Merge pull request #709 from GSA-TTS/staging

Update staging>main
GSA-TTS · Dec 18, 2024 · 61e8bf0 · 61e8bf0
2 parents b633a7a + 7d743da
commit 61e8bf0
Show file tree

Hide file tree

Showing 10 changed files with 41 additions and 34 deletions.
diff --git a/.github/workflows/archive_website.yml b/.github/workflows/archive_website.yml
@@ -14,11 +14,9 @@ concurrency:
 
 jobs:
   archive:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
-    permissions:
-      issues: write
-      pull-requests: write
+    permissions: write-all
 
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4.1.7

diff --git a/.github/workflows/megalinter.yml b/.github/workflows/megalinter.yml
@@ -26,14 +26,14 @@ concurrency:
 jobs:
   build:
     name: MegaLinter
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     permissions: write-all
     steps:
       # Git Checkout
       - name: Checkout Code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
         with:
-          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }}
           fetch-depth: 0
 
       - name: "Import GPG key"
@@ -51,7 +51,7 @@ jobs:
         uses: oxsecurity/megalinter/flavors/javascript@d8c95fc6f2237031fb9e9322b0f97100168afa6e # pin@v8.2.0
         env:
           VALIDATE_ALL_CODEBASE: false
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }}
 
       # Upload MegaLinter artifacts
       - name: Archive production artifacts

diff --git a/.github/workflows/pa11y.yml b/.github/workflows/pa11y.yml
@@ -14,7 +14,7 @@ concurrency:
 
 jobs:
   pa11y:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
     permissions:
       issues: write
@@ -97,7 +97,7 @@ jobs:
         if: ${{ contains(steps.pa11y_output.outputs.content, 'Accessibility issues detected') }}
         uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # pin@v2.5.0
         with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }}
           message: "<details><summary>Pa11y testing results</summary> ```${{ steps.pa11y_output.outputs.content }}``` </details>"
           comment_tag: pa11y
 

diff --git a/.github/workflows/preview_button.yml b/.github/workflows/preview_button.yml
@@ -14,11 +14,9 @@ concurrency:
 
 jobs:
   button:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
-    permissions:
-      issues: write
-      pull-requests: write
+    permissions: write-all
 
     steps:
       - name: Setup custom variables
@@ -47,7 +45,7 @@ jobs:
       - name: Comment on pull request.
         uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # pin@v2.5.0
         with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }}
           message: |
             ## Preview This Branch
 

diff --git a/.github/workflows/protect_main_branch.yml b/.github/workflows/protect_main_branch.yml
@@ -15,7 +15,7 @@ concurrency:
 
 jobs:
   protect-main-branch:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Check branch
         run: |

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -13,7 +13,7 @@ on:
 
   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
   schedule:
-    - cron: "43 7 * * 3"
+    - cron: "45 7 * * 3"
   push:
     branches:
       - "staging"
@@ -24,15 +24,8 @@ permissions: read-all
 jobs:
   analysis:
     name: Scorecard analysis
-    runs-on: ubuntu-latest
-    permissions:
-      # Needed to upload the results to code-scanning dashboard.
-      security-events: write
-      # Needed to publish results and get a badge (see publish_results below).
-      id-token: write
-      # Uncomment the permissions below if installing in a private repository.
-      # contents: read
-      # actions: read
+    runs-on: ubuntu-22.04
+    permissions: write-all
 
     steps:
       - name: "Checkout code"
@@ -58,7 +51,7 @@ jobs:
           # For private repositories:
           #   - `publish_results` will always be set to `false`, regardless
           #     of the value entered here.
-          publish_results: true
+          publish_results: false
 
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -1,5 +1,5 @@
 ---
-name: Build and Test
+name: Run Tests
 
 # yamllint disable-line rule:truthy
 on:
@@ -12,9 +12,10 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  build:
-    runs-on: ubuntu-latest
+  test:
+    name: "Run tests"
     permissions: write-all
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout repository
@@ -35,10 +36,10 @@ jobs:
       - name: Build site
         run: npm run build
 
-      - name: Run tests
-        run: npm run test
-
       - name: report code coverage
         uses: ArtiomTr/jest-coverage-report-action@262a7bb0b20c4d1d6b6b026af0f008f78da72788 # pin@v2.3.1
         with:
+          skip-step: install
+          annotations: none
           coverage-file: ./report.json
+          github-token: ${{ secrets.PAT || secrets.GITHUB_TOKEN || github.token }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -41,3 +41,20 @@ repos:
         description: Detect hardcoded secrets using Gitleaks
         language: docker_image
         entry: zricethezav/gitleaks:v8.15.0 protect --verbose --redact --staged
+
+  # fail if a commit includes a file named '.env'
+  # BAD:
+  #   .env
+  #   foo/.env
+  #
+  # Good:
+  # sample.env
+  # env.sample
+  # share/examples/sample.env
+  - repo: local
+    hooks:
+      - id: no-dotenv-files
+        name: "Files named .env are not allowed."
+        entry: "Files may not be named .env"
+        language: fail
+        files: "^(.*[/])?[.]env$"
diff --git a/_includes/footer.html b/_includes/footer.html
@@ -11,7 +11,7 @@
         >
           <div class="mobile-lg:grid-col-auto">
             <p class="usa-footer__logo-heading">Technology Transformation Services</p>
-            <p style="font-size: .875rem;"><strong>Built with:</strong> <a href="https://designsystem.digital.gov/whats-new/updates/2022/04/28/introducing-uswds-3-0/">USWDS 3</a> | <a href="https://cloud.gov/pages/">Cloud.gov Pages</a> | <a href="https://digital.gov/guides/dap/">Digital Analytics Program</a></p>
+            <p style="font-size: .875rem;"><strong>Built with:</strong> <a href="https://designsystem.digital.gov/whats-new/updates/2022/04/28/introducing-uswds-3-0/">USWDS 3</a> | <a href="https://cloud.gov/pages/">Cloud.gov Pages</a> | <a href="https://digital.gov/guides/dap/">Digital Analytics Program</a> |  <a href="https://touchpoints.digital.gov/">Touchpoints</a></p>
           </div>
         </div>
         <div class="usa-footer__contact-links mobile-lg:grid-col-6">

diff --git a/pages/jointts/positions/TTS-Sr-Advisor-Technology.md b/pages/jointts/positions/TTS-Sr-Advisor-Technology.md
@@ -39,7 +39,7 @@ title: "TTS: Senior Advisor for Technology"
 # Put the opening and closing dates of your posting here, if you have them
 # These dates MUST be formatted as YYYY-MM-DD, where month and day are 2-digits
 opens: 2024-12-16
-closes: 2024-12-20
+closes: 2024-12-17
 
 # If the role is listed on a different site and you just want to link to it,
 # put that link here. You can leave the rest of the template as-is, unless you