Skip to content

Releases: marshall7m/terraform-aws-infrastructure-live-ci

v0.0.5

27 Nov 03:30
Compare
Choose a tag to compare

Enhancements

  • Add the ability to comment on Terraform plan results as diff code blocks within the PR page
    • Users can toggle PR plans being displayed via the Terraform variable: var.enable_gh_comment_pr_plan
    • Users can toggle deployment plans being displayed via the Terraform variable: var.enable_gh_comment_approval
  • Each metadb setup query is now within its own null_resource for easier debugging

v0.4.0

18 Nov 00:59
Compare
Choose a tag to compare

Enhancements

  • Slim down e2e tests and move exception cases to the integration directory
  • Allow integration tests to run locally while mocking external resources from the Terraform module using a standalone moto server
  • Refactor Lambda receiver function to use the FastApi framework
  • Refactor Lambda approval response function to use the FastApi framework
  • Add .devcontainer.json file to use the VsCode dev container extension for development

v0.3.0

10 Aug 01:55
17a45af
Compare
Choose a tag to compare

Upgrades

  • Replace AWS API Gateway resources with Lambda Function URLs. With the recent release of AWS Lambda Function URLs, Lambda Functions can now be invoked by their own HTTPS endpoint. Given the module only needs endpoints for simple webhook events, the Lambda Function URLs are a better fit than the AWS API Gateway. This removes the cost and management of the API Gateway resources within the module.
  • With the deletion of the API, comes the removal of the github_webhook_validator module. The request authentification logic that was performed within the validator Lambda Function will now be migrated into the receiver Lambda Function.

v0.2.0

13 Jul 01:36
Compare
Choose a tag to compare

Upgrades

  • The most significant upgrade within this release is that all CodeBuild projects are replaced with ECS Fargate tasks. Specifically, this includes the existing Create Deploy Stack and Terra Run jobs.

  • Instead of the module building the container image within the Terraform apply process, users can specify their own Docker image or use the pre-built GitHub registry image attached to the module repo. This gives the ability to install additional dependencies within their provided image that may fall outside the scope of Terraform resources

  • Unlike CodeBuild, ECS tasks don't have integrated GitHub webhook triggers. To work around this limitation, the AWS ApiGateway API now includes an endpoint for both open and merged pull request activity. The API will send the webhook request to a Lambda Function to verify the request's SHA256 signature and check that the GitHub event meets the requirements to trigger the downstream Lambda Function.

Enhancements

  • Replace deploy_* with apply_* variables and resources. Makes more intuitive sense given that the deployments are essentially just Terraform apply actions.

  • A new ECS task named PR Plan is implemented for creating Terraform plans for directories that have added and/or modified IaC files within pull requests

  • All ECS task's CPU and memory configurations can be defined via <task>_cpu and <task>_memory Terraform variables

  • Change Create Deploy Stack GRAPH_SCAN to SCAN_TYPE env var. The old GRAPH_SCAN would use the graph-dependencies scan if the env var were present while the new SCAN_TYPE env var accepts the name of the scan type.

  • The SCAN_TYPE value is now stored within an AWS System Manager Parameter Store resource. Users can now quickly update the scan type via the parameter value without editing and reapplying the module.

  • Step Function execution and all ECS tasks can send commit statuses specifying the state of the service. This can be toggled by editing the AWS System Manager Parameter Store value's JSON mapping or var.commit_status_config variable like so:

commit_status_config = {
   PrPlan = true
   CreateDeployStack = false
   Plan = false
   Apply = false
   Execution = true
}
  • Add conditional IAM permissions for ECS tasks to access private Docker registry images

  • Add initial Diagram as Code

  • Given that the GitHub permissions needed by individual services within the module are the same, users now have to specify one GitHub token rather than two

Bug Fixes

  • To workaround nfx04/dummy dummy provider being deleted, I ended up biting the bullet and creating my own very minimal dummy Terraform provider specified under marshall7m/dummy within the Terraform registry. This dummy provider is used for integration testing scenarios where the provider block is removed before the resources are deleted

v0.1.0

19 Jun 03:09
Compare
Choose a tag to compare

Enhancements

Module

  • Replace prefixing resources with var.step_function_name with actual var.prefix variable
  • Use pinned Terraform sub-module source versions instead of using sub-module's possibly unstable master branch
  • Remove module.ecr_common_image and replace with a ghcr image that has it's own GitHub actions release workflow
    • This bring the benefit of decoupling the Docker build process from the Terraform module deployment
    • Allows the user to pin down a specific version of the image
    • Opens up the ability to run an older version of the module with a newer version of the image that may contain updated packages
  • Add a common entrypoint script to the create deploy stack and terra run buildspec definitions to install the user-defined Terraform/Terragrunt versions at runtime
  • Add the following execution context data to the approval request email template:
    LogsUrl: Cloudwatch log stream associated with the Step Function execution Plan task
    ExecutionName: Step Function execution ID
    AccountName: AWS account name
    PullRequestID: Pull Request #
  • Replace general var.github_token_ssm_key with var.github_webhook_validator_github_token_ssm_key for module.github_webhook_validator and local.merge_lock_github_token_ssm_key for module.lambda_merge_lock
  • Replace inline local.metadb_setup_script with templated metadb_setup_script.sh
  • Add a random_id suffix to aws_secretsmanager_secret to prevent duplicate naming issues with scheduled for deletion secret manager values

Tests

  • Add GitHub actions workflow
    • Includes a job for pre-commit hooks, unit tests and integration tests
    • Implements conditional jobs that allow the Github workflow to run locally via act
  • Use ghcr.io/marshall7m/terrace:v0.1.8 for Docker compose unit and integration testing services
  • Use handy dummy_thing resource from the Terraform provider nfx04/dummy for rollback new provider resouces integration testing. Replaces dummy github_repository resource that required additional teardown logic
  • Add black, flake8, sqlfluff-lint, and shellcheck pre-commit hooks for enforcing style and format checks for .py, .sql and .sh files. Release also includes fixes to adhere to the hooks
  • Use authenticated sender email address to actually test approval request Lambda Function logic instead of patching the API request
  • Create useful aws_session_expiration_check fixture that skips all integration tests if the AWS_SESSION_EXPIRATION is less than a specified amount of time. No more mid-way expired session token surprises within integration testing!
  • Add Terraform/Terragrunt version constraint markdown table for create deploy stack and terra run builds

Bug Fixes

  • Replace overwritting AWS credentials with dummy values within unit test aws_credentials fixture with setting the value if it doesn't not exist. This fixes the case where the aws_credentials fixture overwrites the GitHub workflow’s actual AWS credentials that causes downstream tests that need valid AWS credentials to fail

v0.1.0-alpha

03 May 00:54
0ca7e62
Compare
Choose a tag to compare

v0.1.0-alpha contains a stable version of the Terraform module. Module passes all unit and integrations tests.

Any level of feedback will be very much appreciated.

New tags may be related to the features defined under the #TODO section of the README.md.