VACMS-15798 / 15791 / 15795 next preview configs + oauth key handling (#15936)

tjheffner · jilladams · dependabot[bot] · web-flow · commit ba007a6c52d7 · 2023-11-09T07:42:38.000-08:00
* gitignore public/private key for oauth * export config for simple_oauth and next js site * use simple oauth for preview in next * echo keys to files in tugboat * add other env vars where they need to be * [docs] Update and rename pw-dark-launch.md to dark-launch.md * Bump datadog/dd-trace from 0.92.2 to 0.93.1 (#15937) Bumps [datadog/dd-trace](https://github.com/DataDog/dd-trace-php) from 0.92.2 to 0.93.1. - [Release notes](https://github.com/DataDog/dd-trace-php/releases) - [Commits](DataDog/dd-trace-php@0.92.2...0.93.1) --- updated-dependencies: - dependency-name: datadog/dd-trace dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * VACMS-14342: Set up `CODEOWNERS` (#15581) * VACMS-14342: Set up CODEOWNERS * h/t Dave * h/t Tanner * h/t Dave * Update .github/CODEOWNERS * Apply suggestions from code review h/t @swirtSJW * Bump va-gov/content-build from 0.0.3377 to 0.0.3378 (#15938) Bumps [va-gov/content-build](https://github.com/department-of-veterans-affairs/content-build) from 0.0.3377 to 0.0.3378. - [Release notes](https://github.com/department-of-veterans-affairs/content-build/releases) - [Commits](department-of-veterans-affairs/content-build@v0.0.3377...v0.0.3378) --- updated-dependencies: - dependency-name: va-gov/content-build dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * VACMS-15721: added description field for alert blocks view and browser (#15927) * VACMS-15276: Adds YouTube field (#15450) * VACMS-15276: Adds YouTube field * VACMS-15276: Adding field storage for YouTube * VACMS-15891: Update Q&A Content Report View to use Multiple Workflow Filter (#15896) * VACMS-15891: Update workflow filter to multiple * VACMS-15891: Updated the filter machine name too because Jill is smart. * VACMS-15891: Style-Guide-Related edits to view * VACMS-15891: Added section filter * VACMS-15891: Fix caption * VACMS-15891: Caption and tab * VACMS-15891: Copying new settings from view family * VACMS-15891: Fix pager back to 25 for cypress test * update perms for nextjs role * update perms for nextjs role * re-export config for correct dependencies * override config for tugboat * include full domains in the url path... * a couple more env vars in place * env vars need added before build * tweak env vars slightly * quote env vars --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Jill Adams <85581471+jilladams@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nate Douglas <ndouglas@users.noreply.github.com> Co-authored-by: Edmund Dunn <109987005+edmund-dunn@users.noreply.github.com> Co-authored-by: Christian Burk <omahane@gmail.com> Co-authored-by: Christia Troyer <christia.troyer@civicactions.com>
diff --git a/.gitignore b/.gitignore
@@ -104,6 +104,9 @@ datadog-setup.php
 
 # Ignore Next (next-build)
 next
+# Ignore oauth keys used for validating next-build preview api requests
+public.key
+private.key
 
 # Temporary .deb packages
 *.deb
diff --git a/.tugboat/config.yml b/.tugboat/config.yml
@@ -104,6 +104,10 @@ services:
         - cp "${TUGBOAT_ROOT}"/.tugboat/*.crt /usr/local/share/ca-certificates
         - update-ca-certificates
 
+        # Write OAuth keys to files for next-build Preview Server validation
+        - echo "${OAUTH_PUBLIC_KEY}" >> ${TUGBOAT_ROOT}/public.key
+        - echo "${OAUTH_PRIVATE_KEY}" >> ${TUGBOAT_ROOT}/private.key
+
         # Install drush-launcher, if desired.
         - wget -O /usr/local/bin/drush https://github.com/drush-ops/drush-launcher/releases/download/0.6.0/drush.phar
         - chmod +x /usr/local/bin/drush
@@ -233,9 +237,17 @@ services:
         - find -L "${DOCROOT}/vendor/va-gov/content-build/node_modules/.bin" -type f -exec chmod +x {} \+
         - find "${DOCROOT}/vendor/va-gov/content-build/script" -type f -exec chmod +x {} \+
 
-        # Build storybook and the frontends in parallel
+        # Put necessary env variables in place for next's Drupal Preview before building server
+        # Need to construct this way instead of TUGBOAT_DEFAULT_SERVICE_URL in order to drop the trailing /
+        - echo "NEXT_PUBLIC_DRUPAL_BASE_URL=https://cms-${TUGBOAT_SERVICE_TOKEN}.${TUGBOAT_SERVICE_CONFIG_DOMAIN}" >> ${TUGBOAT_ROOT}/next/envs/.env.tugboat
+        - echo "NEXT_IMAGE_DOMAIN=https://cms-${TUGBOAT_SERVICE_TOKEN}.${TUGBOAT_SERVICE_CONFIG_DOMAIN}" >> ${TUGBOAT_ROOT}/next/envs/.env.tugboat
+        - echo "DRUPAL_CLIENT_ID=${DRUPAL_CLIENT_ID}" >> ${TUGBOAT_ROOT}/next/envs/.env.tugboat
+        - echo "DRUPAL_CLIENT_SECRET=${DRUPAL_CLIENT_SECRET}" >> ${TUGBOAT_ROOT}/next/envs/.env.tugboat
+
+        # Build storybook and the frontends (web, next) in parallel
         - bash -lc 'time task --taskfile=tugboat.yml'
-        # Build next build server
+
+        # Start the next build server
         - bash -lc 'composer va:next:start'
 
   memcache:
diff --git a/config/sync/next.next_site.next_build_preview_server.yml b/config/sync/next.next_site.next_build_preview_server.yml
@@ -0,0 +1,11 @@
+uuid: 75dd1bfb-8507-4981-90b6-3830400e1434
+langcode: en
+status: true
+dependencies: {  }
+id: next_build_preview_server
+label: 'Next Build Preview Server'
+base_url: 'http://localhost:3000'
+preview_url: 'http://localhost:3000/api/preview'
+preview_secret: secret
+revalidate_url: ''
+revalidate_secret: ''
diff --git a/config/sync/next.settings.yml b/config/sync/next.settings.yml
@@ -6,3 +6,7 @@ site_previewer_configuration:
   width: 100%
   sync_route: false
   sync_route_skip_routes: ''
+preview_url_generator: simple_oauth
+preview_url_generator_configuration:
+  secret_expiration: 300
+debug: false
diff --git a/config/sync/simple_oauth.settings.yml b/config/sync/simple_oauth.settings.yml
@@ -3,7 +3,9 @@ _core:
 access_token_expiration: 300
 authorization_code_expiration: 300
 refresh_token_expiration: 1209600
-remember_clients: true
 token_cron_batch_size: 0
+public_key: ../public.key
+private_key: ../private.key
+remember_clients: true
 use_implicit: false
 disable_openid_connect: false
diff --git a/config/sync/user.role.next_js.yml b/config/sync/user.role.next_js.yml
@@ -3,17 +3,24 @@ langcode: en
 status: true
 dependencies:
   module:
+    - content_moderation
+    - media
     - node
     - subrequests
+    - system
     - va_gov_backend
 third_party_settings:
   va_gov_backend:
     vgb_description: 'Role for Next.js JSON API data access.'
 id: next_js
 label: Next.js
-weight: 8
+weight: 7
 is_admin: null
 permissions:
+  - 'access content'
   - 'access user profiles'
-  - 'bypass node access'
   - 'issue subrequests'
+  - 'view all revisions'
+  - 'view any unpublished content'
+  - 'view latest version'
+  - 'view media'
diff --git a/docroot/sites/default/settings/settings.tugboat.php b/docroot/sites/default/settings/settings.tugboat.php
@@ -37,6 +37,10 @@
 $config['environment_indicator.indicator']['fg_color'] = '#212121';
 $config['environment_indicator.indicator']['name'] = 'Tugboat';
 
+// Update next-build site endpoint to the appropriate tugboat alias
+$config['next.next_site.next_build_preview_server']['base_url'] = 'https://next-' . getenv('TUGBOAT_SERVICE_TOKEN') . '.' . getenv('TUGBOAT_SERVICE_CONFIG_DOMAIN');
+$config['next.next_site.next_build_preview_server']['preview_url'] = 'https://next-' . getenv('TUGBOAT_SERVICE_TOKEN') . '.' . getenv('TUGBOAT_SERVICE_CONFIG_DOMAIN') . '/api/preview';
+
 $settings['trusted_host_patterns'] = [
   '^localhost$',
   '^.*' . getenv('TUGBOAT_SERVICE_TOKEN') . '.' . getenv('TUGBOAT_SERVICE_CONFIG_DOMAIN') . '$',
