diff --git a/NOTICE b/NOTICE index 5046aa4..804e451 100644 --- a/NOTICE +++ b/NOTICE @@ -641,7 +641,7 @@ Apache-2.0 limitations under the License. -@aws-cdk/asset-node-proxy-agent-v6 2.0.1 +@aws-cdk/asset-node-proxy-agent-v6 2.0.3 Apache-2.0 Apache License @@ -2246,7 +2246,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@cloudcomponents/cdk-pull-request-approval-rule 2.1.0 +@cloudcomponents/cdk-pull-request-approval-rule 2.3.0 MIT MIT License @@ -2271,7 +2271,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@cloudcomponents/cdk-pull-request-check 2.1.0 +@cloudcomponents/cdk-pull-request-check 2.3.0 MIT MIT License @@ -2296,7 +2296,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@commitlint/cli 19.0.3 +@commitlint/cli 19.3.0 MIT The MIT License (MIT) @@ -2321,7 +2321,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@commitlint/config-conventional 19.0.3 +@commitlint/config-conventional 19.2.2 MIT The MIT License (MIT) @@ -2421,7 +2421,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@commitlint/format 19.0.3 +@commitlint/format 19.3.0 MIT The MIT License (MIT) @@ -2446,7 +2446,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@commitlint/is-ignored 19.0.3 +@commitlint/is-ignored 19.2.2 MIT The MIT License (MIT) @@ -2471,7 +2471,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@commitlint/lint 19.0.3 +@commitlint/lint 19.2.2 MIT The MIT License (MIT) @@ -2496,7 +2496,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@commitlint/load 19.0.3 +@commitlint/load 19.2.0 MIT The MIT License (MIT) @@ -2571,7 +2571,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@commitlint/read 19.0.3 +@commitlint/read 19.2.1 MIT The MIT License (MIT) @@ -2596,7 +2596,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@commitlint/resolve-extends 19.0.3 +@commitlint/resolve-extends 19.1.0 MIT The MIT License (MIT) @@ -4587,32 +4587,7 @@ Additional Details These definitions were written by Jason Swearingen . -@types/lodash 4.14.202 -MIT - MIT License - - Copyright (c) Microsoft Corporation. - - Permission is hereby granted, free of charge, to any person obtaining a copy - of this software and associated documentation files (the "Software"), to deal - in the Software without restriction, including without limitation the rights - to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - copies of the Software, and to permit persons to whom the Software is - furnished to do so, subject to the following conditions: - - The above copyright notice and this permission notice shall be included in all - copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - SOFTWARE - - -@types/node 20.11.24 +@types/node 20.12.8 MIT MIT License @@ -4812,7 +4787,7 @@ MIT SOFTWARE -@typescript-eslint/eslint-plugin 7.1.1 +@typescript-eslint/eslint-plugin 7.8.0 MIT MIT License @@ -4837,7 +4812,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@typescript-eslint/parser 7.1.1 +@typescript-eslint/parser 7.8.0 BSD-2-Clause TypeScript ESLint Parser Copyright JS Foundation and other contributors, https://js.foundation @@ -4863,7 +4838,7 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -@typescript-eslint/scope-manager 7.1.1 +@typescript-eslint/scope-manager 7.8.0 MIT MIT License @@ -4888,7 +4863,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@typescript-eslint/type-utils 7.1.1 +@typescript-eslint/type-utils 7.8.0 MIT MIT License @@ -4913,7 +4888,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@typescript-eslint/types 7.1.1 +@typescript-eslint/types 7.8.0 MIT MIT License @@ -4938,7 +4913,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@typescript-eslint/typescript-estree 7.1.1 +@typescript-eslint/typescript-estree 7.8.0 BSD-2-Clause TypeScript ESTree @@ -4968,7 +4943,7 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -@typescript-eslint/utils 7.1.1 +@typescript-eslint/utils 7.8.0 MIT MIT License @@ -4993,7 +4968,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -@typescript-eslint/visitor-keys 7.1.1 +@typescript-eslint/visitor-keys 7.8.0 MIT MIT License @@ -5155,7 +5130,7 @@ SOFTWARE. -ajv 8.12.0 +ajv 8.13.0 MIT The MIT License (MIT) @@ -5864,7 +5839,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -aws-cdk-lib 2.131.0 +aws-cdk-lib 2.140.0 Apache-2.0 Apache License Version 2.0, January 2004 @@ -7040,7 +7015,7 @@ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -cdk-monitoring-constructs 7.7.0 +cdk-monitoring-constructs 7.8.0 Apache-2.0 Apache License @@ -7246,7 +7221,7 @@ Apache-2.0 limitations under the License. -cdk-nag 2.28.55 +cdk-nag 2.28.109 Apache-2.0 Apache License @@ -8247,7 +8222,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -cosmiconfig 8.3.6 +cosmiconfig 9.0.0 MIT The MIT License (MIT) @@ -9341,6 +9316,19 @@ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +env-paths 2.2.1 +MIT +MIT License + +Copyright (c) Sindre Sorhus (sindresorhus.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + error-ex 1.3.2 MIT The MIT License (MIT) @@ -11097,7 +11085,7 @@ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -glob 10.3.10 +glob 10.3.12 ISC The ISC License @@ -11966,7 +11954,7 @@ Apache-2.0 limitations under the License. -husky 8.0.3 +husky 9.0.11 MIT MIT License @@ -12031,30 +12019,6 @@ Redistribution and use in source and binary forms, with or without modification, THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -ignore 5.3.0 -MIT -Copyright (c) 2013 Kael Zhang , contributors -http://kael.me/ - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - ignore 5.3.1 MIT Copyright (c) 2013 Kael Zhang , contributors @@ -12105,7 +12069,7 @@ The above copyright notice and this permission notice shall be included in all c THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -import-meta-resolve 4.0.0 +import-meta-resolve 4.1.0 MIT (The MIT License) @@ -15618,7 +15582,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -lru-cache 10.2.0 +lru-cache 10.2.2 ISC The ISC License @@ -15957,6 +15921,25 @@ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +minimatch 9.0.4 +ISC +The ISC License + +Copyright (c) 2011-2023 Isaac Z. Schlueter and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + minimist 1.2.7 MIT This software is released under the MIT license: @@ -16001,7 +15984,7 @@ IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -minipass 7.0.4 +minipass 7.1.1 ISC The ISC License @@ -16794,7 +16777,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -path-scurry 1.10.1 +path-scurry 1.11.1 BlueOak-1.0.0 # Blue Oak Model License @@ -23479,7 +23462,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -table 6.8.1 +table 6.8.2 BSD-3-Clause Copyright (c) 2018, Gajus Kuizinas (http://gajus.com/) All rights reserved. @@ -23700,7 +23683,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -ts-api-utils 1.2.1 +ts-api-utils 1.3.0 MIT # MIT License @@ -23989,7 +23972,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -typescript 5.3.3 +typescript 5.4.5 Apache-2.0 Apache License diff --git a/OSS_License_Summary.csv b/OSS_License_Summary.csv index f21244b..af214ba 100644 --- a/OSS_License_Summary.csv +++ b/OSS_License_Summary.csv @@ -11,9 +11,9 @@ "BSD-3-Clause","18" "BlueOak-1.0.0","2" "CC-BY-4.0","1" -"ISC","53" +"ISC","54" "MIT*","2" -"MIT","530" +"MIT","529" "Python-2.0","1" ######################### # Python module: src/lambda-layer/common/Pipfile diff --git a/bin/app.ts b/bin/app.ts index 9f76608..27226f4 100644 --- a/bin/app.ts +++ b/bin/app.ts @@ -19,13 +19,6 @@ import { NagUtils } from '../utils/suppressions'; const app = new cdk.App(); -const repositoryStack = new RepositoryStack(app, `${AppConfig.applicationName}Repository`, { - env: { account: AppConfig.deploymentAccounts.RES, region: AppConfig.region }, - applicationName: AppConfig.applicationName, - applicationQualifier: AppConfig.applicationQualifier, - repositoryConfig: AppConfig.repositoryConfig, -}); - new ComplianceLogBucketStack(app, `${AppConfig.applicationName}ComplianceLogBucketStack`, { complianceLogBucketName: AppConfig.complianceLogBucketName.RES, }); @@ -44,6 +37,17 @@ const vpcStack = new VPCStack(app, `${AppConfig.applicationName}VPCStack`, { flowLogsBucketName: AppConfig.complianceLogBucketName.RES, }); +const repositoryStack = new RepositoryStack(app, `${AppConfig.applicationName}Repository`, { + env: { account: AppConfig.deploymentAccounts.RES, region: AppConfig.region }, + applicationName: AppConfig.applicationName, + applicationQualifier: AppConfig.applicationQualifier, + repositoryConfig: AppConfig.repositoryConfig, + vpcProps: (vpcStack.vpc ? { + vpc: vpcStack.vpc, + proxy: AppConfig.proxy, + } : undefined), +}); + const encryptionStack = new EncryptionStack(app, `${AppConfig.applicationName}EncryptionStack`, { env: { account: AppConfig.deploymentAccounts.RES, region: AppConfig.region }, applicationName: AppConfig.applicationName, diff --git a/lib/cdk-pipeline/core/CDKPipeline.ts b/lib/cdk-pipeline/core/CDKPipeline.ts index 45790c6..a16d07f 100644 --- a/lib/cdk-pipeline/core/CDKPipeline.ts +++ b/lib/cdk-pipeline/core/CDKPipeline.ts @@ -8,7 +8,6 @@ import * as iam from 'aws-cdk-lib/aws-iam'; import * as pipelines from 'aws-cdk-lib/pipelines'; import { NagSuppressions } from 'cdk-nag'; import { Construct, IConstruct } from 'constructs'; -import * as _ from 'lodash'; import { CodeGuruSecurityStep, CodeGuruSeverityThreshold } from './constructs/CodeGuruSecurityStepConstruct'; interface Props extends PipelineProps { @@ -17,7 +16,7 @@ interface Props extends PipelineProps { rolePolicies?: iam.PolicyStatement[]; } -export interface VpcProps { +export interface IVpcProps { vpc: ec2.IVpc; proxy?: { noProxy: string[]; @@ -32,7 +31,7 @@ export interface PipelineProps { isDockerEnabledForSynth?: boolean; buildImage?: codebuild.IBuildImage; codeGuruScanThreshold?: CodeGuruSeverityThreshold; - vpcProps?: VpcProps; + vpcProps?: IVpcProps; pipelineVariables?: {[key in string]: string}; primaryOutputDirectory: string; } @@ -51,7 +50,6 @@ class CodeBuildAspect implements cdk.IAspect { export class CDKPipeline extends pipelines.CodePipeline { static readonly pipelineCommands: string[] = [ - './scripts/proxy.sh', './scripts/check-audit.sh', '. ./scripts/warming.sh', './scripts/build.sh', @@ -86,7 +84,7 @@ export class CDKPipeline extends pipelines.CodePipeline { primaryOutputDirectory: props.primaryOutputDirectory, }), codeBuildDefaults: { - ...CDKPipeline.generateVPCCodeBuildDefaults(scope, props.vpcProps), + ...CDKPipeline.generateVPCCodeBuildDefaults(props.vpcProps), partialBuildSpec: CDKPipeline.getPartialBuildSpec(props.vpcProps), buildEnvironment: { buildImage: props.buildImage, @@ -103,51 +101,61 @@ export class CDKPipeline extends pipelines.CodePipeline { } static getDefaultPartialBuildSpec() { - return { + return codebuild.BuildSpec.fromObject({ version: '0.2', env: { shell: 'bash', }, - }; + }); } - static getPartialBuildSpec(vpcProps?: VpcProps) { + static getPartialBuildSpec(vpcProps?: IVpcProps) { const buildSpec = CDKPipeline.getDefaultPartialBuildSpec(); if (vpcProps?.proxy?.proxySecretArn) { - // deep merge with - _.merge(buildSpec, { + const { + proxy: { + noProxy, + proxySecretArn, + proxyTestUrl, + }, + } = vpcProps; + + // Construct environment variables + const envVariables = { + NO_PROXY: noProxy.join(', '), + AWS_STS_REGIONAL_ENDPOINTS: 'regional', + }; + + // Construct secrets manager object + const secretsManager = { + PROXY_USERNAME: `${proxySecretArn}:username`, + PROXY_PASSWORD: `${proxySecretArn}:password`, + HTTP_PROXY_PORT: `${proxySecretArn}:http_proxy_port`, + HTTPS_PROXY_PORT: `${proxySecretArn}:https_proxy_port`, + PROXY_DOMAIN: `${proxySecretArn}:proxy_domain`, + }; + + // Merge the constructed objects with existing buildSpec + return codebuild.mergeBuildSpecs(buildSpec, codebuild.BuildSpec.fromObject({ env: { - 'variables': { - NO_PROXY: vpcProps.proxy.noProxy.join(', '), - AWS_STS_REGIONAL_ENDPOINTS: 'regional', - }, - 'secrets-manager': { - PROXY_USERNAME: vpcProps.proxy.proxySecretArn.concat(':username'), - PROXY_PASSWORD: vpcProps.proxy.proxySecretArn.concat(':password'), - HTTP_PROXY_PORT: vpcProps.proxy.proxySecretArn.concat(':http_proxy_port'), - HTTPS_PROXY_PORT: vpcProps.proxy.proxySecretArn.concat(':https_proxy_port'), - PROXY_DOMAIN: vpcProps.proxy.proxySecretArn.concat(':proxy_domain'), - }, + 'variables': envVariables, + 'secrets-manager': secretsManager, }, phases: { install: { commands: [ - 'export HTTP_PROXY="http://$PROXY_USERNAME:$PROXY_PASSWORD@$PROXY_DOMAIN:$HTTP_PROXY_PORT"', - 'export HTTPS_PROXY="https://$PROXY_USERNAME:$PROXY_PASSWORD@$PROXY_DOMAIN:$HTTPS_PROXY_PORT"', - 'echo "--- Proxy Test ---"', - `curl -Is --connect-timeout 5 ${vpcProps.proxy.proxyTestUrl} | grep "HTTP/"`, + CDKPipeline.getInstallCommands(vpcProps), ], }, }, - }); - + })); } - return codebuild.BuildSpec.fromObject(buildSpec); + return buildSpec; } - static generateVPCCodeBuildDefaults(scope: Construct, vpcProps?: VpcProps): pipelines.CodeBuildOptions | {} { + static generateVPCCodeBuildDefaults(vpcProps?: IVpcProps): pipelines.CodeBuildOptions | {} { if (!vpcProps) return {}; return { @@ -156,6 +164,24 @@ export class CDKPipeline extends pipelines.CodePipeline { }; } + public static getInstallCommands(vpcProps: IVpcProps) : string { + return 'export HTTP_PROXY="http://$PROXY_USERNAME:$PROXY_PASSWORD@$PROXY_DOMAIN:$HTTP_PROXY_PORT"; ' + + 'export HTTPS_PROXY="https://$PROXY_USERNAME:$PROXY_PASSWORD@$PROXY_DOMAIN:$HTTPS_PROXY_PORT"; ' + + 'echo "--- Proxy Test ---"; ' + + `curl -Is --connect-timeout 5 ${vpcProps!.proxy!.proxyTestUrl} | grep "HTTP/"; ` + + 'if [ -f /var/run/docker.pid ]; then ' + + 'echo "--- Configuring docker env ---" ' + + '&& mkdir ~/.docker/ ' + + '&& echo -n "{\\"proxies\\": {\\"default\\": {\\"httpProxy\\": \\"$HTTP_PROXY\\",\\"httpsProxy\\": \\"$HTTPS_PROXY\\",\\"noProxy\\": \\"$NO_PROXY\\"}}}" > ~/.docker/config.json ' + + '&& cat ~/.docker/config.json ' + + '&& echo "Kill and restart the docker daemon so that it reads the PROXY env variables" ' + + '&& kill "$(cat /var/run/docker.pid)" ' + + '&& while kill -0 "$(cat /var/run/docker.pid)" ; do sleep 1 ; done ' + + '&& /usr/local/bin/dockerd-entrypoint.sh > /dev/null 2>&1 ' + + '&& echo "--- Docker daemon restarted ---"; ' + + 'fi'; + } + public buildPipeline(): void { super.buildPipeline(); diff --git a/lib/stacks/app/MonitoringStack.ts b/lib/stacks/app/MonitoringStack.ts index 806fba0..c5abb6d 100644 --- a/lib/stacks/app/MonitoringStack.ts +++ b/lib/stacks/app/MonitoringStack.ts @@ -19,11 +19,25 @@ export class MonitoringStack extends cdk.Stack { constructor(scope: Construct, id: string, props: Props) { super(scope, id, props); + const encryptionKey = new kms.Key(this, 'KMSKey', { + enableKeyRotation: true, + alias: `${props.applicationName}-${props.stageName}-Monitoring-key`, + }); + + const myCustomPolicy = new iam.PolicyStatement({ + actions: [ + 'kms:GenerateDataKey', + 'kms:Describe*', + 'kms:Decrypt*', + ], + principals: [new iam.ServicePrincipal('cloudwatch.amazonaws.com')], + resources: ['*'], + }); + + encryptionKey.addToResourcePolicy(myCustomPolicy); + const monitoringTopic = new sns.Topic(this, 'MonitoringTopic', { - masterKey: new kms.Key(this, 'KMSKey', { - enableKeyRotation: true, - alias: `${props.applicationName}-${props.stageName}-Monitoring-key`, - }), + masterKey: encryptionKey, }); monitoringTopic.grantPublish(new iam.AccountRootPrincipal); diff --git a/lib/stacks/app/S3BucketStack.ts b/lib/stacks/app/S3BucketStack.ts index b84b494..f35a1c6 100644 --- a/lib/stacks/app/S3BucketStack.ts +++ b/lib/stacks/app/S3BucketStack.ts @@ -3,6 +3,7 @@ import * as cdk from 'aws-cdk-lib'; import * as kms from 'aws-cdk-lib/aws-kms'; +import * as s3 from 'aws-cdk-lib/aws-s3'; import { Construct } from 'constructs'; import { STAGE } from '../../../config/Types'; import { S3Bucket } from '../../cdk-pipeline/core/S3Bucket'; @@ -15,10 +16,13 @@ interface Props extends cdk.StackProps { } export class S3BucketStack extends cdk.Stack { + + readonly bucket: s3.IBucket; + constructor(scope: Construct, id: string, props: Props) { super(scope, id, props); - new S3Bucket(this, 'S3Bucket', { + this.bucket = new S3Bucket(this, 'S3Bucket', { applicationQualifier: props.applicationQualifier, stageName: props.stageName, bucketName: props.bucketName, diff --git a/lib/stacks/core/RepositoryStack.ts b/lib/stacks/core/RepositoryStack.ts index 07ccd18..65d3652 100644 --- a/lib/stacks/core/RepositoryStack.ts +++ b/lib/stacks/core/RepositoryStack.ts @@ -7,11 +7,13 @@ import { Construct } from 'constructs'; import { CodeCommitRepositoryConstruct } from './constructs/CodeCommitRepositoryConstruct'; import { CodeStarConnectionConstruct } from './constructs/CodeStarConnectionConstruct'; import { IRepositoryConfig } from '../../../config/Types'; +import { IVpcProps } from '../../cdk-pipeline/core/CDKPipeline'; interface RepositoryProps extends cdk.StackProps { applicationName: string; applicationQualifier: string; repositoryConfig: IRepositoryConfig; + vpcProps?: IVpcProps; } export class RepositoryStack extends cdk.Stack { @@ -36,6 +38,7 @@ export class RepositoryStack extends cdk.Stack { applicationName: props.applicationName, applicationQualifier: props.applicationQualifier, ...props.repositoryConfig.CODECOMMIT, + vpcProps: props.vpcProps, }).pipelineInput; this.repositoryBranch = props.repositoryConfig.CODECOMMIT.branch; this.pipelineEnvVars = {}; diff --git a/lib/stacks/core/constructs/CodeCommitRepositoryConstruct.ts b/lib/stacks/core/constructs/CodeCommitRepositoryConstruct.ts index 3315329..facd461 100644 --- a/lib/stacks/core/constructs/CodeCommitRepositoryConstruct.ts +++ b/lib/stacks/core/constructs/CodeCommitRepositoryConstruct.ts @@ -13,12 +13,13 @@ import * as nag from 'cdk-nag'; import { Construct } from 'constructs'; import { CodeCommitRepositoryAspects } from './CodeCommitRepositoryAspects'; import { ICodeCommitConfig } from '../../../../config/Types'; -import { CDKPipeline } from '../../../cdk-pipeline/core/CDKPipeline'; +import { CDKPipeline, IVpcProps } from '../../../cdk-pipeline/core/CDKPipeline'; import { SSMParameterStack } from '../SSMParameterStack'; interface Props extends ICodeCommitConfig { applicationName: string; applicationQualifier: string; + vpcProps?: IVpcProps; } export class CodeCommitRepositoryConstruct extends Construct { @@ -59,22 +60,25 @@ export class CodeCommitRepositoryConstruct extends Construct { repository, }); + const buildSpec = CDKPipeline.getPartialBuildSpec(props.vpcProps); + + codebuild.mergeBuildSpecs(buildSpec, codebuild.BuildSpec.fromObject({ + phases: { + install: { + commands: [ + `export CDK_QUALIFIER=${props.applicationQualifier}`, + ], + }, + build: { + commands: CDKPipeline.pipelineCommands, + }, + }, + })); + const pullRequestCheck = new PullRequestCheck(this, 'PullRequestCheck', { repository, - buildSpec: codebuild.BuildSpec.fromObject({ - version: '0.2', - phases: { - install: { - commands: [ - ...CDKPipeline.installCommands, - `export CDK_QUALIFIER=${props.applicationQualifier}`, - ], - }, - build: { - commands: CDKPipeline.pipelineCommands, - }, - }, - }), + buildSpec: codebuild.BuildSpec.fromObject(buildSpec), + vpc: props.vpcProps?.vpc, privileged: props.codeBuildConfig.isPrivileged, buildImage: props.codeBuildConfig.buildImage, }); @@ -94,6 +98,20 @@ export class CodeCommitRepositoryConstruct extends Construct { pullRequestCheck.addToRolePolicy( SSMParameterStack.getGetParameterPolicyStatement(cdk.Stack.of(this).account, cdk.Stack.of(this).region, props.applicationQualifier ), ); + + if (props.vpcProps?.proxy?.proxySecretArn) { + pullRequestCheck.addToRolePolicy( + new iam.PolicyStatement({ + effect: iam.Effect.ALLOW, + actions: [ + 'secretsmanager:GetSecretValue', + ], + resources: [ + props.vpcProps.proxy.proxySecretArn, + ], + }), + ); + } }); cdk.Aspects.of(cdk.Stack.of(this)).add( diff --git a/package-lock.json b/package-lock.json index 7ae8a71..3ce2317 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,17 +8,16 @@ "name": "cicd-boot", "version": "1.2.1", "dependencies": { - "@cloudcomponents/cdk-pull-request-approval-rule": "2.1.0", - "@cloudcomponents/cdk-pull-request-check": "2.1.0", + "@cloudcomponents/cdk-pull-request-approval-rule": "2.3.0", + "@cloudcomponents/cdk-pull-request-check": "2.3.0", "@types/uuid": "9.0.8", - "@typescript-eslint/visitor-keys": "7.1.1", - "aws-cdk-lib": "2.131.0", - "cdk-monitoring-constructs": "7.7.0", - "cdk-nag": "2.28.55", + "@typescript-eslint/visitor-keys": "7.8.0", + "aws-cdk-lib": "2.140.0", + "cdk-monitoring-constructs": "7.8.0", + "cdk-nag": "2.28.109", "constructs": "10.3.0", "csv": "6.3.8", - "glob": "10.3.10", - "lodash": "4.17.21", + "glob": "10.3.12", "source-map-support": "0.5.21", "uuid": "9.0.1" }, @@ -26,25 +25,24 @@ "pipeline": "bin/app.ts" }, "devDependencies": { - "@commitlint/cli": "19.0.3", - "@commitlint/config-conventional": "19.0.3", + "@commitlint/cli": "19.3.0", + "@commitlint/config-conventional": "19.2.2", "@types/jest": "29.5.12", - "@types/lodash": "4.14.202", - "@types/node": "20.11.24", + "@types/node": "20.12.8", "@types/prettier": "3.0.0", "@types/source-map-support": "0.5.10", - "@typescript-eslint/eslint-plugin": "7.1.1", - "@typescript-eslint/parser": "7.1.1", + "@typescript-eslint/eslint-plugin": "7.8.0", + "@typescript-eslint/parser": "7.8.0", "concurrently": "8.2.2", "cz-conventional-changelog": "3.3.0", "eslint": "8.57.0", "eslint-plugin-import": "2.29.1", - "husky": "8.0.3", + "husky": "9.0.11", "jest": "29.7.0", "run-script-os": "1.1.6", "ts-jest": "29.1.2", "ts-node": "10.9.2", - "typescript": "5.3.3" + "typescript": "5.4.5" }, "engines": { "node": ">=18" @@ -83,9 +81,9 @@ "integrity": "sha512-3M2tELJOxQv0apCIiuKQ4pAbncz9GuLwnKFqxifWfe77wuMxyTRPmxssYHs42ePqzap1LT6GDcPygGs+hHstLg==" }, "node_modules/@aws-cdk/asset-node-proxy-agent-v6": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.1.tgz", - "integrity": "sha512-DDt4SLdLOwWCjGtltH4VCST7hpOI5DzieuhGZsBpZ+AgJdSI2GCjklCXm0GCTwJG/SolkL5dtQXyUKgg9luBDg==" + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.3.tgz", + "integrity": "sha512-twhuEG+JPOYCYPx/xy5uH2+VUsIEhPTzDY0F1KuB+ocjWWB/KEDiOVL19nHvbPCB6fhWnkykXEMJ4HHcKvjtvg==" }, "node_modules/@aws-cdk/aws-redshift-alpha": { "version": "2.112.0-alpha.0", @@ -744,33 +742,33 @@ "dev": true }, "node_modules/@cloudcomponents/cdk-pull-request-approval-rule": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@cloudcomponents/cdk-pull-request-approval-rule/-/cdk-pull-request-approval-rule-2.1.0.tgz", - "integrity": "sha512-rKb9yhSLSyGi1d50HTXdaPqNULqa/2eGeoCTq8RH4Upx2MaTKT+pFBvVR6i1yoXzoQmLzcA9KT+UWlwVB0at9w==", + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@cloudcomponents/cdk-pull-request-approval-rule/-/cdk-pull-request-approval-rule-2.3.0.tgz", + "integrity": "sha512-lZmLYM4Nkn6mnuYyURBTQH7lDvJ/ud58l96K0dfwm8Ws80pu81yb7Z8WOvVDCeb8SJfzEkCOkCUZ7AXB9AsVGg==", "peerDependencies": { - "aws-cdk-lib": "^2.8.0", + "aws-cdk-lib": "^2.28.0", "constructs": "^10.0.41" } }, "node_modules/@cloudcomponents/cdk-pull-request-check": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@cloudcomponents/cdk-pull-request-check/-/cdk-pull-request-check-2.1.0.tgz", - "integrity": "sha512-HpCGgAkUtj8atAVcRMBAa6xpincZWpx5Vt2njNrJPtYV0nvoJlTnTnsd/3yAMj4A+k5ab7zdeKJNqUtgWPgSvQ==", + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@cloudcomponents/cdk-pull-request-check/-/cdk-pull-request-check-2.3.0.tgz", + "integrity": "sha512-RzgdOvFPu8tc57ZcAy/yjHX8dFw0VPYg2rrzTEsmOxd83K7wb+GIkjUy9aaJQNuQPxUR2goMQu82COamXr9NSw==", "peerDependencies": { - "aws-cdk-lib": "^2.8.0", + "aws-cdk-lib": "^2.28.0", "constructs": "^10.0.41" } }, "node_modules/@commitlint/cli": { - "version": "19.0.3", - "resolved": "https://registry.npmjs.org/@commitlint/cli/-/cli-19.0.3.tgz", - "integrity": "sha512-mGhh/aYPib4Vy4h+AGRloMY+CqkmtdeKPV9poMcZeImF5e3knQ5VYaSeAM0mEzps1dbKsHvABwaDpafLUuM96g==", + "version": "19.3.0", + "resolved": "https://registry.npmjs.org/@commitlint/cli/-/cli-19.3.0.tgz", + "integrity": "sha512-LgYWOwuDR7BSTQ9OLZ12m7F/qhNY+NpAyPBgo4YNMkACE7lGuUnuQq1yi9hz1KA4+3VqpOYl8H1rY/LYK43v7g==", "dev": true, "dependencies": { - "@commitlint/format": "^19.0.3", - "@commitlint/lint": "^19.0.3", - "@commitlint/load": "^19.0.3", - "@commitlint/read": "^19.0.3", + "@commitlint/format": "^19.3.0", + "@commitlint/lint": "^19.2.2", + "@commitlint/load": "^19.2.0", + "@commitlint/read": "^19.2.1", "@commitlint/types": "^19.0.3", "execa": "^8.0.1", "yargs": "^17.0.0" @@ -917,9 +915,9 @@ } }, "node_modules/@commitlint/config-conventional": { - "version": "19.0.3", - "resolved": "https://registry.npmjs.org/@commitlint/config-conventional/-/config-conventional-19.0.3.tgz", - "integrity": "sha512-vh0L8XeLaEzTe8VCxSd0gAFvfTK0RFolrzw4o431bIuWJfi/yRCHJlsDwus7wW2eJaFFDR0VFXJyjGyDQhi4vA==", + "version": "19.2.2", + "resolved": "https://registry.npmjs.org/@commitlint/config-conventional/-/config-conventional-19.2.2.tgz", + "integrity": "sha512-mLXjsxUVLYEGgzbxbxicGPggDuyWNkf25Ht23owXIH+zV2pv1eJuzLK3t1gDY5Gp6pxdE60jZnWUY5cvgL3ufw==", "dev": true, "dependencies": { "@commitlint/types": "^19.0.3", @@ -969,9 +967,9 @@ } }, "node_modules/@commitlint/format": { - "version": "19.0.3", - "resolved": "https://registry.npmjs.org/@commitlint/format/-/format-19.0.3.tgz", - "integrity": "sha512-QjjyGyoiVWzx1f5xOteKHNLFyhyweVifMgopozSgx1fGNrGV8+wp7k6n1t6StHdJ6maQJ+UUtO2TcEiBFRyR6Q==", + "version": "19.3.0", + "resolved": "https://registry.npmjs.org/@commitlint/format/-/format-19.3.0.tgz", + "integrity": "sha512-luguk5/aF68HiF4H23ACAfk8qS8AHxl4LLN5oxPc24H+2+JRPsNr1OS3Gaea0CrH7PKhArBMKBz5RX9sA5NtTg==", "dev": true, "dependencies": { "@commitlint/types": "^19.0.3", @@ -994,9 +992,9 @@ } }, "node_modules/@commitlint/is-ignored": { - "version": "19.0.3", - "resolved": "https://registry.npmjs.org/@commitlint/is-ignored/-/is-ignored-19.0.3.tgz", - "integrity": "sha512-MqDrxJaRSVSzCbPsV6iOKG/Lt52Y+PVwFVexqImmYYFhe51iVJjK2hRhOG2jUAGiUHk4jpdFr0cZPzcBkSzXDQ==", + "version": "19.2.2", + "resolved": "https://registry.npmjs.org/@commitlint/is-ignored/-/is-ignored-19.2.2.tgz", + "integrity": "sha512-eNX54oXMVxncORywF4ZPFtJoBm3Tvp111tg1xf4zWXGfhBPKpfKG6R+G3G4v5CPlRROXpAOpQ3HMhA9n1Tck1g==", "dev": true, "dependencies": { "@commitlint/types": "^19.0.3", @@ -1007,12 +1005,12 @@ } }, "node_modules/@commitlint/lint": { - "version": "19.0.3", - "resolved": "https://registry.npmjs.org/@commitlint/lint/-/lint-19.0.3.tgz", - "integrity": "sha512-uHPyRqIn57iIplYa5xBr6oNu5aPXKGC4WLeuHfqQHclwIqbJ33g3yA5fIA+/NYnp5ZM2EFiujqHFaVUYj6HlKA==", + "version": "19.2.2", + "resolved": "https://registry.npmjs.org/@commitlint/lint/-/lint-19.2.2.tgz", + "integrity": "sha512-xrzMmz4JqwGyKQKTpFzlN0dx0TAiT7Ran1fqEBgEmEj+PU98crOFtysJgY+QdeSagx6EDRigQIXJVnfrI0ratA==", "dev": true, "dependencies": { - "@commitlint/is-ignored": "^19.0.3", + "@commitlint/is-ignored": "^19.2.2", "@commitlint/parse": "^19.0.3", "@commitlint/rules": "^19.0.3", "@commitlint/types": "^19.0.3" @@ -1022,17 +1020,17 @@ } }, "node_modules/@commitlint/load": { - "version": "19.0.3", - "resolved": "https://registry.npmjs.org/@commitlint/load/-/load-19.0.3.tgz", - "integrity": "sha512-18Tk/ZcDFRKIoKfEcl7kC+bYkEQ055iyKmGsYDoYWpKf6FUvBrP9bIWapuy/MB+kYiltmP9ITiUx6UXtqC9IRw==", + "version": "19.2.0", + "resolved": "https://registry.npmjs.org/@commitlint/load/-/load-19.2.0.tgz", + "integrity": "sha512-XvxxLJTKqZojCxaBQ7u92qQLFMMZc4+p9qrIq/9kJDy8DOrEa7P1yx7Tjdc2u2JxIalqT4KOGraVgCE7eCYJyQ==", "dev": true, "dependencies": { "@commitlint/config-validator": "^19.0.3", "@commitlint/execute-rule": "^19.0.0", - "@commitlint/resolve-extends": "^19.0.3", + "@commitlint/resolve-extends": "^19.1.0", "@commitlint/types": "^19.0.3", "chalk": "^5.3.0", - "cosmiconfig": "^8.3.6", + "cosmiconfig": "^9.0.0", "cosmiconfig-typescript-loader": "^5.0.0", "lodash.isplainobject": "^4.0.6", "lodash.merge": "^4.6.2", @@ -1078,13 +1076,14 @@ } }, "node_modules/@commitlint/read": { - "version": "19.0.3", - "resolved": "https://registry.npmjs.org/@commitlint/read/-/read-19.0.3.tgz", - "integrity": "sha512-b5AflTyAXkUx5qKw4TkjjcOccXZHql3JqMi522knTQktq2AubKXFz60Sws+K4FsefwPws6fGz9mqiI/NvsvxFA==", + "version": "19.2.1", + "resolved": "https://registry.npmjs.org/@commitlint/read/-/read-19.2.1.tgz", + "integrity": "sha512-qETc4+PL0EUv7Q36lJbPG+NJiBOGg7SSC7B5BsPWOmei+Dyif80ErfWQ0qXoW9oCh7GTpTNRoaVhiI8RbhuaNw==", "dev": true, "dependencies": { "@commitlint/top-level": "^19.0.0", "@commitlint/types": "^19.0.3", + "execa": "^8.0.1", "git-raw-commits": "^4.0.0", "minimist": "^1.2.8" }, @@ -1092,10 +1091,144 @@ "node": ">=v18" } }, + "node_modules/@commitlint/read/node_modules/execa": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/execa/-/execa-8.0.1.tgz", + "integrity": "sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg==", + "dev": true, + "dependencies": { + "cross-spawn": "^7.0.3", + "get-stream": "^8.0.1", + "human-signals": "^5.0.0", + "is-stream": "^3.0.0", + "merge-stream": "^2.0.0", + "npm-run-path": "^5.1.0", + "onetime": "^6.0.0", + "signal-exit": "^4.1.0", + "strip-final-newline": "^3.0.0" + }, + "engines": { + "node": ">=16.17" + }, + "funding": { + "url": "https://github.com/sindresorhus/execa?sponsor=1" + } + }, + "node_modules/@commitlint/read/node_modules/get-stream": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-8.0.1.tgz", + "integrity": "sha512-VaUJspBffn/LMCJVoMvSAdmscJyS1auj5Zulnn5UoYcY531UWmdwhRWkcGKnGU93m5HSXP9LP2usOryrBtQowA==", + "dev": true, + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@commitlint/read/node_modules/human-signals": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-5.0.0.tgz", + "integrity": "sha512-AXcZb6vzzrFAUE61HnN4mpLqd/cSIwNQjtNWR0euPm6y0iqx3G4gOXaIDdtdDwZmhwe82LA6+zinmW4UBWVePQ==", + "dev": true, + "engines": { + "node": ">=16.17.0" + } + }, + "node_modules/@commitlint/read/node_modules/is-stream": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-3.0.0.tgz", + "integrity": "sha512-LnQR4bZ9IADDRSkvpqMGvt/tEJWclzklNgSw48V5EAaAeDd6qGvN8ei6k5p0tvxSR171VmGyHuTiAOfxAbr8kA==", + "dev": true, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@commitlint/read/node_modules/mimic-fn": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-4.0.0.tgz", + "integrity": "sha512-vqiC06CuhBTUdZH+RYl8sFrL096vA45Ok5ISO6sE/Mr1jRbGH4Csnhi8f3wKVl7x8mO4Au7Ir9D3Oyv1VYMFJw==", + "dev": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@commitlint/read/node_modules/npm-run-path": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", + "integrity": "sha512-ppwTtiJZq0O/ai0z7yfudtBpWIoxM8yE6nHi1X47eFR2EWORqfbu6CnPlNsjeN683eT0qG6H/Pyf9fCcvjnnnQ==", + "dev": true, + "dependencies": { + "path-key": "^4.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@commitlint/read/node_modules/onetime": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/onetime/-/onetime-6.0.0.tgz", + "integrity": "sha512-1FlR+gjXK7X+AsAHso35MnyN5KqGwJRi/31ft6x0M194ht7S+rWAvd7PHss9xSKMzE0asv1pyIHaJYq+BbacAQ==", + "dev": true, + "dependencies": { + "mimic-fn": "^4.0.0" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@commitlint/read/node_modules/path-key": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", + "integrity": "sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ==", + "dev": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@commitlint/read/node_modules/signal-exit": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", + "dev": true, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/@commitlint/read/node_modules/strip-final-newline": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-3.0.0.tgz", + "integrity": "sha512-dOESqjYr96iWYylGObzd39EuNTa5VJxyvVAEm5Jnh7KGo75V43Hk1odPQkNDyXNmUR6k+gEiDVXnjB8HJ3crXw==", + "dev": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/@commitlint/resolve-extends": { - "version": "19.0.3", - "resolved": "https://registry.npmjs.org/@commitlint/resolve-extends/-/resolve-extends-19.0.3.tgz", - "integrity": "sha512-18BKmta8OC8+Ub+Q3QGM9l27VjQaXobloVXOrMvu8CpEwJYv62vC/t7Ka5kJnsW0tU9q1eMqJFZ/nN9T/cOaIA==", + "version": "19.1.0", + "resolved": "https://registry.npmjs.org/@commitlint/resolve-extends/-/resolve-extends-19.1.0.tgz", + "integrity": "sha512-z2riI+8G3CET5CPgXJPlzftH+RiWYLMYv4C9tSLdLXdr6pBNimSKukYP9MS27ejmscqCTVA4almdLh0ODD2KYg==", "dev": true, "dependencies": { "@commitlint/config-validator": "^19.0.3", @@ -2252,16 +2385,10 @@ "integrity": "sha512-dRLjCWHYg4oaA77cxO64oO+7JwCwnIzkZPdrrC71jQmQtlhM556pwKo5bUzqvZndkVbeFLIIi+9TC40JNF5hNQ==", "dev": true }, - "node_modules/@types/lodash": { - "version": "4.14.202", - "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.14.202.tgz", - "integrity": "sha512-OvlIYQK9tNneDlS0VN54LLd5uiPCBOp7gS5Z0f1mjoJYBrtStzgmJBxONW3U6OZqdtNzZPmn9BS/7WI7BFFcFQ==", - "dev": true - }, "node_modules/@types/node": { - "version": "20.11.24", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.11.24.tgz", - "integrity": "sha512-Kza43ewS3xoLgCEpQrsT+xRo/EJej1y0kVYGiLFE1NEODXGzTfwiC6tXTLMQskn1X4/Rjlh0MQUvx9W+L9long==", + "version": "20.12.8", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.12.8.tgz", + "integrity": "sha512-NU0rJLJnshZWdE/097cdCBbyW1h4hEg0xpovcoAQYHl8dnEyp/NAOiE45pvc+Bd1Dt+2r94v2eGFpQJ4R7g+2w==", "dev": true, "dependencies": { "undici-types": "~5.26.4" @@ -2319,25 +2446,25 @@ "dev": true }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.1.1.tgz", - "integrity": "sha512-zioDz623d0RHNhvx0eesUmGfIjzrk18nSBC8xewepKXbBvN/7c1qImV7Hg8TI1URTxKax7/zxfxj3Uph8Chcuw==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.8.0.tgz", + "integrity": "sha512-gFTT+ezJmkwutUPmB0skOj3GZJtlEGnlssems4AjkVweUPGj7jRwwqg0Hhg7++kPGJqKtTYx+R05Ftww372aIg==", "dev": true, "dependencies": { - "@eslint-community/regexpp": "^4.5.1", - "@typescript-eslint/scope-manager": "7.1.1", - "@typescript-eslint/type-utils": "7.1.1", - "@typescript-eslint/utils": "7.1.1", - "@typescript-eslint/visitor-keys": "7.1.1", + "@eslint-community/regexpp": "^4.10.0", + "@typescript-eslint/scope-manager": "7.8.0", + "@typescript-eslint/type-utils": "7.8.0", + "@typescript-eslint/utils": "7.8.0", + "@typescript-eslint/visitor-keys": "7.8.0", "debug": "^4.3.4", "graphemer": "^1.4.0", - "ignore": "^5.2.4", + "ignore": "^5.3.1", "natural-compare": "^1.4.0", - "semver": "^7.5.4", - "ts-api-utils": "^1.0.1" + "semver": "^7.6.0", + "ts-api-utils": "^1.3.0" }, "engines": { - "node": "^16.0.0 || >=18.0.0" + "node": "^18.18.0 || >=20.0.0" }, "funding": { "type": "opencollective", @@ -2354,19 +2481,19 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.1.1.tgz", - "integrity": "sha512-ZWUFyL0z04R1nAEgr9e79YtV5LbafdOtN7yapNbn1ansMyaegl2D4bL7vHoJ4HPSc4CaLwuCVas8CVuneKzplQ==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.8.0.tgz", + "integrity": "sha512-KgKQly1pv0l4ltcftP59uQZCi4HUYswCLbTqVZEJu7uLX8CTLyswqMLqLN+2QFz4jCptqWVV4SB7vdxcH2+0kQ==", "dev": true, "dependencies": { - "@typescript-eslint/scope-manager": "7.1.1", - "@typescript-eslint/types": "7.1.1", - "@typescript-eslint/typescript-estree": "7.1.1", - "@typescript-eslint/visitor-keys": "7.1.1", + "@typescript-eslint/scope-manager": "7.8.0", + "@typescript-eslint/types": "7.8.0", + "@typescript-eslint/typescript-estree": "7.8.0", + "@typescript-eslint/visitor-keys": "7.8.0", "debug": "^4.3.4" }, "engines": { - "node": "^16.0.0 || >=18.0.0" + "node": "^18.18.0 || >=20.0.0" }, "funding": { "type": "opencollective", @@ -2382,16 +2509,16 @@ } }, "node_modules/@typescript-eslint/scope-manager": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.1.1.tgz", - "integrity": "sha512-cirZpA8bJMRb4WZ+rO6+mnOJrGFDd38WoXCEI57+CYBqta8Yc8aJym2i7vyqLL1vVYljgw0X27axkUXz32T8TA==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.8.0.tgz", + "integrity": "sha512-viEmZ1LmwsGcnr85gIq+FCYI7nO90DVbE37/ll51hjv9aG+YZMb4WDE2fyWpUR4O/UrhGRpYXK/XajcGTk2B8g==", "dev": true, "dependencies": { - "@typescript-eslint/types": "7.1.1", - "@typescript-eslint/visitor-keys": "7.1.1" + "@typescript-eslint/types": "7.8.0", + "@typescript-eslint/visitor-keys": "7.8.0" }, "engines": { - "node": "^16.0.0 || >=18.0.0" + "node": "^18.18.0 || >=20.0.0" }, "funding": { "type": "opencollective", @@ -2399,18 +2526,18 @@ } }, "node_modules/@typescript-eslint/type-utils": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.1.1.tgz", - "integrity": "sha512-5r4RKze6XHEEhlZnJtR3GYeCh1IueUHdbrukV2KSlLXaTjuSfeVF8mZUVPLovidCuZfbVjfhi4c0DNSa/Rdg5g==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.8.0.tgz", + "integrity": "sha512-H70R3AefQDQpz9mGv13Uhi121FNMh+WEaRqcXTX09YEDky21km4dV1ZXJIp8QjXc4ZaVkXVdohvWDzbnbHDS+A==", "dev": true, "dependencies": { - "@typescript-eslint/typescript-estree": "7.1.1", - "@typescript-eslint/utils": "7.1.1", + "@typescript-eslint/typescript-estree": "7.8.0", + "@typescript-eslint/utils": "7.8.0", "debug": "^4.3.4", - "ts-api-utils": "^1.0.1" + "ts-api-utils": "^1.3.0" }, "engines": { - "node": "^16.0.0 || >=18.0.0" + "node": "^18.18.0 || >=20.0.0" }, "funding": { "type": "opencollective", @@ -2426,11 +2553,11 @@ } }, "node_modules/@typescript-eslint/types": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.1.1.tgz", - "integrity": "sha512-KhewzrlRMrgeKm1U9bh2z5aoL4s7K3tK5DwHDn8MHv0yQfWFz/0ZR6trrIHHa5CsF83j/GgHqzdbzCXJ3crx0Q==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.8.0.tgz", + "integrity": "sha512-wf0peJ+ZGlcH+2ZS23aJbOv+ztjeeP8uQ9GgwMJGVLx/Nj9CJt17GWgWWoSmoRVKAX2X+7fzEnAjxdvK2gqCLw==", "engines": { - "node": "^16.0.0 || >=18.0.0" + "node": "^18.18.0 || >=20.0.0" }, "funding": { "type": "opencollective", @@ -2438,22 +2565,22 @@ } }, "node_modules/@typescript-eslint/typescript-estree": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.1.1.tgz", - "integrity": "sha512-9ZOncVSfr+sMXVxxca2OJOPagRwT0u/UHikM2Rd6L/aB+kL/QAuTnsv6MeXtjzCJYb8PzrXarypSGIPx3Jemxw==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.8.0.tgz", + "integrity": "sha512-5pfUCOwK5yjPaJQNy44prjCwtr981dO8Qo9J9PwYXZ0MosgAbfEMB008dJ5sNo3+/BN6ytBPuSvXUg9SAqB0dg==", "dev": true, "dependencies": { - "@typescript-eslint/types": "7.1.1", - "@typescript-eslint/visitor-keys": "7.1.1", + "@typescript-eslint/types": "7.8.0", + "@typescript-eslint/visitor-keys": "7.8.0", "debug": "^4.3.4", "globby": "^11.1.0", "is-glob": "^4.0.3", - "minimatch": "9.0.3", - "semver": "^7.5.4", - "ts-api-utils": "^1.0.1" + "minimatch": "^9.0.4", + "semver": "^7.6.0", + "ts-api-utils": "^1.3.0" }, "engines": { - "node": "^16.0.0 || >=18.0.0" + "node": "^18.18.0 || >=20.0.0" }, "funding": { "type": "opencollective", @@ -2475,9 +2602,9 @@ } }, "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": { - "version": "9.0.3", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.3.tgz", - "integrity": "sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==", + "version": "9.0.4", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==", "dev": true, "dependencies": { "brace-expansion": "^2.0.1" @@ -2490,21 +2617,21 @@ } }, "node_modules/@typescript-eslint/utils": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.1.1.tgz", - "integrity": "sha512-thOXM89xA03xAE0lW7alstvnyoBUbBX38YtY+zAUcpRPcq9EIhXPuJ0YTv948MbzmKh6e1AUszn5cBFK49Umqg==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.8.0.tgz", + "integrity": "sha512-L0yFqOCflVqXxiZyXrDr80lnahQfSOfc9ELAAZ75sqicqp2i36kEZZGuUymHNFoYOqxRT05up760b4iGsl02nQ==", "dev": true, "dependencies": { "@eslint-community/eslint-utils": "^4.4.0", - "@types/json-schema": "^7.0.12", - "@types/semver": "^7.5.0", - "@typescript-eslint/scope-manager": "7.1.1", - "@typescript-eslint/types": "7.1.1", - "@typescript-eslint/typescript-estree": "7.1.1", - "semver": "^7.5.4" + "@types/json-schema": "^7.0.15", + "@types/semver": "^7.5.8", + "@typescript-eslint/scope-manager": "7.8.0", + "@typescript-eslint/types": "7.8.0", + "@typescript-eslint/typescript-estree": "7.8.0", + "semver": "^7.6.0" }, "engines": { - "node": "^16.0.0 || >=18.0.0" + "node": "^18.18.0 || >=20.0.0" }, "funding": { "type": "opencollective", @@ -2515,15 +2642,15 @@ } }, "node_modules/@typescript-eslint/visitor-keys": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.1.1.tgz", - "integrity": "sha512-yTdHDQxY7cSoCcAtiBzVzxleJhkGB9NncSIyMYe2+OGON1ZsP9zOPws/Pqgopa65jvknOjlk/w7ulPlZ78PiLQ==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.8.0.tgz", + "integrity": "sha512-q4/gibTNBQNA0lGyYQCmWRS5D15n8rXh4QjK3KV+MBPlTYHpfBUT3D3PaPR/HeNiI9W6R7FvlkcGhNyAoP+caA==", "dependencies": { - "@typescript-eslint/types": "7.1.1", - "eslint-visitor-keys": "^3.4.1" + "@typescript-eslint/types": "7.8.0", + "eslint-visitor-keys": "^3.4.3" }, "engines": { - "node": "^16.0.0 || >=18.0.0" + "node": "^18.18.0 || >=20.0.0" }, "funding": { "type": "opencollective", @@ -2567,15 +2694,15 @@ } }, "node_modules/ajv": { - "version": "8.12.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz", - "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==", + "version": "8.13.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.13.0.tgz", + "integrity": "sha512-PRA911Blj99jR5RMeTunVbNXMF6Lp4vZXnk5GQjcnUWUTsrXtekg/pnmFFI2u/I36Y/2bITGS30GZCXei6uNkA==", "dev": true, "dependencies": { - "fast-deep-equal": "^3.1.1", + "fast-deep-equal": "^3.1.3", "json-schema-traverse": "^1.0.0", "require-from-string": "^2.0.2", - "uri-js": "^4.2.2" + "uri-js": "^4.4.1" }, "funding": { "type": "github", @@ -2801,9 +2928,9 @@ } }, "node_modules/aws-cdk-lib": { - "version": "2.131.0", - "resolved": "https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.131.0.tgz", - "integrity": "sha512-9XLgiTgY+q0S3K93VPeJO0chIN8BZwZ3aSrILvF868Dz+0NTNrD2m5M0xGK5Rw0uoJS+N+DvGaz/2hLAiVqcBw==", + "version": "2.140.0", + "resolved": "https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.140.0.tgz", + "integrity": "sha512-wepu+u63LTxnIfW/IPr+V5Mx1T9jq8HRxhPynYPQKFYaKfOV+6HtJGxkuAEg2CWXk0rx2Btal/BCLjYQovI92Q==", "bundleDependencies": [ "@balena/dockerignore", "case", @@ -2820,7 +2947,7 @@ "dependencies": { "@aws-cdk/asset-awscli-v1": "^2.2.202", "@aws-cdk/asset-kubectl-v20": "^2.1.2", - "@aws-cdk/asset-node-proxy-agent-v6": "^2.0.1", + "@aws-cdk/asset-node-proxy-agent-v6": "^2.0.3", "@balena/dockerignore": "^1.0.2", "case": "1.6.3", "fs-extra": "^11.2.0", @@ -2830,7 +2957,7 @@ "minimatch": "^3.1.2", "punycode": "^2.3.1", "semver": "^7.6.0", - "table": "^6.8.1", + "table": "^6.8.2", "yaml": "1.10.2" }, "engines": { @@ -2846,14 +2973,14 @@ "license": "Apache-2.0" }, "node_modules/aws-cdk-lib/node_modules/ajv": { - "version": "8.12.0", + "version": "8.13.0", "inBundle": true, "license": "MIT", "dependencies": { - "fast-deep-equal": "^3.1.1", + "fast-deep-equal": "^3.1.3", "json-schema-traverse": "^1.0.0", "require-from-string": "^2.0.2", - "uri-js": "^4.2.2" + "uri-js": "^4.4.1" }, "funding": { "type": "github", @@ -3118,7 +3245,7 @@ } }, "node_modules/aws-cdk-lib/node_modules/table": { - "version": "6.8.1", + "version": "6.8.2", "inBundle": true, "license": "BSD-3-Clause", "dependencies": { @@ -3470,9 +3597,9 @@ ] }, "node_modules/cdk-monitoring-constructs": { - "version": "7.7.0", - "resolved": "https://registry.npmjs.org/cdk-monitoring-constructs/-/cdk-monitoring-constructs-7.7.0.tgz", - "integrity": "sha512-oooH6Bf3W2YfKc5A7In8+roUMybhcGX0fJ/+plb7llJ+d3O4m+DeIXWeiCPjCbMw5v5/iMGIgaIIR4xygDDxRQ==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/cdk-monitoring-constructs/-/cdk-monitoring-constructs-7.8.0.tgz", + "integrity": "sha512-zE8viNe+Ge3x1G3qae6fjBdsnPXiQVjsxYzHvp/S4I4iO0LxbST1hRFHqCs4PFJW4KEA4sywCLzeQ93q607UXg==", "peerDependencies": { "@aws-cdk/aws-redshift-alpha": "^2.112.0-alpha.0", "aws-cdk-lib": "^2.112.0", @@ -3480,9 +3607,9 @@ } }, "node_modules/cdk-nag": { - "version": "2.28.55", - "resolved": "https://registry.npmjs.org/cdk-nag/-/cdk-nag-2.28.55.tgz", - "integrity": "sha512-ETdEB6zFQqxVrWXMZSI3c3EoMNOp919pdYsb11zlZyyfS99mgKf9wdXHpBWYu2gY+efxXktWj7HLoPU6g1sxrQ==", + "version": "2.28.109", + "resolved": "https://registry.npmjs.org/cdk-nag/-/cdk-nag-2.28.109.tgz", + "integrity": "sha512-Mow/zg41JTL1x+Gn6ZKbzikxrG4jbTzRAz33O6osG1er6o5at6aNTG/+e6XeiI8/fhwyxV/YskW1cBlnLj1PvA==", "peerDependencies": { "aws-cdk-lib": "^2.116.0", "constructs": "^10.0.5" @@ -3808,15 +3935,15 @@ "dev": true }, "node_modules/cosmiconfig": { - "version": "8.3.6", - "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-8.3.6.tgz", - "integrity": "sha512-kcZ6+W5QzcJ3P1Mt+83OUv/oHFqZHIx8DuxG6eZ5RGMERoLqp4BuGjhHLYGK+Kf5XVkQvqBSmAy/nGWN3qDgEA==", + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", + "integrity": "sha512-itvL5h8RETACmOTFc4UfIyB2RfEHi71Ax6E/PivVxq9NseKbOWpeyHEOIbmAw1rs8Ak0VursQNww7lf7YtUwzg==", "dev": true, "dependencies": { + "env-paths": "^2.2.1", "import-fresh": "^3.3.0", "js-yaml": "^4.1.0", - "parse-json": "^5.2.0", - "path-type": "^4.0.0" + "parse-json": "^5.2.0" }, "engines": { "node": ">=14" @@ -4228,6 +4355,15 @@ "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==" }, + "node_modules/env-paths": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", + "integrity": "sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A==", + "dev": true, + "engines": { + "node": ">=6" + } + }, "node_modules/error-ex": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", @@ -5072,15 +5208,15 @@ } }, "node_modules/glob": { - "version": "10.3.10", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.10.tgz", - "integrity": "sha512-fa46+tv1Ak0UPK1TOy/pZrIybNNt4HCv7SDzwyfiOZkvZLEbjsZkJBPtDHVshZjbecAoAGSC20MjLDG/qr679g==", + "version": "10.3.12", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "integrity": "sha512-TCNv8vJ+xz4QiqTpfOJA7HvYv+tNIRHKfUWw/q+v2jdgN4ebz+KY9tGx5J4rHP0o84mNP+ApH66HRX8us3Khqg==", "dependencies": { "foreground-child": "^3.1.0", - "jackspeak": "^2.3.5", + "jackspeak": "^2.3.6", "minimatch": "^9.0.1", - "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0", - "path-scurry": "^1.10.1" + "minipass": "^7.0.4", + "path-scurry": "^1.10.2" }, "bin": { "glob": "dist/esm/bin.mjs" @@ -5375,15 +5511,15 @@ } }, "node_modules/husky": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/husky/-/husky-8.0.3.tgz", - "integrity": "sha512-+dQSyqPh4x1hlO1swXBiNb2HzTDN1I2IGLQx1GrBuiqFJfoMrnZWwVmatvSiO+Iz8fBUnf+lekwNo4c2LlXItg==", + "version": "9.0.11", + "resolved": "https://registry.npmjs.org/husky/-/husky-9.0.11.tgz", + "integrity": "sha512-AB6lFlbwwyIqMdHYhwPe+kjOC3Oc5P3nThEoW/AaO2BX3vJDjWPFxYLxokUZOo6RNX20He3AaT8sESs9NJcmEw==", "dev": true, "bin": { - "husky": "lib/bin.js" + "husky": "bin.mjs" }, "engines": { - "node": ">=14" + "node": ">=18" }, "funding": { "url": "https://github.com/sponsors/typicode" @@ -5422,9 +5558,9 @@ ] }, "node_modules/ignore": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.0.tgz", - "integrity": "sha512-g7dmpshy+gD7mh88OC9NwSGTKoc3kyLAZQRU1mt53Aw/vnvfXnbC+F/7F7QoYVKbV+KNvJx8wArewKy1vXMtlg==", + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==", "dev": true, "engines": { "node": ">= 4" @@ -5475,9 +5611,9 @@ } }, "node_modules/import-meta-resolve": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/import-meta-resolve/-/import-meta-resolve-4.0.0.tgz", - "integrity": "sha512-okYUR7ZQPH+efeuMJGlq4f8ubUgO50kByRPyt/Cy1Io4PSRsPjxME+YlVaCOx+NIToW7hCsZNFJyTPFFKepRSA==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/import-meta-resolve/-/import-meta-resolve-4.1.0.tgz", + "integrity": "sha512-I6fiaX09Xivtk+THaMfAwnA3MVA5Big1WHF1Dfx9hFuvNIWpXnorlkzhcQf6ehrqQiiZECRt1poOAkPmer3ruw==", "dev": true, "funding": { "type": "github", @@ -6768,7 +6904,8 @@ "node_modules/lodash": { "version": "4.17.21", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "dev": true }, "node_modules/lodash.camelcase": { "version": "4.3.0", @@ -6977,9 +7114,9 @@ } }, "node_modules/minipass": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", - "integrity": "sha512-jYofLM5Dam9279rdkWzqHozUo4ybjdZmCsDHePy5V/PbBcVMiSZR97gmAy45aqi8CK1lG2ECd356FU86avfwUQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.1.tgz", + "integrity": "sha512-UZ7eQ+h8ywIRAW1hIEl2AqdwzJucU/Kp59+8kkZeSvafXhZjul247BvIJjEVFVeON6d7lM46XX1HXCduKAS8VA==", "engines": { "node": ">=16 || 14 >=14.17" } @@ -7301,24 +7438,24 @@ "dev": true }, "node_modules/path-scurry": { - "version": "1.10.1", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.1.tgz", - "integrity": "sha512-MkhCqzzBEpPvxxQ71Md0b1Kk51W01lrYvlMzSUaIzNsODdd7mqhiimSZlr+VegAz5Z6Vzt9Xg2ttE//XBhH3EQ==", + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", + "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", "dependencies": { - "lru-cache": "^9.1.1 || ^10.0.0", + "lru-cache": "^10.2.0", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" }, "engines": { - "node": ">=16 || 14 >=14.17" + "node": ">=16 || 14 >=14.18" }, "funding": { "url": "https://github.com/sponsors/isaacs" } }, "node_modules/path-scurry/node_modules/lru-cache": { - "version": "10.2.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", - "integrity": "sha512-2bIM8x+VAf6JT4bKAljS1qUWgMsqZRPGJS6FSahIMPVvctcNhyVp7AJu7quxOW9jwkryBReKZY5tY5JYv2n/7Q==", + "version": "10.2.2", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", + "integrity": "sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==", "engines": { "node": "14 || >=16.14" } @@ -7490,7 +7627,6 @@ "version": "2.3.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", - "dev": true, "engines": { "node": ">=6" } @@ -8290,9 +8426,9 @@ } }, "node_modules/ts-api-utils": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.2.1.tgz", - "integrity": "sha512-RIYA36cJn2WiH9Hy77hdF9r7oEwxAtB/TS9/S4Qd90Ap4z5FSiin5zEiTL44OII1Y3IIlEvxwxFUVgrHSZ/UpA==", + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.3.0.tgz", + "integrity": "sha512-UQMIo7pb8WRomKR1/+MFVLTroIvDVtMX3K6OUir8ynLyzB8Jeriont2bTAtmNPa1ekAgN7YPDyf6V+ygrdU+eQ==", "dev": true, "engines": { "node": ">=16" @@ -8525,9 +8661,9 @@ } }, "node_modules/typescript": { - "version": "5.3.3", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.3.3.tgz", - "integrity": "sha512-pXWcraxM0uxAS+tN0AG/BF2TyqmHO014Z070UsJ+pFvYuRSq8KH8DmWpnbXe0pEPDHXZV3FcAbJkijJ5oNEnWw==", + "version": "5.4.5", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.4.5.tgz", + "integrity": "sha512-vcI4UpRgg81oIRUFwR0WSIHKt11nJ7SAVlYNIu+QpqeyXP+gpQJy/Z4+F0aGxSE4MqwjyXvW/TzgkLAx2AGHwQ==", "dev": true, "bin": { "tsc": "bin/tsc", diff --git a/package-verification.json b/package-verification.json index b4407fc..be3e5c7 100644 --- a/package-verification.json +++ b/package-verification.json @@ -1,7 +1,7 @@ { - "package-lock.json": "cee84888d6e84e50de526b40d833235437ac8cb44f6b053d9c04eac928800500", + "package-lock.json": "1c0587f19cf31175b18cb25ff72e50626bc39d4ee195512de2aca579cf19144c", "license": { - "package.json": "d09558cc9361c629a37b52505741a775738618ac5f4cc47ab68b6b1b3189b2f5", + "package.json": "439bd17a60c8f65dba3666e14ce7db538cf83e7622f8cfe95a9e5a07827b06be", "src/lambda-layer/common/Pipfile": "53333eca42637e4ed066308b8c6c5282fe39d10c112e16e02f29db45ddf07eb5", "projectList": "24951410902869c872facab060c4533d42b1f47e5c3aed0acd572937d8ab9f15" } diff --git a/package.json b/package.json index 1012ce3..2314fae 100644 --- a/package.json +++ b/package.json @@ -5,11 +5,11 @@ "pipeline": "bin/app.ts" }, "scripts": { - "prepare": "if [ -z $CODEBUILD_BUILD_ID ] && [ -z $GITHUB_ACTIONS ]; then husky install; fi", + "prepare": "if [ -z $CODEBUILD_BUILD_ID ] && [ -z $GITHUB_ACTIONS ]; then husky; fi", "build": "tsc && tsc --build --clean && npm run lint", "watch": "tsc -w", "test": "jest", - "cdk": "npx aws-cdk@2.131.0", + "cdk": "npx aws-cdk@2.140.0", "validate": "npx ts-node ./scripts/package-checksum-validator.ts", "validate:fix": "ts-node ./scripts/package-checksum-generator.ts", "audit": "concurrently 'npm:audit:*(!fix)'", @@ -39,38 +39,36 @@ ] }, "devDependencies": { - "@commitlint/cli": "19.0.3", - "@commitlint/config-conventional": "19.0.3", + "@commitlint/cli": "19.3.0", + "@commitlint/config-conventional": "19.2.2", "@types/jest": "29.5.12", - "@types/lodash": "4.14.202", - "@types/node": "20.11.24", + "@types/node": "20.12.8", "@types/prettier": "3.0.0", "@types/source-map-support": "0.5.10", - "@typescript-eslint/eslint-plugin": "7.1.1", - "@typescript-eslint/parser": "7.1.1", + "@typescript-eslint/eslint-plugin": "7.8.0", + "@typescript-eslint/parser": "7.8.0", "concurrently": "8.2.2", "cz-conventional-changelog": "3.3.0", "eslint": "8.57.0", "eslint-plugin-import": "2.29.1", - "husky": "8.0.3", + "husky": "9.0.11", "jest": "29.7.0", "run-script-os": "1.1.6", "ts-jest": "29.1.2", "ts-node": "10.9.2", - "typescript": "5.3.3" + "typescript": "5.4.5" }, "dependencies": { - "@cloudcomponents/cdk-pull-request-approval-rule": "2.1.0", - "@cloudcomponents/cdk-pull-request-check": "2.1.0", + "@cloudcomponents/cdk-pull-request-approval-rule": "2.3.0", + "@cloudcomponents/cdk-pull-request-check": "2.3.0", "@types/uuid": "9.0.8", - "@typescript-eslint/visitor-keys": "7.1.1", - "aws-cdk-lib": "2.131.0", - "cdk-monitoring-constructs": "7.7.0", - "cdk-nag": "2.28.55", + "@typescript-eslint/visitor-keys": "7.8.0", + "aws-cdk-lib": "2.140.0", + "cdk-monitoring-constructs": "7.8.0", + "cdk-nag": "2.28.109", "constructs": "10.3.0", "csv": "6.3.8", - "glob": "10.3.10", - "lodash": "4.17.21", + "glob": "10.3.12", "source-map-support": "0.5.21", "uuid": "9.0.1" }, diff --git a/scripts/proxy.sh b/scripts/proxy.sh deleted file mode 100755 index ed5c9c5..0000000 --- a/scripts/proxy.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: MIT-0 - -set -e - -# Create the configuration. This way Docker containers will use the proxy - -if [[ -z "${HTTP_PROXY}" ]]; then - echo "--- No Proxy configuration detected ---" -else - echo "--- Proxy configuration detected ---" - mkdir ~/.docker/ - cat > ~/.docker/config.json < /dev/null 2>&1 - echo "--- Docker daemon restarted ---" -fi - - diff --git a/scripts/warming.sh b/scripts/warming.sh index e0679b5..0478b3a 100755 --- a/scripts/warming.sh +++ b/scripts/warming.sh @@ -9,10 +9,12 @@ echo "Collecting values from the SSM Params" echo "Getting all SSM params for the qualifier" parameters=$(aws ssm get-parameters-by-path --path /${CDK_QUALIFIER}/ --query "Parameters[].[Name, Value]" --output text) -# Process the list of SSM parameters with values which are in the following format: -# /qualifier/AccountDev 123456789012 -# /qualifier/AccountInt 123456789012 -# /qualifier/AccountRes 123456789012 +# Process the list of SSM parameters with values which are in teh following format: +# /qualifier/AccountDev 123456789012 +# /qualifier/AccountInt 123456789012 +# /qualifier/AccountRes 123456789012 +# /qualifier/AccountProd 123456789012 +# /qualifier/Account${YOUR_OTHER_STAGE} 123456789012 # Iterate over the list of parameters and print the values parameter_name=; @@ -23,13 +25,15 @@ while IFS= read -r line; do echo "$parameter_name: $parameter_value"; if [[ $parameter_name =~ "Account" ]]; then - # get the stageName from the end of the parameter name after the Account string + # Get the stageName from the end of the parameter name after the Account string stageName=${parameter_name##*Account}; - # make it upper case, if stage name is either Res, Dev, Int, or Prod + # BACKWARD compatibility STARTS HERE + # Make it upper case, if stage name is either Res, Dev, Int, or Prod if [[ $stageName == "Res" || $stageName == "Dev" || $stageName == "Int" || $stageName == "Prod" ]]; then stageName=$(echo $stageName | tr '[:lower:]' '[:upper:]'); fi + # BACKWARD compatibility ENDS HERE export "ACCOUNT_${stageName}"="$parameter_value"; diff --git a/test/PipelineStack.test.ts b/test/PipelineStack.test.ts index dc27476..0c868e0 100644 --- a/test/PipelineStack.test.ts +++ b/test/PipelineStack.test.ts @@ -435,7 +435,7 @@ describe('pipeline-tests', () => { Type: 'LINUX_CONTAINER', }, Source: { - BuildSpec: '{\n "version": "0.2",\n "env": {\n "shell": "bash",\n "variables": {\n "NO_PROXY": "eu-west-1.amazonaws.com",\n "AWS_STS_REGIONAL_ENDPOINTS": "regional"\n },\n "secrets-manager": {\n "PROXY_USERNAME": "arn:aws:secretsmanager:eu-west-1:123456789012:secret:/proxy/credentials/default-aaaaaa:username",\n "PROXY_PASSWORD": "arn:aws:secretsmanager:eu-west-1:123456789012:secret:/proxy/credentials/default-aaaaaa:password",\n "HTTP_PROXY_PORT": "arn:aws:secretsmanager:eu-west-1:123456789012:secret:/proxy/credentials/default-aaaaaa:http_proxy_port",\n "HTTPS_PROXY_PORT": "arn:aws:secretsmanager:eu-west-1:123456789012:secret:/proxy/credentials/default-aaaaaa:https_proxy_port",\n "PROXY_DOMAIN": "arn:aws:secretsmanager:eu-west-1:123456789012:secret:/proxy/credentials/default-aaaaaa:proxy_domain"\n }\n },\n "phases": {\n "install": {\n "commands": [\n "export HTTP_PROXY=\\"http://$PROXY_USERNAME:$PROXY_PASSWORD@$PROXY_DOMAIN:$HTTP_PROXY_PORT\\"",\n "export HTTPS_PROXY=\\"https://$PROXY_USERNAME:$PROXY_PASSWORD@$PROXY_DOMAIN:$HTTPS_PROXY_PORT\\"",\n "echo \\"--- Proxy Test ---\\"",\n "curl -Is --connect-timeout 5 proxy-test.com | grep \\"HTTP/\\"",\n "./scripts/proxy.sh",\n "pip3 install awscli --upgrade --quiet"\n ]\n },\n "build": {\n "commands": [\n "./scripts/check-audit.sh",\n ". ./scripts/warming.sh",\n "./scripts/build.sh",\n "./scripts/test.sh",\n "./scripts/cdk-synth.sh"\n ]\n }\n },\n "artifacts": {\n "base-directory": "./cdk.out",\n "files": [\n "**/*"\n ]\n }\n}', + BuildSpec: '{\n "version": "0.2",\n "env": {\n "shell": "bash",\n "variables": {\n "NO_PROXY": "eu-west-1.amazonaws.com",\n "AWS_STS_REGIONAL_ENDPOINTS": "regional"\n },\n "secrets-manager": {\n "PROXY_USERNAME": "arn:aws:secretsmanager:eu-west-1:123456789012:secret:/proxy/credentials/default-aaaaaa:username",\n "PROXY_PASSWORD": "arn:aws:secretsmanager:eu-west-1:123456789012:secret:/proxy/credentials/default-aaaaaa:password",\n "HTTP_PROXY_PORT": "arn:aws:secretsmanager:eu-west-1:123456789012:secret:/proxy/credentials/default-aaaaaa:http_proxy_port",\n "HTTPS_PROXY_PORT": "arn:aws:secretsmanager:eu-west-1:123456789012:secret:/proxy/credentials/default-aaaaaa:https_proxy_port",\n "PROXY_DOMAIN": "arn:aws:secretsmanager:eu-west-1:123456789012:secret:/proxy/credentials/default-aaaaaa:proxy_domain"\n }\n },\n "phases": {\n "install": {\n "commands": [\n "export HTTP_PROXY=\\"http://$PROXY_USERNAME:$PROXY_PASSWORD@$PROXY_DOMAIN:$HTTP_PROXY_PORT\\"",\n "export HTTPS_PROXY=\\"https://$PROXY_USERNAME:$PROXY_PASSWORD@$PROXY_DOMAIN:$HTTPS_PROXY_PORT\\"",\n "echo \\"--- Proxy Test ---\\"",\n "curl -Is --connect-timeout 5 proxy-test.com | grep \\"HTTP/\\"",\n "pip3 install awscli --upgrade --quiet"\n ]\n },\n "build": {\n "commands": [\n "./scripts/check-audit.sh",\n ". ./scripts/warming.sh",\n "./scripts/build.sh",\n "./scripts/test.sh",\n "./scripts/cdk-synth.sh"\n ]\n }\n },\n "artifacts": {\n "base-directory": "./cdk.out",\n "files": [\n "**/*"\n ]\n }\n}', }, }).test(synthProject.Properties as any); });