Deploy 2024.01.1 to Prod (#1870)

.devcontainer/server/.env.server

@@ -1,2 +1 @@
 ELIGIBILITY_SERVER_SETTINGS=/.devcontainer/server/settings.py
-FLASK_APP=eligibility_server/app.py

.devcontainer/server/settings.py

@@ -4,14 +4,14 @@
 
 # Eligibility Verification settings
 
-CLIENT_KEY_PATH = "https://raw.githubusercontent.com/cal-itp/eligibility-server/dev/keys/client.pub"
-SERVER_PRIVATE_KEY_PATH = "https://raw.githubusercontent.com/cal-itp/eligibility-server/dev/keys/server.key"
-SERVER_PUBLIC_KEY_PATH = "https://raw.githubusercontent.com/cal-itp/eligibility-server/dev/keys/server.pub"
+CLIENT_KEY_PATH = "https://raw.githubusercontent.com/cal-itp/eligibility-server/main/keys/client.pub"
+SERVER_PRIVATE_KEY_PATH = "https://raw.githubusercontent.com/cal-itp/eligibility-server/main/keys/server.key"
+SERVER_PUBLIC_KEY_PATH = "https://raw.githubusercontent.com/cal-itp/eligibility-server/main/keys/server.pub"
 SUB_FORMAT_REGEX = r".+"
 
 # Data settings
 
-IMPORT_FILE_PATH = "https://raw.githubusercontent.com/cal-itp/eligibility-server/dev/data/server.csv"
+IMPORT_FILE_PATH = "https://raw.githubusercontent.com/cal-itp/eligibility-server/main/data/server.csv"
 INPUT_HASH_ALGO = ""
 
 # CSV-specific settings

.github/ISSUE_TEMPLATE/release.yml

@@ -14,6 +14,9 @@ body:
         Each release is coordinated by a **Release Manager**. The release manager may assign sub-tasks or ask for help
         as-needed, but is otherwise responsible for all aspects of the release.
 
+        Each release also identifies a **Smoke Tester** responsible for carrying out the [Smoke Tests according to our
+        established procedure](https://docs.google.com/document/d/1ADXWW4mfLJwLKVqtVemPNX9yTqYKqIWfCz1DipAU02g/edit).
+
         After this issue is created, use the checklist to manage the steps
         of the release process, marking items as completed. [Read more about the
         release process](https://docs.calitp.org/benefits/deployment/release/).
@@ -29,6 +32,14 @@ body:
       placeholder: "@cal-itp-bot"
     validations:
       required: true
+  - type: input
+    id: smoke-tester
+    attributes:
+      label: Smoke tester
+      description: GitHub handle of who is responsible for smoke testing this release
+      placeholder: "@cal-itp-bot"
+    validations:
+      required: true
   - type: input
     id: version
     attributes:
@@ -76,7 +87,8 @@ body:
         - label: QA the app in test
         - label: Ensure `prod` secrets are up to date
         - label: Open a PR for the `test` branch into `prod`, merge
-        - label: QA the app in prod
+        - label: Smoke Test the app in prod
+        - label: Confirm acceptance of Smoke Tests by adding a comment to this issue
         - label: Tag the release on the `prod` branch, push the tag to GitHub (see [docs](https://docs.calitp.org/benefits/deployment/release/#5-tag-the-release) for commands)
         - label: Create a release in GitHub for the tag, generating release notes
         - label: Edit release notes with additional context, images, animations, etc. as-needed
@@ -90,7 +102,8 @@ body:
         - label: Bump the application version
         - label: Ensure `prod` secrets are up to date
         - label: Open a PR from the hotfix branch into `prod`, merge
-        - label: QA the fix in prod
+        - label: Smoke Test the fix in prod
+        - label: Confirm acceptance of Smoke Tests by adding a comment to this issue
         - label: Tag the release on `prod`, push the tag to GitHub (see [docs](https://docs.calitp.org/benefits/deployment/release/#5-tag-the-release) for commands)
         - label: Create a release in GitHub for the tag, generating release notes
         - label: Edit release notes with additional context, images, animations, etc. as-needed

.github/workflows/codeql.yml

@@ -33,7 +33,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -42,4 +42,4 @@ jobs:
           # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/deploy.yml

@@ -22,7 +22,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version-file: .github/workflows/.python-version
           cache: pip

.github/workflows/mkdocs.yml

@@ -8,25 +8,81 @@ on:
       - completed
     branches:
       - dev
+  pull_request:
+    branches:
+      - dev
+    paths:
+      - "docs/**"
+      - "mkdocs.yml"
+      - ".github/workflows/mkdocs.yml"
   push:
     branches:
       - dev
     paths:
-      - 'docs/**'
-      - 'mkdocs.yml'
-      - '.github/workflows/mkdocs.yml'
+      - "docs/**"
+      - "mkdocs.yml"
+      - ".github/workflows/mkdocs.yml"
 
 jobs:
+  docs-preview:
+    name: Publish docs preview
+    runs-on: ubuntu-latest
+    # only pull requests should generate a preview
+    if: github.event.pull_request
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: "refs/pull/${{ github.event.number }}/merge"
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: .github/workflows/.python-version
+          cache: pip
+          cache-dependency-path: "docs/requirements.txt"
+
+      - name: Build MkDocs website
+        run: |
+          pip install -r docs/requirements.txt
+          mkdocs build
+
+      - name: Install Netlify CLI
+        run: npm install --location=global netlify-cli
+
+      - name: Deploy Preview to Netlify
+        run: |
+          netlify deploy \
+            --dir="site" \
+            --alias="${GITHUB_REPOSITORY#*/}-${{ github.event.number }}"
+        env:
+          NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+          NETLIFY_SITE_ID: ${{ secrets.NETLIFY_PREVIEW_APP_SITE_ID }}
+
+      - name: Add Netlify link PR comment
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const hostnameSuffix = "cal-itp-previews.netlify.app"
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: `Preview url: https://${context.repo.repo}-${{ github.event.number }}--${hostnameSuffix}`,
+            })
+
   docs:
     name: Publish docs
     runs-on: ubuntu-latest
-    if: github.event.workflow_run == null || github.event.workflow_run.conclusion == 'success'
+    # don't publish for pull requests, and also not for unsuccessful (triggering) workflow runs
+    if: github.event.pull_request == null && (github.event.workflow_run == null || github.event.workflow_run.conclusion == 'success')
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: Download coverage report
-        uses: dawidd6/action-download-artifact@v2
+        uses: dawidd6/action-download-artifact@v3
         with:
           workflow: tests-pytest.yml
           branch: dev

.github/workflows/tests-cypress.yml

@@ -27,7 +27,7 @@ jobs:
           working-directory: tests/cypress
           wait-on: http://localhost:8000/healthcheck
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: failure()
         with:
           name: cypress-screenshots

.github/workflows/tests-pytest.yml

@@ -22,7 +22,7 @@ jobs:
           sudo apt-get update -y
           sudo apt-get install -y gettext
 
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version-file: .github/workflows/.python-version
           cache: pip
@@ -38,7 +38,7 @@ jobs:
         run: ./tests/pytest/run.sh
 
       - name: Upload coverage report
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: coverage-report
           path: benefits/static/coverage

.pre-commit-config.yaml

@@ -15,7 +15,7 @@ default_stages:
 
 repos:
   - repo: https://github.com/compilerla/conventional-pre-commit
-    rev: v3.0.0
+    rev: v3.1.0
     hooks:
       - id: conventional-pre-commit
         stages: [commit-msg]
@@ -34,33 +34,33 @@ repos:
         args: ["--maxkb=1500"]
 
   - repo: https://github.com/psf/black
-    rev: 23.11.0
+    rev: 24.1.1
     hooks:
       - id: black
         types:
           - python
 
   - repo: https://github.com/PyCQA/flake8
-    rev: 6.1.0
+    rev: 7.0.0
     hooks:
       - id: flake8
         types:
           - python
 
   - repo: https://github.com/pycqa/bandit
-    rev: 1.7.5
+    rev: 1.7.7
     hooks:
       - id: bandit
         args: ["-ll"]
         files: .py$
 
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v3.1.0
+    rev: v4.0.0-alpha.8
     hooks:
       - id: prettier
         types_or: [javascript, css]
 
   - repo: https://github.com/Riverside-Healthcare/djLint
-    rev: v1.34.0
+    rev: v1.34.1
     hooks:
       - id: djlint-django

README.md

@@ -1,6 +1,7 @@
 # Benefits
+![Cal-ITP Benefits - Landing - Laptop+Mobile](https://github.com/cal-itp/benefits/assets/6279581/3f5c558b-ad45-49cd-bb51-b230c625837b)
 
-Cal-ITP Benefits is an application that enables automated eligibility verification and enrollment for transit benefits onto customers’ existing contactless bank (credit/debit) cards.
+<a href="https://benefits.calitp.org" target="_blank">Cal-ITP Benefits</a> is a web application that enables digital eligibility verification and enrollment for transit benefits onto transit riders’ existing contactless debit and credit cards.
 
 View the technical documentation online: <https://docs.calitp.org/benefits>
 

benefits/core/admin.py

@@ -1,6 +1,7 @@
 """
 The core application: Admin interface configuration.
 """
+
 from django.conf import settings
 
 

benefits/core/analytics.py

@@ -1,6 +1,7 @@
 """
 The core application: analytics implementation.
 """
+
 import itertools
 import json
 import logging

benefits/core/apps.py

@@ -1,6 +1,7 @@
 """
 The core application: Houses base templates and reusable models and components.
 """
+
 from django.apps import AppConfig
 
 

benefits/core/context_processors.py

@@ -1,6 +1,7 @@
 """
 The core application: context processors for enriching request context data.
 """
+
 from django.conf import settings
 
 from . import models, session

benefits/core/middleware.py

@@ -1,6 +1,7 @@
 """
 The core application: middleware definitions for request/response cycle.
 """
+
 import logging
 
 from django.conf import settings

benefits/core/migrations/0002_data.py

@@ -1,5 +1,6 @@
 """Data migration which loads configuration data for Benefits.
 """
+
 import json
 import os
 
@@ -39,14 +40,14 @@ def load_data(app, *args, **kwargs):
     mst_server_public_key = PemData.objects.create(
         label="Eligibility server public key",
         remote_url=os.environ.get(
-            "MST_SERVER_PUBLIC_KEY_URL", "https://raw.githubusercontent.com/cal-itp/eligibility-server/dev/keys/server.pub"
+            "MST_SERVER_PUBLIC_KEY_URL", "https://raw.githubusercontent.com/cal-itp/eligibility-server/main/keys/server.pub"
         ),
     )
 
     sbmtd_server_public_key = PemData.objects.create(
         label="Eligibility server public key",
         remote_url=os.environ.get(
-            "SBMTD_SERVER_PUBLIC_KEY_URL", "https://raw.githubusercontent.com/cal-itp/eligibility-server/dev/keys/server.pub"
+            "SBMTD_SERVER_PUBLIC_KEY_URL", "https://raw.githubusercontent.com/cal-itp/eligibility-server/main/keys/server.pub"
         ),
     )
 

benefits/core/models.py

@@ -1,6 +1,7 @@
 """
 The core application: Common model definitions.
 """
+
 import importlib
 import logging
 

benefits/core/recaptcha.py

@@ -1,6 +1,7 @@
 """
 The core application: helpers to work with reCAPTCHA.
 """
+
 import requests
 
 from django.conf import settings

benefits/core/session.py

@@ -1,6 +1,7 @@
 """
 The core application: helpers to work with request sessions.
 """
+
 import hashlib
 import logging
 import time

benefits/core/templates/core/base.html

@@ -44,7 +44,7 @@
     {% endif %}
     <header role="banner" id="header">
       <a id="skip-to-content"  href="#main-content" class="d-block w-100">
-        <div class="container">{% translate "Skip to Main Content" %}</div>
+        <div class="container"><span>{% translate "Skip to main content" %}</span></div>
       </a>
       {% if messages %}
         {% for message in messages %}

benefits/core/templates/core/help.html

@@ -87,7 +87,7 @@ <h2 class="h2-sm pt-4 pt-lg-8" id="login-gov">{% translate "What is Login.gov?"
         <h2 class="h2-sm pt-4 pt-lg-8" id="why-login-gov">{% translate "Why is Cal-ITP Benefits using Login.gov?" %}</h2>
         <p class="pt-2 pt-lg-4">
           {% blocktranslate trimmed %}
-            Login.gov uses two-factor authentication, and stronger passwords, that meet new National Institute of Standards of
+            Login.gov uses two-factor authentication, and stronger passwords, that meet new National Institute of Standards and
             Technology requirements for secure validation and verification. By using Login.gov, you’ll get an extra layer of
             security to help protect your account against password compromises.
           {% endblocktranslate %}

benefits/core/urls.py

@@ -1,6 +1,7 @@
 """
 The core application: URLConf for the root of the webapp.
 """
+
 import logging
 
 from django.urls import path, register_converter

benefits/core/views.py

@@ -1,6 +1,7 @@
 """
 The core application: view definition for the root of the webapp.
 """
+
 from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseNotFound, HttpResponseServerError
 from django.template import loader
 from django.template.response import TemplateResponse

benefits/core/widgets.py

@@ -1,6 +1,7 @@
 """
 The core application: Helper form widgets.
 """
+
 import copy
 from django.forms import widgets
 

benefits/eligibility/analytics.py

@@ -1,6 +1,7 @@
 """
 The eligibility application: analytics implementation.
 """
+
 from benefits.core import analytics as core