Merge branch 'main' into dependabot/npm_and_yarn/frontend-react/route…

…r-362ca8d24e
CDCgov · Jan 27, 2025 · 185bbba · 185bbba
2 parents 6e31ad4 + 10ff87d
commit 185bbba
Show file tree

Hide file tree

Showing 13 changed files with 176 additions and 27 deletions.
diff --git a/.github/changelog_config.json b/.github/changelog_config.json
@@ -25,7 +25,7 @@
                 "automated",
                 "checks",
                 "deployment",
-                "DevOps",
+                "DevSecOps",
                 "pipeline",
                 "scan",
                 "workflow"

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -19,6 +19,11 @@ updates:
     directory: "/.environment/docker/docker-compose"
     schedule:
       interval: "weekly"
+  - package-ecosystem: "docker"
+    directory: "/frontend-react"
+    schedule:
+      interval: "weekly"
+    versioning-strategy: increase-if-necessary
 
   # slack-boltjs-app (chatops)
   - package-ecosystem: "gitsubmodule"

diff --git a/frontend-react/.dockerignore b/frontend-react/.dockerignore
@@ -1,5 +1,5 @@
 .dockerignore
-*.sh
 build
 Dockerfile*
-node_modules
+node_modules
+**/.DS_Store
diff --git a/frontend-react/.nvmrc b/frontend-react/.nvmrc
@@ -1 +1 @@
-20.15
+20.15.1
diff --git a/frontend-react/Dockerfile b/frontend-react/Dockerfile
@@ -0,0 +1,56 @@
+# Start with the latest version of hardened builder image
+FROM cgr.dev/chainguard/wolfi-base:latest AS builder
+
+# Install required dependencies
+RUN apk add --no-cache bash curl git ca-certificates libstdc++ coreutils && \
+    update-ca-certificates && \
+    touch ~/.bash_profile
+
+# Get desired Node.js version and install it
+COPY .nvmrc /tmp/.nvmrc
+RUN export NODE_VERSION=$(cat /tmp/.nvmrc | tr -d '[:space:]') && \
+    ARCH=$(uname -m) && \
+    echo $ARCH && \
+    case $ARCH in \
+        x86_64) ARCH_NAME="x64";; \
+        aarch64) ARCH_NAME="arm64";; \
+        *) echo "Unsupported architecture: $ARCH" && exit 1;; \
+    esac && \
+    echo "Architecture: $ARCH_NAME" && \
+    PLATFORM_ARCH="linux-${ARCH_NAME}" && \
+    echo "Platform architecture: $PLATFORM_ARCH https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-${PLATFORM_ARCH}.tar.gz" && \
+    echo "Installing Node.js version: ${NODE_VERSION} for $ARCH_NAME" && \
+    DOWNLOAD_URL="https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-${PLATFORM_ARCH}.tar.gz" && \
+    echo "Downloading from: $DOWNLOAD_URL" && \
+    curl -fsSL --retry 3 "$DOWNLOAD_URL" -o /tmp/node.tar.gz && \
+    tar -xzf /tmp/node.tar.gz -C /usr/local --strip-components=1 && \
+    rm /tmp/node.tar.gz /tmp/.nvmrc && \
+    echo -n "Node.js installed version: " && node -v && \
+    echo -n "npm installed version: " && npm -v && \
+    apk del glibc # Remove glibc package to resolve CVE CVE-2025-0395
+
+
+# Install yarn and resolve vulnerability in cross-spawn, by upgrading it to a version with resolved CVE
+# Newly found CVEs can be resolved in similar manner - by upgrading to the closest fixed version
+RUN apk add --no-cache yarn && \
+    npm install -g [email protected]
+# Extract Node.js version from the  image
+SHELL ["/bin/ash", "-o", "pipefail", "-c"]
+RUN node --version | awk -F'v' '{print $2}' 
+WORKDIR /app
+# Prep package manager as root and drop privileges
+USER root
+COPY --chown=nonroot . .
+RUN chown nonroot:nonroot ./ && npm install -g corepack
+# Run install/buiuld as unprivileged user
+USER nonroot
+RUN yarn install --immutable && yarn build:production
+
+# Web server stage
+# This image runs as a unprivileged user by default, so there's no need to explicitly set user - see the Note block in the link below for more context
+# https://edu.chainguard.dev/chainguard/chainguard-images/getting-started/nginx/#advanced-usage
+FROM cgr.dev/chainguard/nginx AS server
+COPY nginx.conf /etc/nginx/nginx.conf
+COPY --from=builder /app/build /usr/share/nginx/html
+EXPOSE 8080
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/frontend-react/nginx.conf b/frontend-react/nginx.conf
@@ -0,0 +1,18 @@
+pid /var/run/nginx.pid;
+
+http {
+  include       mime.types;
+
+  server {
+    listen 8080;
+    server_name localhost;
+
+    location / {
+        root /usr/share/nginx/html;
+        index index.html index.htm;
+        try_files $uri /index.html; # Pass all non-files to our react app
+    }
+  }
+}
+
+events {}
diff --git a/frontend-react/package.json b/frontend-react/package.json
@@ -20,7 +20,7 @@
     "date-fns-tz": "^3.2.0",
     "dompurify": "^3.2.3",
     "export-to-csv-fix-source-map": "^0.2.1",
-    "focus-trap-react": "^11.0.2",
+    "focus-trap-react": "^11.0.3",
     "history": "^5.3.0",
     "html-to-text": "^9.0.5",
     "lodash": "^4.17.21",
@@ -35,7 +35,7 @@
     "react-router": "^6.28.2",
     "react-router-dom": "^6.28.2",
     "react-scroll-sync": "^0.11.2",
-    "react-toastify": "^11.0.2",
+    "react-toastify": "^11.0.3",
     "rehype-raw": "^7.0.0",
     "rehype-slug": "^5.1.0",
     "rest-hooks": "^6.1.7",
@@ -161,7 +161,7 @@
     "eslint-plugin-jest-dom": "^5.5.0",
     "eslint-plugin-jsx-a11y": "^6.10.2",
     "eslint-plugin-playwright": "^2.1.0",
-    "eslint-plugin-react": "^7.37.3",
+    "eslint-plugin-react": "^7.37.4",
     "eslint-plugin-react-hooks": "^5.1.0",
     "eslint-plugin-react-refresh": "^0.4.18",
     "eslint-plugin-storybook": "^0.11.2",

diff --git a/frontend-react/run.container.sh b/frontend-react/run.container.sh
diff --git a/frontend-react/scripts/build-docker.sh b/frontend-react/scripts/build-docker.sh
@@ -0,0 +1 @@
+docker build . --build-arg NODE_VERSION=$(cat .nvmrc) -t rs-frontend:latest
diff --git a/frontend-react/yarn.lock b/frontend-react/yarn.lock
@@ -5781,9 +5781,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"eslint-plugin-react@npm:^7.37.3":
-  version: 7.37.3
-  resolution: "eslint-plugin-react@npm:7.37.3"
+"eslint-plugin-react@npm:^7.37.4":
+  version: 7.37.4
+  resolution: "eslint-plugin-react@npm:7.37.4"
   dependencies:
     array-includes: ^3.1.8
     array.prototype.findlast: ^1.2.5
@@ -5805,7 +5805,7 @@ __metadata:
     string.prototype.repeat: ^1.0.0
   peerDependencies:
     eslint: ^3 || ^4 || ^5 || ^6 || ^7 || ^8 || ^9.7
-  checksum: 670dcee215f560a394b8b9966aecfc3c5ee5c15603a690f5333b0e16863275958f9c1853b12355eb0e36ef74dfac8bf645e4f440cb9b985a3bae2ac09d5ed55a
+  checksum: 8a37bdc9b347bf3a1273fef73dfbc39279cc3e58441940a5e13b3ba4e82b34132d1d1172db9d6746f153ee981280bd6bd06a9065fb453388c68f4bebe0d9f839
   languageName: node
   linkType: hard
 
@@ -6269,27 +6269,27 @@ __metadata:
   languageName: node
   linkType: hard
 
-"focus-trap-react@npm:^11.0.2":
-  version: 11.0.2
-  resolution: "focus-trap-react@npm:11.0.2"
+"focus-trap-react@npm:^11.0.3":
+  version: 11.0.3
+  resolution: "focus-trap-react@npm:11.0.3"
   dependencies:
-    focus-trap: ^7.6.2
+    focus-trap: ^7.6.4
     tabbable: ^6.2.0
   peerDependencies:
     "@types/react": ^18.0.0 || ^19.0.0
     "@types/react-dom": ^18.0.0 || ^19.0.0
     react: ^18.0.0 || ^19.0.0
     react-dom: ^18.0.0 || ^19.0.0
-  checksum: 992b6330101ff71abba01c0ea0c85104a0bbf3bf91f335ca004776e77c7d700d8f1e8a12425cb7a1bc8a041169c2b0d4c25c9ac0db5b5bdf8d17c21d66085ab8
+  checksum: 36150d76545a8c758201648263bc04c71a84d086b20702896ca034f1ef793821121ed548d236724202b435e352a7c1cf96b12951c66ee4f38058eb185586a78e
   languageName: node
   linkType: hard
 
-"focus-trap@npm:^7.6.2":
-  version: 7.6.2
-  resolution: "focus-trap@npm:7.6.2"
+"focus-trap@npm:^7.6.4":
+  version: 7.6.4
+  resolution: "focus-trap@npm:7.6.4"
   dependencies:
     tabbable: ^6.2.0
-  checksum: b5873f8e506d3f466d9823d2f144612d3938f3c74c3be3db922052e5e54fd41a3a46889f8219f16f60d1ce5aff9e0a7fef9dea03ca0da96820c2ea36243236f7
+  checksum: 8a71f21ff165fac9f9e79d117233392903a36f30ee03ce0970c8739ea66f7f9bb6c0f2b8da648221daa915fdb90ffb808565e8c31086909fbc02f6de8e08a0df
   languageName: node
   linkType: hard
 
@@ -10004,14 +10004,14 @@ __metadata:
     eslint-plugin-jest-dom: ^5.5.0
     eslint-plugin-jsx-a11y: ^6.10.2
     eslint-plugin-playwright: ^2.1.0
-    eslint-plugin-react: ^7.37.3
+    eslint-plugin-react: ^7.37.4
     eslint-plugin-react-hooks: ^5.1.0
     eslint-plugin-react-refresh: ^0.4.18
     eslint-plugin-storybook: ^0.11.2
     eslint-plugin-testing-library: ^7.1.1
     eslint-plugin-vitest: ^0.5.4
     export-to-csv-fix-source-map: ^0.2.1
-    focus-trap-react: ^11.0.2
+    focus-trap-react: ^11.0.3
     globals: ^15.14.0
     history: ^5.3.0
     html-to-text: ^9.0.5
@@ -10038,7 +10038,7 @@ __metadata:
     react-router: ^6.28.2
     react-router-dom: ^6.28.2
     react-scroll-sync: ^0.11.2
-    react-toastify: ^11.0.2
+    react-toastify: ^11.0.3
     rehype-raw: ^7.0.0
     rehype-slug: ^5.1.0
     remark-frontmatter: ^5.0.0
@@ -10205,15 +10205,15 @@ __metadata:
   languageName: node
   linkType: hard
 
-"react-toastify@npm:^11.0.2":
-  version: 11.0.2
-  resolution: "react-toastify@npm:11.0.2"
+"react-toastify@npm:^11.0.3":
+  version: 11.0.3
+  resolution: "react-toastify@npm:11.0.3"
   dependencies:
     clsx: ^2.1.1
   peerDependencies:
     react: ^18 || ^19
     react-dom: ^18 || ^19
-  checksum: b951638b517e110f09a60f8164d759d29d480132832d574a57b5724ed6887ec728401f6fe9bf00d4a70ec5edb5a7871fc45f18ddeffdecf677b1dbbdddc55b2c
+  checksum: 72d771a7a780c86860350908e6adaf431b681c69ceb09726f3e572a20e361f9fc690906dd5953650e9a4964f0d240d7742d20bce4c86637487772714490c305e
   languageName: node
   linkType: hard
 

diff --git a/operations/app/terraform/scripts/export-resources.ps1 b/operations/app/terraform/scripts/export-resources.ps1
@@ -0,0 +1,17 @@
+#!/usr/bin/env pwsh
+
+# Define parameters
+param (
+    [string]$OutputFile = "azure-resources--powershell.csv"
+)
+
+# Output header
+"Location,Name,Resource Group" | Out-File -FilePath "azure-resources.csv" -Encoding utf8 ;
+
+# Fetch Azure resources and append to CSV
+az resource list --query '[].{"Location":location,"Name":name,"Resource Group":resourceGroup}' --output tsv |
+    ForEach-Object { $_ -replace "`t", "," } |
+    Out-File -FilePath $OutputFile -Append -Encoding utf8 ;
+
+# Display the contents of the generated CSV
+Get-Content -Path $OutputFile ;
diff --git a/operations/app/terraform/scripts/export-resources.py b/operations/app/terraform/scripts/export-resources.py
@@ -0,0 +1,39 @@
+#!/usr/bin/env python
+
+import subprocess
+import csv
+import argparse
+
+# Set up argument parser
+parser = argparse.ArgumentParser( description="Fetch Azure resources and export them to a CSV file." ) ;
+parser.add_argument(
+    "--output-file",
+    type=str,
+    default="azure-resources--python.csv",
+    help="Path to the output CSV file (default: azure-resources--python.csv)"
+) ;
+
+# Parse arguments
+args = parser.parse_args() ;
+output_file = args.output_file ;
+
+# Command to fetch Azure resources
+cmd = [
+    "az", "resource", "list",
+    "--query", "[].{\"Location\":location, \"Name\":name, \"Resource Group\":resourceGroup}",
+    "--output", "tsv"
+] ;
+
+# Run the Azure CLI command
+result = subprocess.run( cmd, stdout=subprocess.PIPE, text=True ) ;
+
+# Write header and data to CSV file
+with open( output_file, "w", newline="" ) as csvfile:
+    writer = csv.writer( csvfile ) ;
+    writer.writerow( ["Location", "Name", "Resource Group"] ) ;
+    for line in result.stdout.splitlines():
+        writer.writerow( line.split( "\t" ) ) ;
+
+# Print the contents of the generated CSV
+with open( output_file, "r" ) as csvfile:
+    print( csvfile.read() ) ;
diff --git a/operations/app/terraform/scripts/export-resources.shell b/operations/app/terraform/scripts/export-resources.shell
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+if [[ ${#1} -gt 0 ]]; then
+        OutputFile="${1}" ;
+  else  OutputFile="azure-resources--shell.csv" ;
+fi ;
+
+echo "Location,Name,Resource Group" \
+| cat - <( az resource list --query "[].{\"Location\":location, \"Name\":name, \"Resource Group\":resourceGroup}" --output tsv \
+| sed 's/\t/,/g' ) \
+> ${OutputFile} ;
+
+cat ${OutputFile} ;
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		docker build . --build-arg NODE_VERSION=$(cat .nvmrc) -t rs-frontend:latest