From 879789a3b4402401a8ab95bf2f5e3d0908a64ace Mon Sep 17 00:00:00 2001 From: C MARSTON Date: Fri, 2 Aug 2024 11:13:25 +0100 Subject: [PATCH 1/9] feat(terraform): vol5237 create int environment --- infra/terraform/environments/int/backend.tf | 9 + infra/terraform/environments/int/main.tf | 461 ++++++++++++++++++ infra/terraform/environments/int/variables.tf | 28 ++ 3 files changed, 498 insertions(+) create mode 100644 infra/terraform/environments/int/backend.tf create mode 100644 infra/terraform/environments/int/variables.tf diff --git a/infra/terraform/environments/int/backend.tf b/infra/terraform/environments/int/backend.tf new file mode 100644 index 0000000000..f680dd745e --- /dev/null +++ b/infra/terraform/environments/int/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "vol-app-054614622558-terraform-state" + dynamodb_table = "vol-app-054614622558-int-terraform-state-lock" + encrypt = true + key = "int.tfstate" + region = "eu-west-1" + } +} diff --git a/infra/terraform/environments/int/main.tf b/infra/terraform/environments/int/main.tf index e69de29bb2..8c843dc98b 100644 --- a/infra/terraform/environments/int/main.tf +++ b/infra/terraform/environments/int/main.tf @@ -0,0 +1,461 @@ +locals { + service_names = ["api", "selfserve", "internal", "cli"] + + legacy_service_names = ["API", "IUWEB", "SSWEB"] + + task_iam_role_statements = [ + { + effect = "Allow" + actions = [ + "secretsmanager:GetSecretValue" + ] + resources = [ + data.aws_secretsmanager_secret.this["api"].arn + ] + }, + { + effect = "Allow" + actions = [ + "ssm:GetParametersByPath" + ] + resources = [ + "arn:aws:ssm:eu-west-1:054614622558:parameter/applicationparams/qa/*" + ] + }, + { + effect = "Allow" + actions = [ + "sts:AssumeRole" + ] + resources = [ + "arn:aws:iam::000081644369:role/txc-int-consumer-role" + ] + }, + { + effect = "Allow" + actions = [ + "cognito-idp:AdminUpdateUserAttributes", + "cognito-idp:AdminSetUserPassword", + "cognito-idp:AdminRespondToAuthChallenge", + "cognito-idp:AdminResetUserPassword", + "cognito-idp:AdminInitiateAuth", + "cognito-idp:AdminGetUser", + "cognito-idp:AdminEnableUser", + "cognito-idp:AdminDisableUser", + "cognito-idp:AdminDeleteUser", + "cognito-idp:AdminCreateUser", + ] + resources = data.aws_cognito_user_pools.this.arns + }, + { + effect = "Allow" + actions = [ + "sqs:SendMessageBatch", + "sqs:SendMessage", + "sqs:ReceiveMessage", + "sqs:PurgeQueue", + "sqs:ListDeadLetterSourceQueues", + "sqs:GetQueueAttributes", + "sqs:DeleteMessageBatch", + "sqs:DeleteMessage" + ] + resources = [ + "arn:aws:sqs:eu-west-1:054614622558:DEVAPPQA-OLCS-PRI-CHGET-INSOLVENCY-DLQ", + "arn:aws:sqs:eu-west-1:054614622558:DEVAPPQA-OLCS-PRI-CHGET-INSOLVENCY", + "arn:aws:sqs:eu-west-1:054614622558:DEVAPPQA-OLCS-PRI-CHGET-DLQ", + "arn:aws:sqs:eu-west-1:054614622558:DEVAPPQA-OLCS-PRI-CHGET" + ] + } + ] +} + +data "aws_ecr_repository" "this" { + for_each = toset(local.service_names) + + name = "vol-app/${each.key}" +} + +data "aws_security_group" "this" { + for_each = toset(local.legacy_service_names) + + name = "DEV/APP/QA-OLCS-PRI-${each.key}-SG" +} + +data "aws_subnets" "this" { + for_each = toset(setunion(local.legacy_service_names, ["BATCH"])) + + filter { + name = "tag:Name" + values = [ + "DEV/APP/QA-OLCS-PRI-${each.key}-1A", + "DEV/APP/QA-OLCS-PRI-${each.key}-1B", + "DEV/APP/QA-OLCS-PRI-${each.key}-1C" + ] + } +} + +data "aws_secretsmanager_secret" "this" { + for_each = toset(setsubtract(local.service_names, ["cli"])) + + name = "DEVAPPQA-BASE-SM-APPLICATION-${upper(each.key)}" +} + +data "aws_cognito_user_pools" "this" { + name = "DVSA-DEVAPPQA-COGNITO-USERS" +} + +data "aws_lb" "this" { + for_each = toset(local.legacy_service_names) + + name = "DEVAPPQA-OLCS-PRI-${(each.key == "API" ? "SVCS" : each.key)}-ALB" +} + +data "aws_lb_listener" "this" { + for_each = toset(local.legacy_service_names) + + load_balancer_arn = data.aws_lb.this[each.key].arn + port = each.key == "API" ? 80 : 443 +} + +data "aws_vpc" "this" { + filter { + name = "tag:Name" + values = [ + "DEV/APP-VPC" + ] + } +} + +module "service" { + source = "../../modules/service" + + environment = "qa" + + domain_name = "qa.olcs.dev-dvsacloud.uk" + assets_version = var.assets_version + + vpc_id = data.aws_vpc.this.id + + services = { + "api" = { + cpu = 1024 + memory = 4096 + + version = var.api_image_tag + repository = data.aws_ecr_repository.this["api"].repository_url + + task_iam_role_statements = local.task_iam_role_statements + + subnet_ids = data.aws_subnets.this["API"].ids + + security_group_ids = [ + data.aws_security_group.this["API"].id + ] + + lb_listener_arn = data.aws_lb_listener.this["API"].arn + listener_rule_host_header = "api.*" + } + + "internal" = { + cpu = 1024 + memory = 4096 + + version = var.internal_image_tag + repository = data.aws_ecr_repository.this["internal"].repository_url + + add_cdn_url_to_env = true + + task_iam_role_statements = [ + { + effect = "Allow" + actions = [ + "secretsmanager:GetSecretValue" + ] + resources = [ + data.aws_secretsmanager_secret.this["internal"].arn + ] + }, + { + effect = "Allow" + actions = [ + "ssm:GetParametersByPath" + ] + resources = [ + "arn:aws:ssm:eu-west-1:054614622558:parameter/applicationparams/dev/*" + ] + }, + ] + + subnet_ids = data.aws_subnets.this["IUWEB"].ids + + security_group_ids = [ + data.aws_security_group.this["IUWEB"].id + ] + + lb_listener_arn = data.aws_lb_listener.this["IUWEB"].arn + listener_rule_host_header = "iuweb.*" + } + + "selfserve" = { + cpu = 1024 + memory = 4096 + + version = var.selfserve_image_tag + repository = data.aws_ecr_repository.this["selfserve"].repository_url + + add_cdn_url_to_env = true + + task_iam_role_statements = [ + { + effect = "Allow" + actions = [ + "secretsmanager:GetSecretValue" + ] + resources = [ + data.aws_secretsmanager_secret.this["selfserve"].arn + ] + }, + { + effect = "Allow" + actions = [ + "ssm:GetParametersByPath" + ] + resources = [ + "arn:aws:ssm:eu-west-1:054614622558:parameter/applicationparams/dev/*" + ] + }, + ] + + subnet_ids = data.aws_subnets.this["SSWEB"].ids + + security_group_ids = [ + data.aws_security_group.this["SSWEB"].id + ] + + lb_listener_arn = data.aws_lb_listener.this["SSWEB"].arn + listener_rule_host_header = "ssweb.*" + } + } + + batch = { + version = var.cli_image_tag + repository = data.aws_ecr_repository.this["cli"].repository_url + + task_iam_role_statements = local.task_iam_role_statements + + subnet_ids = data.aws_subnets.this["BATCH"].ids + + jobs = [ + { + name = "ch-vs-olcs-diffs", + commands = ["batch:ch-vs-olcs-diffs"], + }, + { + name = "clean-up-variations", + commands = ["batch:clean-up-variations"], + timeout = 43200, + }, + { + name = "cns", + commands = ["batch:cns"], + timeout = 43200, + }, + { + name = "create-psv-licence-surrender-task", + commands = ["batch:create-psv-licence-surrender-task"], + timeout = 43200, + }, + { + name = "psv-operator-list-export", + commands = ["batch:data-gov-uk-export", "-v", "--report-name=psv-operator-list", "--path=/tmp/"], + timeout = 43200, + }, + { + name = "international-goods-export", + commands = ["batch:data-gov-uk-export", "-v", "--report-name=international-goods", "--path=/tmp/"], + timeout = 43200, + }, + { + name = "data-retention-populate", + commands = ["batch:data-retention", "--populate"], + }, + { + name = "data-retention-precheck", + commands = ["batch:data-retention", "--precheck"], + }, + { + name = "data-retention-delete", + commands = ["batch:data-retention", "--delete"], + }, + { + name = "data-retention-postcheck", + commands = ["batch:data-retention", "--postcheck"], + }, + { + name = "database-maintenance", + commands = ["batch:database-maintenance"], + }, + { + name = "digital-continuation-reminders", + commands = ["batch:digital-continuation-reminders"], + timeout = 43200, + }, + { + name = "duplicate-vehicle-warning", + commands = ["batch:duplicate-vehicle-warning"], + timeout = 43200, + }, + { + name = "enqueue-ch-compare", + commands = ["batch:enqueue-ch-compare"], + timeout = 1800, + }, + { + name = "expire-bus-registration", + commands = ["batch:expire-bus-registration"], + timeout = 43200, + }, + { + name = "flag-urgent-tasks", + commands = ["batch:flag-urgent-tasks"], + timeout = 1800, + }, + { + name = "import-users-from-csv", + commands = ["batch:import-users-from-csv"], + }, + { + name = "inspection-request-email", + commands = ["batch:inspection-request-email"], + timeout = 1800, + }, + { + name = "interim-end-date-enforcement", + commands = ["batch:interim-end-date-enforcement"], + timeout = 43200, + }, + { + name = "last-tm-letter", + commands = ["batch:last-tm-letter"], + timeout = 43200, + }, + { + name = "licence-status-rules", + commands = ["batch:licence-status-rules"], + timeout = 1800, + }, + { + name = "process-cl", + commands = ["batch:process-cl"], + }, + { + name = "process-inbox", + commands = ["batch:process-inbox"], + timeout = 43200, + }, + { + name = "process-ntu", + commands = ["batch:process-ntu"], + timeout = 43200, + }, + { + name = "remove-read-audit", + commands = ["batch:remove-read-audit"], + timeout = 43200, + }, + { + name = "resolve-payments", + commands = ["batch:resolve-payments"], + timeout = 150, + }, + { + name = "system-parameter", + commands = ["batch:system-parameter"], + }, + { + name = "cancel-unsubmitted-bilateral", + commands = ["permits:cancel-unsubmitted-bilateral"], + }, + { + name = "close-expired-windows", + commands = ["permits:close-expired-windows"], + timeout = 43200, + }, + { + name = "mark-expired-permits", + commands = ["permits:mark-expired-permits"], + timeout = 43200, + }, + { + name = "process-queue-general", + commands = ["queue:process-queue", "--exclude", "que_typ_ch_compare,que_typ_create_gds_vehicle_list,que_typ_create_psv_vehicle_list,que_typ_disc_printing,que_typ_print,que_typ_disc_printing_print,que_typ_create_com_lic,que_typ_remove_deleted_docs,que_typ_permit_generate,que_typ_permit_print,que_typ_run_ecmt_scoring,que_typ_accept_ecmt_scoring,que_typ_irhp_permits_allocate"], + timeout = 90, + }, + { + name = "process-queue-community-licences", + commands = ["queue:process-queue", "--type", "que_typ_create_com_lic"], + timeout = 90, + }, + { + name = "process-queue-disc-generation", + commands = ["queue:process-queue", "--type", "que_typ_create_gds_vehicle_list,que_typ_create_psv_vehicle_list,que_typ_disc_printing"], + timeout = 90, + }, + { + name = "process-queue-disc-print", + commands = ["queue:process-queue", "--type", "que_typ_disc_printing_print", "--queue-duration", "840"], + timeout = 850, + }, + { + name = "process-queue-ecmt-accept", + commands = ["queue:process-queue", "--type", "que_typ_accept_ecmt_scoring"], + timeout = 90, + }, + { + name = "process-queue-irhp-allocate", + commands = ["queue:process-queue", "--type", "que_typ_run_ecmt_scoring"], + timeout = 90, + }, + { + name = "process-queue-permit-generation", + commands = ["queue:process-queue", "--type", "que_typ_permit_generate"], + timeout = 90, + }, + { + name = "process-queue-permit-print", + commands = ["queue:process-queue", "--type", "que_typ_permit_print", "--queue-duration", "840"], + timeout = 850, + }, + { + name = "process-queue-print", + commands = ["queue:process-queue", "--type", "que_typ_print"], + timeout = 90, + }, + { + name = "process-company-profile", + commands = ["queue:process-company-profile"], + timeout = 150, + }, + { + name = "company-profile-dlq", + commands = ["queue:company-profile-dlq"], + timeout = 900, + }, + { + name = "process-insolvency", + commands = ["queue:process-insolvency"], + timeout = 900, + }, + { + name = "process-insolvency-dlq", + commands = ["queue:process-insolvency-dlq"], + timeout = 900, + }, + { + name = "transxchange-consumer", + commands = ["queue:transxchange-consumer"], + timeout = 90, + }, + ] + } +} diff --git a/infra/terraform/environments/int/variables.tf b/infra/terraform/environments/int/variables.tf new file mode 100644 index 0000000000..bcce78d32e --- /dev/null +++ b/infra/terraform/environments/int/variables.tf @@ -0,0 +1,28 @@ +variable "assets_version" { + type = string + description = "The version of the assets" +} + +variable "api_image_tag" { + type = string + description = "The tag of the API image to deploy" + default = "latest" +} + +variable "selfserve_image_tag" { + type = string + description = "The tag of the selfserve image to deploy" + default = "latest" +} + +variable "internal_image_tag" { + type = string + description = "The tag of the internal image to deploy" + default = "latest" +} + +variable "cli_image_tag" { + type = string + description = "The tag of the cli image to deploy" + default = "latest" +} From 2ccddcb7a932b35dea21fb0db6bb1f44eebdf2bd Mon Sep 17 00:00:00 2001 From: C MARSTON Date: Fri, 2 Aug 2024 12:02:56 +0100 Subject: [PATCH 2/9] feat(terraform): vol5237 create int environment --- infra/terraform/environments/int/.terraform.lock.hcl | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 infra/terraform/environments/int/.terraform.lock.hcl diff --git a/infra/terraform/environments/int/.terraform.lock.hcl b/infra/terraform/environments/int/.terraform.lock.hcl new file mode 100644 index 0000000000..e69de29bb2 From d67c2810533cbffd7cc2e2bff925867cf2f9fa37 Mon Sep 17 00:00:00 2001 From: JoshuaLicense Date: Fri, 2 Aug 2024 14:33:32 +0100 Subject: [PATCH 3/9] fix(terraform): add Batch queue tags to clean plan (#209) --- infra/terraform/modules/service/batch.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/infra/terraform/modules/service/batch.tf b/infra/terraform/modules/service/batch.tf index b02f8d1dde..99f761363a 100644 --- a/infra/terraform/modules/service/batch.tf +++ b/infra/terraform/modules/service/batch.tf @@ -104,6 +104,12 @@ module "batch" { name = "vol-app-${var.environment}-default" state = "ENABLED" priority = 1 + + # This doesn't offer much value as a tag, but it's here to avoid: https://github.com/hashicorp/terraform-provider-aws/pull/38636. + # If the PR is merged, we can remove this. + tags = { + JobQueue = "vol-app-${var.environment}-default" + } } } From 891d45b0b0bef7c04d42422efb8198f0bbb050e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 09:06:51 +0100 Subject: [PATCH 4/9] chore: bump the root-dependencies group with 2 updates (#211) Bumps the root-dependencies group with 2 updates: [husky](https://github.com/typicode/husky) and [lint-staged](https://github.com/lint-staged/lint-staged). Updates `husky` from 9.1.3 to 9.1.4 - [Release notes](https://github.com/typicode/husky/releases) - [Commits](https://github.com/typicode/husky/compare/v9.1.3...v9.1.4) Updates `lint-staged` from 15.2.7 to 15.2.8 - [Release notes](https://github.com/lint-staged/lint-staged/releases) - [Changelog](https://github.com/lint-staged/lint-staged/blob/master/CHANGELOG.md) - [Commits](https://github.com/lint-staged/lint-staged/compare/v15.2.7...v15.2.8) --- updated-dependencies: - dependency-name: husky dependency-type: direct:development update-type: version-update:semver-patch dependency-group: root-dependencies - dependency-name: lint-staged dependency-type: direct:development update-type: version-update:semver-patch dependency-group: root-dependencies ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 178 +++++++++++++++++++++++++--------------------- 1 file changed, 95 insertions(+), 83 deletions(-) diff --git a/package-lock.json b/package-lock.json index b4ea2429e5..86657633a6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -419,12 +419,15 @@ } }, "node_modules/ansi-escapes": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-6.2.1.tgz", - "integrity": "sha512-4nJ3yixlEthEJ9Rk4vPcdBRkZvQZlYyu8j4/Mqz5sgIkddmEnH2Yj2ZrnP9S3tQOvSNRUIgVNF/1yPpRAGNRig==", + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-7.0.0.tgz", + "integrity": "sha512-GdYO7a61mR0fOlAsvC9/rIHf7L96sBc6dEWzeOu+KAea5bZyQRPIpojrVoI4AXGJS/ycu/fBTdLrUkA4ODrvjw==", "dev": true, + "dependencies": { + "environment": "^1.0.0" + }, "engines": { - "node": ">=14.16" + "node": ">=18" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" @@ -500,15 +503,15 @@ } }, "node_modules/cli-cursor": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-4.0.0.tgz", - "integrity": "sha512-VGtlMu3x/4DOtIUwEkRezxUZ2lBacNJCHash0N0WeZDBS+7Ux1dm3XWAgWYxLJFMMdOeXMHXorshEFhbMSGelg==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-5.0.0.tgz", + "integrity": "sha512-aCj4O5wKyszjMmDT4tZj93kxyydN/K5zPWSCe6/0AV/AA1pqe5ZBIw0a2ZfPQV7lL5/yb5HsUreJ6UFAF1tEQw==", "dev": true, "dependencies": { - "restore-cursor": "^4.0.0" + "restore-cursor": "^5.0.0" }, "engines": { - "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + "node": ">=18" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" @@ -549,9 +552,9 @@ "dev": true }, "node_modules/cli-truncate/node_modules/string-width": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.1.0.tgz", - "integrity": "sha512-SEIJCWiX7Kg4c129n48aDRwLbFb2LJmXXFrWBG4NGaRtMQ3myKPKbwrD1BKqQn74oCoNMBVrfDEr5M9YxCsrkw==", + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz", + "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==", "dev": true, "dependencies": { "emoji-regex": "^10.3.0", @@ -749,9 +752,9 @@ } }, "node_modules/debug": { - "version": "4.3.4", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", - "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", + "version": "4.3.6", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.6.tgz", + "integrity": "sha512-O/09Bd4Z1fBrU4VzkhFqVgpPzaGbw6Sm9FEkBT1A/YBXQFGuuSxa1dN2nxgxS34JmKXqYx8CZAwEVoJFImUXIg==", "dev": true, "dependencies": { "ms": "2.1.2" @@ -792,6 +795,18 @@ "node": ">=6" } }, + "node_modules/environment": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/environment/-/environment-1.1.0.tgz", + "integrity": "sha512-xUtoPkMggbz0MPyPiIWr1Kp4aeWJjDZ6SMvURhimjdZgsRuDplF5/s9hcgGhyXMhs+6vpnuoiZ2kFiu3FMnS8Q==", + "dev": true, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/error-ex": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", @@ -875,18 +890,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/execa/node_modules/signal-exit": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", - "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", - "dev": true, - "engines": { - "node": ">=14" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, "node_modules/fast-deep-equal": { "version": "3.1.3", "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", @@ -1006,9 +1009,9 @@ } }, "node_modules/husky": { - "version": "9.1.3", - "resolved": "https://registry.npmjs.org/husky/-/husky-9.1.3.tgz", - "integrity": "sha512-ET3TQmQgdIu0pt+jKkpo5oGyg/4MQZpG6xcam5J5JyNJV+CBT23OBpCF15bKHKycRyMH9k6ONy8g2HdGIsSkMQ==", + "version": "9.1.4", + "resolved": "https://registry.npmjs.org/husky/-/husky-9.1.4.tgz", + "integrity": "sha512-bho94YyReb4JV7LYWRWxZ/xr6TtOTt8cMfmQ39MQYJ7f/YE268s3GdghGwi+y4zAeqewE5zYLvuhV0M0ijsDEA==", "dev": true, "bin": { "husky": "bin.js" @@ -1192,9 +1195,9 @@ } }, "node_modules/lilconfig": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz", - "integrity": "sha512-O18pf7nyvHTckunPWCV1XUNXU1piu01y2b7ATJ0ppkUkk8ocqVWBrYjJBCwHDjD/ZWcfyrA0P4gKhzWGi5EINQ==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.2.tgz", + "integrity": "sha512-eop+wDAvpItUys0FWkHIKeC9ybYrTGbU41U5K7+bttZZeohvnY7M9dZ5kB21GNWiFT2q1OoPTvncPCgSOVO5ow==", "dev": true, "engines": { "node": ">=14" @@ -1210,21 +1213,21 @@ "dev": true }, "node_modules/lint-staged": { - "version": "15.2.7", - "resolved": "https://registry.npmjs.org/lint-staged/-/lint-staged-15.2.7.tgz", - "integrity": "sha512-+FdVbbCZ+yoh7E/RosSdqKJyUM2OEjTciH0TFNkawKgvFp1zbGlEC39RADg+xKBG1R4mhoH2j85myBQZ5wR+lw==", + "version": "15.2.8", + "resolved": "https://registry.npmjs.org/lint-staged/-/lint-staged-15.2.8.tgz", + "integrity": "sha512-PUWFf2zQzsd9EFU+kM1d7UP+AZDbKFKuj+9JNVTBkhUFhbg4MAt6WfyMMwBfM4lYqd4D2Jwac5iuTu9rVj4zCQ==", "dev": true, "dependencies": { "chalk": "~5.3.0", "commander": "~12.1.0", - "debug": "~4.3.4", + "debug": "~4.3.6", "execa": "~8.0.1", - "lilconfig": "~3.1.1", - "listr2": "~8.2.1", + "lilconfig": "~3.1.2", + "listr2": "~8.2.4", "micromatch": "~4.0.7", "pidtree": "~0.6.0", "string-argv": "~0.3.2", - "yaml": "~2.4.2" + "yaml": "~2.5.0" }, "bin": { "lint-staged": "bin/lint-staged.js" @@ -1237,16 +1240,16 @@ } }, "node_modules/listr2": { - "version": "8.2.1", - "resolved": "https://registry.npmjs.org/listr2/-/listr2-8.2.1.tgz", - "integrity": "sha512-irTfvpib/rNiD637xeevjO2l3Z5loZmuaRi0L0YE5LfijwVY96oyVn0DFD3o/teAok7nfobMG1THvvcHh/BP6g==", + "version": "8.2.4", + "resolved": "https://registry.npmjs.org/listr2/-/listr2-8.2.4.tgz", + "integrity": "sha512-opevsywziHd3zHCVQGAj8zu+Z3yHNkkoYhWIGnq54RrCVwLz0MozotJEDnKsIBLvkfLGN6BLOyAeRrYI0pKA4g==", "dev": true, "dependencies": { "cli-truncate": "^4.0.0", "colorette": "^2.0.20", "eventemitter3": "^5.0.1", - "log-update": "^6.0.0", - "rfdc": "^1.3.1", + "log-update": "^6.1.0", + "rfdc": "^1.4.1", "wrap-ansi": "^9.0.0" }, "engines": { @@ -1284,9 +1287,9 @@ "dev": true }, "node_modules/listr2/node_modules/string-width": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.1.0.tgz", - "integrity": "sha512-SEIJCWiX7Kg4c129n48aDRwLbFb2LJmXXFrWBG4NGaRtMQ3myKPKbwrD1BKqQn74oCoNMBVrfDEr5M9YxCsrkw==", + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz", + "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==", "dev": true, "dependencies": { "emoji-regex": "^10.3.0", @@ -1402,14 +1405,14 @@ "dev": true }, "node_modules/log-update": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/log-update/-/log-update-6.0.0.tgz", - "integrity": "sha512-niTvB4gqvtof056rRIrTZvjNYE4rCUzO6X/X+kYjd7WFxXeJ0NwEFnRxX6ehkvv3jTwrXnNdtAak5XYZuIyPFw==", + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/log-update/-/log-update-6.1.0.tgz", + "integrity": "sha512-9ie8ItPR6tjY5uYJh8K/Zrv/RMZ5VOlOWvtZdEHYSTFKZfIBPQa9tOAEeAWhd+AnIneLJ22w5fjOYtoutpWq5w==", "dev": true, "dependencies": { - "ansi-escapes": "^6.2.0", - "cli-cursor": "^4.0.0", - "slice-ansi": "^7.0.0", + "ansi-escapes": "^7.0.0", + "cli-cursor": "^5.0.0", + "slice-ansi": "^7.1.0", "strip-ansi": "^7.1.0", "wrap-ansi": "^9.0.0" }, @@ -1482,9 +1485,9 @@ } }, "node_modules/log-update/node_modules/string-width": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.1.0.tgz", - "integrity": "sha512-SEIJCWiX7Kg4c129n48aDRwLbFb2LJmXXFrWBG4NGaRtMQ3myKPKbwrD1BKqQn74oCoNMBVrfDEr5M9YxCsrkw==", + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz", + "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==", "dev": true, "dependencies": { "emoji-regex": "^10.3.0", @@ -1573,13 +1576,16 @@ "node": ">=8.6" } }, - "node_modules/mimic-fn": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", - "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==", + "node_modules/mimic-function": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/mimic-function/-/mimic-function-5.0.1.tgz", + "integrity": "sha512-VP79XUPxV2CigYP3jWwAUFSku2aKqBH7uTAapFWCBqutsbmDo96KY5o8uh6U+/YSIn5OxJnXp73beVkpqMIGhA==", "dev": true, "engines": { - "node": ">=6" + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/minimist": { @@ -1625,15 +1631,15 @@ } }, "node_modules/onetime": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", - "integrity": "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==", + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/onetime/-/onetime-7.0.0.tgz", + "integrity": "sha512-VXJjc87FScF88uafS3JllDgvAm+c/Slfz06lorj2uAY34rlUu0Nt+v8wreiImcrgAjjIHp1rXpTDlLOGw29WwQ==", "dev": true, "dependencies": { - "mimic-fn": "^2.1.0" + "mimic-function": "^5.0.0" }, "engines": { - "node": ">=6" + "node": ">=18" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" @@ -1793,25 +1799,25 @@ } }, "node_modules/restore-cursor": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-4.0.0.tgz", - "integrity": "sha512-I9fPXU9geO9bHOt9pHHOhOkYerIMsmVaWB0rA2AI9ERh/+x/i7MV5HKBNrg+ljO5eoPVgCcnFuRjJ9uH6I/3eg==", + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-5.1.0.tgz", + "integrity": "sha512-oMA2dcrw6u0YfxJQXm342bFKX/E4sG9rbTzO9ptUcR/e8A33cHuvStiYOwH7fszkZlZ1z/ta9AAoPk2F4qIOHA==", "dev": true, "dependencies": { - "onetime": "^5.1.0", - "signal-exit": "^3.0.2" + "onetime": "^7.0.0", + "signal-exit": "^4.1.0" }, "engines": { - "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + "node": ">=18" }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/rfdc": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.3.1.tgz", - "integrity": "sha512-r5a3l5HzYlIC68TpmYKlxWjmOP6wiPJ1vWv2HeLhNsRZMrCkxeqxiHlQ21oXmQ4F3SiryXBHhAD7JZqvOJjFmg==", + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.4.1.tgz", + "integrity": "sha512-q1b3N5QkRUWUl7iyylaaj3kOpIT0N2i9MqIEQXP73GVsN9cw3fdx8X63cEmWhJGi2PPCF23Ijp7ktmd39rawIA==", "dev": true }, "node_modules/semver": { @@ -1851,10 +1857,16 @@ } }, "node_modules/signal-exit": { - "version": "3.0.7", - "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", - "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", - "dev": true + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", + "dev": true, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } }, "node_modules/slice-ansi": { "version": "5.0.0", @@ -2082,9 +2094,9 @@ "dev": true }, "node_modules/yaml": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.2.tgz", - "integrity": "sha512-B3VqDZ+JAg1nZpaEmWtTXUlBneoGx6CPM9b0TENK6aoSu5t73dItudwdgmi6tHlIZZId4dZ9skcAQ2UbcyAeVA==", + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.5.0.tgz", + "integrity": "sha512-2wWLbGbYDiSqqIKoPjar3MPgB94ErzCtrNE1FdqGuaO0pi2JGjmE8aW8TDZwzU7vuxcGRdL/4gPQwQ7hD5AMSw==", "dev": true, "bin": { "yaml": "bin.mjs" From 214f9c9dd5ab59466dbfb589944d227e852c61a9 Mon Sep 17 00:00:00 2001 From: JoshuaLicense Date: Mon, 5 Aug 2024 10:35:32 +0100 Subject: [PATCH 5/9] fix(terraform): adjust `response_headers_policy_name` for CORS requests (#210) --- infra/terraform/modules/service/cdn.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/terraform/modules/service/cdn.tf b/infra/terraform/modules/service/cdn.tf index 1d9c1a9615..a2b6d5c7c7 100644 --- a/infra/terraform/modules/service/cdn.tf +++ b/infra/terraform/modules/service/cdn.tf @@ -131,7 +131,7 @@ module "cloudfront" { cache_policy_name = "Managed-CachingOptimized" origin_request_policy_name = "Managed-UserAgentRefererHeaders" - response_headers_policy_name = "Managed-SecurityHeadersPolicy" + response_headers_policy_name = "Managed-CORS-with-preflight-and-SecurityHeadersPolicy" function_association = { viewer-request = { From 2c7ffe8b19c9c134f2a3f1e00d2199f414b2739a Mon Sep 17 00:00:00 2001 From: JoshuaLicense Date: Mon, 5 Aug 2024 10:40:59 +0100 Subject: [PATCH 6/9] feat(terraform): allow `dev` environment to push to `devapp-olcs-pri-olcs-autotest-s3` bucket (#208) --- infra/terraform/environments/dev/main.tf | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/infra/terraform/environments/dev/main.tf b/infra/terraform/environments/dev/main.tf index 28d53d4c64..3a8f084fae 100644 --- a/infra/terraform/environments/dev/main.tf +++ b/infra/terraform/environments/dev/main.tf @@ -65,7 +65,16 @@ locals { "arn:aws:sqs:eu-west-1:054614622558:DEVAPPDEV-OLCS-PRI-CHGET-DLQ", "arn:aws:sqs:eu-west-1:054614622558:DEVAPPDEV-OLCS-PRI-CHGET" ] - } + }, + { + effect = "Allow" + actions = [ + "s3:PutObject", + ] + resources = [ + "arn:aws:s3:::devapp-olcs-pri-olcs-autotest-s3/*", + ] + }, ] } From e3a4c76e1eee7c295bb3bde7dece48ee3195cb80 Mon Sep 17 00:00:00 2001 From: JoshuaLicense Date: Mon, 5 Aug 2024 10:44:13 +0100 Subject: [PATCH 7/9] fix(terraform): remove CPU/Memory division for containers (#213) --- infra/terraform/modules/service/ecs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra/terraform/modules/service/ecs.tf b/infra/terraform/modules/service/ecs.tf index 4af134eda1..a877392163 100644 --- a/infra/terraform/modules/service/ecs.tf +++ b/infra/terraform/modules/service/ecs.tf @@ -80,8 +80,8 @@ module "ecs_service" { container_definitions = { (each.key) = { - cpu = try(var.services[each.key].task_cpu_limit, var.services[each.key].cpu / 2) - memory = try(var.services[each.key].task_memory_limit, var.services[each.key].memory / 4) + cpu = try(var.services[each.key].task_cpu_limit, var.services[each.key].cpu) + memory = try(var.services[each.key].task_memory_limit, var.services[each.key].memory) essential = true image = "${var.services[each.key].repository}:${var.services[each.key].version}" port_mappings = [ From 1fe1cc1b30c51389c4c88ed32bc7abe9bb5c7241 Mon Sep 17 00:00:00 2001 From: Andrew Newton Date: Mon, 5 Aug 2024 12:15:34 +0100 Subject: [PATCH 8/9] fix: add style to fix radio hint alignment issue (#202) * fix: Style to fix radio hint alignment issue when pulling in markup from translation key. * fix: Style to fix radio hint alignment issue when pulling in markup from translation key. * fix: Style to fix radio hint alignment issue when pulling in markup from translation key. --- app/cdn/assets/_styles/components/radios.scss | 9 +++++++++ app/cdn/assets/_styles/themes/selfserve.scss | 1 + 2 files changed, 10 insertions(+) create mode 100644 app/cdn/assets/_styles/components/radios.scss diff --git a/app/cdn/assets/_styles/components/radios.scss b/app/cdn/assets/_styles/components/radios.scss new file mode 100644 index 0000000000..d6cf384a85 --- /dev/null +++ b/app/cdn/assets/_styles/components/radios.scss @@ -0,0 +1,9 @@ +/** + * Temporary override to support how some hints are being defined in translation keys for radio option labels. + * Can be removed on resolution of: https://dvsa.atlassian.net/browse/VOL-5688 + */ +.govuk-radios__label { + .govuk-hint { + display: block; + } +} diff --git a/app/cdn/assets/_styles/themes/selfserve.scss b/app/cdn/assets/_styles/themes/selfserve.scss index 2fe34df2d8..849934953e 100644 --- a/app/cdn/assets/_styles/themes/selfserve.scss +++ b/app/cdn/assets/_styles/themes/selfserve.scss @@ -76,6 +76,7 @@ $app: selfserve; @import '../components/cookie-settings'; @import '../components/task-list'; @import '../components/candidate-permit-selection-table'; +@import '../components/radios'; // Views @import '../views/selfserve/overview'; From ba9474f0ab7ba61a8d3c4d6cb25485d2d0fb7bdc Mon Sep 17 00:00:00 2001 From: C MARSTON Date: Mon, 5 Aug 2024 12:45:29 +0100 Subject: [PATCH 9/9] feat(terraform): vol5237 create int environment --- .../environments/int/.terraform.lock.hcl | 25 +++++++++++++++++++ infra/terraform/environments/int/main.tf | 11 +++++++- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/infra/terraform/environments/int/.terraform.lock.hcl b/infra/terraform/environments/int/.terraform.lock.hcl index e69de29bb2..f1bb11ca87 100644 --- a/infra/terraform/environments/int/.terraform.lock.hcl +++ b/infra/terraform/environments/int/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.60.0" + constraints = ">= 4.0.0, >= 4.40.0, >= 4.66.1, >= 5.0.0, >= 5.12.0, >= 5.27.0, >= 5.37.0, ~> 5.60.0" + hashes = [ + "h1:p9+40kdklLTJLQ/y7wxNjuKxUK8AVB4L9424NGNK4rY=", + "zh:08f49c9eb865e136a55dda3eb2b790f6d55cdac49f6638391dbea4b865cf307b", + "zh:090dd8b40ebf0f8e9ea05b9a142add9caeb7988d3d96c5c112e8c67c0edf566f", + "zh:30f336af1b4f0824fce2cc6e81af0986b325b135436c9d892d081e435aeed67e", + "zh:338195ca3b41249874110253412d8913f770c22294af05799ea1e343050906f5", + "zh:3a8a45b17750b01192a0fbeeed0d05c2c04840344d78d5e3233b3ecbeec17a1c", + "zh:486efe72d39f0736d9b7e00e5b889288264458a57aa0cff2d75688d6db372ee5", + "zh:5fdccc448a085fea8ecfae43ae326840abfcdf1a0aa8b8c79dd466392aa5cc3a", + "zh:9521639755cd07ec7efde86a534770e436e16a93692d070a00f6419c1038d59c", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:c2fb9240a069da9f51e7379e76c3dfaad15a97430c2e32708a7d18345434e310", + "zh:daba836b89537dfa72bb8c77e88850c20fda2a3d0f5b3803cd3d6da0ce283e3e", + "zh:db7e0755ed120ed8311f6663f49aa7157da5072b906727db3a6c47d64e0b82c6", + "zh:ea5e3fca5197639c4ad1415ca96de2924a351ecd1a885dd9184843d5eec18dbb", + "zh:f3f322951d311e45a47361f24790a90a0b8ba6d3829a00c4066a361960d2ecef", + "zh:f48b44f4887d4b51a1406057f15f1e2161cb02b271b2659349958904c678e91c", + ] +} diff --git a/infra/terraform/environments/int/main.tf b/infra/terraform/environments/int/main.tf index 8c843dc98b..79ef77befb 100644 --- a/infra/terraform/environments/int/main.tf +++ b/infra/terraform/environments/int/main.tf @@ -65,7 +65,16 @@ locals { "arn:aws:sqs:eu-west-1:054614622558:DEVAPPQA-OLCS-PRI-CHGET-DLQ", "arn:aws:sqs:eu-west-1:054614622558:DEVAPPQA-OLCS-PRI-CHGET" ] - } + }, + { + effect = "Allow" + actions = [ + "s3:PutObject", + ] + resources = [ + "arn:aws:s3:::devapp-olcs-pri-olcs-autotest-s3/*", + ] + }, ] }