Merge branch 'main' into VACMS-16289-preview-secret-timer

department-of-veterans-affairs · Jan 22, 2024 · 426144f · 426144f
2 parents f4237c8 + 2ca4409
commit 426144f
Show file tree

Hide file tree

Showing 115 changed files with 2,952 additions and 1,315 deletions.
diff --git a/.github/ISSUE_TEMPLATE/pw-clp-request.md b/.github/ISSUE_TEMPLATE/pw-clp-request.md
@@ -25,6 +25,15 @@ Help desk ticket: <insert_help_desk_link>
 - [ ] Name of submitter (if applicable)
 Submitter: <insert_name>
 
+- Campaign title: 
+- Who the editor(s) will be for the Campaign Landing Page and any appropriate stakeholders for awareness: 
+- The goals/outcomes you are looking to achieve with the campaign: 
+- Outcome success measurement & how it will be measured (note: "Page views" is not a generally accepted success measurement): 
+- Target Audience(s): 
+-  Campaign start/end dates: 
+- Is this a seasonal campaign? 
+- If not: when campaign ends, should campaign page be archived or redirected? 
+- If redirected, where should it redirect?
 
 ## Acceptance criteria
 

diff --git a/.github/workflows/actions-metrics.yml b/.github/workflows/actions-metrics.yml
@@ -11,7 +11,7 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Send GitHub Actions metrics to DataDog
-        uses: int128/datadog-actions-metrics@6c6a657047c0452b33ec3c254009c331e47c1370 # v1.64.0
+        uses: int128/datadog-actions-metrics@12d225bf2f764e5103a994157c1316df39dc3fae # v1.68.0
         with:
           datadog-api-key: ${{ secrets.DATADOG_API_KEY }}
           collect-job-metrics: true

diff --git a/.github/workflows/tugboat-pr-closed.yml b/.github/workflows/tugboat-pr-closed.yml
@@ -14,7 +14,7 @@ jobs:
     name: Delete Tugboat Preview
     steps:
     - name: Restore Preview ID
-      uses: actions/cache/restore@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
+      uses: actions/cache/restore@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
       with:
         path: .tugboat_preview.txt
         key: ${{ runner.os }}-tugboat-preview-id-pr-${{ github.event.pull_request.number }}

diff --git a/.github/workflows/tugboat-pr-opened.yml b/.github/workflows/tugboat-pr-opened.yml
@@ -39,7 +39,7 @@ jobs:
             key: `${{ runner.os }}-tugboat-preview-id-pr-${{ github.event.pull_request.number }}`,
           });
     - name: Save Preview ID
-      uses: actions/cache/save@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
+      uses: actions/cache/save@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
       with:
         path: .tugboat_preview.txt
         key: ${{ runner.os }}-tugboat-preview-id-pr-${{ github.event.pull_request.number }}

diff --git a/.github/workflows/tugboat-pr-updated.yml b/.github/workflows/tugboat-pr-updated.yml
@@ -14,7 +14,7 @@ jobs:
     name: Rebuild Tugboat Preview
     steps:
     - name: Restore Preview ID
-      uses: actions/cache/restore@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
+      uses: actions/cache/restore@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
       with:
         path: .tugboat_preview.txt
         key: ${{ runner.os }}-tugboat-preview-id-pr-${{ github.event.pull_request.number }}

diff --git a/.github/workflows/tugboat-refresh-cache-responder.yml b/.github/workflows/tugboat-refresh-cache-responder.yml
@@ -11,7 +11,7 @@ jobs:
     if: ${{ github.event.label.name == 'refresh-tugboat-cache' }}
     steps:
       - name: Refresh Preview ID
-        uses: actions/cache/restore@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
+        uses: actions/cache/restore@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
         with:
           path: .tugboat_preview.txt
           key: ${{ runner.os }}-tugboat-preview-id-pr-${{ github.event.pull_request.number }}

diff --git a/.tugboat/config.yml b/.tugboat/config.yml
@@ -111,10 +111,6 @@ services:
         - echo "${OAUTH_PUBLIC_KEY}" >> ${TUGBOAT_ROOT}/public.key
         - echo "${OAUTH_PRIVATE_KEY}" >> ${TUGBOAT_ROOT}/private.key
 
-        # Install drush-launcher, if desired.
-        - wget -O /usr/local/bin/drush https://github.com/drush-ops/drush-launcher/releases/download/0.6.0/drush.phar
-        - chmod +x /usr/local/bin/drush
-
         # Link the document root to the expected path. This example links /docroot
         # to the docroot.
         - ln -snf "${TUGBOAT_ROOT}/docroot" "${DOCROOT}"
@@ -214,14 +210,14 @@ services:
 
 
         # https://www.drush.org/latest/deploycommand/ (updatedb, cache:rebuild, config:import, deploy:hook)
-        - drush deploy
+        - bash -lc 'drush deploy'
 
         # Disable sitewide alerts so as not to interfere with testing.
-        - drush sitewide-alert:disable
+        - bash -lc 'drush sitewide-alert:disable'
 
         # Prevent continuous releases from running on Tugboat, and reset to ready.
-        - drush sset va_gov_build_trigger.continuous_release_enabled 0
-        - drush sset va_gov_build_trigger.release_state ready
+        - bash -lc 'drush sset va_gov_build_trigger.continuous_release_enabled 0'
+        - bash -lc 'drush sset va_gov_build_trigger.release_state ready'
 
         # Setup background processing service.  This uses runit to keep process up
         # See https://docs.tugboat.qa/setting-up-services/how-to-set-up-services/running-a-background-process

diff --git a/READMES/devops/aws-assets.md b/READMES/devops/aws-assets.md
@@ -0,0 +1,18 @@
+# AWS Assets
+
+This is a list of some generic AWS assets that are not directly traceable to this team, i.e. they are not managed in Terraform or other IaC. The purpose of this document is to clarify ownership and collect relevant information so that these assets are more discoverable and their _raison d'être_ more transparent.
+
+## IAM Users (Service Accounts)
+
+The following were added in #5611 to work with certain S3 buckets; these are intended to allow transfer of files from CMS file stores to an S3 bucket designated for public access to those files. These systems are not fully in place yet, but are in progress.
+
+- `svc-dsva-vagov-cms-dev-assets` 
+- `svc-dsva-vagov-prod-cms-files`
+- `svc-dsva-vagov-prod-cms-test-files`
+- `svc-dsva-vagov-staging-cms-files`
+- `svc-dsva-vagov-staging-cms-test-files`
+
+The following account may be necessary for GitHub Actions workflows (currently under the purview of Accelerated Publishing) to interact with AWS resources.
+
+- `svc-gh-vagov-ap-user`
+
diff --git a/READMES/devops/tugboat.md b/READMES/devops/tugboat.md
@@ -33,3 +33,23 @@ Can only update CPU and memory at a project level, not repository level.
 1. `tugboat ls 5fd3b8ee7b465711575722d5 -j | grep memory` # Get current limit
 1. `tugboat update 5fd3b8ee7b465711575722d5 memory=16384` # Set limit to 16GB
 1. `tugboat ls 5fd3b8ee7b465711575722d5 -j | grep memory` # Verify new limit
+
+## Tugboat Crisis Intervention
+
+### Overload
+
+**Symptoms**: Tugboat is slow, requests to Tugboat dashboard return 502/504 status codes, previews disappear and reappear, etc.
+
+**Diagnosis**: Tugboat might be overloaded; too many previews might be running simultaneously.
+
+**Verification**: 
+
+1. Log into the Tugboat server (`ssm-session utility tugboat auto`).
+2. Check system load and free memory (e.g. `top`).
+3. If load is incredibly high, and available memory is very low, then the Tugboat server might be dealing with too many open previews.
+
+**Remediation**:
+
+1. Close unused previews in the CMS/Pull Requests project. Target older previews and those corresponding to closed/merged PRs; these should be closed automatically, but there may be issues somewhere in the system that impair communication and cause these to remain open.
+2. Suspend older previews. This normally happens automatically (for Pull Request-based previews that haven't been touched in some period of time), but a flurry of previews might have been created inadvertently.
+3. Consider upscaling the Tugboat server or migrating to an alternative architecture.