Merge branch 'master' into flexion/add-automated-test-org-settings

.environment/docker/docker-compose/Dockerfile.azurite

@@ -1 +1 @@
-FROM mcr.microsoft.com/azure-storage/azurite:3.31.0
+FROM mcr.microsoft.com/azure-storage/azurite:3.32.0

.environment/gitleaks/gitleaks-config.toml

@@ -203,6 +203,7 @@ title = "PRIME ReportStream Gitleaks Configuration"
             'authority\", \"extension\"',                                                  # FHIR extension URL also shows up in normal FHIR test data
             'ApiKeyCredential\(\"flexion\"',
             'authType: \"two-legged\"',
+            'authType == "two-legged"',
             '\"apiKey\"',
             'api-key\" to \"oracle123\"',
             'Authorization-Type: \"username/password\"',

.gitattributes

@@ -1,15 +1,18 @@
-# Normal text let sit to auto
-*.htm text
-*.html text
-*.css text
-*.js text
-
-## Declare files that will always have LF (aka \n aka 10 aka 0x0a) line endings on checkout.
-*.sh text eol=lf
-*.md text eol=lf
-*.json text eol=lf
-*.yml text eol=lf
-*.csv text eol=lf
-*.hl7 text eol=lf
-.environment/sftp-conf/ssh_host_*_key text eol=lf
-
+# Normal text let sit to auto
+*.htm text
+*.html text
+*.css text
+*.js text
+
+## Declare files that will always have LF (aka \n aka 10 aka 0x0a) line endings on checkout.
+*.sh text eol=lf
+*.md text eol=lf
+*.json text eol=lf
+*.yml text eol=lf
+*.csv text eol=lf
+*.hl7 text eol=lf
+.environment/sftp-conf/ssh_host_*_key text eol=lf
+* text=auto
+*.gradle text eol=lf
+
+

.github/actions/build-auth/action.yml

@@ -0,0 +1,70 @@
+# action.yml
+name: "Build Auth"
+description: "Build Auth microservice"
+inputs:
+  version:
+    description: "Version tag"
+    required: true
+  upload-build:
+    default: true
+  run-integration-tests:
+    default: false
+  run-qc:
+    default: false
+  github-token:
+    default: false
+  sp-creds:
+    description: "Azure Service Principal creds"
+
+runs:
+  using: "composite"
+  steps:
+    # These are for CI and not credentials of any system
+    - name: Set Environment Variables
+      working-directory: prime-router
+      shell: bash
+      run: |
+        echo >> $GITHUB_ENV DB_USER='prime'
+        echo >> $GITHUB_ENV DB_PASSWORD='changeIT!'
+
+    - name: Remove unnecessary software
+      shell: bash
+      run: |
+        sudo rm -rf /usr/local/lib/android
+
+    - name: Set up JDK 17
+      uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
+      with:
+        java-version: "17"
+        distribution: "temurin"
+        cache: "gradle"
+
+    - uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
+
+    - name: Lint
+      if: inputs.run-integration-tests == 'true'
+      run: ./gradlew :auth:ktlintCheck
+      shell: bash
+
+    - name: Spin up build containers
+      working-directory: prime-router
+      shell: bash
+      run: docker compose -f docker-compose.postgres.yml up -d
+
+    - name: Build auth Package
+      uses: ./.github/actions/retry
+      with:
+        timeout_minutes: 10
+        max_attempts: 2
+        retry_wait_seconds: 30
+        command: |
+          ./gradlew :auth:build -x test
+        shell: bash
+
+    - name: Cleanup Gradle Cache
+      if: inputs.run-integration-tests == 'true'
+      working-directory: prime-router
+      run: |
+        rm -f .gradle/caches/modules-2/modules-2.lock
+        rm -f .gradle/caches/modules-2/gc.properties
+      shell: bash

.github/actions/build-backend/action.yml

@@ -33,13 +33,13 @@ runs:
         sudo rm -rf /usr/local/lib/android
 
     - name: Set up JDK 17
-      uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+      uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73
       with:
         java-version: "17"
         distribution: "temurin"
         cache: "gradle"
 
-    - uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+    - uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
 
     - name: Lint
       if: inputs.run-integration-tests == 'true'

.github/actions/build-frontend/action.yml

@@ -47,7 +47,7 @@ runs:
   using: "composite"
   steps:
     - name: Use Node.js with yarn
-      uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
+      uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
       with:
         node-version-file: "frontend-react/.nvmrc"
 

.github/actions/build-submissions/action.yml

@@ -33,13 +33,13 @@ runs:
         sudo rm -rf /usr/local/lib/android
 
     - name: Set up JDK 17
-      uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
+      uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73
       with:
         java-version: "17"
         distribution: "temurin"
         cache: "gradle"
 
-    - uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
+    - uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
 
     - name: Lint
       if: inputs.run-integration-tests == 'true'

.github/actions/build-vars/action.yml

@@ -234,7 +234,7 @@ runs:
           echo "has_frontend_change=${{ steps.filter.outputs.frontend_react }}" >> $GITHUB_OUTPUT
         fi
 
-    - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a
+    - uses: azure/login@a65d910e8af852a8061c627c456678983e180302
       if: inputs.sp-creds != 'false'
       with:
         creds: ${{ inputs.sp-creds }}

.github/actions/sonarcloud/action.yml

@@ -22,11 +22,11 @@ runs:
         args: >
           -Dsonar.coverage.exclusions=prime-router/src/test/**,prime-router/src/testIntegration/**,prime-router/src/main/kotlin/cli/tests/**,frontend-react/**/__mocks__/**,frontend-react/**/mocks/**,frontend-react/**/*.test.*,submissions/src/test/**
           -Dsonar.cpd.exclusions=frontend-react/**/*.test.*,prime-router/src/test/**,prime-router/src/testIntegration/**,prime-router/src/main/kotlin/cli/tests/**,submissions/src/test/**
-          -Dsonar.sources=frontend-react/src,prime-router/src,submissions/src,shared/src
+          -Dsonar.sources=frontend-react/src,prime-router/src,submissions/src,auth/src,shared/src
           -Dsonar.projectKey=CDCgov_prime-data-hub
           -Dsonar.organization=cdcgov
-          -Dsonar.java.binaries=prime-router/build/classes/java/main,prime-router/build/classes/kotlin/main,submissions/build/classes/kotlin/main,shared/build/classes/kotlin/main
-          -Dsonar.java.libraries=prime-router/build/libs/*.jar,prime-router/build/**/*.jar,submissions/build/**/*.jar,shared/build/**/*.jar
+          -Dsonar.java.binaries=prime-router/build/classes/java/main,prime-router/build/classes/kotlin/main,submissions/build/classes/kotlin/main,auth/build/classes/kotlin/main,shared/build/classes/kotlin/main
+          -Dsonar.java.libraries=prime-router/build/libs/*.jar,prime-router/build/**/*.jar,submissions/build/**/*.jar,auth/build/**/*.jar,shared/build/**/*.jar
           -Dsonar.coverage.jacoco.xmlReportPaths=prime-router/build/reports/jacoco/test/jacocoTestReport.xml
           -Dsonar.javascript.lcov.reportPaths=frontend-react/coverage/lcov.info
 

.github/actions/vpn-azure/action.yml

@@ -63,7 +63,7 @@ runs:
         fi
       shell: bash
 
-    - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a
+    - uses: azure/login@a65d910e8af852a8061c627c456678983e180302
       if: inputs.sp-creds
       with:
         creds: ${{ inputs.sp-creds }}

.github/dependabot.yml

@@ -324,6 +324,17 @@ updates:
       timezone: "US/Eastern"
     rebase-strategy: "disabled"
 
+  # auth
+  - package-ecosystem: "gradle"
+    directory: "/auth"
+    open-pull-requests-limit: 100
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+      time: "04:17"
+      timezone: "US/Eastern"
+    rebase-strategy: "disabled"
+
   # Backend
   - package-ecosystem: "gradle"
     directory: "/prime-router"

.github/workflows/StaleItemsReport.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check Out Changes
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
         with:
           fetch-depth: 0
 

.github/workflows/alert_MBUsers_Inactive.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check Out Changes
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
         with:
           fetch-depth: 0
 

.github/workflows/alert_PD_schedule_Slack.yml

@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: "Check out changes"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
       - name: IsMonday
         id: IsMonday
         if: github.event_name == 'schedule' && github.event.schedule == '7 13 * * Mon'
@@ -37,7 +37,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Check Out Changes
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
       with:
         fetch-depth: 0
 
@@ -92,7 +92,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Check Out Changes
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
       with:
         fetch-depth: 0
 

.github/workflows/alert_cert_expire.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check Out Changes
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
 
       - name: Get runner ip
         id: runner_ip

.github/workflows/alert_resource_costs.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Check out changes
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
 
       - name: Login into Azure
         uses: ./.github/actions/vpn-azure

.github/workflows/alert_stale_branches.yaml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check Out Changes
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
         with:
           fetch-depth: 0
       - name: Get our Counts

.github/workflows/alert_terraform_changes.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check Out Changes
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
       - name: Connect to VPN and login to Azure
         uses: ./.github/actions/vpn-azure
         with:

.github/workflows/alert_version_upgrade.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check Out Changes
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
         with:
           fetch-depth: 0
 

.github/workflows/build_frontend.yaml

@@ -29,7 +29,7 @@ jobs:
       version: ${{ steps.build_vars.outputs.version }}
     steps:
       - name: "Check out changes"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
       - name: Build vars
         id: build_vars
         uses: ./.github/actions/build-vars
@@ -46,7 +46,7 @@ jobs:
 
     steps:
       - name: "Check out changes"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
 
       - name: Build frontend
         uses: ./.github/actions/build-frontend

.github/workflows/build_hub.yml

@@ -30,7 +30,7 @@ jobs:
       has_router_change: ${{ steps.build_vars.outputs.has_router_change }}
     steps:
       - name: "Check out changes"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
       - name: Build vars
         id: build_vars
         uses: ./.github/actions/build-vars
@@ -56,7 +56,7 @@ jobs:
           sudo swapon --show
 
       - name: "Check out changes"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
 
       - name: Build backend
         uses: ./.github/actions/build-backend

.github/workflows/cleanup_acr_images.yml

@@ -13,7 +13,7 @@ jobs:
         env: [staging, prod]
     steps:
       - name: "Check out changes"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
 
       - name: Connect to VPN & Login into Azure
         uses: ./.github/actions/vpn-azure

.github/workflows/codeql.yml

@@ -44,7 +44,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/dependency_review.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c
         with:

.github/workflows/deploy_terraform.yml

@@ -20,7 +20,7 @@ jobs:
       tf_change: ${{ steps.build_vars.outputs.has_terraform_change }}
     steps:
       - name: Check out changes
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
       - name: Build vars
         id: build_vars
         uses: ./.github/actions/build-vars
@@ -39,7 +39,7 @@ jobs:
       change_count: ${{ steps.stats1.outputs.change-count }}
     steps:
       - name: Check Out Changes
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
       - name: Connect to VPN and login to Azure
         uses: ./.github/actions/vpn-azure
         with:
@@ -89,7 +89,7 @@ jobs:
         working-directory: operations/app/terraform/vars/${{ needs.pre_job.outputs.env_name }}
     steps:
       - name: Check Out Changes
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
       - name: Connect to VPN and login to Azure
         uses: ./.github/actions/vpn-azure
         with:

.github/workflows/deployment_rollback.yml

@@ -29,7 +29,7 @@ jobs:
           exit 1
           
       - name: "Check out changes"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
 
       - name: Set deployment environment
         run: echo "ENV=${{ github.event.inputs.environment }}" >> $GITHUB_ENV