Contact us form - Alert PM.

[DrIffathsultana]

Overview

When a user submits the 'Contact us form', a new alert / GitHub action / Github issue should be created to notify the PM for review and approval. The issue should have the label "Contact us" and be in the "New Issue Approval" column.

Action Items

• [ ] Use the information collected from the 'contact us' form to create an issue on Github.
  • [x] Request access for the google form and google app script from one of the team leads
  • [x] Create a copy of the form for testing the google app script without affecting the production copy
  • [x] Create the google app script to create the new issue in a test repo board
  • [x] Create github user to use for creating new issues (generate github token using the user)
  • [x] Secure github token in the google apps script (https://github.com/hackforla/website/issues/1980 already found a way)
  • [ ] Copy the script into the production google form
  • [ ] Document how everything works

Resources/Instructions

Figma page contact us page on CTI site reference issue #2353 from hackforla website project storing secrets for apps scripts - issue #1980 from hackforla website project Google App Script doc GitHub API

[ExperimentsInHonesty]

@DrIffathsultana is this

• [ ] for the current iteration where the contact us form uses a Google form and if you don't check the spreadsheet you don't know that someone has filled out the contact form?
• [x] or is this for the version where the contact us form is NOT a google form and instead writes directly to the django backend?
• [ ] or both versions.

[ExperimentsInHonesty]

If this issue is for the google form/ spreadsheet then please connect with @macho-catt or @jbubar or @Aveline-art to understand how the google form on the wins page on the hackforla.org website ends up delivering an issue like this: https://github.com/hackforla/website/issues/2336 to the repo

[ExperimentsInHonesty]

My prioritization of this issue is dependent on it being for the Google form. If it is not for the google form, another issue will have to be made or edited and that should be prioritized at milestone 5

[fyliu]

Progress: I have a copy of the form with a working script that creates new github issues from the responses. I still need to add the ability to create project cards from issues and also apply the contact us label.

Problem: When the end user goes back to edit the responses after submitting the first time, a new issue is created rather than the old one modified. This is because there's no apparent way to know which response is edited. When a form is edited, only the data fields that were updated will be passed to the script, so the new issue would look incomplete as well.

Solution: disable the ability to edit responses after the form is submitted for the first time. I have confirmed with Matthew Cacho mentioned above to verify that this is also what he does to avoid running into this issue.

Here's what the settings option looks like.

click triangle to expand


[fyliu]

1. Progress - Same as before, but I have a better understanding and some things to discuss.
2. Blockers
   1. I need a format for the contents of the new issue generated. Or this could be a separate issue.
   2. I was thinking about how to secure secrets in google apps script and was referred to this issue by Matthew Cacho from above https://github.com/hackforla/website/issues/1980 This should probably be a separate issue so we can research the current best method, with the solution in the issue as backup if there's no better way.
3. Availability - maybe next Monday
4. ETA - an hour or 2 for the barebones version of just putting the data fields into the issue as plain text and creating a project card with it.

[fyliu]

1. Progress - Got the script working to create issue and put it in the right column, but in my fork for testing
   • Test form
   • Test spreadsheet to collect responses
   • Test project board where issues are created
2. Blockers
   • need review before copying code from test to production form and using main project board
   • Need to hide github token in the script. Right now, I'm using my token. There should be one that's set by admin and hidden. Reference issue from other team https://github.com/hackforla/website/issues/1980
3. Availability - a few hours
4. ETA - moving the script should take less than an hour

[fyliu]

• [x] add labels role: product management and size: 1pt

[fyliu]

Next steps

• [ ] need from admin channel a service account token for creating the new issues (contact us and new orgs)
• [ ] replicate securing token in Google Apps Script from https://github.com/hackforla/website/issues/1980

[fyliu]

1. Progress - I didn't get a chance to work on it since last meeting
2. Blockers -
3. Availability - should be able to spend a few hours before the next meeting
4. ETA - I'm thinking next Thursday or the following Monday

[kevindphan]

Two-factor authentication problem when trying to create the github account, consult with Bonnie. Or create a separate account specifically for this purpose.

[ladissi]

@emecas please provide update

1. Progress
2. Blockers
3. Availability
4. ETA

[fyliu]

I was able to create the github account using the civictechindex@hackforla.org email.

Can a repo admin add this user to the repo? It needs write access in order to create project cards. https://github.com/cti-serv

The user name can be changed if something else is better. I tried these that are already taken cti-bot, cti-service.

[kevindphan]

Have reached out to admin to add the provided user to the repo. Still waiting for a response.

[fyliu]

I started working on this again and I expect to be done by next week.

I made a copy of the form and spreadsheet to my own drive and will go through the steps to securing the api key from there before trying to do the same in the project drive.

After it's working. I will need someone with admin access to the project drive to copy the wrapper code to a private folder that's not viewable by developers. The idea is that the API key shouldn't be viewable by developers or other normal users of the drive. To do that, the wrapper code that has visibility of the key needs to be restricted as well, so that only the wrapper's functionality is exposed.

[fyliu]

1. Progress - Started separating github api functionality from script in preparation for moving it into a wrapper that will have sole access to the github token
2. Blockers - none
3. Availability - 4 hours
4. ETA - next week's meeting

[smsada]

Need to make a way to store the Github Token with restricted permissions on CTI Google Drive. Talk to Bonnie about setting this up.

Edit: Refer to comment below

[fyliu]

1. Progress - Separated secret(github token), wrapper library that has sole access to secret, and script that calls the library. It works in my personal google drive, but needs to be copied/moved to right place in the shared drive.
2. Blockers - Need to find out how the shared drive can have a restricted folder that's admin access only. The secret and maybe wrapper library should be in there while the google form/results sheet with the apps script should live outside and call the library's exposed API without knowledge of the secret.
3. Availability - 4 hours
4. ETA - Could be very soon

[smsada]

New drive made to store Keys & Tokens. I will be adding the necessary people to the drive during Thursday's Stand-up

[fyliu]

Can I work with an admin on this? Or maybe temporarily give the civictechindex user more access. I would need to make sure the secret is not accessible to a developer account like mine but I can still call the library that does have access to the secret. I'm not too sure how to do that exactly, but I know what the end result behavior should be.

[fyliu]

We can try this again.

I created the set of linked documents and scripts at https://drive.google.com/drive/u/1/folders/1_bARUvskj4AyaRtroJ5EoZkF2EO391Yv?ths=true They start with either Secret or Not secret. The Secret files need to be place into the secured drive. There may be permissions that need to be granted.

I added a check function in each script to check the connection to the linked document or script. Those can be run in the script editor to verify. I can show how to do that and I also need to document it.