Merge branch 'main' into devsecops/bethbeza/manage-dependabot-schedule

.environment/chatops/help.txt

@@ -3,7 +3,7 @@ ACTION
 USAGE
     [<@bot>] gh-deploy [<branch>] to [<branch>] [OPTIONAL: for <owner/repo>]
 EXAMPLES
-    @DevBot gh-deploy master to trialfrontend1
+    @DevBot gh-deploy main to trialfrontend1
 ==========================================================================
 ACTION
     Lock branch to prevent deployments
@@ -26,4 +26,4 @@ USAGE
     [<@bot>] gh-run [<workflow file>] [OPTIONAL: <owner/repo> <branch>] [OPTIONAL: --inputs <a:b,c:d>] 
 EXAMPLES
     @DevBot gh-run destroy_demo_environment.yml --inputs env_name:demo1
-    @DevBot gh-run destroy_demo_environment.yml CDCgov/prime-reportstream master --inputs env_name:demo1
+    @DevBot gh-run destroy_demo_environment.yml CDCgov/prime-reportstream main --inputs env_name:demo1

.environment/gitleaks/gitleaks-config.toml

@@ -3,45 +3,36 @@ title = "PRIME ReportStream Gitleaks Configuration"
 # Global allowlist
 [allowlist]
     description = "Allow-list for files and paths"
-    files = [
-        '(.*?)(bin|doc|gif|iml|jar|jp(e)?g|pdf|png|xlsx)$',
-        '^\.?gitleaks-config.toml$',
-        '^\.?gitleaks.report.json$',
-        '^package-lock\.json$',
-        'cleanslate.sh.log',
-        'yarn\.lock$',
-    ]
     paths = [
-        '.environment/sftp-conf',
-        '.environment/soap_service/',
-        '.github/scripts/stale_items_report/',
-        '.idea/',
-        '.terraform/providers/',
-        'frontend/dist',
-        'frontend/node_modules/',
-        'frontend/src/assets',
-        'frontend-react/build/',
-        'frontend-react/node_modules/',
-        'frontend-react/src/components/ReportStreamHeader.tsx',
-        'prime-router/.gradle/',
-        'prime-router/.vault/env/',
-        'prime-router/build/',
-        'prime-router/build.gradle.kts',
-        'prime-router/docs/dependency-graph-full/dependency-graph-full.txt',
-        'prime-router/docs/schema_documentation/',
-        'prime-router/docs/design/design/auth/auth-design.md',
-        'prime-router/docs/getting_started.md',
-        'prime-router/frontend/src/assets/fonts',
-        'prime-router/frontend/src/assets/img',
-        'prime-router/frontend/src/assets/pdf',
-        'prime-router/frontend/src/assets/webfonts',
-        'prime-router/src/main/kotlin/cli/tests/TestKeys.kt',
-        'prime-router/src/test/csv_test_files/input/',
-        'prime-router/src/test/kotlin/credentials/CredentialTests',
-        'prime-router/src/test/',
-        'prime-router/src/main/resources/metadata',
-        '.environment/gitleaks/gitleaks-config.toml',
-        'exp/as2/keystore_steps.md',
+        # package manager files
+        'package-lock\.json$',
+        'yarn\.lock$',
+        # ide
+        '\.idea\/',
+        # misc
+        '(.*?)(bin|doc|gif|iml|jar|jp(e)?g|pdf|png|xlsx)$',
+        # devops
+        '\.terraform\/providers\/',
+        '^\.environment\/gitleaks\/gitleaks-config\.toml$',
+        '^\.environment\/sftp-conf\/',
+        '^\.environment\/soap_service\/',
+        '^\.github\/scripts\/stale_items_report\/',
+        # backend
+        '^prime-router\/\.gradle\/',
+        '^prime-router\/.vault\/env\/',
+        '^prime-router\/build\/',
+        '^prime-router\/build\.gradle\.kts',
+        '^prime-router\/docs\/dependency-graph-full/dependency-graph-full\.txt',
+        '^prime-router\/docs\/schema_documentation/',
+        '^prime-router\/docs\/design/design/auth/auth-design\.md',
+        '^prime-router\/docs\/getting_started\.md',
+        '^prime-router\/src\/main\/kotlin\/cli\/tests\/TestKeys\.kt',
+        '^prime-router\/src\/test\/csv_test_files\/input\/',
+        '^prime-router\/src\/test\/kotlin\/credentials\/CredentialTests',
+        '^prime-router\/src\/test\/',
+        '^prime-router\/src\/main\/resources\/metadata',
+        # frontend
+        '^frontend-react\/public\/assets\/',
     ]
 
 [[rules]]

.environment/gitleaks/run-gitleaks.sh

@@ -230,7 +230,8 @@ esac
 if [[ ${RC?} != 0 ]]; then
     error "(return code=${RC?}) Your code may contain secrets, consult the output above and/or one of the following files for more details:"
     error "     - ${REPO_ROOT?}/${REPORT_JSON?}"
-    error "     - ${REPO_ROOT?}/${LOGFILE?}"
+    # no log file currently, check the output of whatever ran this
+    # error "     - ${REPO_ROOT?}/${LOGFILE?}"
 fi
 
 exit ${RC?}

.github/CODEOWNERS

@@ -6,6 +6,8 @@
 /operations/            @cdcgov/PRIME-ReportStream-DevOps
 /CODEOWNERS             @cdcgov/PRIME-ReportStream-DevOps
 /prime-router/          @cdcgov/PRIME-ReportStream-CODEOWNERS-backend
+/prime-router/src/main/resources/metadata/fhir_transforms/senders/Flexion          @cdcgov/trusted-intermediary
+/prime-router/settings/STLTs/Flexion          @cdcgov/trusted-intermediary
 
 # The CODEOWNERS file takes the last matching line into account. You can make definitions with empty owners to specify paths/files without an owner.
 /prime-router/settings/prod/

.github/ISSUE_TEMPLATE/up-receiver-migration-set-up-receiver-settings.md

@@ -19,9 +19,9 @@ As a developer, I want to compare the messages generated from the Covid and Univ
 ### Dev Notes:
 
 - [ ] Fetch [STLT] organization settings from production and load them locally
-- [ ] Use the attached SimpleReport covid postman collection and make sure the message gets routed to [STLT] locally. Modify the message to meet [STLT] filter if needed [Simple Report Covid.postman_collection](https://github.com/CDCgov/prime-reportstream/blob/master/prime-router/docs/onboarding-users/samples/SimpleReport/Simple%20Report%20Covid.postman_collection.json)
-- [ ] Make a copy of the [STLT] organization settings to onboard them to the UP. See How to Migrate an existing receiver to the UP documentation for more details: https://github.com/CDCgov/prime-reportstream/blob/master/prime-router/docs/onboarding-users/migrating-receivers.md
-- [ ] Use this Postman collection to send a FHIR bundle the UP and make sure the message gets routed to the new UP [STLT] receiver. You may need to update the Simple Report sender to use the simple-report-sender-transform.yml if it's not using it. [Simple Report UP.postman_collection](https://github.com/CDCgov/prime-reportstream/blob/master/prime-router/docs/onboarding-users/samples/SimpleReport/Simple%20Report%20UP.postman_collection.json)
+- [ ] Use the attached SimpleReport covid postman collection and make sure the message gets routed to [STLT] locally. Modify the message to meet [STLT] filter if needed [Simple Report Covid.postman_collection](https://github.com/CDCgov/prime-reportstream/blob/main/prime-router/docs/onboarding-users/samples/SimpleReport/Simple%20Report%20Covid.postman_collection.json)
+- [ ] Make a copy of the [STLT] organization settings to onboard them to the UP. See How to Migrate an existing receiver to the UP documentation for more details: https://github.com/CDCgov/prime-reportstream/blob/main/prime-router/docs/onboarding-users/migrating-receivers.md
+- [ ] Use this Postman collection to send a FHIR bundle the UP and make sure the message gets routed to the new UP [STLT] receiver. You may need to update the Simple Report sender to use the simple-report-sender-transform.yml if it's not using it. [Simple Report UP.postman_collection](https://github.com/CDCgov/prime-reportstream/blob/main/prime-router/docs/onboarding-users/samples/SimpleReport/Simple%20Report%20UP.postman_collection.json)
 - To migrate the Covid translation settings start by looking at their current translation settings. If the receiver uses  any of the following settings you will need to create a receiver schema:
 	- receivingApplicationName
 	- receivingApplicationOID
@@ -45,7 +45,7 @@ As a developer, I want to compare the messages generated from the Covid and Univ
     - useOrderingFacilityName not STANDARD
     - receivingOrganization
     - stripInvalidCharsRegex
-    
+
 - More documentation on how to set-up these transforms in the UP will be provided, but for now you can look for examples on how to set this up in either the NY-receiver-transforms or CA-receiver-transforms
 
 - If the receiver uses any of those transforms you will need to create a receiver transform under `metadata/hl7_mapping/receivers/STLTs/` and update the receiver settings to point to this schema.
@@ -60,11 +60,10 @@ As a developer, I want to compare the messages generated from the Covid and Univ
 - If there are no major differences we can move on to sending test messages to the STLTs staging environment.
 
 
-### Acceptance Criteria 
+### Acceptance Criteria
 - [ ] Created and sent data to [STLT] through the covid pipeline locally
 - [ ] Created and sent data to [STLTS] through the universal pipeline locally
 - [ ] Migrated  Covid receiver translation settings to the UP receiver settings
 - [ ] Successfully generated a message with migrated UP receiver settings
 - [ ] Review transforms settings with the team
 - [ ] Compared messages from the covid and universal pipelines and documented differences and review with team
-

.github/actions/build-vars/action.yml

@@ -103,8 +103,8 @@ runs:
     - name: Set Build Environment - STAGING
       id: build_staging
       if: |
-        (github.event_name != 'pull_request' && github.ref_name == 'master') ||
-        (github.event_name == 'pull_request' && github.base_ref == 'master')
+        (github.event_name != 'pull_request' && github.ref_name == 'main') ||
+        (github.event_name == 'pull_request' && github.base_ref == 'main')
       shell: bash
       run: |
         echo "env_name=staging" >> $GITHUB_OUTPUT

.github/actions/action-connect-ovpn/action.yml → .github/actions/connect-ovpn/action.yml

@@ -34,6 +34,12 @@ runs:
         sudo apt-get install openvpn-systemd-resolved
       shell: bash
 
+    - name: Validate OpenVPN Version
+      run: |
+        echo -e "\nOpenVPN Version:" ;
+        openvpn --version ;
+      shell: bash
+
     - name: Connect VPN
       env:
         TLS_KEY: ${{ inputs.TLS_KEY }}
@@ -48,6 +54,8 @@ runs:
         echo "$USER_CRT" | base64 -d > user.crt
         echo "$USER_KEY" | base64 -d > user.key
         echo "$SECRET" | base64 -d > secret.txt
+
+        echo -e "sudo openvpn --config ${{ inputs.FILE_OVPN }} --daemon" ;
         sudo openvpn --config ${{ inputs.FILE_OVPN }} --daemon
 
     - name: VPN Status
@@ -58,7 +66,14 @@ runs:
       run: |
         sleep 5
         if ping -c 2 $PING_URL > /dev/null 2>&1; then
+
+          # echo -e "\nPinging URL: ${{ inputs.PING_URL }}" ;
+          # ping -c 3 ${{ inputs.PING_URL }} ;
+
           echo "vpn-status=true" >> $GITHUB_OUTPUT
+
+          echo -e "\nIP Route:" ;
+          ip route ;
         else
           echo "vpn-status=false" >> $GITHUB_OUTPUT
         fi

.github/actions/demo-env/action.yml

@@ -174,7 +174,7 @@ runs:
       with:
         owner: CDCgov
         repo: prime-reportstream
-        ref: master
+        ref: main
         github_token: ${{ inputs.github-token }}
         workflow_file_name: restore_databases.yml
         wait_interval: 120

.github/actions/vpn-azure/action.yml

@@ -40,9 +40,7 @@ runs:
         sed -i "s/\(dhcp-option DNS \).*/\1${{ inputs.dns-ip }}/" .github/vpn/${{ inputs.env-name }}.ovpn
       shell: bash
 
-    - uses: josiahsiegel/action-connect-ovpn@794339aff94452216c97f609476c367a43a31295
-    ## DevSecOps - Aquia (Replace) - uses: ./.github/actions/action-connect-ovpn
-
+    - uses: ./.github/actions/connect-ovpn
       if: inputs.env-name && inputs.ca-cert != 'false'
       id: connect_vpn
       with:

.github/changelog_config.json

@@ -113,6 +113,6 @@
       }
     },
     "base_branches": [
-      "master"
+      "main"
     ]
 }