update csp using variables and testing

2025-12-10 07:03:12 -05:00 · 2025-05-22 12:03:18 -07:00
parent 444800fbda
commit 790fe2d6f9
12 changed files with 50 additions and 20 deletions
--- a/.github/workflows/deploy-demo.yml
+++ b/.github/workflows/deploy-demo.yml
@@ -64,6 +64,7 @@ jobs:
          LOGIN_DOT_GOV_INITIAL_SIGNIN_URL: "https://secure.login.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&nonce=NONCE&prompt=select_account&redirect_uri=https://notify-demo.app.cloud.gov/sign-in&response_type=code&scope=openid+email&state=STATE"
          LOGIN_DOT_GOV_CERTS_URL: "https://secure.login.gov/api/openid_connect/certs"
          API_PUBLIC_URL: ${{ secrets.API_PUBLIC_URL }}
+          API_PUBLIC_WS_URL: ${{ secrets.API_PUBLIC_WS_URL }}
        with:
          cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
          cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
@@ -89,6 +90,7 @@ jobs:
            --var LOGIN_DOT_GOV_CERTS_URL="$LOGIN_DOT_GOV_CERTS_URL"
            --var LOGIN_PEM="$LOGIN_PEM"
            --var API_PUBLIC_URL="$API_PUBLIC_URL"
+            --var API_PUBLIC_WS_URL="$API_PUBLIC_WS_URL"
            --strategy rolling

      - name: Deploy egress proxy
--- a/.github/workflows/deploy-prod.yml
+++ b/.github/workflows/deploy-prod.yml
@@ -64,6 +64,7 @@ jobs:
          LOGIN_DOT_GOV_INITIAL_SIGNIN_URL: "https://secure.login.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&nonce=NONCE&prompt=select_account&redirect_uri=https://beta.notify.gov/sign-in&response_type=code&scope=openid+email&state=STATE"
          LOGIN_DOT_GOV_CERTS_URL: "https://secure.login.gov/api/openid_connect/certs"
          API_PUBLIC_URL: ${{ secrets.API_PUBLIC_URL }}
+          API_PUBLIC_WS_URL: ${{ secrets.API_PUBLIC_WS_URL }}
        with:
          cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
          cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
@@ -89,6 +90,7 @@ jobs:
            --var LOGIN_DOT_GOV_CERTS_URL="$LOGIN_DOT_GOV_CERTS_URL"
            --var LOGIN_PEM="$LOGIN_PEM"
            --var API_PUBLIC_URL="$API_PUBLIC_URL"
+            --var API_PUBLIC_WS_URL="$API_PUBLIC_WS_URL"
            --strategy rolling

      - name: Deploy egress proxy
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -70,6 +70,7 @@ jobs:
        LOGIN_DOT_GOV_INITIAL_SIGNIN_URL: "https://secure.login.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&nonce=NONCE&prompt=select_account&redirect_uri=https://notify-staging.app.cloud.gov/sign-in&response_type=code&scope=openid+email&state=STATE"
        LOGIN_DOT_GOV_CERTS_URL: "https://secure.login.gov/api/openid_connect/certs"
        API_PUBLIC_URL: ${{ secrets.API_PUBLIC_URL }}
+        API_PUBLIC_WS_URL: ${{ secrets.API_PUBLIC_WS_URL }}
      with:
        cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
        cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
@@ -95,6 +96,7 @@ jobs:
          --var LOGIN_DOT_GOV_CERTS_URL="$LOGIN_DOT_GOV_CERTS_URL"
          --var LOGIN_PEM="$LOGIN_PEM"
          --var API_PUBLIC_URL="$API_PUBLIC_URL"
+          --var API_PUBLIC_WS_URL="$API_PUBLIC_WS_URL"
          --strategy rolling