From c8383befbf9ee75902b7aaf522ef657a8f0f6f6a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 19:31:56 +0000 Subject: [PATCH 1/2] chore(deps): update github actions all dependencies --- .github/workflows/ci_auth_artifact.yml | 2 +- .github/workflows/release-please-hotfix.yml | 2 +- .github/workflows/release-please.yml | 2 +- .github/workflows/reusable_data_model_gen.yml | 4 ++-- .github/workflows/reusable_terraform_frontend.yml | 2 +- .github/workflows/reusable_terraform_server.yml | 10 +++++----- .github/workflows/sonar.yml | 12 ++++++------ 7 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/ci_auth_artifact.yml b/.github/workflows/ci_auth_artifact.yml index 67584bdd0..54d3b5d0b 100644 --- a/.github/workflows/ci_auth_artifact.yml +++ b/.github/workflows/ci_auth_artifact.yml @@ -28,7 +28,7 @@ jobs: rm -rf auth_function_packaging - name: Auth function upload zip file artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: fam-auth-function-zip path: ./infrastructure/server/fam_auth_function.zip diff --git a/.github/workflows/release-please-hotfix.yml b/.github/workflows/release-please-hotfix.yml index 32a28f009..c41b13bb0 100644 --- a/.github/workflows/release-please-hotfix.yml +++ b/.github/workflows/release-please-hotfix.yml @@ -13,7 +13,7 @@ jobs: release-please: runs-on: ubuntu-latest steps: - - uses: google-github-actions/release-please-action@v3 + - uses: google-github-actions/release-please-action@v4 with: release-type: simple package-name: release-please-action diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index cfd801ea4..7fabfae60 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -13,7 +13,7 @@ jobs: release-please: runs-on: ubuntu-latest steps: - - uses: google-github-actions/release-please-action@v3 + - uses: google-github-actions/release-please-action@v4 with: release-type: simple package-name: release-please-action diff --git a/.github/workflows/reusable_data_model_gen.yml b/.github/workflows/reusable_data_model_gen.yml index a3cf2779b..15cae4ef4 100644 --- a/.github/workflows/reusable_data_model_gen.yml +++ b/.github/workflows/reusable_data_model_gen.yml @@ -10,7 +10,7 @@ jobs: outputs: user: ${{ steps.data.outputs.user }} pass: ${{ steps.data.outputs.pass }} - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 timeout-minutes: 1 steps: - name: Generate random username and password @@ -24,7 +24,7 @@ jobs: schemaspy: name: Generate Documentation - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: [vars] services: postgres: diff --git a/.github/workflows/reusable_terraform_frontend.yml b/.github/workflows/reusable_terraform_frontend.yml index fe035a329..e69fbc105 100644 --- a/.github/workflows/reusable_terraform_frontend.yml +++ b/.github/workflows/reusable_terraform_frontend.yml @@ -49,7 +49,7 @@ jobs: aws-region: ${{ env.AWS_REGION }} - name: Setup Terragrunt - uses: autero1/action-terragrunt@v1.3.2 + uses: autero1/action-terragrunt@v3.0.2 with: terragrunt_version: ${{ env.TG_VERSION }} diff --git a/.github/workflows/reusable_terraform_server.yml b/.github/workflows/reusable_terraform_server.yml index cb5d360e3..7535859ca 100644 --- a/.github/workflows/reusable_terraform_server.yml +++ b/.github/workflows/reusable_terraform_server.yml @@ -65,7 +65,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python 3.12 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: "3.12" @@ -80,7 +80,7 @@ jobs: rm -rf auth_function_packaging - name: Auth function upload zip file artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: fam-auth-function path: ./infrastructure/server/fam_auth_function.zip @@ -103,7 +103,7 @@ jobs: cd .. - name: Upload zip file artifact - FAM API - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: fam-ui-api path: ./infrastructure/server/fam-ui-api.zip @@ -126,7 +126,7 @@ jobs: cd .. - name: Upload zip file artifact - FAM Admin Management API - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: fam-admin-management-api path: ./infrastructure/server/fam-admin-management-api.zip @@ -145,7 +145,7 @@ jobs: aws-region: ${{ env.AWS_REGION }} - name: Setup Terragrunt - uses: autero1/action-terragrunt@v1.3.2 + uses: autero1/action-terragrunt@v3.0.2 with: terragrunt_version: ${{ env.TG_VERSION }} diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index 79f87c30d..4ef827012 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -15,7 +15,7 @@ jobs: # Deep fetch is required for SonarCloud fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: 3.12 @@ -34,7 +34,7 @@ jobs: -v --md=report.md --emoji - name: SonarCloud Scan - uses: SonarSource/sonarcloud-github-action@v2.3.0 + uses: SonarSource/sonarcloud-github-action@v3.1.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_AUTH }} @@ -61,7 +61,7 @@ jobs: # Deep fetch is required for SonarCloud fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: 3.12 @@ -90,7 +90,7 @@ jobs: -v --md=report.md --emoji - name: SonarCloud Scan - uses: SonarSource/sonarcloud-github-action@v2.3.0 + uses: SonarSource/sonarcloud-github-action@v3.1.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BACKEND }} @@ -116,7 +116,7 @@ jobs: # Deep fetch is required for SonarCloud fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: 3.12 @@ -143,7 +143,7 @@ jobs: -v --md=report.md --emoji - name: SonarCloud Scan - uses: SonarSource/sonarcloud-github-action@v2.3.0 + uses: SonarSource/sonarcloud-github-action@v3.1.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_ADMIN }} From c09f87a423862fd372e7f003fae76361edd8db61 Mon Sep 17 00:00:00 2001 From: Ian Liu Date: Thu, 21 Nov 2024 12:23:06 -0800 Subject: [PATCH 2/2] Fix 'terragrunt_version' param rename due to version change. --- .../workflows/reusable_terraform_frontend.yml | 144 +++---- .../workflows/reusable_terraform_server.yml | 400 +++++++++--------- 2 files changed, 272 insertions(+), 272 deletions(-) diff --git a/.github/workflows/reusable_terraform_frontend.yml b/.github/workflows/reusable_terraform_frontend.yml index e69fbc105..7420427bb 100644 --- a/.github/workflows/reusable_terraform_frontend.yml +++ b/.github/workflows/reusable_terraform_frontend.yml @@ -1,87 +1,87 @@ name: Run Terraform (Frontend) on: - workflow_call: - inputs: - environment_name: - required: true - type: string - tf_subcommand: - required: true - type: string - secrets: - licenceplate: - required: true + workflow_call: + inputs: + environment_name: + required: true + type: string + tf_subcommand: + required: true + type: string + secrets: + licenceplate: + required: true env: - TF_VERSION: 1.2.2 - TG_VERSION: 0.37.1 - TG_SRC_PATH: terraform-frontend - TG_SERVER_SRC_PATH: terraform - AWS_REGION: ca-central-1 + TF_VERSION: 1.2.2 + TG_VERSION: 0.37.1 + TG_SRC_PATH: terraform-frontend + TG_SERVER_SRC_PATH: terraform + AWS_REGION: ca-central-1 jobs: - aws-frontend-deployment: - name: Run Terraform to Deploy Frontend - runs-on: ubuntu-latest - environment: ${{ inputs.environment_name }} + aws-frontend-deployment: + name: Run Terraform to Deploy Frontend + runs-on: ubuntu-latest + environment: ${{ inputs.environment_name }} - env: - AWS_OIDC_GHA_ROLE: ${{ vars.FAM_GHA_ROLE }} # AWS-GHA OIDC auth role. + env: + AWS_OIDC_GHA_ROLE: ${{ vars.FAM_GHA_ROLE }} # AWS-GHA OIDC auth role. - steps: - - name: Checkout - uses: actions/checkout@v4 + steps: + - name: Checkout + uses: actions/checkout@v4 - - name: Build Frontend - working-directory: frontend - run: | - npm run install-frontend - npm run build - mkdir ../infrastructure/frontend/dist - rsync -r dist/* ../infrastructure/frontend/dist + - name: Build Frontend + working-directory: frontend + run: | + npm run install-frontend + npm run build + mkdir ../infrastructure/frontend/dist + rsync -r dist/* ../infrastructure/frontend/dist - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ env.AWS_OIDC_GHA_ROLE }} - role-session-name: frontend-${{ inputs.environment_name }}-deployment - aws-region: ${{ env.AWS_REGION }} + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.AWS_OIDC_GHA_ROLE }} + role-session-name: frontend-${{ inputs.environment_name }}-deployment + aws-region: ${{ env.AWS_REGION }} - - name: Setup Terragrunt - uses: autero1/action-terragrunt@v3.0.2 - with: - terragrunt_version: ${{ env.TG_VERSION }} + - name: Setup Terragrunt + uses: autero1/action-terragrunt@v3.0.2 + with: + terragrunt-version: ${{ env.TG_VERSION }} - - id: terragrunt-server-output - name: Terragrunt Server Output - working-directory: ${{ env.TG_SERVER_SRC_PATH }}/${{ inputs.environment_name }} - env: - licenceplate: ${{ secrets.licenceplate }} - target_env: ${{ inputs.environment_name }} - run: | - # Run terraform - cat > github.auto.tfvars < ../../infrastructure/frontend/dist/env.json + - id: terragrunt-server-output + name: Terragrunt Server Output + working-directory: ${{ env.TG_SERVER_SRC_PATH }}/${{ inputs.environment_name }} + env: + licenceplate: ${{ secrets.licenceplate }} + target_env: ${{ inputs.environment_name }} + run: | + # Run terraform + cat > github.auto.tfvars < ../../infrastructure/frontend/dist/env.json - - id: terragrunt-server-output-test - working-directory: infrastructure/frontend/dist - name: Terragrunt Server Output Verify - run: | - echo "printing out contents of env.json" - echo "====================================" - cat env.json - echo "====================================" + - id: terragrunt-server-output-test + working-directory: infrastructure/frontend/dist + name: Terragrunt Server Output Verify + run: | + echo "printing out contents of env.json" + echo "====================================" + cat env.json + echo "====================================" - - name: Terragrunt ${{ inputs.tf_subcommand }} - working-directory: ${{ env.TG_SRC_PATH }}/${{ inputs.environment_name }} - env: - licenceplate: ${{ secrets.licenceplate }} - target_env: ${{ inputs.environment_name }} - run: | - terragrunt run-all ${{ inputs.tf_subcommand }} --terragrunt-non-interactive + - name: Terragrunt ${{ inputs.tf_subcommand }} + working-directory: ${{ env.TG_SRC_PATH }}/${{ inputs.environment_name }} + env: + licenceplate: ${{ secrets.licenceplate }} + target_env: ${{ inputs.environment_name }} + run: | + terragrunt run-all ${{ inputs.tf_subcommand }} --terragrunt-non-interactive diff --git a/.github/workflows/reusable_terraform_server.yml b/.github/workflows/reusable_terraform_server.yml index 7535859ca..8d21f3aac 100644 --- a/.github/workflows/reusable_terraform_server.yml +++ b/.github/workflows/reusable_terraform_server.yml @@ -1,208 +1,208 @@ name: Run Terraform (Backend) on: - workflow_call: - inputs: - environment_name: - required: true - type: string - tf_subcommand: - required: true - type: string - execute_flyway: - required: false - type: string - default: "false" - secrets: - licenceplate: - required: true - dev_oidc_idir_idp_client_secret: - required: true - test_oidc_idir_idp_client_secret: - required: true - prod_oidc_idir_idp_client_secret: - required: true - dev_oidc_bceid_business_idp_client_secret: - required: true - test_oidc_bceid_business_idp_client_secret: - required: true - prod_oidc_bceid_business_idp_client_secret: - required: true - forest_client_api_api_key_test: - required: true - forest_client_api_api_key_prod: - required: false - dev_oidc_bcsc_idp_client_secret: - required: true - test_oidc_bcsc_idp_client_secret: - required: true - prod_oidc_bcsc_idp_client_secret: - required: true - idim_proxy_api_api_key: - required: true - gc_notify_email_api_key: - required: true - fam_update_user_info_api_key: - required: true + workflow_call: + inputs: + environment_name: + required: true + type: string + tf_subcommand: + required: true + type: string + execute_flyway: + required: false + type: string + default: "false" + secrets: + licenceplate: + required: true + dev_oidc_idir_idp_client_secret: + required: true + test_oidc_idir_idp_client_secret: + required: true + prod_oidc_idir_idp_client_secret: + required: true + dev_oidc_bceid_business_idp_client_secret: + required: true + test_oidc_bceid_business_idp_client_secret: + required: true + prod_oidc_bceid_business_idp_client_secret: + required: true + forest_client_api_api_key_test: + required: true + forest_client_api_api_key_prod: + required: false + dev_oidc_bcsc_idp_client_secret: + required: true + test_oidc_bcsc_idp_client_secret: + required: true + prod_oidc_bcsc_idp_client_secret: + required: true + idim_proxy_api_api_key: + required: true + gc_notify_email_api_key: + required: true + fam_update_user_info_api_key: + required: true env: - TF_VERSION: 1.2.2 - TG_VERSION: 0.37.1 - TG_SRC_PATH: terraform - AWS_REGION: ca-central-1 + TF_VERSION: 1.2.2 + TG_VERSION: 0.37.1 + TG_SRC_PATH: terraform + AWS_REGION: ca-central-1 jobs: - aws-server-deployment: - name: Run Terraform to Deploy Server - runs-on: ubuntu-latest - environment: ${{ inputs.environment_name }} - - env: - AWS_OIDC_GHA_ROLE: ${{ vars.FAM_GHA_ROLE }} # AWS-GHA OIDC auth role. - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Python 3.12 - uses: actions/setup-python@v5 - with: - python-version: "3.12" - - - name: Auth function zip - run: | - mkdir auth_function_packaging - rsync -r server/auth_function/* auth_function_packaging -F --exclude=requirements.txt --exclude=test - pip install -t auth_function_packaging -r server/auth_function/requirements.txt - cd auth_function_packaging - zip -r9 ../infrastructure/server/fam_auth_function.zip . - cd .. - rm -rf auth_function_packaging - - - name: Auth function upload zip file artifact - uses: actions/upload-artifact@v4 - with: - name: fam-auth-function - path: ./infrastructure/server/fam_auth_function.zip - if-no-files-found: error - - - name: Install and Package Dependencies - FAM API - run: | - cd server/backend - mkdir packaging - cd packaging - pip install -t . -r ../requirements.txt --platform manylinux2014_x86_64 --only-binary=:all: - zip -r9 ../../fam-ui-api.zip . - cd .. - rm -rf packaging - cd ../../ - cd server/backend - zip -u ../fam-ui-api.zip -r api/ -x database/**\* tests/**\* venv/**\* .env - cd .. - mv fam-ui-api.zip ../infrastructure/server - cd .. - - - name: Upload zip file artifact - FAM API - uses: actions/upload-artifact@v4 - with: - name: fam-ui-api - path: ./infrastructure/server/fam-ui-api.zip - if-no-files-found: error - - - name: Install and Package Dependencies - FAM Admin Management API - run: | - cd server/admin_management - mkdir packaging - cd packaging - pip install -t . -r ../requirements.txt --platform manylinux2014_x86_64 --only-binary=:all: - zip -r9 ../../fam-admin-management-api.zip . - cd .. - rm -rf packaging - cd ../../ - cd server/admin_management - zip -u ../fam-admin-management-api.zip -r api/ -x database/**\* tests/**\* venv/**\* .env - cd .. - mv fam-admin-management-api.zip ../infrastructure/server - cd .. - - - name: Upload zip file artifact - FAM Admin Management API - uses: actions/upload-artifact@v4 - with: - name: fam-admin-management-api - path: ./infrastructure/server/fam-admin-management-api.zip - if-no-files-found: error - - - name: Stage Flyway SQL files - run: | - mkdir infrastructure/server/sql - rsync -r server/flyway/sql/* infrastructure/server/sql - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ env.AWS_OIDC_GHA_ROLE }} - role-session-name: server-${{ inputs.environment_name }}-deployment - aws-region: ${{ env.AWS_REGION }} - - - name: Setup Terragrunt - uses: autero1/action-terragrunt@v3.0.2 - with: - terragrunt_version: ${{ env.TG_VERSION }} - - - name: Create Terraform vars - # working-directory: infrastructure/server - working-directory: ${{ env.TG_SRC_PATH }}/${{ inputs.environment_name }} - run: | - # calculate the db_cluster_snapshot_identifier, attempting to ensure it - # is less than 63 characters and has no non alphanumeric characters - refname=${{ github.ref_name }} - commit=${{ github.sha }} - db_cluster_snapshot_identifier="pre-flyway-${refname:0:12}-${commit:0:7}" - db_cluster_snapshot_identifier=$(echo $db_cluster_snapshot_identifier | tr -d '\n' | tr -cs '[-][:alnum:]' '-' ) - echo $db_cluster_snapshot_identifier - - # Pass variables from github actions to terraform - cat > github.auto.tfvars < github.auto.tfvars <