From f16de7da270af36a7110ecd4a6a104986ebf2431 Mon Sep 17 00:00:00 2001 From: Gcolon021 <34667267+Gcolon021@users.noreply.github.com> Date: Wed, 16 Aug 2023 13:56:18 -0400 Subject: [PATCH] [ALS-4884] Add Google Analytics job (#72) [ALS-4884] Add new Jenkins Job to set Google analytics ID in the `picsureui_settings.json`. Add Google manager to CSP to allow Google Tag script to load when an Analytics ID has been set. --- README.md | 2 ++ .../config/httpd/httpd-vhosts-ssloffload.conf | 2 +- .../config/httpd/httpd-vhosts.conf | 2 +- .../config/httpd/picsureui_settings.json | 3 +- .../Configure Google Analytics/config.xml | 35 +++++++++++++++++++ 5 files changed, 41 insertions(+), 3 deletions(-) create mode 100644 initial-configuration/jenkins/jenkins-docker/jobs/Configure Google Analytics/config.xml diff --git a/README.md b/README.md index 5969362e..167e2f28 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,8 @@ In Jenkins you will see 5 tabs: All, Configuration, Deployment, PIC-SURE Builds, - RELEASE_CONTROL_REPOSITORY: This is the repo that contains the build-spec.json file for your project. This file controls what code is built and deployed. If you just want the default PIC-SURE behavior use this repo : https://github.com/hms-dbmi/baseline-pic-sure-release-control + - ANALYTICS_ID: This is the Google Analytics ID for your project. If you do not have one, you can leave this blank. + Note: Ensure none of these fields contain leading or trailing whitespace, the values must be exact. Once you have entered the information, 7. Click the "Build" button. diff --git a/initial-configuration/config/httpd/httpd-vhosts-ssloffload.conf b/initial-configuration/config/httpd/httpd-vhosts-ssloffload.conf index aef6c89c..5f76eefd 100644 --- a/initial-configuration/config/httpd/httpd-vhosts-ssloffload.conf +++ b/initial-configuration/config/httpd/httpd-vhosts-ssloffload.conf @@ -8,7 +8,7 @@ Listen 0.0.0.0:80 # frame-ancestors 'none' - Stops our application from being loaded in an iframe # default-src - Restricts loading resources to the same origin # script-src - Allows inline scripts but only from the same origin - Header always set Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:;" + Header always set Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com; img-src 'self' data:;" # A fall back for legacy browsers that don't yet support CSP frame-ancestors. Header always set X-Frame-Options "DENY" diff --git a/initial-configuration/config/httpd/httpd-vhosts.conf b/initial-configuration/config/httpd/httpd-vhosts.conf index 2a23a529..f579e358 100644 --- a/initial-configuration/config/httpd/httpd-vhosts.conf +++ b/initial-configuration/config/httpd/httpd-vhosts.conf @@ -62,7 +62,7 @@ ServerTokens Prod # unsafe-inline - Allows inline JavaScript, CSS, and event handlers # style-src - Allows inline styles but only from the same origin # img-src - Allows images from the same origin and data: URIs - Header always set Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:;" + Header always set Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com; img-src 'self' data:;" # A fall back for legacy browsers that don't yet support CSP frame-ancestors. Header always set X-Frame-Options "DENY" diff --git a/initial-configuration/config/httpd/picsureui_settings.json b/initial-configuration/config/httpd/picsureui_settings.json index ec118e49..39a7caaf 100644 --- a/initial-configuration/config/httpd/picsureui_settings.json +++ b/initial-configuration/config/httpd/picsureui_settings.json @@ -20,5 +20,6 @@ ], "customizeAuth0Login": true, "auth0domain":"__AUTH0_DOMAIN__", - "client_id":"__PIC_SURE_CLIENT_ID__" + "client_id":"__PIC_SURE_CLIENT_ID__", + "analytics_id": "__ANALYTICS_ID__" } diff --git a/initial-configuration/jenkins/jenkins-docker/jobs/Configure Google Analytics/config.xml b/initial-configuration/jenkins/jenkins-docker/jobs/Configure Google Analytics/config.xml new file mode 100644 index 00000000..b05c4123 --- /dev/null +++ b/initial-configuration/jenkins/jenkins-docker/jobs/Configure Google Analytics/config.xml @@ -0,0 +1,35 @@ + + + + + false + + + + + ANALYTICS_ID + Google Analytics id. Reset to default to remove. + __ANALYTICS_ID__ + false + + + + + + true + false + false + false + + false + + + export old_analytics_id=`cat /usr/local/docker-config/httpd/picsureui_settings.json | grep analytics_id | cut -d ':' -f 2 | sed 's/\",*//g'` + + sed -i "s/$old_analytics_id/ANALYTICS_ID/g" /usr/local/docker-config/httpd/picsureui_settings.json + + + + + + \ No newline at end of file