Merge branch 'main' into el/2372-change-rejection-title

.gitignore

@@ -3,7 +3,8 @@
 docs/research/data/**
 **/assets/*
 !**/assets/src/
-!**/assets/sass/
+!**/assets/src/js/
+!**/assets/src/sass/
 !**/assets/img/registrar/
 public/
 credentials*

docs/developer/README.md

@@ -378,3 +378,18 @@ Then, copy the variables under the section labled `s3`.
 ## Request Flow FSM Diagram
 
 The [.gov Domain Request & Domain Status Digram](https://miro.com/app/board/uXjVMuqbLOk=/?moveToWidget=3458764594819017396&cot=14) visualizes the domain request flow and resulting domain objects.
+
+
+## Testing the prototype add DNS record feature (delete this after we are done testing!)
+We are currently testing using cloudflare to add DNS records. Specifically, an A record. To use this, you will need to enable the
+`prototype_dns_flag` waffle flag and navigate to `igorville.gov`, `dns.gov`, or `domainops.gov`. Click manage, then click DNS. From there, click the `Prototype DNS record creator` button.
+
+Before we can send data to cloudflare, you will need these values in your .env file:
+```
+REGISTRY_TENANT_KEY = {tenant key}
+REGISTRY_SERVICE_EMAIL = {An email address}
+REGISTRY_TENANT_NAME = {Name of the bucket, i.e. "CISA" }
+```
+You can obtain these by following the steps outlined in the [dns hosting discovery doc](https://docs.google.com/document/d/1Yq5d2M3MgM2vPhUBZ0k5wOmCQst4vND9-2qEZ55-h-Y/edit?tab=t.0), BUT it is far easier to just get these from someone else. Reach out to Zander for this information if you do not have it.
+
+Alternatively, if you are testing on a sandbox, you will need to add those to getgov-credentials.

docs/operations/data_migration.md

@@ -893,22 +893,28 @@ Example: `cf ssh getgov-za`
 [Follow these steps](#use-scp-to-transfer-data-to-sandboxes) to upload the federal_cio csv to a sandbox of your choice.
 
 #### Step 5: Running the script
-```./manage.py create_federal_portfolio "{federal_agency_name}" --both```
-
+To create a specific portfolio: 
+```./manage.py create_federal_portfolio --agency_name "{federal_agency_name}" --both```
 Example (only requests): `./manage.py create_federal_portfolio "AMTRAK" --parse_requests`
 
+To create a portfolios for all federal agencies in a branch: 
+```./manage.py create_federal_portfolio --branch "{executive|legislative|judicial}" --both```
+Example (only requests): `./manage.py create_federal_portfolio --branch "executive" --parse_requests`
+
 ### Running locally
 
 #### Step 1: Running the script
-```docker-compose exec app ./manage.py create_federal_portfolio "{federal_agency_name}" --both```
+```docker-compose exec app ./manage.py create_federal_portfolio --agency_name "{federal_agency_name}" --both```
 
 ##### Parameters
 |   | Parameter                  | Description                                                                                |
 |:-:|:-------------------------- |:-------------------------------------------------------------------------------------------|
-| 1 | **federal_agency_name**    | Name of the FederalAgency record surrounded by quotes. For instance,"AMTRAK".              |
-| 2 | **both**                   | If True, runs parse_requests and parse_domains.                                            |
-| 3 | **parse_requests**         | If True, then the created portfolio is added to all related DomainRequests.                |
-| 4 | **parse_domains**          | If True, then the created portfolio is added to all related Domains.                       |
-
-Note: Regarding parameters #2-#3, you cannot use `--both` while using these. You must specify either `--parse_requests` or `--parse_domains` seperately. While all of these parameters are optional in that you do not need to specify all of them,
+| 1 | **agency_name**            | Name of the FederalAgency record surrounded by quotes. For instance,"AMTRAK".              |
+| 2 | **branch**                 | Creates a portfolio for each federal agency in a branch: executive, legislative, judicial  |
+| 3 | **both**                   | If True, runs parse_requests and parse_domains.                                            |
+| 4 | **parse_requests**         | If True, then the created portfolio is added to all related DomainRequests.                |
+| 5 | **parse_domains**          | If True, then the created portfolio is added to all related Domains.                       |
+
+- Parameters #1-#2: Either `--agency_name` or `--branch` must be specified. Not both.
+- Parameters #2-#3, you cannot use `--both` while using these. You must specify either `--parse_requests` or `--parse_domains` seperately. While all of these parameters are optional in that you do not need to specify all of them,
 you must specify at least one to run this script.

src/docker-compose.yml

@@ -59,6 +59,9 @@ services:
       - AWS_S3_BUCKET_NAME
       # File encryption credentials
       - SECRET_ENCRYPT_METADATA
+      - REGISTRY_TENANT_KEY
+      - REGISTRY_SERVICE_EMAIL
+      - REGISTRY_TENANT_NAME
     stdin_open: true
     tty: true
     ports:
@@ -85,6 +88,7 @@ services:
     volumes:
       - .:/app
     working_dir: /app
+    entrypoint: /app/node_entrypoint.sh
     stdin_open: true
     tty: true
     command: ./run_node_watch.sh

src/node.Dockerfile

@@ -1,9 +1,9 @@
 FROM docker.io/cimg/node:current-browsers
 WORKDIR /app
 
+USER root
+
 # Install app dependencies
 # A wildcard is used to ensure both package.json AND package-lock.json are copied
 # where available (npm@5+)
-COPY --chown=circleci:circleci package*.json ./
-
-RUN npm install
+COPY --chown=circleci:circleci package*.json ./

src/node_entrypoint.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Get UID and GID of the /app directory owner
+HOST_UID=$(stat -c '%u' /app)
+HOST_GID=$(stat -c '%g' /app)
+
+# Check if the circleci user exists
+if id "circleci" &>/dev/null; then
+  echo "circleci user exists. Updating UID and GID to match host UID:GID ($HOST_UID:$HOST_GID)"
+
+  # Update circleci user's UID and GID
+  groupmod -g "$HOST_GID" circleci
+  usermod -u "$HOST_UID" circleci
+
+  echo "Updating ownership of /app recursively to circleci:circleci"
+  chown -R circleci:circleci /app
+
+  # Switch to circleci user and execute the command
+  echo "Switching to circleci user and running command: $@"
+  su -s /bin/bash -c "$*" circleci
+else
+  echo "circleci user does not exist. Running command as the current user."
+  exec "$@"
+fi