Merge remote-tracking branch 'origin' into settings_for_DC

.github/workflows/build-image.yml

@@ -23,7 +23,8 @@ jobs:
     outputs:
       taggedImage: ${{ steps.prep.outputs.tagged_image }}
       tag: ${{ steps.prep.outputs.tag }}
-      registry: ${{ steps.prep.outputs.registry }}
+      registryEcr: ${{ steps.prep.outputs.registry_ecr }}
+      registryGhcr: ${{ steps.prep.outputs.registry_ghcr }}
       shortSha: ${{ steps.prep.outputs.short_sha}}
       branchName: ${{ steps.prep.outputs.branch_name }}
       latestTag: ${{ steps.prep.outputs.latest_tag }}
@@ -38,10 +39,11 @@ jobs:
           SHORT_SHA=$(echo $GITHUB_SHA | head -c7)
           REPO=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')
           TAG=${{ env.GIT_BRANCH_NAME }}-$(echo $GITHUB_SHA | head -c7)
-          IMAGE=public.ecr.aws/ideacrew/$REPO
+          IMAGE=ideacrew/$REPO
           echo ::set-output name=tagged_image::${IMAGE}:${TAG}
           echo ::set-output name=tag::${TAG}
-          echo ::set-output name=registry::public.ecr.aws
+          echo ::set-output name=registry_ecr::public.ecr.aws
+          echo ::set-output name=registry_ghcr::ghcr.io
           echo ::set-output name=short_sha::$SHORT_SHA
           echo ::set-output name=branch_name::${{ env.GIT_BRANCH_NAME }}
           echo ::set-output name=repository_name::$REPO
@@ -84,6 +86,7 @@ jobs:
         uses: docker/setup-buildx-action@v1
         with:
           install: true
+          version: v0.9.1
 
       - name: Cache Docker layers
         uses: actions/cache@v2
@@ -112,10 +115,17 @@ jobs:
       - name: Login to Public ECR
         uses: docker/login-action@v1
         with:
-          registry: ${{ needs.prep.outputs.registry }}
+          registry: ${{ needs.prep.outputs.registryEcr }}
           username: ${{ secrets.AWS_ACCESS_KEY_ID }}
           password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
+      - name: Login to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ needs.prep.outputs.registryGhcr }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build Image
         uses: docker/build-push-action@v2
         with:
@@ -130,7 +140,11 @@ jobs:
           push: ${{ github.event_name != 'pull_request' }}
           # create local image (for scanning) if it is a pull request
           load: ${{ github.event_name == 'pull_request' }}
-          tags: ${{ needs.prep.outputs.taggedImage }}, ${{ needs.prep.outputs.latestTag }}
+          tags: |
+            ${{ format('{0}/{1}', needs.prep.outputs.registryEcr, needs.prep.outputs.taggedImage) }}
+            ${{ format('{0}/{1}', needs.prep.outputs.registryEcr, needs.prep.outputs.latestTag) }}
+            ${{ format('{0}/{1}', needs.prep.outputs.registryGhcr, needs.prep.outputs.taggedImage) }}
+            ${{ format('{0}/{1}', needs.prep.outputs.registryGhcr, needs.prep.outputs.latestTag) }}
           cache-from: type=local,src=/tmp/.buildx-cache
           # Note the mode=max here
           # More: https://github.com/moby/buildkit#--export-cache-options
@@ -144,14 +158,14 @@ jobs:
         id: scan
         uses: anchore/scan-action@main
         with:
-          image: ${{ needs.prep.outputs.taggedImage }}
+          image: ${{ format('{0}/{1}', needs.prep.outputs.registryGhcr, needs.prep.outputs.taggedImage) }}
           acs-report-enable: true
           fail-build: false
           severity-cutoff: critical
 
       - name: upload Anchore scan SARIF report
         if: github.event_name != 'pull_request'
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: ${{ steps.scan.outputs.sarif }}
 
@@ -164,12 +178,29 @@ jobs:
     if: github.event_name != 'pull_request'
     needs: [prep, build-and-upload-image]
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        registry: ['public.ecr.aws', 'ghcr.io']
     steps:
       - name: Post to a Slack channel
-        id: slack
-        uses: slackapi/slack-github-action@v1.16.0
+        id: ic-slack
+        uses: slackapi/slack-github-action@v1
         with:
-          channel-id: "docker-images-${{ needs.prep.outputs.repositoryName }}"
-          slack-message: "New image pushed: ${{ needs.prep.outputs.taggedImage }} built from <https://github.com/ideacrew/${{ needs.prep.outputs.repositoryName }}/commit/${{ needs.prep.outputs.shortSha }}|${{ needs.prep.outputs.shortSha }}> on `${{ needs.prep.outputs.branchName }}`"
+          channel-id: 'docker-images-${{ needs.prep.outputs.repositoryName }}'
+          payload: |
+            {
+              "blocks": [
+                {
+                  "type": "section",
+                  "text": {
+                    "type": "mrkdwn",
+                    "text": "*${{ format('{0} image*:\n`{1}/{2}`', matrix.registry, matrix.registry, needs.prep.outputs.taggedImage) }}"
+                  }
+                },
+                {
+                  "type": "divider"
+                }
+              ]
+            }
         env:
           SLACK_BOT_TOKEN: ${{ secrets.YELLR_BOT_TOKEN }}

Gemfile.lock

@@ -1,6 +1,6 @@
 GIT
   remote: https://github.com/ideacrew/aca_entities.git
-  revision: e3c41158ef445a5a5cc1c6a1f99e58fbce655b32
+  revision: 21261122695660b3c298a22f8a5b16a6c3f0e398
   branch: trunk
   specs:
     aca_entities (0.10.0)
@@ -11,6 +11,7 @@ GIT
       dry-types (~> 1.0)
       dry-validation (~> 1.2)
       iso_country_codes
+      json-schema
       nokogiri-happymapper
       oj (~> 3.11)
       rbnacl (~> 7.1)
@@ -335,6 +336,8 @@ GEM
       thor (>= 0.14, < 2.0)
     jquery-ui-rails (6.0.1)
       railties (>= 3.2.16)
+    json-schema (4.0.0)
+      addressable (>= 2.8)
     kaminari (1.2.1)
       activesupport (>= 4.1.0)
       kaminari-actionview (= 1.2.1)

app/event_source/subscribers/families/notices/faa_totally_ineligible/faa_totally_ineligible_notice_subscriber.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module Subscribers
+  module Families
+    module Notices
+      module FaaTotallyIneligible
+        # Subscriber will receive response payload from medicaid gateway and generate documents
+        class FaaTotallyIneligibleNoticeSubscriber
+          include EventSource::Logging
+          include ::EventSource::Subscriber[amqp: 'enroll.families.notices.faa_totally_ineligible_notice']
+
+          subscribe(
+            :on_enroll_families_notices_faa_totally_ineligible_notice
+          ) do |delivery_info, _metadata, response|
+            routing_key = delivery_info[:routing_key]
+            logger.info "Polypress: invoked FaaTotallyIneligibleNoticeSubscriber with delivery_info: #{delivery_info} routing_key: #{routing_key}"
+
+            payload = JSON.parse(response, symbolize_names: true)
+            results =
+              MagiMedicaid::GenerateAndPublishEligibilityDocuments.new.call(
+                { payload: payload, event_key: routing_key }
+              )
+            if results.all?(&:success)
+              logger.info "Polypress: FaaTotallyIneligibleNoticeSubscriber; acked for #{routing_key}"
+            else
+              results
+                .map(&:failure)
+                .compact
+                .each do |result|
+                  errors =
+                    if result.is_a?(String)
+                      result
+                    elsif result.failure.is_a?(String)
+                      result.failure
+                    else
+                      result.failure.errors.to_h
+                    end
+                  logger.error(
+                    "Polypress: FaaTotallyIneligibleNoticeSubscriber_error;
+                  nacked due to:#{errors}; for routing_key: #{routing_key}, payload: #{payload}"
+                  )
+                end
+            end
+            ack(delivery_info.delivery_tag)
+          rescue StandardError, SystemStackError => e
+            logger.error(
+              "Polypress: FaaTotallyIneligibleNoticeSubscriber_error: nacked due to error: #{e}; backtrace:
+              #{e.backtrace}; for routing_key: #{routing_key}, response: #{response}"
+            )
+            ack(delivery_info.delivery_tag)
+          end
+        end
+      end
+    end
+  end
+end