Skip to content

Commit

Permalink
Merge pull request uswds#3638 from uswds/release-2.9.0
Browse files Browse the repository at this point in the history 
USWDS 2.9.0
  • Loading branch information
@thisisdano
thisisdano committed Sep 22, 2020
2 parents bb4e084 ee28163 commit 6246a6a
Show file tree
Hide file tree
Showing 130 changed files with 3,523 additions and 1,065 deletions.
62 changes: 62 additions & 0 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 1,62 @@
name: "CodeQL"

on:
push:
branches: [develop, master, v1-develop, v1-master]
pull_request:
# The branches below must be a subset of the branches above
branches: [develop]
schedule:
- cron: '0 21 * * 1'

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest

strategy:
fail-fast: false
matrix:
# Override automatic language detection by changing the below list
# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
language: ['javascript']
# Learn more...
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2

# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: ${{ matrix.language }}

# Autobuild attempts to build any compiled languages (C/C , C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl

# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language

#- run: |
# make bootstrap
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
9 changes: 8 additions & 1 deletion .prettierignore
View file
Original file line number Diff line number Diff line change
@@ -1 1,8 @@
src/stylesheets/core/system-tokens/**/*
*.html
*.njk
*.woff*
*.svg
*.ttf
*.png
*.ico
*.gif
10 changes: 5 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,12 62,12 @@ How you implement the design system depends on the needs of your project and you

### Download

1. Download the [USWDS zip file](https://github.com/uswds/uswds/releases/download/v2.8.1/uswds-2.8.1.zip) from the latest USWDS release and open that file.
1. Download the [USWDS zip file](https://github.com/uswds/uswds/releases/download/v2.9.0/uswds-2.9.0.zip) from the latest USWDS release and open that file.

After extracting the zip file you should see the following file and folder structure:

```
uswds-2.8.1/
uswds-2.9.0/
├── css/
│   ├── uswds.min.css.map
│   ├── uswds.min.css
Expand All @@ -87,7 87,7 @@ How you implement the design system depends on the needs of your project and you
```
example-project/
├── assets/
│   ├── uswds-2.8.1/
│   ├── uswds-2.9.0/
│   ├── stylesheets/
│   ├── images/
│   └── javascript/
Expand All @@ -107,10 107,10 @@ How you implement the design system depends on the needs of your project and you
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>My Example Project</title>
<link rel="stylesheet" href="assets/uswds-2.8.1/css/uswds.min.css" />
<link rel="stylesheet" href="assets/uswds-2.9.0/css/uswds.min.css" />
</head>
<body>
<script src="assets/uswds-2.8.1/js/uswds.min.js"></script>
<script src="assets/uswds-2.9.0/js/uswds.min.js"></script>
</body>
</html>
```
Expand Down
22 changes: 22 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 1,22 @@
# Security

## Our security policies and procedures

We follow GSA's [IT security policy](https://www.gsa.gov/directive/gsa-information-technology-(it)-security-policy) to ensure the confidentiality, integrity, and availability of USWDS.

We use [Snyk](https://snyk.io) to find, fix, and prevent vulnerabilities in USWDS dependencies. We run Snyk checks locally during development and automatically on all pull requests.

We perform static analysis on our JavaScript on every pull requests with [GitHub CodeQL](https://securitylab.github.com/tools/codeql).

We include a security and vulnerability report with every USWDS release, and release security patches for both the 1.x and 2.x branches.

## Using USWDS securely

We encourage you to verify the security and status of the USWDS package:

1. **Check the vulnerability badge.** Confirm the vulnerability badge in the [USWDS Github code repository](https://github.com/uswds/uswds) says there are `0` vulnerabilities.
1. **Download the package via npm.** We recommend using the [npm package](https://designsystem.digital.gov/documentation/developers/#install-using-npm) instead of the [zip file](https://designsystem.digital.gov/documentation/developers/#download), whenever possible. Using npm makes it easier to stay up-to-date and use the latest USWDS version as a project dependency, and is a secure and reliable way to download USWDS source code.

## Report a security issue

To learn more about our security practices or to report a security issue, please [email us](mailto:[email protected]). If the issue is confirmed, we will release a patch as soon as possible.
6 changes: 3 additions & 3 deletions config/gulp/build.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 3,7 @@ const del = require("del");
const dutil = require("./doc-util");
const cFlags = require("./cflags");

gulp.task("clean-dist", done => {
gulp.task("clean-dist", (done) => {
if (!cFlags.cleanup) {
dutil.logMessage(
"clean-dist",
Expand All @@ -16,7 16,7 @@ gulp.task("clean-dist", done => {
return del("dist");
});

gulp.task("docs", done => {
gulp.task("docs", (done) => {
dutil.logMessage("docs", "Copying documentation dist dir");

const stream = gulp
Expand All @@ -30,7 30,7 @@ gulp.task("docs", done => {
gulp.task(
"build",
gulp.series(
done => {
(done) => {
dutil.logIntroduction();
dutil.logMessage("build", "Creating distribution directories.");
done();
Expand Down
2 changes: 1 addition & 1 deletion config/gulp/cflags.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 1,4 @@
module.exports = {
test: true,
cleanup: true
cleanup: true,
};
8 changes: 4 additions & 4 deletions config/gulp/doc-util.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 21,16 @@ function notify(title, message, wait) {
notifier.notify({
title,
message,
icon: 'src/img/favicons/favicon-192.png',
icon: "src/img/favicons/favicon-192.png",
wait,
timeout: false
timeout: false,
});
}

module.exports = {
pkg: {
name: pkg.name,
version: pkg.version
version: pkg.version,
},

dirName: `${pkg.name}-${pkg.version}`,
Expand Down Expand Up @@ -61,5 61,5 @@ module.exports = {
logMessage(name, message) {
log(colors.cyan(name), colors.green(message));
notify(`${this.dirName} gulp ${name}`, message, false);
}
},
};
4 changes: 2 additions & 2 deletions config/gulp/flags.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 2,13 @@ const gulp = require("gulp");
const dutil = require("./doc-util");
const cFlags = require("./cflags");

gulp.task("no-test", done => {
gulp.task("no-test", (done) => {
dutil.logMessage("no-test", "Disabling linting and tests for all assets.");
cFlags.test = false;
done();
});

gulp.task("no-cleanup", done => {
gulp.task("no-cleanup", (done) => {
dutil.logMessage(
"no-cleanup",
"Disabling cleanup of distribution directories."
Expand Down
2 changes: 1 addition & 1 deletion config/gulp/fonts.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 3,7 @@ const dutil = require("./doc-util");

const task = "fonts";

gulp.task(task, done => {
gulp.task(task, (done) => {
dutil.logMessage(task, "Copying Fonts");
const stream = gulp.src("src/fonts/**/*").pipe(gulp.dest("dist/fonts"));

Expand Down
2 changes: 1 addition & 1 deletion config/gulp/images.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 3,7 @@ const dutil = require("./doc-util");

const task = "images";

gulp.task(task, done => {
gulp.task(task, (done) => {
dutil.logMessage(task, "Copying Images");
const stream = gulp.src("src/img/**/*").pipe(gulp.dest("dist/img"));

Expand Down
14 changes: 7 additions & 7 deletions config/gulp/javascript.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 13,15 @@ const cFlags = require("./cflags");

const task = "javascript";

gulp.task(task, done => {
gulp.task(task, (done) => {
dutil.logMessage(task, "Compiling JavaScript");

const defaultStream = browserify({
entries: "src/js/start.js",
debug: true
debug: true,
}).transform("babelify", {
global: true,
presets: ["@babel/preset-env"]
presets: ["@babel/preset-env"],
});

const stream = defaultStream
Expand All @@ -41,7 41,7 @@ gulp.task(task, done => {
.on("error", log)
.pipe(
rename({
suffix: ".min"
suffix: ".min",
})
)
.pipe(sourcemaps.write("."))
Expand All @@ -58,7 58,7 @@ gulp.task(
childProcess
.spawn("./node_modules/.bin/tsc", { stdio: "inherit" })
.on("error", reject)
.on("exit", code => {
.on("exit", (code) => {
if (code === 0) {
dutil.logMessage("typecheck", "TypeScript likes our code!");
resolve();
Expand All @@ -69,7 69,7 @@ gulp.task(
})
);

gulp.task("eslint", done => {
gulp.task("eslint", (done) => {
if (!cFlags.test) {
dutil.logMessage("eslint", "Skipping linting of JavaScript files.");
return done();
Expand All @@ -79,7 79,7 @@ gulp.task("eslint", done => {
.src(["src/js/**/*.js", "spec/**/*.js"])
.pipe(
eslint({
fix: true
fix: true,
})
)
.pipe(eslint.format())
Expand Down
40 changes: 32 additions & 8 deletions config/gulp/release.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 2,38 @@ const del = require("del");
const spawn = require("cross-spawn");
const gulp = require("gulp");
const dutil = require("./doc-util");
const crypto = require('crypto');
const fs = require('fs');

const task = "release";
const hash = crypto.createHash('sha256');

// Create a hash from the compiled ZIP users can compare and verify
// their download is authentic.
const createHash = (file) => {
dutil.logMessage('createHash', 'Generating sha256sum hash from ZIP file.');

let file_buffer = fs.readFileSync(file);
hash.update(file_buffer);
const dir = './security';
const hex = hash.digest('hex');
const fileName = `${dir}/${dutil.dirName}-zip-hash.txt`;
const fileContents = hex;

if (!fs.existsSync(dir)) {
fs.mkdirSync(dir);
}

fs.writeFile(fileName, fileContents, (error) => {
if (error) return dutil.logError(`Error writing hash: ${error}`);
});
};

gulp.task("make-tmp-directory", () => {
dutil.logMessage(
"make-tmp-directory",
"Creating temporary release directory."
);

return gulp.src("dist/**/*").pipe(gulp.dest(dutil.dirName));
});

Expand All @@ -22,37 45,38 @@ gulp.task("clean-tmp-directory", () => {
return del(dutil.dirName);
});

gulp.task("zip-archives", done => {
gulp.task("zip-archives", (done) => {
const zip = spawn("zip", [
"--log-info",
"-r",
`./dist/${dutil.dirName}.zip`,
dutil.dirName,
'-x "*.DS_Store"'
'-x "*.DS_Store"',
]);

dutil.logMessage(
"zip-archives",
`Creating a zip archive in dist/${dutil.dirName}.zip`
);

zip.stdout.on("data", data => {
zip.stdout.on("data", (data) => {
if (/[\w\d] /.test(data)) {
dutil.logData("zip-archives", data);
}
});

zip.stderr.on("data", data => {
zip.stderr.on("data", (data) => {
dutil.logError("zip-archives", data);
});

zip.on("error", error => {
zip.on("error", (error) => {
dutil.logError("zip-archives", "Failed to create a zip archive");
done(error);
});

zip.on("close", code => {
zip.on("close", (code) => {
if (code === 0) {
createHash(`dist/${dutil.dirName}.zip`);
done();
}
});
Expand All @@ -61,7 85,7 @@ gulp.task("zip-archives", done => {
gulp.task(
task,
gulp.series(
done => {
(done) => {
dutil.logMessage(
task,
`Creating a zip archive at dist/${dutil.dirName}.zip`
Expand Down
Loading

0 comments on commit 6246a6a

Please sign in to comment.