Merge branch 'main' into DEV-1502

.changeset/polite-buses-agree.md

@@ -0,0 +1,5 @@
+---
+"nextjs-website": patch
+---
+
+[DEV-1545] Add custom PathReporter to improve readability of errors raised by decode

apps/infrastructure/CHANGELOG.md

@@ -1,5 +1,36 @@
 # infrastructure
 
+## 0.3.2
+
+### Patch Changes
+
+- 0ba22dd: Allow fetching images from DevPortal subdomains
+
+## 0.3.1
+
+### Patch Changes
+
+- ecf2fc4: Update CDN url using the new DNS in task definition
+- 6be6508: Configure a CDN alias and add a DNS A record to ensure the DNS is accessible
+
+## 0.3.0
+
+### Minor Changes
+
+- b4f0221: Create DNS for CMS Media Library and link it to the CDN
+
+## 0.2.0
+
+### Minor Changes
+
+- 60e0be7: [DEV-1489] - Add Active Campaign records
+
+## 0.1.2
+
+### Patch Changes
+
+- fd08262: [DEV-1525] Enable auto_minor_version_upgrade to cms database
+
 ## 0.1.1
 
 ### Patch Changes

apps/infrastructure/package.json

@@ -1,5 +1,5 @@
 {
   "name": "infrastructure",
-  "version": "0.1.1",
+  "version": "0.3.2",
   "private": true
 }

apps/infrastructure/src/acm.tf

@@ -38,3 +38,21 @@ module "cms_ssl_certificate" {
   validation_method   = "DNS"
   dns_ttl             = 3600
 }
+
+## SSL certificate for Strapi Media Library CDN
+module "strapi_media_library_ssl_certificate" {
+  source = "git::https://github.com/terraform-aws-modules/terraform-aws-acm.git?ref=8d0b22f1f242a1b36e29b8cb38aaeac9b887500d" # v5.0.0
+
+  domain_name = format("cdn.%s", var.dns_domain_name)
+  zone_id     = aws_route53_zone.dev_portal.id
+
+  providers = {
+    aws = aws.us-east-1
+  }
+
+  # Because it is ran in an automated pipeline
+  # https://github.com/terraform-aws-modules/terraform-aws-acm/blob/8d0b22f1f242a1b36e29b8cb38aaeac9b887500d/README.md?plain=1#L174
+  wait_for_validation = false
+  validation_method   = "DNS"
+  dns_ttl             = 3600
+}

apps/infrastructure/src/cloudfront.tf

@@ -6,7 +6,7 @@ locals {
   form_action = "'self'"
   font_src    = "data: 'self' https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/icons/"
   connect_src = "'self' https://cognito-identity.eu-south-1.amazonaws.com/ https://dynamodb.eu-south-1.amazonaws.com/ https://cognito-idp.eu-south-1.amazonaws.com/ https://raw.githubusercontent.com/pagopa/ https://raw.githubusercontent.com/teamdigitale/ https://*.cookielaw.org https://*.onetrust.com https://www.google-analytics.com https://api.io.italia.it *.google-analytics.com https://pagopa.matomo.cloud/"
-  img_src     = "data: 'self' https://i.vimeocdn.com/ https://io.italia.it/assets/ https://raw.githubusercontent.com/pagopa/ https://www.pagopa.gov.it/assets/ https://*.cookielaw.org/logos/ recaptcha.net  https://*.googleusercontent.com"
+  img_src     = "data: 'self' https://i.vimeocdn.com/ https://io.italia.it/assets/ https://raw.githubusercontent.com/pagopa/ https://www.pagopa.gov.it/assets/ https://*.cookielaw.org/logos/ recaptcha.net  https://*.googleusercontent.com https://*.${var.dns_domain_name}"
   frame_src   = "https://vimeo.com/ https://demo.arcade.software/ https://www.google.com https://recaptcha.net https://www.youtube.com https://pagopa.applytojob.com https://www.figma.com/ https://codepen.io/"
 }
 
@@ -112,13 +112,13 @@ resource "aws_cloudfront_distribution" "website" {
   }
 }
 
-## CDN to Medialibrary for CMS Strapi
+## CDN to Media Library for CMS Strapi
 module "cloudfront_cms" {
   source = "git::https://github.com/terraform-aws-modules/terraform-aws-cloudfront.git?ref=ed0f1f983f606304e00ad9f48399bd2fe0b79233" # v3.2.2
 
   create_origin_access_identity = true
   origin_access_identities = {
-    s3_cms = "Identity to access S3 bucket."
+    s3_cms = "Identity to access S3 bucket"
   }
 
   origin = {
@@ -132,7 +132,16 @@ module "cloudfront_cms" {
 
   enabled         = true
   is_ipv6_enabled = true
-  comment         = "CloudFront distribution for the medialibrary cms."
+  comment         = "CloudFront distribution for the CMS Media Library"
+
+  viewer_certificate = {
+    cloudfront_default_certificate = false
+    acm_certificate_arn            = module.strapi_media_library_ssl_certificate.acm_certificate_arn
+    ssl_support_method             = "sni-only"
+    minimum_protocol_version       = "TLSv1.2_2021"
+  }
+
+  aliases = module.strapi_media_library_ssl_certificate.distinct_domain_names
 
   default_cache_behavior = {
     allowed_methods        = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
@@ -150,13 +159,9 @@ module "cloudfront_cms" {
         forward = "none"
       }
     }
+  }
 
-    viewer_certificate = {
-      cloudfront_default_certificate = true
-    }
-
-    geo_restriction = {
-      restriction_type = "none"
-    }
+  geo_restriction = {
+    restriction_type = "none"
   }
 }

apps/infrastructure/src/ecs.tf

@@ -28,7 +28,7 @@ data "template_file" "cms_app" {
     access_key_id        = module.secret_cms_access_key_id.ssm_parameter_arn
     access_key_secret    = module.secret_cms_access_key_secret.ssm_parameter_arn
     bucket_full_url      = module.s3_bucket_cms.s3_bucket_bucket_regional_domain_name
-    cdn_url              = "https://${module.cloudfront_cms.cloudfront_distribution_domain_name}"
+    cdn_url              = "https://${aws_route53_record.strapi_media_library.name}"
     aws_bucket_endpoint  = "https://s3.${var.aws_region}.amazonaws.com"
     repo_owner           = "pagopa"
     repo_name            = "developer-portal"

apps/infrastructure/src/rds_aurora.tf

@@ -5,7 +5,8 @@ module "cms_rds" {
   name                        = "cms-database"
   engine                      = "aurora-postgresql"
   engine_mode                 = "provisioned"
-  engine_version              = "14.6"
+  engine_version              = "14"
+  auto_minor_version_upgrade  = true
   database_name               = "strapidb"
   master_username             = "postgres"
   master_password             = module.secret_cms_database_password.value
@@ -26,4 +27,4 @@ module "cms_rds" {
   instances = {
     one = {}
   }
-}
+}

apps/infrastructure/src/route53.tf

@@ -19,7 +19,8 @@ locals {
   domain_validations_options = setunion(
     aws_acm_certificate.website.domain_validation_options,
     aws_acm_certificate.auth.domain_validation_options,
-    module.cms_ssl_certificate.acm_certificate_domain_validation_options
+    module.cms_ssl_certificate.acm_certificate_domain_validation_options,
+    module.strapi_media_library_ssl_certificate.acm_certificate_domain_validation_options
   )
 }
 
@@ -126,4 +127,53 @@ module "cms_dns_records" {
       }
     }
   ]
-}
+}
+
+# Active Campaign Records
+module "active_campaign_dns_records" {
+  source = "git::https://github.com/terraform-aws-modules/terraform-aws-route53.git//modules/records?ref=bc63328714550fd903d2574b263833c9ce1c867e" # v2.11.0"
+
+  zone_id = aws_route53_zone.dev_portal.id
+  # Create only on production environment
+  create = var.environment == "prod"
+
+  records = [
+    {
+      name    = "acdkim1._domainkey"
+      type    = "CNAME"
+      records = ["dkim.acdkim1.acems1.com"]
+      ttl     = 3600
+    },
+    {
+      name    = "acdkim2._domainkey"
+      type    = "CNAME"
+      records = ["dkim.acdkim2.acems1.com"]
+      ttl     = 3600
+    },
+    {
+      name    = "em-3628291"
+      type    = "CNAME"
+      records = ["cmd.emsend1.com"]
+      ttl     = 3600
+    },
+    {
+      name    = "_dmarc"
+      type    = "TXT"
+      records = ["v=DMARC1;p=none;"]
+      ttl     = 3600
+    }
+  ]
+}
+
+// This Route53 record will point at the Strapi Media Library CDN
+resource "aws_route53_record" "strapi_media_library" {
+  zone_id = aws_route53_zone.dev_portal.zone_id
+  name    = format("cdn.%s", var.dns_domain_name)
+  type    = "A"
+
+  alias {
+    name                   = module.cloudfront_cms.cloudfront_distribution_domain_name
+    zone_id                = module.cloudfront_cms.cloudfront_distribution_hosted_zone_id
+    evaluate_target_health = false
+  }
+}

apps/nextjs-website/CHANGELOG.md

@@ -1,5 +1,37 @@
 # nextjs-website
 
+## 0.14.3
+
+### Patch Changes
+
+- b699ba0: Revert "Update video on demand src"
+
+## 0.14.2
+
+### Patch Changes
+
+- 6b2075e: Update video on demand src
+
+## 0.14.1
+
+### Patch Changes
+
+- 3effab5: [DEV-1534] Update webinar end time
+
+## 0.14.0
+
+### Minor Changes
+
+- 24e856a: Change webinars' subscribe button logic
+- 5739492: Add SwaggerParameter, SwaggerResponse and SwaggerDescription components
+
+### Patch Changes
+
+- 9bddc42: Fix webinar form and webinar questions page
+- 93327c8: Add new Speaker to the PagoPA LAB Webinar
+- Updated dependencies [5739492]
+  - [email protected]
+
 ## 0.13.0
 
 ### Minor Changes

apps/nextjs-website/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nextjs-website",
-  "version": "0.13.0",
+  "version": "0.14.3",
   "private": true,
   "scripts": {
     "download-docs": "./scripts/fetch-docs.sh docs/from-gitbook",

apps/nextjs-website/src/_contents/webinars.ts

@@ -90,7 +90,7 @@ export const webinars: readonly Webinar[] = [
       },
     ],
     startDateTime: '2024-03-20T09:00:00.000Z',
-    endDateTime: '2024-03-20T09:45:00.000Z',
+    endDateTime: '2024-03-20T10:00:00.000Z',
     subscribeCtaLabel: '',
     relatedLinks: [
       {

apps/nextjs-website/src/app/auth/login/page.tsx

@@ -60,7 +60,7 @@ const Login = () => {
       await Auth.sendCustomChallengeAnswer(user, code);
 
       const redirect = searchParams.get('redirect');
-      router.replace(redirect ? redirect : '/');
+      router.replace(redirect ? atob(redirect) : '/');
     },
     [router, searchParams, user]
   );