Merge branch 'main' into dependabot/composer/drupal/danse-2.3.0

.github/ISSUE_TEMPLATE/taxonomy-update-term.yml

@@ -0,0 +1,79 @@
+
+name: "Taxonomy - Update Term"
+description: "Use this template when updating an existing terms in the Service or Benefit taxonomy."
+title: "[UPDATE] (Term name) in (taxonomy name)"
+labels: Content, Content governance
+
+body:
+
+- type: dropdown
+  id: which-taxonomy
+  attributes:
+    label:  Which Taxonomy is this term for?
+    multiple: false
+    options:
+      - VA Benefits taxonomy
+      - VA services taxonomy
+      - Other
+  validations:
+    required: true
+- type: input
+  id: term-link
+  attributes:
+    label: Link to existing term
+    description: e.g. https://prod.cms.va.gov/health-care/medical-records
+  validations:
+    required: true
+- type: textarea
+  id: rationale
+  attributes:
+    label: Rationale for updating this term
+    description: Write a short explanation of why this term needs to be updated. Include links to any relevant issues, research findings, etc.
+  validations:
+    required: true 
+- type: dropdown
+  id: products
+  attributes:
+    label: Which products will this term impact?
+    multiple: true
+    options:
+      - VAMCs
+      - Vet Centers
+      - VBA Regional Office
+      - Benefit hubs
+      - Other
+  validations:
+      required: false 
+- type: dropdown
+  id: stakeholders
+  attributes:
+    label: Have stakeholders from impacted products been consulted?
+    multiple: false
+    options:
+        - 'Yes'
+        - 'No'
+  validations:
+    required: true  
+- type: dropdown
+  id: subfields
+  attributes:
+    label: Have you drafted content for all the relevant subfields?
+    multiple: false
+    options:
+      - 'Yes'
+      - 'No'
+  validations:
+    required: true   
+- type: textarea
+  id: acceptance-critera
+  attributes:
+    label: Acceptance Criteria
+    description: Customize the Acceptance Critera or use the default
+    value: |
+      - [ ] Content for subfields is drafted in Drupal by Product team
+      - [ ] Content is reviewed by relevant taxonomy governance body
+      - [ ] Content is reviewed by relevant stakeholders
+      - [ ] (List any necessary review and approval steps here)
+      - [ ] Term is published
+  validations:
+    required: true

README.md

@@ -1,6 +1,6 @@
 # VA.gov CMS
 
-This is the public/open documentation for the VA.gov Content Management System (CMS). The private/sensitive documentation is [here](https://github.com/department-of-veterans-affairs/va.gov-team-sensitive/tree/master/platform/cms). See [sensitive-guidance.md](https://github.com/department-of-veterans-affairs/va.gov-team/blob/master/platform/working-with-vsp/policies-work-norms/sensitive-guidance.md) to read about what should be public vs. private. We follow the U.S. Digital Services Playbook and [default to open/public](https://playbook.cio.gov/#play13)).
+This is the public/open documentation for the VA.gov Content Management System (CMS) for development, QA and DevOps topics. For product, design, support, research and cross-team documentation, visit the [platform/cms docs](https://github.com/department-of-veterans-affairs/va.gov-team/tree/master/platform/cms). For private/sensitive documentation, visit the [private docs repo](https://github.com/department-of-veterans-affairs/va.gov-team-sensitive/tree/master/platform/cms). See [sensitive-guidance.md](https://github.com/department-of-veterans-affairs/va.gov-team/blob/master/platform/working-with-vsp/policies-work-norms/sensitive-guidance.md) to read about what should be public vs. private. We follow the U.S. Digital Services Playbook and [default to open/public](https://playbook.cio.gov/#play13)).
 
 [VA.gov](https://www.va.gov) is constructed at the highest level by three projects:
 - the **CMS** or **Content Management System**, in this repository
@@ -29,6 +29,7 @@ The VA.gov CMS Team
    1. [WEB & CMS Integration](READMES/unity.md)
    1. [Workflow](READMES/workflow.md)
    1. [Project Conventions](READMES/project-conventions.md)
+   1. [Code Ownership](READMES/codeowners.md)
    1. [Environments](READMES/environments.md)
       1. [CI Environments](READMES/tugboat.md)
       1. [Local - DDEV](READMES/local.md)
@@ -45,26 +46,31 @@ The VA.gov CMS Team
    1. [Code Review](READMES/code-review.md)
    1. [Testing](READMES/testing.md)
    1. [Debugging](READMES/debugging.md)
-   1. [Comparing GraphQL Output](READMES/graph_ql.md)
+   1. [Comparing GraphQL Output](READMES/comparing-graphql-output.md)
+   1. [Dependabot Alerts](READMES/dependabot-alerts.md)
    1. [Dependabot Updates](READMES/dependabot-updates.md)
+   1. [Sentry](READMES/sentry.md)
+   1. [Profiling with Blackfire](READMES/blackfire.md)
+   1. [Scalability Testing](READMES/scalability-testing.md)
 1. **Release & Deployment**
    1. [The BRD System: Build, Release, Deploy](READMES/brd.md)
    1. [CMS Release Process](READMES/brd.md#cms-release-process)
    1. [CMS-CI Release Process (TODO)](READMES/brd.md#cmsci-release-process)
 1. **Architecture**
-   1. Overview
    1. Drupal
       1. [Memcache](READMES/drupal-memcache.md)
    1. [Content Models and Documentation](READMES/content-models.md)
       1. [Centralized Content](READMES/content-model-centralized-content.md)
    1. MetalSmith
+   1. [GraphQL](READMES/graph_ql.md)
    1. [Interfaces](READMES/interfaces.md) - APIs and Feature Flag
    1. Migrations (data imports)
       1. [Facility](READMES/migrations-facility.md)
       1. [Form](READMES/migrations-forms.md)
+   1. [Removing deprecated fields](READMES/remove-deprecated-fields.md)
    1. [Security](READMES/security.md)
    1. [Upstream Dependencies](READMES/upstream-dependencies.md)
-   1. [Downstream Dependencies](READMES/downstream-dependencies.md)
+   1. [Downstream Dependencies](READMES/downstream_dependencies.md)
 1. **CMS Users**
    1. [Login / SSOi](READMES/cms-login.md)
    2. [CMS User Notification Systems](READMES/cms-editor-notifications.md)
@@ -138,6 +144,7 @@ This section outlines only the systems utilized by the CMS. See the READMEs in t
 - A single "mirror" environment is regularly populated with a sanitized production database copy.
 - Open Pull Requests get environments created automatically, cloned from the "mirror" environment, with URLs like:
    - [pr123-{hash}.ci.cms.va.gov](https://pr123-{hash}.ci.cms.va.gov) for the CMS
+      - Cypress test logs and artifacts, see [Testing](READMES/testing.md) for details.
    - [web-{hash}.ci.cms.va.gov](http://web-{hash}.ci.cms.va.gov) for the frontend web build
    - [storybook-{hash}.ci.cms.va.gov](http://storybook-{hash}.ci.cms.va.gov) for design system documentation
 - Ad-hoc environments can be created and deleted at any time by any logged in user on [tugboat.vfs.va.gov/](https://tugboat.vfs.va.gov/):

READMES/alerts.md

@@ -4,7 +4,7 @@
 
 CMS Alerts are managed by [Sentry](https://sentry.vfs.va.gov/) and [DataDog](https://vagov.ddog-gov.com/).
 
-Runtime issues are reported to Sentry via the Raven module.
+[Runtime issues](READMES/sentry.md) are reported to Sentry via the Raven module.
 
 Various metrics in the CI/CD phases and at runtime are reported to DataDog.
 

READMES/blackfire.md

@@ -5,7 +5,7 @@ are used by PHP applications.  It can be used to measure the performance of a
 specific bit of code or an entire request.  This allows us to measure the
 performance impact of a code or platform change and debug performance issues.
 
-See also: 
+See also:
   * https://ddev.readthedocs.io/en/latest/users/debugging-profiling/blackfire-profiling
   * https://blackfire.io/docs/integrations/paas/ddev
   * https://blackfire.io/docs/up-and-running/installation (install instructions for non-DDEV environments)
@@ -69,9 +69,6 @@ Memory       3.62MB
 Network         n/a     n/a     n/a
 SQL          1.72ms     5rq
 ```
-## Credits
-
-The `blackfire-init.sh` script is based on [this gist](https://gist.github.com/tylerssn/8923149702d4a796c5e103412c2370c3) by @tylerssn.
 
 ----
 

READMES/codeowners.md

@@ -27,3 +27,7 @@ The important ideas are:
 6. Viewing the CODEOWNERS file in GitHub should provide debugging information.
 
 As with everything else in this project, CODEOWNERS is subject to continual refinement and development. Please raise issues and suggest improvements where appropriate.
+
+----
+
+[Table of Contents](../README.md)

READMES/comparing-graphql-output.md

@@ -50,3 +50,7 @@ jq -S '.data.nodeQuery.entities|=sort_by(.entityId)' pages2.json > pages3.json
 ```
 
 After processing both the "before" and "after" `pages.json` in this way, diffing the two should yield a far more useful visualization of the changes.
+
+----
+
+[Table of Contents](../README.md)

READMES/getting-started.md

@@ -13,31 +13,12 @@ See [the Codespaces README](./codespaces.md) to get a fully functional cloud-bas
 
 ## Step 1: Get Source Code / Git Setup
 
-- Fork the repo by pressing the "Fork" button: [github.com/department-of-veterans-affairs/va.gov-cms](https://github.com/department-of-veterans-affairs/va.gov-cms)
-- Clone your fork.
+- Clone the repo: [github.com/department-of-veterans-affairs/va.gov-cms](https://github.com/department-of-veterans-affairs/va.gov-cms)
   ```sh
-   $ git clone [email protected]:YOUR-GITHUB-USERNAME/va.gov-cms.git
+   $ git clone [email protected]:department-of-veterans-affairs/va.gov-cms.git
    $ cd va.gov-cms
   ```
 
-* Add upstream repo (Recommended):
-
-  ```sh
-  $ git remote add upstream [email protected]:department-of-veterans-affairs/va.gov-cms.git
-  ```
-* Optionally rename your fork so its name is more meaningful and ensures your upstream and origin are not misnamed.
-  ```sh
-  $ git remote rename origin myfork
-  ```
-* Verify your remotes, it should list upstream and myfork/origin as remotes.
-  ```sh
-  $ git remote -v
-
-  myfork  [email protected]:YOUR_GIT_USERNAME/va.gov-cms.git (fetch)
-  myfork  [email protected]:YOUR_GIT_USERNAME/va.gov-cms.git (push)
-  upstream        [email protected]:department-of-veterans-affairs/va.gov-cms.git (fetch)
-  upstream        [email protected]:department-of-veterans-affairs/va.gov-cms.git (push)
-  ```
 * Make sure your local repo is aware of what's on the remotes.
   ```sh
   $ git fetch --all
@@ -55,35 +36,35 @@ See [the Codespaces README](./codespaces.md) to get a fully functional cloud-bas
   $ git config --global branch.main.rebase true
   ```
 
-* Make branch main always pulls from the remote: upstream.
-  ```sh
-  $ git checkout main
-  $ git branch --set-upstream-to upstream/main
-  ```
-
 *  Make changes to simplesaml storage not be tracked locally.
 
   ```sh
    git update-index --skip-worktree samlsessiondb.sq3
   ```
 
-  You should periodically update your branch from `upstream main` branch:
+  You should periodically update your branch from `origin main` branch. This will rebase your current branch on top of new commits in main:
 
   ```sh
-   $ git pull upstream main
+   $ git pull origin main
   ```
 
 ## Step 2: Launch development environment
 
-1. [Install ddev](https://ddev.readthedocs.io/en/stable/#installation)
-2. Change into the project directory and run `ddev start`:
+1. Set ddev environment variables:
 
-   ```bash
-   $ cd va.gov-cms
-   $ ddev start
-   ```
+```bash
+$ cd va.gov-cms
+$ cp .env.example .env
+```
+
+2. [Install ddev](https://ddev.readthedocs.io/en/stable/#installation)
+3. Change into the project directory and run `ddev start`:
+
+```bash
+$ ddev start
+```
 
-The `ddev start` command will include the `composer install` command.
+The `ddev start` command will include the `composer install` command. Ensure that a CMS account is created and [Step 3](#step-3-sync-your-local-site-with-production-data) is run to sync login information before logging into the local CMS environment.
 
 See [Environments: Local](./local.md) for more information on ddev.
 
@@ -96,7 +77,7 @@ correct locations in your local development environment.
 
 - `ddev pull va `  or  `ddev pull va --skip-files`
 
-NOTE: This command downloads and impoorts the db followed by any configuration import.
+NOTE: This command downloads and imports the db followed by any configuration import.
 
 If you are not using ddev, the scripts will
 fail, but the files will still be available. The `sync-db.sh` script downloads the

READMES/github-workflows.md

@@ -23,3 +23,7 @@ Please follow the following guidelines:
 - If you need to check that a given workflow or action still triggers as expected, consider running the scripts `scripts/create-bad-test-files.sh` and `scripts/delete-bad-test-files.sh` to respectively create and delete files that can be used to test lints and checks.
 
 See ["Security hardening for GitHub Actions"](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions) for more details concerning GitHub Actions and security.
+
+----
+
+[Table of Contents](../README.md)

READMES/https.md

@@ -14,15 +14,21 @@ If you see a message from your browser like the following:
 
 Click the "^" button and select "Keep."
 
-### OSX
-1. Open Keychain Access
-1. Go to Certificates (under Category in left sidebar)
-2. Select "System" under Keychains (in sidebar)
-3. Select "Import Items..." from File menu. (Shift-Command-I)
-4. Select the three .cer files above.
-5. They should now appear in your list of certificates
-6. For each certificate: 1) File > Get info  2) Under Trust > When using this certificate, select "Always Trust". 3) Close the Get info window, which will prompt a password save.
-7. You may need to restart your browser.
+### macOS (as of 13.4)
+1. Import the certificates.
+    1. Open Keychain Access
+    1. Select "System" under System Keychains (in sidebar)
+    <img src="images/macos-keychains.png" height="200">
+    1. Select "Import Items..." from File menu. (Shift-Command-I)
+    1. Select the three .cer files above.
+    1. They should now appear in your list of certificates under the "Keychain Access" view
+1. Trust each certificate.
+    1. For each of the three certificates, select it
+    1. File > Get info (Command-I)
+    1. Expand the "Trust" view
+    1. In the "When using this certificate" popup button, select "Always Trust".
+    1. Close the "Get Info" window, which will prompt a password save.
+1. You may need to restart your browser.
 
 ### Linux
 

READMES/interfaces.md

@@ -63,6 +63,10 @@ and common calls look like:
 
 * Since this is a React widget displaying dynamic data it’s not using Metalsmith templates. The .jsx component files to support rendering are located in https://github.com/department-of-veterans-affairs/vets-website/tree/main/src/applications/facility-locator/components
 
+## JSON API
+
+See [JSON:API](jsonapi.md)
+
 ## Mirrors
 
 There are environments which exist in [Tugboat](tugboat.md) that provide a mirror of Prod.  The content and code are updated daily at 3am EST on the mirrors.  The list of mirrors can be found in the "[Mirrors (refreshed daily from PROD at 3am ET)](https://tugboat.vfs.va.gov/6042eeed6a89945a99399d3d)" project in tugboat.  Contact CMS Support in the #cms-support Slack channel to request a new mirror.

READMES/jsonapi.md

@@ -21,5 +21,30 @@ If you expect to see a field's data included in the response and it is not there
 See the config at `admin/config/services/jsonapi/resource_types/node--news_story/edit?destination=/admin/config/services/jsonapi/resource_types` for an example.
 
 **Breadcrumbs and JSON:API**
-See in [CMS Breadcrumb documentation](https://prod.cms.va.gov/admin/structure/cm_document/note/126/breadcrumbs) 
+See in [CMS Breadcrumb documentation](https://prod.cms.va.gov/admin/structure/cm_document/note/126/breadcrumbs)
 
+## UI Explorer
+
+You can explore the JSON:API endpoints via a Swagger UI to see what's available and to test out requests and responses.
+
+1. Login to the site as a user with an "administrator" or "content_api_consumer" role.
+2. Go to "/admin/config/services/openapi/swagger/jsonapi".
+3. You should only see one UI option "VA.gov JSON:API". Click on the link to explore.
+3. Read a [Swagger UI tutorial](https://idratherbewriting.com/learnapidoc/pubapis_swagger.html) to familiarize
+   yourself with the UI features, if you aren't already.
+
+Via this UI, you can:
+
+1. View resource information - Each endpoint has a description, list of parameters, and response codes. We limit the
+   operations to GET requests only.
+2. Try it out - You can test each endpoint with a "Try it out" button in the top right section of "Parameters".
+3. Filter by tag - Use the search to narrow down the endpoints displayed.
+4. Deep Link - As you click to gather information about the API, the URL automatically updates so you can share that
+   specific documentation with others.
+
+## Tests
+
+You can find JSON:API tests in the following places:
+
+- 'tests/phpunit/API/JsonApiRequestTest' - Tests GET requests and associated configuration.
+- 'tests/phpunit/API/JsonApiExplorerUITest' - Tests Swagger UI for OpenAPI documentation.

READMES/qa.md

@@ -4,8 +4,8 @@ This document will act as an in-repo collection of links while we attempt to boo
 
 All of this is very much in flux at present.
 
-- [CMS-QA Confluence Space](https://va-gov.atlassian.net/wiki/spaces/CMSQA/overview?homepageId=1814626528)
-  - [Strategy](https://va-gov.atlassian.net/wiki/spaces/CMSQA/pages/1814724630/Quality+Assurance+and+Testing+Strategy) -- an outline of the strategy we use to evaluate issues impacting QA, and how we address them in practice.
+- CMS-QA Confluence Space
+  - [Strategy](https://vfs.atlassian.net/wiki/spaces/~821090906/pages/2304933915/Quality+Assurance+and+Testing+Strategy) -- an outline of the strategy we use to evaluate issues impacting QA, and how we address them in practice.
   - [Current Challenges](https://va-gov.atlassian.net/wiki/spaces/CMSQA/pages/1812987905/Current+Challenges+Facing+the+Project) -- a survey of some of the more noteworthy QA challenges identified at this time, and how we're attempting to assess and deal with them.
 
 [Table of Contents](../README.md)

READMES/security.md

@@ -1,18 +1,18 @@
 # Security
-1.  [Fortify Security Scans](testing.md#fortify-security-scans)
-2.  [PII](#pii)
+
+1.  [PII](#pii)
 
 ## PII
 
-The Content API has no PII or PHI on it and is a replacement for the public, open source [content repo](https://github.com/department-of-veterans-affairs/vagov-content). 
+The Content API has no PII or PHI on it and is a replacement for the public, open source [content repo](https://github.com/department-of-veterans-affairs/vagov-content).
 
-A sanitized database is available in a public S3 bucket (for open source development purposes) since all the configuration is already open source in [this repository](https://github.com/department-of-veterans-affairs/va.gov-cms/). 
+A sanitized database is available in a public S3 bucket (for open source development purposes) since all the configuration is already open source in [this repository](https://github.com/department-of-veterans-affairs/va.gov-cms/).
 
 The sanitized version removes all email addresses and resets to a commonly known development password.
 
 ## See Also
 
-- Our [security policy](/security/policy).
+- Our [security policy](/SECURITY.md).
 
 ----