diff --git a/.gitignore b/.gitignore index e954718..d7bd852 100644 --- a/.gitignore +++ b/.gitignore @@ -12,13 +12,6 @@ node_modules .idea/ -# for lambda layer built packages -src/lambda_layer/requests/python/* -# for the lambda layer I built myself -!src/lambda_layer/dpo/python/*.py -!src/lambda_layer/dpo/python/setup.py -!src/lambda_layer/dpo/python/mtl.py -!src/lambda_layer/requests/* # CDK asset staging directory .cdk.staging cdk.out diff --git a/.husky/commit-msg b/.husky/commit-msg index 669126b..78f4d1d 100755 --- a/.husky/commit-msg +++ b/.husky/commit-msg @@ -1,6 +1 @@ -#!/usr/bin/env sh -# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: MIT-0 - -. "$(dirname -- "$0")/_/husky.sh" - npm run commitlint ${1} diff --git a/.husky/pre-commit b/.husky/pre-commit index ef61d2a..d24bac6 100755 --- a/.husky/pre-commit +++ b/.husky/pre-commit @@ -1,15 +1,10 @@ -#!/usr/bin/env sh -# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: MIT-0 - -. "$(dirname -- "$0")/_/husky.sh" - if [ -z $RUN_PRE_COMMIT_HOOKS ]; then exit 0; fi if [ -z $AWS_REGION ] || [ -z $ACCOUNT_RES ] || [ -z $RES_ACCOUNT_AWS_PROFILE ] || [ -z $CDK_QUALIFIER ] || [ -z $GIT_REPOSITORY ]; then echo "Run 'source export_vars.sh' to export the mandatory variables for building the project" exit 1; fi -./scripts/check-audit.sh +./scripts/check-deps.sh ./scripts/build.sh ./scripts/test.sh -./scripts/cdk-synth.sh +./scripts/cdk-synth.sh \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 9ba9135..264536b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,20 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Released] +## [1.2.2] - 2024-05-15 + +This is a bugfix release. Please check below the fixed items. + +### Added +- Pre-commit hook verifies existence of mandatory environment variables +### Changed +- Updated CDK version to 2.140.0 +- Updated 3rd party NPM libraries version +### Fixed +- Docker builds to go through VPC Proxy properly when Proxy is bind behind the VPC (DPP Outbound Proxy) +- Fixed IAM Resource Policy of the KMS Key used in the MonitoringStack which is used for publishing alerts to SNS +- Fixed husky pre-commit hook to allow upgrade to its latest version 9.x.x + ## [1.2.1] - 2024-03-06 In this release we introduced the ability to customize and extend the list of available deployment stages. On top of the existing stages, you are allowed to define other stages differently from each other to support use cases where stages are not unified. We have also enabled AWS SSM ParameterStore to lookup for VPC ids stored there instead of passing them as plain text. Various bugfixes were also applied. **Please make sure to manually deploy the PipelineStack in your RES account as the CodeBuild Synth phase shell was changed from `sh` to `bash`, you can always refer to the instructions present in the README.md on how to run the ```cdk deploy``` command locally.** diff --git a/NOTICE b/NOTICE index 804e451..d8dcbe1 100644 --- a/NOTICE +++ b/NOTICE @@ -7539,7 +7539,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -cicd-boot 1.2.1 +cicd-boot 1.2.2 MIT* MIT No Attribution diff --git a/package-lock.json b/package-lock.json index 3ce2317..0147684 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "cicd-boot", - "version": "1.2.1", + "version": "1.2.2", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "cicd-boot", - "version": "1.2.1", + "version": "1.2.2", "dependencies": { "@cloudcomponents/cdk-pull-request-approval-rule": "2.3.0", "@cloudcomponents/cdk-pull-request-check": "2.3.0", @@ -7627,6 +7627,7 @@ "version": "2.3.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", + "dev": true, "engines": { "node": ">=6" } diff --git a/package-verification.json b/package-verification.json index be3e5c7..9d1cdbd 100644 --- a/package-verification.json +++ b/package-verification.json @@ -1,7 +1,7 @@ { - "package-lock.json": "1c0587f19cf31175b18cb25ff72e50626bc39d4ee195512de2aca579cf19144c", + "package-lock.json": "917d1cb0dde9446e1e41f8a1a99942926c2832efa43bf3a541fbf3699504f887", "license": { - "package.json": "439bd17a60c8f65dba3666e14ce7db538cf83e7622f8cfe95a9e5a07827b06be", + "package.json": "b80c50079970669c25900379b6f634de32883b5b57c7bbb7ca95faefda6fe4ed", "src/lambda-layer/common/Pipfile": "53333eca42637e4ed066308b8c6c5282fe39d10c112e16e02f29db45ddf07eb5", "projectList": "24951410902869c872facab060c4533d42b1f47e5c3aed0acd572937d8ab9f15" } diff --git a/package.json b/package.json index 2314fae..3b47b77 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cicd-boot", - "version": "1.2.1", + "version": "1.2.2", "bin": { "pipeline": "bin/app.ts" }, diff --git a/scripts/check-code-scan-security.sh b/scripts/check-code-scan-security.sh index 25fb32e..369d324 100755 --- a/scripts/check-code-scan-security.sh +++ b/scripts/check-code-scan-security.sh @@ -121,11 +121,11 @@ function shellcheck_scan() { # Execute shellcheck if [[ -z "$JUNIT_REPORT" ]]; then find $PROJECT_ROOT -type f \( -name '*.sh' -o -name '*.bash' -o -name '*.ksh' -o -name '*.bashrc' -o -name '*.bash_profile' -o -name '*.bash_login' -o -name '*.bash_logout' \) \ - -not -path "*/node_modules/*" -not -path "*/cdk.out/*" \ + -not -path "*/node_modules/*" -not -path "*/cdk.out/*" -not -path "*/.husky/_/*" \ | xargs shellcheck -x --severity="$SHELLCHECK_SEVERITY" else if ! find $PROJECT_ROOT -type f \( -name '*.sh' -o -name '*.bash' -o -name '*.ksh' -o -name '*.bashrc' -o -name '*.bash_profile' -o -name '*.bash_login' -o -name '*.bash_logout' \) \ - -not -path "*/node_modules/*" -not -path "*/cdk.out/*" \ + -not -path "*/node_modules/*" -not -path "*/cdk.out/*" -not -path "*/.husky/_/*" \ | xargs shellcheck -x --severity="$SHELLCHECK_SEVERITY" -f checkstyle > "${JUNIT_REPORT_FOLDER}/shellcheck-checkstyle-results.xml"; then CHECK_FAILED=1; fi