From 0c78e7491ccf8c855d3841f0ce93a4b21d740fd8 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 13:34:00 -0400
Subject: [PATCH 001/378] test caching

---
 .github/workflows/cache-docker.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .github/workflows/cache-docker.yml

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
new file mode 100644
index 0000000000..d28476d931
--- /dev/null
+++ b/.github/workflows/cache-docker.yml
@@ -0,0 +1,20 @@
+---
+name: Docker Caching
+on:
+    workflow_dispatch:
+
+env:
+    GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+jobs:
+    build-with-docker:
+      name: Build with Docker
+      runs-on: ubuntu-latest
+      steps:
+        - uses: actions/checkout@v3
+        - uses: docker/setup-buildx-action@v1
+        - uses: docker/build-push-action@v2
+          with:
+            context: .
+            cache-from: type=gha
+            cache-to: type=gha,mode=max

From 053fd2b7168848492ab59db9bf298e5c2f023a3a Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 13:35:38 -0400
Subject: [PATCH 002/378] test caching

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index d28476d931..501e913d73 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -15,6 +15,6 @@ jobs:
         - uses: docker/setup-buildx-action@v1
         - uses: docker/build-push-action@v2
           with:
-            context: .
+            context: ./backend/
             cache-from: type=gha
             cache-to: type=gha,mode=max

From ba02aef3264388b9bee22f06a69220772605f2c0 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 13:51:34 -0400
Subject: [PATCH 003/378] manage testing with caching

---
 .github/workflows/test.yml | 46 +++++++++-----------------------------
 1 file changed, 10 insertions(+), 36 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ef23a19b1c..8cca27f29e 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,7 +1,7 @@
 ---
 name: Runs linting and tests
 on:
-  workflow_call:
+  workflow_dispatch:
 
 jobs:
   linting:
@@ -56,6 +56,7 @@ jobs:
       - name: Run HTML template linting
         working-directory: ./backend
         run: djlint --lint .
+
   frontend-linting:
     runs-on: ubuntu-latest
     steps:
@@ -79,6 +80,7 @@ jobs:
       - name: Lint JS & SCSS
         working-directory: ./backend
         run: npm run check-all
+
   test:
     runs-on: ubuntu-latest
     env:
@@ -96,43 +98,15 @@ jobs:
           node-version: 16
       - name: Pull Docker Hub images
         working-directory: ./backend
-        run: touch .env && docker-compose pull
-      - name: Start services
-        working-directory: ./backend
-        run: docker-compose up -d
+        run: touch .env && docker compose pull
+      - uses: docker/setup-buildx-action@v1
+      - uses: docker/build-push-action@v2
+        with:
+          context: ./backend
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
       - name: Run Django test suite
         working-directory: ./backend
         run:
           docker-compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel &&
           coverage combine && coverage report -m --fail-under=90'
-  a11y-testing:
-    runs-on: ubuntu-20.04
-    env:
-      ENV: TESTING
-      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}"
-      DJANGO_BASE_URL: 'http://localhost:8000'
-      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}"
-      SECRET_KEY: ${{ secrets.SECRET_KEY }}
-      ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
-      DISABLE_AUTH: True
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-      - name: Pull Docker Hub images
-        working-directory: ./backend
-        run: touch .env && docker-compose pull
-      - name: Start services
-        working-directory: ./backend
-        run: docker-compose up -d
-      - name: run Lighthouse CI
-        run: |
-          npm install -g @lhci/cli@0.8.x
-          lhci autorun
-      - name: run pa11y
-        run: |
-          npm i -g pa11y-ci
-          pa11y-ci
-  validate-terraform:
-    uses: ./.github/workflows/terraform-lint.yml

From 6315e5cf921996f08d167b8ba83777d4663549e2 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:00:32 -0400
Subject: [PATCH 004/378] attempt to use caching on django

---
 .github/workflows/test.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 8cca27f29e..56e8e4639e 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -105,8 +105,9 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
+      - uses: docker/setup-buildx-action@v1
       - name: Run Django test suite
         working-directory: ./backend
         run:
-          docker-compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel &&
+          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel &&
           coverage combine && coverage report -m --fail-under=90'

From 4f4978916a307aa0b9c9c2374fa9f6c07056940b Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:18:36 -0400
Subject: [PATCH 005/378] testing

---
 .github/workflows/test.yml | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 56e8e4639e..aecce4f3bb 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -105,9 +105,40 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      - uses: docker/setup-buildx-action@v1
       - name: Run Django test suite
         working-directory: ./backend
         run:
           docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel &&
           coverage combine && coverage report -m --fail-under=90'
+  a11y-testing:
+    runs-on: ubuntu-20.04
+    env:
+      ENV: TESTING
+      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}"
+      DJANGO_BASE_URL: 'http://localhost:8000'
+      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}"
+      SECRET_KEY: ${{ secrets.SECRET_KEY }}
+      ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
+      DISABLE_AUTH: True
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+      - name: Pull Docker Hub images
+        working-directory: ./backend
+        run: touch .env && docker-compose pull
+      - uses: docker/setup-buildx-action@v1
+      - uses: docker/build-push-action@v2
+        with:
+          context: ./backend
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      - name: run Lighthouse CI
+        run: |
+          npm install -g @lhci/cli@0.8.x
+          lhci autorun
+      - name: run pa11y
+        run: |
+          npm i -g pa11y-ci
+          pa11y-ci

From 895144ab97b8f188f163eceac72aacf9bdeed9af Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:27:32 -0400
Subject: [PATCH 006/378] testing changes on caching

---
 .github/workflows/test.yml | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index aecce4f3bb..ca9429b11e 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -92,19 +92,19 @@ jobs:
       ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
       DISABLE_AUTH: False
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-      - name: Pull Docker Hub images
-        working-directory: ./backend
-        run: touch .env && docker compose pull
       - uses: docker/setup-buildx-action@v1
       - uses: docker/build-push-action@v2
         with:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
+      - name: Pull Docker Hub images
+        working-directory: ./backend
+        run: touch .env && docker compose pull
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
       - name: Run Django test suite
         working-directory: ./backend
         run:
@@ -121,19 +121,19 @@ jobs:
       ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
       DISABLE_AUTH: True
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-      - name: Pull Docker Hub images
-        working-directory: ./backend
-        run: touch .env && docker-compose pull
       - uses: docker/setup-buildx-action@v1
       - uses: docker/build-push-action@v2
         with:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
+      - name: Pull Docker Hub images
+        working-directory: ./backend
+        run: touch .env && docker-compose pull
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From 7937ec6e0a9f1373d772af17f640a4281b370efa Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:30:48 -0400
Subject: [PATCH 007/378] testing caching

---
 .github/workflows/test.yml | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ca9429b11e..75b826ddf0 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -98,13 +98,13 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      - name: Pull Docker Hub images
-        working-directory: ./backend
-        run: touch .env && docker compose pull
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
           node-version: 16
+      - name: Pull Docker Hub images
+        working-directory: ./backend
+        run: touch .env && docker compose pull
       - name: Run Django test suite
         working-directory: ./backend
         run:
@@ -121,19 +121,19 @@ jobs:
       ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
       DISABLE_AUTH: True
     steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+      - name: Pull Docker Hub images
+        working-directory: ./backend
+        run: touch .env && docker compose pull
       - uses: docker/setup-buildx-action@v1
       - uses: docker/build-push-action@v2
         with:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      - name: Pull Docker Hub images
-        working-directory: ./backend
-        run: touch .env && docker-compose pull
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From c96f5c132179277d50d2121919cc3ca19e1fce33 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:32:16 -0400
Subject: [PATCH 008/378] fix buildx

---
 .github/workflows/test.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 75b826ddf0..dee40b4105 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -92,12 +92,6 @@ jobs:
       ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
       DISABLE_AUTH: False
     steps:
-      - uses: docker/setup-buildx-action@v1
-      - uses: docker/build-push-action@v2
-        with:
-          context: ./backend
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
@@ -105,6 +99,12 @@ jobs:
       - name: Pull Docker Hub images
         working-directory: ./backend
         run: touch .env && docker compose pull
+      - uses: docker/setup-buildx-action@v1
+      - uses: docker/build-push-action@v2
+        with:
+          context: ./backend
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
       - name: Run Django test suite
         working-directory: ./backend
         run:

From d188d2aef4f565b4892b92de1b985df3c10bf9a1 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:41:20 -0400
Subject: [PATCH 009/378] test

---
 .github/workflows/test.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index dee40b4105..d6cfdbf918 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -107,9 +107,8 @@ jobs:
           cache-to: type=gha,mode=max
       - name: Run Django test suite
         working-directory: ./backend
-        run:
-          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel &&
-          coverage combine && coverage report -m --fail-under=90'
+        run: |
+          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
   a11y-testing:
     runs-on: ubuntu-20.04
     env:

From f555d0c036628c325fa3b47d5ef528207efc284d Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:49:36 -0400
Subject: [PATCH 010/378] testing caching

---
 .github/workflows/test.yml | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index d6cfdbf918..bd384f4a4d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -4,6 +4,18 @@ on:
   workflow_dispatch:
 
 jobs:
+  build-with-docker:
+    name: Build with Docker
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: docker/setup-buildx-action@v1
+      - uses: docker/build-push-action@v2
+        with:
+          context: .
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
   linting:
     runs-on: ubuntu-latest
     env:
@@ -85,9 +97,9 @@ jobs:
     runs-on: ubuntu-latest
     env:
       ENV: TESTING
-      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}"
+      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
       DJANGO_BASE_URL: 'http://localhost:8000'
-      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}"
+      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
       SECRET_KEY: ${{ secrets.SECRET_KEY }}
       ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
       DISABLE_AUTH: False
@@ -99,23 +111,18 @@ jobs:
       - name: Pull Docker Hub images
         working-directory: ./backend
         run: touch .env && docker compose pull
-      - uses: docker/setup-buildx-action@v1
-      - uses: docker/build-push-action@v2
-        with:
-          context: ./backend
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
       - name: Run Django test suite
         working-directory: ./backend
         run: |
           docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+
   a11y-testing:
     runs-on: ubuntu-20.04
     env:
       ENV: TESTING
-      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}"
+      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
       DJANGO_BASE_URL: 'http://localhost:8000'
-      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}"
+      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
       SECRET_KEY: ${{ secrets.SECRET_KEY }}
       ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
       DISABLE_AUTH: True

From 7f8505e010830a93190fa2662b829382cd1c7fab Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:50:50 -0400
Subject: [PATCH 011/378] testing

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index bd384f4a4d..b67ce6141f 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -12,7 +12,7 @@ jobs:
       - uses: docker/setup-buildx-action@v1
       - uses: docker/build-push-action@v2
         with:
-          context: .
+          context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
 

From aebecbf9bb5f53f9b5c3d8ab99f8540556426d86 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:56:06 -0400
Subject: [PATCH 012/378] attempt to use buildx

---
 .github/workflows/test.yml | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b67ce6141f..b85caa352a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: docker/setup-buildx-action@v1
+      - uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2
         with:
           context: ./backend
@@ -111,6 +111,7 @@ jobs:
       - name: Pull Docker Hub images
         working-directory: ./backend
         run: touch .env && docker compose pull
+      - uses: docker/setup-buildx-action@v2
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -134,12 +135,7 @@ jobs:
       - name: Pull Docker Hub images
         working-directory: ./backend
         run: touch .env && docker compose pull
-      - uses: docker/setup-buildx-action@v1
-      - uses: docker/build-push-action@v2
-        with:
-          context: ./backend
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+      - uses: docker/setup-buildx-action@v2
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From e8c3ab5f8209e058366477f28c63d2117990a518 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:58:42 -0400
Subject: [PATCH 013/378] remove compose as test

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b85caa352a..c21ca81a4d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -115,7 +115,7 @@ jobs:
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     runs-on: ubuntu-20.04

From 5f51e1cae87e4fb3976f54c63da37fbfa0ffb563 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:06:26 -0400
Subject: [PATCH 014/378] testing cache

---
 .github/workflows/test.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c21ca81a4d..63babdd412 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -5,7 +5,7 @@ on:
 
 jobs:
   build-with-docker:
-    name: Build with Docker
+    name: Build Docker and Cache
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -111,11 +111,10 @@ jobs:
       - name: Pull Docker Hub images
         working-directory: ./backend
         run: touch .env && docker compose pull
-      - uses: docker/setup-buildx-action@v2
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     runs-on: ubuntu-20.04

From 03ab3d48ab81a875131658e1b231b01117d9423c Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:31:18 -0400
Subject: [PATCH 015/378] test using buildx

---
 .github/workflows/test.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 63babdd412..f54e04f8cd 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -8,13 +8,15 @@ jobs:
     name: Build Docker and Cache
     runs-on: ubuntu-latest
     steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
       - uses: actions/checkout@v3
-      - uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2
         with:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
+          load: true
 
   linting:
     runs-on: ubuntu-latest
@@ -111,6 +113,8 @@ jobs:
       - name: Pull Docker Hub images
         working-directory: ./backend
         run: touch .env && docker compose pull
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -134,7 +138,8 @@ jobs:
       - name: Pull Docker Hub images
         working-directory: ./backend
         run: touch .env && docker compose pull
-      - uses: docker/setup-buildx-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From a0b08b0333cab443e947b16200afce19d425ff8c Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:34:52 -0400
Subject: [PATCH 016/378] add needs clause to ensure docker runs

---
 .github/workflows/test.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f54e04f8cd..b12500a8e8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -75,7 +75,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-
       - name: Restore npm cache
         uses: actions/cache@v3
         id: cache-npm
@@ -96,6 +95,7 @@ jobs:
         run: npm run check-all
 
   test:
+    needs: [build-with-docker]
     runs-on: ubuntu-latest
     env:
       ENV: TESTING
@@ -121,6 +121,7 @@ jobs:
           docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
+    needs: [build-with-docker]
     runs-on: ubuntu-20.04
     env:
       ENV: TESTING

From 67943023170e6f34691bfeb7bb014eef7a6f0667 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:43:14 -0400
Subject: [PATCH 017/378] testing buildx

---
 .github/workflows/test.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b12500a8e8..a459bbc2c7 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -16,7 +16,6 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          load: true
 
   linting:
     runs-on: ubuntu-latest
@@ -115,6 +114,8 @@ jobs:
         run: touch .env && docker compose pull
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+        with:
+          use: true
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -141,6 +142,8 @@ jobs:
         run: touch .env && docker compose pull
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+        with:
+          use: true
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From b1046ea1a34887200c66475bb87971303e151ddc Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:48:58 -0400
Subject: [PATCH 018/378] testing

---
 .github/workflows/test.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a459bbc2c7..377e0f98e6 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -109,9 +109,6 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
-      - name: Pull Docker Hub images
-        working-directory: ./backend
-        run: touch .env && docker compose pull
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
         with:
@@ -137,9 +134,6 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
-      - name: Pull Docker Hub images
-        working-directory: ./backend
-        run: touch .env && docker compose pull
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
         with:

From e0d152a160773fe86b203d9ecc4823c88f6fa7b0 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:50:45 -0400
Subject: [PATCH 019/378] test .env with buildx

---
 .github/workflows/test.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 377e0f98e6..273d3decef 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -109,6 +109,9 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
+      - name: Create .env
+        working-directory: ./backend
+        run: touch .env
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
         with:
@@ -134,6 +137,9 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
+      - name: Create .env
+        working-directory: ./backend
+        run: touch .env
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
         with:

From ce1d8290f9221d45846cfb92e57361e1a7caaecb Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:57:14 -0400
Subject: [PATCH 020/378] use docker-compose

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 273d3decef..49cc724cef 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -119,7 +119,7 @@ jobs:
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker-compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     needs: [build-with-docker]

From 5f77b9722fb6cd3759ddd9dce7911cda738352af Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:58:04 -0400
Subject: [PATCH 021/378] remove buildx from docker compose

---
 .github/workflows/test.yml | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 49cc724cef..efbcbf09d0 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -112,10 +112,6 @@ jobs:
       - name: Create .env
         working-directory: ./backend
         run: touch .env
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-        with:
-          use: true
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -140,10 +136,6 @@ jobs:
       - name: Create .env
         working-directory: ./backend
         run: touch .env
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-        with:
-          use: true
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From f2f3e70f232f3c73dcdd9d4237f44f338223a1d0 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 16:04:54 -0400
Subject: [PATCH 022/378] revert

---
 .github/workflows/test.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index efbcbf09d0..f49c5b2a6b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -109,9 +109,9 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
-      - name: Create .env
+      - name: Pull Docker Hub images
         working-directory: ./backend
-        run: touch .env
+        run: touch .env && docker-compose pull
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -133,9 +133,9 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
-      - name: Create .env
+      - name: Pull Docker Hub images
         working-directory: ./backend
-        run: touch .env
+        run: touch .env && docker-compose pull
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From 78011d92da3b2fc6dc5a20ad422a9becc83a1db6 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:04:44 -0400
Subject: [PATCH 023/378] testing bake

---
 .github/workflows/test.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f49c5b2a6b..591e31c8df 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -8,14 +8,22 @@ jobs:
     name: Build Docker and Cache
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@v3
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
-      - uses: actions/checkout@v3
       - uses: docker/build-push-action@v2
         with:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
+      - uses: docker/bake-action@v3
+        with:
+          files: ./backend/docker-compose.yml
+          push: false
+          load: true
+          set: |
+            web.cache-from=type=gha
+            web.cache-to=type=gha
 
   linting:
     runs-on: ubuntu-latest

From 924a2cf7cf31a0f76dfb5a0b3cf8fcc3823924a8 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:07:50 -0400
Subject: [PATCH 024/378] add env for docker bake

---
 .github/workflows/test.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 591e31c8df..49747651c8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -5,10 +5,19 @@ on:
 
 jobs:
   build-with-docker:
+    env:
+      ENV: TESTING
+      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
+      DJANGO_BASE_URL: 'http://localhost:8000'
+      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
+      SECRET_KEY: ${{ secrets.SECRET_KEY }}
     name: Build Docker and Cache
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+      - name: Pull Docker Hub images
+        working-directory: ./backend
+        run: touch .env
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2

From 96bc9e792d7728d38026aead091aae5ee046d8db Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:08:24 -0400
Subject: [PATCH 025/378] add all env vars

---
 .github/workflows/test.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 49747651c8..2e4e351991 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -11,6 +11,8 @@ jobs:
       DJANGO_BASE_URL: 'http://localhost:8000'
       DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
       SECRET_KEY: ${{ secrets.SECRET_KEY }}
+      ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
+      DISABLE_AUTH: True
     name: Build Docker and Cache
     runs-on: ubuntu-latest
     steps:

From ae42772a7b0889b6c2596dff7b254c5aa1cde6b1 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:08:44 -0400
Subject: [PATCH 026/378] fix

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 2e4e351991..fbcbaa01f8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Pull Docker Hub images
+      - name: Create .env file
         working-directory: ./backend
         run: touch .env
       - name: Set up Docker Buildx

From b4e57328118479413f55f1c1b2d5034eecfd11a5 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:11:12 -0400
Subject: [PATCH 027/378] testing

---
 .github/workflows/test.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index fbcbaa01f8..f31a9d9225 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,9 +17,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Create .env file
-        working-directory: ./backend
-        run: touch .env
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2
@@ -27,6 +24,8 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
+      - name: Create .env file
+        run: touch ./backend/.env
       - uses: docker/bake-action@v3
         with:
           files: ./backend/docker-compose.yml

From 3fafab046095813034ae0751b1ccaa92e85a94da Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:15:42 -0400
Subject: [PATCH 028/378] testing

---
 .github/workflows/test.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f31a9d9225..4022a485ed 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -25,7 +25,8 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
       - name: Create .env file
-        run: touch ./backend/.env
+        working-directory: ./backend/
+        run: touch .env && cat .env && pwd
       - uses: docker/bake-action@v3
         with:
           files: ./backend/docker-compose.yml

From cc117aefa631019b751d231c03e2e05607ef587f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:20:22 -0400
Subject: [PATCH 029/378] testing

---
 .github/workflows/test.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 4022a485ed..29d14c5d9b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,6 +17,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+      - name: Create .env file
+        working-directory: ./backend/
+        run: touch .env && docker-compose pull
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2
@@ -24,9 +27,6 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      - name: Create .env file
-        working-directory: ./backend/
-        run: touch .env && cat .env && pwd
       - uses: docker/bake-action@v3
         with:
           files: ./backend/docker-compose.yml

From ccd5b49375d3b47d504ccd8d3d32171d24d84852 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:22:50 -0400
Subject: [PATCH 030/378] add workdir to bake

---
 .github/workflows/test.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 29d14c5d9b..7046b3558d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -18,8 +18,8 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Create .env file
-        working-directory: ./backend/
-        run: touch .env && docker-compose pull
+        working-directory: ./backend
+        run: touch .env
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2
@@ -29,7 +29,8 @@ jobs:
           cache-to: type=gha,mode=max
       - uses: docker/bake-action@v3
         with:
-          files: ./backend/docker-compose.yml
+          workdir: ./backend
+          files: docker-compose.yml
           push: false
           load: true
           set: |

From 121e2f062f8be27257940cd79c309aeecf90fb57 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:28:13 -0400
Subject: [PATCH 031/378] testing

---
 .github/workflows/test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 7046b3558d..a2e828caf9 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -131,7 +131,7 @@ jobs:
           node-version: 16
       - name: Pull Docker Hub images
         working-directory: ./backend
-        run: touch .env && docker-compose pull
+        run: touch .env
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -155,7 +155,7 @@ jobs:
           node-version: 16
       - name: Pull Docker Hub images
         working-directory: ./backend
-        run: touch .env && docker-compose pull
+        run: touch .env
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From e76c7b9f43ccdb6d003ac76d7efbaf4bbffa8b45 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:30:07 -0400
Subject: [PATCH 032/378] testing

---
 .github/workflows/test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a2e828caf9..b24d006ca4 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -129,7 +129,7 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
-      - name: Pull Docker Hub images
+      - name: Create .env file
         working-directory: ./backend
         run: touch .env
       - name: Run Django test suite
@@ -153,7 +153,7 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
-      - name: Pull Docker Hub images
+      - name: Create .env file
         working-directory: ./backend
         run: touch .env
       - name: run Lighthouse CI

From 700fcfcd973b726914de5dafd5c52eab382e3cf9 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:40:26 -0400
Subject: [PATCH 033/378] pull earlier

---
 .github/workflows/test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b24d006ca4..249aaddb75 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -19,7 +19,7 @@ jobs:
       - uses: actions/checkout@v3
       - name: Create .env file
         working-directory: ./backend
-        run: touch .env
+        run: touch .env && docker-compose pull
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2
@@ -35,7 +35,7 @@ jobs:
           load: true
           set: |
             web.cache-from=type=gha
-            web.cache-to=type=gha
+            web.cache-to=type=gha,mode=max
 
   linting:
     runs-on: ubuntu-latest

From e2e57105cea921d4af6d42ef68d9932fa7dfe108 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:45:44 -0400
Subject: [PATCH 034/378] testing buildx before docker-compose

---
 .github/workflows/test.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 249aaddb75..0c950a0648 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -132,6 +132,8 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
       - name: Run Django test suite
         working-directory: ./backend
         run: |

From 22b6f65f1a059b26f769e0a6bad46b62f35c8fb2 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:50:22 -0400
Subject: [PATCH 035/378] test a new command

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 0c950a0648..00eea68700 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -137,7 +137,7 @@ jobs:
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker-compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker buildx bake web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     needs: [build-with-docker]

From bdb331af5cf7298fc40b6c0de3d334b094a8b6c0 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:55:01 -0400
Subject: [PATCH 036/378] testing bake

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 00eea68700..843cfcb8f5 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -137,7 +137,7 @@ jobs:
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker buildx bake web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker buildx bake --builder -f ./backend/docker-compose.yml web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     needs: [build-with-docker]

From 66a49076c68a746dc5867c5b32a673d50818b152 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:58:06 -0400
Subject: [PATCH 037/378] revert

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 843cfcb8f5..c61fe02557 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -137,7 +137,7 @@ jobs:
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker buildx bake --builder -f ./backend/docker-compose.yml web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     needs: [build-with-docker]

From 22ae578d3ca312ceb5d46736a50bd804085cff16 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:00:37 -0400
Subject: [PATCH 038/378] testing

---
 .github/workflows/test.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c61fe02557..03816c4525 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -132,12 +132,13 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+      - name: Start services
+        working-directory: ./backend
+        run: docker-compose up -d
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker-compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     needs: [build-with-docker]

From 60eb03f64836f97df862c61edf1233a0082dca52 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:13:17 -0400
Subject: [PATCH 039/378] testing

---
 .github/workflows/test.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 03816c4525..18814678c8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -36,6 +36,9 @@ jobs:
           set: |
             web.cache-from=type=gha
             web.cache-to=type=gha,mode=max
+      - name: Start services
+        working-directory: ./backend
+        run: docker compose up -d --no-build
 
   linting:
     runs-on: ubuntu-latest
@@ -132,13 +135,10 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - name: Start services
-        working-directory: ./backend
-        run: docker-compose up -d
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker-compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     needs: [build-with-docker]

From 00de2289918af6be704ce4e1777bd4d841f41bb6 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:17:09 -0400
Subject: [PATCH 040/378] testing

---
 .github/workflows/test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 18814678c8..c2c9fd38cf 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -19,7 +19,7 @@ jobs:
       - uses: actions/checkout@v3
       - name: Create .env file
         working-directory: ./backend
-        run: touch .env && docker-compose pull
+        run: touch .env
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2
@@ -38,7 +38,7 @@ jobs:
             web.cache-to=type=gha,mode=max
       - name: Start services
         working-directory: ./backend
-        run: docker compose up -d --no-build
+        run: docker-compose pull && docker-compose up -d --no-build
 
   linting:
     runs-on: ubuntu-latest

From 07a0c25bd371f49085cf10fc3eeda1ec63ca47d1 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:17:34 -0400
Subject: [PATCH 041/378] remove bake

---
 .github/workflows/test.yml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c2c9fd38cf..9dd9b91e7d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -27,15 +27,15 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      - uses: docker/bake-action@v3
-        with:
-          workdir: ./backend
-          files: docker-compose.yml
-          push: false
-          load: true
-          set: |
-            web.cache-from=type=gha
-            web.cache-to=type=gha,mode=max
+      # - uses: docker/bake-action@v3
+      #   with:
+      #     workdir: ./backend
+      #     files: docker-compose.yml
+      #     push: false
+      #     load: true
+      #     set: |
+      #       web.cache-from=type=gha
+      #       web.cache-to=type=gha,mode=max
       - name: Start services
         working-directory: ./backend
         run: docker-compose pull && docker-compose up -d --no-build

From 32b726db34e1d4920bf7ec9c206d266a0f532a0f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:18:53 -0400
Subject: [PATCH 042/378] remove no build

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 9dd9b91e7d..93b42d92a9 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -38,7 +38,7 @@ jobs:
       #       web.cache-to=type=gha,mode=max
       - name: Start services
         working-directory: ./backend
-        run: docker-compose pull && docker-compose up -d --no-build
+        run: docker-compose pull && docker-compose up -d
 
   linting:
     runs-on: ubuntu-latest

From 5f188342aa4290adf68ee914ddea96d4a06f6dca Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:19:19 -0400
Subject: [PATCH 043/378] test

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 93b42d92a9..8a55c87273 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -38,7 +38,7 @@ jobs:
       #       web.cache-to=type=gha,mode=max
       - name: Start services
         working-directory: ./backend
-        run: docker-compose pull && docker-compose up -d
+        run: docker compose pull && docker compose up -d
 
   linting:
     runs-on: ubuntu-latest

From ffbe119597ab6feb7765e1c8571f6eb04721da9f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:31:25 -0400
Subject: [PATCH 044/378] revert

---
 .github/workflows/test.yml | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 8a55c87273..dccb080456 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -27,18 +27,15 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      # - uses: docker/bake-action@v3
-      #   with:
-      #     workdir: ./backend
-      #     files: docker-compose.yml
-      #     push: false
-      #     load: true
-      #     set: |
-      #       web.cache-from=type=gha
-      #       web.cache-to=type=gha,mode=max
-      - name: Start services
-        working-directory: ./backend
-        run: docker compose pull && docker compose up -d
+      - uses: docker/bake-action@v3
+        with:
+          workdir: ./backend
+          files: docker-compose.yml
+          push: false
+          load: true
+          set: |
+            web.cache-from=type=gha
+            web.cache-to=type=gha,mode=max
 
   linting:
     runs-on: ubuntu-latest
@@ -135,6 +132,9 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
+      - name: Start services
+        working-directory: ./backend
+        run: docker compose up -d
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -159,6 +159,9 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
+      - name: Start services
+        working-directory: ./backend
+        run: docker compose up -d
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From a02350179a0753d0e440a1320b33d29c9c989ed4 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:45:48 -0400
Subject: [PATCH 045/378] testing

---
 .github/workflows/test.yml | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index dccb080456..ecf516c36d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -27,15 +27,16 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      - uses: docker/bake-action@v3
-        with:
-          workdir: ./backend
-          files: docker-compose.yml
-          push: false
           load: true
-          set: |
-            web.cache-from=type=gha
-            web.cache-to=type=gha,mode=max
+      # - uses: docker/bake-action@v3
+      #   with:
+      #     workdir: ./backend
+      #     files: docker-compose.yml
+      #     push: false
+      #     load: true
+      #     set: |
+      #       web.cache-from=type=gha
+      #       web.cache-to=type=gha,mode=max
 
   linting:
     runs-on: ubuntu-latest
@@ -170,3 +171,5 @@ jobs:
         run: |
           npm i -g pa11y-ci
           pa11y-ci
+  validate-terraform:
+    uses: ./.github/workflows/terraform-lint.yml

From 5017df3a281edf33b1122fe7473bdab945e43a43 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:05:12 -0400
Subject: [PATCH 046/378] test with artifacts

---
 .github/workflows/test.yml | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ecf516c36d..8cefc10aeb 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -28,6 +28,12 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
           load: true
+          outputs: type=oci,dest=/tmp/image.tar
+      - name: Upload artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: image
+          path: /tmp/image.tar
       # - uses: docker/bake-action@v3
       #   with:
       #     workdir: ./backend
@@ -133,9 +139,10 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - name: Start services
-        working-directory: ./backend
-        run: docker compose up -d
+      - uses: actions/download-artifact@v3
+        with:
+          name: image
+          path: /tmp/image.tar
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -160,6 +167,10 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
+      - uses: actions/download-artifact@v3
+        with:
+          name: image
+          path: /tmp/image.tar
       - name: Start services
         working-directory: ./backend
         run: docker compose up -d

From 0f991c262d03a7c4c1a40ff7e1b0a8c7ea1a34b2 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:06:19 -0400
Subject: [PATCH 047/378] remove load:true

---
 .github/workflows/test.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 8cefc10aeb..c6996f394d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -27,7 +27,6 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          load: true
           outputs: type=oci,dest=/tmp/image.tar
       - name: Upload artifact
         uses: actions/upload-artifact@v2

From e707d2ca89c1ec3c4cc501e1251c4f173df3310f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:12:07 -0400
Subject: [PATCH 048/378] test with docker load

---
 .github/workflows/test.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c6996f394d..b56e006af4 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -142,6 +142,9 @@ jobs:
         with:
           name: image
           path: /tmp/image.tar
+      - name: Start services
+        working-directory: ./backend
+        run: docker load --input image.tar
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -172,7 +175,7 @@ jobs:
           path: /tmp/image.tar
       - name: Start services
         working-directory: ./backend
-        run: docker compose up -d
+        run: docker load --input image.tar
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From d2254f24bc6d18b7bb89dfe5becc73b677c25d4f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:18:32 -0400
Subject: [PATCH 049/378] test with docker load

---
 .github/workflows/test.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b56e006af4..a88a2f4703 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -142,9 +142,9 @@ jobs:
         with:
           name: image
           path: /tmp/image.tar
-      - name: Start services
+      - name: Docker Load
         working-directory: ./backend
-        run: docker load --input image.tar
+        run: docker load --input /tmp/image.tar
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -173,9 +173,9 @@ jobs:
         with:
           name: image
           path: /tmp/image.tar
-      - name: Start services
+      - name: Docker Load
         working-directory: ./backend
-        run: docker load --input image.tar
+        run: docker load --input /tmp/image.tar
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From a3aada4950b4d045ed0ac29e4360ffc944a527f2 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:24:55 -0400
Subject: [PATCH 050/378] test new method

---
 .github/workflows/test.yml | 29 +++++++++--------------------
 1 file changed, 9 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a88a2f4703..5558392082 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -27,12 +27,7 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          outputs: type=oci,dest=/tmp/image.tar
-      - name: Upload artifact
-        uses: actions/upload-artifact@v2
-        with:
-          name: image
-          path: /tmp/image.tar
+          load: true
       # - uses: docker/bake-action@v3
       #   with:
       #     workdir: ./backend
@@ -138,13 +133,10 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - uses: actions/download-artifact@v3
-        with:
-          name: image
-          path: /tmp/image.tar
-      - name: Docker Load
-        working-directory: ./backend
-        run: docker load --input /tmp/image.tar
+      - run: docker-compose pull
+      - uses: jpribyl/action-docker-layer-caching@v0.1.1
+        continue-on-error: true
+      - run: docker-compose up -d
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -169,13 +161,10 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - uses: actions/download-artifact@v3
-        with:
-          name: image
-          path: /tmp/image.tar
-      - name: Docker Load
-        working-directory: ./backend
-        run: docker load --input /tmp/image.tar
+      - run: docker-compose pull
+      - uses: jpribyl/action-docker-layer-caching@v0.1.1
+        continue-on-error: true
+      - run: docker-compose up -d
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From 0b5bee7fcb750bf8018e3b193608f81eb8237cbc Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:29:50 -0400
Subject: [PATCH 051/378] testing

---
 .github/workflows/test.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 5558392082..6b28790a8a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -133,10 +133,11 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - run: docker-compose pull
       - uses: jpribyl/action-docker-layer-caching@v0.1.1
         continue-on-error: true
-      - run: docker-compose up -d
+      - name: Start Services
+        working-directory: ./backend
+        run: docker-compose up -d
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -161,10 +162,11 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - run: docker-compose pull
       - uses: jpribyl/action-docker-layer-caching@v0.1.1
         continue-on-error: true
-      - run: docker-compose up -d
+      - name: Start Services
+        working-directory: ./backend
+        run: docker-compose up -d
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From 53bb5c526a0d27d0191f392c9838d54b89f8fb09 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:34:57 -0400
Subject: [PATCH 052/378] move layer caching

---
 .github/workflows/test.yml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 6b28790a8a..5bf02ad290 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -27,7 +27,8 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          load: true
+      - uses: jpribyl/action-docker-layer-caching@v0.1.1
+        continue-on-error: false
       # - uses: docker/bake-action@v3
       #   with:
       #     workdir: ./backend
@@ -133,8 +134,6 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - uses: jpribyl/action-docker-layer-caching@v0.1.1
-        continue-on-error: true
       - name: Start Services
         working-directory: ./backend
         run: docker-compose up -d
@@ -162,8 +161,6 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - uses: jpribyl/action-docker-layer-caching@v0.1.1
-        continue-on-error: true
       - name: Start Services
         working-directory: ./backend
         run: docker-compose up -d

From ce27108682901c0a43fd9df25cb5e5fdc1602a0c Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:40:43 -0400
Subject: [PATCH 053/378] testing

---
 .github/workflows/test.yml | 72 ++++++++++++++++++++++++--------------
 1 file changed, 45 insertions(+), 27 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 5bf02ad290..98abbffd3b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -4,31 +4,31 @@ on:
   workflow_dispatch:
 
 jobs:
-  build-with-docker:
-    env:
-      ENV: TESTING
-      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
-      DJANGO_BASE_URL: 'http://localhost:8000'
-      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
-      SECRET_KEY: ${{ secrets.SECRET_KEY }}
-      ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
-      DISABLE_AUTH: True
-    name: Build Docker and Cache
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Create .env file
-        working-directory: ./backend
-        run: touch .env
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - uses: docker/build-push-action@v2
-        with:
-          context: ./backend
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-      - uses: jpribyl/action-docker-layer-caching@v0.1.1
-        continue-on-error: false
+  # build-with-docker:
+  #   env:
+  #     ENV: TESTING
+  #     SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
+  #     DJANGO_BASE_URL: 'http://localhost:8000'
+  #     DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
+  #     SECRET_KEY: ${{ secrets.SECRET_KEY }}
+  #     ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
+  #     DISABLE_AUTH: True
+  #   name: Build Docker and Cache
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - uses: actions/checkout@v3
+  #     - name: Create .env file
+  #       working-directory: ./backend
+  #       run: touch .env
+  #     - name: Set up Docker Buildx
+  #       uses: docker/setup-buildx-action@v2
+  #     - uses: docker/build-push-action@v2
+  #       with:
+  #         context: ./backend
+  #         cache-from: type=gha
+  #         cache-to: type=gha,mode=max
+  #     - uses: jpribyl/action-docker-layer-caching@v0.1.1
+  #       continue-on-error: false
       # - uses: docker/bake-action@v3
       #   with:
       #     workdir: ./backend
@@ -116,7 +116,7 @@ jobs:
         run: npm run check-all
 
   test:
-    needs: [build-with-docker]
+    # needs: [build-with-docker]
     runs-on: ubuntu-latest
     env:
       ENV: TESTING
@@ -131,6 +131,15 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - uses: docker/build-push-action@v2
+        with:
+          context: ./backend
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      - uses: jpribyl/action-docker-layer-caching@v0.1.1
+        continue-on-error: false
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
@@ -143,7 +152,7 @@ jobs:
           docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
-    needs: [build-with-docker]
+    # needs: [build-with-docker]
     runs-on: ubuntu-20.04
     env:
       ENV: TESTING
@@ -161,6 +170,15 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - uses: docker/build-push-action@v2
+        with:
+          context: ./backend
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      - uses: jpribyl/action-docker-layer-caching@v0.1.1
+        continue-on-error: false
       - name: Start Services
         working-directory: ./backend
         run: docker-compose up -d

From ea2caf184a22a47e22651a989dde17a0b57dbb67 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:17:09 -0400
Subject: [PATCH 054/378] testing

---
 .github/workflows/cache-docker.yml | 31 ++++++++++++-
 .github/workflows/test.yml         | 61 ++------------------------
 backend/docker-compose-test.yml    | 70 ++++++++++++++++++++++++++++++
 3 files changed, 102 insertions(+), 60 deletions(-)
 create mode 100644 backend/docker-compose-test.yml

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 501e913d73..9105b0cf27 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -5,6 +5,7 @@ on:
 
 env:
     GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    GH_REPO: ghcr.io/asteel-gsa/fac
 
 jobs:
     build-with-docker:
@@ -12,9 +13,35 @@ jobs:
       runs-on: ubuntu-latest
       steps:
         - uses: actions/checkout@v3
-        - uses: docker/setup-buildx-action@v1
+        - name: Create .env file
+          working-directory: ./backend
+          run: touch .env
+        - name: Set up Docker Buildx
+          uses: docker/setup-buildx-action@v2
         - uses: docker/build-push-action@v2
           with:
-            context: ./backend/
+            context: ./backend
             cache-from: type=gha
             cache-to: type=gha,mode=max
+            load: true
+        # - uses: jpribyl/action-docker-layer-caching@v0.1.1
+        #   continue-on-error: false
+        # - uses: docker/bake-action@v3
+        #   with:
+        #     workdir: ./backend
+        #     files: docker-compose.yml
+        #     push: false
+        #     load: true
+        #     set: |
+        #       web.cache-from=type=gha
+        #       web.cache-to=type=gha,mode=max
+        - name: Login to GitHub Container Registry
+          uses: docker/login-action@v2
+          with:
+            registry: ghcr.io
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+        - name: Tag Image
+          run: |
+            date=$(date +%Y%m%d)
+            docker push ${{ env.GH_REPO }}/django:latest
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 98abbffd3b..dbceb49144 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -4,41 +4,6 @@ on:
   workflow_dispatch:
 
 jobs:
-  # build-with-docker:
-  #   env:
-  #     ENV: TESTING
-  #     SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
-  #     DJANGO_BASE_URL: 'http://localhost:8000'
-  #     DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
-  #     SECRET_KEY: ${{ secrets.SECRET_KEY }}
-  #     ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
-  #     DISABLE_AUTH: True
-  #   name: Build Docker and Cache
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - uses: actions/checkout@v3
-  #     - name: Create .env file
-  #       working-directory: ./backend
-  #       run: touch .env
-  #     - name: Set up Docker Buildx
-  #       uses: docker/setup-buildx-action@v2
-  #     - uses: docker/build-push-action@v2
-  #       with:
-  #         context: ./backend
-  #         cache-from: type=gha
-  #         cache-to: type=gha,mode=max
-  #     - uses: jpribyl/action-docker-layer-caching@v0.1.1
-  #       continue-on-error: false
-      # - uses: docker/bake-action@v3
-      #   with:
-      #     workdir: ./backend
-      #     files: docker-compose.yml
-      #     push: false
-      #     load: true
-      #     set: |
-      #       web.cache-from=type=gha
-      #       web.cache-to=type=gha,mode=max
-
   linting:
     runs-on: ubuntu-latest
     env:
@@ -116,7 +81,6 @@ jobs:
         run: npm run check-all
 
   test:
-    # needs: [build-with-docker]
     runs-on: ubuntu-latest
     env:
       ENV: TESTING
@@ -131,28 +95,18 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - uses: docker/build-push-action@v2
-        with:
-          context: ./backend
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-      - uses: jpribyl/action-docker-layer-caching@v0.1.1
-        continue-on-error: false
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
       - name: Start Services
         working-directory: ./backend
-        run: docker-compose up -d
+        run: docker compose -f docker-compose-test.yml up -d
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker compose -f docker-compose-test.yml run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
-    # needs: [build-with-docker]
     runs-on: ubuntu-20.04
     env:
       ENV: TESTING
@@ -170,18 +124,9 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - uses: docker/build-push-action@v2
-        with:
-          context: ./backend
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-      - uses: jpribyl/action-docker-layer-caching@v0.1.1
-        continue-on-error: false
       - name: Start Services
         working-directory: ./backend
-        run: docker-compose up -d
+        run: docker compose -f docker-compose-test.yml up -d
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x
diff --git a/backend/docker-compose-test.yml b/backend/docker-compose-test.yml
new file mode 100644
index 0000000000..06a53c6feb
--- /dev/null
+++ b/backend/docker-compose-test.yml
@@ -0,0 +1,70 @@
+version: "3.7"
+
+services:
+  db:
+    image: "postgres:12"
+    environment:
+      - "POSTGRES_HOST_AUTH_METHOD=trust"
+    volumes:
+      - postgres-data:/var/lib/postgresql/data/
+    ports:
+      - "5432:5432"
+
+  web:
+    image: ghcr.io/gsa-tts/fac/django:latest
+    command: /src/run.sh
+    depends_on:
+      - db
+      - minio
+    environment:
+      - "DATABASE_URL=postgres://postgres@db/postgres"
+      - "DJANGO_DEBUG=true"
+      - "SAM_API_KEY=${SAM_API_KEY}"
+      - "DJANGO_BASE_URL=http://localhost:8000"
+      - "DJANGO_SECRET_LOGIN_KEY=${DJANGO_SECRET_LOGIN_KEY}"
+      - "ENV=${ENV}"
+      - "SECRET_KEY=${SECRET_KEY}"
+      - "ALLOWED_HOSTS=0.0.0.0 127.0.0.1 localhost"
+      - "AV_SCAN_URL=http://clamav-rest:9000/scan"
+      - "DISABLE_AUTH=${DISABLE_AUTH:-False}"
+      - "LOCALSTACK_HOST=localstack"
+    env_file:
+      - ".env"
+    ports:
+      - "8000:8000"
+    volumes:
+      - .:/src
+      - /src/node_modules
+      - /src/staticfiles
+  clamav-rest:
+    image: ghcr.io/gsa-tts/fac/clamav:latest
+    environment:
+      - MAX_FILE_SIZE=25M
+      - SIGNATURE_CHECKS=1
+    ports:
+      - "9000:9000"
+  minio:
+    container_name: "minio"
+    image: minio/minio
+    command: server /tmp/minio --console-address ":9002"
+    ports:
+      - "9001:9000"
+      - "9002:9002"
+    volumes:
+      - "minio-vol:/tmp/minio"
+  api:
+    image: ghcr.io/gsa-tts/fac/postgrest:latest
+    ports:
+      - "3000:3000"
+    expose:
+      - "3000"
+    environment:
+      PGRST_DB_URI: postgres://postgres@db:5432/postgres
+      PGRST_OPENAPI_SERVER_PROXY_URI: http://127.0.0.1:3000
+      PGRST_DB_ANON_ROLE: anon
+      PGRST_DB_SCHEMAS: api
+    depends_on:
+      - db
+volumes:
+  postgres-data:
+  minio-vol:

From 139f7cdf4930d98fdce6a90ecf0b6588b335703e Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:17:31 -0400
Subject: [PATCH 055/378] test

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 9105b0cf27..9737f8c94f 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -41,7 +41,7 @@ jobs:
             registry: ghcr.io
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
-        - name: Tag Image
+        - name: Push image
           run: |
             date=$(date +%Y%m%d)
             docker push ${{ env.GH_REPO }}/django:latest

From c47290398860b1fcf054cc001c4ffb513006f218 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:31:07 -0400
Subject: [PATCH 056/378] test push to ghcr

---
 .github/workflows/cache-docker.yml | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 9737f8c94f..a275e596a9 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -18,12 +18,19 @@ jobs:
           run: touch .env
         - name: Set up Docker Buildx
           uses: docker/setup-buildx-action@v2
+        - name: Login to GitHub Container Registry
+          uses: docker/login-action@v2
+          with:
+            registry: ghcr.io
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
         - uses: docker/build-push-action@v2
           with:
             context: ./backend
             cache-from: type=gha
             cache-to: type=gha,mode=max
-            load: true
+            push: true
+            tags: django:latest
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false
         # - uses: docker/bake-action@v3
@@ -35,13 +42,3 @@ jobs:
         #     set: |
         #       web.cache-from=type=gha
         #       web.cache-to=type=gha,mode=max
-        - name: Login to GitHub Container Registry
-          uses: docker/login-action@v2
-          with:
-            registry: ghcr.io
-            username: ${{ github.repository_owner }}
-            password: ${{ secrets.GITHUB_TOKEN }}
-        - name: Push image
-          run: |
-            date=$(date +%Y%m%d)
-            docker push ${{ env.GH_REPO }}/django:latest

From 8f45c899c4bf29b3430d946f18f8360841911cc2 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:32:46 -0400
Subject: [PATCH 057/378] testing

---
 .github/workflows/cache-docker.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index a275e596a9..c25c4f9e73 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -31,6 +31,8 @@ jobs:
             cache-to: type=gha,mode=max
             push: true
             tags: django:latest
+            secrets: |
+              GIT_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }}
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false
         # - uses: docker/bake-action@v3

From 6f2722190bd47913456010f10762ae049fe08152 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:38:30 -0400
Subject: [PATCH 058/378] test

---
 .github/workflows/cache-docker.yml | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index c25c4f9e73..67c04146cc 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -13,26 +13,23 @@ jobs:
       runs-on: ubuntu-latest
       steps:
         - uses: actions/checkout@v3
+
         - name: Create .env file
           working-directory: ./backend
           run: touch .env
+
         - name: Set up Docker Buildx
           uses: docker/setup-buildx-action@v2
+
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
           with:
             registry: ghcr.io
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
-        - uses: docker/build-push-action@v2
-          with:
-            context: ./backend
-            cache-from: type=gha
-            cache-to: type=gha,mode=max
-            push: true
-            tags: django:latest
-            secrets: |
-              GIT_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }}
+
+        - name: Push Image
+          run: docker push ${{ env.GH_REPO }}/django:latest
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false
         # - uses: docker/bake-action@v3

From 792ec302c0f2b908496b17d244c2004334fcba4e Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:39:36 -0400
Subject: [PATCH 059/378] test

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 67c04146cc..6d7bd5fd5a 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -29,7 +29,7 @@ jobs:
             password: ${{ secrets.GITHUB_TOKEN }}
 
         - name: Push Image
-          run: docker push ${{ env.GH_REPO }}/django:latest
+          run: docker push ${{ env.GH_REPO }}
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false
         # - uses: docker/bake-action@v3

From 8eb05feaab4af98fc4991c0b885f7c8d87d2d7db Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:43:26 -0400
Subject: [PATCH 060/378] test tagging

---
 .github/workflows/cache-docker.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 6d7bd5fd5a..51e94af626 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -19,8 +19,10 @@ jobs:
           run: touch .env
 
         - name: Set up Docker Buildx
+          id: buildx
           uses: docker/setup-buildx-action@v2
 
+
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
           with:
@@ -28,8 +30,12 @@ jobs:
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
+        - name: Tag Image
+          run: |
+            docker tag ${{ steps.buildx.outputs.name }} ${{ env.GH_REPO }}/django:latest
+
         - name: Push Image
-          run: docker push ${{ env.GH_REPO }}
+          run: docker push --all-tags ${{ env.GH_REPO }}/django
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false
         # - uses: docker/bake-action@v3

From afa218124ff0af0102c8103cbcaca1785eda4b84 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:46:17 -0400
Subject: [PATCH 061/378] testing tag

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 51e94af626..9d65aba49b 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -32,7 +32,7 @@ jobs:
 
         - name: Tag Image
           run: |
-            docker tag ${{ steps.buildx.outputs.name }} ${{ env.GH_REPO }}/django:latest
+            docker tag ${{ steps.buildx.outputs.name }} django
 
         - name: Push Image
           run: docker push --all-tags ${{ env.GH_REPO }}/django

From ce564996eb7221a8ae946b9d1597b047d6e96ea0 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:48:24 -0400
Subject: [PATCH 062/378] test push

---
 .github/workflows/cache-docker.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 9d65aba49b..6ec0e37e5d 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -30,12 +30,12 @@ jobs:
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
-        - name: Tag Image
-          run: |
-            docker tag ${{ steps.buildx.outputs.name }} django
+        # - name: Tag Image
+        #   run: |
+        #     docker tag ${{ steps.buildx.outputs.name }} django
 
         - name: Push Image
-          run: docker push --all-tags ${{ env.GH_REPO }}/django
+          run: docker push  ${{ env.GH_REPO }}/${{ steps.buildx.outputs.name }}:latest
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false
         # - uses: docker/bake-action@v3

From 542b7fe308785ad7d2c886e72b2e2ec2802aebc1 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:58:50 -0400
Subject: [PATCH 063/378] test push

---
 .github/workflows/cache-docker.yml | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 6ec0e37e5d..74a9e11306 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -12,8 +12,6 @@ jobs:
       name: Build with Docker
       runs-on: ubuntu-latest
       steps:
-        - uses: actions/checkout@v3
-
         - name: Create .env file
           working-directory: ./backend
           run: touch .env
@@ -22,7 +20,6 @@ jobs:
           id: buildx
           uses: docker/setup-buildx-action@v2
 
-
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
           with:
@@ -30,12 +27,22 @@ jobs:
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
+        - name: Build and push
+          uses: docker/build-push-action@v4
+          with:
+            context: ./backend
+            cache-from: type=gha
+            cache-to: type=gha,mode=max
+            push: false
+            tags: django:latest
+
+        - name: Push Image
+          run: docker push --all-tags ${{ env.GH_REPO }}/django:latest
+
         # - name: Tag Image
         #   run: |
         #     docker tag ${{ steps.buildx.outputs.name }} django
 
-        - name: Push Image
-          run: docker push  ${{ env.GH_REPO }}/${{ steps.buildx.outputs.name }}:latest
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false
         # - uses: docker/bake-action@v3

From db193a9b498f813f71ac5ba0a3f95521546d8de6 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:00:42 -0400
Subject: [PATCH 064/378] replace checkout

---
 .github/workflows/cache-docker.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 74a9e11306..ec20280870 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -12,6 +12,9 @@ jobs:
       name: Build with Docker
       runs-on: ubuntu-latest
       steps:
+        - name: Checkout
+          uses: actions/checkout@v3
+
         - name: Create .env file
           working-directory: ./backend
           run: touch .env

From a3435fd0d42939d04c0648cb55a0fa43b1b3cb65 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:01:48 -0400
Subject: [PATCH 065/378] remove --all-tags

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index ec20280870..473527f1ed 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -40,7 +40,7 @@ jobs:
             tags: django:latest
 
         - name: Push Image
-          run: docker push --all-tags ${{ env.GH_REPO }}/django:latest
+          run: docker push ${{ env.GH_REPO }}/django:latest
 
         # - name: Tag Image
         #   run: |

From 4778f69d74324929c3bf8c77266ffbecef0e9a13 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:02:54 -0400
Subject: [PATCH 066/378] test tag

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 473527f1ed..6b19f06aa7 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -37,7 +37,7 @@ jobs:
             cache-from: type=gha
             cache-to: type=gha,mode=max
             push: false
-            tags: django:latest
+            tags: ${{ env.GH_REPO }}/django:latest
 
         - name: Push Image
           run: docker push ${{ env.GH_REPO }}/django:latest

From 02646420e32bfb28983b2386c10fcc4df28ec467 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:06:49 -0400
Subject: [PATCH 067/378] test push

---
 .github/workflows/cache-docker.yml | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 6b19f06aa7..075ec29792 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -36,15 +36,9 @@ jobs:
             context: ./backend
             cache-from: type=gha
             cache-to: type=gha,mode=max
-            push: false
-            tags: ${{ env.GH_REPO }}/django:latest
-
-        - name: Push Image
-          run: docker push ${{ env.GH_REPO }}/django:latest
-
-        # - name: Tag Image
-        #   run: |
-        #     docker tag ${{ steps.buildx.outputs.name }} django
+            platforms: linux/arm64
+            push: true
+            tags: ${{ env.GH_REPO }}/web:latest
 
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false

From e38fad986f6e0e792ebf50ddce579a7adaecafeb Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:11:48 -0400
Subject: [PATCH 068/378] remove env

---
 .github/workflows/cache-docker.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 075ec29792..16577d5d30 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -4,7 +4,6 @@ on:
     workflow_dispatch:
 
 env:
-    GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     GH_REPO: ghcr.io/asteel-gsa/fac
 
 jobs:

From b77da1f7167ca7a1df6607b9e7dcf6680c5d188b Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:43:45 -0400
Subject: [PATCH 069/378] remove platforms

---
 .github/workflows/cache-docker.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 16577d5d30..63c68422d0 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -35,7 +35,6 @@ jobs:
             context: ./backend
             cache-from: type=gha
             cache-to: type=gha,mode=max
-            platforms: linux/arm64
             push: true
             tags: ${{ env.GH_REPO }}/web:latest
 

From cec52906a32d6aa016c0383160b07085135775f7 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:46:36 -0400
Subject: [PATCH 070/378] testing

---
 .github/workflows/cache-docker.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 63c68422d0..184671003e 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -37,6 +37,7 @@ jobs:
             cache-to: type=gha,mode=max
             push: true
             tags: ${{ env.GH_REPO }}/web:latest
+            secrets: GIT_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }}
 
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false

From dd2a98c2b07c65b2b11fee57e09d460c938d2d52 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:54:46 -0400
Subject: [PATCH 071/378] test build and push

---
 .github/workflows/cache-docker.yml | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 184671003e..a17f237bdd 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -29,15 +29,25 @@ jobs:
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
-        - name: Build and push
-          uses: docker/build-push-action@v4
+        - name: Build & push Docker image
+          uses: mr-smithers-excellent/docker-build-push@v6
           with:
-            context: ./backend
-            cache-from: type=gha
-            cache-to: type=gha,mode=max
-            push: true
-            tags: ${{ env.GH_REPO }}/web:latest
-            secrets: GIT_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }}
+            image: web
+            tags: latest
+            registry: ghcr.io
+            dockerfile: ./backend/Dockerfile
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+
+        # - name: Build and push
+        #   uses: docker/build-push-action@v4
+        #   with:
+        #     context: ./backend
+        #     cache-from: type=gha
+        #     cache-to: type=gha,mode=max
+        #     push: true
+        #     tags: ${{ env.GH_REPO }}/web:latest
+        #     secrets: GIT_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }}
 
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false

From ca731940823d175b1d144000c7c7129bfcd68807 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:58:45 -0400
Subject: [PATCH 072/378] test

---
 .github/workflows/cache-docker.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index a17f237bdd..67e7a853f7 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -29,13 +29,15 @@ jobs:
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
+        - uses: jpribyl/action-docker-layer-caching@v0.1.1
         - name: Build & push Docker image
           uses: mr-smithers-excellent/docker-build-push@v6
           with:
+            directory: ./backend
             image: web
             tags: latest
             registry: ghcr.io
-            dockerfile: ./backend/Dockerfile
+            dockerfile: Dockerfile
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 

From 02fb193f3e4862b8d286de7c5f4f21a7817851d3 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:59:58 -0400
Subject: [PATCH 073/378] testing

---
 .github/workflows/cache-docker.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 67e7a853f7..5fbec8d6ce 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -37,7 +37,6 @@ jobs:
             image: web
             tags: latest
             registry: ghcr.io
-            dockerfile: Dockerfile
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 

From be8f989a66bdcaef184fcf2624e80f1d9fcdaf52 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 13:03:00 -0400
Subject: [PATCH 074/378] test

---
 .github/workflows/cache-docker.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 5fbec8d6ce..d80ff2d2ff 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -33,9 +33,7 @@ jobs:
         - name: Build & push Docker image
           uses: mr-smithers-excellent/docker-build-push@v6
           with:
-            directory: ./backend
             image: web
-            tags: latest
             registry: ghcr.io
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}

From ff3dc1a7c30dd671979377731d2653e6a448e682 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 13:05:49 -0400
Subject: [PATCH 075/378] testing

---
 .github/workflows/cache-docker.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index d80ff2d2ff..4cd4f74442 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -22,6 +22,13 @@ jobs:
           id: buildx
           uses: docker/setup-buildx-action@v2
 
+        - name: Build and push
+          uses: docker/build-push-action@v4
+          with:
+            context: ./backend
+            cache-from: type=gha
+            cache-to: type=gha,mode=max
+
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
           with:
@@ -30,11 +37,15 @@ jobs:
             password: ${{ secrets.GITHUB_TOKEN }}
 
         - uses: jpribyl/action-docker-layer-caching@v0.1.1
+          continue-on-error: false
+
         - name: Build & push Docker image
           uses: mr-smithers-excellent/docker-build-push@v6
           with:
             image: web
             registry: ghcr.io
+            directory: ./backend
+            dockerfile: .
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 

From 1624b3189588aff7fc49139c8e817e8151c8263a Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 13:06:51 -0400
Subject: [PATCH 076/378] test

---
 .github/workflows/cache-docker.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 4cd4f74442..6fdd1476fd 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -45,7 +45,6 @@ jobs:
             image: web
             registry: ghcr.io
             directory: ./backend
-            dockerfile: .
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 

From 9f80b273c9a253fec5570c735c453b06136eee19 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 13:10:57 -0400
Subject: [PATCH 077/378] test

---
 .github/workflows/cache-docker.yml | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 6fdd1476fd..bbc87be585 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -22,13 +22,18 @@ jobs:
           id: buildx
           uses: docker/setup-buildx-action@v2
 
-        - name: Build and push
+        - name: Build and push Action
           uses: docker/build-push-action@v4
           with:
             context: ./backend
             cache-from: type=gha
             cache-to: type=gha,mode=max
 
+        - uses: jpribyl/action-docker-layer-caching@v0.1.1
+        - name: Build
+          working-directory: ./backend
+          run: docker build . -t web:latest
+
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
           with:
@@ -36,17 +41,9 @@ jobs:
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
-        - uses: jpribyl/action-docker-layer-caching@v0.1.1
-          continue-on-error: false
+        - name: Push Image
+          run: docker push ${{ env.GH_REPO }}/web:latest
 
-        - name: Build & push Docker image
-          uses: mr-smithers-excellent/docker-build-push@v6
-          with:
-            image: web
-            registry: ghcr.io
-            directory: ./backend
-            username: ${{ github.repository_owner }}
-            password: ${{ secrets.GITHUB_TOKEN }}
 
         # - name: Build and push
         #   uses: docker/build-push-action@v4

From e5ba7da57653b55b92fefc4beef61706bfd14809 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 13:14:59 -0400
Subject: [PATCH 078/378] test

---
 .github/workflows/cache-docker.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index bbc87be585..acab90e9f6 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -1,5 +1,5 @@
 ---
-name: Docker Caching
+name: Build and publish docker container
 on:
     workflow_dispatch:
 
@@ -22,17 +22,16 @@ jobs:
           id: buildx
           uses: docker/setup-buildx-action@v2
 
-        - name: Build and push Action
+        - name: Build and Push Action
           uses: docker/build-push-action@v4
           with:
             context: ./backend
             cache-from: type=gha
             cache-to: type=gha,mode=max
 
-        - uses: jpribyl/action-docker-layer-caching@v0.1.1
         - name: Build
           working-directory: ./backend
-          run: docker build . -t web:latest
+          run: docker builder build . -t web:latest --cache-from gha
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2

From a37c120ec5c1dad68febf163d3867304bedd3b6d Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 13:17:35 -0400
Subject: [PATCH 079/378] change tag

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index acab90e9f6..024c58dd6d 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -31,7 +31,7 @@ jobs:
 
         - name: Build
           working-directory: ./backend
-          run: docker builder build . -t web:latest --cache-from gha
+          run: docker builder build . -t ${{ env.GH_REPO }}/web:latest --cache-from gha
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2

From b17db36eb9682c69faac0909a0784e58ca332a28 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 13:35:58 -0400
Subject: [PATCH 080/378] test using ghcr image

---
 .github/workflows/cache-docker.yml | 18 +++++++++---------
 backend/docker-compose-test.yml    |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 024c58dd6d..5fd8d2d907 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -18,16 +18,16 @@ jobs:
           working-directory: ./backend
           run: touch .env
 
-        - name: Set up Docker Buildx
-          id: buildx
-          uses: docker/setup-buildx-action@v2
+        # - name: Set up Docker Buildx
+        #   id: buildx
+        #   uses: docker/setup-buildx-action@v2
 
-        - name: Build and Push Action
-          uses: docker/build-push-action@v4
-          with:
-            context: ./backend
-            cache-from: type=gha
-            cache-to: type=gha,mode=max
+        # - name: Build and Push Action
+        #   uses: docker/build-push-action@v4
+        #   with:
+        #     context: ./backend
+        #     cache-from: type=gha
+        #     cache-to: type=gha,mode=max
 
         - name: Build
           working-directory: ./backend
diff --git a/backend/docker-compose-test.yml b/backend/docker-compose-test.yml
index 06a53c6feb..c46cf0f741 100644
--- a/backend/docker-compose-test.yml
+++ b/backend/docker-compose-test.yml
@@ -11,7 +11,7 @@ services:
       - "5432:5432"
 
   web:
-    image: ghcr.io/gsa-tts/fac/django:latest
+    image: ghcr.io/asteel-gsa/fac/web:latest
     command: /src/run.sh
     depends_on:
       - db

From 9f056957fa70ac6b71fcdd0a13d583cc03e10e24 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 14:06:58 -0400
Subject: [PATCH 081/378] add type=gha

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 5fd8d2d907..84124d3c90 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -31,7 +31,7 @@ jobs:
 
         - name: Build
           working-directory: ./backend
-          run: docker builder build . -t ${{ env.GH_REPO }}/web:latest --cache-from gha
+          run: docker builder build . -t ${{ env.GH_REPO }}/web:latest --cache-from type=gha
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2

From 9e68d898d6225167aae36a15b9c279ed76e149b5 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 14:30:55 -0400
Subject: [PATCH 082/378] code cleanup

---
 .github/workflows/build-docker-container.yml | 40 ++++++++++++
 .github/workflows/cache-docker.yml           | 67 --------------------
 .github/workflows/test.yml                   |  4 +-
 backend/docker-compose-test.yml              |  2 +
 4 files changed, 45 insertions(+), 68 deletions(-)
 create mode 100644 .github/workflows/build-docker-container.yml
 delete mode 100644 .github/workflows/cache-docker.yml

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
new file mode 100644
index 0000000000..9517b1fb6f
--- /dev/null
+++ b/.github/workflows/build-docker-container.yml
@@ -0,0 +1,40 @@
+---
+name: Build and publish docker container
+on:
+    workflow_dispatch:
+
+env:
+    GH_REPO: ghcr.io/asteel-gsa/fac
+
+jobs:
+    build-with-docker:
+      name: Build with Docker
+      runs-on: ubuntu-latest
+      steps:
+        - name: Checkout
+          uses: actions/checkout@v3
+
+        - name: Set up Docker Buildx
+          id: buildx
+          uses: docker/setup-buildx-action@v2
+
+        - name: Build and Push Action
+          uses: docker/build-push-action@v4
+          with:
+            context: ./backend
+            cache-from: type=gha
+            cache-to: type=gha,mode=max
+
+        - name: Build
+          working-directory: ./backend
+          run: docker builder build . -t ${{ env.GH_REPO }}/fac/web-container:latest --cache-from type=gha
+
+        - name: Login to GitHub Container Registry
+          uses: docker/login-action@v2
+          with:
+            registry: ghcr.io
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+
+        - name: Push Image
+          run: docker push ${{ env.GH_REPO }}/fac/web-container:latest
diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
deleted file mode 100644
index 84124d3c90..0000000000
--- a/.github/workflows/cache-docker.yml
+++ /dev/null
@@ -1,67 +0,0 @@
----
-name: Build and publish docker container
-on:
-    workflow_dispatch:
-
-env:
-    GH_REPO: ghcr.io/asteel-gsa/fac
-
-jobs:
-    build-with-docker:
-      name: Build with Docker
-      runs-on: ubuntu-latest
-      steps:
-        - name: Checkout
-          uses: actions/checkout@v3
-
-        - name: Create .env file
-          working-directory: ./backend
-          run: touch .env
-
-        # - name: Set up Docker Buildx
-        #   id: buildx
-        #   uses: docker/setup-buildx-action@v2
-
-        # - name: Build and Push Action
-        #   uses: docker/build-push-action@v4
-        #   with:
-        #     context: ./backend
-        #     cache-from: type=gha
-        #     cache-to: type=gha,mode=max
-
-        - name: Build
-          working-directory: ./backend
-          run: docker builder build . -t ${{ env.GH_REPO }}/web:latest --cache-from type=gha
-
-        - name: Login to GitHub Container Registry
-          uses: docker/login-action@v2
-          with:
-            registry: ghcr.io
-            username: ${{ github.repository_owner }}
-            password: ${{ secrets.GITHUB_TOKEN }}
-
-        - name: Push Image
-          run: docker push ${{ env.GH_REPO }}/web:latest
-
-
-        # - name: Build and push
-        #   uses: docker/build-push-action@v4
-        #   with:
-        #     context: ./backend
-        #     cache-from: type=gha
-        #     cache-to: type=gha,mode=max
-        #     push: true
-        #     tags: ${{ env.GH_REPO }}/web:latest
-        #     secrets: GIT_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }}
-
-        # - uses: jpribyl/action-docker-layer-caching@v0.1.1
-        #   continue-on-error: false
-        # - uses: docker/bake-action@v3
-        #   with:
-        #     workdir: ./backend
-        #     files: docker-compose.yml
-        #     push: false
-        #     load: true
-        #     set: |
-        #       web.cache-from=type=gha
-        #       web.cache-to=type=gha,mode=max
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index dbceb49144..903172f1c7 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,7 +1,8 @@
 ---
-name: Runs linting and tests
+name: Run Testing and Linting
 on:
   workflow_dispatch:
+  # workflow_call:
 
 jobs:
   linting:
@@ -135,5 +136,6 @@ jobs:
         run: |
           npm i -g pa11y-ci
           pa11y-ci
+
   validate-terraform:
     uses: ./.github/workflows/terraform-lint.yml
diff --git a/backend/docker-compose-test.yml b/backend/docker-compose-test.yml
index c46cf0f741..0c4d272585 100644
--- a/backend/docker-compose-test.yml
+++ b/backend/docker-compose-test.yml
@@ -1,3 +1,5 @@
+# This version of docker-compose.yml is strictly for usage in ./.github/workflows/test.yml
+
 version: "3.7"
 
 services:

From f1f2b3c398d16997f93cc125f79c5e7a883db2cc Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 13:34:00 -0400
Subject: [PATCH 083/378] test caching

---
 .github/workflows/cache-docker.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .github/workflows/cache-docker.yml

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
new file mode 100644
index 0000000000..d28476d931
--- /dev/null
+++ b/.github/workflows/cache-docker.yml
@@ -0,0 +1,20 @@
+---
+name: Docker Caching
+on:
+    workflow_dispatch:
+
+env:
+    GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+jobs:
+    build-with-docker:
+      name: Build with Docker
+      runs-on: ubuntu-latest
+      steps:
+        - uses: actions/checkout@v3
+        - uses: docker/setup-buildx-action@v1
+        - uses: docker/build-push-action@v2
+          with:
+            context: .
+            cache-from: type=gha
+            cache-to: type=gha,mode=max

From c502aa4e34058eb3d47c5434b5cfd50c2f8b60f1 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 13:35:38 -0400
Subject: [PATCH 084/378] test caching

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index d28476d931..501e913d73 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -15,6 +15,6 @@ jobs:
         - uses: docker/setup-buildx-action@v1
         - uses: docker/build-push-action@v2
           with:
-            context: .
+            context: ./backend/
             cache-from: type=gha
             cache-to: type=gha,mode=max

From e0efe116a0286ca87b0a7056abe33bfddbad9760 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 13:51:34 -0400
Subject: [PATCH 085/378] manage testing with caching

---
 .github/workflows/test.yml | 46 +++++++++-----------------------------
 1 file changed, 10 insertions(+), 36 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ef23a19b1c..8cca27f29e 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,7 +1,7 @@
 ---
 name: Runs linting and tests
 on:
-  workflow_call:
+  workflow_dispatch:
 
 jobs:
   linting:
@@ -56,6 +56,7 @@ jobs:
       - name: Run HTML template linting
         working-directory: ./backend
         run: djlint --lint .
+
   frontend-linting:
     runs-on: ubuntu-latest
     steps:
@@ -79,6 +80,7 @@ jobs:
       - name: Lint JS & SCSS
         working-directory: ./backend
         run: npm run check-all
+
   test:
     runs-on: ubuntu-latest
     env:
@@ -96,43 +98,15 @@ jobs:
           node-version: 16
       - name: Pull Docker Hub images
         working-directory: ./backend
-        run: touch .env && docker-compose pull
-      - name: Start services
-        working-directory: ./backend
-        run: docker-compose up -d
+        run: touch .env && docker compose pull
+      - uses: docker/setup-buildx-action@v1
+      - uses: docker/build-push-action@v2
+        with:
+          context: ./backend
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
       - name: Run Django test suite
         working-directory: ./backend
         run:
           docker-compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel &&
           coverage combine && coverage report -m --fail-under=90'
-  a11y-testing:
-    runs-on: ubuntu-20.04
-    env:
-      ENV: TESTING
-      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}"
-      DJANGO_BASE_URL: 'http://localhost:8000'
-      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}"
-      SECRET_KEY: ${{ secrets.SECRET_KEY }}
-      ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
-      DISABLE_AUTH: True
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-      - name: Pull Docker Hub images
-        working-directory: ./backend
-        run: touch .env && docker-compose pull
-      - name: Start services
-        working-directory: ./backend
-        run: docker-compose up -d
-      - name: run Lighthouse CI
-        run: |
-          npm install -g @lhci/cli@0.8.x
-          lhci autorun
-      - name: run pa11y
-        run: |
-          npm i -g pa11y-ci
-          pa11y-ci
-  validate-terraform:
-    uses: ./.github/workflows/terraform-lint.yml

From 904a9513f51e30f895040f7f61c9f10f564cbb02 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:00:32 -0400
Subject: [PATCH 086/378] attempt to use caching on django

---
 .github/workflows/test.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 8cca27f29e..56e8e4639e 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -105,8 +105,9 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
+      - uses: docker/setup-buildx-action@v1
       - name: Run Django test suite
         working-directory: ./backend
         run:
-          docker-compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel &&
+          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel &&
           coverage combine && coverage report -m --fail-under=90'

From 39e3f37f44e89d021d5f332103eee3acde459e2e Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:18:36 -0400
Subject: [PATCH 087/378] testing

---
 .github/workflows/test.yml | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 56e8e4639e..aecce4f3bb 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -105,9 +105,40 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      - uses: docker/setup-buildx-action@v1
       - name: Run Django test suite
         working-directory: ./backend
         run:
           docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel &&
           coverage combine && coverage report -m --fail-under=90'
+  a11y-testing:
+    runs-on: ubuntu-20.04
+    env:
+      ENV: TESTING
+      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}"
+      DJANGO_BASE_URL: 'http://localhost:8000'
+      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}"
+      SECRET_KEY: ${{ secrets.SECRET_KEY }}
+      ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
+      DISABLE_AUTH: True
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+      - name: Pull Docker Hub images
+        working-directory: ./backend
+        run: touch .env && docker-compose pull
+      - uses: docker/setup-buildx-action@v1
+      - uses: docker/build-push-action@v2
+        with:
+          context: ./backend
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      - name: run Lighthouse CI
+        run: |
+          npm install -g @lhci/cli@0.8.x
+          lhci autorun
+      - name: run pa11y
+        run: |
+          npm i -g pa11y-ci
+          pa11y-ci

From 00102b650fa8fdd46c01779911b8c2c236158fa2 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:27:32 -0400
Subject: [PATCH 088/378] testing changes on caching

---
 .github/workflows/test.yml | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index aecce4f3bb..ca9429b11e 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -92,19 +92,19 @@ jobs:
       ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
       DISABLE_AUTH: False
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-      - name: Pull Docker Hub images
-        working-directory: ./backend
-        run: touch .env && docker compose pull
       - uses: docker/setup-buildx-action@v1
       - uses: docker/build-push-action@v2
         with:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
+      - name: Pull Docker Hub images
+        working-directory: ./backend
+        run: touch .env && docker compose pull
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
       - name: Run Django test suite
         working-directory: ./backend
         run:
@@ -121,19 +121,19 @@ jobs:
       ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
       DISABLE_AUTH: True
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-      - name: Pull Docker Hub images
-        working-directory: ./backend
-        run: touch .env && docker-compose pull
       - uses: docker/setup-buildx-action@v1
       - uses: docker/build-push-action@v2
         with:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
+      - name: Pull Docker Hub images
+        working-directory: ./backend
+        run: touch .env && docker-compose pull
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From fa218fa998e2c53c6796b84acc5a20ca76d553f4 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:30:48 -0400
Subject: [PATCH 089/378] testing caching

---
 .github/workflows/test.yml | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ca9429b11e..75b826ddf0 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -98,13 +98,13 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      - name: Pull Docker Hub images
-        working-directory: ./backend
-        run: touch .env && docker compose pull
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
           node-version: 16
+      - name: Pull Docker Hub images
+        working-directory: ./backend
+        run: touch .env && docker compose pull
       - name: Run Django test suite
         working-directory: ./backend
         run:
@@ -121,19 +121,19 @@ jobs:
       ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
       DISABLE_AUTH: True
     steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+      - name: Pull Docker Hub images
+        working-directory: ./backend
+        run: touch .env && docker compose pull
       - uses: docker/setup-buildx-action@v1
       - uses: docker/build-push-action@v2
         with:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      - name: Pull Docker Hub images
-        working-directory: ./backend
-        run: touch .env && docker-compose pull
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From 94e8c327fb868a9b44f59329bde7c46af3a8bee9 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:32:16 -0400
Subject: [PATCH 090/378] fix buildx

---
 .github/workflows/test.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 75b826ddf0..dee40b4105 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -92,12 +92,6 @@ jobs:
       ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
       DISABLE_AUTH: False
     steps:
-      - uses: docker/setup-buildx-action@v1
-      - uses: docker/build-push-action@v2
-        with:
-          context: ./backend
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
@@ -105,6 +99,12 @@ jobs:
       - name: Pull Docker Hub images
         working-directory: ./backend
         run: touch .env && docker compose pull
+      - uses: docker/setup-buildx-action@v1
+      - uses: docker/build-push-action@v2
+        with:
+          context: ./backend
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
       - name: Run Django test suite
         working-directory: ./backend
         run:

From 6be4aa3c3aa62acaaf715ef61bfaa692b26d5b86 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:41:20 -0400
Subject: [PATCH 091/378] test

---
 .github/workflows/test.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index dee40b4105..d6cfdbf918 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -107,9 +107,8 @@ jobs:
           cache-to: type=gha,mode=max
       - name: Run Django test suite
         working-directory: ./backend
-        run:
-          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel &&
-          coverage combine && coverage report -m --fail-under=90'
+        run: |
+          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
   a11y-testing:
     runs-on: ubuntu-20.04
     env:

From cbf60804baaf00784b11eaddd68668686338a05e Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:49:36 -0400
Subject: [PATCH 092/378] testing caching

---
 .github/workflows/test.yml | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index d6cfdbf918..bd384f4a4d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -4,6 +4,18 @@ on:
   workflow_dispatch:
 
 jobs:
+  build-with-docker:
+    name: Build with Docker
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: docker/setup-buildx-action@v1
+      - uses: docker/build-push-action@v2
+        with:
+          context: .
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
   linting:
     runs-on: ubuntu-latest
     env:
@@ -85,9 +97,9 @@ jobs:
     runs-on: ubuntu-latest
     env:
       ENV: TESTING
-      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}"
+      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
       DJANGO_BASE_URL: 'http://localhost:8000'
-      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}"
+      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
       SECRET_KEY: ${{ secrets.SECRET_KEY }}
       ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
       DISABLE_AUTH: False
@@ -99,23 +111,18 @@ jobs:
       - name: Pull Docker Hub images
         working-directory: ./backend
         run: touch .env && docker compose pull
-      - uses: docker/setup-buildx-action@v1
-      - uses: docker/build-push-action@v2
-        with:
-          context: ./backend
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
       - name: Run Django test suite
         working-directory: ./backend
         run: |
           docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+
   a11y-testing:
     runs-on: ubuntu-20.04
     env:
       ENV: TESTING
-      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}"
+      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
       DJANGO_BASE_URL: 'http://localhost:8000'
-      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}"
+      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
       SECRET_KEY: ${{ secrets.SECRET_KEY }}
       ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
       DISABLE_AUTH: True

From a78df32caad18cbf258f4f6bb6d4fcc80c740f9c Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:50:50 -0400
Subject: [PATCH 093/378] testing

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index bd384f4a4d..b67ce6141f 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -12,7 +12,7 @@ jobs:
       - uses: docker/setup-buildx-action@v1
       - uses: docker/build-push-action@v2
         with:
-          context: .
+          context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
 

From 6b6c1c58c9fac73838f161c79a55dbd7580e6574 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:56:06 -0400
Subject: [PATCH 094/378] attempt to use buildx

---
 .github/workflows/test.yml | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b67ce6141f..b85caa352a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: docker/setup-buildx-action@v1
+      - uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2
         with:
           context: ./backend
@@ -111,6 +111,7 @@ jobs:
       - name: Pull Docker Hub images
         working-directory: ./backend
         run: touch .env && docker compose pull
+      - uses: docker/setup-buildx-action@v2
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -134,12 +135,7 @@ jobs:
       - name: Pull Docker Hub images
         working-directory: ./backend
         run: touch .env && docker compose pull
-      - uses: docker/setup-buildx-action@v1
-      - uses: docker/build-push-action@v2
-        with:
-          context: ./backend
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+      - uses: docker/setup-buildx-action@v2
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From 43f2114719a7207d3af59e8aa276817453ef469a Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 14:58:42 -0400
Subject: [PATCH 095/378] remove compose as test

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b85caa352a..c21ca81a4d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -115,7 +115,7 @@ jobs:
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     runs-on: ubuntu-20.04

From 0660bc4904b9ee6fb4f8d45174c7dd420b06f69e Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:06:26 -0400
Subject: [PATCH 096/378] testing cache

---
 .github/workflows/test.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c21ca81a4d..63babdd412 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -5,7 +5,7 @@ on:
 
 jobs:
   build-with-docker:
-    name: Build with Docker
+    name: Build Docker and Cache
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -111,11 +111,10 @@ jobs:
       - name: Pull Docker Hub images
         working-directory: ./backend
         run: touch .env && docker compose pull
-      - uses: docker/setup-buildx-action@v2
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     runs-on: ubuntu-20.04

From e61700f78bcf579e4da2090156f2c79c2349e85f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:31:18 -0400
Subject: [PATCH 097/378] test using buildx

---
 .github/workflows/test.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 63babdd412..f54e04f8cd 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -8,13 +8,15 @@ jobs:
     name: Build Docker and Cache
     runs-on: ubuntu-latest
     steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
       - uses: actions/checkout@v3
-      - uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2
         with:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
+          load: true
 
   linting:
     runs-on: ubuntu-latest
@@ -111,6 +113,8 @@ jobs:
       - name: Pull Docker Hub images
         working-directory: ./backend
         run: touch .env && docker compose pull
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -134,7 +138,8 @@ jobs:
       - name: Pull Docker Hub images
         working-directory: ./backend
         run: touch .env && docker compose pull
-      - uses: docker/setup-buildx-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From 30ef35bcdbe947a6152af037686d76aeb0fcb074 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:34:52 -0400
Subject: [PATCH 098/378] add needs clause to ensure docker runs

---
 .github/workflows/test.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f54e04f8cd..b12500a8e8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -75,7 +75,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-
       - name: Restore npm cache
         uses: actions/cache@v3
         id: cache-npm
@@ -96,6 +95,7 @@ jobs:
         run: npm run check-all
 
   test:
+    needs: [build-with-docker]
     runs-on: ubuntu-latest
     env:
       ENV: TESTING
@@ -121,6 +121,7 @@ jobs:
           docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
+    needs: [build-with-docker]
     runs-on: ubuntu-20.04
     env:
       ENV: TESTING

From b650fbf4d6cbed57a440aafefd16de10e7b58a46 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:43:14 -0400
Subject: [PATCH 099/378] testing buildx

---
 .github/workflows/test.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b12500a8e8..a459bbc2c7 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -16,7 +16,6 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          load: true
 
   linting:
     runs-on: ubuntu-latest
@@ -115,6 +114,8 @@ jobs:
         run: touch .env && docker compose pull
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+        with:
+          use: true
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -141,6 +142,8 @@ jobs:
         run: touch .env && docker compose pull
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+        with:
+          use: true
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From 7b8ffd8d6a13702a276aff3e9f5a16ca8614679a Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:48:58 -0400
Subject: [PATCH 100/378] testing

---
 .github/workflows/test.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a459bbc2c7..377e0f98e6 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -109,9 +109,6 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
-      - name: Pull Docker Hub images
-        working-directory: ./backend
-        run: touch .env && docker compose pull
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
         with:
@@ -137,9 +134,6 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
-      - name: Pull Docker Hub images
-        working-directory: ./backend
-        run: touch .env && docker compose pull
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
         with:

From 843b38b2c7a90afd8bb20f392483a7086ca3b9c4 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:50:45 -0400
Subject: [PATCH 101/378] test .env with buildx

---
 .github/workflows/test.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 377e0f98e6..273d3decef 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -109,6 +109,9 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
+      - name: Create .env
+        working-directory: ./backend
+        run: touch .env
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
         with:
@@ -134,6 +137,9 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
+      - name: Create .env
+        working-directory: ./backend
+        run: touch .env
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
         with:

From e45273c6832fe9533e9147a00f970fa02cb506eb Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:57:14 -0400
Subject: [PATCH 102/378] use docker-compose

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 273d3decef..49cc724cef 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -119,7 +119,7 @@ jobs:
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker-compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     needs: [build-with-docker]

From 440747673db1a22e42c4850778132a67c5218596 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 15:58:04 -0400
Subject: [PATCH 103/378] remove buildx from docker compose

---
 .github/workflows/test.yml | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 49cc724cef..efbcbf09d0 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -112,10 +112,6 @@ jobs:
       - name: Create .env
         working-directory: ./backend
         run: touch .env
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-        with:
-          use: true
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -140,10 +136,6 @@ jobs:
       - name: Create .env
         working-directory: ./backend
         run: touch .env
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-        with:
-          use: true
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From ec02930627f9ca81ce7df302f75a8054a22c91e1 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 22 Jun 2023 16:04:54 -0400
Subject: [PATCH 104/378] revert

---
 .github/workflows/test.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index efbcbf09d0..f49c5b2a6b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -109,9 +109,9 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
-      - name: Create .env
+      - name: Pull Docker Hub images
         working-directory: ./backend
-        run: touch .env
+        run: touch .env && docker-compose pull
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -133,9 +133,9 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
-      - name: Create .env
+      - name: Pull Docker Hub images
         working-directory: ./backend
-        run: touch .env
+        run: touch .env && docker-compose pull
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From 21ae0a765b4e5b8dd96c5a6e6c70f6a80ed7180f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:04:44 -0400
Subject: [PATCH 105/378] testing bake

---
 .github/workflows/test.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f49c5b2a6b..591e31c8df 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -8,14 +8,22 @@ jobs:
     name: Build Docker and Cache
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@v3
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
-      - uses: actions/checkout@v3
       - uses: docker/build-push-action@v2
         with:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
+      - uses: docker/bake-action@v3
+        with:
+          files: ./backend/docker-compose.yml
+          push: false
+          load: true
+          set: |
+            web.cache-from=type=gha
+            web.cache-to=type=gha
 
   linting:
     runs-on: ubuntu-latest

From a1d8f66368a1b072993759bbc799acbaf0220128 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:07:50 -0400
Subject: [PATCH 106/378] add env for docker bake

---
 .github/workflows/test.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 591e31c8df..49747651c8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -5,10 +5,19 @@ on:
 
 jobs:
   build-with-docker:
+    env:
+      ENV: TESTING
+      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
+      DJANGO_BASE_URL: 'http://localhost:8000'
+      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
+      SECRET_KEY: ${{ secrets.SECRET_KEY }}
     name: Build Docker and Cache
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+      - name: Pull Docker Hub images
+        working-directory: ./backend
+        run: touch .env
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2

From 3f938b6fa57674fe3e2188bbe6a03e1521c4110a Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:08:24 -0400
Subject: [PATCH 107/378] add all env vars

---
 .github/workflows/test.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 49747651c8..2e4e351991 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -11,6 +11,8 @@ jobs:
       DJANGO_BASE_URL: 'http://localhost:8000'
       DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
       SECRET_KEY: ${{ secrets.SECRET_KEY }}
+      ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
+      DISABLE_AUTH: True
     name: Build Docker and Cache
     runs-on: ubuntu-latest
     steps:

From 6421c78ecd4ce289be364df29532786694d43daa Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:08:44 -0400
Subject: [PATCH 108/378] fix

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 2e4e351991..fbcbaa01f8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Pull Docker Hub images
+      - name: Create .env file
         working-directory: ./backend
         run: touch .env
       - name: Set up Docker Buildx

From ed37798bc4104935b4f5cb78c96c9ae5f3c6273d Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:11:12 -0400
Subject: [PATCH 109/378] testing

---
 .github/workflows/test.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index fbcbaa01f8..f31a9d9225 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,9 +17,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Create .env file
-        working-directory: ./backend
-        run: touch .env
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2
@@ -27,6 +24,8 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
+      - name: Create .env file
+        run: touch ./backend/.env
       - uses: docker/bake-action@v3
         with:
           files: ./backend/docker-compose.yml

From b6d2299adafab4d9dd8454d0e472b7e0357d85f9 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:15:42 -0400
Subject: [PATCH 110/378] testing

---
 .github/workflows/test.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f31a9d9225..4022a485ed 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -25,7 +25,8 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
       - name: Create .env file
-        run: touch ./backend/.env
+        working-directory: ./backend/
+        run: touch .env && cat .env && pwd
       - uses: docker/bake-action@v3
         with:
           files: ./backend/docker-compose.yml

From 5054af948c4d390a6f2125de9461417f8628d45c Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:20:22 -0400
Subject: [PATCH 111/378] testing

---
 .github/workflows/test.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 4022a485ed..29d14c5d9b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,6 +17,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+      - name: Create .env file
+        working-directory: ./backend/
+        run: touch .env && docker-compose pull
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2
@@ -24,9 +27,6 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      - name: Create .env file
-        working-directory: ./backend/
-        run: touch .env && cat .env && pwd
       - uses: docker/bake-action@v3
         with:
           files: ./backend/docker-compose.yml

From cf02fed941a2fdcd02ebafedf46e7972cf21db55 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:22:50 -0400
Subject: [PATCH 112/378] add workdir to bake

---
 .github/workflows/test.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 29d14c5d9b..7046b3558d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -18,8 +18,8 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Create .env file
-        working-directory: ./backend/
-        run: touch .env && docker-compose pull
+        working-directory: ./backend
+        run: touch .env
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2
@@ -29,7 +29,8 @@ jobs:
           cache-to: type=gha,mode=max
       - uses: docker/bake-action@v3
         with:
-          files: ./backend/docker-compose.yml
+          workdir: ./backend
+          files: docker-compose.yml
           push: false
           load: true
           set: |

From 00943c4d8dd32f0dd43cd54e1d6fe5e05c8c33e8 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:28:13 -0400
Subject: [PATCH 113/378] testing

---
 .github/workflows/test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 7046b3558d..a2e828caf9 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -131,7 +131,7 @@ jobs:
           node-version: 16
       - name: Pull Docker Hub images
         working-directory: ./backend
-        run: touch .env && docker-compose pull
+        run: touch .env
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -155,7 +155,7 @@ jobs:
           node-version: 16
       - name: Pull Docker Hub images
         working-directory: ./backend
-        run: touch .env && docker-compose pull
+        run: touch .env
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From 8fc826aa772617aab051c75d4dcfc5767105a59e Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:30:07 -0400
Subject: [PATCH 114/378] testing

---
 .github/workflows/test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a2e828caf9..b24d006ca4 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -129,7 +129,7 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
-      - name: Pull Docker Hub images
+      - name: Create .env file
         working-directory: ./backend
         run: touch .env
       - name: Run Django test suite
@@ -153,7 +153,7 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
-      - name: Pull Docker Hub images
+      - name: Create .env file
         working-directory: ./backend
         run: touch .env
       - name: run Lighthouse CI

From a45d0eee1bee6bc8a3c9e66afc0154c6087a0d6c Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:40:26 -0400
Subject: [PATCH 115/378] pull earlier

---
 .github/workflows/test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b24d006ca4..249aaddb75 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -19,7 +19,7 @@ jobs:
       - uses: actions/checkout@v3
       - name: Create .env file
         working-directory: ./backend
-        run: touch .env
+        run: touch .env && docker-compose pull
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2
@@ -35,7 +35,7 @@ jobs:
           load: true
           set: |
             web.cache-from=type=gha
-            web.cache-to=type=gha
+            web.cache-to=type=gha,mode=max
 
   linting:
     runs-on: ubuntu-latest

From ad52889ecb4b912fef31e8a8d7214d880ae38a8a Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:45:44 -0400
Subject: [PATCH 116/378] testing buildx before docker-compose

---
 .github/workflows/test.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 249aaddb75..0c950a0648 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -132,6 +132,8 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
       - name: Run Django test suite
         working-directory: ./backend
         run: |

From 2581a035d473ca18c5cb9f31d7cd695f6b0a6c90 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:50:22 -0400
Subject: [PATCH 117/378] test a new command

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 0c950a0648..00eea68700 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -137,7 +137,7 @@ jobs:
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker-compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker buildx bake web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     needs: [build-with-docker]

From 5d32a3efd742c31e7ec469b16526d1085d071800 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:55:01 -0400
Subject: [PATCH 118/378] testing bake

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 00eea68700..843cfcb8f5 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -137,7 +137,7 @@ jobs:
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker buildx bake web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker buildx bake --builder -f ./backend/docker-compose.yml web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     needs: [build-with-docker]

From 8b30671b80d09589e38b4ffbdc860c1373335838 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 08:58:06 -0400
Subject: [PATCH 119/378] revert

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 843cfcb8f5..c61fe02557 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -137,7 +137,7 @@ jobs:
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker buildx bake --builder -f ./backend/docker-compose.yml web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     needs: [build-with-docker]

From a603d27e06f019890c7a9aa94c63d08d5a9872df Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:00:37 -0400
Subject: [PATCH 120/378] testing

---
 .github/workflows/test.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c61fe02557..03816c4525 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -132,12 +132,13 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+      - name: Start services
+        working-directory: ./backend
+        run: docker-compose up -d
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker-compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     needs: [build-with-docker]

From e5c8e8ab875c695db5d58f624d1042f2b79dd43a Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:13:17 -0400
Subject: [PATCH 121/378] testing

---
 .github/workflows/test.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 03816c4525..18814678c8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -36,6 +36,9 @@ jobs:
           set: |
             web.cache-from=type=gha
             web.cache-to=type=gha,mode=max
+      - name: Start services
+        working-directory: ./backend
+        run: docker compose up -d --no-build
 
   linting:
     runs-on: ubuntu-latest
@@ -132,13 +135,10 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - name: Start services
-        working-directory: ./backend
-        run: docker-compose up -d
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker-compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
     needs: [build-with-docker]

From be8a1fd2dac57aaa5db3bf9350cc8593c9260772 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:17:09 -0400
Subject: [PATCH 122/378] testing

---
 .github/workflows/test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 18814678c8..c2c9fd38cf 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -19,7 +19,7 @@ jobs:
       - uses: actions/checkout@v3
       - name: Create .env file
         working-directory: ./backend
-        run: touch .env && docker-compose pull
+        run: touch .env
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - uses: docker/build-push-action@v2
@@ -38,7 +38,7 @@ jobs:
             web.cache-to=type=gha,mode=max
       - name: Start services
         working-directory: ./backend
-        run: docker compose up -d --no-build
+        run: docker-compose pull && docker-compose up -d --no-build
 
   linting:
     runs-on: ubuntu-latest

From b7f81103b1af9158b3cf3866d1632c9968b77c86 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:17:34 -0400
Subject: [PATCH 123/378] remove bake

---
 .github/workflows/test.yml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c2c9fd38cf..9dd9b91e7d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -27,15 +27,15 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      - uses: docker/bake-action@v3
-        with:
-          workdir: ./backend
-          files: docker-compose.yml
-          push: false
-          load: true
-          set: |
-            web.cache-from=type=gha
-            web.cache-to=type=gha,mode=max
+      # - uses: docker/bake-action@v3
+      #   with:
+      #     workdir: ./backend
+      #     files: docker-compose.yml
+      #     push: false
+      #     load: true
+      #     set: |
+      #       web.cache-from=type=gha
+      #       web.cache-to=type=gha,mode=max
       - name: Start services
         working-directory: ./backend
         run: docker-compose pull && docker-compose up -d --no-build

From b5f10ab0c1ddb4e51f306cdcdcaa616f0737ebbd Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:18:53 -0400
Subject: [PATCH 124/378] remove no build

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 9dd9b91e7d..93b42d92a9 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -38,7 +38,7 @@ jobs:
       #       web.cache-to=type=gha,mode=max
       - name: Start services
         working-directory: ./backend
-        run: docker-compose pull && docker-compose up -d --no-build
+        run: docker-compose pull && docker-compose up -d
 
   linting:
     runs-on: ubuntu-latest

From ff70858bee56e85bc2e5e9fc0aba45acefac7529 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:19:19 -0400
Subject: [PATCH 125/378] test

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 93b42d92a9..8a55c87273 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -38,7 +38,7 @@ jobs:
       #       web.cache-to=type=gha,mode=max
       - name: Start services
         working-directory: ./backend
-        run: docker-compose pull && docker-compose up -d
+        run: docker compose pull && docker compose up -d
 
   linting:
     runs-on: ubuntu-latest

From db52b7135a3c1b6e70e9362172c20d0149d891f1 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:31:25 -0400
Subject: [PATCH 126/378] revert

---
 .github/workflows/test.yml | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 8a55c87273..dccb080456 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -27,18 +27,15 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      # - uses: docker/bake-action@v3
-      #   with:
-      #     workdir: ./backend
-      #     files: docker-compose.yml
-      #     push: false
-      #     load: true
-      #     set: |
-      #       web.cache-from=type=gha
-      #       web.cache-to=type=gha,mode=max
-      - name: Start services
-        working-directory: ./backend
-        run: docker compose pull && docker compose up -d
+      - uses: docker/bake-action@v3
+        with:
+          workdir: ./backend
+          files: docker-compose.yml
+          push: false
+          load: true
+          set: |
+            web.cache-from=type=gha
+            web.cache-to=type=gha,mode=max
 
   linting:
     runs-on: ubuntu-latest
@@ -135,6 +132,9 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
+      - name: Start services
+        working-directory: ./backend
+        run: docker compose up -d
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -159,6 +159,9 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
+      - name: Start services
+        working-directory: ./backend
+        run: docker compose up -d
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From 96a2e2fb72089f510b6eba74e03b8143e1789266 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 09:45:48 -0400
Subject: [PATCH 127/378] testing

---
 .github/workflows/test.yml | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index dccb080456..ecf516c36d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -27,15 +27,16 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      - uses: docker/bake-action@v3
-        with:
-          workdir: ./backend
-          files: docker-compose.yml
-          push: false
           load: true
-          set: |
-            web.cache-from=type=gha
-            web.cache-to=type=gha,mode=max
+      # - uses: docker/bake-action@v3
+      #   with:
+      #     workdir: ./backend
+      #     files: docker-compose.yml
+      #     push: false
+      #     load: true
+      #     set: |
+      #       web.cache-from=type=gha
+      #       web.cache-to=type=gha,mode=max
 
   linting:
     runs-on: ubuntu-latest
@@ -170,3 +171,5 @@ jobs:
         run: |
           npm i -g pa11y-ci
           pa11y-ci
+  validate-terraform:
+    uses: ./.github/workflows/terraform-lint.yml

From 7c314d353535a19807f741e07888c7a50f2aa90c Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:05:12 -0400
Subject: [PATCH 128/378] test with artifacts

---
 .github/workflows/test.yml | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ecf516c36d..8cefc10aeb 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -28,6 +28,12 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
           load: true
+          outputs: type=oci,dest=/tmp/image.tar
+      - name: Upload artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: image
+          path: /tmp/image.tar
       # - uses: docker/bake-action@v3
       #   with:
       #     workdir: ./backend
@@ -133,9 +139,10 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - name: Start services
-        working-directory: ./backend
-        run: docker compose up -d
+      - uses: actions/download-artifact@v3
+        with:
+          name: image
+          path: /tmp/image.tar
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -160,6 +167,10 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
+      - uses: actions/download-artifact@v3
+        with:
+          name: image
+          path: /tmp/image.tar
       - name: Start services
         working-directory: ./backend
         run: docker compose up -d

From 3bb7fdde03999460dce6b7997473c4e9e67a6ca5 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:06:19 -0400
Subject: [PATCH 129/378] remove load:true

---
 .github/workflows/test.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 8cefc10aeb..c6996f394d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -27,7 +27,6 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          load: true
           outputs: type=oci,dest=/tmp/image.tar
       - name: Upload artifact
         uses: actions/upload-artifact@v2

From 8f69d38928146fde9eb46695442c850793aee0b7 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:12:07 -0400
Subject: [PATCH 130/378] test with docker load

---
 .github/workflows/test.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c6996f394d..b56e006af4 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -142,6 +142,9 @@ jobs:
         with:
           name: image
           path: /tmp/image.tar
+      - name: Start services
+        working-directory: ./backend
+        run: docker load --input image.tar
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -172,7 +175,7 @@ jobs:
           path: /tmp/image.tar
       - name: Start services
         working-directory: ./backend
-        run: docker compose up -d
+        run: docker load --input image.tar
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From 580aed120114c3a90364e629913bbf6bffa0d9c7 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:18:32 -0400
Subject: [PATCH 131/378] test with docker load

---
 .github/workflows/test.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b56e006af4..a88a2f4703 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -142,9 +142,9 @@ jobs:
         with:
           name: image
           path: /tmp/image.tar
-      - name: Start services
+      - name: Docker Load
         working-directory: ./backend
-        run: docker load --input image.tar
+        run: docker load --input /tmp/image.tar
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -173,9 +173,9 @@ jobs:
         with:
           name: image
           path: /tmp/image.tar
-      - name: Start services
+      - name: Docker Load
         working-directory: ./backend
-        run: docker load --input image.tar
+        run: docker load --input /tmp/image.tar
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From 0af7834a4cc2331bbbd6b893e54df3c803c8087a Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:24:55 -0400
Subject: [PATCH 132/378] test new method

---
 .github/workflows/test.yml | 29 +++++++++--------------------
 1 file changed, 9 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a88a2f4703..5558392082 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -27,12 +27,7 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          outputs: type=oci,dest=/tmp/image.tar
-      - name: Upload artifact
-        uses: actions/upload-artifact@v2
-        with:
-          name: image
-          path: /tmp/image.tar
+          load: true
       # - uses: docker/bake-action@v3
       #   with:
       #     workdir: ./backend
@@ -138,13 +133,10 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - uses: actions/download-artifact@v3
-        with:
-          name: image
-          path: /tmp/image.tar
-      - name: Docker Load
-        working-directory: ./backend
-        run: docker load --input /tmp/image.tar
+      - run: docker-compose pull
+      - uses: jpribyl/action-docker-layer-caching@v0.1.1
+        continue-on-error: true
+      - run: docker-compose up -d
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -169,13 +161,10 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - uses: actions/download-artifact@v3
-        with:
-          name: image
-          path: /tmp/image.tar
-      - name: Docker Load
-        working-directory: ./backend
-        run: docker load --input /tmp/image.tar
+      - run: docker-compose pull
+      - uses: jpribyl/action-docker-layer-caching@v0.1.1
+        continue-on-error: true
+      - run: docker-compose up -d
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From 4b67f2fe79157d9f6c9fed5e6077e4ad8718d286 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:29:50 -0400
Subject: [PATCH 133/378] testing

---
 .github/workflows/test.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 5558392082..6b28790a8a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -133,10 +133,11 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - run: docker-compose pull
       - uses: jpribyl/action-docker-layer-caching@v0.1.1
         continue-on-error: true
-      - run: docker-compose up -d
+      - name: Start Services
+        working-directory: ./backend
+        run: docker-compose up -d
       - name: Run Django test suite
         working-directory: ./backend
         run: |
@@ -161,10 +162,11 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - run: docker-compose pull
       - uses: jpribyl/action-docker-layer-caching@v0.1.1
         continue-on-error: true
-      - run: docker-compose up -d
+      - name: Start Services
+        working-directory: ./backend
+        run: docker-compose up -d
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x

From 5590919298250e70005e53a1c492fcae817023b5 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:34:57 -0400
Subject: [PATCH 134/378] move layer caching

---
 .github/workflows/test.yml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 6b28790a8a..5bf02ad290 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -27,7 +27,8 @@ jobs:
           context: ./backend
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          load: true
+      - uses: jpribyl/action-docker-layer-caching@v0.1.1
+        continue-on-error: false
       # - uses: docker/bake-action@v3
       #   with:
       #     workdir: ./backend
@@ -133,8 +134,6 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - uses: jpribyl/action-docker-layer-caching@v0.1.1
-        continue-on-error: true
       - name: Start Services
         working-directory: ./backend
         run: docker-compose up -d
@@ -162,8 +161,6 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - uses: jpribyl/action-docker-layer-caching@v0.1.1
-        continue-on-error: true
       - name: Start Services
         working-directory: ./backend
         run: docker-compose up -d

From 352b70252cba5802be94105afa38569123699bf7 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 10:40:43 -0400
Subject: [PATCH 135/378] testing

---
 .github/workflows/test.yml | 72 ++++++++++++++++++++++++--------------
 1 file changed, 45 insertions(+), 27 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 5bf02ad290..98abbffd3b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -4,31 +4,31 @@ on:
   workflow_dispatch:
 
 jobs:
-  build-with-docker:
-    env:
-      ENV: TESTING
-      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
-      DJANGO_BASE_URL: 'http://localhost:8000'
-      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
-      SECRET_KEY: ${{ secrets.SECRET_KEY }}
-      ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
-      DISABLE_AUTH: True
-    name: Build Docker and Cache
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Create .env file
-        working-directory: ./backend
-        run: touch .env
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - uses: docker/build-push-action@v2
-        with:
-          context: ./backend
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-      - uses: jpribyl/action-docker-layer-caching@v0.1.1
-        continue-on-error: false
+  # build-with-docker:
+  #   env:
+  #     ENV: TESTING
+  #     SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
+  #     DJANGO_BASE_URL: 'http://localhost:8000'
+  #     DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
+  #     SECRET_KEY: ${{ secrets.SECRET_KEY }}
+  #     ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
+  #     DISABLE_AUTH: True
+  #   name: Build Docker and Cache
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - uses: actions/checkout@v3
+  #     - name: Create .env file
+  #       working-directory: ./backend
+  #       run: touch .env
+  #     - name: Set up Docker Buildx
+  #       uses: docker/setup-buildx-action@v2
+  #     - uses: docker/build-push-action@v2
+  #       with:
+  #         context: ./backend
+  #         cache-from: type=gha
+  #         cache-to: type=gha,mode=max
+  #     - uses: jpribyl/action-docker-layer-caching@v0.1.1
+  #       continue-on-error: false
       # - uses: docker/bake-action@v3
       #   with:
       #     workdir: ./backend
@@ -116,7 +116,7 @@ jobs:
         run: npm run check-all
 
   test:
-    needs: [build-with-docker]
+    # needs: [build-with-docker]
     runs-on: ubuntu-latest
     env:
       ENV: TESTING
@@ -131,6 +131,15 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - uses: docker/build-push-action@v2
+        with:
+          context: ./backend
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      - uses: jpribyl/action-docker-layer-caching@v0.1.1
+        continue-on-error: false
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
@@ -143,7 +152,7 @@ jobs:
           docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
-    needs: [build-with-docker]
+    # needs: [build-with-docker]
     runs-on: ubuntu-20.04
     env:
       ENV: TESTING
@@ -161,6 +170,15 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - uses: docker/build-push-action@v2
+        with:
+          context: ./backend
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      - uses: jpribyl/action-docker-layer-caching@v0.1.1
+        continue-on-error: false
       - name: Start Services
         working-directory: ./backend
         run: docker-compose up -d

From debccbbaa17691cd435f74502548e3e29f071eaf Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:17:09 -0400
Subject: [PATCH 136/378] testing

---
 .github/workflows/cache-docker.yml | 31 ++++++++++++-
 .github/workflows/test.yml         | 61 ++------------------------
 backend/docker-compose-test.yml    | 70 ++++++++++++++++++++++++++++++
 3 files changed, 102 insertions(+), 60 deletions(-)
 create mode 100644 backend/docker-compose-test.yml

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 501e913d73..9105b0cf27 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -5,6 +5,7 @@ on:
 
 env:
     GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    GH_REPO: ghcr.io/asteel-gsa/fac
 
 jobs:
     build-with-docker:
@@ -12,9 +13,35 @@ jobs:
       runs-on: ubuntu-latest
       steps:
         - uses: actions/checkout@v3
-        - uses: docker/setup-buildx-action@v1
+        - name: Create .env file
+          working-directory: ./backend
+          run: touch .env
+        - name: Set up Docker Buildx
+          uses: docker/setup-buildx-action@v2
         - uses: docker/build-push-action@v2
           with:
-            context: ./backend/
+            context: ./backend
             cache-from: type=gha
             cache-to: type=gha,mode=max
+            load: true
+        # - uses: jpribyl/action-docker-layer-caching@v0.1.1
+        #   continue-on-error: false
+        # - uses: docker/bake-action@v3
+        #   with:
+        #     workdir: ./backend
+        #     files: docker-compose.yml
+        #     push: false
+        #     load: true
+        #     set: |
+        #       web.cache-from=type=gha
+        #       web.cache-to=type=gha,mode=max
+        - name: Login to GitHub Container Registry
+          uses: docker/login-action@v2
+          with:
+            registry: ghcr.io
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+        - name: Tag Image
+          run: |
+            date=$(date +%Y%m%d)
+            docker push ${{ env.GH_REPO }}/django:latest
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 98abbffd3b..dbceb49144 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -4,41 +4,6 @@ on:
   workflow_dispatch:
 
 jobs:
-  # build-with-docker:
-  #   env:
-  #     ENV: TESTING
-  #     SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
-  #     DJANGO_BASE_URL: 'http://localhost:8000'
-  #     DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
-  #     SECRET_KEY: ${{ secrets.SECRET_KEY }}
-  #     ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
-  #     DISABLE_AUTH: True
-  #   name: Build Docker and Cache
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - uses: actions/checkout@v3
-  #     - name: Create .env file
-  #       working-directory: ./backend
-  #       run: touch .env
-  #     - name: Set up Docker Buildx
-  #       uses: docker/setup-buildx-action@v2
-  #     - uses: docker/build-push-action@v2
-  #       with:
-  #         context: ./backend
-  #         cache-from: type=gha
-  #         cache-to: type=gha,mode=max
-  #     - uses: jpribyl/action-docker-layer-caching@v0.1.1
-  #       continue-on-error: false
-      # - uses: docker/bake-action@v3
-      #   with:
-      #     workdir: ./backend
-      #     files: docker-compose.yml
-      #     push: false
-      #     load: true
-      #     set: |
-      #       web.cache-from=type=gha
-      #       web.cache-to=type=gha,mode=max
-
   linting:
     runs-on: ubuntu-latest
     env:
@@ -116,7 +81,6 @@ jobs:
         run: npm run check-all
 
   test:
-    # needs: [build-with-docker]
     runs-on: ubuntu-latest
     env:
       ENV: TESTING
@@ -131,28 +95,18 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 16
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - uses: docker/build-push-action@v2
-        with:
-          context: ./backend
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-      - uses: jpribyl/action-docker-layer-caching@v0.1.1
-        continue-on-error: false
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
       - name: Start Services
         working-directory: ./backend
-        run: docker-compose up -d
+        run: docker compose -f docker-compose-test.yml up -d
       - name: Run Django test suite
         working-directory: ./backend
         run: |
-          docker compose run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+          docker compose -f docker-compose-test.yml run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
-    # needs: [build-with-docker]
     runs-on: ubuntu-20.04
     env:
       ENV: TESTING
@@ -170,18 +124,9 @@ jobs:
       - name: Create .env file
         working-directory: ./backend
         run: touch .env
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - uses: docker/build-push-action@v2
-        with:
-          context: ./backend
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-      - uses: jpribyl/action-docker-layer-caching@v0.1.1
-        continue-on-error: false
       - name: Start Services
         working-directory: ./backend
-        run: docker-compose up -d
+        run: docker compose -f docker-compose-test.yml up -d
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.8.x
diff --git a/backend/docker-compose-test.yml b/backend/docker-compose-test.yml
new file mode 100644
index 0000000000..06a53c6feb
--- /dev/null
+++ b/backend/docker-compose-test.yml
@@ -0,0 +1,70 @@
+version: "3.7"
+
+services:
+  db:
+    image: "postgres:12"
+    environment:
+      - "POSTGRES_HOST_AUTH_METHOD=trust"
+    volumes:
+      - postgres-data:/var/lib/postgresql/data/
+    ports:
+      - "5432:5432"
+
+  web:
+    image: ghcr.io/gsa-tts/fac/django:latest
+    command: /src/run.sh
+    depends_on:
+      - db
+      - minio
+    environment:
+      - "DATABASE_URL=postgres://postgres@db/postgres"
+      - "DJANGO_DEBUG=true"
+      - "SAM_API_KEY=${SAM_API_KEY}"
+      - "DJANGO_BASE_URL=http://localhost:8000"
+      - "DJANGO_SECRET_LOGIN_KEY=${DJANGO_SECRET_LOGIN_KEY}"
+      - "ENV=${ENV}"
+      - "SECRET_KEY=${SECRET_KEY}"
+      - "ALLOWED_HOSTS=0.0.0.0 127.0.0.1 localhost"
+      - "AV_SCAN_URL=http://clamav-rest:9000/scan"
+      - "DISABLE_AUTH=${DISABLE_AUTH:-False}"
+      - "LOCALSTACK_HOST=localstack"
+    env_file:
+      - ".env"
+    ports:
+      - "8000:8000"
+    volumes:
+      - .:/src
+      - /src/node_modules
+      - /src/staticfiles
+  clamav-rest:
+    image: ghcr.io/gsa-tts/fac/clamav:latest
+    environment:
+      - MAX_FILE_SIZE=25M
+      - SIGNATURE_CHECKS=1
+    ports:
+      - "9000:9000"
+  minio:
+    container_name: "minio"
+    image: minio/minio
+    command: server /tmp/minio --console-address ":9002"
+    ports:
+      - "9001:9000"
+      - "9002:9002"
+    volumes:
+      - "minio-vol:/tmp/minio"
+  api:
+    image: ghcr.io/gsa-tts/fac/postgrest:latest
+    ports:
+      - "3000:3000"
+    expose:
+      - "3000"
+    environment:
+      PGRST_DB_URI: postgres://postgres@db:5432/postgres
+      PGRST_OPENAPI_SERVER_PROXY_URI: http://127.0.0.1:3000
+      PGRST_DB_ANON_ROLE: anon
+      PGRST_DB_SCHEMAS: api
+    depends_on:
+      - db
+volumes:
+  postgres-data:
+  minio-vol:

From b724c8cb7252a9c949b90f98f62129bdca54f0dd Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:17:31 -0400
Subject: [PATCH 137/378] test

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 9105b0cf27..9737f8c94f 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -41,7 +41,7 @@ jobs:
             registry: ghcr.io
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
-        - name: Tag Image
+        - name: Push image
           run: |
             date=$(date +%Y%m%d)
             docker push ${{ env.GH_REPO }}/django:latest

From 4f698a807407b80dabce002efca95e9f3b40cffa Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:31:07 -0400
Subject: [PATCH 138/378] test push to ghcr

---
 .github/workflows/cache-docker.yml | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 9737f8c94f..a275e596a9 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -18,12 +18,19 @@ jobs:
           run: touch .env
         - name: Set up Docker Buildx
           uses: docker/setup-buildx-action@v2
+        - name: Login to GitHub Container Registry
+          uses: docker/login-action@v2
+          with:
+            registry: ghcr.io
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
         - uses: docker/build-push-action@v2
           with:
             context: ./backend
             cache-from: type=gha
             cache-to: type=gha,mode=max
-            load: true
+            push: true
+            tags: django:latest
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false
         # - uses: docker/bake-action@v3
@@ -35,13 +42,3 @@ jobs:
         #     set: |
         #       web.cache-from=type=gha
         #       web.cache-to=type=gha,mode=max
-        - name: Login to GitHub Container Registry
-          uses: docker/login-action@v2
-          with:
-            registry: ghcr.io
-            username: ${{ github.repository_owner }}
-            password: ${{ secrets.GITHUB_TOKEN }}
-        - name: Push image
-          run: |
-            date=$(date +%Y%m%d)
-            docker push ${{ env.GH_REPO }}/django:latest

From 42a512120e452633c0926913d70b6fd1e35b8524 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:32:46 -0400
Subject: [PATCH 139/378] testing

---
 .github/workflows/cache-docker.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index a275e596a9..c25c4f9e73 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -31,6 +31,8 @@ jobs:
             cache-to: type=gha,mode=max
             push: true
             tags: django:latest
+            secrets: |
+              GIT_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }}
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false
         # - uses: docker/bake-action@v3

From d589a03226ef0db1f225c669ff4c99c28375ad5f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:38:30 -0400
Subject: [PATCH 140/378] test

---
 .github/workflows/cache-docker.yml | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index c25c4f9e73..67c04146cc 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -13,26 +13,23 @@ jobs:
       runs-on: ubuntu-latest
       steps:
         - uses: actions/checkout@v3
+
         - name: Create .env file
           working-directory: ./backend
           run: touch .env
+
         - name: Set up Docker Buildx
           uses: docker/setup-buildx-action@v2
+
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
           with:
             registry: ghcr.io
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
-        - uses: docker/build-push-action@v2
-          with:
-            context: ./backend
-            cache-from: type=gha
-            cache-to: type=gha,mode=max
-            push: true
-            tags: django:latest
-            secrets: |
-              GIT_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }}
+
+        - name: Push Image
+          run: docker push ${{ env.GH_REPO }}/django:latest
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false
         # - uses: docker/bake-action@v3

From 301be57f90b3415e7b410b5a80714755ffee2054 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:39:36 -0400
Subject: [PATCH 141/378] test

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 67c04146cc..6d7bd5fd5a 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -29,7 +29,7 @@ jobs:
             password: ${{ secrets.GITHUB_TOKEN }}
 
         - name: Push Image
-          run: docker push ${{ env.GH_REPO }}/django:latest
+          run: docker push ${{ env.GH_REPO }}
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false
         # - uses: docker/bake-action@v3

From 0e7cefc352c88fa974622789f5c1e70016c4fdb3 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:43:26 -0400
Subject: [PATCH 142/378] test tagging

---
 .github/workflows/cache-docker.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 6d7bd5fd5a..51e94af626 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -19,8 +19,10 @@ jobs:
           run: touch .env
 
         - name: Set up Docker Buildx
+          id: buildx
           uses: docker/setup-buildx-action@v2
 
+
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
           with:
@@ -28,8 +30,12 @@ jobs:
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
+        - name: Tag Image
+          run: |
+            docker tag ${{ steps.buildx.outputs.name }} ${{ env.GH_REPO }}/django:latest
+
         - name: Push Image
-          run: docker push ${{ env.GH_REPO }}
+          run: docker push --all-tags ${{ env.GH_REPO }}/django
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false
         # - uses: docker/bake-action@v3

From b8cc3f7641ff376093e23c432fabd4715d27bf2e Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:46:17 -0400
Subject: [PATCH 143/378] testing tag

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 51e94af626..9d65aba49b 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -32,7 +32,7 @@ jobs:
 
         - name: Tag Image
           run: |
-            docker tag ${{ steps.buildx.outputs.name }} ${{ env.GH_REPO }}/django:latest
+            docker tag ${{ steps.buildx.outputs.name }} django
 
         - name: Push Image
           run: docker push --all-tags ${{ env.GH_REPO }}/django

From af8c5138a306c92e33768116e7f431e61745d386 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:48:24 -0400
Subject: [PATCH 144/378] test push

---
 .github/workflows/cache-docker.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 9d65aba49b..6ec0e37e5d 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -30,12 +30,12 @@ jobs:
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
-        - name: Tag Image
-          run: |
-            docker tag ${{ steps.buildx.outputs.name }} django
+        # - name: Tag Image
+        #   run: |
+        #     docker tag ${{ steps.buildx.outputs.name }} django
 
         - name: Push Image
-          run: docker push --all-tags ${{ env.GH_REPO }}/django
+          run: docker push  ${{ env.GH_REPO }}/${{ steps.buildx.outputs.name }}:latest
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false
         # - uses: docker/bake-action@v3

From ce8091edccac62c252261ea1c9da5a9f338fc19f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 11:58:50 -0400
Subject: [PATCH 145/378] test push

---
 .github/workflows/cache-docker.yml | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 6ec0e37e5d..74a9e11306 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -12,8 +12,6 @@ jobs:
       name: Build with Docker
       runs-on: ubuntu-latest
       steps:
-        - uses: actions/checkout@v3
-
         - name: Create .env file
           working-directory: ./backend
           run: touch .env
@@ -22,7 +20,6 @@ jobs:
           id: buildx
           uses: docker/setup-buildx-action@v2
 
-
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
           with:
@@ -30,12 +27,22 @@ jobs:
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
+        - name: Build and push
+          uses: docker/build-push-action@v4
+          with:
+            context: ./backend
+            cache-from: type=gha
+            cache-to: type=gha,mode=max
+            push: false
+            tags: django:latest
+
+        - name: Push Image
+          run: docker push --all-tags ${{ env.GH_REPO }}/django:latest
+
         # - name: Tag Image
         #   run: |
         #     docker tag ${{ steps.buildx.outputs.name }} django
 
-        - name: Push Image
-          run: docker push  ${{ env.GH_REPO }}/${{ steps.buildx.outputs.name }}:latest
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false
         # - uses: docker/bake-action@v3

From 3ca3beb6d73e3b565bc36f58f0f493428b2021e9 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:00:42 -0400
Subject: [PATCH 146/378] replace checkout

---
 .github/workflows/cache-docker.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 74a9e11306..ec20280870 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -12,6 +12,9 @@ jobs:
       name: Build with Docker
       runs-on: ubuntu-latest
       steps:
+        - name: Checkout
+          uses: actions/checkout@v3
+
         - name: Create .env file
           working-directory: ./backend
           run: touch .env

From 856ffca5ac7ceea41849e4ec6ac53524351cd270 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:01:48 -0400
Subject: [PATCH 147/378] remove --all-tags

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index ec20280870..473527f1ed 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -40,7 +40,7 @@ jobs:
             tags: django:latest
 
         - name: Push Image
-          run: docker push --all-tags ${{ env.GH_REPO }}/django:latest
+          run: docker push ${{ env.GH_REPO }}/django:latest
 
         # - name: Tag Image
         #   run: |

From 526697e8d9ba97d227f238970127baa398b47783 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:02:54 -0400
Subject: [PATCH 148/378] test tag

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 473527f1ed..6b19f06aa7 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -37,7 +37,7 @@ jobs:
             cache-from: type=gha
             cache-to: type=gha,mode=max
             push: false
-            tags: django:latest
+            tags: ${{ env.GH_REPO }}/django:latest
 
         - name: Push Image
           run: docker push ${{ env.GH_REPO }}/django:latest

From e5f8859684ea73fabaf896019786fc98e579aad1 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:06:49 -0400
Subject: [PATCH 149/378] test push

---
 .github/workflows/cache-docker.yml | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 6b19f06aa7..075ec29792 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -36,15 +36,9 @@ jobs:
             context: ./backend
             cache-from: type=gha
             cache-to: type=gha,mode=max
-            push: false
-            tags: ${{ env.GH_REPO }}/django:latest
-
-        - name: Push Image
-          run: docker push ${{ env.GH_REPO }}/django:latest
-
-        # - name: Tag Image
-        #   run: |
-        #     docker tag ${{ steps.buildx.outputs.name }} django
+            platforms: linux/arm64
+            push: true
+            tags: ${{ env.GH_REPO }}/web:latest
 
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false

From 36c30cf1033d665dc877d6107782cfad3d673650 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:11:48 -0400
Subject: [PATCH 150/378] remove env

---
 .github/workflows/cache-docker.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 075ec29792..16577d5d30 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -4,7 +4,6 @@ on:
     workflow_dispatch:
 
 env:
-    GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     GH_REPO: ghcr.io/asteel-gsa/fac
 
 jobs:

From a5ecd494a2136db03b875ba761b90c5628883b0c Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:43:45 -0400
Subject: [PATCH 151/378] remove platforms

---
 .github/workflows/cache-docker.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 16577d5d30..63c68422d0 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -35,7 +35,6 @@ jobs:
             context: ./backend
             cache-from: type=gha
             cache-to: type=gha,mode=max
-            platforms: linux/arm64
             push: true
             tags: ${{ env.GH_REPO }}/web:latest
 

From b1f20fcf374be981e89f4e446f4f4ba2a0120790 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:46:36 -0400
Subject: [PATCH 152/378] testing

---
 .github/workflows/cache-docker.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 63c68422d0..184671003e 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -37,6 +37,7 @@ jobs:
             cache-to: type=gha,mode=max
             push: true
             tags: ${{ env.GH_REPO }}/web:latest
+            secrets: GIT_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }}
 
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false

From 98579fdea0dde53e216dae0d0ef30c0b507d9b52 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:54:46 -0400
Subject: [PATCH 153/378] test build and push

---
 .github/workflows/cache-docker.yml | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 184671003e..a17f237bdd 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -29,15 +29,25 @@ jobs:
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
-        - name: Build and push
-          uses: docker/build-push-action@v4
+        - name: Build & push Docker image
+          uses: mr-smithers-excellent/docker-build-push@v6
           with:
-            context: ./backend
-            cache-from: type=gha
-            cache-to: type=gha,mode=max
-            push: true
-            tags: ${{ env.GH_REPO }}/web:latest
-            secrets: GIT_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }}
+            image: web
+            tags: latest
+            registry: ghcr.io
+            dockerfile: ./backend/Dockerfile
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+
+        # - name: Build and push
+        #   uses: docker/build-push-action@v4
+        #   with:
+        #     context: ./backend
+        #     cache-from: type=gha
+        #     cache-to: type=gha,mode=max
+        #     push: true
+        #     tags: ${{ env.GH_REPO }}/web:latest
+        #     secrets: GIT_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }}
 
         # - uses: jpribyl/action-docker-layer-caching@v0.1.1
         #   continue-on-error: false

From cbf36c2f96814f6eed43bb4aa2976548cb53b495 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:58:45 -0400
Subject: [PATCH 154/378] test

---
 .github/workflows/cache-docker.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index a17f237bdd..67e7a853f7 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -29,13 +29,15 @@ jobs:
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
+        - uses: jpribyl/action-docker-layer-caching@v0.1.1
         - name: Build & push Docker image
           uses: mr-smithers-excellent/docker-build-push@v6
           with:
+            directory: ./backend
             image: web
             tags: latest
             registry: ghcr.io
-            dockerfile: ./backend/Dockerfile
+            dockerfile: Dockerfile
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 

From 8fdaaa2c4d25fdf3c6d6478bf5e6847f6adddc70 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 12:59:58 -0400
Subject: [PATCH 155/378] testing

---
 .github/workflows/cache-docker.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 67e7a853f7..5fbec8d6ce 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -37,7 +37,6 @@ jobs:
             image: web
             tags: latest
             registry: ghcr.io
-            dockerfile: Dockerfile
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 

From 361d0c9ff696669ee71c63784d2d59b6f50a2a32 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 13:03:00 -0400
Subject: [PATCH 156/378] test

---
 .github/workflows/cache-docker.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 5fbec8d6ce..d80ff2d2ff 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -33,9 +33,7 @@ jobs:
         - name: Build & push Docker image
           uses: mr-smithers-excellent/docker-build-push@v6
           with:
-            directory: ./backend
             image: web
-            tags: latest
             registry: ghcr.io
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}

From 5d302b048e05db21b1d0f979dabc6b124280c9c6 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 13:05:49 -0400
Subject: [PATCH 157/378] testing

---
 .github/workflows/cache-docker.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index d80ff2d2ff..4cd4f74442 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -22,6 +22,13 @@ jobs:
           id: buildx
           uses: docker/setup-buildx-action@v2
 
+        - name: Build and push
+          uses: docker/build-push-action@v4
+          with:
+            context: ./backend
+            cache-from: type=gha
+            cache-to: type=gha,mode=max
+
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
           with:
@@ -30,11 +37,15 @@ jobs:
             password: ${{ secrets.GITHUB_TOKEN }}
 
         - uses: jpribyl/action-docker-layer-caching@v0.1.1
+          continue-on-error: false
+
         - name: Build & push Docker image
           uses: mr-smithers-excellent/docker-build-push@v6
           with:
             image: web
             registry: ghcr.io
+            directory: ./backend
+            dockerfile: .
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 

From 57fcf92f6ea05ef2ca76b145c9fbb0de40f2568e Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 13:06:51 -0400
Subject: [PATCH 158/378] test

---
 .github/workflows/cache-docker.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 4cd4f74442..6fdd1476fd 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -45,7 +45,6 @@ jobs:
             image: web
             registry: ghcr.io
             directory: ./backend
-            dockerfile: .
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 

From 697438e35731e1003b40e196c776e4b7fa516829 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 13:10:57 -0400
Subject: [PATCH 159/378] test

---
 .github/workflows/cache-docker.yml | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 6fdd1476fd..bbc87be585 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -22,13 +22,18 @@ jobs:
           id: buildx
           uses: docker/setup-buildx-action@v2
 
-        - name: Build and push
+        - name: Build and push Action
           uses: docker/build-push-action@v4
           with:
             context: ./backend
             cache-from: type=gha
             cache-to: type=gha,mode=max
 
+        - uses: jpribyl/action-docker-layer-caching@v0.1.1
+        - name: Build
+          working-directory: ./backend
+          run: docker build . -t web:latest
+
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
           with:
@@ -36,17 +41,9 @@ jobs:
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
-        - uses: jpribyl/action-docker-layer-caching@v0.1.1
-          continue-on-error: false
+        - name: Push Image
+          run: docker push ${{ env.GH_REPO }}/web:latest
 
-        - name: Build & push Docker image
-          uses: mr-smithers-excellent/docker-build-push@v6
-          with:
-            image: web
-            registry: ghcr.io
-            directory: ./backend
-            username: ${{ github.repository_owner }}
-            password: ${{ secrets.GITHUB_TOKEN }}
 
         # - name: Build and push
         #   uses: docker/build-push-action@v4

From 050c714fd0cf3094dd92032c655cad371790cc08 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 13:14:59 -0400
Subject: [PATCH 160/378] test

---
 .github/workflows/cache-docker.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index bbc87be585..acab90e9f6 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -1,5 +1,5 @@
 ---
-name: Docker Caching
+name: Build and publish docker container
 on:
     workflow_dispatch:
 
@@ -22,17 +22,16 @@ jobs:
           id: buildx
           uses: docker/setup-buildx-action@v2
 
-        - name: Build and push Action
+        - name: Build and Push Action
           uses: docker/build-push-action@v4
           with:
             context: ./backend
             cache-from: type=gha
             cache-to: type=gha,mode=max
 
-        - uses: jpribyl/action-docker-layer-caching@v0.1.1
         - name: Build
           working-directory: ./backend
-          run: docker build . -t web:latest
+          run: docker builder build . -t web:latest --cache-from gha
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2

From 1c94bc1acfcde3d01e148e4b81642c17d21533b8 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 13:17:35 -0400
Subject: [PATCH 161/378] change tag

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index acab90e9f6..024c58dd6d 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -31,7 +31,7 @@ jobs:
 
         - name: Build
           working-directory: ./backend
-          run: docker builder build . -t web:latest --cache-from gha
+          run: docker builder build . -t ${{ env.GH_REPO }}/web:latest --cache-from gha
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2

From d6ee7f03a796c63a604c5a0728adcee3423042e5 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 13:35:58 -0400
Subject: [PATCH 162/378] test using ghcr image

---
 .github/workflows/cache-docker.yml | 18 +++++++++---------
 backend/docker-compose-test.yml    |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 024c58dd6d..5fd8d2d907 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -18,16 +18,16 @@ jobs:
           working-directory: ./backend
           run: touch .env
 
-        - name: Set up Docker Buildx
-          id: buildx
-          uses: docker/setup-buildx-action@v2
+        # - name: Set up Docker Buildx
+        #   id: buildx
+        #   uses: docker/setup-buildx-action@v2
 
-        - name: Build and Push Action
-          uses: docker/build-push-action@v4
-          with:
-            context: ./backend
-            cache-from: type=gha
-            cache-to: type=gha,mode=max
+        # - name: Build and Push Action
+        #   uses: docker/build-push-action@v4
+        #   with:
+        #     context: ./backend
+        #     cache-from: type=gha
+        #     cache-to: type=gha,mode=max
 
         - name: Build
           working-directory: ./backend
diff --git a/backend/docker-compose-test.yml b/backend/docker-compose-test.yml
index 06a53c6feb..c46cf0f741 100644
--- a/backend/docker-compose-test.yml
+++ b/backend/docker-compose-test.yml
@@ -11,7 +11,7 @@ services:
       - "5432:5432"
 
   web:
-    image: ghcr.io/gsa-tts/fac/django:latest
+    image: ghcr.io/asteel-gsa/fac/web:latest
     command: /src/run.sh
     depends_on:
       - db

From 70a979569eb92b083649a0241d535f1cfa39528b Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 14:06:58 -0400
Subject: [PATCH 163/378] add type=gha

---
 .github/workflows/cache-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
index 5fd8d2d907..84124d3c90 100644
--- a/.github/workflows/cache-docker.yml
+++ b/.github/workflows/cache-docker.yml
@@ -31,7 +31,7 @@ jobs:
 
         - name: Build
           working-directory: ./backend
-          run: docker builder build . -t ${{ env.GH_REPO }}/web:latest --cache-from gha
+          run: docker builder build . -t ${{ env.GH_REPO }}/web:latest --cache-from type=gha
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2

From 35359e4670e01aa007434020634f725ad9d11946 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 14:30:55 -0400
Subject: [PATCH 164/378] code cleanup

---
 .github/workflows/build-docker-container.yml | 40 ++++++++++++
 .github/workflows/cache-docker.yml           | 67 --------------------
 .github/workflows/test.yml                   |  4 +-
 backend/docker-compose-test.yml              |  2 +
 4 files changed, 45 insertions(+), 68 deletions(-)
 create mode 100644 .github/workflows/build-docker-container.yml
 delete mode 100644 .github/workflows/cache-docker.yml

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
new file mode 100644
index 0000000000..9517b1fb6f
--- /dev/null
+++ b/.github/workflows/build-docker-container.yml
@@ -0,0 +1,40 @@
+---
+name: Build and publish docker container
+on:
+    workflow_dispatch:
+
+env:
+    GH_REPO: ghcr.io/asteel-gsa/fac
+
+jobs:
+    build-with-docker:
+      name: Build with Docker
+      runs-on: ubuntu-latest
+      steps:
+        - name: Checkout
+          uses: actions/checkout@v3
+
+        - name: Set up Docker Buildx
+          id: buildx
+          uses: docker/setup-buildx-action@v2
+
+        - name: Build and Push Action
+          uses: docker/build-push-action@v4
+          with:
+            context: ./backend
+            cache-from: type=gha
+            cache-to: type=gha,mode=max
+
+        - name: Build
+          working-directory: ./backend
+          run: docker builder build . -t ${{ env.GH_REPO }}/fac/web-container:latest --cache-from type=gha
+
+        - name: Login to GitHub Container Registry
+          uses: docker/login-action@v2
+          with:
+            registry: ghcr.io
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+
+        - name: Push Image
+          run: docker push ${{ env.GH_REPO }}/fac/web-container:latest
diff --git a/.github/workflows/cache-docker.yml b/.github/workflows/cache-docker.yml
deleted file mode 100644
index 84124d3c90..0000000000
--- a/.github/workflows/cache-docker.yml
+++ /dev/null
@@ -1,67 +0,0 @@
----
-name: Build and publish docker container
-on:
-    workflow_dispatch:
-
-env:
-    GH_REPO: ghcr.io/asteel-gsa/fac
-
-jobs:
-    build-with-docker:
-      name: Build with Docker
-      runs-on: ubuntu-latest
-      steps:
-        - name: Checkout
-          uses: actions/checkout@v3
-
-        - name: Create .env file
-          working-directory: ./backend
-          run: touch .env
-
-        # - name: Set up Docker Buildx
-        #   id: buildx
-        #   uses: docker/setup-buildx-action@v2
-
-        # - name: Build and Push Action
-        #   uses: docker/build-push-action@v4
-        #   with:
-        #     context: ./backend
-        #     cache-from: type=gha
-        #     cache-to: type=gha,mode=max
-
-        - name: Build
-          working-directory: ./backend
-          run: docker builder build . -t ${{ env.GH_REPO }}/web:latest --cache-from type=gha
-
-        - name: Login to GitHub Container Registry
-          uses: docker/login-action@v2
-          with:
-            registry: ghcr.io
-            username: ${{ github.repository_owner }}
-            password: ${{ secrets.GITHUB_TOKEN }}
-
-        - name: Push Image
-          run: docker push ${{ env.GH_REPO }}/web:latest
-
-
-        # - name: Build and push
-        #   uses: docker/build-push-action@v4
-        #   with:
-        #     context: ./backend
-        #     cache-from: type=gha
-        #     cache-to: type=gha,mode=max
-        #     push: true
-        #     tags: ${{ env.GH_REPO }}/web:latest
-        #     secrets: GIT_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }}
-
-        # - uses: jpribyl/action-docker-layer-caching@v0.1.1
-        #   continue-on-error: false
-        # - uses: docker/bake-action@v3
-        #   with:
-        #     workdir: ./backend
-        #     files: docker-compose.yml
-        #     push: false
-        #     load: true
-        #     set: |
-        #       web.cache-from=type=gha
-        #       web.cache-to=type=gha,mode=max
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index dbceb49144..903172f1c7 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,7 +1,8 @@
 ---
-name: Runs linting and tests
+name: Run Testing and Linting
 on:
   workflow_dispatch:
+  # workflow_call:
 
 jobs:
   linting:
@@ -135,5 +136,6 @@ jobs:
         run: |
           npm i -g pa11y-ci
           pa11y-ci
+
   validate-terraform:
     uses: ./.github/workflows/terraform-lint.yml
diff --git a/backend/docker-compose-test.yml b/backend/docker-compose-test.yml
index c46cf0f741..0c4d272585 100644
--- a/backend/docker-compose-test.yml
+++ b/backend/docker-compose-test.yml
@@ -1,3 +1,5 @@
+# This version of docker-compose.yml is strictly for usage in ./.github/workflows/test.yml
+
 version: "3.7"
 
 services:

From 727fd99d7389e6f5b28251cd9d2feb71b4137a1a Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 15:12:50 -0400
Subject: [PATCH 165/378] add schedules to test weekend runs

---
 .github/workflows/build-docker-container.yml   | 2 ++
 .github/workflows/staging-scheduled-deploy.yml | 2 +-
 .github/workflows/test.yml                     | 2 ++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 9517b1fb6f..214736dfec 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -2,6 +2,8 @@
 name: Build and publish docker container
 on:
     workflow_dispatch:
+    schedule:
+      - cron: '0 9 * * *'
 
 env:
     GH_REPO: ghcr.io/asteel-gsa/fac
diff --git a/.github/workflows/staging-scheduled-deploy.yml b/.github/workflows/staging-scheduled-deploy.yml
index 3b8d7c1565..4f224d5e4f 100644
--- a/.github/workflows/staging-scheduled-deploy.yml
+++ b/.github/workflows/staging-scheduled-deploy.yml
@@ -2,7 +2,7 @@
     name: Scheduled Deploy From Main to Staging
     on:
         schedule:
-        - cron: '30 4 * * *'
+        - cron: '0 10 * * *'
     jobs:
       create-pr:
         name: Auto Create PR at 430am UTC Daily
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 903172f1c7..2a4dcbeeaf 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -3,6 +3,8 @@ name: Run Testing and Linting
 on:
   workflow_dispatch:
   # workflow_call:
+  schedule:
+    - cron: '15 9 * * *'
 
 jobs:
   linting:

From 8cf905da013aee0a0dbb9f53396f43201ffe4e97 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 15:16:18 -0400
Subject: [PATCH 166/378] fix package name

---
 .github/workflows/build-docker-container.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 214736dfec..0cae53a017 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -29,7 +29,7 @@ jobs:
 
         - name: Build
           working-directory: ./backend
-          run: docker builder build . -t ${{ env.GH_REPO }}/fac/web-container:latest --cache-from type=gha
+          run: docker builder build . -t ${{ env.GH_REPO }}/web-container:latest --cache-from type=gha
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
@@ -39,4 +39,4 @@ jobs:
             password: ${{ secrets.GITHUB_TOKEN }}
 
         - name: Push Image
-          run: docker push ${{ env.GH_REPO }}/fac/web-container:latest
+          run: docker push ${{ env.GH_REPO }}/web-container:latest

From c5807ddec6ff58cac75371ead29a04afcb5fbfee Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 15:17:59 -0400
Subject: [PATCH 167/378] configure autodeploy pr

---
 .github/workflows/auto-create-pr.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/auto-create-pr.yml b/.github/workflows/auto-create-pr.yml
index 79a6b0ceff..7c2bdad141 100644
--- a/.github/workflows/auto-create-pr.yml
+++ b/.github/workflows/auto-create-pr.yml
@@ -52,7 +52,7 @@ jobs:
       - name: Open Pull Request
         id: open-pr
         run: |
-          gh pr create --label "autogenerated" --title "${{ steps.date.outputs.date }} ${{ steps.git-short.outputs.short_sha }} main -> prod" --body "This is an auto-generated pull request to merge main into prod for a staging release on ${{ steps.date.outputs.date }} with the last commit being merged as ${{ steps.git-short.outputs.short_sha }}" --base prod --head main
+          gh pr create --label "autogenerated" --title "${{ steps.date.outputs.date }} ${{ steps.git-short.outputs.short_sha }} main -> prod" --body "This is an auto-generated pull request to merge main into prod for a staging release on ${{ steps.date.outputs.date }} with the last commit being merged as ${{ steps.git-short.outputs.short_sha }}" --base test --head main
 
       - name: Get Pull Request Number
         id: pr-number

From da2ee851c8ba5e086b9f74e0874f78cce59fe3f7 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 15:33:36 -0400
Subject: [PATCH 168/378] Update docker build context

---
 .github/workflows/build-docker-container.yml | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 0cae53a017..88b9ed24ac 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -7,12 +7,23 @@ on:
 
 env:
     GH_REPO: ghcr.io/asteel-gsa/fac
+    DOCKER_NAME: fac
+    IMAGE: web-container
 
 jobs:
     build-with-docker:
       name: Build with Docker
       runs-on: ubuntu-latest
+      permissions:
+        contents: read
+        packages: write
       steps:
+        - name: Get Date
+          shell: bash
+          id: date
+          run: |
+            echo "date=$(date +%Y%m%d)" >> $GITHUB_OUTPUT
+
         - name: Checkout
           uses: actions/checkout@v3
 
@@ -29,7 +40,7 @@ jobs:
 
         - name: Build
           working-directory: ./backend
-          run: docker builder build . -t ${{ env.GH_REPO }}/web-container:latest --cache-from type=gha
+          run: docker builder build . -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} --cache-from type=gha
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
@@ -38,5 +49,10 @@ jobs:
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
+        - name: Tag Image
+          run: |
+            docker tag ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}:${{ steps.date.outputs.date }}
+            docker tag ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}:latest
+
         - name: Push Image
-          run: docker push ${{ env.GH_REPO }}/web-container:latest
+          run: docker push --all-tags ${{ env.GH_REPO }}/${{ env.IMAGE }}

From cfeae165a86a18fedbc7ac3e32a46e4296a20562 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 15:45:00 -0400
Subject: [PATCH 169/378] update image name

---
 backend/docker-compose-test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/docker-compose-test.yml b/backend/docker-compose-test.yml
index 0c4d272585..47d0086707 100644
--- a/backend/docker-compose-test.yml
+++ b/backend/docker-compose-test.yml
@@ -13,7 +13,7 @@ services:
       - "5432:5432"
 
   web:
-    image: ghcr.io/asteel-gsa/fac/web:latest
+    image: ghcr.io/asteel-gsa/fac/web-container:latest
     command: /src/run.sh
     depends_on:
       - db

From 0d6ad4e3347bc2e885318170d942f3b60c56462a Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 15:52:48 -0400
Subject: [PATCH 170/378] remove extra ghcr

---
 .github/workflows/build-docker-container.yml | 2 +-
 backend/Dockerfile                           | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 88b9ed24ac..020659a1d1 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -6,9 +6,9 @@ on:
       - cron: '0 9 * * *'
 
 env:
-    GH_REPO: ghcr.io/asteel-gsa/fac
     DOCKER_NAME: fac
     IMAGE: web-container
+    GH_REPO: asteel-gsa/fac
 
 jobs:
     build-with-docker:
diff --git a/backend/Dockerfile b/backend/Dockerfile
index 5a2cd97fc5..9d088baf76 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -48,6 +48,7 @@ COPY package.* /src/
 WORKDIR /src/
 
 RUN npm install
+RUN npm install messageformat-parser
 RUN chown -R 1001:123 "/root/.npm"
 
 COPY . /src/

From cd893e5d16730d17eba64ee8b0cf74998cf11871 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 16:05:27 -0400
Subject: [PATCH 171/378] remove builder

---
 .github/workflows/build-docker-container.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 020659a1d1..6cdbb3a858 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -31,16 +31,16 @@ jobs:
           id: buildx
           uses: docker/setup-buildx-action@v2
 
-        - name: Build and Push Action
-          uses: docker/build-push-action@v4
-          with:
-            context: ./backend
-            cache-from: type=gha
-            cache-to: type=gha,mode=max
+        # - name: Build and Push Action
+        #   uses: docker/build-push-action@v4
+        #   with:
+        #     context: ./backend
+        #     cache-from: type=gha
+        #     cache-to: type=gha,mode=max
 
         - name: Build
           working-directory: ./backend
-          run: docker builder build . -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} --cache-from type=gha
+          run: docker build . -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} --cache-from type=gha
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2

From c5b3807257c12ce55310ef94a50138d844d8da7f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 16:08:16 -0400
Subject: [PATCH 172/378] remove --cache-from

---
 .github/workflows/build-docker-container.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 6cdbb3a858..0c7c66e9f5 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -40,7 +40,7 @@ jobs:
 
         - name: Build
           working-directory: ./backend
-          run: docker build . -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} --cache-from type=gha
+          run: docker build . -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2

From 174c29a41edd7e8159b1d3cdf1ffcb0dc6e9a2f0 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 16:15:28 -0400
Subject: [PATCH 173/378] modify tag logic

---
 .github/workflows/build-docker-container.yml | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 0c7c66e9f5..eb62a17dad 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -6,7 +6,6 @@ on:
       - cron: '0 9 * * *'
 
 env:
-    DOCKER_NAME: fac
     IMAGE: web-container
     GH_REPO: asteel-gsa/fac
 
@@ -40,7 +39,7 @@ jobs:
 
         - name: Build
           working-directory: ./backend
-          run: docker build . -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}
+          run: docker build . -t ${{ env.IMAGE }}:${{ steps.date.outputs.date }}
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
@@ -49,10 +48,5 @@ jobs:
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
-        - name: Tag Image
-          run: |
-            docker tag ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}:${{ steps.date.outputs.date }}
-            docker tag ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}:latest
-
         - name: Push Image
-          run: docker push --all-tags ${{ env.GH_REPO }}/${{ env.IMAGE }}
+          run: docker push ${{ env.GH_REPO }}/${{ env.IMAGE }}

From 800539baf6f5ef3840b15fedec5fa06df1cdd547 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 16:16:48 -0400
Subject: [PATCH 174/378] update dockerfile

---
 backend/Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/backend/Dockerfile b/backend/Dockerfile
index 9d088baf76..37eacf640a 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -47,7 +47,6 @@ RUN \
 COPY package.* /src/
 WORKDIR /src/
 
-RUN npm install
 RUN npm install messageformat-parser
 RUN chown -R 1001:123 "/root/.npm"
 

From 1d9ba1c6773fbcbe616e88f0961cc2e0b943fed6 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 16:23:21 -0400
Subject: [PATCH 175/378] fix docker push?

---
 .github/workflows/build-docker-container.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index eb62a17dad..ecd65238dc 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -39,7 +39,7 @@ jobs:
 
         - name: Build
           working-directory: ./backend
-          run: docker build . -t ${{ env.IMAGE }}:${{ steps.date.outputs.date }}
+          run: docker build . -t ${{ env.GH_REPO }}/${{ env.IMAGE }}:${{ steps.date.outputs.date }}
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
@@ -49,4 +49,4 @@ jobs:
             password: ${{ secrets.GITHUB_TOKEN }}
 
         - name: Push Image
-          run: docker push ${{ env.GH_REPO }}/${{ env.IMAGE }}
+          run: docker push ${{ env.GH_REPO }}/${{ env.IMAGE }}:${{ steps.date.outputs.date }}

From a7ee5889307091f9ce6aec9e6276e281d3c39aac Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 16:27:43 -0400
Subject: [PATCH 176/378] change tag logic

---
 .github/workflows/build-docker-container.yml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index ecd65238dc..1da523f4b0 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -6,6 +6,7 @@ on:
       - cron: '0 9 * * *'
 
 env:
+    DOCKER_NAME: fac
     IMAGE: web-container
     GH_REPO: asteel-gsa/fac
 
@@ -37,9 +38,14 @@ jobs:
         #     cache-from: type=gha
         #     cache-to: type=gha,mode=max
 
-        - name: Build
+        - name: Build Container
           working-directory: ./backend
-          run: docker build . -t ${{ env.GH_REPO }}/${{ env.IMAGE }}:${{ steps.date.outputs.date }}
+          run: docker build . -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}
+
+        - name: Tag Image
+          run: |
+            docker tag ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}:${{ steps.date.outputs.date }}
+            docker tag ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}:latest
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
@@ -49,4 +55,4 @@ jobs:
             password: ${{ secrets.GITHUB_TOKEN }}
 
         - name: Push Image
-          run: docker push ${{ env.GH_REPO }}/${{ env.IMAGE }}:${{ steps.date.outputs.date }}
+          run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}

From 7e523c24e1f921da98ff5f350033fd6c7e702bef Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 16:29:14 -0400
Subject: [PATCH 177/378] revert

---
 backend/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/Dockerfile b/backend/Dockerfile
index 37eacf640a..5a2cd97fc5 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -47,7 +47,7 @@ RUN \
 COPY package.* /src/
 WORKDIR /src/
 
-RUN npm install messageformat-parser
+RUN npm install
 RUN chown -R 1001:123 "/root/.npm"
 
 COPY . /src/

From cb65322f042922a7d377dbc52044d46e3fd15641 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 18:57:23 -0400
Subject: [PATCH 178/378] Scheduling Build

---
 .github/workflows/build-docker-container.yml  |  1 +
 .../workflows/staging-scheduled-deploy.yml    | 10 +++++-
 .../workflows/{test.yml => test-and-lint.yml} | 34 +++++++------------
 .github/workflows/triggers-dev.yml            |  4 +--
 4 files changed, 23 insertions(+), 26 deletions(-)
 rename .github/workflows/{test.yml => test-and-lint.yml} (82%)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 1da523f4b0..c60dbfb953 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -2,6 +2,7 @@
 name: Build and publish docker container
 on:
     workflow_dispatch:
+    workflow_call:
     schedule:
       - cron: '0 9 * * *'
 
diff --git a/.github/workflows/staging-scheduled-deploy.yml b/.github/workflows/staging-scheduled-deploy.yml
index 4f224d5e4f..44f61ab96e 100644
--- a/.github/workflows/staging-scheduled-deploy.yml
+++ b/.github/workflows/staging-scheduled-deploy.yml
@@ -4,7 +4,15 @@
         schedule:
         - cron: '0 10 * * *'
     jobs:
+      build-web-container:
+        uses: ./.github/workflows/build-docker-container.yml
+        secrets: inherit
+
+      test-and-lint:
+        uses: ./.github/workflows/test-and-lint.yml
+        secrets: inherit
+
       create-pr:
-        name: Auto Create PR at 430am UTC Daily
+        name: Auto Create Pull Request
         uses: ./.github/workflows/auto-create-pr.yml
         secrets: inherit
diff --git a/.github/workflows/test.yml b/.github/workflows/test-and-lint.yml
similarity index 82%
rename from .github/workflows/test.yml
rename to .github/workflows/test-and-lint.yml
index 2a4dcbeeaf..acbfcfe4d0 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test-and-lint.yml
@@ -2,16 +2,22 @@
 name: Run Testing and Linting
 on:
   workflow_dispatch:
-  # workflow_call:
+  workflow_call:
   schedule:
-    - cron: '15 9 * * *'
+    - cron: '30 9 * * *'
+
+env:
+  ENV: 'TESTING'
+  SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
+  DJANGO_BASE_URL: 'http://localhost:8000'
+  DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
+  SECRET_KEY: ${{ secrets.SECRET_KEY }}
+  ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
+  DISABLE_AUTH: True
 
 jobs:
   linting:
     runs-on: ubuntu-latest
-    env:
-      ENV: TESTING
-      SECRET_KEY: secrets.SECRET_KEY
     steps:
       - uses: actions/checkout@v3
       - name: Restore npm cache
@@ -85,14 +91,6 @@ jobs:
 
   test:
     runs-on: ubuntu-latest
-    env:
-      ENV: TESTING
-      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
-      DJANGO_BASE_URL: 'http://localhost:8000'
-      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
-      SECRET_KEY: ${{ secrets.SECRET_KEY }}
-      ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
-      DISABLE_AUTH: False
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
@@ -110,15 +108,7 @@ jobs:
           docker compose -f docker-compose-test.yml run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
-    runs-on: ubuntu-20.04
-    env:
-      ENV: TESTING
-      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
-      DJANGO_BASE_URL: 'http://localhost:8000'
-      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
-      SECRET_KEY: ${{ secrets.SECRET_KEY }}
-      ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
-      DISABLE_AUTH: True
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
diff --git a/.github/workflows/triggers-dev.yml b/.github/workflows/triggers-dev.yml
index d411b4eefb..789a81f327 100644
--- a/.github/workflows/triggers-dev.yml
+++ b/.github/workflows/triggers-dev.yml
@@ -1,8 +1,6 @@
 name: Deploy to the dev and management cloud.gov environments
 on:
-  push:
-    branches:
-      - main
+  workflow_dispatch: null
 
 jobs:
   # testing

From 70e37832c91355c12e4e7efcdcb29374989845d1 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 19:02:58 -0400
Subject: [PATCH 179/378] remove date tag

---
 .github/workflows/build-docker-container.yml | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index c60dbfb953..752fdeb834 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -32,21 +32,12 @@ jobs:
           id: buildx
           uses: docker/setup-buildx-action@v2
 
-        # - name: Build and Push Action
-        #   uses: docker/build-push-action@v4
-        #   with:
-        #     context: ./backend
-        #     cache-from: type=gha
-        #     cache-to: type=gha,mode=max
-
         - name: Build Container
           working-directory: ./backend
           run: docker build . -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}
 
         - name: Tag Image
-          run: |
-            docker tag ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}:${{ steps.date.outputs.date }}
-            docker tag ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}:latest
+          run: docker tag ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}:latest
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2

From 3dd81542711da353fbb92dcfd4b643bbff3c4164 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 19:03:53 -0400
Subject: [PATCH 180/378] rename test step

---
 .github/workflows/test-and-lint.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test-and-lint.yml b/.github/workflows/test-and-lint.yml
index acbfcfe4d0..a88f5cbc88 100644
--- a/.github/workflows/test-and-lint.yml
+++ b/.github/workflows/test-and-lint.yml
@@ -89,7 +89,7 @@ jobs:
         working-directory: ./backend
         run: npm run check-all
 
-  test:
+  django-testing:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3

From b87fcef9f837784be78763b8f3f9f8d2a97258ca Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 19:12:48 -0400
Subject: [PATCH 181/378] rollback changes

---
 .github/workflows/test-and-lint.yml | 32 +++++++++++++++++++----------
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/test-and-lint.yml b/.github/workflows/test-and-lint.yml
index a88f5cbc88..d5d479995e 100644
--- a/.github/workflows/test-and-lint.yml
+++ b/.github/workflows/test-and-lint.yml
@@ -6,18 +6,12 @@ on:
   schedule:
     - cron: '30 9 * * *'
 
-env:
-  ENV: 'TESTING'
-  SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
-  DJANGO_BASE_URL: 'http://localhost:8000'
-  DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
-  SECRET_KEY: ${{ secrets.SECRET_KEY }}
-  ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
-  DISABLE_AUTH: True
-
 jobs:
   linting:
     runs-on: ubuntu-latest
+    env:
+      ENV: TESTING
+      SECRET_KEY: ${{ secrets.SECRET_KEY }}
     steps:
       - uses: actions/checkout@v3
       - name: Restore npm cache
@@ -89,8 +83,16 @@ jobs:
         working-directory: ./backend
         run: npm run check-all
 
-  django-testing:
+  test:
     runs-on: ubuntu-latest
+    env:
+      ENV: TESTING
+      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
+      DJANGO_BASE_URL: 'http://localhost:8000'
+      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
+      SECRET_KEY: ${{ secrets.SECRET_KEY }}
+      ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
+      DISABLE_AUTH: False
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
@@ -108,7 +110,15 @@ jobs:
           docker compose -f docker-compose-test.yml run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
   a11y-testing:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
+    env:
+      ENV: TESTING
+      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
+      DJANGO_BASE_URL: 'http://localhost:8000'
+      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
+      SECRET_KEY: ${{ secrets.SECRET_KEY }}
+      ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
+      DISABLE_AUTH: True
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3

From cdbe7d30e99733228bd08667cbfb37ab2fbe0381 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 19:18:21 -0400
Subject: [PATCH 182/378] rollback

---
 .github/workflows/test-and-lint.yml | 272 ++++++++++++++--------------
 1 file changed, 135 insertions(+), 137 deletions(-)

diff --git a/.github/workflows/test-and-lint.yml b/.github/workflows/test-and-lint.yml
index d5d479995e..72f3127296 100644
--- a/.github/workflows/test-and-lint.yml
+++ b/.github/workflows/test-and-lint.yml
@@ -1,143 +1,141 @@
 ---
-name: Run Testing and Linting
-on:
-  workflow_dispatch:
-  workflow_call:
-  schedule:
-    - cron: '30 9 * * *'
+  name: Run Testing and Linting
+  on:
+    workflow_dispatch:
+    workflow_call:
 
-jobs:
-  linting:
-    runs-on: ubuntu-latest
-    env:
-      ENV: TESTING
-      SECRET_KEY: ${{ secrets.SECRET_KEY }}
-    steps:
-      - uses: actions/checkout@v3
-      - name: Restore npm cache
-        uses: actions/cache@v3
-        id: cache-npm
-        with:
-          path: ~/.npm
-          key: fac-build-npm-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            fac-build-npm-
-            fac-build-
-      - name: Set up Python 3.10
-        uses: actions/setup-python@v3
-        with:
-          python-version: '3.10'
-      - name: Restore pip cache
-        uses: actions/cache@v3
-        id: cache-pip
-        with:
-          path: |
-            ~/.cache/pip
-            /opt/hostedtoolcache/Python/
-          key: fac-build-pip-${{ hashFiles('**/requirements.txt') }}-${{ hashFiles('**/dev-requirements.txt') }}
-          restore-keys: |
-            fac-build-pip-${{ hashFiles('**/requirements.txt') }}-
-            fac-build-pip-
-            fac-build-
-      - name: Install linters
-        working-directory: ./backend
-        run: |
-          python -m pip install --upgrade pip
-          pip install -r dev-requirements.txt
-      - name: Lint with flake8
-        working-directory: ./backend
-        run: flake8 . --count --show-source --statistics
-      - name: Check formatting with black
-        working-directory: ./backend
-        run: black --check .
-      - name: Run bandit
-        working-directory: ./backend
-        run: bandit -c pyproject.toml -r .
-      - name: Run type checking
-        working-directory: ./backend
-        run: mypy .
-      - name: Run HTML template linting
-        working-directory: ./backend
-        run: djlint --lint .
+  jobs:
+    linting:
+      runs-on: ubuntu-latest
+      env:
+        ENV: TESTING
+        SECRET_KEY: secrets.SECRET_KEY
+      steps:
+        - uses: actions/checkout@v3
+        - name: Restore npm cache
+          uses: actions/cache@v3
+          id: cache-npm
+          with:
+            path: ~/.npm
+            key: fac-build-npm-${{ hashFiles('**/package-lock.json') }}
+            restore-keys: |
+              fac-build-npm-
+              fac-build-
+        - name: Set up Python 3.10
+          uses: actions/setup-python@v3
+          with:
+            python-version: '3.10'
+        - name: Restore pip cache
+          uses: actions/cache@v3
+          id: cache-pip
+          with:
+            path: |
+              ~/.cache/pip
+              /opt/hostedtoolcache/Python/
+            key: fac-build-pip-${{ hashFiles('**/requirements.txt') }}-${{ hashFiles('**/dev-requirements.txt') }}
+            restore-keys: |
+              fac-build-pip-${{ hashFiles('**/requirements.txt') }}-
+              fac-build-pip-
+              fac-build-
+        - name: Install linters
+          working-directory: ./backend
+          run: |
+            python -m pip install --upgrade pip
+            pip install -r dev-requirements.txt
+        - name: Lint with flake8
+          working-directory: ./backend
+          run: flake8 . --count --show-source --statistics
+        - name: Check formatting with black
+          working-directory: ./backend
+          run: black --check .
+        - name: Run bandit
+          working-directory: ./backend
+          run: bandit -c pyproject.toml -r .
+        - name: Run type checking
+          working-directory: ./backend
+          run: mypy .
+        - name: Run HTML template linting
+          working-directory: ./backend
+          run: djlint --lint .
 
-  frontend-linting:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Restore npm cache
-        uses: actions/cache@v3
-        id: cache-npm
-        with:
-          path: ~/.npm
-          key: fac-build-npm-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            fac-build-npm-
-            fac-build-
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 18
-      - name: Install npm packages
-        working-directory: ./backend
-        run: npm ci
-      - name: Lint JS & SCSS
-        working-directory: ./backend
-        run: npm run check-all
+    frontend-linting:
+      runs-on: ubuntu-latest
+      steps:
+        - uses: actions/checkout@v3
+        - name: Restore npm cache
+          uses: actions/cache@v3
+          id: cache-npm
+          with:
+            path: ~/.npm
+            key: fac-build-npm-${{ hashFiles('**/package-lock.json') }}
+            restore-keys: |
+              fac-build-npm-
+              fac-build-
+        - uses: actions/setup-node@v3
+          with:
+            node-version: 18
+        - name: Install npm packages
+          working-directory: ./backend
+          run: npm ci
+        - name: Lint JS & SCSS
+          working-directory: ./backend
+          run: npm run check-all
 
-  test:
-    runs-on: ubuntu-latest
-    env:
-      ENV: TESTING
-      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
-      DJANGO_BASE_URL: 'http://localhost:8000'
-      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
-      SECRET_KEY: ${{ secrets.SECRET_KEY }}
-      ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
-      DISABLE_AUTH: False
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-      - name: Create .env file
-        working-directory: ./backend
-        run: touch .env
-      - name: Start Services
-        working-directory: ./backend
-        run: docker compose -f docker-compose-test.yml up -d
-      - name: Run Django test suite
-        working-directory: ./backend
-        run: |
-          docker compose -f docker-compose-test.yml run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
+    test:
+      runs-on: ubuntu-latest
+      env:
+        ENV: TESTING
+        SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
+        DJANGO_BASE_URL: 'http://localhost:8000'
+        DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
+        SECRET_KEY: ${{ secrets.SECRET_KEY }}
+        ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
+        DISABLE_AUTH: False
+      steps:
+        - uses: actions/checkout@v3
+        - uses: actions/setup-node@v3
+          with:
+            node-version: 16
+        - name: Create .env file
+          working-directory: ./backend
+          run: touch .env
+        - name: Start Services
+          working-directory: ./backend
+          run: docker compose -f docker-compose-test.yml up -d
+        - name: Run Django test suite
+          working-directory: ./backend
+          run: |
+            docker compose -f docker-compose-test.yml run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
 
-  a11y-testing:
-    runs-on: ubuntu-20.04
-    env:
-      ENV: TESTING
-      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
-      DJANGO_BASE_URL: 'http://localhost:8000'
-      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
-      SECRET_KEY: ${{ secrets.SECRET_KEY }}
-      ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
-      DISABLE_AUTH: True
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-      - name: Create .env file
-        working-directory: ./backend
-        run: touch .env
-      - name: Start Services
-        working-directory: ./backend
-        run: docker compose -f docker-compose-test.yml up -d
-      - name: run Lighthouse CI
-        run: |
-          npm install -g @lhci/cli@0.8.x
-          lhci autorun
-      - name: run pa11y
-        run: |
-          npm i -g pa11y-ci
-          pa11y-ci
+    a11y-testing:
+      runs-on: ubuntu-20.04
+      env:
+        ENV: TESTING
+        SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
+        DJANGO_BASE_URL: 'http://localhost:8000'
+        DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
+        SECRET_KEY: ${{ secrets.SECRET_KEY }}
+        ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
+        DISABLE_AUTH: True
+      steps:
+        - uses: actions/checkout@v3
+        - uses: actions/setup-node@v3
+          with:
+            node-version: 16
+        - name: Create .env file
+          working-directory: ./backend
+          run: touch .env
+        - name: Start Services
+          working-directory: ./backend
+          run: docker compose -f docker-compose-test.yml up -d
+        - name: run Lighthouse CI
+          run: |
+            npm install -g @lhci/cli@0.8.x
+            lhci autorun
+        - name: run pa11y
+          run: |
+            npm i -g pa11y-ci
+            pa11y-ci
 
-  validate-terraform:
-    uses: ./.github/workflows/terraform-lint.yml
+    validate-terraform:
+      uses: ./.github/workflows/terraform-lint.yml

From 90fa01fe6b18eb0a7cd4337e7f768c659f6b9f16 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 19:23:25 -0400
Subject: [PATCH 183/378] add schedule back to test and lint

---
 .github/workflows/test-and-lint.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test-and-lint.yml b/.github/workflows/test-and-lint.yml
index 72f3127296..cf156ca81c 100644
--- a/.github/workflows/test-and-lint.yml
+++ b/.github/workflows/test-and-lint.yml
@@ -3,6 +3,8 @@
   on:
     workflow_dispatch:
     workflow_call:
+    schedule:
+      - cron: '30 9 * * *'
 
   jobs:
     linting:
@@ -81,7 +83,7 @@
           working-directory: ./backend
           run: npm run check-all
 
-    test:
+    django-test:
       runs-on: ubuntu-latest
       env:
         ENV: TESTING

From aeec49a746b1ace21cad444c5503d2847111e72b Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 23 Jun 2023 19:26:16 -0400
Subject: [PATCH 184/378] naming scheme changes

---
 .github/workflows/build-docker-container.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 752fdeb834..13a5401dfb 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -1,5 +1,5 @@
 ---
-name: Build and publish docker container
+name: Build and Publish Docker Web Container
 on:
     workflow_dispatch:
     workflow_call:
@@ -13,7 +13,7 @@ env:
 
 jobs:
     build-with-docker:
-      name: Build with Docker
+      name: Build Docker Container
       runs-on: ubuntu-latest
       permissions:
         contents: read
@@ -46,5 +46,5 @@ jobs:
             username: ${{ github.repository_owner }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
-        - name: Push Image
+        - name: Push Web Container
           run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}

From 38e7939d1c56ebbc17f4e12a184f34622a9f8ae8 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Sat, 24 Jun 2023 14:55:00 -0400
Subject: [PATCH 185/378] modify schedule

---
 .github/workflows/staging-scheduled-deploy.yml | 10 +++++++++-
 backend/docker-compose-test.yml                |  2 --
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/staging-scheduled-deploy.yml b/.github/workflows/staging-scheduled-deploy.yml
index 44f61ab96e..887a29d5d0 100644
--- a/.github/workflows/staging-scheduled-deploy.yml
+++ b/.github/workflows/staging-scheduled-deploy.yml
@@ -1,18 +1,26 @@
 ---
     name: Scheduled Deploy From Main to Staging
     on:
+        workflow_dispatch:
         schedule:
-        - cron: '0 10 * * *'
+        - cron: '0 10 * * 1-5'
+
     jobs:
       build-web-container:
+        name: Build FAC Web Container
         uses: ./.github/workflows/build-docker-container.yml
         secrets: inherit
 
       test-and-lint:
+        name: Run Django, Lighthouse, a11y and lint
+        needs:
+          - build-web-container
         uses: ./.github/workflows/test-and-lint.yml
         secrets: inherit
 
       create-pr:
         name: Auto Create Pull Request
+        needs:
+          - test-and-lint
         uses: ./.github/workflows/auto-create-pr.yml
         secrets: inherit
diff --git a/backend/docker-compose-test.yml b/backend/docker-compose-test.yml
index 47d0086707..ed293054fb 100644
--- a/backend/docker-compose-test.yml
+++ b/backend/docker-compose-test.yml
@@ -1,5 +1,3 @@
-# This version of docker-compose.yml is strictly for usage in ./.github/workflows/test.yml
-
 version: "3.7"
 
 services:

From 7d380d3b0bb7c7117f1f6c652fdb91a6f5932e9f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Sat, 24 Jun 2023 15:01:29 -0400
Subject: [PATCH 186/378] modify scheduling

---
 .github/workflows/build-docker-container.yml | 2 --
 .github/workflows/test-and-lint.yml          | 2 --
 2 files changed, 4 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 13a5401dfb..6b7348e5e6 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -3,8 +3,6 @@ name: Build and Publish Docker Web Container
 on:
     workflow_dispatch:
     workflow_call:
-    schedule:
-      - cron: '0 9 * * *'
 
 env:
     DOCKER_NAME: fac
diff --git a/.github/workflows/test-and-lint.yml b/.github/workflows/test-and-lint.yml
index cf156ca81c..e2df89c93c 100644
--- a/.github/workflows/test-and-lint.yml
+++ b/.github/workflows/test-and-lint.yml
@@ -3,8 +3,6 @@
   on:
     workflow_dispatch:
     workflow_call:
-    schedule:
-      - cron: '30 9 * * *'
 
   jobs:
     linting:

From 77f026e4053b17bd056b6d7e9cf6d285e73d9185 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Sat, 24 Jun 2023 15:06:29 -0400
Subject: [PATCH 187/378] add `npm audit fix`

---
 backend/Dockerfile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/backend/Dockerfile b/backend/Dockerfile
index 5a2cd97fc5..19d0fde45b 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -47,7 +47,10 @@ RUN \
 COPY package.* /src/
 WORKDIR /src/
 
-RUN npm install
+RUN \
+    npm install && \
+    npm audit fix
+
 RUN chown -R 1001:123 "/root/.npm"
 
 COPY . /src/

From 9237c57c6583f3cbfb105b013f997f5454d2cc17 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 26 Jun 2023 10:01:28 -0400
Subject: [PATCH 188/378] remove `npm audit fix`

---
 backend/Dockerfile | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/backend/Dockerfile b/backend/Dockerfile
index 19d0fde45b..05713a359f 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -47,9 +47,7 @@ RUN \
 COPY package.* /src/
 WORKDIR /src/
 
-RUN \
-    npm install && \
-    npm audit fix
+RUN npm install
 
 RUN chown -R 1001:123 "/root/.npm"
 

From 375e916c4f18ca6b2dc53706883998f81954278e Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Tue, 27 Jun 2023 09:21:17 -0400
Subject: [PATCH 189/378] update name

---
 .github/workflows/auto-create-pr.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/auto-create-pr.yml b/.github/workflows/auto-create-pr.yml
index 7c2bdad141..25f5dfc3ea 100644
--- a/.github/workflows/auto-create-pr.yml
+++ b/.github/workflows/auto-create-pr.yml
@@ -52,7 +52,7 @@ jobs:
       - name: Open Pull Request
         id: open-pr
         run: |
-          gh pr create --label "autogenerated" --title "${{ steps.date.outputs.date }} ${{ steps.git-short.outputs.short_sha }} main -> prod" --body "This is an auto-generated pull request to merge main into prod for a staging release on ${{ steps.date.outputs.date }} with the last commit being merged as ${{ steps.git-short.outputs.short_sha }}" --base test --head main
+          gh pr create --label "autogenerated" --title "${{ steps.date.outputs.date }} | DEV (${{ steps.git-short.outputs.short_sha }}) --> STAGING (main --> prod)" --body "This is an auto-generated pull request to merge main into prod for a staging release on ${{ steps.date.outputs.date }} with the last commit being merged as ${{ steps.git-short.outputs.short_sha }}" --base prod --head main
 
       - name: Get Pull Request Number
         id: pr-number

From 2d9a6d712cc914411ba0ae0d4f460c2e5f2c4d03 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Tue, 27 Jun 2023 09:22:47 -0400
Subject: [PATCH 190/378] fix

---
 .github/workflows/auto-create-pr.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/auto-create-pr.yml b/.github/workflows/auto-create-pr.yml
index 25f5dfc3ea..a2ae326021 100644
--- a/.github/workflows/auto-create-pr.yml
+++ b/.github/workflows/auto-create-pr.yml
@@ -52,7 +52,7 @@ jobs:
       - name: Open Pull Request
         id: open-pr
         run: |
-          gh pr create --label "autogenerated" --title "${{ steps.date.outputs.date }} | DEV (${{ steps.git-short.outputs.short_sha }}) --> STAGING (main --> prod)" --body "This is an auto-generated pull request to merge main into prod for a staging release on ${{ steps.date.outputs.date }} with the last commit being merged as ${{ steps.git-short.outputs.short_sha }}" --base prod --head main
+          gh pr create --label "autogenerated" --title "${{ steps.date.outputs.date }} | DEV (${{ steps.git-short.outputs.short_sha }}) --> STAGING (main --> prod)" --body "This is an auto-generated pull request to merge main into prod for a staging release on ${{ steps.date.outputs.date }} with the last commit being merged as ${{ steps.git-short.outputs.short_sha }}" --base test --head main
 
       - name: Get Pull Request Number
         id: pr-number

From dc76afea29efb9724c41e0616ec069a93f387495 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 12:39:15 -0400
Subject: [PATCH 191/378] testing docker content trust

---
 .github/workflows/build-docker-container.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 36ce50c81e..5d12c8c64c 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -79,4 +79,4 @@ jobs:
             password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Push Web Container
-        run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}
+        run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }} --disable-content-trust=false

From 2a24162d1be9450175d35bb36a55f8fdbbf08e60 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 13:17:26 -0400
Subject: [PATCH 192/378] testing dct signing

---
 .github/workflows/build-docker-container.yml | 27 ++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 5d12c8c64c..5cc7686faa 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -64,6 +64,33 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@v2
 
+      - name: Create ssl key file
+        working-directory: ${{ env.WORKING_DIRECTORY }}
+        shell: bash
+        env:
+          SSL_KEY: ${{ secrets.RSA_KEY }}
+        run: |
+          echo "$SSL_KEY" > private.pem
+          chmod 600 private.pem
+          openssl rsa -in "private.pem" -pubout > "public.pem"
+
+      - name: Add signer
+        working-directory: ${{ env.WORKING_DIRECTORY }}
+        shell: bash
+        run: |
+          docker trust signer add --key "public.pem" "${{ env.GH_REPO }}" "${{ env.GH_REPO }}/${{ env.IMAGE }}"
+
+      - name: Load the private key onto Docker trust store
+        working-directory: ${{ env.WORKING_DIRECTORY }}
+        shell: bash
+        run: |
+          docker trust key load --name "fac-codesign" "private.pem"
+          GREEN='\033[0;32m'
+          PURPLE='\033[0;35m'
+          NC='\033[0m' # No Color
+          echo -e "Confirm \"${GREEN}Successfully imported key from private.pem${NC}\"" \
+          "\nIf successful, IGNORE  \"${PURPLE}failed to import key to store: ...${NC}\" (due to unused content within private key)"
+
       - name: Build Container
         working-directory: ${{ env.WORKING_DIRECTORY }}
         run: docker build -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} .

From 300c0c31cc75f7ba0d2e1b0d242774ff23ecdea5 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 13:30:50 -0400
Subject: [PATCH 193/378] update signer name

---
 .github/workflows/build-docker-container.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 5cc7686faa..76b48bcdae 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -78,7 +78,7 @@ jobs:
         working-directory: ${{ env.WORKING_DIRECTORY }}
         shell: bash
         run: |
-          docker trust signer add --key "public.pem" "${{ env.GH_REPO }}" "${{ env.GH_REPO }}/${{ env.IMAGE }}"
+          docker trust signer add --key "public.pem" "${{ inputs.docker-name }}-team" "${{ env.GH_REPO }}/${{ env.IMAGE }}"
 
       - name: Load the private key onto Docker trust store
         working-directory: ${{ env.WORKING_DIRECTORY }}

From 7ddfe574aa9d4ca6b011be8b59d463a02665f212 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 13:33:12 -0400
Subject: [PATCH 194/378] auth w/ ghcr first

---
 .github/workflows/build-docker-container.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 76b48bcdae..d8f9740694 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -64,6 +64,13 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@v2
 
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+            registry: ghcr.io
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Create ssl key file
         working-directory: ${{ env.WORKING_DIRECTORY }}
         shell: bash
@@ -98,12 +105,5 @@ jobs:
       - name: Tag Image
         run: docker tag ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}:latest
 
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-            registry: ghcr.io
-            username: ${{ github.repository_owner }}
-            password: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Push Web Container
         run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }} --disable-content-trust=false

From d41a4217cab46a714091df34418f3eb0a269cc51 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 13:33:28 -0400
Subject: [PATCH 195/378] fix spacing

---
 .github/workflows/build-docker-container.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index d8f9740694..9cc132c407 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -67,9 +67,9 @@ jobs:
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v2
         with:
-            registry: ghcr.io
-            username: ${{ github.repository_owner }}
-            password: ${{ secrets.GITHUB_TOKEN }}
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Create ssl key file
         working-directory: ${{ env.WORKING_DIRECTORY }}

From a966054a90df95a825e2ad42e01b2e0d0f91f6a5 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 14:58:57 -0400
Subject: [PATCH 196/378] test trivy

---
 .github/workflows/trivy.yml | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 6d23699965..6c6448a5fc 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -47,22 +47,39 @@ jobs:
           run: |
             echo "date=$(date +%Y%m%d%H%M%S)" >> $GITHUB_OUTPUT
 
-        - name: Build Container
-          working-directory: ${{ env.WORKING_DIRECTORY }}
-          run: docker build -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} .
+        # - name: Build Container
+        #   working-directory: ${{ env.WORKING_DIRECTORY }}
+        #   run: docker build -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} .
+
+        # - name: Run Trivy vulnerability scanner
+        #   uses: aquasecurity/trivy-action@master
+        #   with:
+        #     image-ref: '${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}'
+        #     scan-type: 'image'
+        #     hide-progress: false
+        #     format: 'sarif'
+        #     output: 'webcontainer-results.sarif'
+        #     exit-code: '1'
+        #     ignore-unfixed: true
+
+        # - name: Upload Trivy scan results to GitHub Security tab
+        #   uses: github/codeql-action/upload-sarif@v2
+        #   with:
+        #     sarif_file: 'webcontainer-results.sarif'
 
         - name: Run Trivy vulnerability scanner
           uses: aquasecurity/trivy-action@master
           with:
-            image-ref: '${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}'
+            image-ref: 'ghcr.io/gsa-tts/fac/clamav:latest'
             scan-type: 'image'
             hide-progress: false
             format: 'sarif'
-            output: 'trivy-results.sarif'
+            output: 'clamav-results.sarif'
             exit-code: '1'
             ignore-unfixed: true
 
         - name: Upload Trivy scan results to GitHub Security tab
           uses: github/codeql-action/upload-sarif@v2
           with:
-            sarif_file: 'trivy-results.sarif'
+            sarif_file: 'clamav-results.sarif'
+

From ae295e645d6168b95470799d2684e983c577aa57 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 15:09:07 -0400
Subject: [PATCH 197/378] modify trivy scanning

---
 .github/workflows/scan-images.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 30c8290d80..ae13a009df 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -60,7 +60,12 @@ jobs:
           fi
 
       - name: Scan Image
-        run: docker run aquasec/trivy:latest  image --timeout 5m --scanners vuln --exit-code 1 --severity CRITICAL,HIGH  ${{ matrix.image.name }}
+        run: docker run aquasec/trivy:latest image --timeout 5m --scanners vuln --exit-code 1 --output 'trivy-results.sarif' --severity CRITICAL,HIGH  ${{ matrix.image.name }}
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
 
       - name: Tag Image
         run: |

From 1263ecd1615f9f7c5ca20acb211651e3db2a1b81 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 15:11:47 -0400
Subject: [PATCH 198/378] publish scan results

---
 .github/workflows/scan-images.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index ae13a009df..868960ad91 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -11,8 +11,9 @@ jobs:
     permissions:
       contents: read
       packages: write
+      security-events: write
     env:
-      GH_REPO: ghcr.io/gsa-tts/fac
+      GH_REPO: ghcr.io/asteel-gsa/fac
     strategy:
       fail-fast: false
       matrix:

From c8e17b4ec384f710508c2c2939988c553af21690 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 15:14:09 -0400
Subject: [PATCH 199/378] remove quotes

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 868960ad91..cb9594f76d 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -61,7 +61,7 @@ jobs:
           fi
 
       - name: Scan Image
-        run: docker run aquasec/trivy:latest image --timeout 5m --scanners vuln --exit-code 1 --output 'trivy-results.sarif' --severity CRITICAL,HIGH  ${{ matrix.image.name }}
+        run: docker run aquasec/trivy:latest image --timeout 5m --scanners vuln --exit-code 1 --output trivy-results.sarif --severity CRITICAL,HIGH  ${{ matrix.image.name }}
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2

From df8ad6edc014fe886d91caa3eab485a6550d0f69 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 15:19:35 -0400
Subject: [PATCH 200/378] update trivy

---
 .github/workflows/trivy.yml | 51 ++++++++++++++++++++++---------------
 1 file changed, 31 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 6c6448a5fc..44989a77a5 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -35,6 +35,14 @@ jobs:
         contents: read
         security-events: write
         actions: read
+      strategy:
+        fail-fast: false
+        matrix:
+          image:
+            - name: postgrest/postgrest:latest
+              short-name: postgrest
+            - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
+              short-name: clamav
       name: Trivy Scan
       runs-on: ubuntu-latest
       steps:
@@ -47,39 +55,42 @@ jobs:
           run: |
             echo "date=$(date +%Y%m%d%H%M%S)" >> $GITHUB_OUTPUT
 
-        # - name: Build Container
-        #   working-directory: ${{ env.WORKING_DIRECTORY }}
-        #   run: docker build -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} .
+        - name: Build Container
+          working-directory: ${{ env.WORKING_DIRECTORY }}
+          run: docker build -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} .
 
-        # - name: Run Trivy vulnerability scanner
-        #   uses: aquasecurity/trivy-action@master
-        #   with:
-        #     image-ref: '${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}'
-        #     scan-type: 'image'
-        #     hide-progress: false
-        #     format: 'sarif'
-        #     output: 'webcontainer-results.sarif'
-        #     exit-code: '1'
-        #     ignore-unfixed: true
+        - name: Run Trivy vulnerability scanner
+          uses: aquasecurity/trivy-action@master
+          with:
+            image-ref: '${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}'
+            scan-type: 'image'
+            hide-progress: false
+            format: 'sarif'
+            output: 'webcontainer-results.sarif'
+            exit-code: '1'
+            ignore-unfixed: true
+
+        - name: Upload Trivy scan results to GitHub Security tab
+          uses: github/codeql-action/upload-sarif@v2
+          with:
+            sarif_file: 'webcontainer-results.sarif'
 
-        # - name: Upload Trivy scan results to GitHub Security tab
-        #   uses: github/codeql-action/upload-sarif@v2
-        #   with:
-        #     sarif_file: 'webcontainer-results.sarif'
+        - name: Pull Docker Image
+          run: docker pull ${{ matrix.image.name }}
 
         - name: Run Trivy vulnerability scanner
           uses: aquasecurity/trivy-action@master
           with:
-            image-ref: 'ghcr.io/gsa-tts/fac/clamav:latest'
+            image-ref: '${{ matrix.image.name }}'
             scan-type: 'image'
             hide-progress: false
             format: 'sarif'
-            output: 'clamav-results.sarif'
+            output: 'container-results.sarif'
             exit-code: '1'
             ignore-unfixed: true
 
         - name: Upload Trivy scan results to GitHub Security tab
           uses: github/codeql-action/upload-sarif@v2
           with:
-            sarif_file: 'clamav-results.sarif'
+            sarif_file: 'container-results.sarif'
 

From df09cd3758a54c23d585777707b3c9afdfcc32ad Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 15:20:22 -0400
Subject: [PATCH 201/378] update text

---
 .github/workflows/trivy.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 44989a77a5..4abaaf32ce 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -75,10 +75,10 @@ jobs:
           with:
             sarif_file: 'webcontainer-results.sarif'
 
-        - name: Pull Docker Image
+        - name: Pull Third Party Docker Images
           run: docker pull ${{ matrix.image.name }}
 
-        - name: Run Trivy vulnerability scanner
+        - name: Run Trivy vulnerability scanner on Third Party Images
           uses: aquasecurity/trivy-action@master
           with:
             image-ref: '${{ matrix.image.name }}'
@@ -89,7 +89,7 @@ jobs:
             exit-code: '1'
             ignore-unfixed: true
 
-        - name: Upload Trivy scan results to GitHub Security tab
+        - name: Upload Trivy scan results to GitHub Security tab of Third Party Images
           uses: github/codeql-action/upload-sarif@v2
           with:
             sarif_file: 'container-results.sarif'

From d502b78da17435878127555c2d0fa5e796356964 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 15:23:31 -0400
Subject: [PATCH 202/378] fix matrix

---
 .github/workflows/trivy.yml | 120 +++++++++++++++++++-----------------
 1 file changed, 64 insertions(+), 56 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 4abaaf32ce..d7c52f0e5d 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -30,67 +30,75 @@ env:
     WORKING_DIRECTORY: ${{ inputs.work-dir }}
 
 jobs:
-    trivy:
-      permissions:
-        contents: read
-        security-events: write
-        actions: read
-      strategy:
-        fail-fast: false
-        matrix:
-          image:
-            - name: postgrest/postgrest:latest
-              short-name: postgrest
-            - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
-              short-name: clamav
-      name: Trivy Scan
-      runs-on: ubuntu-latest
-      steps:
-        - name: Checkout
-          uses: actions/checkout@v3
+  trivy:
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+    name: Trivy Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
 
-        - name: Get Date
-          shell: bash
-          id: date
-          run: |
-            echo "date=$(date +%Y%m%d%H%M%S)" >> $GITHUB_OUTPUT
+      - name: Get Date
+        shell: bash
+        id: date
+        run: |
+          echo "date=$(date +%Y%m%d%H%M%S)" >> $GITHUB_OUTPUT
 
-        - name: Build Container
-          working-directory: ${{ env.WORKING_DIRECTORY }}
-          run: docker build -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} .
+      - name: Build Container
+        working-directory: ${{ env.WORKING_DIRECTORY }}
+        run: docker build -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} .
 
-        - name: Run Trivy vulnerability scanner
-          uses: aquasecurity/trivy-action@master
-          with:
-            image-ref: '${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}'
-            scan-type: 'image'
-            hide-progress: false
-            format: 'sarif'
-            output: 'webcontainer-results.sarif'
-            exit-code: '1'
-            ignore-unfixed: true
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: '${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}'
+          scan-type: 'image'
+          hide-progress: false
+          format: 'sarif'
+          output: 'webcontainer-results.sarif'
+          exit-code: '1'
+          ignore-unfixed: true
 
-        - name: Upload Trivy scan results to GitHub Security tab
-          uses: github/codeql-action/upload-sarif@v2
-          with:
-            sarif_file: 'webcontainer-results.sarif'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'webcontainer-results.sarif'
 
-        - name: Pull Third Party Docker Images
-          run: docker pull ${{ matrix.image.name }}
+  scan-other:
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+    name: Trivy Scan Third Party Images
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        image:
+          - name: postgrest/postgrest:latest
+            short-name: postgrest
+          - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
+            short-name: clamav
+    steps:
+      - name: Pull Third Party Docker Images
+        run: docker pull ${{ matrix.image.name }}
 
-        - name: Run Trivy vulnerability scanner on Third Party Images
-          uses: aquasecurity/trivy-action@master
-          with:
-            image-ref: '${{ matrix.image.name }}'
-            scan-type: 'image'
-            hide-progress: false
-            format: 'sarif'
-            output: 'container-results.sarif'
-            exit-code: '1'
-            ignore-unfixed: true
+      - name: Run Trivy vulnerability scanner on Third Party Images
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: '${{ matrix.image.name }}'
+          scan-type: 'image'
+          hide-progress: false
+          format: 'sarif'
+          output: 'container-results.sarif'
+          exit-code: '1'
+          ignore-unfixed: true
 
-        - name: Upload Trivy scan results to GitHub Security tab of Third Party Images
-          uses: github/codeql-action/upload-sarif@v2
-          with:
-            sarif_file: 'container-results.sarif'
+      - name: Upload Trivy scan results to GitHub Security tab of Third Party Images
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'container-results.sarif'
 

From 11c7e2b4e1e0a393a63a27fc9f3c2f7d576af412 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 15:31:56 -0400
Subject: [PATCH 203/378] Testing scanning

---
 .github/workflows/scan-images.yml |  4 ++--
 .github/workflows/trivy.yml       | 36 ++-----------------------------
 2 files changed, 4 insertions(+), 36 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index cb9594f76d..bcf0abda2f 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -61,12 +61,12 @@ jobs:
           fi
 
       - name: Scan Image
-        run: docker run aquasec/trivy:latest image --timeout 5m --scanners vuln --exit-code 1 --output trivy-results.sarif --severity CRITICAL,HIGH  ${{ matrix.image.name }}
+        run: docker run aquasec/trivy:latest image --timeout 5m --scanners vuln --exit-code 1 --template "@contrib/sarif.tpl" -o report.sarif --severity CRITICAL,HIGH  ${{ matrix.image.name }}
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: 'report.sarif'
 
       - name: Tag Image
         run: |
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index d7c52f0e5d..8da3c6f0ad 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -67,38 +67,6 @@ jobs:
         with:
           sarif_file: 'webcontainer-results.sarif'
 
-  scan-other:
-    permissions:
-      contents: read
-      security-events: write
-      actions: read
-    name: Trivy Scan Third Party Images
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        image:
-          - name: postgrest/postgrest:latest
-            short-name: postgrest
-          - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
-            short-name: clamav
-    steps:
-      - name: Pull Third Party Docker Images
-        run: docker pull ${{ matrix.image.name }}
-
-      - name: Run Trivy vulnerability scanner on Third Party Images
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: '${{ matrix.image.name }}'
-          scan-type: 'image'
-          hide-progress: false
-          format: 'sarif'
-          output: 'container-results.sarif'
-          exit-code: '1'
-          ignore-unfixed: true
-
-      - name: Upload Trivy scan results to GitHub Security tab of Third Party Images
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'container-results.sarif'
+      - name: Invoke scanning of third party tools
+        uses: ./.github/workflows/scan-images.yml
 

From 6b75d9009d657676e528d990bf916c92cb0cb99f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 15:34:14 -0400
Subject: [PATCH 204/378] change format

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index bcf0abda2f..3f683ee76f 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -61,7 +61,7 @@ jobs:
           fi
 
       - name: Scan Image
-        run: docker run aquasec/trivy:latest image --timeout 5m --scanners vuln --exit-code 1 --template "@contrib/sarif.tpl" -o report.sarif --severity CRITICAL,HIGH  ${{ matrix.image.name }}
+        run: docker run aquasec/trivy:latest image --timeout 5m --scanners vuln --exit-code 1 --format template --template "@contrib/sarif.tpl" -o report.sarif --severity CRITICAL,HIGH  ${{ matrix.image.name }}
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2

From 1fa620f6e2492765e7a2f636658d6adcd6086a9f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 15:37:16 -0400
Subject: [PATCH 205/378] changes

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 3f683ee76f..d39e5a7256 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -61,7 +61,7 @@ jobs:
           fi
 
       - name: Scan Image
-        run: docker run aquasec/trivy:latest image --timeout 5m --scanners vuln --exit-code 1 --format template --template "@contrib/sarif.tpl" -o report.sarif --severity CRITICAL,HIGH  ${{ matrix.image.name }}
+        run: docker run aquasec/trivy:latest image --timeout 5m --scanners vuln --exit-code 1 --format sarif -o report.sarif --severity CRITICAL,HIGH  ${{ matrix.image.name }}
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2

From 7dba712430fdcae0ab58c6ac6290b49b92e77c34 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 15:39:32 -0400
Subject: [PATCH 206/378] testing trivy

---
 .github/workflows/trivy.yml | 54 +++++++++++++++++++++++++++++--------
 1 file changed, 43 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 8da3c6f0ad..bf744de6d2 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -47,26 +47,58 @@ jobs:
         run: |
           echo "date=$(date +%Y%m%d%H%M%S)" >> $GITHUB_OUTPUT
 
-      - name: Build Container
-        working-directory: ${{ env.WORKING_DIRECTORY }}
-        run: docker build -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} .
+      # - name: Build Container
+      #   working-directory: ${{ env.WORKING_DIRECTORY }}
+      #   run: docker build -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} .
 
-      - name: Run Trivy vulnerability scanner
+      # - name: Run Trivy vulnerability scanner
+      #   uses: aquasecurity/trivy-action@master
+      #   with:
+      #     image-ref: '${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}'
+      #     scan-type: 'image'
+      #     hide-progress: false
+      #     format: 'sarif'
+      #     output: 'webcontainer-results.sarif'
+      #     exit-code: '1'
+      #     ignore-unfixed: true
+
+      # - name: Upload Trivy scan results to GitHub Security tab
+      #   uses: github/codeql-action/upload-sarif@v2
+      #   with:
+      #     sarif_file: 'webcontainer-results.sarif'
+
+  scan-third-party:
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+    name: Trivy Scan Third Party Images
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        image:
+          - name: postgrest/postgrest:latest
+            short-name: postgrest
+          - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
+            short-name: clamav
+    steps:
+      - name: Pull Third Party Docker Images
+        run: docker pull ${{ matrix.image.name }}
+
+      - name: Run Trivy vulnerability scanner on Third Party Images
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: '${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}'
+          image-ref: '${{ matrix.image.name }}'
           scan-type: 'image'
           hide-progress: false
           format: 'sarif'
-          output: 'webcontainer-results.sarif'
+          output: 'container-results.sarif'
           exit-code: '1'
           ignore-unfixed: true
 
-      - name: Upload Trivy scan results to GitHub Security tab
+      - name: Upload Trivy scan results to GitHub Security tab of Third Party Images
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: 'webcontainer-results.sarif'
-
-      - name: Invoke scanning of third party tools
-        uses: ./.github/workflows/scan-images.yml
+          sarif_file: 'container-results.sarif'
 

From 9a6c4feb4ef57f71f4ecd6ac32746bf13c2830fc Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 15:45:50 -0400
Subject: [PATCH 207/378] update scanning

---
 .github/workflows/scan-images.yml | 165 ++++++++++++++++--------------
 1 file changed, 87 insertions(+), 78 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index d39e5a7256..2fefb61afd 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -1,91 +1,100 @@
 ---
-name: Scan Images
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: '0 8 * * 0'
+  name: Scan Images
+  on:
+    workflow_dispatch:
+  jobs:
+    docker-update:
+      runs-on: ubuntu-latest
+      permissions:
+        contents: read
+        packages: write
+        security-events: write
+      env:
+        GH_REPO: ghcr.io/asteel-gsa/fac
+      strategy:
+        fail-fast: false
+        matrix:
+          image:
+            - name: postgrest/postgrest:latest
+              tname: postgrest
+            - name: swaggerapi/swagger-ui:latest
+              tname: swagger
+            - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
+              tname: clamav
 
-jobs:
-  docker-update:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      security-events: write
-    env:
-      GH_REPO: ghcr.io/asteel-gsa/fac
-    strategy:
-      fail-fast: false
-      matrix:
-        image:
-          - name: postgrest/postgrest:latest
-            tname: postgrest
-          - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
-            tname: clamav
+      steps:
+        - name: Checkout
+          uses: actions/checkout@v3
 
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
+        - name: Fetch version number artifact
+          uses: dawidd6/action-download-artifact@v2
+          with:
+            name: ${{ matrix.image.tname }}
+          continue-on-error: true
 
-      - name: Fetch version number artifact
-        uses: dawidd6/action-download-artifact@v2
-        with:
-          name: ${{ matrix.image.tname }}
-        continue-on-error: true
+        - name: Initialize version number
+          shell: bash
+          run: |
+            current_date=$(date +%s)
+            start_date=$((current_date - 31536000))
+            value=`cat ${{ matrix.image.tname }}.txt || echo $start_date`
+            touch  ${{ matrix.image.tname }}.txt
+            echo $value > ${{ matrix.image.tname }}.txt
 
-      - name: Initialize version number
-        shell: bash
-        run: |
-          current_date=$(date +%s)
-          start_date=$((current_date - 31536000))
-          value=`cat ${{ matrix.image.tname }}.txt || echo $start_date`
-          touch  ${{ matrix.image.tname }}.txt
-          echo $value > ${{ matrix.image.tname }}.txt
+        - name: Pull Docker Image
+          run: docker pull ${{ matrix.image.name }}
+        - name: Check Image Creation Date
+          run: |
+            last_image_date=`cat ${{ matrix.image.tname }}.txt`
+            image_creation_date=$(date -d "$(docker inspect -f '{{ .Created }}' ${{ matrix.image.name }})" +%s)
 
-      - name: Pull Docker Image
-        run: docker pull ${{ matrix.image.name }}
+            echo $last_image_date
+            echo $image_creation_date
+            if [[ $image_creation_date -le $last_image_date ]]; then
+              echo "We have the latest version already"
+              exit 1
+            else
+              echo "We have an updated version"
+              echo $image_creation_date > ${{ matrix.image.tname }}.txt
+            fi
 
-      - name: Check Image Creation Date
-        run: |
-          last_image_date=`cat ${{ matrix.image.tname }}.txt`
-          image_creation_date=$(date -d "$(docker inspect -f '{{ .Created }}' ${{ matrix.image.name }})" +%s)
+        - name: Run Trivy vulnerability scanner on Third Party Images
+          uses: aquasecurity/trivy-action@master
+          with:
+            image-ref: ${{ matrix.image.name }}
+            scan-type: 'image'
+            hide-progress: false
+            format: 'sarif'
+            output: 'scan-results.sarif'
+            exit-code: '1'
+            ignore-unfixed: true
 
-          echo $last_image_date
-          echo $image_creation_date
-          if [[ $image_creation_date -le $last_image_date ]]; then
-            echo "We have the latest version already"
-            exit 1
-          else
-            echo "We have an updated version"
-            echo $image_creation_date > ${{ matrix.image.tname }}.txt
-          fi
+        - name: Upload Trivy scan results to GitHub Security tab of Third Party Images
+          uses: github/codeql-action/upload-sarif@v2
+          with:
+            sarif_file: 'scan-results.sarif'
 
-      - name: Scan Image
-        run: docker run aquasec/trivy:latest image --timeout 5m --scanners vuln --exit-code 1 --format sarif -o report.sarif --severity CRITICAL,HIGH  ${{ matrix.image.name }}
+        # - name: Scan Image
+        #   run: docker run aquasec/trivy:latest  image --timeout 5m --scanners vuln --exit-code 1 --severity CRITICAL,HIGH  ${{ matrix.image.name }}
 
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'report.sarif'
+        - name: Tag Image
+          run: |
+            image_creation_date=$(date -d "$(docker inspect -f '{{ .Created }}' ${{ matrix.image.name }})" +%s)
+            docker tag ${{ matrix.image.name }} ${{ env.GH_REPO }}/${{ matrix.image.tname }}:latest
+            docker tag ${{ matrix.image.name }} ${{ env.GH_REPO }}/${{ matrix.image.tname }}:$image_creation_date
 
-      - name: Tag Image
-        run: |
-          date=$(date +%Y%m%d)
-          docker tag ${{ matrix.image.name }} ${{ env.GH_REPO }}/${{ matrix.image.tname }}:latest
-          docker tag ${{ matrix.image.name }} ${{ env.GH_REPO }}/${{ matrix.image.tname }}:$date
+        - name: Login to GitHub Container Registry
+          uses: docker/login-action@v2
+          with:
+            registry: ghcr.io
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+        - name: Push Image
+          run: docker push --all-tags ${{ env.GH_REPO }}/${{ matrix.image.tname }}
 
-      - name: Push Image
-        run: docker push --all-tags ${{ env.GH_REPO }}/${{ matrix.image.tname }}
-
-      - name: Upload version number
-        uses: actions/upload-artifact@v3
-        with:
-          name: ${{ matrix.image.tname }}
-          path: ${{ matrix.image.tname }}.txt
+        - name: Upload version number
+          uses: actions/upload-artifact@v3
+          with:
+            name: ${{ matrix.image.tname }}
+            path: ${{ matrix.image.tname }}.txt

From ed0609fe859fa826f2f2a5da2fcb30f5e972799d Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 15:46:35 -0400
Subject: [PATCH 208/378] remove clamav for testing

---
 .github/workflows/scan-images.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 2fefb61afd..57e0f3591b 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -19,8 +19,8 @@
               tname: postgrest
             - name: swaggerapi/swagger-ui:latest
               tname: swagger
-            - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
-              tname: clamav
+            # - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
+            #   tname: clamav
 
       steps:
         - name: Checkout

From 9c16f3c69041e3ab58c446f8342a62703117ba01 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 15:47:04 -0400
Subject: [PATCH 209/378] remove scan

---
 .github/workflows/trivy.yml | 86 ++++++++++++++++++-------------------
 1 file changed, 43 insertions(+), 43 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index bf744de6d2..e2a11ca4d2 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -47,58 +47,58 @@ jobs:
         run: |
           echo "date=$(date +%Y%m%d%H%M%S)" >> $GITHUB_OUTPUT
 
-      # - name: Build Container
-      #   working-directory: ${{ env.WORKING_DIRECTORY }}
-      #   run: docker build -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} .
+      - name: Build Container
+        working-directory: ${{ env.WORKING_DIRECTORY }}
+        run: docker build -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} .
 
-      # - name: Run Trivy vulnerability scanner
-      #   uses: aquasecurity/trivy-action@master
-      #   with:
-      #     image-ref: '${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}'
-      #     scan-type: 'image'
-      #     hide-progress: false
-      #     format: 'sarif'
-      #     output: 'webcontainer-results.sarif'
-      #     exit-code: '1'
-      #     ignore-unfixed: true
-
-      # - name: Upload Trivy scan results to GitHub Security tab
-      #   uses: github/codeql-action/upload-sarif@v2
-      #   with:
-      #     sarif_file: 'webcontainer-results.sarif'
-
-  scan-third-party:
-    permissions:
-      contents: read
-      security-events: write
-      actions: read
-    name: Trivy Scan Third Party Images
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        image:
-          - name: postgrest/postgrest:latest
-            short-name: postgrest
-          - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
-            short-name: clamav
-    steps:
-      - name: Pull Third Party Docker Images
-        run: docker pull ${{ matrix.image.name }}
-
-      - name: Run Trivy vulnerability scanner on Third Party Images
+      - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: '${{ matrix.image.name }}'
+          image-ref: '${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}'
           scan-type: 'image'
           hide-progress: false
           format: 'sarif'
-          output: 'container-results.sarif'
+          output: 'webcontainer-results.sarif'
           exit-code: '1'
           ignore-unfixed: true
 
-      - name: Upload Trivy scan results to GitHub Security tab of Third Party Images
+      - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: 'container-results.sarif'
+          sarif_file: 'webcontainer-results.sarif'
+
+  # scan-third-party:
+  #   permissions:
+  #     contents: read
+  #     security-events: write
+  #     actions: read
+  #   name: Trivy Scan Third Party Images
+  #   runs-on: ubuntu-latest
+  #   strategy:
+  #     fail-fast: false
+  #     matrix:
+  #       image:
+  #         - name: postgrest/postgrest:latest
+  #           short-name: postgrest
+  #         - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
+  #           short-name: clamav
+  #   steps:
+  #     - name: Pull Third Party Docker Images
+  #       run: docker pull ${{ matrix.image.name }}
+
+  #     - name: Run Trivy vulnerability scanner on Third Party Images
+  #       uses: aquasecurity/trivy-action@master
+  #       with:
+  #         image-ref: '${{ matrix.image.name }}'
+  #         scan-type: 'image'
+  #         hide-progress: false
+  #         format: 'sarif'
+  #         output: 'container-results.sarif'
+  #         exit-code: '1'
+  #         ignore-unfixed: true
+
+  #     - name: Upload Trivy scan results to GitHub Security tab of Third Party Images
+  #       uses: github/codeql-action/upload-sarif@v2
+  #       with:
+  #         sarif_file: 'container-results.sarif'
 

From 480a1f4bdc159cf366899574bab98b5e3e70845b Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 16:03:50 -0400
Subject: [PATCH 210/378] testing trivy

---
 .github/workflows/trivy.yml | 73 ++++++++++++++++++++-----------------
 1 file changed, 39 insertions(+), 34 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index e2a11ca4d2..32adab8007 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -21,6 +21,10 @@ on:
         required: true
         type: string
         default: ./backend
+  push:
+    branches:
+      - main
+      - test
 
 permissions:
   contents: read
@@ -31,6 +35,7 @@ env:
 
 jobs:
   trivy:
+    needs: [scan-third-party]
     permissions:
       contents: read
       security-events: write
@@ -58,47 +63,47 @@ jobs:
           scan-type: 'image'
           hide-progress: false
           format: 'sarif'
-          output: 'webcontainer-results.sarif'
+          output: 'scan-results.sarif'
           exit-code: '1'
           ignore-unfixed: true
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: 'webcontainer-results.sarif'
+          sarif_file: 'scan-results.sarif'
 
-  # scan-third-party:
-  #   permissions:
-  #     contents: read
-  #     security-events: write
-  #     actions: read
-  #   name: Trivy Scan Third Party Images
-  #   runs-on: ubuntu-latest
-  #   strategy:
-  #     fail-fast: false
-  #     matrix:
-  #       image:
-  #         - name: postgrest/postgrest:latest
-  #           short-name: postgrest
-  #         - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
-  #           short-name: clamav
-  #   steps:
-  #     - name: Pull Third Party Docker Images
-  #       run: docker pull ${{ matrix.image.name }}
+  scan-third-party:
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+    name: Trivy Scan Third Party Images
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        image:
+          - name: ghcr.io/asteel-gsa/fac/postgrest:latest
+            short-name: postgrest
+          - name: ghcr.io/asteel-gsa/fac/swagger:latest
+            short-name: clamav
+    steps:
+      - name: Pull Third Party Docker Images
+        run: docker pull ${{ matrix.image.name }}
 
-  #     - name: Run Trivy vulnerability scanner on Third Party Images
-  #       uses: aquasecurity/trivy-action@master
-  #       with:
-  #         image-ref: '${{ matrix.image.name }}'
-  #         scan-type: 'image'
-  #         hide-progress: false
-  #         format: 'sarif'
-  #         output: 'container-results.sarif'
-  #         exit-code: '1'
-  #         ignore-unfixed: true
+      - name: Run Trivy vulnerability scanner on Third Party Images
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: '${{ matrix.image.name }}'
+          scan-type: 'image'
+          hide-progress: false
+          format: 'sarif'
+          output: 'scan-results.sarif'
+          exit-code: '1'
+          ignore-unfixed: true
 
-  #     - name: Upload Trivy scan results to GitHub Security tab of Third Party Images
-  #       uses: github/codeql-action/upload-sarif@v2
-  #       with:
-  #         sarif_file: 'container-results.sarif'
+      - name: Upload Trivy scan results to GitHub Security tab of Third Party Images
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'scan-results.sarif'
 

From 517382ee25ed2baec9cdebda236fe06042479538 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 16:08:32 -0400
Subject: [PATCH 211/378] add env for on push

---
 .github/workflows/trivy.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 32adab8007..0de4baf19b 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -30,8 +30,8 @@ permissions:
   contents: read
 
 env:
-    DOCKER_NAME: ${{ inputs.docker-name }}
-    WORKING_DIRECTORY: ${{ inputs.work-dir }}
+  DOCKER_NAME: ${{ inputs.docker-name }}
+  WORKING_DIRECTORY: ${{ inputs.work-dir }}
 
 jobs:
   trivy:
@@ -42,6 +42,9 @@ jobs:
       actions: read
     name: Trivy Scan
     runs-on: ubuntu-latest
+    env:
+      DOCKER_NAME: fac
+      WORKING_DIRECTORY: ./backend
     steps:
       - name: Checkout
         uses: actions/checkout@v3

From e26c3503d635f971f1ac41f60a749b08c0e0c22c Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 16:49:39 -0400
Subject: [PATCH 212/378] testing exit code

---
 .github/workflows/scan-images.yml |  2 +-
 .github/workflows/trivy.yml       | 10 ++++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 57e0f3591b..703234af4d 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -66,7 +66,7 @@
             hide-progress: false
             format: 'sarif'
             output: 'scan-results.sarif'
-            exit-code: '1'
+            exit-code: 1
             ignore-unfixed: true
 
         - name: Upload Trivy scan results to GitHub Security tab of Third Party Images
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 0de4baf19b..179e72641d 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -24,7 +24,9 @@ on:
   push:
     branches:
       - main
-      - test
+      - prod
+    tags:
+      - v1.*
 
 permissions:
   contents: read
@@ -32,6 +34,8 @@ permissions:
 env:
   DOCKER_NAME: ${{ inputs.docker-name }}
   WORKING_DIRECTORY: ${{ inputs.work-dir }}
+  CLAMAV_IMAGE: 'ghcr.io/asteel-gsa/fac/clamav:latest'
+  POSTGREST_IMAGE: 'ghcr.io/asteel-gsa/fac/postgrest:latest'
 
 jobs:
   trivy:
@@ -87,9 +91,7 @@ jobs:
       matrix:
         image:
           - name: ghcr.io/asteel-gsa/fac/postgrest:latest
-            short-name: postgrest
-          - name: ghcr.io/asteel-gsa/fac/swagger:latest
-            short-name: clamav
+          - name: ghcr.io/asteel-gsa/fac/clamav:latest
     steps:
       - name: Pull Third Party Docker Images
         run: docker pull ${{ matrix.image.name }}

From c659e06c4d9e06605f5ff45201460a2ccd87f40b Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 16:52:14 -0400
Subject: [PATCH 213/378] fixes

---
 .github/workflows/scan-images.yml | 1 -
 .github/workflows/trivy.yml       | 3 ---
 2 files changed, 4 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 703234af4d..aeee335e11 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -52,7 +52,6 @@
             echo $image_creation_date
             if [[ $image_creation_date -le $last_image_date ]]; then
               echo "We have the latest version already"
-              exit 1
             else
               echo "We have an updated version"
               echo $image_creation_date > ${{ matrix.image.tname }}.txt
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 179e72641d..dfaff6d6e4 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -23,7 +23,6 @@ on:
         default: ./backend
   push:
     branches:
-      - main
       - prod
     tags:
       - v1.*
@@ -34,8 +33,6 @@ permissions:
 env:
   DOCKER_NAME: ${{ inputs.docker-name }}
   WORKING_DIRECTORY: ${{ inputs.work-dir }}
-  CLAMAV_IMAGE: 'ghcr.io/asteel-gsa/fac/clamav:latest'
-  POSTGREST_IMAGE: 'ghcr.io/asteel-gsa/fac/postgrest:latest'
 
 jobs:
   trivy:

From 51381169b1de68d5a59d0bb08a7de9f8c80d4dba Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 16:57:36 -0400
Subject: [PATCH 214/378] update scanning

---
 .github/workflows/scan-images.yml | 20 ++------------------
 .github/workflows/trivy.yml       |  4 +++-
 2 files changed, 5 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index aeee335e11..587253c7d1 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -57,24 +57,8 @@
               echo $image_creation_date > ${{ matrix.image.tname }}.txt
             fi
 
-        - name: Run Trivy vulnerability scanner on Third Party Images
-          uses: aquasecurity/trivy-action@master
-          with:
-            image-ref: ${{ matrix.image.name }}
-            scan-type: 'image'
-            hide-progress: false
-            format: 'sarif'
-            output: 'scan-results.sarif'
-            exit-code: 1
-            ignore-unfixed: true
-
-        - name: Upload Trivy scan results to GitHub Security tab of Third Party Images
-          uses: github/codeql-action/upload-sarif@v2
-          with:
-            sarif_file: 'scan-results.sarif'
-
-        # - name: Scan Image
-        #   run: docker run aquasec/trivy:latest  image --timeout 5m --scanners vuln --exit-code 1 --severity CRITICAL,HIGH  ${{ matrix.image.name }}
+        - name: Scan Image
+          run: docker run aquasec/trivy:latest  image --timeout 5m --scanners vuln --exit-code 1 --severity CRITICAL,HIGH  ${{ matrix.image.name }}
 
         - name: Tag Image
           run: |
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index dfaff6d6e4..e368d7402d 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -69,6 +69,7 @@ jobs:
           format: 'sarif'
           output: 'scan-results.sarif'
           exit-code: '1'
+          severity: HIGH,CRITICAL
           ignore-unfixed: true
 
       - name: Upload Trivy scan results to GitHub Security tab
@@ -101,7 +102,8 @@ jobs:
           hide-progress: false
           format: 'sarif'
           output: 'scan-results.sarif'
-          exit-code: '1'
+          exit-code: 1
+          severity: HIGH,CRITICAL
           ignore-unfixed: true
 
       - name: Upload Trivy scan results to GitHub Security tab of Third Party Images

From dccf7439165e92b46a721d087a6980aa18b92ce1 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Thu, 6 Jul 2023 17:12:36 -0400
Subject: [PATCH 215/378] update scanning

---
 .github/workflows/scan-images.yml | 38 ++-----------------------------
 1 file changed, 2 insertions(+), 36 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 587253c7d1..72623cc95d 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -26,45 +26,17 @@
         - name: Checkout
           uses: actions/checkout@v3
 
-        - name: Fetch version number artifact
-          uses: dawidd6/action-download-artifact@v2
-          with:
-            name: ${{ matrix.image.tname }}
-          continue-on-error: true
-
-        - name: Initialize version number
-          shell: bash
-          run: |
-            current_date=$(date +%s)
-            start_date=$((current_date - 31536000))
-            value=`cat ${{ matrix.image.tname }}.txt || echo $start_date`
-            touch  ${{ matrix.image.tname }}.txt
-            echo $value > ${{ matrix.image.tname }}.txt
-
         - name: Pull Docker Image
           run: docker pull ${{ matrix.image.name }}
-        - name: Check Image Creation Date
-          run: |
-            last_image_date=`cat ${{ matrix.image.tname }}.txt`
-            image_creation_date=$(date -d "$(docker inspect -f '{{ .Created }}' ${{ matrix.image.name }})" +%s)
-
-            echo $last_image_date
-            echo $image_creation_date
-            if [[ $image_creation_date -le $last_image_date ]]; then
-              echo "We have the latest version already"
-            else
-              echo "We have an updated version"
-              echo $image_creation_date > ${{ matrix.image.tname }}.txt
-            fi
 
         - name: Scan Image
           run: docker run aquasec/trivy:latest  image --timeout 5m --scanners vuln --exit-code 1 --severity CRITICAL,HIGH  ${{ matrix.image.name }}
 
         - name: Tag Image
           run: |
-            image_creation_date=$(date -d "$(docker inspect -f '{{ .Created }}' ${{ matrix.image.name }})" +%s)
+            date=$(date +%Y%m%d)
             docker tag ${{ matrix.image.name }} ${{ env.GH_REPO }}/${{ matrix.image.tname }}:latest
-            docker tag ${{ matrix.image.name }} ${{ env.GH_REPO }}/${{ matrix.image.tname }}:$image_creation_date
+            docker tag ${{ matrix.image.name }} ${{ env.GH_REPO }}/${{ matrix.image.tname }}:$date
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
@@ -75,9 +47,3 @@
 
         - name: Push Image
           run: docker push --all-tags ${{ env.GH_REPO }}/${{ matrix.image.tname }}
-
-        - name: Upload version number
-          uses: actions/upload-artifact@v3
-          with:
-            name: ${{ matrix.image.tname }}
-            path: ${{ matrix.image.tname }}.txt

From 2732968851c99e024de49b280af9b5bd02697098 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 08:09:11 -0400
Subject: [PATCH 216/378] testing

---
 .github/workflows/scan-images.yml | 24 +++++------
 .github/workflows/trivy.yml       | 38 ++++-------------
 backend/docker-compose-test.yml   | 70 -------------------------------
 3 files changed, 19 insertions(+), 113 deletions(-)
 delete mode 100644 backend/docker-compose-test.yml

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 72623cc95d..829b94316b 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -1,26 +1,26 @@
 ---
-  name: Scan Images
+  name: Pull Third Party Containers, Scan, and Publish to GHCR
   on:
     workflow_dispatch:
+    schedule:
+      - cron: '0 8 * * 0'
+
   jobs:
-    docker-update:
+    pull-and-scan:
       runs-on: ubuntu-latest
       permissions:
         contents: read
         packages: write
-        security-events: write
       env:
-        GH_REPO: ghcr.io/asteel-gsa/fac
+        GH_REPO: asteel-gsa/fac
       strategy:
         fail-fast: false
         matrix:
           image:
             - name: postgrest/postgrest:latest
-              tname: postgrest
-            - name: swaggerapi/swagger-ui:latest
-              tname: swagger
-            # - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
-            #   tname: clamav
+              short-name: postgrest
+            - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
+              short-name: clamav
 
       steps:
         - name: Checkout
@@ -35,8 +35,8 @@
         - name: Tag Image
           run: |
             date=$(date +%Y%m%d)
-            docker tag ${{ matrix.image.name }} ${{ env.GH_REPO }}/${{ matrix.image.tname }}:latest
-            docker tag ${{ matrix.image.name }} ${{ env.GH_REPO }}/${{ matrix.image.tname }}:$date
+            docker tag ${{ matrix.image.name }} ${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+            docker tag ${{ matrix.image.name }} ${{ env.GH_REPO }}/${{ matrix.image.short-name }}:$date
 
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v2
@@ -46,4 +46,4 @@
             password: ${{ secrets.GITHUB_TOKEN }}
 
         - name: Push Image
-          run: docker push --all-tags ${{ env.GH_REPO }}/${{ matrix.image.tname }}
+          run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.tname }}
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index e368d7402d..8ec41edaae 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -2,25 +2,7 @@
 name: Trivy Scan
 on:
   workflow_dispatch:
-    inputs:
-      docker-name:
-        required: true
-        type: string
-        default: fac
-      work-dir:
-        required: true
-        type: string
-        default: ./backend
   workflow_call:
-    inputs:
-      docker-name:
-        required: true
-        type: string
-        default: fac
-      work-dir:
-        required: true
-        type: string
-        default: ./backend
   push:
     branches:
       - prod
@@ -30,10 +12,6 @@ on:
 permissions:
   contents: read
 
-env:
-  DOCKER_NAME: ${{ inputs.docker-name }}
-  WORKING_DIRECTORY: ${{ inputs.work-dir }}
-
 jobs:
   trivy:
     needs: [scan-third-party]
@@ -41,11 +19,11 @@ jobs:
       contents: read
       security-events: write
       actions: read
-    name: Trivy Scan
-    runs-on: ubuntu-latest
     env:
       DOCKER_NAME: fac
       WORKING_DIRECTORY: ./backend
+    name: Trivy Scan FAC Web Container
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -67,15 +45,14 @@ jobs:
           scan-type: 'image'
           hide-progress: false
           format: 'sarif'
-          output: 'scan-results.sarif'
+          output: 'trivy-results.sarif'
           exit-code: '1'
-          severity: HIGH,CRITICAL
           ignore-unfixed: true
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: 'scan-results.sarif'
+          sarif_file: 'trivy-results.sarif'
 
   scan-third-party:
     permissions:
@@ -88,8 +65,8 @@ jobs:
       fail-fast: false
       matrix:
         image:
-          - name: ghcr.io/asteel-gsa/fac/postgrest:latest
-          - name: ghcr.io/asteel-gsa/fac/clamav:latest
+          - name: ghcr.io/gsa-tts/fac/postgrest:latest
+          - name: ghcr.io/gsa-tts/fac/clamav:latest
     steps:
       - name: Pull Third Party Docker Images
         run: docker pull ${{ matrix.image.name }}
@@ -106,8 +83,7 @@ jobs:
           severity: HIGH,CRITICAL
           ignore-unfixed: true
 
-      - name: Upload Trivy scan results to GitHub Security tab of Third Party Images
+      - name: Upload Trivy scan results to GitHub Security tab for Third Party Images
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: 'scan-results.sarif'
-
diff --git a/backend/docker-compose-test.yml b/backend/docker-compose-test.yml
deleted file mode 100644
index ed293054fb..0000000000
--- a/backend/docker-compose-test.yml
+++ /dev/null
@@ -1,70 +0,0 @@
-version: "3.7"
-
-services:
-  db:
-    image: "postgres:12"
-    environment:
-      - "POSTGRES_HOST_AUTH_METHOD=trust"
-    volumes:
-      - postgres-data:/var/lib/postgresql/data/
-    ports:
-      - "5432:5432"
-
-  web:
-    image: ghcr.io/asteel-gsa/fac/web-container:latest
-    command: /src/run.sh
-    depends_on:
-      - db
-      - minio
-    environment:
-      - "DATABASE_URL=postgres://postgres@db/postgres"
-      - "DJANGO_DEBUG=true"
-      - "SAM_API_KEY=${SAM_API_KEY}"
-      - "DJANGO_BASE_URL=http://localhost:8000"
-      - "DJANGO_SECRET_LOGIN_KEY=${DJANGO_SECRET_LOGIN_KEY}"
-      - "ENV=${ENV}"
-      - "SECRET_KEY=${SECRET_KEY}"
-      - "ALLOWED_HOSTS=0.0.0.0 127.0.0.1 localhost"
-      - "AV_SCAN_URL=http://clamav-rest:9000/scan"
-      - "DISABLE_AUTH=${DISABLE_AUTH:-False}"
-      - "LOCALSTACK_HOST=localstack"
-    env_file:
-      - ".env"
-    ports:
-      - "8000:8000"
-    volumes:
-      - .:/src
-      - /src/node_modules
-      - /src/staticfiles
-  clamav-rest:
-    image: ghcr.io/gsa-tts/fac/clamav:latest
-    environment:
-      - MAX_FILE_SIZE=25M
-      - SIGNATURE_CHECKS=1
-    ports:
-      - "9000:9000"
-  minio:
-    container_name: "minio"
-    image: minio/minio
-    command: server /tmp/minio --console-address ":9002"
-    ports:
-      - "9001:9000"
-      - "9002:9002"
-    volumes:
-      - "minio-vol:/tmp/minio"
-  api:
-    image: ghcr.io/gsa-tts/fac/postgrest:latest
-    ports:
-      - "3000:3000"
-    expose:
-      - "3000"
-    environment:
-      PGRST_DB_URI: postgres://postgres@db:5432/postgres
-      PGRST_OPENAPI_SERVER_PROXY_URI: http://127.0.0.1:3000
-      PGRST_DB_ANON_ROLE: anon
-      PGRST_DB_SCHEMAS: api
-    depends_on:
-      - db
-volumes:
-  postgres-data:
-  minio-vol:

From bed76df73379d3bb7e918ed0e79d9ce40ce08cca Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 08:10:47 -0400
Subject: [PATCH 217/378] fixes

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 829b94316b..2b2a2081c5 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -46,4 +46,4 @@
             password: ${{ secrets.GITHUB_TOKEN }}
 
         - name: Push Image
-          run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.tname }}
+          run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}

From 68b61ebf803c03725b5f83e180f0626958606cb1 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 08:20:27 -0400
Subject: [PATCH 218/378] fixes

---
 .github/workflows/scan-images.yml | 101 ++++++++++++++++--------------
 1 file changed, 53 insertions(+), 48 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 2b2a2081c5..8a32b99c2e 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -1,49 +1,54 @@
 ---
-  name: Pull Third Party Containers, Scan, and Publish to GHCR
-  on:
-    workflow_dispatch:
-    schedule:
-      - cron: '0 8 * * 0'
-
-  jobs:
-    pull-and-scan:
-      runs-on: ubuntu-latest
-      permissions:
-        contents: read
-        packages: write
-      env:
-        GH_REPO: asteel-gsa/fac
-      strategy:
-        fail-fast: false
-        matrix:
-          image:
-            - name: postgrest/postgrest:latest
-              short-name: postgrest
-            - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
-              short-name: clamav
-
-      steps:
-        - name: Checkout
-          uses: actions/checkout@v3
-
-        - name: Pull Docker Image
-          run: docker pull ${{ matrix.image.name }}
-
-        - name: Scan Image
-          run: docker run aquasec/trivy:latest  image --timeout 5m --scanners vuln --exit-code 1 --severity CRITICAL,HIGH  ${{ matrix.image.name }}
-
-        - name: Tag Image
-          run: |
-            date=$(date +%Y%m%d)
-            docker tag ${{ matrix.image.name }} ${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
-            docker tag ${{ matrix.image.name }} ${{ env.GH_REPO }}/${{ matrix.image.short-name }}:$date
-
-        - name: Login to GitHub Container Registry
-          uses: docker/login-action@v2
-          with:
-            registry: ghcr.io
-            username: ${{ github.repository_owner }}
-            password: ${{ secrets.GITHUB_TOKEN }}
-
-        - name: Push Image
-          run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+name: Pull Third Party Containers, Scan, and Publish to GHCR
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 8 * * 0'
+
+jobs:
+  pull-and-scan:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    env:
+      GH_REPO: asteel-gsa/fac
+    strategy:
+      fail-fast: false
+      matrix:
+        image:
+          - name: postgrest/postgrest:latest
+            short-name: postgrest
+          - name: ghcr.io/gsa-tts/clamav-rest/clamav:latest
+            short-name: clamav
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Pull Docker Image
+        run: docker pull ${{ matrix.image.name }}
+
+      - name: Scan Image
+        run: docker run aquasec/trivy:latest  image --timeout 5m --scanners vuln --exit-code 1 --severity CRITICAL,HIGH  ${{ matrix.image.name }}
+
+      - name: Tag Image
+        run: |
+          date=$(date +%Y%m%d)
+          docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+          docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:$date
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push Image
+        run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+

From 4a966186867f388afe4ce76a61950d3804ac7f43 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 08:28:07 -0400
Subject: [PATCH 219/378] testing

---
 .github/workflows/trivy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 8ec41edaae..7e3afeb2ec 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -65,8 +65,8 @@ jobs:
       fail-fast: false
       matrix:
         image:
-          - name: ghcr.io/gsa-tts/fac/postgrest:latest
-          - name: ghcr.io/gsa-tts/fac/clamav:latest
+          - name: ghcr.io/asteel-gsa/fac/postgrest:latest
+          - name: ghcr.io/asteel-gsa/fac/clamav:latest
     steps:
       - name: Pull Third Party Docker Images
         run: docker pull ${{ matrix.image.name }}

From 3a57922f6537306c7c851c946587dcbfca7aa1ca Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 08:30:58 -0400
Subject: [PATCH 220/378] updates

---
 .github/workflows/trivy.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 7e3afeb2ec..956d7600cd 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -14,7 +14,6 @@ permissions:
 
 jobs:
   trivy:
-    needs: [scan-third-party]
     permissions:
       contents: read
       security-events: write
@@ -47,6 +46,7 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
           exit-code: '1'
+          severity: 'CRITICAL,HIGH'
           ignore-unfixed: true
 
       - name: Upload Trivy scan results to GitHub Security tab
@@ -79,8 +79,8 @@ jobs:
           hide-progress: false
           format: 'sarif'
           output: 'scan-results.sarif'
-          exit-code: 1
-          severity: HIGH,CRITICAL
+          exit-code: '1'
+          severity: 'CRITICAL,HIGH'
           ignore-unfixed: true
 
       - name: Upload Trivy scan results to GitHub Security tab for Third Party Images

From 8a75faa43b4a1fb8dc5123bcfc5d4b1e46713688 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 08:42:16 -0400
Subject: [PATCH 221/378] testing with dct key

---
 .github/workflows/build-docker-container.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 9cc132c407..c0d336cae3 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -75,9 +75,9 @@ jobs:
         working-directory: ${{ env.WORKING_DIRECTORY }}
         shell: bash
         env:
-          SSL_KEY: ${{ secrets.RSA_KEY }}
+          DCT_KEY: ${{ secrets.DCT_KEY }}
         run: |
-          echo "$SSL_KEY" > private.pem
+          echo "$DCT_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
 

From 23ed6cd665d15432ee4f5a0c0ee1df314065b939 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 08:52:50 -0400
Subject: [PATCH 222/378] testing

---
 .github/workflows/build-docker-container.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index c0d336cae3..ea6ba41073 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -75,10 +75,12 @@ jobs:
         working-directory: ${{ env.WORKING_DIRECTORY }}
         shell: bash
         env:
-          DCT_KEY: ${{ secrets.DCT_KEY }}
+          DCT_KEY: ${{ secrets.RSA_KEY }}
         run: |
+          # Set secret as private key file
           echo "$DCT_KEY" > private.pem
           chmod 600 private.pem
+          # Public key from private key
           openssl rsa -in "private.pem" -pubout > "public.pem"
 
       - name: Add signer

From 378f8810fb195bfcd05f967a03b14d8b090473c8 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 09:06:59 -0400
Subject: [PATCH 223/378] testing

---
 .github/workflows/build-docker-container.yml | 27 ++++----------------
 1 file changed, 5 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index ea6ba41073..994b1c25e9 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -73,32 +73,13 @@ jobs:
 
       - name: Create ssl key file
         working-directory: ${{ env.WORKING_DIRECTORY }}
-        shell: bash
-        env:
-          DCT_KEY: ${{ secrets.RSA_KEY }}
-        run: |
-          # Set secret as private key file
-          echo "$DCT_KEY" > private.pem
-          chmod 600 private.pem
-          # Public key from private key
-          openssl rsa -in "private.pem" -pubout > "public.pem"
+        run: docker trust key generate fac
 
       - name: Add signer
         working-directory: ${{ env.WORKING_DIRECTORY }}
         shell: bash
         run: |
-          docker trust signer add --key "public.pem" "${{ inputs.docker-name }}-team" "${{ env.GH_REPO }}/${{ env.IMAGE }}"
-
-      - name: Load the private key onto Docker trust store
-        working-directory: ${{ env.WORKING_DIRECTORY }}
-        shell: bash
-        run: |
-          docker trust key load --name "fac-codesign" "private.pem"
-          GREEN='\033[0;32m'
-          PURPLE='\033[0;35m'
-          NC='\033[0m' # No Color
-          echo -e "Confirm \"${GREEN}Successfully imported key from private.pem${NC}\"" \
-          "\nIf successful, IGNORE  \"${PURPLE}failed to import key to store: ...${NC}\" (due to unused content within private key)"
+          docker trust signer add --key cert.pem ${{ inputs.docker-name }}-team ${{ env.GH_REPO }}/${{ env.IMAGE }}
 
       - name: Build Container
         working-directory: ${{ env.WORKING_DIRECTORY }}
@@ -108,4 +89,6 @@ jobs:
         run: docker tag ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}:latest
 
       - name: Push Web Container
-        run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }} --disable-content-trust=false
+        run: |
+          export DOCKER_CONTENT_TRUST=1
+          docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }} --disable-content-trust=false

From c5b6d8e6932563d74e9e94786f1a8780983136cd Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 09:25:02 -0400
Subject: [PATCH 224/378] testing

---
 .github/workflows/build-docker-container.yml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 994b1c25e9..1fa6c8b286 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -71,15 +71,20 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Create ssl key file
+      - name: Convert Key to PEM
         working-directory: ${{ env.WORKING_DIRECTORY }}
-        run: docker trust key generate fac
+        env:
+          RSA_KEY: ${{ secrets.RSA_KEY }}
+        run: |
+          echo "$RSA_KEY" > private.pem
+          chmod 600 private.pem
+          docker trust key load private.pem --name fac
 
       - name: Add signer
         working-directory: ${{ env.WORKING_DIRECTORY }}
         shell: bash
         run: |
-          docker trust signer add --key cert.pem ${{ inputs.docker-name }}-team ${{ env.GH_REPO }}/${{ env.IMAGE }}
+          docker trust signer add --key private.pem ${{ inputs.docker-name }}-team ${{ env.GH_REPO }}/${{ env.IMAGE }}
 
       - name: Build Container
         working-directory: ${{ env.WORKING_DIRECTORY }}

From e7918370ccf8fdf24adf9b4811f4981d5cd31a11 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 09:36:25 -0400
Subject: [PATCH 225/378] modify signer logic

---
 .github/workflows/build-docker-container.yml | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 1fa6c8b286..0e78f8bbc7 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -71,19 +71,14 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Convert Key to PEM
+      - name: Add signer
         working-directory: ${{ env.WORKING_DIRECTORY }}
+        shell: bash
         env:
           RSA_KEY: ${{ secrets.RSA_KEY }}
         run: |
           echo "$RSA_KEY" > private.pem
           chmod 600 private.pem
-          docker trust key load private.pem --name fac
-
-      - name: Add signer
-        working-directory: ${{ env.WORKING_DIRECTORY }}
-        shell: bash
-        run: |
           docker trust signer add --key private.pem ${{ inputs.docker-name }}-team ${{ env.GH_REPO }}/${{ env.IMAGE }}
 
       - name: Build Container

From b7ceccf9c46c35647e75e6ca815f61b08ec0b56e Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 09:38:24 -0400
Subject: [PATCH 226/378] make public.pem

---
 .github/workflows/build-docker-container.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 0e78f8bbc7..53d0859917 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -79,7 +79,8 @@ jobs:
         run: |
           echo "$RSA_KEY" > private.pem
           chmod 600 private.pem
-          docker trust signer add --key private.pem ${{ inputs.docker-name }}-team ${{ env.GH_REPO }}/${{ env.IMAGE }}
+          openssl rsa -in private.pem -pubout > public.pem
+          docker trust signer add --key public.pem ${{ inputs.docker-name }}-team ${{ env.GH_REPO }}/${{ env.IMAGE }}
 
       - name: Build Container
         working-directory: ${{ env.WORKING_DIRECTORY }}

From 286b6102bcb78a6216808d3af73ab617a4005dc7 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 09:41:35 -0400
Subject: [PATCH 227/378] modify signer logic

---
 .github/workflows/build-docker-container.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 53d0859917..58d276b548 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -77,9 +77,8 @@ jobs:
         env:
           RSA_KEY: ${{ secrets.RSA_KEY }}
         run: |
-          echo "$RSA_KEY" > private.pem
-          chmod 600 private.pem
-          openssl rsa -in private.pem -pubout > public.pem
+          echo "$RSA_KEY" > public.pem
+          chmod 600 public.pem
           docker trust signer add --key public.pem ${{ inputs.docker-name }}-team ${{ env.GH_REPO }}/${{ env.IMAGE }}
 
       - name: Build Container

From 967b0ab831e4ca6ceee9847803145eee50b0a531 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 09:45:22 -0400
Subject: [PATCH 228/378] testing

---
 .github/workflows/build-docker-container.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 58d276b548..84f7aa7c24 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -77,9 +77,10 @@ jobs:
         env:
           RSA_KEY: ${{ secrets.RSA_KEY }}
         run: |
-          echo "$RSA_KEY" > public.pem
-          chmod 600 public.pem
-          docker trust signer add --key public.pem ${{ inputs.docker-name }}-team ${{ env.GH_REPO }}/${{ env.IMAGE }}
+          echo "$RSA_KEY" > private.pem
+          chmod 600 private.pem
+          ssh-keygen -y -f private.pem > key.pub
+          docker trust signer add --key key.pub ${{ inputs.docker-name }}-team ${{ env.GH_REPO }}/${{ env.IMAGE }}
 
       - name: Build Container
         working-directory: ${{ env.WORKING_DIRECTORY }}

From 30a6a8c3378afbdb4b81f02acc3b9dfce25ec9f6 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 09:49:28 -0400
Subject: [PATCH 229/378] testing

---
 .github/workflows/build-docker-container.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index 84f7aa7c24..fc3e9cd67e 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -71,7 +71,7 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Add signer
+      - name: Get public key
         working-directory: ${{ env.WORKING_DIRECTORY }}
         shell: bash
         env:
@@ -80,7 +80,10 @@ jobs:
           echo "$RSA_KEY" > private.pem
           chmod 600 private.pem
           ssh-keygen -y -f private.pem > key.pub
-          docker trust signer add --key key.pub ${{ inputs.docker-name }}-team ${{ env.GH_REPO }}/${{ env.IMAGE }}
+
+      - name: Add Signer
+        working-directory: ${{ env.WORKING_DIRECTORY }}
+        run: docker trust signer add --key key.pub ${{ inputs.docker-name }}-team ${{ env.GH_REPO }}/${{ env.IMAGE }}
 
       - name: Build Container
         working-directory: ${{ env.WORKING_DIRECTORY }}

From d48fe7b88881a7a753ec8de71193de7bc5a91911 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 09:51:37 -0400
Subject: [PATCH 230/378] test

---
 .github/workflows/build-docker-container.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index fc3e9cd67e..fa262ddb77 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -77,13 +77,11 @@ jobs:
         env:
           RSA_KEY: ${{ secrets.RSA_KEY }}
         run: |
-          echo "$RSA_KEY" > private.pem
-          chmod 600 private.pem
-          ssh-keygen -y -f private.pem > key.pub
+          echo "$RSA_KEY" > public.pem
 
       - name: Add Signer
         working-directory: ${{ env.WORKING_DIRECTORY }}
-        run: docker trust signer add --key key.pub ${{ inputs.docker-name }}-team ${{ env.GH_REPO }}/${{ env.IMAGE }}
+        run: docker trust signer add --key public.pem ${{ inputs.docker-name }}-team ${{ env.GH_REPO }}/${{ env.IMAGE }}
 
       - name: Build Container
         working-directory: ${{ env.WORKING_DIRECTORY }}

From 1f87abffa2ab9f92f896d23598cb5a74f11bb599 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 12:13:27 -0400
Subject: [PATCH 231/378] testing dct

---
 .github/workflows/scan-images.yml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 8a32b99c2e..95beb316fa 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -49,6 +49,35 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Create ssl key file
+        working-directory: ./backend
+        run: |
+          echo "$SSL_KEY" > private.pem
+          chmod 600 private.pem
+          openssl rsa -in "private.pem" -pubout > "public.pem"
+        shell: bash
+        env:
+          SSL_KEY: ${{ secrets.RSA_KEY }}
+
+      - name: Add signer
+        working-directory: prime-router
+        shell: bash
+        run: |
+          # Delegate signing using the public key
+          # Runs once if signer does not exist
+          docker trust signer add --key "public.pem" fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+
+      - name: Load the private key onto Docker trust store
+        working-directory: prime-router
+        run: |
+          docker trust key load --name "codesign" "private.pem"
+          GREEN='\033[0;32m'
+          PURPLE='\033[0;35m'
+          NC='\033[0m' # No Color
+          echo -e "Confirm \"${GREEN}Successfully imported key from private.pem${NC}\"" \
+          "\nIf successful, IGNORE  \"${PURPLE}failed to import key to store: ...${NC}\" (due to unused content within private key)"
+        shell: bash
+
       - name: Push Image
         run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 

From df52adbd933f6db4f332e9c9da5b309db94e25da Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 12:16:05 -0400
Subject: [PATCH 232/378] add pass to stdin

---
 .github/workflows/scan-images.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 95beb316fa..3d2b760231 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -52,12 +52,13 @@ jobs:
       - name: Create ssl key file
         working-directory: ./backend
         run: |
-          echo "$SSL_KEY" > private.pem
+          echo "$SSL_KEY" > private.pem <<< $DCT_PASS
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
         shell: bash
         env:
           SSL_KEY: ${{ secrets.RSA_KEY }}
+          DCT_PASS: ${{ secrets.DCT_ROOT_PASS }}
 
       - name: Add signer
         working-directory: prime-router

From 276b883d88adf0e565173567a7bc289df4925672 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 12:20:22 -0400
Subject: [PATCH 233/378] testing pass

---
 .github/workflows/scan-images.yml | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 3d2b760231..17136a6043 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -5,6 +5,9 @@ on:
   schedule:
     - cron: '0 8 * * 0'
 
+env:
+  SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+
 jobs:
   pull-and-scan:
     runs-on: ubuntu-latest
@@ -49,23 +52,29 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Setup SSH passphrase
+        env:
+          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+          SSH_PRIVATE_KEY: ${{secrets.RSA_KEY}}
+        run: |
+          ssh-agent -a $SSH_AUTH_SOCK > /dev/null
+          echo 'echo $SSH_PASSPHRASE' > echo '#!/bin/sh' > ~/.ssh_askpass && chmod +x ~/.ssh_askpass
+          echo "$SSH_PRIVATE_KEY" | tr -d '\r' | DISPLAY=None SSH_ASKPASS=~/.ssh_askpass ssh-add - >/dev/null
+
       - name: Create ssl key file
         working-directory: ./backend
+        shell: bash
+        env:
+          RSA_KEY: ${{ secrets.RSA_KEY }}
         run: |
-          echo "$SSL_KEY" > private.pem <<< $DCT_PASS
+          echo "$RSA_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-        shell: bash
-        env:
-          SSL_KEY: ${{ secrets.RSA_KEY }}
-          DCT_PASS: ${{ secrets.DCT_ROOT_PASS }}
 
       - name: Add signer
         working-directory: prime-router
         shell: bash
         run: |
-          # Delegate signing using the public key
-          # Runs once if signer does not exist
           docker trust signer add --key "public.pem" fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Load the private key onto Docker trust store

From 49c1bc54af3342f5d00c0a7b6fc4e3db8c7149bd Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 12:23:20 -0400
Subject: [PATCH 234/378] remove auth_sock

---
 .github/workflows/scan-images.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 17136a6043..d8dfe5dd01 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -5,9 +5,6 @@ on:
   schedule:
     - cron: '0 8 * * 0'
 
-env:
-  SSH_AUTH_SOCK: /tmp/ssh_agent.sock
-
 jobs:
   pull-and-scan:
     runs-on: ubuntu-latest
@@ -57,7 +54,6 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
           SSH_PRIVATE_KEY: ${{secrets.RSA_KEY}}
         run: |
-          ssh-agent -a $SSH_AUTH_SOCK > /dev/null
           echo 'echo $SSH_PASSPHRASE' > echo '#!/bin/sh' > ~/.ssh_askpass && chmod +x ~/.ssh_askpass
           echo "$SSH_PRIVATE_KEY" | tr -d '\r' | DISPLAY=None SSH_ASKPASS=~/.ssh_askpass ssh-add - >/dev/null
 

From 2215203fcfe5701f27213f8cfb6e142954fbc22d Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 12:24:45 -0400
Subject: [PATCH 235/378] start ssh agent

---
 .github/workflows/scan-images.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index d8dfe5dd01..7fc6a0e062 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -54,6 +54,7 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
           SSH_PRIVATE_KEY: ${{secrets.RSA_KEY}}
         run: |
+          eval `ssh-agent -s`
           echo 'echo $SSH_PASSPHRASE' > echo '#!/bin/sh' > ~/.ssh_askpass && chmod +x ~/.ssh_askpass
           echo "$SSH_PRIVATE_KEY" | tr -d '\r' | DISPLAY=None SSH_ASKPASS=~/.ssh_askpass ssh-add - >/dev/null
 

From ab69e635b09eeab4d827cac14039c923cfb270d2 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 12:28:49 -0400
Subject: [PATCH 236/378] testing auth_sock

---
 .github/workflows/scan-images.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 7fc6a0e062..245b4f801f 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -53,8 +53,10 @@ jobs:
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
           SSH_PRIVATE_KEY: ${{secrets.RSA_KEY}}
+          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
         run: |
           eval `ssh-agent -s`
+          ssh-agent -a $SSH_AUTH_SOCK > /dev/null
           echo 'echo $SSH_PASSPHRASE' > echo '#!/bin/sh' > ~/.ssh_askpass && chmod +x ~/.ssh_askpass
           echo "$SSH_PRIVATE_KEY" | tr -d '\r' | DISPLAY=None SSH_ASKPASS=~/.ssh_askpass ssh-add - >/dev/null
 

From 06f3dbf9f583aeac1c2c270395e3236bb646c2ab Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 12:30:16 -0400
Subject: [PATCH 237/378] test

---
 .github/workflows/build-docker-container.yml | 22 +++++++++++++++-----
 .github/workflows/scan-images.yml            |  2 +-
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/build-docker-container.yml
index fa262ddb77..2515b1a678 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/build-docker-container.yml
@@ -71,17 +71,29 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Get public key
+      - name: Create ssl key file
         working-directory: ${{ env.WORKING_DIRECTORY }}
+        run: |
+          echo "$SSL_KEY" > private.pem
+          chmod 600 private.pem
+          openssl rsa -in "private.pem" -pubout > "public.pem"
         shell: bash
         env:
-          RSA_KEY: ${{ secrets.RSA_KEY }}
-        run: |
-          echo "$RSA_KEY" > public.pem
+          SSL_KEY: ${{ secrets.RSA_KEY }}
 
+      - name: Confirm if runner is a signer
+        working-directory: prime-router
+        shell: bash
+        run: |
+          echo "DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=${{ secrets.DCT_ROOT_PASS }}" >> $GITHUB_ENV
+          docker trust inspect --pretty "${{ env.ACR_NAME }}/${{ env.IMAGE_REPO }}"
+          SIGNERS=$(docker trust inspect "${{ env.ACR_NAME }}/${{ env.IMAGE_REPO }}" | jq '.[].Signers')
+          if [[ "$SIGNERS" != *${{ env.IMAGE_REPO }}* ]]; then
+            echo "NEEDS_SIGNER=true" >> $GITHUB_ENV
+          fi
       - name: Add Signer
         working-directory: ${{ env.WORKING_DIRECTORY }}
-        run: docker trust signer add --key public.pem ${{ inputs.docker-name }}-team ${{ env.GH_REPO }}/${{ env.IMAGE }}
+        run: docker trust signer add --key public.pem ${{ inputs.docker-name }} ghcr.io/asteel-gsa/
 
       - name: Build Container
         working-directory: ${{ env.WORKING_DIRECTORY }}
diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 245b4f801f..c959aae085 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -54,8 +54,8 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
           SSH_PRIVATE_KEY: ${{secrets.RSA_KEY}}
           SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+          # eval ssh-agent -s
         run: |
-          eval `ssh-agent -s`
           ssh-agent -a $SSH_AUTH_SOCK > /dev/null
           echo 'echo $SSH_PASSPHRASE' > echo '#!/bin/sh' > ~/.ssh_askpass && chmod +x ~/.ssh_askpass
           echo "$SSH_PRIVATE_KEY" | tr -d '\r' | DISPLAY=None SSH_ASKPASS=~/.ssh_askpass ssh-add - >/dev/null

From faa46f00eb246fe20d2ea83383a91aaecbad54c9 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 12:36:36 -0400
Subject: [PATCH 238/378] add signing

---
 .github/workflows/scan-images.yml | 43 ++++++-------------------------
 1 file changed, 8 insertions(+), 35 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index c959aae085..dd360e20e0 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -49,43 +49,16 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Setup SSH passphrase
-        env:
-          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-          SSH_PRIVATE_KEY: ${{secrets.RSA_KEY}}
-          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
-          # eval ssh-agent -s
-        run: |
-          ssh-agent -a $SSH_AUTH_SOCK > /dev/null
-          echo 'echo $SSH_PASSPHRASE' > echo '#!/bin/sh' > ~/.ssh_askpass && chmod +x ~/.ssh_askpass
-          echo "$SSH_PRIVATE_KEY" | tr -d '\r' | DISPLAY=None SSH_ASKPASS=~/.ssh_askpass ssh-add - >/dev/null
-
-      - name: Create ssl key file
-        working-directory: ./backend
-        shell: bash
-        env:
-          RSA_KEY: ${{ secrets.RSA_KEY }}
-        run: |
-          echo "$RSA_KEY" > private.pem
-          chmod 600 private.pem
-          openssl rsa -in "private.pem" -pubout > "public.pem"
-
-      - name: Add signer
-        working-directory: prime-router
-        shell: bash
-        run: |
-          docker trust signer add --key "public.pem" fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+      - uses: sigstore/cosign-installer@main
+      - name: Write signing key to disk (only needed for `cosign sign --key`)
+        run: echo "${{ secrets.RSA_KEY }}" > cosign.key
 
-      - name: Load the private key onto Docker trust store
-        working-directory: prime-router
+      - name: Sign container image
         run: |
-          docker trust key load --name "codesign" "private.pem"
-          GREEN='\033[0;32m'
-          PURPLE='\033[0;35m'
-          NC='\033[0m' # No Color
-          echo -e "Confirm \"${GREEN}Successfully imported key from private.pem${NC}\"" \
-          "\nIf successful, IGNORE  \"${PURPLE}failed to import key to store: ...${NC}\" (due to unused content within private key)"
-        shell: bash
+          cosign sign --key cosign.key \
+            ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+        env:
+          COSIGN_PASSWORD: ${{ secrets.DCT_ROOT_PASS }}
 
       - name: Push Image
         run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}

From 88b959aadbf0ee7bfcc2d02993921e4bdf2e01f6 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 12:49:56 -0400
Subject: [PATCH 239/378] rollback

---
 .github/workflows/scan-images.yml | 43 +++++++++++++++++++++++++------
 1 file changed, 35 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index dd360e20e0..dd410b9b6e 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -49,16 +49,43 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: sigstore/cosign-installer@main
-      - name: Write signing key to disk (only needed for `cosign sign --key`)
-        run: echo "${{ secrets.RSA_KEY }}" > cosign.key
-
-      - name: Sign container image
+      - name: Setup SSH passphrase
+        env:
+          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+          SSH_PRIVATE_KEY: ${{secrets.RSA_KEY}}
+          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
         run: |
-          cosign sign --key cosign.key \
-            ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+          eval $(ssh-agent)
+          ssh-agent -a $SSH_AUTH_SOCK > /dev/null
+          echo 'echo $SSH_PASSPHRASE' > echo '#!/bin/sh' > ~/.ssh_askpass && chmod +x ~/.ssh_askpass
+          echo "$SSH_PRIVATE_KEY" | tr -d '\r' | DISPLAY=None SSH_ASKPASS=~/.ssh_askpass ssh-add - >/dev/null
+
+      - name: Create ssl key file
+        working-directory: ./backend
+        shell: bash
         env:
-          COSIGN_PASSWORD: ${{ secrets.DCT_ROOT_PASS }}
+          RSA_KEY: ${{ secrets.RSA_KEY }}
+        run: |
+          echo "$RSA_KEY" > private.pem
+          chmod 600 private.pem
+          openssl rsa -in "private.pem" -pubout > "public.pem"
+
+      - name: Add signer
+        working-directory: prime-router
+        shell: bash
+        run: |
+          docker trust signer add --key "public.pem" fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+
+      - name: Load the private key onto Docker trust store
+        working-directory: prime-router
+        run: |
+          docker trust key load --name "codesign" "private.pem"
+          GREEN='\033[0;32m'
+          PURPLE='\033[0;35m'
+          NC='\033[0m' # No Color
+          echo -e "Confirm \"${GREEN}Successfully imported key from private.pem${NC}\"" \
+          "\nIf successful, IGNORE  \"${PURPLE}failed to import key to store: ...${NC}\" (due to unused content within private key)"
+        shell: bash
 
       - name: Push Image
         run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}

From 07851616097b68ea284c73286878535c7b3e725c Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 12:51:36 -0400
Subject: [PATCH 240/378] test

---
 .github/workflows/scan-images.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index dd410b9b6e..1b17600f4b 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -54,9 +54,9 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
           SSH_PRIVATE_KEY: ${{secrets.RSA_KEY}}
           SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+          #          eval $(ssh-agent)
         run: |
-          eval $(ssh-agent)
-          ssh-agent -a $SSH_AUTH_SOCK > /dev/null
+          eval $(ssh-agent -a $SSH_AUTH_SOCK > /dev/null)
           echo 'echo $SSH_PASSPHRASE' > echo '#!/bin/sh' > ~/.ssh_askpass && chmod +x ~/.ssh_askpass
           echo "$SSH_PRIVATE_KEY" | tr -d '\r' | DISPLAY=None SSH_ASKPASS=~/.ssh_askpass ssh-add - >/dev/null
 

From 69bfb11efe9819441fc659116a87a315e94120fd Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 12:59:16 -0400
Subject: [PATCH 241/378] testing

---
 .github/workflows/scan-images.yml | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 1b17600f4b..aa282f1907 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -59,14 +59,7 @@ jobs:
           eval $(ssh-agent -a $SSH_AUTH_SOCK > /dev/null)
           echo 'echo $SSH_PASSPHRASE' > echo '#!/bin/sh' > ~/.ssh_askpass && chmod +x ~/.ssh_askpass
           echo "$SSH_PRIVATE_KEY" | tr -d '\r' | DISPLAY=None SSH_ASKPASS=~/.ssh_askpass ssh-add - >/dev/null
-
-      - name: Create ssl key file
-        working-directory: ./backend
-        shell: bash
-        env:
-          RSA_KEY: ${{ secrets.RSA_KEY }}
-        run: |
-          echo "$RSA_KEY" > private.pem
+          echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
 

From 926766357a9c882747cfe879269678a109666603 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:00:24 -0400
Subject: [PATCH 242/378] add stdin

---
 .github/workflows/scan-images.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index aa282f1907..22daf42ce8 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -54,12 +54,11 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
           SSH_PRIVATE_KEY: ${{secrets.RSA_KEY}}
           SSH_AUTH_SOCK: /tmp/ssh_agent.sock
-          #          eval $(ssh-agent)
         run: |
           eval $(ssh-agent -a $SSH_AUTH_SOCK > /dev/null)
           echo 'echo $SSH_PASSPHRASE' > echo '#!/bin/sh' > ~/.ssh_askpass && chmod +x ~/.ssh_askpass
           echo "$SSH_PRIVATE_KEY" | tr -d '\r' | DISPLAY=None SSH_ASKPASS=~/.ssh_askpass ssh-add - >/dev/null
-          echo "$SSH_PRIVATE_KEY" > private.pem
+          echo "$SSH_PRIVATE_KEY" > private.pem <<< $SSH_PASSPHRASE
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
 

From 21ed7bc812eaaface8ff9817d49b8257045d935a Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:02:58 -0400
Subject: [PATCH 243/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 22daf42ce8..79ab123efe 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -58,7 +58,7 @@ jobs:
           eval $(ssh-agent -a $SSH_AUTH_SOCK > /dev/null)
           echo 'echo $SSH_PASSPHRASE' > echo '#!/bin/sh' > ~/.ssh_askpass && chmod +x ~/.ssh_askpass
           echo "$SSH_PRIVATE_KEY" | tr -d '\r' | DISPLAY=None SSH_ASKPASS=~/.ssh_askpass ssh-add - >/dev/null
-          echo "$SSH_PRIVATE_KEY" > private.pem <<< $SSH_PASSPHRASE
+          echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
 

From 2c84638ec43fa463092942750eada660a2bd4b02 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:04:39 -0400
Subject: [PATCH 244/378] test

---
 .github/workflows/scan-images.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 79ab123efe..4822fb1e26 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -50,6 +50,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup SSH passphrase
+        working-directory: ./backend
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
           SSH_PRIVATE_KEY: ${{secrets.RSA_KEY}}
@@ -63,7 +64,7 @@ jobs:
           openssl rsa -in "private.pem" -pubout > "public.pem"
 
       - name: Add signer
-        working-directory: prime-router
+        working-directory: ./backend
         shell: bash
         run: |
           docker trust signer add --key "public.pem" fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}

From 0459fb47198793a78e20c0144094e20a9bb59e01 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:04:54 -0400
Subject: [PATCH 245/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 4822fb1e26..bd56f7b78f 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -67,7 +67,7 @@ jobs:
         working-directory: ./backend
         shell: bash
         run: |
-          docker trust signer add --key "public.pem" fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Load the private key onto Docker trust store
         working-directory: prime-router

From 8b66328a7324827b4d7f480f7a7e35783ec3d41f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:05:10 -0400
Subject: [PATCH 246/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index bd56f7b78f..4c39812560 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -70,7 +70,7 @@ jobs:
           docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Load the private key onto Docker trust store
-        working-directory: prime-router
+        working-directory: ./backend
         run: |
           docker trust key load --name "codesign" "private.pem"
           GREEN='\033[0;32m'

From 7c20a82be67da8eaab9736d98d88a8cc201a4bf1 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:13:47 -0400
Subject: [PATCH 247/378] testing

---
 .github/workflows/scan-images.yml | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 4c39812560..91bd7edc1d 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -67,18 +67,13 @@ jobs:
         working-directory: ./backend
         shell: bash
         run: |
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< ${{ secrets.DCT_ROOT_PASS }}
 
       - name: Load the private key onto Docker trust store
         working-directory: ./backend
+        shell: bash
         run: |
           docker trust key load --name "codesign" "private.pem"
-          GREEN='\033[0;32m'
-          PURPLE='\033[0;35m'
-          NC='\033[0m' # No Color
-          echo -e "Confirm \"${GREEN}Successfully imported key from private.pem${NC}\"" \
-          "\nIf successful, IGNORE  \"${PURPLE}failed to import key to store: ...${NC}\" (due to unused content within private key)"
-        shell: bash
 
       - name: Push Image
         run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}

From 2c5b7937ff592beffcd52927dadbeabe304387ed Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:15:26 -0400
Subject: [PATCH 248/378] add quotes

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 91bd7edc1d..6a42ea8316 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -67,7 +67,7 @@ jobs:
         working-directory: ./backend
         shell: bash
         run: |
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< ${{ secrets.DCT_ROOT_PASS }}
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< "${{ secrets.DCT_ROOT_PASS }}"
 
       - name: Load the private key onto Docker trust store
         working-directory: ./backend

From 6ffb91b1e32766046e5c617959cc0537aadc5c74 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:18:31 -0400
Subject: [PATCH 249/378] testing

---
 .github/workflows/scan-images.yml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 6a42ea8316..2f9a342419 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,12 +62,13 @@ jobs:
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
-      - name: Add signer
-        working-directory: ./backend
-        shell: bash
-        run: |
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< "${{ secrets.DCT_ROOT_PASS }}"
+      # - name: Add signer
+      #   working-directory: ./backend
+      #   shell: bash
+      #   run: |
+      #     docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< "${{ secrets.DCT_ROOT_PASS }}"
 
       - name: Load the private key onto Docker trust store
         working-directory: ./backend

From dc48cc8f07ee2d685c9054f4ebf5b4a4f7fcc6a4 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:20:23 -0400
Subject: [PATCH 250/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 2f9a342419..40087d5c28 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,7 +62,7 @@ jobs:
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PRIVATE_KEY
 
       # - name: Add signer
       #   working-directory: ./backend

From 140fee41119e760f7cefe8662f8a4ba0f3911565 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:44:31 -0400
Subject: [PATCH 251/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 40087d5c28..7b1d2629fc 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,7 +62,7 @@ jobs:
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PRIVATE_KEY
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PRIVATE_KEY <<< $SSH_PRIVATE_KEY
 
       # - name: Add signer
       #   working-directory: ./backend

From 7c6f353cac735ef2cef0ed27435444fc56182fbf Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:46:27 -0400
Subject: [PATCH 252/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 7b1d2629fc..f661216b4d 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,7 +62,7 @@ jobs:
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PRIVATE_KEY <<< $SSH_PRIVATE_KEY
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PRIVATE_KEY | <<< $SSH_PRIVATE_KEY
 
       # - name: Add signer
       #   working-directory: ./backend

From 18e4cbce666355862014e411ddbfd98ccb6ebd69 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:49:06 -0400
Subject: [PATCH 253/378] testing

---
 .github/workflows/scan-images.yml | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index f661216b4d..d2ce0032be 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,20 +62,23 @@ jobs:
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PRIVATE_KEY | <<< $SSH_PRIVATE_KEY
 
-      # - name: Add signer
-      #   working-directory: ./backend
-      #   shell: bash
-      #   run: |
-      #     docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< "${{ secrets.DCT_ROOT_PASS }}"
+      - name: Add signer
+        working-directory: ./backend
+        shell: bash
+        env:
+          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+        run: |
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PRIVATE_KEY | <<< $SSH_PRIVATE_KEY
 
       - name: Load the private key onto Docker trust store
         working-directory: ./backend
         shell: bash
+        env:
+          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         run: |
-          docker trust key load --name "codesign" "private.pem"
+          docker trust key load --name "fac" "private.pem" <<< $SSH_PRIVATE_KEY
 
-      - name: Push Image
-        run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+      # - name: Push Image
+      #   run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 

From 6a7763cae51be7290567ee022ba39b11eb9aa3bb Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:50:29 -0400
Subject: [PATCH 254/378] testing

---
 .github/workflows/scan-images.yml | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index d2ce0032be..50813f2778 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,15 +62,16 @@ jobs:
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-
-      - name: Add signer
-        working-directory: ./backend
-        shell: bash
-        env:
-          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-        run: |
           docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PRIVATE_KEY | <<< $SSH_PRIVATE_KEY
 
+      # - name: Add signer
+      #   working-directory: ./backend
+      #   shell: bash
+      #   env:
+      #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+      #   run: |
+      #     docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PRIVATE_KEY | <<< $SSH_PRIVATE_KEY
+
       - name: Load the private key onto Docker trust store
         working-directory: ./backend
         shell: bash

From 1f90005a086813eefaef24338a25c1f999b7c1b0 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:52:48 -0400
Subject: [PATCH 255/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 50813f2778..5a96ffdd33 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -76,7 +76,7 @@ jobs:
         working-directory: ./backend
         shell: bash
         env:
-          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+          SSH_PASSPHRASE: ${{secrets.DCT_REPO_PASS }}
         run: |
           docker trust key load --name "fac" "private.pem" <<< $SSH_PRIVATE_KEY
 

From 6e9252035eef1c7a03382c31f9908f4a251124ef Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:56:45 -0400
Subject: [PATCH 256/378] test

---
 .github/workflows/scan-images.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 5a96ffdd33..317f39641b 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -49,7 +49,7 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Setup SSH passphrase
+      - name: Setup SSH passphrase and add DCT Signer
         working-directory: ./backend
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
@@ -76,9 +76,9 @@ jobs:
         working-directory: ./backend
         shell: bash
         env:
-          SSH_PASSPHRASE: ${{secrets.DCT_REPO_PASS }}
+          TRUST_PASS: ${{ secrets.DCT_REPO_PASS }}
         run: |
-          docker trust key load --name "fac" "private.pem" <<< $SSH_PRIVATE_KEY
+          docker trust key load --name fac private.pem <<< $TRUST_PASS
 
       # - name: Push Image
       #   run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}

From df60c09264276dbd301d5cd5094864e9f0208ad2 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:57:57 -0400
Subject: [PATCH 257/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 317f39641b..d67e87b499 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -78,7 +78,7 @@ jobs:
         env:
           TRUST_PASS: ${{ secrets.DCT_REPO_PASS }}
         run: |
-          docker trust key load --name fac private.pem <<< $TRUST_PASS
+          docker trust key load --name fac private.pem <<< $TRUST_PASS | <<< $TRUST_PASS
 
       # - name: Push Image
       #   run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}

From c23fb294fefc464b9b9388c18b7e0295c23dc1d7 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 13:59:33 -0400
Subject: [PATCH 258/378] fix?

---
 .github/workflows/scan-images.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index d67e87b499..df46c30387 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,7 +62,7 @@ jobs:
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PRIVATE_KEY | <<< $SSH_PRIVATE_KEY
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       # - name: Add signer
       #   working-directory: ./backend
@@ -70,15 +70,15 @@ jobs:
       #   env:
       #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
       #   run: |
-      #     docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PRIVATE_KEY | <<< $SSH_PRIVATE_KEY
+      #     docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       - name: Load the private key onto Docker trust store
         working-directory: ./backend
         shell: bash
         env:
-          TRUST_PASS: ${{ secrets.DCT_REPO_PASS }}
+          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         run: |
-          docker trust key load --name fac private.pem <<< $TRUST_PASS | <<< $TRUST_PASS
+          docker trust key load --name fac private.pem <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       # - name: Push Image
       #   run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}

From eb7ae71c987e821710540ad8d30f4114e9dee1d7 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:02:21 -0400
Subject: [PATCH 259/378] fix?

---
 .github/workflows/scan-images.yml | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index df46c30387..6ae227cd17 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,7 +62,11 @@ jobs:
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+
+      - name: Sign Image
+        working-directory: ./backend
+        run: docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       # - name: Add signer
       #   working-directory: ./backend
@@ -72,13 +76,13 @@ jobs:
       #   run: |
       #     docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
-      - name: Load the private key onto Docker trust store
-        working-directory: ./backend
-        shell: bash
-        env:
-          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-        run: |
-          docker trust key load --name fac private.pem <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+      # - name: Load the private key onto Docker trust store
+      #   working-directory: ./backend
+      #   shell: bash
+      #   env:
+      #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+      #   run: |
+      #     docker trust key load --name fac private.pem <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       # - name: Push Image
       #   run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}

From 7896ee716c21b8cb0053fd7c1cdc8c4e73a091be Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:03:31 -0400
Subject: [PATCH 260/378] pass

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 6ae227cd17..7ceaaa3261 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -66,7 +66,7 @@ jobs:
 
       - name: Sign Image
         working-directory: ./backend
-        run: docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+        run: docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       # - name: Add signer
       #   working-directory: ./backend

From 8645aff8d0704c93417bd515dbae38df7c073be7 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:08:08 -0400
Subject: [PATCH 261/378] testing DCT

---
 .github/workflows/scan-images.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 7ceaaa3261..093dac61e8 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -84,6 +84,8 @@ jobs:
       #   run: |
       #     docker trust key load --name fac private.pem <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
-      # - name: Push Image
-      #   run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+      - name: Push Image
+        run: |
+          export DOCKER_CONTENT_TRUST=1
+          docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 

From 30f196531696d1efaef33125fa7edd70f761b1d1 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:18:14 -0400
Subject: [PATCH 262/378] test trust

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 093dac61e8..333c3a8b92 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -87,5 +87,5 @@ jobs:
       - name: Push Image
         run: |
           export DOCKER_CONTENT_TRUST=1
-          docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 

From 5bdf4932b5347be210e36c9637df6da6ee58c15b Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:21:48 -0400
Subject: [PATCH 263/378] test

---
 .github/workflows/scan-images.yml | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 333c3a8b92..1887c0e715 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -36,12 +36,6 @@ jobs:
       - name: Scan Image
         run: docker run aquasec/trivy:latest  image --timeout 5m --scanners vuln --exit-code 1 --severity CRITICAL,HIGH  ${{ matrix.image.name }}
 
-      - name: Tag Image
-        run: |
-          date=$(date +%Y%m%d)
-          docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
-          docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:$date
-
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v2
         with:
@@ -62,11 +56,11 @@ jobs:
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       - name: Sign Image
         working-directory: ./backend
-        run: docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+        run: docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       # - name: Add signer
       #   working-directory: ./backend
@@ -84,8 +78,12 @@ jobs:
       #   run: |
       #     docker trust key load --name fac private.pem <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
+      - name: Tag Image
+        run: |
+          docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+
       - name: Push Image
         run: |
           export DOCKER_CONTENT_TRUST=1
-          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+          docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} --disable-content-trust=false
 

From f71822edc1ad9e20d336c6caed58ff0790975078 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:23:36 -0400
Subject: [PATCH 264/378] trust sign

---
 .github/workflows/scan-images.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 1887c0e715..ed02f87e90 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -58,9 +58,13 @@ jobs:
           openssl rsa -in "private.pem" -pubout > "public.pem"
           docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
+      - name: Tag Image
+        run: |
+          docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+
       - name: Sign Image
         working-directory: ./backend
-        run: docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+        run: docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       # - name: Add signer
       #   working-directory: ./backend
@@ -78,10 +82,6 @@ jobs:
       #   run: |
       #     docker trust key load --name fac private.pem <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
-      - name: Tag Image
-        run: |
-          docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
-
       - name: Push Image
         run: |
           export DOCKER_CONTENT_TRUST=1

From f585b2c53c6af45282e66f0d782c3cbc645aecff Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:25:53 -0400
Subject: [PATCH 265/378] test

---
 .github/workflows/scan-images.yml | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index ed02f87e90..a799733f03 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -74,16 +74,15 @@ jobs:
       #   run: |
       #     docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
-      # - name: Load the private key onto Docker trust store
-      #   working-directory: ./backend
-      #   shell: bash
-      #   env:
-      #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-      #   run: |
-      #     docker trust key load --name fac private.pem <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+      - name: Load the private key onto Docker trust store
+        working-directory: ./backend
+        shell: bash
+        env:
+          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+        run: |
+          docker trust key load --name fac private.pem <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       - name: Push Image
         run: |
-          export DOCKER_CONTENT_TRUST=1
           docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} --disable-content-trust=false
 

From a2dd7830d66fcfb9929c2a0a96ee31f1c70e5366 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:27:07 -0400
Subject: [PATCH 266/378] test

---
 .github/workflows/scan-images.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index a799733f03..83eb762277 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -74,15 +74,15 @@ jobs:
       #   run: |
       #     docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
-      - name: Load the private key onto Docker trust store
-        working-directory: ./backend
-        shell: bash
-        env:
-          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-        run: |
-          docker trust key load --name fac private.pem <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+      # - name: Load the private key onto Docker trust store
+      #   working-directory: ./backend
+      #   shell: bash
+      #   env:
+      #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+      #   run: |
+      #     docker trust key load --name fac private.pem <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       - name: Push Image
         run: |
-          docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} --disable-content-trust=false
+          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false
 

From 1c2476170c0de9f71da628a2674549db20589d86 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:27:25 -0400
Subject: [PATCH 267/378] test

---
 .github/workflows/scan-images.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 83eb762277..1ad17e57ab 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -84,5 +84,6 @@ jobs:
 
       - name: Push Image
         run: |
+          export DOCKER_CONTENT_TRUST=1
           docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false
 

From 079411741200eac063fdf0cdcee8c5ba4a0b12c8 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:29:17 -0400
Subject: [PATCH 268/378] test

---
 .github/workflows/scan-images.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 1ad17e57ab..0bf45bac46 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -64,6 +64,8 @@ jobs:
 
       - name: Sign Image
         working-directory: ./backend
+        env:
+          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         run: docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       # - name: Add signer
@@ -83,7 +85,10 @@ jobs:
       #     docker trust key load --name fac private.pem <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       - name: Push Image
+        working-directory: ./backend
+        env:
+          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         run: |
           export DOCKER_CONTENT_TRUST=1
-          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false
+          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 

From 432b568d5464bd3d26473bdad49d6dc6d32123c2 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:31:07 -0400
Subject: [PATCH 269/378] test

---
 .github/workflows/scan-images.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 0bf45bac46..66541a7f0d 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -89,6 +89,5 @@ jobs:
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         run: |
-          export DOCKER_CONTENT_TRUST=1
           docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 

From cd2d57c397bb2f65302257bdaf97a7e77ca9d650 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:33:08 -0400
Subject: [PATCH 270/378] test

---
 .github/workflows/scan-images.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 66541a7f0d..8e0eb97abc 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -85,9 +85,8 @@ jobs:
       #     docker trust key load --name fac private.pem <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       - name: Push Image
-        working-directory: ./backend
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         run: |
-          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 

From 801b5769491e54afaab145fb32df58e7617da481 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:34:22 -0400
Subject: [PATCH 271/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 8e0eb97abc..a28ca3485f 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -66,7 +66,7 @@ jobs:
         working-directory: ./backend
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-        run: docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+        run: docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       # - name: Add signer
       #   working-directory: ./backend

From 184e9fee5286c899e78b00f7102231e5fd2b6299 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:35:33 -0400
Subject: [PATCH 272/378] test

---
 .github/workflows/scan-images.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index a28ca3485f..9a1c790640 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -66,7 +66,7 @@ jobs:
         working-directory: ./backend
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-        run: docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+        run: docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       # - name: Add signer
       #   working-directory: ./backend
@@ -88,5 +88,5 @@ jobs:
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         run: |
-          docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} --disable-content-trust=false <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 

From 8ddf688a4d15f6de9cec1e536f3727e90f3f5b4a Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:37:19 -0400
Subject: [PATCH 273/378] test

---
 .github/workflows/scan-images.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 9a1c790640..2820cdc26c 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -88,5 +88,6 @@ jobs:
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         run: |
-          docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} --disable-content-trust=false <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          export DOCKER_CONTENT_TRUST=1
+          docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 

From 95a88429223beb102f803d73e63ba52e63069757 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:38:57 -0400
Subject: [PATCH 274/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 2820cdc26c..9063b0f9a7 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -89,5 +89,5 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         run: |
           export DOCKER_CONTENT_TRUST=1
-          docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 

From 7c036efc594ccfa15b3c22a7da320243758bf28d Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:39:26 -0400
Subject: [PATCH 275/378] test

---
 .github/workflows/scan-images.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 9063b0f9a7..85b3a0500b 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -56,11 +56,11 @@ jobs:
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
-      - name: Tag Image
-        run: |
-          docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+      # - name: Tag Image
+      #   run: |
+      #     docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       - name: Sign Image
         working-directory: ./backend

From fccf6496edeed6bc02c46bb9ce1b7a8646f3926a Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:40:54 -0400
Subject: [PATCH 276/378] test

---
 .github/workflows/scan-images.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 85b3a0500b..57ce2ddaed 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -43,6 +43,10 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Tag Image
+        run: |
+          docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+
       - name: Setup SSH passphrase and add DCT Signer
         working-directory: ./backend
         env:
@@ -58,10 +62,6 @@ jobs:
           openssl rsa -in "private.pem" -pubout > "public.pem"
           docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
-      # - name: Tag Image
-      #   run: |
-      #     docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
-
       - name: Sign Image
         working-directory: ./backend
         env:

From 107a15c4f67615fd9d666022cca7dc64be5b70c4 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:42:20 -0400
Subject: [PATCH 277/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 57ce2ddaed..92e76caadd 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -89,5 +89,5 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         run: |
           export DOCKER_CONTENT_TRUST=1
-          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false
 

From 0a45d5fdd0ad839ce96891694f34f50029b4232f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:43:49 -0400
Subject: [PATCH 278/378] send pass

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 92e76caadd..a975a6091d 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -89,5 +89,5 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         run: |
           export DOCKER_CONTENT_TRUST=1
-          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false
+          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false | <<< $SSH_PASSPHRASE
 

From 0b09963605d4a721035bab648cb0ff35d51c8a1f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:44:53 -0400
Subject: [PATCH 279/378] testing?

---
 .github/workflows/scan-images.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index a975a6091d..51ce2f7155 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -88,6 +88,5 @@ jobs:
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         run: |
-          export DOCKER_CONTENT_TRUST=1
           docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false | <<< $SSH_PASSPHRASE
 

From e72be88fe85e55d8ad5ab890b9904d01c5286f41 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:52:09 -0400
Subject: [PATCH 280/378] modify commands

---
 .github/workflows/scan-images.yml | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 51ce2f7155..d281304576 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -60,13 +60,15 @@ jobs:
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          docker trust signer add --key "public.pem" "${{ env.GH_REPO }}" "${{ env.GH_REPO }}/${{ matrix.image.short-name }}" <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          docker trust key load --name "codesign" "private.pem"
 
-      - name: Sign Image
-        working-directory: ./backend
-        env:
-          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-        run: docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+      # - name: Sign Image
+      #   working-directory: ./backend
+      #   env:
+      #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+      #   run: docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       # - name: Add signer
       #   working-directory: ./backend

From 66ae866ded0da5933708b4da9d253466455da952 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:53:45 -0400
Subject: [PATCH 281/378] test

---
 .github/workflows/scan-images.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index d281304576..586031a2cd 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -60,9 +60,9 @@ jobs:
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-          docker trust signer add --key "public.pem" "${{ env.GH_REPO }}" "${{ env.GH_REPO }}/${{ matrix.image.short-name }}" <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          docker trust signer add --key "public.pem" "fac-team" "${{ env.GH_REPO }}/${{ matrix.image.short-name }}" <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
           docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
-          docker trust key load --name "codesign" "private.pem"
+          docker trust key load --name "fac-team" "private.pem"
 
       # - name: Sign Image
       #   working-directory: ./backend

From ddeb3250ce2242bcf133a09d1450bec8eadd3e44 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:54:47 -0400
Subject: [PATCH 282/378] add pass

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 586031a2cd..08728af0ed 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,7 +62,7 @@ jobs:
           openssl rsa -in "private.pem" -pubout > "public.pem"
           docker trust signer add --key "public.pem" "fac-team" "${{ env.GH_REPO }}/${{ matrix.image.short-name }}" <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
           docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
-          docker trust key load --name "fac-team" "private.pem"
+          docker trust key load --name "fac-team" "private.pem" <<< $SSH_PASSPHRASE
 
       # - name: Sign Image
       #   working-directory: ./backend

From 12e2dd63939efa9a3c5ecc088a8852b308137457 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:55:54 -0400
Subject: [PATCH 283/378] fixes

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 08728af0ed..14d5fecf4f 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,7 +62,7 @@ jobs:
           openssl rsa -in "private.pem" -pubout > "public.pem"
           docker trust signer add --key "public.pem" "fac-team" "${{ env.GH_REPO }}/${{ matrix.image.short-name }}" <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
           docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
-          docker trust key load --name "fac-team" "private.pem" <<< $SSH_PASSPHRASE
+          docker trust key load --name "fac-team" "private.pem" <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       # - name: Sign Image
       #   working-directory: ./backend

From cce8b08aafd527634dd3ce22e1af8e3f50e5ee75 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:57:46 -0400
Subject: [PATCH 284/378] test?

---
 .github/workflows/scan-images.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 14d5fecf4f..6bd2dc8507 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -90,5 +90,6 @@ jobs:
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         run: |
+          echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
           docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false | <<< $SSH_PASSPHRASE
 

From 5ded3ddaf19b69cdd21f3a088ebfd5f96bec69c0 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 14:59:35 -0400
Subject: [PATCH 285/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 6bd2dc8507..f14ac496de 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -91,5 +91,5 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         run: |
           echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
-          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false | <<< $SSH_PASSPHRASE
+          docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE
 

From 8ea5e6b3288b84afadcba0818a088fcb3300cc86 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:00:01 -0400
Subject: [PATCH 286/378] move commands

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index f14ac496de..7806bdcb09 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -60,9 +60,9 @@ jobs:
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
+          docker trust key load --name "fac-team" "private.pem" <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
           docker trust signer add --key "public.pem" "fac-team" "${{ env.GH_REPO }}/${{ matrix.image.short-name }}" <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
           docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
-          docker trust key load --name "fac-team" "private.pem" <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       # - name: Sign Image
       #   working-directory: ./backend

From 1a60501ac4033a4c7ede6afc5f14971cb9610c1d Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:06:14 -0400
Subject: [PATCH 287/378] test

---
 .github/workflows/scan-images.yml | 27 +++++++++++++++++++++------
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 7806bdcb09..df4dea588c 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -52,17 +52,32 @@ jobs:
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
           SSH_PRIVATE_KEY: ${{secrets.RSA_KEY}}
-          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
         run: |
-          eval $(ssh-agent -a $SSH_AUTH_SOCK > /dev/null)
-          echo 'echo $SSH_PASSPHRASE' > echo '#!/bin/sh' > ~/.ssh_askpass && chmod +x ~/.ssh_askpass
-          echo "$SSH_PRIVATE_KEY" | tr -d '\r' | DISPLAY=None SSH_ASKPASS=~/.ssh_askpass ssh-add - >/dev/null
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-          docker trust key load --name "fac-team" "private.pem" <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          # docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+
+      - name: Add signer
+        working-directory: ./backend
+        env:
+          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+        shell: bash
+        run: |
           docker trust signer add --key "public.pem" "fac-team" "${{ env.GH_REPO }}/${{ matrix.image.short-name }}" <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
-          docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+
+      - name: Load the private key onto Docker trust store
+        env:
+          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+        working-directory: ./backend
+        run: |
+          docker trust key load --name "codesign" "private.pem" <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          GREEN='\033[0;32m'
+          PURPLE='\033[0;35m'
+          NC='\033[0m' # No Color
+          echo -e "Confirm \"${GREEN}Successfully imported key from private.pem${NC}\"" \
+          "\nIf successful, IGNORE  \"${PURPLE}failed to import key to store: ...${NC}\" (due to unused content within private key)"
+        shell: bash
 
       # - name: Sign Image
       #   working-directory: ./backend

From 723ba57c766b935dc63809476d45e8da3baa9c73 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:07:51 -0400
Subject: [PATCH 288/378] test

---
 .github/workflows/scan-images.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index df4dea588c..583428999d 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -64,14 +64,14 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         shell: bash
         run: |
-          docker trust signer add --key "public.pem" "fac-team" "${{ env.GH_REPO }}/${{ matrix.image.short-name }}" <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          docker trust signer add --key "public.pem" "fac-team" "${{ env.GH_REPO }}/${{ matrix.image.short-name }}"
 
       - name: Load the private key onto Docker trust store
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         working-directory: ./backend
         run: |
-          docker trust key load --name "codesign" "private.pem" <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          docker trust key load --name "codesign" "private.pem"
           GREEN='\033[0;32m'
           PURPLE='\033[0;35m'
           NC='\033[0m' # No Color

From f2b9af9ef4e67b32f7c462f708dd20772b353e24 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:10:44 -0400
Subject: [PATCH 289/378] test

---
 .github/workflows/scan-images.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 583428999d..d23d65b70b 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -64,14 +64,14 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         shell: bash
         run: |
-          docker trust signer add --key "public.pem" "fac-team" "${{ env.GH_REPO }}/${{ matrix.image.short-name }}"
+          docker trust signer add --key "public.pem" "asteel-gsa" "${{ env.GH_REPO }}/${{ matrix.image.short-name }}"
 
       - name: Load the private key onto Docker trust store
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         working-directory: ./backend
         run: |
-          docker trust key load --name "codesign" "private.pem"
+          docker trust key load --name "asteel" "private.pem"
           GREEN='\033[0;32m'
           PURPLE='\033[0;35m'
           NC='\033[0m' # No Color

From 20125a3ced2e5066557ae2e5f09a3fee9047d218 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:19:22 -0400
Subject: [PATCH 290/378] test

---
 .github/workflows/scan-images.yml | 18 ++----------------
 1 file changed, 2 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index d23d65b70b..9c7ee93a82 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -56,28 +56,14 @@ jobs:
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-          # docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
-
-      - name: Add signer
-        working-directory: ./backend
-        env:
-          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-        shell: bash
-        run: |
-          docker trust signer add --key "public.pem" "asteel-gsa" "${{ env.GH_REPO }}/${{ matrix.image.short-name }}"
 
       - name: Load the private key onto Docker trust store
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         working-directory: ./backend
-        run: |
-          docker trust key load --name "asteel" "private.pem"
-          GREEN='\033[0;32m'
-          PURPLE='\033[0;35m'
-          NC='\033[0m' # No Color
-          echo -e "Confirm \"${GREEN}Successfully imported key from private.pem${NC}\"" \
-          "\nIf successful, IGNORE  \"${PURPLE}failed to import key to store: ...${NC}\" (due to unused content within private key)"
         shell: bash
+        run: |
+          docker trust key load private.pem --name fac
 
       # - name: Sign Image
       #   working-directory: ./backend

From d8e6d47e0919f5b5045eeb2b90b3a716da139769 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:20:38 -0400
Subject: [PATCH 291/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 9c7ee93a82..6d20b61c4b 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -63,7 +63,7 @@ jobs:
         working-directory: ./backend
         shell: bash
         run: |
-          docker trust key load private.pem --name fac
+          docker trust key load private.pem --name fac <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       # - name: Sign Image
       #   working-directory: ./backend

From ab31369722f234f60cef1d81a7add042b053e1eb Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:21:46 -0400
Subject: [PATCH 292/378] test

---
 .github/workflows/scan-images.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 6d20b61c4b..2bd28d9ff0 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -47,7 +47,7 @@ jobs:
         run: |
           docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
-      - name: Setup SSH passphrase and add DCT Signer
+      - name: Setup Keys for DCT
         working-directory: ./backend
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
@@ -63,7 +63,7 @@ jobs:
         working-directory: ./backend
         shell: bash
         run: |
-          docker trust key load private.pem --name fac <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          docker trust key load private.pem --name fac <<< $SSH_PASSPHRASE
 
       # - name: Sign Image
       #   working-directory: ./backend

From cbb04ff1fb8ba0757a153c920dc5bf2b41c7b897 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:23:04 -0400
Subject: [PATCH 293/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 2bd28d9ff0..3726417716 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -63,7 +63,7 @@ jobs:
         working-directory: ./backend
         shell: bash
         run: |
-          docker trust key load private.pem --name fac <<< $SSH_PASSPHRASE
+          docker trust key load private.pem --name fac | $SSH_PASSPHRASE | $SSH_PASSPHRASE
 
       # - name: Sign Image
       #   working-directory: ./backend

From bae8f9651dd4d7444b6de0e34a8c7c3a46e1c277 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:24:56 -0400
Subject: [PATCH 294/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 3726417716..12082864fa 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -63,7 +63,7 @@ jobs:
         working-directory: ./backend
         shell: bash
         run: |
-          docker trust key load private.pem --name fac | $SSH_PASSPHRASE | $SSH_PASSPHRASE
+          docker trust key load private.pem --name fac | <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
 
       # - name: Sign Image
       #   working-directory: ./backend

From a78b8d0ecc4241883da08ce2ffbcd338202ecddf Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:25:52 -0400
Subject: [PATCH 295/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 12082864fa..24020fd79a 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -63,7 +63,7 @@ jobs:
         working-directory: ./backend
         shell: bash
         run: |
-          docker trust key load private.pem --name fac | <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+          docker trust key load private.pem --name fac <<< $SSH_PASSPHRASE <<< $SSH_PASSPHRASE
 
       # - name: Sign Image
       #   working-directory: ./backend

From 61160952f1c3343b9dbbffe5f1eceb8ef5bd722e Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:27:20 -0400
Subject: [PATCH 296/378] test

---
 .github/workflows/scan-images.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 24020fd79a..ac58138b74 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,8 +62,7 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         working-directory: ./backend
         shell: bash
-        run: |
-          docker trust key load private.pem --name fac <<< $SSH_PASSPHRASE <<< $SSH_PASSPHRASE
+        run: docker trust key load private.pem --name "fac" <<< "$SSH_PASSPHRASE" | <<< "$SSH_PASSPHRASE"
 
       # - name: Sign Image
       #   working-directory: ./backend

From f160f9a562af8b9a6c614b3c6d377d4de3b949c5 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:29:10 -0400
Subject: [PATCH 297/378] test

---
 .github/workflows/scan-images.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index ac58138b74..b69af42508 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,7 +62,8 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         working-directory: ./backend
         shell: bash
-        run: docker trust key load private.pem --name "fac" <<< "$SSH_PASSPHRASE" | <<< "$SSH_PASSPHRASE"
+        run: |
+          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust key load private.pem --name "fac"
 
       # - name: Sign Image
       #   working-directory: ./backend

From e243e30658a8d40be40cf43a13c84ec19d919cb9 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:32:38 -0400
Subject: [PATCH 298/378] test signer

---
 .github/workflows/scan-images.yml | 25 +++++++++----------------
 1 file changed, 9 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index b69af42508..79471dd513 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -65,27 +65,20 @@ jobs:
         run: |
           { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust key load private.pem --name "fac"
 
-      # - name: Sign Image
-      #   working-directory: ./backend
-      #   env:
-      #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-      #   run: docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
-
-      # - name: Add signer
-      #   working-directory: ./backend
-      #   shell: bash
-      #   env:
-      #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-      #   run: |
-      #     docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+      - name: Add signer
+        working-directory: ./backend
+        shell: bash
+        env:
+          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+        run: |
+          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
-      # - name: Load the private key onto Docker trust store
+      # - name: Sign Image
       #   working-directory: ./backend
-      #   shell: bash
       #   env:
       #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
       #   run: |
-      #     docker trust key load --name fac private.pem <<< $SSH_PASSPHRASE | <<< $SSH_PASSPHRASE
+      #     { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust signer  ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       - name: Push Image
         env:

From b6f4e6c31bc1391a34f1a5632fd2df004a4cc1a7 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:35:27 -0400
Subject: [PATCH 299/378] test

---
 .github/workflows/scan-images.yml | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 79471dd513..f0fd497b48 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -70,8 +70,9 @@ jobs:
         shell: bash
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+          IMAGE_PASSPHRASE: ${{ secrets.DCT_REPO_PASS }}
         run: |
-          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE; echo $IMAGE_PASSPHRASE; echo $IMAGE_PASSPHRASE; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       # - name: Sign Image
       #   working-directory: ./backend
@@ -80,10 +81,10 @@ jobs:
       #   run: |
       #     { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust signer  ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
-      - name: Push Image
-        env:
-          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-        run: |
-          echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
-          docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE
+      # - name: Push Image
+      #   env:
+      #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+      #   run: |
+      #     echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
+      #     docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE
 

From e8447e58afff19fbe6e8eb716ff30344a3ca6e76 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:37:07 -0400
Subject: [PATCH 300/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index f0fd497b48..e86f9633fd 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -72,7 +72,7 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
           IMAGE_PASSPHRASE: ${{ secrets.DCT_REPO_PASS }}
         run: |
-          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE; echo $IMAGE_PASSPHRASE; echo $IMAGE_PASSPHRASE; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $SSH_PASSPHRASE ; echo $SSH_PASSPHRASE ; echo $IMAGE_PASSPHRASE ; echo $IMAGE_PASSPHRASE ; } | docker trust signer add --key private.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       # - name: Sign Image
       #   working-directory: ./backend

From acc29c588b75fa238a1b2fa916164fcfb683f05d Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:38:46 -0400
Subject: [PATCH 301/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index e86f9633fd..0f9935ede3 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -72,7 +72,7 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
           IMAGE_PASSPHRASE: ${{ secrets.DCT_REPO_PASS }}
         run: |
-          { echo $SSH_PASSPHRASE ; echo $SSH_PASSPHRASE ; echo $IMAGE_PASSPHRASE ; echo $IMAGE_PASSPHRASE ; } | docker trust signer add --key private.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $SSH_PASSPHRASE ; echo $SSH_PASSPHRASE ; echo $IMAGE_PASSPHRASE ; echo $IMAGE_PASSPHRASE ; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       # - name: Sign Image
       #   working-directory: ./backend

From f8e9ef831ab29d259d87679a4aad613da714c42e Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:41:56 -0400
Subject: [PATCH 302/378] try heredoc

---
 .github/workflows/scan-images.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 0f9935ede3..73e11c1b0d 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -72,7 +72,12 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
           IMAGE_PASSPHRASE: ${{ secrets.DCT_REPO_PASS }}
         run: |
-          { echo $SSH_PASSPHRASE ; echo $SSH_PASSPHRASE ; echo $IMAGE_PASSPHRASE ; echo $IMAGE_PASSPHRASE ; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<EOF
+          $SSH_PASSPHRASE
+          $SSH_PASSPHRASE
+          $IMAGE_PASSPHRASE
+          $IMAGE_PASSPHRASE
+          EOF
 
       # - name: Sign Image
       #   working-directory: ./backend

From e8f3c0c01ec13cc2a470fb40c7b8fabe5d76d731 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:43:25 -0400
Subject: [PATCH 303/378] test

---
 .github/workflows/scan-images.yml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 73e11c1b0d..ecab0bd72d 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -72,12 +72,7 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
           IMAGE_PASSPHRASE: ${{ secrets.DCT_REPO_PASS }}
         run: |
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<EOF
-          $SSH_PASSPHRASE
-          $SSH_PASSPHRASE
-          $IMAGE_PASSPHRASE
-          $IMAGE_PASSPHRASE
-          EOF
+          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE; echo $IMAGE_PASSPHRASE; echo $IMAGE_PASSPHRASE ; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       # - name: Sign Image
       #   working-directory: ./backend

From b859e76485e809ba1149573776ec2efd62a49de1 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:45:46 -0400
Subject: [PATCH 304/378] test

---
 .github/workflows/scan-images.yml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index ecab0bd72d..f194e987c4 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -57,23 +57,23 @@ jobs:
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
 
-      - name: Load the private key onto Docker trust store
-        env:
-          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-        working-directory: ./backend
-        shell: bash
-        run: |
-          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust key load private.pem --name "fac"
-
       - name: Add signer
         working-directory: ./backend
         shell: bash
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-          IMAGE_PASSPHRASE: ${{ secrets.DCT_REPO_PASS }}
+          REPO_PASSPHRASE: ${{ secrets.DCT_REPO_PASS }}
         run: |
           { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE; echo $IMAGE_PASSPHRASE; echo $IMAGE_PASSPHRASE ; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
+      - name: Load the private key onto Docker trust store
+        env:
+          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+        working-directory: ./backend
+        shell: bash
+        run: |
+          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust key load private.pem --name fac
+
       # - name: Sign Image
       #   working-directory: ./backend
       #   env:

From 66000a49f6f25d8bcd30228905e0b7629d64c710 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:46:01 -0400
Subject: [PATCH 305/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index f194e987c4..863f946865 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -64,7 +64,7 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASSPHRASE: ${{ secrets.DCT_REPO_PASS }}
         run: |
-          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE; echo $IMAGE_PASSPHRASE; echo $IMAGE_PASSPHRASE ; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE; echo $REPO_PASSPHRASE; echo $REPO_PASSPHRASE ; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Load the private key onto Docker trust store
         env:

From d75fb44914a08e6ae36d35b829716dbbbeae5f34 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:48:20 -0400
Subject: [PATCH 306/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 863f946865..20c0e93a79 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -64,7 +64,7 @@ jobs:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASSPHRASE: ${{ secrets.DCT_REPO_PASS }}
         run: |
-          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE; echo $REPO_PASSPHRASE; echo $REPO_PASSPHRASE ; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Load the private key onto Docker trust store
         env:

From 1f7733c2b658cc16e001edd95b04b9b1fdfbb36f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:53:27 -0400
Subject: [PATCH 307/378] test

---
 .github/workflows/scan-images.yml | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 20c0e93a79..ac733be25e 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -57,15 +57,6 @@ jobs:
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
 
-      - name: Add signer
-        working-directory: ./backend
-        shell: bash
-        env:
-          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-          REPO_PASSPHRASE: ${{ secrets.DCT_REPO_PASS }}
-        run: |
-          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
-
       - name: Load the private key onto Docker trust store
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
@@ -74,12 +65,12 @@ jobs:
         run: |
           { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust key load private.pem --name fac
 
-      # - name: Sign Image
-      #   working-directory: ./backend
-      #   env:
-      #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-      #   run: |
-      #     { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust signer  ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+      - name: Sign Image
+        working-directory: ./backend
+        env:
+          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+        run: |
+          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       # - name: Push Image
       #   env:

From 2a2a1279dc511b48f5e4c470abfa15b492e24701 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 15:54:35 -0400
Subject: [PATCH 308/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index ac733be25e..fed3f4815a 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -70,7 +70,7 @@ jobs:
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
         run: |
-          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       # - name: Push Image
       #   env:

From e3d0fe74aedfe846c1c0564314014d6ef3b1b863 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 16:00:11 -0400
Subject: [PATCH 309/378] test

---
 .github/workflows/scan-images.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index fed3f4815a..24caa9e5c1 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -57,6 +57,13 @@ jobs:
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
 
+      - name: Sign Image
+        working-directory: ./backend
+        env:
+          REPO_PASS: ${{ secrets.DCT_REPO_PASS }}
+        run: |
+          { echo $REPO_PASS; echo $REPO_PASS; } | docker trust signer add --key "public.pem" ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+
       - name: Load the private key onto Docker trust store
         env:
           SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
@@ -65,13 +72,6 @@ jobs:
         run: |
           { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust key load private.pem --name fac
 
-      - name: Sign Image
-        working-directory: ./backend
-        env:
-          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-        run: |
-          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
-
       # - name: Push Image
       #   env:
       #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}

From b33d3f78a3b85f5958afd40c78b39e900a31c3a5 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 16:03:42 -0400
Subject: [PATCH 310/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 24caa9e5c1..10668d8862 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,7 +62,7 @@ jobs:
         env:
           REPO_PASS: ${{ secrets.DCT_REPO_PASS }}
         run: |
-          { echo $REPO_PASS; echo $REPO_PASS; } | docker trust signer add --key "public.pem" ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $REPO_PASS; echo $REPO_PASS; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Load the private key onto Docker trust store
         env:

From 87fb290fd3007c01000a31393ac56a6a80467933 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 16:05:32 -0400
Subject: [PATCH 311/378] test

---
 .github/workflows/scan-images.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 10668d8862..5a0dcee41b 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -60,17 +60,18 @@ jobs:
       - name: Sign Image
         working-directory: ./backend
         env:
+          ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ secrets.DCT_REPO_PASS }}
         run: |
-          { echo $REPO_PASS; echo $REPO_PASS; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Load the private key onto Docker trust store
         env:
-          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
+          ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
         working-directory: ./backend
         shell: bash
         run: |
-          { echo $SSH_PASSPHRASE; echo $SSH_PASSPHRASE ; } | docker trust key load private.pem --name fac
+          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker trust key load private.pem --name fac
 
       # - name: Push Image
       #   env:

From 6a4068d8d139ddfa81eb4786af29851fa10425d7 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 16:12:17 -0400
Subject: [PATCH 312/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 5a0dcee41b..6a1c3368c7 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -63,7 +63,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ secrets.DCT_REPO_PASS }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $ROOT_PASS; echo $ROOT_PASS; } | echo $REPO_PASS; echo $REPO_PASS; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Load the private key onto Docker trust store
         env:

From 42ad1a2636ee64647c875da67f01c0d983fd740b Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Fri, 7 Jul 2023 16:13:52 -0400
Subject: [PATCH 313/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 6a1c3368c7..a550a015ff 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -63,7 +63,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ secrets.DCT_REPO_PASS }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; } | echo $REPO_PASS; echo $REPO_PASS; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $ROOT_PASS; echo $ROOT_PASS; } | { echo $REPO_PASS; echo $REPO_PASS; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Load the private key onto Docker trust store
         env:

From 7d5128f0985d6b90e99565a1ca0bef782e05547b Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 08:28:53 -0400
Subject: [PATCH 314/378] use gh token

---
 .github/workflows/scan-images.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index a550a015ff..3db5f5f4c0 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -5,6 +5,9 @@ on:
   schedule:
     - cron: '0 8 * * 0'
 
+env:
+  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
 jobs:
   pull-and-scan:
     runs-on: ubuntu-latest
@@ -41,7 +44,7 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          password: ${{ env.GH_TOKEN }}
 
       - name: Tag Image
         run: |
@@ -61,9 +64,9 @@ jobs:
         working-directory: ./backend
         env:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
-          REPO_PASS: ${{ secrets.DCT_REPO_PASS }}
+          REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; } | { echo $REPO_PASS; echo $REPO_PASS; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS ; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Load the private key onto Docker trust store
         env:

From 97e42708c00e3cf33e8e7e7e82ba68db29b96f57 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 08:39:44 -0400
Subject: [PATCH 315/378] testing

---
 .github/workflows/scan-images.yml | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 3db5f5f4c0..fb63ce7ebb 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -53,20 +53,14 @@ jobs:
       - name: Setup Keys for DCT
         working-directory: ./backend
         env:
-          SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
           SSH_PRIVATE_KEY: ${{secrets.RSA_KEY}}
+          SIGNER_KEY: ${{ secrets.SIGNER_KEY }}
         run: |
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-
-      - name: Sign Image
-        working-directory: ./backend
-        env:
-          ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
-          REPO_PASS: ${{ env.GH_TOKEN }}
-        run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS ; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          echo "$SIGNER_KEY" > signer.pem
+          chmod 600 signer.pem
 
       - name: Load the private key onto Docker trust store
         env:
@@ -76,6 +70,14 @@ jobs:
         run: |
           { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker trust key load private.pem --name fac
 
+      - name: Sign Image
+        working-directory: ./backend
+        env:
+          ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
+          REPO_PASS: ${{ env.REPO_PASS }}
+        run: |
+          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS ; } | docker trust signer add --key "signer.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+
       # - name: Push Image
       #   env:
       #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}

From eaf4c6cbe7f6697cd982f8d7c796f6069d9c3a29 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 08:42:21 -0400
Subject: [PATCH 316/378] test

---
 .github/workflows/scan-images.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index fb63ce7ebb..16c1899c0a 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -54,13 +54,13 @@ jobs:
         working-directory: ./backend
         env:
           SSH_PRIVATE_KEY: ${{secrets.RSA_KEY}}
-          SIGNER_KEY: ${{ secrets.SIGNER_KEY }}
+          SIGNER_CERT: ${{ secrets.SIGNER_CERT }}
         run: |
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-          echo "$SIGNER_KEY" > signer.pem
-          chmod 600 signer.pem
+          echo "$SIGNER_KEY" > signer.crt
+          chmod 600 signer.crt
 
       - name: Load the private key onto Docker trust store
         env:
@@ -76,7 +76,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.REPO_PASS }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS ; } | docker trust signer add --key "signer.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS ; } | docker trust signer add --key "signer.crt" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       # - name: Push Image
       #   env:

From 81b4b119cefb80dff5f193a16e4ed18f3681ecdc Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 08:45:24 -0400
Subject: [PATCH 317/378] test

---
 .github/workflows/scan-images.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 16c1899c0a..8a0d212252 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -59,8 +59,9 @@ jobs:
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-          echo "$SIGNER_KEY" > signer.crt
-          chmod 600 signer.crt
+          echo "$SIGNER_KEY" > sign.pem
+          chmod 600 signer.pem
+          openssl rsa -in "sign.pem" -pubout > "signer.pem"
 
       - name: Load the private key onto Docker trust store
         env:
@@ -76,7 +77,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.REPO_PASS }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS ; } | docker trust signer add --key "signer.crt" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS ; } | docker trust signer add --key "signer.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       # - name: Push Image
       #   env:

From 824df78e97e272589b3e53d9a8c255d8836bbe82 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 08:47:17 -0400
Subject: [PATCH 318/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 8a0d212252..3c49e5ef02 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -60,7 +60,7 @@ jobs:
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
           echo "$SIGNER_KEY" > sign.pem
-          chmod 600 signer.pem
+          chmod 600 sign.pem
           openssl rsa -in "sign.pem" -pubout > "signer.pem"
 
       - name: Load the private key onto Docker trust store

From 7378eedd6b146a10feb4800b91d40fe8c84e7b37 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 08:49:39 -0400
Subject: [PATCH 319/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 3c49e5ef02..5f620413ba 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -54,7 +54,7 @@ jobs:
         working-directory: ./backend
         env:
           SSH_PRIVATE_KEY: ${{secrets.RSA_KEY}}
-          SIGNER_CERT: ${{ secrets.SIGNER_CERT }}
+          SIGNER_KEY: ${{ secrets.SIGNER_KEY }}
         run: |
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem

From c6b82ea081724d824a0400f66683d53db7911850 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 08:52:19 -0400
Subject: [PATCH 320/378] test

---
 .github/workflows/scan-images.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 5f620413ba..4b1b6a7a7f 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -39,13 +39,6 @@ jobs:
       - name: Scan Image
         run: docker run aquasec/trivy:latest  image --timeout 5m --scanners vuln --exit-code 1 --severity CRITICAL,HIGH  ${{ matrix.image.name }}
 
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ env.GH_TOKEN }}
-
       - name: Tag Image
         run: |
           docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
@@ -79,6 +72,13 @@ jobs:
         run: |
           { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS ; } | docker trust signer add --key "signer.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ env.GH_TOKEN }}
+
       # - name: Push Image
       #   env:
       #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}

From ad2c54cab476cf1c4aac7d3729f48e245ff87c9d Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 08:53:44 -0400
Subject: [PATCH 321/378] test

---
 .github/workflows/scan-images.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 4b1b6a7a7f..889bb16e8c 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -43,6 +43,13 @@ jobs:
         run: |
           docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ env.GH_TOKEN }}
+
       - name: Setup Keys for DCT
         working-directory: ./backend
         env:
@@ -68,17 +75,10 @@ jobs:
         working-directory: ./backend
         env:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
-          REPO_PASS: ${{ env.REPO_PASS }}
+          REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
           { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS ; } | docker trust signer add --key "signer.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ env.GH_TOKEN }}
-
       # - name: Push Image
       #   env:
       #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}

From 2c81565939f1601309d586b21f146b493c2e5dd6 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 08:55:10 -0400
Subject: [PATCH 322/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 889bb16e8c..cae4e01ff8 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -77,7 +77,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS ; } | docker trust signer add --key "signer.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $ROOT_PASS; echo $ROOT_PASS; } | { echo $REPO_PASS; echo $REPO_PASS ; } | docker trust signer add --key "signer.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       # - name: Push Image
       #   env:

From 790db36213de7124b3543478e24a46d82dad041f Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 08:56:36 -0400
Subject: [PATCH 323/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index cae4e01ff8..3039c827b8 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -77,7 +77,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; } | { echo $REPO_PASS; echo $REPO_PASS ; } | docker trust signer add --key "signer.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $ROOT_PASS; echo $ROOT_PASS; } | docker trust signer add --key "signer.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { echo $REPO_PASS; echo $REPO_PASS ; }
 
       # - name: Push Image
       #   env:

From 940d90a06d5721a33b9b0fafaa482ea46b1c1efe Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 08:59:36 -0400
Subject: [PATCH 324/378] testing?

---
 .github/workflows/scan-images.yml | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 3039c827b8..f471ff660b 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -54,14 +54,10 @@ jobs:
         working-directory: ./backend
         env:
           SSH_PRIVATE_KEY: ${{secrets.RSA_KEY}}
-          SIGNER_KEY: ${{ secrets.SIGNER_KEY }}
         run: |
           echo "$SSH_PRIVATE_KEY" > private.pem
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
-          echo "$SIGNER_KEY" > sign.pem
-          chmod 600 sign.pem
-          openssl rsa -in "sign.pem" -pubout > "signer.pem"
 
       - name: Load the private key onto Docker trust store
         env:
@@ -77,12 +73,12 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; } | docker trust signer add --key "signer.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { echo $REPO_PASS; echo $REPO_PASS ; }
+          { echo $ROOT_PASS; echo $ROOT_PASS; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { echo $REPO_PASS; echo $REPO_PASS ; }
 
-      # - name: Push Image
-      #   env:
-      #     SSH_PASSPHRASE: ${{secrets.DCT_ROOT_PASS}}
-      #   run: |
-      #     echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
-      #     docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< $SSH_PASSPHRASE
+      - name: Push Image
+        env:
+          ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
+        run: |
+          echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
+          { echo $ROOT_PASS; } | docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 

From 3cbc432fcafad6419d2053871398a4fe594b84be Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:07:40 -0400
Subject: [PATCH 325/378] test

---
 .github/workflows/scan-images.yml | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index f471ff660b..c9f8e5a523 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -59,14 +59,6 @@ jobs:
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
 
-      - name: Load the private key onto Docker trust store
-        env:
-          ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
-        working-directory: ./backend
-        shell: bash
-        run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker trust key load private.pem --name fac
-
       - name: Sign Image
         working-directory: ./backend
         env:
@@ -75,10 +67,17 @@ jobs:
         run: |
           { echo $ROOT_PASS; echo $ROOT_PASS; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { echo $REPO_PASS; echo $REPO_PASS ; }
 
-      - name: Push Image
+      - name: Load the private key onto Docker trust store
+        env:
+          ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
+        working-directory: ./backend
+        shell: bash
+        run: |
+          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker trust key load private.pem --name fac-sign
+
+      - name: Sign and Push to GHCR
         env:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
         run: |
-          echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
-          { echo $ROOT_PASS; } | docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $ROOT_PASS; } | docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 

From 85554521ce123366e2a9f8d859a7741bb55af143 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:09:27 -0400
Subject: [PATCH 326/378] add repeat pass

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index c9f8e5a523..20bb8b0c6b 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -79,5 +79,5 @@ jobs:
         env:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
         run: |
-          { echo $ROOT_PASS; } | docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 

From b90ccc92daddc34b2a9ad7b3abaa403f1892a529 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:11:04 -0400
Subject: [PATCH 327/378] add repo pass

---
 .github/workflows/scan-images.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 20bb8b0c6b..99b0ff13c6 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -59,7 +59,7 @@ jobs:
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
 
-      - name: Sign Image
+      - name: Add Signer
         working-directory: ./backend
         env:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
@@ -67,7 +67,7 @@ jobs:
         run: |
           { echo $ROOT_PASS; echo $ROOT_PASS; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { echo $REPO_PASS; echo $REPO_PASS ; }
 
-      - name: Load the private key onto Docker trust store
+      - name: Load the private key onto Docker Trust Store
         env:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
         working-directory: ./backend
@@ -78,6 +78,6 @@ jobs:
       - name: Sign and Push to GHCR
         env:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
+          REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
-
+          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest | { echo $REPO_PASS; echo $REPO_PASS ; }

From 4a16d8e4c3cbcb1e00a8830773d1355e21ccd218 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:13:49 -0400
Subject: [PATCH 328/378] test

---
 .github/workflows/scan-images.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 99b0ff13c6..797850f914 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -80,4 +80,5 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker trust sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest | { echo $REPO_PASS; echo $REPO_PASS ; }
+          echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
+          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false

From e025e4a479412727c829e753b66000ecce03b46d Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:15:39 -0400
Subject: [PATCH 329/378] enable password

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 797850f914..335bbc24cb 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -81,4 +81,4 @@ jobs:
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
           echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
-          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false
+          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false

From dcb2c674773c7d0d7725164f9c36076d0ad1a287 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:16:40 -0400
Subject: [PATCH 330/378] add repo pass

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 335bbc24cb..8b38ca1469 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -81,4 +81,4 @@ jobs:
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
           echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
-          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false
+          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false | { echo $REPO_PASS; echo $REPO_PASS ; }

From 4bebe2c59418bdc63daa75b29d3bc4029226405e Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:21:28 -0400
Subject: [PATCH 331/378] test

---
 .github/workflows/scan-images.yml | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 8b38ca1469..eec534d546 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -39,10 +39,6 @@ jobs:
       - name: Scan Image
         run: docker run aquasec/trivy:latest  image --timeout 5m --scanners vuln --exit-code 1 --severity CRITICAL,HIGH  ${{ matrix.image.name }}
 
-      - name: Tag Image
-        run: |
-          docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
-
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v2
         with:
@@ -59,6 +55,14 @@ jobs:
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
 
+      - name: Load the private key onto Docker Trust Store
+        env:
+          ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
+        working-directory: ./backend
+        shell: bash
+        run: |
+          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker trust key load private.pem --name fac-sign
+
       - name: Add Signer
         working-directory: ./backend
         env:
@@ -67,13 +71,9 @@ jobs:
         run: |
           { echo $ROOT_PASS; echo $ROOT_PASS; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { echo $REPO_PASS; echo $REPO_PASS ; }
 
-      - name: Load the private key onto Docker Trust Store
-        env:
-          ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
-        working-directory: ./backend
-        shell: bash
+      - name: Tag Image
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker trust key load private.pem --name fac-sign
+          docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       - name: Sign and Push to GHCR
         env:
@@ -82,3 +82,7 @@ jobs:
         run: |
           echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
           { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false | { echo $REPO_PASS; echo $REPO_PASS ; }
+
+      - name: Inspect Content Trust
+        run: |
+          docker trust inspect --pretty ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest

From 7bd82e58bd3e79d9fb0d80492f0144fb1e7f0eec Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:22:17 -0400
Subject: [PATCH 332/378] test

---
 .github/workflows/scan-images.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index eec534d546..4b0b5a341a 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -75,12 +75,14 @@ jobs:
         run: |
           docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
+      - name: Set Docker Content Trust
+        run: echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
+
       - name: Sign and Push to GHCR
         env:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
           { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false | { echo $REPO_PASS; echo $REPO_PASS ; }
 
       - name: Inspect Content Trust

From 62468a688d74891f5426a45a100b405f68b4dba4 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:25:08 -0400
Subject: [PATCH 333/378] test

---
 .github/workflows/scan-images.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 4b0b5a341a..49906696c0 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -69,7 +69,9 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { echo $REPO_PASS; echo $REPO_PASS ; }
+          docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $ROOT_PASS; echo $ROOT_PASS; }
+          { echo $REPO_PASS; echo $REPO_PASS; }
 
       - name: Tag Image
         run: |
@@ -83,7 +85,9 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false | { echo $REPO_PASS; echo $REPO_PASS ; }
+          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false
+          { echo $ROOT_PASS; echo $ROOT_PASS; }
+          { echo $REPO_PASS; echo $REPO_PASS; }
 
       - name: Inspect Content Trust
         run: |

From 35db203ee71f5b46749d462a667dde5391b88e9b Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:26:19 -0400
Subject: [PATCH 334/378] test

---
 .github/workflows/scan-images.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 49906696c0..eb119fce03 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -86,8 +86,10 @@ jobs:
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
           docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false
-          { echo $ROOT_PASS; echo $ROOT_PASS; }
-          { echo $REPO_PASS; echo $REPO_PASS; }
+          echo $ROOT_PASS
+          echo $ROOT_PASS
+          echo $REPO_PASS
+          echo $REPO_PASS
 
       - name: Inspect Content Trust
         run: |

From d477cae274563d0d141e95c4164726bcd3e2fc45 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:26:44 -0400
Subject: [PATCH 335/378] test

---
 .github/workflows/scan-images.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index eb119fce03..6bc820a0ba 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -70,8 +70,10 @@ jobs:
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
           docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
-          { echo $ROOT_PASS; echo $ROOT_PASS; }
-          { echo $REPO_PASS; echo $REPO_PASS; }
+          echo $ROOT_PASS
+          echo $ROOT_PASS
+          echo $REPO_PASS
+          echo $REPO_PASS
 
       - name: Tag Image
         run: |

From dc2fec0fe26b1d5445d77d78be237b2aa0862292 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:28:09 -0400
Subject: [PATCH 336/378] testing

---
 .github/workflows/scan-images.yml | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 6bc820a0ba..89fa8ff7be 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -69,11 +69,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
-          echo $ROOT_PASS
-          echo $ROOT_PASS
-          echo $REPO_PASS
-          echo $REPO_PASS
+          { echo $ROOT_PASS; echo $ROOT_PASS; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { echo $REPO_PASS; echo $REPO_PASS; }
 
       - name: Tag Image
         run: |
@@ -87,11 +83,7 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false
-          echo $ROOT_PASS
-          echo $ROOT_PASS
-          echo $REPO_PASS
-          echo $REPO_PASS
+          { echo $ROOT_PASS; echo $ROOT_PASS; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false | { echo $REPO_PASS; echo $REPO_PASS; }
 
       - name: Inspect Content Trust
         run: |

From b593fdafe9bfa07accf16160bdd70a22f303161d Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:29:41 -0400
Subject: [PATCH 337/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 89fa8ff7be..63d1c567c8 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -83,7 +83,7 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false | { echo $REPO_PASS; echo $REPO_PASS; }
+          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false
 
       - name: Inspect Content Trust
         run: |

From 820ca38153f743377af2c7cd88f3b9002bac1c08 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:35:27 -0400
Subject: [PATCH 338/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 63d1c567c8..167b3997d9 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -83,7 +83,7 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false
+          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false --password-stdin $ROOT_PASS
 
       - name: Inspect Content Trust
         run: |

From 50ab0b4d4e56a6848da9968200e6a8ca415beff9 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:37:21 -0400
Subject: [PATCH 339/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 167b3997d9..4205de657c 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -83,7 +83,7 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false --password-stdin $ROOT_PASS
+          { echo $ROOT_PASS; echo $ROOT_PASS; } | { echo $REPO_PASS; echo $REPO_PASS; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false
 
       - name: Inspect Content Trust
         run: |

From 792401f5298eef4fcc60ace413b8c33e1f145bd1 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:39:00 -0400
Subject: [PATCH 340/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 4205de657c..0687919d3c 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -83,7 +83,7 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; } | { echo $REPO_PASS; echo $REPO_PASS; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false
+          { echo $ROOT_PASS; echo $ROOT_PASS; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false <<< $REPO_PASS
 
       - name: Inspect Content Trust
         run: |

From dcf9e5dcf3dc5da555486cd3537fd347e1e9a716 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:40:41 -0400
Subject: [PATCH 341/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 0687919d3c..acc573e838 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -83,7 +83,7 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false <<< $REPO_PASS
+          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false | { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; }
 
       - name: Inspect Content Trust
         run: |

From c77e2ec0423ce5076f4bf418adee4f50c9741eaf Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:44:24 -0400
Subject: [PATCH 342/378] testing push to ghcr

---
 .github/workflows/scan-images.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index acc573e838..c3dfb9de66 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -61,7 +61,7 @@ jobs:
         working-directory: ./backend
         shell: bash
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker trust key load private.pem --name fac-sign
+          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker trust key load private.pem --name fac
 
       - name: Add Signer
         working-directory: ./backend
@@ -69,7 +69,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; } | docker trust signer add --key "public.pem" fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { echo $REPO_PASS; echo $REPO_PASS; }
+          docker trust signer add --key public.pem fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { echo $ROOT_PASS; echo $ROOT_PASS; } | { echo $REPO_PASS; echo $REPO_PASS; }
 
       - name: Tag Image
         run: |

From d0490f8401ed50249ef90583936b494be9f56b3d Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:44:47 -0400
Subject: [PATCH 343/378] testing push to ghcr

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index c3dfb9de66..3731b64766 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -69,7 +69,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          docker trust signer add --key public.pem fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { echo $ROOT_PASS; echo $ROOT_PASS; } | { echo $REPO_PASS; echo $REPO_PASS; }
+          docker trust signer add --key public.pem fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; }
 
       - name: Tag Image
         run: |

From 266f012a9faed5ca60df8ccec7f82fcca6f08411 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:46:49 -0400
Subject: [PATCH 344/378] remove tagging

---
 .github/workflows/scan-images.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 3731b64766..42325be9ad 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -71,9 +71,9 @@ jobs:
         run: |
           docker trust signer add --key public.pem fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; }
 
-      - name: Tag Image
-        run: |
-          docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+      # - name: Tag Image
+      #   run: |
+      #     docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       - name: Set Docker Content Trust
         run: echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
@@ -83,7 +83,7 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest --disable-content-trust=false | { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; }
+          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest | { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; }
 
       - name: Inspect Content Trust
         run: |

From 024a5410e065580f7fc0f59d5be58eb0f3eeaa51 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:48:53 -0400
Subject: [PATCH 345/378] testing

---
 .github/workflows/scan-images.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 42325be9ad..e6e446c6de 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -69,7 +69,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          docker trust signer add --key public.pem fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; }
+          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } | docker trust signer add --key public.pem fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       # - name: Tag Image
       #   run: |
@@ -83,7 +83,7 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest | { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; }
+          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       - name: Inspect Content Trust
         run: |

From 1abb38f9c5747ea6f441988c6028650fcf843621 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:51:21 -0400
Subject: [PATCH 346/378] change signer name

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index e6e446c6de..69db2a7057 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -69,7 +69,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } | docker trust signer add --key public.pem fac-sign ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       # - name: Tag Image
       #   run: |

From 53b084cebb4a4f34eed7c5e2bbcedb7a8e386cf0 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 09:56:31 -0400
Subject: [PATCH 347/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 69db2a7057..616d912bde 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -69,7 +69,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       # - name: Tag Image
       #   run: |

From 1452f82fd119aa6fd75e2dd3145ebe978388c7ee Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 10:00:49 -0400
Subject: [PATCH 348/378] test

---
 .github/workflows/scan-images.yml | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 616d912bde..95720ca6d9 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -69,7 +69,11 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          printf '%s\n' "$ROOT_PASS"
+          printf '%s\n' "$ROOT_PASS"
+          printf '%s\n' "$REPO_PASS"
+          printf '%s\n' "$REPO_PASS"
 
       # - name: Tag Image
       #   run: |
@@ -83,7 +87,11 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+          printf '%s\n' "$ROOT_PASS"
+          printf '%s\n' "$ROOT_PASS"
+          printf '%s\n' "$REPO_PASS"
+          printf '%s\n' "$REPO_PASS"
 
       - name: Inspect Content Trust
         run: |

From d71a0f92d86a215a02eb47b696527685e57d4f6c Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 10:02:01 -0400
Subject: [PATCH 349/378] test

---
 .github/workflows/scan-images.yml | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 95720ca6d9..291976e6a3 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -69,11 +69,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
-          printf '%s\n' "$ROOT_PASS"
-          printf '%s\n' "$ROOT_PASS"
-          printf '%s\n' "$REPO_PASS"
-          printf '%s\n' "$REPO_PASS"
+          { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; }
 
       # - name: Tag Image
       #   run: |
@@ -87,11 +83,7 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
-          printf '%s\n' "$ROOT_PASS"
-          printf '%s\n' "$ROOT_PASS"
-          printf '%s\n' "$REPO_PASS"
-          printf '%s\n' "$REPO_PASS"
+          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       - name: Inspect Content Trust
         run: |

From d70577997da2cb15bbb07e5ae3b6e9c2c7de191a Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 10:03:32 -0400
Subject: [PATCH 350/378] test

---
 .github/workflows/scan-images.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 291976e6a3..179d356f7a 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -71,9 +71,9 @@ jobs:
         run: |
           { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; }
 
-      # - name: Tag Image
-      #   run: |
-      #     docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+      - name: Tag Image
+        run: |
+          docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       - name: Set Docker Content Trust
         run: echo "DOCKER_CONTENT_TRUST=1" >> $GITHUB_ENV
@@ -83,7 +83,7 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest | { printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; }
 
       - name: Inspect Content Trust
         run: |

From 93463c30955311c796bf81c865660d93e8dbaabb Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 10:05:14 -0400
Subject: [PATCH 351/378] test

---
 .github/workflows/scan-images.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 179d356f7a..cee4749e0e 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -69,7 +69,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} | { printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; }
+          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } && { printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Tag Image
         run: |
@@ -83,7 +83,7 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest | { printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; }
+          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } && { printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       - name: Inspect Content Trust
         run: |

From 6d07dc58217fd5f6a756961b19f9283c3f0f6027 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 10:06:34 -0400
Subject: [PATCH 352/378] test

---
 .github/workflows/scan-images.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index cee4749e0e..3467c56967 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -69,7 +69,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } && { printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; } && { printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Tag Image
         run: |
@@ -83,7 +83,7 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS; echo $REPO_PASS; echo $REPO_PASS; } && { printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+          { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; } && { printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       - name: Inspect Content Trust
         run: |

From 823460439a1d2e3da00416a172e9490237bf49bd Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 10:07:18 -0400
Subject: [PATCH 353/378] test

---
 .github/workflows/scan-images.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 3467c56967..1ea540737d 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -55,14 +55,6 @@ jobs:
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
 
-      - name: Load the private key onto Docker Trust Store
-        env:
-          ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
-        working-directory: ./backend
-        shell: bash
-        run: |
-          { echo $ROOT_PASS; echo $ROOT_PASS ; } | docker trust key load private.pem --name fac
-
       - name: Add Signer
         working-directory: ./backend
         env:
@@ -71,6 +63,14 @@ jobs:
         run: |
           { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; } && { printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
+      - name: Load the private key onto Docker Trust Store
+        env:
+          ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
+        working-directory: ./backend
+        shell: bash
+        run: |
+          { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; } | docker trust key load private.pem --name fac
+
       - name: Tag Image
         run: |
           docker tag ${{ matrix.image.name }} ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest

From 53de4d91b99e0bbe971bfc17f3655fdbd0b5a4ed Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 10:08:42 -0400
Subject: [PATCH 354/378] test

---
 .github/workflows/scan-images.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 1ea540737d..ee6aaa83af 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -61,7 +61,7 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; } && { printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Load the private key onto Docker Trust Store
         env:
@@ -83,7 +83,7 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
-          { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; } && { printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+          { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       - name: Inspect Content Trust
         run: |

From 9caae0a54e7e91582ec8eafeba51bbdcce8a4662 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 10:15:07 -0400
Subject: [PATCH 355/378] test

---
 .github/workflows/scan-images.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index ee6aaa83af..441a6701f3 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -61,6 +61,8 @@ jobs:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
+          export $ROOT_PASS
+          export $REPO_PASS
           { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Load the private key onto Docker Trust Store
@@ -83,6 +85,8 @@ jobs:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
         run: |
+          export $ROOT_PASS
+          export $REPO_PASS
           { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       - name: Inspect Content Trust

From 824c538b65b2bc7dcfbec0f282624da156eed706 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 10:17:02 -0400
Subject: [PATCH 356/378] add shell

---
 .github/workflows/scan-images.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 441a6701f3..eafee18a2e 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -60,6 +60,7 @@ jobs:
         env:
           ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
+        shell: bash
         run: |
           export $ROOT_PASS
           export $REPO_PASS
@@ -84,6 +85,7 @@ jobs:
         env:
           ROOT_PASS: ${{secrets.DCT_ROOT_PASS}}
           REPO_PASS: ${{ env.GH_TOKEN }}
+        shell: bash
         run: |
           export $ROOT_PASS
           export $REPO_PASS

From 4423afd2f6f34a132b9fde4c8a1d91a939d19491 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 10:18:27 -0400
Subject: [PATCH 357/378] test

---
 .github/workflows/scan-images.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index eafee18a2e..289a3b847c 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,8 +62,6 @@ jobs:
           REPO_PASS: ${{ env.GH_TOKEN }}
         shell: bash
         run: |
-          export $ROOT_PASS
-          export $REPO_PASS
           { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Load the private key onto Docker Trust Store
@@ -87,8 +85,6 @@ jobs:
           REPO_PASS: ${{ env.GH_TOKEN }}
         shell: bash
         run: |
-          export $ROOT_PASS
-          export $REPO_PASS
           { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       - name: Inspect Content Trust

From 857a8d249fd82099cbc84cd18f4bef7e72d63b2e Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 10:28:27 -0400
Subject: [PATCH 358/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 289a3b847c..09ab4de114 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,7 +62,7 @@ jobs:
           REPO_PASS: ${{ env.GH_TOKEN }}
         shell: bash
         run: |
-          { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< "$ROOT_PASS\n$ROOT_PASS\n$REPO_PASS\n$REPO_PASS"
 
       - name: Load the private key onto Docker Trust Store
         env:

From 97426eee08afdb154c783d6b561245ed0557a887 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 10:30:23 -0400
Subject: [PATCH 359/378] test

---
 .github/workflows/scan-images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 09ab4de114..25875fe10d 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,7 +62,7 @@ jobs:
           REPO_PASS: ${{ env.GH_TOKEN }}
         shell: bash
         run: |
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< "$ROOT_PASS\n$ROOT_PASS\n$REPO_PASS\n$REPO_PASS"
+          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< echo "$ROOT_PASS"; echo "$ROOT_PASS"; echo "$REPO_PASS"; echo "$REPO_PASS"
 
       - name: Load the private key onto Docker Trust Store
         env:

From 53f340b4be40db80c1c0bcef8601bc2109cca155 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 10:36:26 -0400
Subject: [PATCH 360/378] test

---
 .github/workflows/scan-images.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 25875fe10d..6f20e25400 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -62,7 +62,7 @@ jobs:
           REPO_PASS: ${{ env.GH_TOKEN }}
         shell: bash
         run: |
-          docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }} <<< echo "$ROOT_PASS"; echo "$ROOT_PASS"; echo "$REPO_PASS"; echo "$REPO_PASS"
+          { echo "$ROOT_PASS"; echo "$ROOT_PASS"; echo "$REPO_PASS"; echo "$REPO_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Load the private key onto Docker Trust Store
         env:
@@ -70,7 +70,7 @@ jobs:
         working-directory: ./backend
         shell: bash
         run: |
-          { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; } | docker trust key load private.pem --name fac
+          { echo "$ROOT_PASS"; echo "$ROOT_PASS"; } | docker trust key load private.pem --name fac
 
       - name: Tag Image
         run: |
@@ -85,7 +85,7 @@ jobs:
           REPO_PASS: ${{ env.GH_TOKEN }}
         shell: bash
         run: |
-          { printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$ROOT_PASS"; printf '%s\n' "$REPO_PASS"; printf '%s\n' "$REPO_PASS"; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
+          { echo "$ROOT_PASS"; echo "$ROOT_PASS"; echo "$REPO_PASS"; echo "$REPO_PASS"; } | docker push ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}:latest
 
       - name: Inspect Content Trust
         run: |

From 9b1856dabe43d1c73be13865c70164c060b694d4 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Mon, 10 Jul 2023 14:09:02 -0400
Subject: [PATCH 361/378] test

---
 .github/workflows/scan-images.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
index 6f20e25400..0f701b7c90 100644
--- a/.github/workflows/scan-images.yml
+++ b/.github/workflows/scan-images.yml
@@ -55,14 +55,14 @@ jobs:
           chmod 600 private.pem
           openssl rsa -in "private.pem" -pubout > "public.pem"
 
-      - name: Add Signer
-        working-directory: ./backend
-        env:
-          ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
-          REPO_PASS: ${{ env.GH_TOKEN }}
-        shell: bash
-        run: |
-          { echo "$ROOT_PASS"; echo "$ROOT_PASS"; echo "$REPO_PASS"; echo "$REPO_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
+      # - name: Add Signer
+      #   working-directory: ./backend
+      #   env:
+      #     ROOT_PASS: ${{ secrets.DCT_ROOT_PASS}}
+      #     REPO_PASS: ${{ env.GH_TOKEN }}
+      #   shell: bash
+      #   run: |
+      #     { echo "$ROOT_PASS"; echo "$ROOT_PASS"; echo "$REPO_PASS"; echo "$REPO_PASS"; } | docker trust signer add --key public.pem fac ghcr.io/${{ env.GH_REPO }}/${{ matrix.image.short-name }}
 
       - name: Load the private key onto Docker Trust Store
         env:

From ac03a2f48d221992a025a2e37ecf000b302ce054 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Tue, 11 Jul 2023 10:15:52 -0400
Subject: [PATCH 362/378] Refactoring

---
 .../{ => bpmn-renders}/add-bpmn-renders.yml   |   0
 .../create-pull-request.yml}                  |   0
 .../deploy-application.yml}                   |   0
 .../deploy-development.yml}                   |  14 +-
 .../deploy-production.yml}                    |  12 +-
 .../deploy-staging.yml}                       |  11 +-
 .../pull-request-checks.yml}                  |  23 ++-
 .../staging-scheduled-deploy.yml              |  10 +-
 .../{ => docker}/build-docker-container.yml   |  42 +-----
 .github/workflows/{ => linting}/linting.yml   |   2 +-
 .../{ => linting}/terraform-lint.yml          |  10 +-
 .../pull-containers-and-push-to-ghcr.yml      |   0
 .github/workflows/{ => security}/trivy.yml    |   0
 .github/workflows/{ => security}/zap-scan.yml |   0
 .../{ => terraform}/terraform-apply-env.yml   |   0
 .../{ => terraform}/terraform-commit.yml      |   0
 .../{ => terraform}/terraform-plan-env.yml    |   0
 .github/workflows/test-and-lint.yml           | 141 ------------------
 .../{ => testing}/end-to-end-test.yml         |   4 +-
 .../{ => testing}/testing-from-build.yml      |   0
 .../{ => testing}/testing-from-ghcr.yml       |   0
 21 files changed, 49 insertions(+), 220 deletions(-)
 rename .github/workflows/{ => bpmn-renders}/add-bpmn-renders.yml (100%)
 rename .github/workflows/{auto-create-pr.yml => deployments/create-pull-request.yml} (100%)
 rename .github/workflows/{deploy-apps.yml => deployments/deploy-application.yml} (100%)
 rename .github/workflows/{triggers-dev.yml => deployments/deploy-development.yml} (73%)
 rename .github/workflows/{triggers-prod.yml => deployments/deploy-production.yml} (71%)
 rename .github/workflows/{triggers-staging.yml => deployments/deploy-staging.yml} (68%)
 rename .github/workflows/{triggers-PR.yml => deployments/pull-request-checks.yml} (82%)
 rename .github/workflows/{ => deployments}/staging-scheduled-deploy.yml (73%)
 rename .github/workflows/{ => docker}/build-docker-container.yml (58%)
 rename .github/workflows/{ => linting}/linting.yml (97%)
 rename .github/workflows/{ => linting}/terraform-lint.yml (65%)
 rename .github/workflows/{ => security}/pull-containers-and-push-to-ghcr.yml (100%)
 rename .github/workflows/{ => security}/trivy.yml (100%)
 rename .github/workflows/{ => security}/zap-scan.yml (100%)
 rename .github/workflows/{ => terraform}/terraform-apply-env.yml (100%)
 rename .github/workflows/{ => terraform}/terraform-commit.yml (100%)
 rename .github/workflows/{ => terraform}/terraform-plan-env.yml (100%)
 delete mode 100644 .github/workflows/test-and-lint.yml
 rename .github/workflows/{ => testing}/end-to-end-test.yml (93%)
 rename .github/workflows/{ => testing}/testing-from-build.yml (100%)
 rename .github/workflows/{ => testing}/testing-from-ghcr.yml (100%)

diff --git a/.github/workflows/add-bpmn-renders.yml b/.github/workflows/bpmn-renders/add-bpmn-renders.yml
similarity index 100%
rename from .github/workflows/add-bpmn-renders.yml
rename to .github/workflows/bpmn-renders/add-bpmn-renders.yml
diff --git a/.github/workflows/auto-create-pr.yml b/.github/workflows/deployments/create-pull-request.yml
similarity index 100%
rename from .github/workflows/auto-create-pr.yml
rename to .github/workflows/deployments/create-pull-request.yml
diff --git a/.github/workflows/deploy-apps.yml b/.github/workflows/deployments/deploy-application.yml
similarity index 100%
rename from .github/workflows/deploy-apps.yml
rename to .github/workflows/deployments/deploy-application.yml
diff --git a/.github/workflows/triggers-dev.yml b/.github/workflows/deployments/deploy-development.yml
similarity index 73%
rename from .github/workflows/triggers-dev.yml
rename to .github/workflows/deployments/deploy-development.yml
index 3a18e6373f..73b7088c88 100644
--- a/.github/workflows/triggers-dev.yml
+++ b/.github/workflows/deployments/deploy-development.yml
@@ -5,7 +5,7 @@ on:
 jobs:
   # ensure that every time a push to main occurs, the container is built and published to ghcr
   build-container:
-    uses: ./.github/workflows/build-docker-container.yml
+    uses: ./.github/workflows/docker/build-docker-container.yml
     secrets: inherit
     permissions:
       contents: read
@@ -18,11 +18,11 @@ jobs:
 
   testing:
     needs: [build-container]
-    uses: ./.github/workflows/testing-from-ghcr.yml
+    uses: ./.github/workflows/testing/testing-from-ghcr.yml
     secrets: inherit
 
   linting:
-    uses: ./.github/workflows/linting.yml
+    uses: ./.github/workflows/linting/linting.yml
     secrets: inherit
 
   # deploy to Dev & Management spaces
@@ -30,7 +30,7 @@ jobs:
     name: Deploy infrastructure (dev)
     needs:
       - testing
-    uses: ./.github/workflows/terraform-apply-env.yml
+    uses: ./.github/workflows/terraform/terraform-apply-env.yml
     with:
       environment: "dev"
     secrets: inherit
@@ -39,7 +39,7 @@ jobs:
     name: Deploy infrastructure (dev)
     needs:
       - testing
-    uses: ./.github/workflows/terraform-apply-env.yml
+    uses: ./.github/workflows/terraform/terraform-apply-env.yml
     with:
       environment: "management"
     secrets: inherit
@@ -48,7 +48,7 @@ jobs:
     name: Deploy dev app to cloud.gov
     needs:
       - deploy-infrastructure-dev
-    uses: ./.github/workflows/deploy-apps.yml
+    uses: ./.github/workflows/deployments/deploy-application.yml
     with:
       environment: "dev"
     secrets: inherit
@@ -57,7 +57,7 @@ jobs:
     name: Zap scan of the dev site
     needs:
       - deploy-dev
-    uses: ./.github/workflows/zap-scan.yml
+    uses: ./.github/workflows/security/zap-scan.yml
     with:
       url: "https://fac-dev.app.cloud.gov/"
 
diff --git a/.github/workflows/triggers-prod.yml b/.github/workflows/deployments/deploy-production.yml
similarity index 71%
rename from .github/workflows/triggers-prod.yml
rename to .github/workflows/deployments/deploy-production.yml
index 0c547a5a51..68f5a6937a 100644
--- a/.github/workflows/triggers-prod.yml
+++ b/.github/workflows/deployments/deploy-production.yml
@@ -6,17 +6,17 @@ on:
 
 jobs:
   testing:
-    uses: ./.github/workflows/testing-from-ghcr.yml
+    uses: ./.github/workflows/testing/testing-from-ghcr.yml
     secrets: inherit
 
   linting:
-    uses: ./.github/workflows/linting.yml
+    uses: ./.github/workflows/linting/linting.yml
     secrets: inherit
 
   # up to date scan of the staging instance
   scan-staging:
     name: Zap scan of the staging site
-    uses: ./.github/workflows/zap-scan.yml
+    uses: ./.github/workflows/security/zap-scan.yml
     with:
       url: "https://fac-staging.app.cloud.gov/"
 
@@ -25,7 +25,7 @@ jobs:
     needs:
       - testing
       - scan-staging
-    uses: ./.github/workflows/terraform-apply-env.yml
+    uses: ./.github/workflows/terraform/terraform-apply-env.yml
     with:
       environment: "production"
     secrets: inherit
@@ -34,7 +34,7 @@ jobs:
     name: Deploy production to cloud.gov
     needs:
       - deploy-infrastructure-production
-    uses: ./.github/workflows/deploy-apps.yml
+    uses: ./.github/workflows/deployments/deploy-apps.yml
     with:
       environment: "production"
     secrets: inherit
@@ -43,6 +43,6 @@ jobs:
     name: Zap scan of the production site
     needs:
       - deploy-production
-    uses: ./.github/workflows/zap-scan.yml
+    uses: ./.github/workflows/security/zap-scan.yml
     with:
       url: "https://app.fac.gov/"
diff --git a/.github/workflows/triggers-staging.yml b/.github/workflows/deployments/deploy-staging.yml
similarity index 68%
rename from .github/workflows/triggers-staging.yml
rename to .github/workflows/deployments/deploy-staging.yml
index a519c12787..53e79fefa0 100644
--- a/.github/workflows/triggers-staging.yml
+++ b/.github/workflows/deployments/deploy-staging.yml
@@ -6,17 +6,16 @@ on:
 
 jobs:
   testing:
-    uses: ./.github/workflows/testing-from-ghcr.yml
+    uses: ./.github/workflows/testing/testing-from-ghcr.yml
     secrets: inherit
 
   linting:
-    uses: ./.github/workflows/linting.yml
+    uses: ./.github/workflows/linting/linting.yml
     secrets: inherit
 
-  # deploy to staging
   scan-dev:
     name: Zap scan of the dev site
-    uses: ./.github/workflows/zap-scan.yml
+    uses: ./.github/workflows/security/zap-scan.yml
     with:
       url: "https://fac-dev.app.cloud.gov/"
 
@@ -25,7 +24,7 @@ jobs:
     needs:
       - testing
       - scan-dev
-    uses: ./.github/workflows/terraform-apply-env.yml
+    uses: ./.github/workflows/terraform/terraform-apply-env.yml
     with:
       environment: "staging"
     secrets: inherit
@@ -34,7 +33,7 @@ jobs:
     name: Deploy staging app to cloud.gov
     needs:
       - deploy-infrastructure-staging
-    uses: ./.github/workflows/deploy-apps.yml
+    uses: ./.github/workflows/deployments/deploy-apps.yml
     with:
       environment: "staging"
     secrets: inherit
diff --git a/.github/workflows/triggers-PR.yml b/.github/workflows/deployments/pull-request-checks.yml
similarity index 82%
rename from .github/workflows/triggers-PR.yml
rename to .github/workflows/deployments/pull-request-checks.yml
index 77637c2e94..bc42d74f9d 100644
--- a/.github/workflows/triggers-PR.yml
+++ b/.github/workflows/deployments/pull-request-checks.yml
@@ -1,5 +1,5 @@
 ---
-name: Tests for PRs
+name: Pull Request Checks
 on:
   pull_request:
     branches:
@@ -35,7 +35,7 @@ jobs:
             package:
               - './backend/package.json'
 
-  # Testing for all main and prod PRs
+  # Tests and Linting invoked on a Pull Request
   testing-from-build:
     needs: [check-for-changes]
     if: ${{ needs.check-for-changes.outputs.requirements == 'true' || needs.check-for-changes.outputs.dev-requirements == 'true' || needs.check-for-changes.outputs.docker == 'true' || needs.check-for-changes.outputs.package == 'true' }}
@@ -52,38 +52,35 @@ jobs:
     uses: ./.github/workflows/linting.yml
     secrets: inherit
 
-  # Update BPMN diagram
+  # Update BPMN Diagrams
   sync-BPMN:
-    uses: ./.github/workflows/add-bpmn-renders.yml
+    uses: ./.github/workflows/bpmn-renders/add-bpmn-renders.yml
     secrets: inherit
 
-  # Create terraform plan as part of the PR review process
-  # PR to main before dev deploy
-  plan-terraform-dev:
+  # Generate Terraform Plans
+  terraform-plan:
     if: ${{ github.base_ref == 'main' }}
     uses: ./.github/workflows/terraform-plan-env.yml
     with:
       environment: "dev"
     secrets: inherit
 
-  plan-terraform-management:
+  terraform-plan-management:
     if: ${{ github.base_ref == 'main' }}
     uses: ./.github/workflows/terraform-plan-env.yml
     with:
       environment: "management"
     secrets: inherit
 
-  # PR for release before staging deploy
-  plan-terraform-stage:
+  terraform-plan-staging:
     if: ${{ github.base_ref == 'prod' }}
     uses: ./.github/workflows/terraform-plan-env.yml
     with:
       environment: "staging"
     secrets: inherit
 
-  # PR for release before prod deploy
-  plan-terraform-prod:
-    # This uses the same trigger as staging because prod deploy is tied to tags
+# uses tags "v1.*"
+  terraform-plan-prod:
     if: ${{ github.base_ref == 'prod' }}
     uses: ./.github/workflows/terraform-plan-env.yml
     with:
diff --git a/.github/workflows/staging-scheduled-deploy.yml b/.github/workflows/deployments/staging-scheduled-deploy.yml
similarity index 73%
rename from .github/workflows/staging-scheduled-deploy.yml
rename to .github/workflows/deployments/staging-scheduled-deploy.yml
index c2d5ececaa..37c7281111 100644
--- a/.github/workflows/staging-scheduled-deploy.yml
+++ b/.github/workflows/deployments/staging-scheduled-deploy.yml
@@ -7,7 +7,7 @@ on:
   workflow_dispatch: null
 jobs:
   trivy-scan:
-    uses: ./.github/workflows/trivy.yml
+    uses: ./.github/workflows/security/trivy.yml
     secrets: inherit
     permissions:
       contents: read
@@ -18,7 +18,7 @@ jobs:
   build-container:
     needs:
       - trivy-scan
-    uses: ./.github/workflows/build-docker-container.yml
+    uses: ./.github/workflows/docker/build-docker-container.yml
     secrets: inherit
     permissions:
       contents: read
@@ -33,16 +33,16 @@ jobs:
     name: Run Django, Lighthouse, a11y and lint
     needs:
       - build-container
-    uses: ./.github/workflows/testing-from-ghcr.yml
+    uses: ./.github/workflows/testing/testing-from-ghcr.yml
     secrets: inherit
 
   linting:
-    uses: ./.github/workflows/linting.yml
+    uses: ./.github/workflows/linting/linting.yml
     secrets: inherit
 
   create-pr:
     needs:
       - testing
     name: Create Pull Request to Staging
-    uses: ./.github/workflows/auto-create-pr.yml
+    uses: ./.github/workflows/deployments/create-pull-request.yml
     secrets: inherit
diff --git a/.github/workflows/build-docker-container.yml b/.github/workflows/docker/build-docker-container.yml
similarity index 58%
rename from .github/workflows/build-docker-container.yml
rename to .github/workflows/docker/build-docker-container.yml
index 2515b1a678..36ce50c81e 100644
--- a/.github/workflows/build-docker-container.yml
+++ b/.github/workflows/docker/build-docker-container.yml
@@ -64,37 +64,6 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@v2
 
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Create ssl key file
-        working-directory: ${{ env.WORKING_DIRECTORY }}
-        run: |
-          echo "$SSL_KEY" > private.pem
-          chmod 600 private.pem
-          openssl rsa -in "private.pem" -pubout > "public.pem"
-        shell: bash
-        env:
-          SSL_KEY: ${{ secrets.RSA_KEY }}
-
-      - name: Confirm if runner is a signer
-        working-directory: prime-router
-        shell: bash
-        run: |
-          echo "DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=${{ secrets.DCT_ROOT_PASS }}" >> $GITHUB_ENV
-          docker trust inspect --pretty "${{ env.ACR_NAME }}/${{ env.IMAGE_REPO }}"
-          SIGNERS=$(docker trust inspect "${{ env.ACR_NAME }}/${{ env.IMAGE_REPO }}" | jq '.[].Signers')
-          if [[ "$SIGNERS" != *${{ env.IMAGE_REPO }}* ]]; then
-            echo "NEEDS_SIGNER=true" >> $GITHUB_ENV
-          fi
-      - name: Add Signer
-        working-directory: ${{ env.WORKING_DIRECTORY }}
-        run: docker trust signer add --key public.pem ${{ inputs.docker-name }} ghcr.io/asteel-gsa/
-
       - name: Build Container
         working-directory: ${{ env.WORKING_DIRECTORY }}
         run: docker build -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} .
@@ -102,7 +71,12 @@ jobs:
       - name: Tag Image
         run: docker tag ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}:latest
 
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+            registry: ghcr.io
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Push Web Container
-        run: |
-          export DOCKER_CONTENT_TRUST=1
-          docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }} --disable-content-trust=false
+        run: docker push --all-tags ghcr.io/${{ env.GH_REPO }}/${{ env.IMAGE }}
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting/linting.yml
similarity index 97%
rename from .github/workflows/linting.yml
rename to .github/workflows/linting/linting.yml
index 6c98385ed4..ec125d6a9a 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting/linting.yml
@@ -81,4 +81,4 @@ jobs:
         run: npm run check-all
 
   validate-terraform:
-    uses: ./.github/workflows/terraform-lint.yml
+    uses: ./.github/workflows/linting/terraform-lint.yml
diff --git a/.github/workflows/terraform-lint.yml b/.github/workflows/linting/terraform-lint.yml
similarity index 65%
rename from .github/workflows/terraform-lint.yml
rename to .github/workflows/linting/terraform-lint.yml
index bead17dd28..3aa79a8cc5 100644
--- a/.github/workflows/terraform-lint.yml
+++ b/.github/workflows/linting/terraform-lint.yml
@@ -1,22 +1,22 @@
 ---
-name: terraform fmt+validate
+name: Terraform Format and Lint
 on:
   workflow_call:
 
 jobs:
   test:
-    name: test format and validity
+    name: Test format and validity
     runs-on: ubuntu-latest
     steps:
-      - name: checkout
+      - name: Checkout
         uses: actions/checkout@v3
 
-      - name: terraform fmt
+      - name: Terraform Format
         uses: dflook/terraform-fmt-check@v1
         with:
           path: ./terraform
 
-      - name: terraform validate
+      - name: Terraform Validate
         uses: dflook/terraform-validate@v1
         with:
           path: ./terraform
diff --git a/.github/workflows/pull-containers-and-push-to-ghcr.yml b/.github/workflows/security/pull-containers-and-push-to-ghcr.yml
similarity index 100%
rename from .github/workflows/pull-containers-and-push-to-ghcr.yml
rename to .github/workflows/security/pull-containers-and-push-to-ghcr.yml
diff --git a/.github/workflows/trivy.yml b/.github/workflows/security/trivy.yml
similarity index 100%
rename from .github/workflows/trivy.yml
rename to .github/workflows/security/trivy.yml
diff --git a/.github/workflows/zap-scan.yml b/.github/workflows/security/zap-scan.yml
similarity index 100%
rename from .github/workflows/zap-scan.yml
rename to .github/workflows/security/zap-scan.yml
diff --git a/.github/workflows/terraform-apply-env.yml b/.github/workflows/terraform/terraform-apply-env.yml
similarity index 100%
rename from .github/workflows/terraform-apply-env.yml
rename to .github/workflows/terraform/terraform-apply-env.yml
diff --git a/.github/workflows/terraform-commit.yml b/.github/workflows/terraform/terraform-commit.yml
similarity index 100%
rename from .github/workflows/terraform-commit.yml
rename to .github/workflows/terraform/terraform-commit.yml
diff --git a/.github/workflows/terraform-plan-env.yml b/.github/workflows/terraform/terraform-plan-env.yml
similarity index 100%
rename from .github/workflows/terraform-plan-env.yml
rename to .github/workflows/terraform/terraform-plan-env.yml
diff --git a/.github/workflows/test-and-lint.yml b/.github/workflows/test-and-lint.yml
deleted file mode 100644
index e2df89c93c..0000000000
--- a/.github/workflows/test-and-lint.yml
+++ /dev/null
@@ -1,141 +0,0 @@
----
-  name: Run Testing and Linting
-  on:
-    workflow_dispatch:
-    workflow_call:
-
-  jobs:
-    linting:
-      runs-on: ubuntu-latest
-      env:
-        ENV: TESTING
-        SECRET_KEY: secrets.SECRET_KEY
-      steps:
-        - uses: actions/checkout@v3
-        - name: Restore npm cache
-          uses: actions/cache@v3
-          id: cache-npm
-          with:
-            path: ~/.npm
-            key: fac-build-npm-${{ hashFiles('**/package-lock.json') }}
-            restore-keys: |
-              fac-build-npm-
-              fac-build-
-        - name: Set up Python 3.10
-          uses: actions/setup-python@v3
-          with:
-            python-version: '3.10'
-        - name: Restore pip cache
-          uses: actions/cache@v3
-          id: cache-pip
-          with:
-            path: |
-              ~/.cache/pip
-              /opt/hostedtoolcache/Python/
-            key: fac-build-pip-${{ hashFiles('**/requirements.txt') }}-${{ hashFiles('**/dev-requirements.txt') }}
-            restore-keys: |
-              fac-build-pip-${{ hashFiles('**/requirements.txt') }}-
-              fac-build-pip-
-              fac-build-
-        - name: Install linters
-          working-directory: ./backend
-          run: |
-            python -m pip install --upgrade pip
-            pip install -r dev-requirements.txt
-        - name: Lint with flake8
-          working-directory: ./backend
-          run: flake8 . --count --show-source --statistics
-        - name: Check formatting with black
-          working-directory: ./backend
-          run: black --check .
-        - name: Run bandit
-          working-directory: ./backend
-          run: bandit -c pyproject.toml -r .
-        - name: Run type checking
-          working-directory: ./backend
-          run: mypy .
-        - name: Run HTML template linting
-          working-directory: ./backend
-          run: djlint --lint .
-
-    frontend-linting:
-      runs-on: ubuntu-latest
-      steps:
-        - uses: actions/checkout@v3
-        - name: Restore npm cache
-          uses: actions/cache@v3
-          id: cache-npm
-          with:
-            path: ~/.npm
-            key: fac-build-npm-${{ hashFiles('**/package-lock.json') }}
-            restore-keys: |
-              fac-build-npm-
-              fac-build-
-        - uses: actions/setup-node@v3
-          with:
-            node-version: 18
-        - name: Install npm packages
-          working-directory: ./backend
-          run: npm ci
-        - name: Lint JS & SCSS
-          working-directory: ./backend
-          run: npm run check-all
-
-    django-test:
-      runs-on: ubuntu-latest
-      env:
-        ENV: TESTING
-        SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
-        DJANGO_BASE_URL: 'http://localhost:8000'
-        DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
-        SECRET_KEY: ${{ secrets.SECRET_KEY }}
-        ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
-        DISABLE_AUTH: False
-      steps:
-        - uses: actions/checkout@v3
-        - uses: actions/setup-node@v3
-          with:
-            node-version: 16
-        - name: Create .env file
-          working-directory: ./backend
-          run: touch .env
-        - name: Start Services
-          working-directory: ./backend
-          run: docker compose -f docker-compose-test.yml up -d
-        - name: Run Django test suite
-          working-directory: ./backend
-          run: |
-            docker compose -f docker-compose-test.yml run web bash -c 'coverage run --parallel-mode --concurrency=multiprocessing manage.py test --parallel && coverage combine && coverage report -m --fail-under=90'
-
-    a11y-testing:
-      runs-on: ubuntu-20.04
-      env:
-        ENV: TESTING
-        SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
-        DJANGO_BASE_URL: 'http://localhost:8000'
-        DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
-        SECRET_KEY: ${{ secrets.SECRET_KEY }}
-        ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
-        DISABLE_AUTH: True
-      steps:
-        - uses: actions/checkout@v3
-        - uses: actions/setup-node@v3
-          with:
-            node-version: 16
-        - name: Create .env file
-          working-directory: ./backend
-          run: touch .env
-        - name: Start Services
-          working-directory: ./backend
-          run: docker compose -f docker-compose-test.yml up -d
-        - name: run Lighthouse CI
-          run: |
-            npm install -g @lhci/cli@0.8.x
-            lhci autorun
-        - name: run pa11y
-          run: |
-            npm i -g pa11y-ci
-            pa11y-ci
-
-    validate-terraform:
-      uses: ./.github/workflows/terraform-lint.yml
diff --git a/.github/workflows/end-to-end-test.yml b/.github/workflows/testing/end-to-end-test.yml
similarity index 93%
rename from .github/workflows/end-to-end-test.yml
rename to .github/workflows/testing/end-to-end-test.yml
index fe948e6ce5..515ef020d2 100644
--- a/.github/workflows/end-to-end-test.yml
+++ b/.github/workflows/testing/end-to-end-test.yml
@@ -7,9 +7,9 @@ jobs:
     runs-on: ubuntu-latest
     env:
       ENV: TESTING
-      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}"
+      SAM_API_KEY: ${{ secrets.SAM_API_KEY }}
       DJANGO_BASE_URL: 'http://localhost:8000'
-      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}"
+      DJANGO_SECRET_LOGIN_KEY: ${{ secrets.DJANGO_SECRET_LOGIN_KEY }}
       SECRET_KEY: ${{ secrets.SECRET_KEY }}
       ALLOWED_HOSTS: '0.0.0.0 127.0.0.1 localhost'
       DISABLE_AUTH: True
diff --git a/.github/workflows/testing-from-build.yml b/.github/workflows/testing/testing-from-build.yml
similarity index 100%
rename from .github/workflows/testing-from-build.yml
rename to .github/workflows/testing/testing-from-build.yml
diff --git a/.github/workflows/testing-from-ghcr.yml b/.github/workflows/testing/testing-from-ghcr.yml
similarity index 100%
rename from .github/workflows/testing-from-ghcr.yml
rename to .github/workflows/testing/testing-from-ghcr.yml

From c6972a2d05ec53ed97969e46fb8b8358120f1d84 Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Tue, 11 Jul 2023 10:22:52 -0400
Subject: [PATCH 363/378] refactor

---
 .../{bpmn-renders => }/add-bpmn-renders.yml        |  0
 .../{docker => }/build-docker-container.yml        |  0
 .../{deployments => }/create-pull-request.yml      |  0
 .../{deployments => }/deploy-application.yml       |  0
 .../{deployments => }/deploy-development.yml       | 14 +++++++-------
 .../{deployments => }/deploy-production.yml        | 12 ++++++------
 .../workflows/{deployments => }/deploy-staging.yml | 10 +++++-----
 .../workflows/{testing => }/end-to-end-test.yml    |  0
 .github/workflows/{linting => }/linting.yml        |  2 +-
 .../pull-containers-and-push-to-ghcr.yml           |  0
 .../{deployments => }/pull-request-checks.yml      |  2 +-
 .../{deployments => }/staging-scheduled-deploy.yml | 10 +++++-----
 .../{terraform => }/terraform-apply-env.yml        |  5 +----
 .../workflows/{terraform => }/terraform-commit.yml |  0
 .github/workflows/{linting => }/terraform-lint.yml |  0
 .../{terraform => }/terraform-plan-env.yml         |  0
 .../workflows/{testing => }/testing-from-build.yml |  0
 .../workflows/{testing => }/testing-from-ghcr.yml  |  0
 .github/workflows/{security => }/trivy.yml         |  0
 .github/workflows/{security => }/zap-scan.yml      |  0
 20 files changed, 26 insertions(+), 29 deletions(-)
 rename .github/workflows/{bpmn-renders => }/add-bpmn-renders.yml (100%)
 rename .github/workflows/{docker => }/build-docker-container.yml (100%)
 rename .github/workflows/{deployments => }/create-pull-request.yml (100%)
 rename .github/workflows/{deployments => }/deploy-application.yml (100%)
 rename .github/workflows/{deployments => }/deploy-development.yml (73%)
 rename .github/workflows/{deployments => }/deploy-production.yml (71%)
 rename .github/workflows/{deployments => }/deploy-staging.yml (68%)
 rename .github/workflows/{testing => }/end-to-end-test.yml (100%)
 rename .github/workflows/{linting => }/linting.yml (97%)
 rename .github/workflows/{security => }/pull-containers-and-push-to-ghcr.yml (100%)
 rename .github/workflows/{deployments => }/pull-request-checks.yml (97%)
 rename .github/workflows/{deployments => }/staging-scheduled-deploy.yml (73%)
 rename .github/workflows/{terraform => }/terraform-apply-env.yml (98%)
 rename .github/workflows/{terraform => }/terraform-commit.yml (100%)
 rename .github/workflows/{linting => }/terraform-lint.yml (100%)
 rename .github/workflows/{terraform => }/terraform-plan-env.yml (100%)
 rename .github/workflows/{testing => }/testing-from-build.yml (100%)
 rename .github/workflows/{testing => }/testing-from-ghcr.yml (100%)
 rename .github/workflows/{security => }/trivy.yml (100%)
 rename .github/workflows/{security => }/zap-scan.yml (100%)

diff --git a/.github/workflows/bpmn-renders/add-bpmn-renders.yml b/.github/workflows/add-bpmn-renders.yml
similarity index 100%
rename from .github/workflows/bpmn-renders/add-bpmn-renders.yml
rename to .github/workflows/add-bpmn-renders.yml
diff --git a/.github/workflows/docker/build-docker-container.yml b/.github/workflows/build-docker-container.yml
similarity index 100%
rename from .github/workflows/docker/build-docker-container.yml
rename to .github/workflows/build-docker-container.yml
diff --git a/.github/workflows/deployments/create-pull-request.yml b/.github/workflows/create-pull-request.yml
similarity index 100%
rename from .github/workflows/deployments/create-pull-request.yml
rename to .github/workflows/create-pull-request.yml
diff --git a/.github/workflows/deployments/deploy-application.yml b/.github/workflows/deploy-application.yml
similarity index 100%
rename from .github/workflows/deployments/deploy-application.yml
rename to .github/workflows/deploy-application.yml
diff --git a/.github/workflows/deployments/deploy-development.yml b/.github/workflows/deploy-development.yml
similarity index 73%
rename from .github/workflows/deployments/deploy-development.yml
rename to .github/workflows/deploy-development.yml
index 73b7088c88..07447f3408 100644
--- a/.github/workflows/deployments/deploy-development.yml
+++ b/.github/workflows/deploy-development.yml
@@ -5,7 +5,7 @@ on:
 jobs:
   # ensure that every time a push to main occurs, the container is built and published to ghcr
   build-container:
-    uses: ./.github/workflows/docker/build-docker-container.yml
+    uses: ./.github/workflows/build-docker-container.yml
     secrets: inherit
     permissions:
       contents: read
@@ -18,11 +18,11 @@ jobs:
 
   testing:
     needs: [build-container]
-    uses: ./.github/workflows/testing/testing-from-ghcr.yml
+    uses: ./.github/workflows/testing-from-ghcr.yml
     secrets: inherit
 
   linting:
-    uses: ./.github/workflows/linting/linting.yml
+    uses: ./.github/workflows/linting.yml
     secrets: inherit
 
   # deploy to Dev & Management spaces
@@ -30,7 +30,7 @@ jobs:
     name: Deploy infrastructure (dev)
     needs:
       - testing
-    uses: ./.github/workflows/terraform/terraform-apply-env.yml
+    uses: ./.github/workflows/terraform-apply-env.yml
     with:
       environment: "dev"
     secrets: inherit
@@ -39,7 +39,7 @@ jobs:
     name: Deploy infrastructure (dev)
     needs:
       - testing
-    uses: ./.github/workflows/terraform/terraform-apply-env.yml
+    uses: ./.github/workflows/terraform-apply-env.yml
     with:
       environment: "management"
     secrets: inherit
@@ -48,7 +48,7 @@ jobs:
     name: Deploy dev app to cloud.gov
     needs:
       - deploy-infrastructure-dev
-    uses: ./.github/workflows/deployments/deploy-application.yml
+    uses: ./.github/workflows/deploy-application.yml
     with:
       environment: "dev"
     secrets: inherit
@@ -57,7 +57,7 @@ jobs:
     name: Zap scan of the dev site
     needs:
       - deploy-dev
-    uses: ./.github/workflows/security/zap-scan.yml
+    uses: ./.github/workflows/zap-scan.yml
     with:
       url: "https://fac-dev.app.cloud.gov/"
 
diff --git a/.github/workflows/deployments/deploy-production.yml b/.github/workflows/deploy-production.yml
similarity index 71%
rename from .github/workflows/deployments/deploy-production.yml
rename to .github/workflows/deploy-production.yml
index 68f5a6937a..405085fbfe 100644
--- a/.github/workflows/deployments/deploy-production.yml
+++ b/.github/workflows/deploy-production.yml
@@ -6,17 +6,17 @@ on:
 
 jobs:
   testing:
-    uses: ./.github/workflows/testing/testing-from-ghcr.yml
+    uses: ./.github/workflows/testing-from-ghcr.yml
     secrets: inherit
 
   linting:
-    uses: ./.github/workflows/linting/linting.yml
+    uses: ./.github/workflows/linting.yml
     secrets: inherit
 
   # up to date scan of the staging instance
   scan-staging:
     name: Zap scan of the staging site
-    uses: ./.github/workflows/security/zap-scan.yml
+    uses: ./.github/workflows/zap-scan.yml
     with:
       url: "https://fac-staging.app.cloud.gov/"
 
@@ -25,7 +25,7 @@ jobs:
     needs:
       - testing
       - scan-staging
-    uses: ./.github/workflows/terraform/terraform-apply-env.yml
+    uses: ./.github/workflows/terraform-apply-env.yml
     with:
       environment: "production"
     secrets: inherit
@@ -34,7 +34,7 @@ jobs:
     name: Deploy production to cloud.gov
     needs:
       - deploy-infrastructure-production
-    uses: ./.github/workflows/deployments/deploy-apps.yml
+    uses: ./.github/workflows/deploy-application.yml
     with:
       environment: "production"
     secrets: inherit
@@ -43,6 +43,6 @@ jobs:
     name: Zap scan of the production site
     needs:
       - deploy-production
-    uses: ./.github/workflows/security/zap-scan.yml
+    uses: ./.github/workflows/zap-scan.yml
     with:
       url: "https://app.fac.gov/"
diff --git a/.github/workflows/deployments/deploy-staging.yml b/.github/workflows/deploy-staging.yml
similarity index 68%
rename from .github/workflows/deployments/deploy-staging.yml
rename to .github/workflows/deploy-staging.yml
index 53e79fefa0..8fa434b621 100644
--- a/.github/workflows/deployments/deploy-staging.yml
+++ b/.github/workflows/deploy-staging.yml
@@ -6,16 +6,16 @@ on:
 
 jobs:
   testing:
-    uses: ./.github/workflows/testing/testing-from-ghcr.yml
+    uses: ./.github/workflows/testing-from-ghcr.yml
     secrets: inherit
 
   linting:
-    uses: ./.github/workflows/linting/linting.yml
+    uses: ./.github/workflows/linting.yml
     secrets: inherit
 
   scan-dev:
     name: Zap scan of the dev site
-    uses: ./.github/workflows/security/zap-scan.yml
+    uses: ./.github/workflows/zap-scan.yml
     with:
       url: "https://fac-dev.app.cloud.gov/"
 
@@ -24,7 +24,7 @@ jobs:
     needs:
       - testing
       - scan-dev
-    uses: ./.github/workflows/terraform/terraform-apply-env.yml
+    uses: ./.github/workflows/terraform-apply-env.yml
     with:
       environment: "staging"
     secrets: inherit
@@ -33,7 +33,7 @@ jobs:
     name: Deploy staging app to cloud.gov
     needs:
       - deploy-infrastructure-staging
-    uses: ./.github/workflows/deployments/deploy-apps.yml
+    uses: ./.github/workflows/deploy-application.yml
     with:
       environment: "staging"
     secrets: inherit
diff --git a/.github/workflows/testing/end-to-end-test.yml b/.github/workflows/end-to-end-test.yml
similarity index 100%
rename from .github/workflows/testing/end-to-end-test.yml
rename to .github/workflows/end-to-end-test.yml
diff --git a/.github/workflows/linting/linting.yml b/.github/workflows/linting.yml
similarity index 97%
rename from .github/workflows/linting/linting.yml
rename to .github/workflows/linting.yml
index ec125d6a9a..6c98385ed4 100644
--- a/.github/workflows/linting/linting.yml
+++ b/.github/workflows/linting.yml
@@ -81,4 +81,4 @@ jobs:
         run: npm run check-all
 
   validate-terraform:
-    uses: ./.github/workflows/linting/terraform-lint.yml
+    uses: ./.github/workflows/terraform-lint.yml
diff --git a/.github/workflows/security/pull-containers-and-push-to-ghcr.yml b/.github/workflows/pull-containers-and-push-to-ghcr.yml
similarity index 100%
rename from .github/workflows/security/pull-containers-and-push-to-ghcr.yml
rename to .github/workflows/pull-containers-and-push-to-ghcr.yml
diff --git a/.github/workflows/deployments/pull-request-checks.yml b/.github/workflows/pull-request-checks.yml
similarity index 97%
rename from .github/workflows/deployments/pull-request-checks.yml
rename to .github/workflows/pull-request-checks.yml
index bc42d74f9d..434cdf87f3 100644
--- a/.github/workflows/deployments/pull-request-checks.yml
+++ b/.github/workflows/pull-request-checks.yml
@@ -54,7 +54,7 @@ jobs:
 
   # Update BPMN Diagrams
   sync-BPMN:
-    uses: ./.github/workflows/bpmn-renders/add-bpmn-renders.yml
+    uses: ./.github/workflows/add-bpmn-renders.yml
     secrets: inherit
 
   # Generate Terraform Plans
diff --git a/.github/workflows/deployments/staging-scheduled-deploy.yml b/.github/workflows/staging-scheduled-deploy.yml
similarity index 73%
rename from .github/workflows/deployments/staging-scheduled-deploy.yml
rename to .github/workflows/staging-scheduled-deploy.yml
index 37c7281111..38f17db263 100644
--- a/.github/workflows/deployments/staging-scheduled-deploy.yml
+++ b/.github/workflows/staging-scheduled-deploy.yml
@@ -7,7 +7,7 @@ on:
   workflow_dispatch: null
 jobs:
   trivy-scan:
-    uses: ./.github/workflows/security/trivy.yml
+    uses: ./.github/workflows/trivy.yml
     secrets: inherit
     permissions:
       contents: read
@@ -18,7 +18,7 @@ jobs:
   build-container:
     needs:
       - trivy-scan
-    uses: ./.github/workflows/docker/build-docker-container.yml
+    uses: ./.github/workflows/build-docker-container.yml
     secrets: inherit
     permissions:
       contents: read
@@ -33,16 +33,16 @@ jobs:
     name: Run Django, Lighthouse, a11y and lint
     needs:
       - build-container
-    uses: ./.github/workflows/testing/testing-from-ghcr.yml
+    uses: ./.github/workflows/testing-from-ghcr.yml
     secrets: inherit
 
   linting:
-    uses: ./.github/workflows/linting/linting.yml
+    uses: ./.github/workflows/linting.yml
     secrets: inherit
 
   create-pr:
     needs:
       - testing
     name: Create Pull Request to Staging
-    uses: ./.github/workflows/deployments/create-pull-request.yml
+    uses: ./.github/workflows/create-pull-request.yml
     secrets: inherit
diff --git a/.github/workflows/terraform/terraform-apply-env.yml b/.github/workflows/terraform-apply-env.yml
similarity index 98%
rename from .github/workflows/terraform/terraform-apply-env.yml
rename to .github/workflows/terraform-apply-env.yml
index d813492ff2..2f50ed6399 100644
--- a/.github/workflows/terraform/terraform-apply-env.yml
+++ b/.github/workflows/terraform-apply-env.yml
@@ -1,13 +1,11 @@
 ---
 name: Terraform apply (single env)
-
 on:
   workflow_call:
     inputs:
       environment:
         required: true
         type: string
-  
 
 jobs:
   fetch-versions:
@@ -18,12 +16,11 @@ jobs:
     env:
       GH_REPO: ghcr.io/gsa-tts/fac
 
-
     steps:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Fetch all artifacta
+      - name: Fetch all artifacts
         uses: dawidd6/action-download-artifact@v2
         with:
           # name: postgrest
diff --git a/.github/workflows/terraform/terraform-commit.yml b/.github/workflows/terraform-commit.yml
similarity index 100%
rename from .github/workflows/terraform/terraform-commit.yml
rename to .github/workflows/terraform-commit.yml
diff --git a/.github/workflows/linting/terraform-lint.yml b/.github/workflows/terraform-lint.yml
similarity index 100%
rename from .github/workflows/linting/terraform-lint.yml
rename to .github/workflows/terraform-lint.yml
diff --git a/.github/workflows/terraform/terraform-plan-env.yml b/.github/workflows/terraform-plan-env.yml
similarity index 100%
rename from .github/workflows/terraform/terraform-plan-env.yml
rename to .github/workflows/terraform-plan-env.yml
diff --git a/.github/workflows/testing/testing-from-build.yml b/.github/workflows/testing-from-build.yml
similarity index 100%
rename from .github/workflows/testing/testing-from-build.yml
rename to .github/workflows/testing-from-build.yml
diff --git a/.github/workflows/testing/testing-from-ghcr.yml b/.github/workflows/testing-from-ghcr.yml
similarity index 100%
rename from .github/workflows/testing/testing-from-ghcr.yml
rename to .github/workflows/testing-from-ghcr.yml
diff --git a/.github/workflows/security/trivy.yml b/.github/workflows/trivy.yml
similarity index 100%
rename from .github/workflows/security/trivy.yml
rename to .github/workflows/trivy.yml
diff --git a/.github/workflows/security/zap-scan.yml b/.github/workflows/zap-scan.yml
similarity index 100%
rename from .github/workflows/security/zap-scan.yml
rename to .github/workflows/zap-scan.yml

From 6bd28d08a9dd50883acf313251ae71d56de6ffaf Mon Sep 17 00:00:00 2001
From: Alex Steel <alexander.steel@gsa.gov>
Date: Tue, 11 Jul 2023 10:28:56 -0400
Subject: [PATCH 364/378] refactor terraform and remove fetch versions

---
 .github/workflows/terraform-apply-env.yml | 30 ++-------------------
 .github/workflows/terraform-plan-env.yml  | 33 +++--------------------
 2 files changed, 5 insertions(+), 58 deletions(-)

diff --git a/.github/workflows/terraform-apply-env.yml b/.github/workflows/terraform-apply-env.yml
index 2f50ed6399..446bfabdeb 100644
--- a/.github/workflows/terraform-apply-env.yml
+++ b/.github/workflows/terraform-apply-env.yml
@@ -8,35 +8,9 @@ on:
         type: string
 
 jobs:
-  fetch-versions:
-    runs-on: ubuntu-latest
-    outputs:
-      postgrest: ${{ steps.read-version.outputs.TF_VAR_postgrest_image }}
-      clamav: ${{ steps.read-version.outputs.TF_VAR_clamav_image }}
-    env:
-      GH_REPO: ghcr.io/gsa-tts/fac
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Fetch all artifacts
-        uses: dawidd6/action-download-artifact@v2
-        with:
-          # name: postgrest
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          workflow: scan-images.yml
-
-      - name: read image versions
-        id: read-version
-        run: |
-          echo "TF_VAR_postgrest_image=$GH_REPO/postgrest:$(cat postgrest/postgrest.txt)" >> "$GITHUB_OUTPUT"
-          echo "TF_VAR_clamav_image=$GH_REPO/clamav:$(cat clamav/clamav.txt)" >> "$GITHUB_OUTPUT"
-
   apply:
     name: apply ( ${{ inputs.environment }} )
     runs-on: ubuntu-latest
-    needs: fetch-versions
     environment: ${{ inputs.environment }}
     env:
       KEY: "terraform.tfstate.${{ inputs.environment }}"
@@ -47,8 +21,8 @@ jobs:
       TERRAFORM_PRE_RUN: |
           apt-get update
           apt-get install -y zip python
-      TF_VAR_postgrest_image: ${{ needs.fetch-versions.outputs.postgrest }}
-      TF_VAR_clamav_image: ${{ needs.fetch-versions.outputs.clamav }}
+      TF_VAR_postgrest_image: 'ghcr.io/gsa-tts/fac/postgrest:latest'
+      TF_VAR_clamav_image: 'ghcr.io/gsa-tts/fac/clamav:latest'
 
     steps:
       - name: checkout
diff --git a/.github/workflows/terraform-plan-env.yml b/.github/workflows/terraform-plan-env.yml
index 7d70e2891f..79dc1b1b1f 100644
--- a/.github/workflows/terraform-plan-env.yml
+++ b/.github/workflows/terraform-plan-env.yml
@@ -7,39 +7,12 @@ on:
       environment:
         required: true
         type: string
-  
 
-jobs:
-  fetch-versions:
-    runs-on: ubuntu-latest
-    outputs:
-      postgrest: ${{ steps.read-version.outputs.TF_VAR_postgrest_image }}
-      clamav: ${{ steps.read-version.outputs.TF_VAR_clamav_image }}
-    env:
-      GH_REPO: ghcr.io/gsa-tts/fac
-
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Fetch all artifacta
-        uses: dawidd6/action-download-artifact@v2
-        with:
-          # name: postgrest
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          workflow: scan-images.yml
-
-      - name: read image versions
-        id: read-version
-        run: |
-          echo "TF_VAR_postgrest_image=$GH_REPO/postgrest:$(cat postgrest/postgrest.txt)" >> "$GITHUB_OUTPUT"
-          echo "TF_VAR_clamav_image=$GH_REPO/clamav:$(cat clamav/clamav.txt)" >> "$GITHUB_OUTPUT"
 
+jobs:
   plan:
     name: plan ( ${{ inputs.environment }} )
     runs-on: ubuntu-latest
-    needs: fetch-versions
     environment: ${{ inputs.environment }}
     env:
       KEY: "terraform.tfstate.${{ inputs.environment }}"
@@ -50,8 +23,8 @@ jobs:
       TERRAFORM_PRE_RUN: |
           apt-get update
           apt-get install -y zip python
-      TF_VAR_postgrest_image: ${{ needs.fetch-versions.outputs.postgrest }}
-      TF_VAR_clamav_image: ${{ needs.fetch-versions.outputs.clamav }}
+      TF_VAR_postgrest_image: 'ghcr.io/gsa-tts/fac/postgrest:latest'
+      TF_VAR_clamav_image: 'ghcr.io/gsa-tts/fac/clamav:latest'
 
     steps:
       - name: checkout

From 304b1a7d5af3c2813cf33bc63eafd63df5296c0e Mon Sep 17 00:00:00 2001
From: Alex Steel <130377221+asteel-gsa@users.noreply.github.com>
Date: Tue, 25 Jul 2023 08:17:01 -0400
Subject: [PATCH 365/378] test

---
 .github/workflows/trivy.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index db2ca3d7ee..63e256da09 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -55,6 +55,7 @@ jobs:
           sarif_file: 'trivy-results.sarif'
 
   scan-third-party:
+    needs: [trivy]
     permissions:
       contents: read
       security-events: write
@@ -78,7 +79,7 @@ jobs:
           scan-type: 'image'
           hide-progress: false
           format: 'sarif'
-          output: 'scan-results.sarif'
+          output: 'trivy-results.sarif'
           exit-code: '1'
           severity: 'CRITICAL,HIGH'
           ignore-unfixed: true
@@ -86,4 +87,4 @@ jobs:
       - name: Upload Trivy scan results to GitHub Security tab for Third Party Images
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: 'scan-results.sarif'
+          sarif_file: 'trivy-results.sarif'

From d0205b9f9e067b9e688fb082924de970e1c8f400 Mon Sep 17 00:00:00 2001
From: Alex Steel <130377221+asteel-gsa@users.noreply.github.com>
Date: Tue, 25 Jul 2023 08:43:33 -0400
Subject: [PATCH 366/378] update trivy version and add timeout

---
 .github/workflows/trivy.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 63e256da09..28e28ef147 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -38,7 +38,7 @@ jobs:
         run: docker build -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} .
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.11.2
         with:
           image-ref: '${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}'
           scan-type: 'image'
@@ -73,7 +73,7 @@ jobs:
         run: docker pull ${{ matrix.image.name }}
 
       - name: Run Trivy vulnerability scanner on Third Party Images
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.11.2
         with:
           image-ref: '${{ matrix.image.name }}'
           scan-type: 'image'
@@ -82,6 +82,7 @@ jobs:
           output: 'trivy-results.sarif'
           exit-code: '1'
           severity: 'CRITICAL,HIGH'
+          timeout: 10m0s
           ignore-unfixed: true
 
       - name: Upload Trivy scan results to GitHub Security tab for Third Party Images

From 774d04e1a9ab5da84f3d8f486775f60a4d5e1bb1 Mon Sep 17 00:00:00 2001
From: Alex Steel <130377221+asteel-gsa@users.noreply.github.com>
Date: Tue, 25 Jul 2023 08:45:08 -0400
Subject: [PATCH 367/378] fix

---
 .github/workflows/trivy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 28e28ef147..8866173ca4 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -47,6 +47,7 @@ jobs:
           output: 'trivy-results.sarif'
           exit-code: '1'
           severity: 'CRITICAL,HIGH'
+          timeout: 15m0s
           ignore-unfixed: true
 
       - name: Upload Trivy scan results to GitHub Security tab
@@ -55,7 +56,6 @@ jobs:
           sarif_file: 'trivy-results.sarif'
 
   scan-third-party:
-    needs: [trivy]
     permissions:
       contents: read
       security-events: write
@@ -82,7 +82,7 @@ jobs:
           output: 'trivy-results.sarif'
           exit-code: '1'
           severity: 'CRITICAL,HIGH'
-          timeout: 10m0s
+          timeout: 15m0s
           ignore-unfixed: true
 
       - name: Upload Trivy scan results to GitHub Security tab for Third Party Images

From e6cab6a3b3dee71523ad08f85329749258560f05 Mon Sep 17 00:00:00 2001
From: Alex Steel <130377221+asteel-gsa@users.noreply.github.com>
Date: Wed, 16 Aug 2023 08:26:27 -0400
Subject: [PATCH 368/378] disable schedules

---
 .github/workflows/pull-containers-and-push-to-ghcr.yml | 4 ++--
 .github/workflows/staging-scheduled-deploy.yml         | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pull-containers-and-push-to-ghcr.yml b/.github/workflows/pull-containers-and-push-to-ghcr.yml
index a83cda1d4a..71c2ef744a 100644
--- a/.github/workflows/pull-containers-and-push-to-ghcr.yml
+++ b/.github/workflows/pull-containers-and-push-to-ghcr.yml
@@ -2,8 +2,8 @@
 name: Pull Third Party Containers, Scan, and Publish to GHCR
 on:
   workflow_dispatch:
-  schedule:
-    - cron: '0 5 * * 0'
+  # schedule:
+  #   - cron: '0 5 * * 0'
 
 jobs:
   pull-and-scan:
diff --git a/.github/workflows/staging-scheduled-deploy.yml b/.github/workflows/staging-scheduled-deploy.yml
index 41a167c0e3..dd1b84e17a 100644
--- a/.github/workflows/staging-scheduled-deploy.yml
+++ b/.github/workflows/staging-scheduled-deploy.yml
@@ -1,9 +1,9 @@
 ---
 name: Scheduled Deploy From Main to Staging
 on:
-  schedule:
+  # schedule:
     # Invoke every Mon-Sat
-    - cron: '0 10 * * 1-6'
+    # - cron: '0 10 * * 1-6'
   workflow_dispatch: null
 
 jobs:

From 5f5d51c2aa6db449cc5245dc5a02dfecdeac886a Mon Sep 17 00:00:00 2001
From: Alex Steel <130377221+asteel-gsa@users.noreply.github.com>
Date: Thu, 28 Sep 2023 13:40:56 -0400
Subject: [PATCH 369/378] testing actor

---
 .github/workflows/trivy.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 2bd552e4b8..46011141c1 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -15,6 +15,7 @@ permissions:
 
 jobs:
   trivy:
+    if: contains('["asteel-gsa"]', github.actor)
     permissions:
       contents: read
       security-events: write
@@ -57,6 +58,7 @@ jobs:
           sarif_file: 'trivy-results.sarif'
 
   scan-third-party:
+    if: contains('["asteel-gsa"]', github.actor)
     permissions:
       contents: read
       security-events: write

From 9c7fcd99f72b590bafd06803e5a91e3d04323019 Mon Sep 17 00:00:00 2001
From: Alex Steel <130377221+asteel-gsa@users.noreply.github.com>
Date: Thu, 28 Sep 2023 13:42:27 -0400
Subject: [PATCH 370/378] negate actor

---
 .github/workflows/trivy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 46011141c1..b5f03d1785 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -15,7 +15,7 @@ permissions:
 
 jobs:
   trivy:
-    if: contains('["asteel-gsa"]', github.actor)
+    if: contains('["asteel-gsa-1"]', github.actor)
     permissions:
       contents: read
       security-events: write
@@ -58,7 +58,7 @@ jobs:
           sarif_file: 'trivy-results.sarif'
 
   scan-third-party:
-    if: contains('["asteel-gsa"]', github.actor)
+    if: contains('["asteel-gsa-1"]', github.actor)
     permissions:
       contents: read
       security-events: write

From 683c410ec885a64ebb867722ac92e7dca7937f93 Mon Sep 17 00:00:00 2001
From: Alex Steel <130377221+asteel-gsa@users.noreply.github.com>
Date: Thu, 28 Sep 2023 13:45:39 -0400
Subject: [PATCH 371/378] testing actor

---
 .github/workflows/trivy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index b5f03d1785..d8c8d241e3 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -15,7 +15,7 @@ permissions:
 
 jobs:
   trivy:
-    if: contains('["asteel-gsa-1"]', github.actor)
+    if: ${{ github.actor != 'asteel-gsa' }}
     permissions:
       contents: read
       security-events: write
@@ -58,7 +58,7 @@ jobs:
           sarif_file: 'trivy-results.sarif'
 
   scan-third-party:
-    if: contains('["asteel-gsa-1"]', github.actor)
+    if: ${{ github.actor != 'asteel-gsa' }}
     permissions:
       contents: read
       security-events: write

From 532d12fb0472779a95ab7888fb7104d77386aeea Mon Sep 17 00:00:00 2001
From: Alex Steel <130377221+asteel-gsa@users.noreply.github.com>
Date: Thu, 28 Sep 2023 13:48:11 -0400
Subject: [PATCH 372/378] testing actor again

---
 .github/workflows/trivy.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index d8c8d241e3..060a7bb607 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -15,7 +15,8 @@ permissions:
 
 jobs:
   trivy:
-    if: ${{ github.actor != 'asteel-gsa' }}
+    if: contains('["asteel-asdasd"]', github.actor)
+    # if: ${{ github.actor != 'asteel-gsa' }}
     permissions:
       contents: read
       security-events: write
@@ -58,7 +59,8 @@ jobs:
           sarif_file: 'trivy-results.sarif'
 
   scan-third-party:
-    if: ${{ github.actor != 'asteel-gsa' }}
+    if: contains('["asteel-asdasd"]', github.actor)
+    # if: ${{ github.actor != 'asteel-gsa' }}
     permissions:
       contents: read
       security-events: write

From 2ca9b513908c8de703ca768a41b830bd284515b8 Mon Sep 17 00:00:00 2001
From: Alex Steel <130377221+asteel-gsa@users.noreply.github.com>
Date: Mon, 13 Nov 2023 13:17:29 -0500
Subject: [PATCH 373/378] Update daily-regression-tests.yml

---
 .github/workflows/daily-regression-tests.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/daily-regression-tests.yml b/.github/workflows/daily-regression-tests.yml
index 2c7afc88f6..a2283a862a 100644
--- a/.github/workflows/daily-regression-tests.yml
+++ b/.github/workflows/daily-regression-tests.yml
@@ -1,9 +1,9 @@
 ---
 name: Run Daily Regression Tests
 on:
-  schedule:
-    - cron: '0 9 * * 1-5'
-
+#  schedule:
+#    - cron: '0 9 * * 1-5'
+  workflow_dispatch:
 jobs:
   regression-test:
     name: Run Regression Tests

From 27089b184fb36ab27f80b7a21b9e93d6d68a24a9 Mon Sep 17 00:00:00 2001
From: Alex Steel <130377221+asteel-gsa@users.noreply.github.com>
Date: Thu, 14 Mar 2024 13:28:41 -0400
Subject: [PATCH 374/378] test matrix

---
 .github/workflows/materialize-views.yml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 .github/workflows/materialize-views.yml

diff --git a/.github/workflows/materialize-views.yml b/.github/workflows/materialize-views.yml
new file mode 100644
index 0000000000..4a0515017a
--- /dev/null
+++ b/.github/workflows/materialize-views.yml
@@ -0,0 +1,24 @@
+---
+name: Run the Materialize Views Django Function
+on:
+  schedule:
+    # Run every 4 hours
+    # - cron: '0 */4 * * *'
+    - cron: '*/5 * * * *'
+  #workflow_dispatch:
+
+jobs:
+  materialize-views:
+    strategy:
+      matrix:
+        environments: ["dev", "staging", "production"]
+    name: Run Materialize Views
+    runs-on: ubuntu-latest
+    environment: ${{ matrix.environments }}
+    env:
+      space: ${{ matrix.environments }}
+    steps:
+      - name: Run Command
+        shell: bash
+        id: date
+        run: Testing Matrix

From f3dc22b57c3d3e3749bbdcf6d598fa2833c55046 Mon Sep 17 00:00:00 2001
From: Alex Steel <130377221+asteel-gsa@users.noreply.github.com>
Date: Thu, 14 Mar 2024 13:29:51 -0400
Subject: [PATCH 375/378] add dispatch

---
 .github/workflows/materialize-views.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/materialize-views.yml b/.github/workflows/materialize-views.yml
index 4a0515017a..c19e682f3a 100644
--- a/.github/workflows/materialize-views.yml
+++ b/.github/workflows/materialize-views.yml
@@ -5,7 +5,7 @@ on:
     # Run every 4 hours
     # - cron: '0 */4 * * *'
     - cron: '*/5 * * * *'
-  #workflow_dispatch:
+  workflow_dispatch:
 
 jobs:
   materialize-views:

From 40304c4c35d77e4801ba1e183a5fba8eb5a4b79a Mon Sep 17 00:00:00 2001
From: Alex Steel <130377221+asteel-gsa@users.noreply.github.com>
Date: Thu, 14 Mar 2024 13:31:20 -0400
Subject: [PATCH 376/378] echo fix

---
 .github/workflows/materialize-views.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/materialize-views.yml b/.github/workflows/materialize-views.yml
index c19e682f3a..88362e52a5 100644
--- a/.github/workflows/materialize-views.yml
+++ b/.github/workflows/materialize-views.yml
@@ -21,4 +21,4 @@ jobs:
       - name: Run Command
         shell: bash
         id: date
-        run: Testing Matrix
+        run: echo "Testing Matrix"

From a68c4481c2931f53b233c86d34044ea52e8a4607 Mon Sep 17 00:00:00 2001
From: Alex Steel <130377221+asteel-gsa@users.noreply.github.com>
Date: Thu, 14 Mar 2024 13:43:46 -0400
Subject: [PATCH 377/378] Testing

---
 .github/workflows/materialize-views.yml | 28 +++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/materialize-views.yml b/.github/workflows/materialize-views.yml
index 88362e52a5..214770158a 100644
--- a/.github/workflows/materialize-views.yml
+++ b/.github/workflows/materialize-views.yml
@@ -3,12 +3,23 @@ name: Run the Materialize Views Django Function
 on:
   schedule:
     # Run every 4 hours
-    # - cron: '0 */4 * * *'
     - cron: '*/5 * * * *'
+
   workflow_dispatch:
+    inputs:
+      environment:
+        required: true
+        type: choice
+        description: The environment the workflow should run on.
+        options:
+          - dev
+          - staging
+          - preview
+          - production
 
 jobs:
-  materialize-views:
+  scheduled-materialize-views:
+    if: ${{ github.event.schedule == '*/5 * * * *' }}
     strategy:
       matrix:
         environments: ["dev", "staging", "production"]
@@ -22,3 +33,16 @@ jobs:
         shell: bash
         id: date
         run: echo "Testing Matrix"
+
+  dispatch-materialize-views:
+    if: ${{ github.event.inputs.environment != '' }}
+    name: Run Materialize Views
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    env:
+      space: ${{ inputs.environment }}
+    steps:
+      - name: Run Command
+        shell: bash
+        id: date
+        run: echo "Testing Matrix"

From b8cc9392d0797b06efcce1cb15cf25b326577b7a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 11 Jul 2024 19:09:56 +0000
Subject: [PATCH 378/378] Bump aquasecurity/trivy-action from 0.18.0 to 0.24.0

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.18.0 to 0.24.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.18.0...0.24.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/trivy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 3fdcc7d139..57048c0050 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -41,7 +41,7 @@ jobs:
         run: docker build -t ${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }} .
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.18.0
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: '${{ env.DOCKER_NAME }}:${{ steps.date.outputs.date }}'
           scan-type: 'image'
@@ -78,7 +78,7 @@ jobs:
         run: docker pull ${{ matrix.image.name }}
 
       - name: Run Trivy vulnerability scanner on Third Party Images
-        uses: aquasecurity/trivy-action@0.18.0
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: '${{ matrix.image.name }}'
           scan-type: 'image'