,22 @@ If the feature you are working on depends on Google's Geocoding API, please add
 GOOGLE_MAPS_API_KEY=XXXXXXXXXXXX
 ```
 
-### Prismic setup
+## Prismic setup
 This project uses Prismic to fetch page content. You can still run the project without setting a Prismic account.
 
-#### Prismic Setup
-
 1. Sign up for a new [Prismic](https://prismic.io/) account or log in to your account if you already have one
 2. In `Create a new repository` section choose `Something else`
 3. Give your repository a name and choose `gatsby` in the technology dropdown
 4. Choose your plan (if you only need one user, the free plan is enough)
 5. Click `Create repository`
 6. Create a new token in Settings > API & Security > Content API tab > Change Repository security to `Private API – Require an access token for any request` > Create new app > Permanent access tokens > Save value for later
 
-#### Adding the Prismic content types
+### Adding the Prismic content types
 
-## Prismic Custom Types
-You can find the list of all custom types in the folder custom_types
+#### Prismic Custom Types
+You can find the list of all custom types in the folder `custom_types`
 
-## How to create a new Custom Type
+#### How to create a new Custom Type
 1. From the prismic left menu click `Custom Types`
 2. Click `Create new custom type`
 3. Give it a name (name of the json in custom_types folder)
@@ -356,13 +354,13 @@ You can find the list of all custom types in the folder custom_types
 In order for your recently published Prismic content to be available on your page, a Netlify build needs to be triggered.
 In order to do this, you need to create a Netlify Build Hook.
 
-**Prismic environment variables**
+#### Prismic environment variables
 
 Add the following environment variable on Netlify: 
 `GATSBY_PRISMIC_REPO_NAME=[name_of_your_repository]` (step 3 from Prismic Setup section)
 `PRISMIC_ACCESS_TOKEN=[you_prismic_access_token]` (step 6 from Prismic Setup section)
 
-**Create Prismic/Netlify Hook**
+#### Create Prismic/Netlify Hook
 1. Login to your Netlify
 2. Go to `Deploys`
 3. Go to `Deploy settings`
@@ -377,6 +375,24 @@ Add the following environment variable on Netlify:
 12. In `Triggers` select `A document is published` and `A document is unpublished`
 13. Click `Add this webhook`
 
+## User Roles
+
+All site users have one or more roles assigned to them. The role determines what actions the user can take on the site.
+
+As soon as a user is signed in, the system assigns a `subscriber` role by default. Role assignment is handled manually by the site administrators.
+
+**The roles are:**
+
+| User Role                     | Permissions                                                                                                                             |
+|-------------------------------|----------------------------------------------------------------------------------------------------------------------------------------|
+| `subscriber`                  | This is the default role assigned to all users. It allows the user to subscribe to new incidents, specific incidents, entities, and anything else that is subscribeable. |
+| `submitter`                   | This role allows the user to submit new incidents under their user account.                                                            |
+| `incident_editor`             | This role allows the user to:<br>- Edit and clone incidents<br>- See the live incident data. The live data is the data that is currently stored in the database. Keep in mind that incident pages are generated on each build, so if a user edits an incident, the change will be only visible if the live data options is activated until the next build finishes.<br>- Add, edit, approve and delete incident variants<br>- View and submit incident candidates<br>- Restore previous versions of incidents and reports. |
+| `taxonomy_editor`             | This role allows the user to edit all taxonomies.                                                                                      |
+| `taxonomy_editor_{taxonomy_name}` | This role allows the user to edit a specific taxonomy. ie: `taxonomy_editor_csetv1` role allows the user to edit the `CSETv1` taxonomy. |
+| `admin`                       | This role has full access to the site, including the ability to edit users' roles.                                                     |
+
+
 ## Front-end development
 
 ### Tailwind CSS & Flowbite