Merge branch 'develop' into backport/pr-2161

Author: trslater

.github/workflows/_build-image.yml

@@ -33,6 +33,12 @@ jobs:
         run: |
           DOCKER_IMAGE=ghcr.io/${{ steps.lowercase_repo_owner.outputs.lowercase }}/${{ inputs.image-name }}
           TAGS="${DOCKER_IMAGE}:${{ github.sha }},${DOCKER_IMAGE}:latest"
+
+          # Add dev-latest tag for develop branch
+          if [ "${{ github.ref }}" = "refs/heads/develop" ]; then
+            TAGS="${TAGS},${DOCKER_IMAGE}:latest-dev"
+          fi
+          
           echo "tags=${TAGS}" >> $GITHUB_OUTPUT
           echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
 

.github/workflows/cd.yml

@@ -12,9 +12,15 @@ jobs:
     with:
       environment: test
     secrets: inherit
+    concurrency:
+      group: deploy-test
+      cancel-in-progress: true
   deploy-prod:
     needs: deploy-test
     uses: ./.github/workflows/deploy.yml
     with:
       environment: prod
-    secrets: inherit
+    secrets: inherit
+    concurrency:
+      group: deploy-prod
+      cancel-in-progress: true

.github/workflows/trivy-scan.yml

@@ -0,0 +1,78 @@
+name: Weekly Trivy DEV Image Scans
+
+on:
+  schedule:
+    # Runs every week at 02:00 Sunday Morning.
+    - cron:  '0 2 * * 0'
+  workflow_dispatch:
+
+permissions: 
+  packages: read
+  security-events: write
+
+jobs:
+  image-scan-api:
+    name: Scan latest-dev API Image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+        with:
+          image-ref: 'ghcr.io/bcgov/alcs-api:latest-dev'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+          limit-severities-for-sarif: true
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+  image-scan-portal:
+    name: Scan latest-dev Portal Image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+        with:
+          image-ref: 'ghcr.io/bcgov/alcs-portal-frontend:latest-dev'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+          limit-severities-for-sarif: true
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+  image-scan-frontend:
+    name: Scan latest-dev Frontend Image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+        with:
+          image-ref: 'ghcr.io/bcgov/alcs-frontend:latest-dev'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+          limit-severities-for-sarif: true
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'

.github/workflows/zap-scan.yml

@@ -0,0 +1,53 @@
+name: Weekly OWASP ZAP Baseline Scan on DEV Site
+
+on:
+  schedule:
+    # Runs every week at 01:00 Sunday Morning.
+    - cron:  '0 1 * * 0'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  zap-scan-api:
+    name: OWASP ZAP API Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: API Scan
+        uses: zaproxy/[email protected]
+        with:
+          target: 'https://alcs-dev-api.apps.silver.devops.gov.bc.ca/docs'
+          issue_title: OWASP ZAP API Scan Results
+          artifact_name: zap-api-scan-report
+
+  zap-scan-frontend:
+    name: OWASP ZAP Frontend Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Frontend Scan
+        uses: zaproxy/[email protected]
+        with:
+          target: "https://alcs-dev.apps.silver.devops.gov.bc.ca"
+          issue_title: OWASP ZAP Frontend Scan Results
+          rules_file_name: .zap/frontend.tsv
+          artifact_name: zap-frontend-scan-report
+
+  zap-scan-portal:
+    name: OWASP ZAP Portal Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Portal Scan
+        uses: zaproxy/[email protected]
+        with:
+          target: "https://alcs-dev-portal.apps.silver.devops.gov.bc.ca"
+          issue_title: OWASP ZAP Portal Scan Results
+          rules_file_name: .zap/portal.tsv
+          artifact_name: zap-portal-scan-report

.github/workflows/zap_api.yml

@@ -0,0 +1,3 @@
+10055	IGNORE	(CSP: style-src unsafe-inline)
+10015	IGNORE	(Incomplete or No Cache-control and Pragma HTTP Header Set)
+10110	IGNORE	(Dangerous JS Functions)

.github/workflows/zap_frontend.yml

@@ -34,8 +34,8 @@ <h3>Create New Condition Card</h3>
         </ng-container>
 
         <ng-container matColumnDef="index">
-          <th mat-header-cell *matHeaderCellDef class="column-index">#</th>
-          <td mat-cell *matCellDef="let element" class="column-index">{{ element.index }}</td>
+          <th mat-header-cell *matHeaderCellDef class="column-index"></th>
+          <td mat-cell *matCellDef="let element" class="column-index">{{ !isOrderNull ? alphaIndex(element.condition.order + 1) : '' }}</td>
         </ng-container>
 
         <ng-container matColumnDef="type">

.zap/portal.tsv

@@ -6,12 +6,12 @@ import {
   ApplicationDecisionConditionDto,
   CreateApplicationDecisionConditionCardDto,
 } from '../../../../../services/application/decision/application-decision-v2/application-decision-v2.dto';
-import { ApplicationDecisionConditionDto as OriginalApplicationDecisionConditionDto } from '../../../../../services/application/decision/application-decision-v2/application-decision-v2.dto';
 import { ApplicationDecisionConditionCardService } from '../../../../../services/application/decision/application-decision-v2/application-decision-condition/application-decision-condition-card/application-decision-condition-card.service';
 import { BOARD_TYPE_CODES, BoardService } from '../../../../../services/board/board.service';
 import { BoardDto, BoardStatusDto } from '../../../../../services/board/board.dto';
 import { ToastService } from '../../../../../services/toast/toast.service';
 import { CardType } from '../../../../../shared/card/card.component';
+import { countToString } from '../../../../../shared/utils/count-to-string';
 
 @Component({
   selector: 'app-condition-card-dialog',
@@ -22,6 +22,7 @@ export class ConditionCardDialogComponent implements OnInit {
   displayColumns: string[] = ['select', 'index', 'type', 'description'];
   conditionBoard: BoardDto | undefined;
   selectedStatus = '';
+  isOrderNull = false;
 
   @ViewChild(MatSort) sort!: MatSort;
   dataSource: MatTableDataSource<{ condition: ApplicationDecisionConditionDto; index: number; selected: boolean }> =
@@ -37,6 +38,8 @@ export class ConditionCardDialogComponent implements OnInit {
   ) {}
 
   async ngOnInit() {
+    const orderIndexes = this.data.conditions.map((c) => c.condition.order);
+    this.isOrderNull = this.data.conditions.length > 1 && orderIndexes.every((val, i, arr) => val === arr[0] && arr[0] === 0);
     this.dataSource.data = this.data.conditions.map((item) => ({
       condition: item.condition,
       selected: false,
@@ -87,4 +90,8 @@ export class ConditionCardDialogComponent implements OnInit {
       this.dialogRef.close({ action: 'save', result: false });
     }
   }
+
+  alphaIndex(index: number) {
+    return countToString(index);
+  }
 }

alcs-frontend/src/app/features/application/decision/conditions/condition-card-dialog/condition-card-dialog.component.html

@@ -19,7 +19,7 @@ <h4 *ngIf="condition.type">{{ alphaIndex(index) }}. {{ condition.type.label }}</
 
   <div *ngIf="showSecurityAmountField">
     <div class="subheading2">Security Amount</div>
-    {{ condition.securityAmount }}
+    {{ condition.securityAmount | number }}
     <app-no-data *ngIf="condition.securityAmount === null || condition.securityAmount === undefined"></app-no-data>
   </div>
 

alcs-frontend/src/app/features/application/decision/conditions/condition-card-dialog/condition-card-dialog.component.ts

@@ -28,6 +28,7 @@ import { countToString } from '../../../../../shared/utils/count-to-string';
 import { ApplicationDecisionV2Service } from '../../../../../services/application/decision/application-decision-v2/application-decision-v2.service';
 import { MatTableDataSource } from '@angular/material/table';
 import { MatSort } from '@angular/material/sort';
+import { ConfirmationDialogService } from '../../../../../shared/confirmation-dialog/confirmation-dialog.service';
 
 type Condition = ApplicationDecisionConditionWithStatus & {
   componentLabelsStr?: string;
@@ -86,6 +87,7 @@ export class ConditionComponent implements OnInit, AfterViewInit {
     private conditionService: ApplicationDecisionConditionService,
     private conditionLotService: ApplicationDecisionComponentToConditionLotService,
     private decisionService: ApplicationDecisionV2Service,
+    private confirmationDialogService: ConfirmationDialogService,
   ) {}
 
   async ngOnInit() {
@@ -314,21 +316,27 @@ export class ConditionComponent implements OnInit, AfterViewInit {
   }
 
   async onDeleteDate(dateUuid: string) {
-    const result = await this.conditionService.deleteDate(dateUuid);
-    if (result) {
-      const index = this.dates.findIndex((date) => date.uuid === dateUuid);
-
-      if (index !== -1) {
-        this.dates.splice(index, 1);
-        this.dataSource = new MatTableDataSource<ApplicationDecisionConditionDateWithIndex>(
-          this.addIndex(this.sortDates(this.dates)),
-        );
-        const conditionNewStatus = await this.decisionService.getStatus(this.condition.uuid);
-        this.condition.status = conditionNewStatus.status;
-        this.statusChange.emit(this.condition.status);
-        this.setPillLabel(this.condition.status);
-      }
-    }
+    this.confirmationDialogService
+      .openDialog({ body: 'Are you sure you want to delete this date?' })
+      .subscribe(async (confirmed) => {
+        if (confirmed) {
+          const result = await this.conditionService.deleteDate(dateUuid);
+          if (result) {
+            const index = this.dates.findIndex((date) => date.uuid === dateUuid);
+
+            if (index !== -1) {
+              this.dates.splice(index, 1);
+              this.dataSource = new MatTableDataSource<ApplicationDecisionConditionDateWithIndex>(
+                this.addIndex(this.sortDates(this.dates)),
+              );
+              const conditionNewStatus = await this.decisionService.getStatus(this.condition.uuid);
+              this.condition.status = conditionNewStatus.status;
+              this.statusChange.emit(this.condition.status);
+              this.setPillLabel(this.condition.status);
+            }
+          }
+        }
+      });
   }
 
   alphaIndex(index: number) {