Merge pull request #3499 from CityOfBoston/master

(production)  Adds Captcha, Special-Item collection, Interactive charts

.github/workflows/D10-Deploy.yml

@@ -1,4 +1,4 @@
-# @file: deploy.yml
+# @file: D10-Publish.yml
 # This Action builds a deploy artifact (which in this case is a fully populated config, vendor and docroot folder for a
 # Dupal website) and commits these artifact folders+files to an Acquia Repository.
 #   - This Action is fired when a tracked branch has code pushed to it, typically when:
@@ -152,12 +152,12 @@ jobs:
           echo "${{ secrets.ACQUIA_SSH_KEY }}" > "$acquia_ssh_key_file"
           chmod 600 $acquia_ssh_key_file
 
-          echo "::notice file=deploy.yml,line=93,title=Success::Drupal codebase was built."
+          echo "::notice file=D10-Publish.yml,line=93,title=Success::Drupal codebase was built."
           err=""
           git config --global --add core.sshCommand "ssh -i $acquia_ssh_key_file"
-          host=$(echo ${{ secrets.ACQUIA_REMOTE_REPO_URL }} | awk -F'@' '{print $2}' | awk -F':' '{print $1}') || echo "::warning file=deploy.yml,title=Warning::Problem saving known host."
+          host=$(echo ${{ secrets.ACQUIA_REMOTE_REPO_URL }} | awk -F'@' '{print $2}' | awk -F':' '{print $1}') || echo "::warning file=D10-Publish.yml,title=Warning::Problem saving known host."
           if [[ "$host" != "github.com" ]]; then
-            echo $(ssh-keyscan -t rsa $host) >> "${HOME}/.ssh/known_hosts" && echo "Host added to ssh known_hosts" || echo "::warning file=deploy.yml,title=Warning::Problem saving known host ($host)."
+            echo $(ssh-keyscan -t rsa $host) >> "${HOME}/.ssh/known_hosts" && echo "Host added to ssh known_hosts" || echo "::warning file=D10-Publish.yml,title=Warning::Problem saving known host ($host)."
           fi
           git config --global user.email "digital-dev@boston.gov"
           git config --global user.name ${{ github.triggering_actor }}
@@ -166,7 +166,7 @@ jobs:
           mkdir remote
           cd remote
           git init && git remote add acquia ${{ secrets.ACQUIA_REMOTE_REPO_URL }} || err="$err: Problem setting remote ref"
-          git config --local gc.auto 0 || echo "::warning file=deploy.yml,title=Warning::Problem disabling garbage collection (not fatal)."
+          git config --local gc.auto 0 || echo "::warning file=D10-Publish.yml,title=Warning::Problem disabling garbage collection (not fatal)."
           git -c protocol.version=2 fetch --no-progress --depth=1 --prune --no-recurse-submodules acquia +refs/heads/*:refs/remotes/acquia/* || err="$err: Problem fetching remote branches"
           [[ $(git branch --remotes --list acquia/${{ env.ACQUIA_BRANCH }}) == "" ]] && newbranch=1 || newbranch=0
           if [[ $newbranch == 0 ]]; then
@@ -184,12 +184,12 @@ jobs:
           echo "NEW_BRANCH=$newbranch" >> "${GITHUB_ENV}"
 
           if [[ "$err" != "" ]]; then
-            echo "::error file=deploy.yml,title=Error,line=120::$err"
+            echo "::error file=D10-Publish.yml,title=Error,line=120::$err"
             exit 1
           fi
 
           rm -f .git/gc.log
-          echo "::notice file=deploy.yml,line=120,title=Success::Remote/Acquia repository was checked out."
+          echo "::notice file=D10-Publish.yml,line=120,title=Success::Remote/Acquia repository was checked out."
 
       # Prepare candidate
       - name: Prepare the candidate for pushing to Acquia
@@ -252,24 +252,24 @@ jobs:
           fi
           if [[ ${{ vars.DRY_RUN }} == 1 ]]; then
             pushopts="$pushopts --dry-run"
-            echo "::notice file=deploy.yml,title=DRY-RUN::DRY_RUN envar set. Any commits will not be pushed to Acquia."
+            echo "::notice file=D10-Publish.yml,title=DRY-RUN::DRY_RUN envar set. Any commits will not be pushed to Acquia."
           fi
           if [[ $(echo "$res" | grep "nothing to commit") == "" ]]; then
             echo "changes=1" >> "$GITHUB_OUTPUT"
             echo "git push --set-upstream acquia ${{ env.ACQUIA_BRANCH }}:${{ env.ACQUIA_BRANCH }} ${pushopts}"
             git push --set-upstream acquia ${{ env.ACQUIA_BRANCH }}:${{ env.ACQUIA_BRANCH }} ${pushopts} || err="$err: Problem pushing changes to Acquia"
             if [[ ${{ vars.DRY_RUN }} == 0 ]]; then
-              echo "::notice file=deploy.yml,title=Success::Remote/Acquia repository was updated- check Acquia for deploy status."
+              echo "::notice file=D10-Publish.yml,title=Success::Remote/Acquia repository was updated- check Acquia for deploy status."
             else
-              echo "::notice file=deploy.yml,title=Success::Remote/Acquia repository was not updated because this was a dry-run."
+              echo "::notice file=D10-Publish.yml,title=Success::Remote/Acquia repository was not updated because this was a dry-run."
             fi
           else
             echo "changes=0" >> "$GITHUB_OUTPUT"
-            echo "::notice file=deploy.yml,title=No Changes::No changes were found to be pushed to Acquia."
+            echo "::notice file=D10-Publish.yml,title=No Changes::No changes were found to be pushed to Acquia."
           fi
           rm -rf $aquia_ssh_key_path
           if [[ "$err" != "" ]]; then
-            echo "::error file=deploy.yml,title=Error,line=213::$err"
+            echo "::error file=D10-Publish.yml,title=Error,line=213::$err"
             exit 1
           fi
 

.github/workflows/D10-Publish.yml

@@ -45,7 +45,7 @@ env:
   GH_TOKEN: ${{ secrets.PUBLISH_GITHUB_TOKEN }}
   GITHUB_TOKEN: ${{ secrets.PUBLISH_GITHUB_TOKEN }}
   DEV_EMAIL: "digital-dev@boston.gov"
-  PR_USER: ${{ github.event.pull_request.merged_by.name }}
+  PR_USER: ${{ github.event.pull_request.merged_by.login }}
   SLACK_WEBHOOK_URL: ${{ secrets.SLACK_DOIT_WEBHOOK_URL }}    # for slack
 
 jobs:
@@ -83,6 +83,7 @@ jobs:
         run: |
           echo $EVENT_CONTEXT
 
+      #
       # Create and save some variables for use in the cascading actions.
       # Set them here, so they can be simply read by the other actions, and we
       # can (try to) make sure our tags align with Acquia tags.
@@ -100,27 +101,33 @@ jobs:
           RELEASE_NUMBER="v10.$(date +%Y).${{ vars.COUNT }}"
           [ -n "${{ github.event.pull_request.title }}" ] && TITLE="${{ github.event.pull_request.title }}" || TITLE="Boston.gov Update"
           [ -n "${{ github.event.pull_request.body }}" ] && BODY="${{ github.event.pull_request.body }}" || BODY="PR committed and merged."
-          gh variable set COUNT --body $(( ${{ vars.COUNT }}+1 ))
           gh variable set LAST_TAG --body "${{ vars.THIS_TAG }}"
           gh variable set LAST_RELEASE --body "${{ vars.THIS_RELEASE }}"
-          gh variable set THIS_TAG --body "$ACQUIA_TAG"
-          gh variable set THIS_RELEASE --body "$RELEASE_NUMBER"
-          gh variable set THIS_TITLE --body "$TITLE"
-          gh variable set THIS_BODY --body "$BODY"
+          echo "THIS_TAG=\"$ACQUIA_TAG\""  >> "${GITHUB_ENV}"
+          echo "THIS_RELEASE=\"$RELEASE_NUMBER\""  >> "${GITHUB_ENV}"
+          echo "THIS_TITLE=\"$TITLE\""  >> "${GITHUB_ENV}"
+          echo "THIS_BODY=\"$BODY\""  >> "${GITHUB_ENV}"
 
+      #
+      # Clone the Public Repository and checkout branch
       - name: Checkout Public repository
         id: Checkout-Public-Repo
         run: |
-          URL=${{ secrets.PUBLIC_REPO_TARGET }}
-          echo "gh repo clone $URL publish -- --depth 10 --branch ${{ secrets.PUBLIC_REPO_TARGET_BRANCH }}"
-          gh repo clone $URL publish -- --depth=10 --branch=${{ secrets.PUBLIC_REPO_TARGET_BRANCH }}
+          [[ ${{ vars.DEBUG }} == 1 ]] && echo "ssh-key-file: ${HOME}/.ssh/id_rsa" && echo "ssh-key-path: ${HOME}/.ssh"
+          mkdir -p ${HOME}/.ssh
+          echo "${{ secrets.SSH_GITHUB_KEY }}" > "${HOME}/.ssh/id_rsa"
+          chmod 600 ${HOME}/.ssh/id_rsa
+          git config --global --add core.sshCommand "ssh -i ${HOME}/.ssh/id_rsa"
+          echo "git clone ${{ secrets.PUBLIC_REPO_TARGET }} --depth=10 --branch=${{ secrets.PUBLIC_REPO_TARGET_BRANCH }} publish"
+          git clone ${{ secrets.PUBLIC_REPO_TARGET }} --depth=10 --branch=${{ secrets.PUBLIC_REPO_TARGET_BRANCH }} publish
           cd publish
           git fetch origin ${{ secrets.PUBLIC_REPO_TARGET_BRANCH }}
           git reset --hard FETCH_HEAD
 
+      #
       # Sanitize the code in the local "private" folder
-      - name: Sanitize Repo
-        id: Sanitize-Codebase
+      - name: Sanitize Repository
+        id: Sanitize-Repository
         env:
           publish_from_file: ${{ github.workspace }}/private/.github/sanitize/publish-from.txt
           publish_excludes_file: ${{ github.workspace }}/private/.github/sanitize/publish-excludes.txt
@@ -130,12 +137,12 @@ jobs:
           rsync -rlDWz --max-size=10m --files-from=${publish_from_file} --exclude-from=${publish_excludes_file} --delete-after . ../publish && echo "Copied updated codebase" || err="Error copying updated codebase"
           [[ "$( git status --porcelain --untracked-files=no --ignored=no )" == "" ]] && echo "changes=0" >> "$GITHUB_OUTPUT" || echo "changes=1" >> "$GITHUB_OUTPUT"
           if [[ "$err" != "" ]]; then
-            echo "::error file=publish.yml,title=Error,line=139::$err"
+            echo "::error file=D10-Publish.yml,title=Error,line=139::$err"
             exit 1
           fi
 
-      # Tag and push (updated local) private repository
-      # Tag the branch and push to remote.
+      #
+      # Tag and push tag to private repository
       - name: Tag the Private Repo branch
         run: |
           cd private
@@ -145,31 +152,79 @@ jobs:
           else
             git config --global user.name "${{ env.PR_USER }}"
           fi
-          git tag -a "${{ vars.THIS_TAG }}" -m "${{ vars.THIS_RELEASE }}"
-          [ ${{ vars.DRY_RUN }} == 0 ] && git push origin ${{ vars.THIS_TAG }} || echo "Tagging DRY_RUN mode"
+          git tag -a "${{ env.THIS_TAG }}" -m "${{ env.THIS_RELEASE }}"
+          [ ${{ vars.DRY_RUN }} == 0 ] && git push origin ${{ env.THIS_TAG }} || echo "Tagging DRY_RUN mode"
 
-      # Commit and push (updated local) public repository
-      - uses: stefanzweifel/git-auto-commit-action@v5
-        if: ${{ vars.DRY_RUN == 0 }}
-        id: Commit-Codebase
-        with:
-          commit_message: ${{ vars.THIS_TITLE }}
-          branch: ${{ secrets.PUBLIC_REPO_TARGET_BRANCH }}
-          commit_options: '--no-verify --signoff'
-          repository: publish
-          commit_user_name: Github Actions Publisher
-          commit_user_email: ${{ env.DEV_EMAIL }}
-          tagging_message: '${{ vars.THIS_TAG }}'
-          status_options: '--untracked-files=no'
-          add_options: '-u'
-          push_options: '--force'
-          skip_dirty_check: true
-          skip_fetch: true
-          skip_checkout: true
-          disable_globbing: true
-          create_branch: true
-#          commit_author: ${{ github.event.pull_request.merged_by.name }} <${{ env.DEV_EMAIL }}>
+      #
+      # Commit and push latest code to Public repository
+      - name: Push to the Public Repo
+        run: |
+          cd publish
+          err=''
+
+          git config --global user.email ${{ env.DEV_EMAIL }}
+          if [[ -z "${{ env.PR_USER }}" ]]; then
+            git config --global user.name "Guthub Publish Action"
+          else
+            git config --global user.name "${{ env.PR_USER }}"
+          fi
+
+          git submodule deinit --all || err="$err: Could not de-initialize submodules"
+
+          if [[ ${{ vars.DEBUG }} == 1 ]]; then
+            echo "Working Tree Status (pre-add&commit):"
+            git status
+          fi
+
+          git add --all && echo ' ' || err="$err: Failed to add changed files"
+
+          [[ ${{ vars.DEBUG }} == 1 ]] && commitopt="--status" || commitopt="--quiet"
+          commitopt="$commitopt --no-verify --signoff"
+          res=$(git commit -m '${{ env.THIS_TITLE }}' $commitopt) || err="$err: Problem committing changes"
+
+          pushopts="--force"
+          if [[ ${{ vars.DEBUG }} == 1 ]]; then
+            echo "Working Tree Status (post-add&commit):"
+            git status -s
+            echo "Commit results:" && echo $res
+            pushopts="$pushopts --verbose"
+          fi
+
+          [[ ${{ vars.DRY_RUN }} == 1 ]] && pushopts="$pushopts --dry-run"
+
+          if [[ $(echo "$res" | grep "nothing to commit") == "" ]]; then
+            echo "changes=1" >> "$GITHUB_OUTPUT"
+            echo "git push --set-upstream origin ${{ secrets.PUBLIC_REPO_TARGET_BRANCH }}:${{ secrets.PUBLIC_REPO_TARGET_BRANCH }} ${pushopts}"
+            git push --set-upstream origin ${{ secrets.PUBLIC_REPO_TARGET_BRANCH }}:${{ secrets.PUBLIC_REPO_TARGET_BRANCH }} ${pushopts} || err="$err: Problem pushing changes to Public Repo"
+            if [[ ${{ vars.DRY_RUN }} == 0 ]]; then
+              echo "::notice file=D10-Publish.yml,title=Success::Public repository was updated."
+            else
+              echo "::notice file=D10-Publish.yml,title=Success::Public repository was not updated because this was a dry-run."
+            fi
+          else
+            echo "changes=0" >> "$GITHUB_OUTPUT"
+            echo "::notice file=D10-Publish.yml,title=No Changes::No changes were found to be pushed to Public repository."
+          fi
+
+          if [[ "$err" != "" ]]; then
+            echo "::error file=D10-Publish,title=Error,line=213::$err"
+            exit 1
+          fi
+
+      #
+      # On success, save GitHub variables for future use.
+      - name: Update Variables on success
+        if: ${{ success() && vars.DRY_RUN == 0 }}
+        run: |
+          cd private
+          gh variable set COUNT --body $(( ${{ vars.COUNT }}+1 ))
+          gh variable set THIS_TAG --body "${{ env.THIS_TAG }}"
+          gh variable set THIS_RELEASE --body "${{ env.THIS_RELEASE }}"
+          gh variable set THIS_TITLE --body "${{ env.THIS_TITLE }}"
+          gh variable set THIS_BODY --body "${{ env.THIS_BODY }}"
 
+      #
+      # If failure, post to slack.
       - name: Post to Slack - failure
         uses: act10ns/slack@v2.0.0
         if: ${{ failure() }}

composer.json

@@ -168,6 +168,7 @@
         "drupal/r4032login": "^2.2",
         "drupal/rabbit_hole": "^1.0-beta5",
         "drupal/realname": "^2.0@beta",
+        "drupal/recaptcha": "^3.2",
         "drupal/recaptcha_v3": "^1.8",
         "drupal/redirect": "^1.2",
         "drupal/rest_export_nested": "^1.0",