Main -> Val

.github/setBranchName.sh

@@ -7,9 +7,6 @@ GITHUB_REFNAME="${1}"
 [ -z "${GITHUB_REFNAME}" ] && echo "Error setting branch name.  No input given." && exit 1
 
 case ${GITHUB_REFNAME} in
-  $([[ "$GITHUB_REFNAME" =~ ^dependabot/.* ]] && echo ${GITHUB_REFNAME}))
-    echo ${GITHUB_REFNAME} | md5sum | head -c 10 | sed 's/^/x/'
-    ;;
   $([[ "$GITHUB_REFNAME" =~ ^snyk-* ]] && echo ${GITHUB_REFNAME}))
     echo ${GITHUB_REFNAME##*-} | head -c 10 | sed 's/^/s/'
     ;;

.github/workflows/deploy.yml

@@ -4,7 +4,6 @@ on:
   push:
     branches:
       - "*"
-      - "dependabot/**"
       - "!skipci*"
 
 concurrency:
@@ -28,20 +27,10 @@ jobs:
       SLS_DEPRECATION_DISABLE: "*" # Turn off deprecation warnings in the pipeline
     steps:
       - uses: actions/checkout@v4
-      - name: set branch_name # Some integrations (Dependabot & Snyk) build very long branch names. This is a switch to make long branch names shorter.
+      - name: set branch_name # Some integrations (Snyk) build very long branch names. This is a switch to make long branch names shorter.
         run: |
           BRANCH_NAME=$(./.github/setBranchName.sh ${{ github.ref_name }})
           echo "branch_name=${BRANCH_NAME}" >> $GITHUB_ENV
-      - name: "Setup jq"
-        uses: dcarbone/install-jq-action@v2.1.0
-        with:
-          version: "${{ inputs.version }}"
-          force: "${{ inputs.force }}"
-      - name: "Check jq"
-        # language=sh
-        run: |
-          which jq
-          jq --version
       - name: Validate branch name
         run: ./.github/branchNameValidation.sh $STAGE_PREFIX$branch_name
       - name: set branch specific variable names
@@ -86,72 +75,48 @@ jobs:
       application_endpoint: ${{ steps.endpoint.outputs.application_endpoint}}
       BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION: ${{ steps.set_names.outputs.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION }}
       BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME: ${{ steps.set_names.outputs.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME }}
-  # run e2e tests after deploy completes
-  e2e-tests-init:
-    name: Initialize End To End Tests
-    if: ${{ github.ref_name != 'master' && github.ref_name != 'val' && github.ref_name != 'prod' }}
-    needs:
-      - deploy
+
+  register-runner:
+    name: Register GitHub Runner
+    if: ${{ github.ref_name != 'master' && github.ref_name != 'val' && github.ref_name != 'production' }}
     runs-on: ubuntu-latest
+    needs: deploy
+    env:
+      SLS_DEPRECATION_DISABLE: "*" # Turn off deprecation warnings in the pipeline
     steps:
-      - name: Verify Endpoint
-        if: ${{ needs.deploy.outputs.application_endpoint == ''}}
-        run: |
-          echo "No endpoint set, Check if the deploy workflow was successful."
-          exit 1
-      - uses: actions/checkout@v4
+      - name: Checkout
+        uses: actions/checkout@v4
+
       - name: set branch_name
         run: |
           BRANCH_NAME=$(./.github/setBranchName.sh ${{ github.ref_name }})
           echo "branch_name=${BRANCH_NAME}" >> $GITHUB_ENV
+
       - name: set branch specific variable names
         id: set_names
         run: ./.github/build_vars.sh set_names
+
       - name: set variable values
         id: set_values
         run: ./.github/build_vars.sh set_values
         env:
           AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
           AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
-          INFRASTRUCTURE_TYPE: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_INFRASTRUCTURE_TYPE] || secrets.INFRASTRUCTURE_TYPE || 'development' }}
           STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
-          COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }}
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-      - uses: actions/setup-node@v3
-        with:
-          node-version-file: ".nvmrc"
-      - name: Combine yarn.lock files to single file
-        run: find services -maxdepth 3 -name yarn.lock | xargs cat yarn.lock > combined-yarn.txt
-      - name: cache service dependencies
-        uses: actions/cache@v3
-        with:
-          path: |
-            services/app-api/node_modules
-            services/uploads/node_modules
-            services/ui/node_modules
-            services/ui-auth/node_modules
-            services/ui-src/node_modules
-            node_modules
-          key: ${{ runner.os }}-${{ hashFiles('combined-yarn.txt') }}
+
       - name: Configure AWS credentials for GitHub Actions
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
-          aws-region: ${{ env.AWS_DEFAULT_REGION }}
-      - name: Install dependencies
-        run: yarn install --frozen-lockfile
-      - name: set path
-        run: |
-          echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV
-      - name: Get Runner IP
-        id: get-ip
+          role-to-assume: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
+          aws-region: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
+
+      - name: output account id
+        id: output_account_id
         run: |
           #!/bin/bash
-          # Get the IP address of the runner
-          IP_ADDRESS=$(curl https://api.ipify.org)
-          echo "Runner IP address: $IP_ADDRESS"
-          # Store the IP address as an output variable
-          echo "RUNNER_IP=$IP_ADDRESS/32" >> $GITHUB_OUTPUT
+          AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+          echo "Current Account ID: ${AWS_ACCOUNT_ID}"
+
       - name: Get Github Actions CIDR Blocks
         id: get-gha-cidrs
         shell: bash
@@ -162,18 +127,22 @@ jobs:
           IPV4_CIDR_ARR=($(echo $GHA_RESP | jq -r '.actions | .[]' | grep -v ':'))
           GHA_CIDRS_IPV4=$(echo $(IFS=" "; echo ${IPV4_CIDR_ARR[*]}))
           echo "GHA_CIDRS_IPV4=$GHA_CIDRS_IPV4" >> $GITHUB_OUTPUT
+
       - name: Generate IP Set Name
         id: gen-ip-set-name
         run: |
+          #!/bin/bash
           STAGE_GH_IPSET_NAME=$STAGE_PREFIX$branch_name-gh-ipset
           echo "Github IP Set name:  $STAGE_GH_IPSET_NAME"
           echo "STAGE_GH_IPSET_NAME=$STAGE_GH_IPSET_NAME" >> $GITHUB_OUTPUT
-      - name: Fetch AWS IP set Metadata
+
+      - name: Fetch AWS IP Set Metadata
         id: fetch-ip-set-info
         run: |
           #!/bin/bash
           # Fetch AWS IP set ARNs using AWS CLI and store them in a variable
           AWS_IP_SET_INFO=$(aws wafv2 list-ip-sets --scope=CLOUDFRONT)
+          echo "Outputting AWS IP Set Info:  ${AWS_IP_SET_INFO}"
           # Store the IP set ARNs in an output variable using GITHUB_OUTPUT
           IPSET_NAME=${{ steps.gen-ip-set-name.outputs.STAGE_GH_IPSET_NAME }}
           IPSET=$(jq '.IPSets | map(select(.Name == "'${IPSET_NAME}'")) | .[]' <<< ${AWS_IP_SET_INFO})
@@ -184,17 +153,78 @@ jobs:
           echo "IPSET_ARN=$IPSET_ARN" >> $GITHUB_OUTPUT
           echo "IPSET_NAME=$IPSET_NAME" >> $GITHUB_OUTPUT
           echo "IPSET_ID=$IPSET_ID" >> $GITHUB_OUTPUT
+
       - name: Update IP Set
         id: update-ip-set
         run: ./.github/waf-controller.sh set ${{ steps.fetch-ip-set-info.outputs.IPSET_NAME }} ${{ steps.fetch-ip-set-info.outputs.IPSET_ID }} ${{ steps.get-gha-cidrs.outputs.GHA_CIDRS_IPV4 }}
         env:
           AWS_RETRY_MODE: adaptive
           AWS_MAX_ATTEMPTS: 10
+
     outputs:
-      application_endpoint: ${{ needs.deploy.outputs.application_endpoint }}
       ipset_name: ${{ steps.fetch-ip-set-info.outputs.IPSET_NAME }}
       ipset_id: ${{ steps.fetch-ip-set-info.outputs.IPSET_ID }}
 
+  e2e-tests-init:
+    name: Initialize End To End Tests
+    if: ${{ always() && !cancelled() && needs.deploy.result == 'success' && github.ref_name != 'master' && github.ref_name != 'val' && github.ref_name != 'prod' }}
+    needs:
+      - deploy
+      - register-runner
+    runs-on: ubuntu-latest
+    steps:
+      - name: Verify Endpoint
+        if: ${{ needs.deploy.outputs.application_endpoint == ''}}
+        run: |
+          echo "No endpoint set, Check if the deploy workflow was successful."
+          exit 1
+      - uses: actions/checkout@v4
+      - name: set branch_name
+        run: |
+          BRANCH_NAME=$(./.github/setBranchName.sh ${{ github.ref_name }})
+          echo "branch_name=${BRANCH_NAME}" >> $GITHUB_ENV
+      - name: set branch specific variable names
+        id: set_names
+        run: ./.github/build_vars.sh set_names
+      - name: set variable values
+        id: set_values
+        run: ./.github/build_vars.sh set_values
+        env:
+          AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
+          AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
+          INFRASTRUCTURE_TYPE: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_INFRASTRUCTURE_TYPE] || secrets.INFRASTRUCTURE_TYPE || 'development' }}
+          STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
+          COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }}
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      - uses: actions/setup-node@v3
+        with:
+          node-version-file: ".nvmrc"
+      - name: Combine yarn.lock files to single file
+        run: find services -maxdepth 3 -name yarn.lock | xargs cat yarn.lock > combined-yarn.txt
+      - name: cache service dependencies
+        uses: actions/cache@v3
+        with:
+          path: |
+            services/app-api/node_modules
+            services/uploads/node_modules
+            services/ui/node_modules
+            services/ui-auth/node_modules
+            services/ui-src/node_modules
+            node_modules
+          key: ${{ runner.os }}-${{ hashFiles('combined-yarn.txt') }}
+      - name: Configure AWS credentials for GitHub Actions
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
+          aws-region: ${{ env.AWS_DEFAULT_REGION }}
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+      - name: set path
+        run: |
+          echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV
+    outputs:
+      application_endpoint: ${{ needs.deploy.outputs.application_endpoint }}
+
   setup-tests:
     name: "Setup End To End Tests"
     uses: ./.github/workflows/cypress-workflow.yml
@@ -283,10 +313,6 @@ jobs:
     name: Accessibility Tests
     needs:
       - e2e-tests-init
-      - e2e-feature-tests
-      - child-e2e-measure-tests
-      - adult-e2e-measure-tests
-      - health-home-e2e-measure-tests
     uses: ./.github/workflows/cypress-workflow.yml
     with:
       test-path: "a11y"
@@ -301,7 +327,7 @@ jobs:
 
   cleanup:
     name: Deslist GHA Runner CIDR Blocks
-    if: ${{ github.ref != 'refs/heads/master' && github.ref != 'refs/heads/val' && github.ref != 'refs/heads/prod' }}
+    if: ${{ github.ref_name != 'master' && github.ref_name != 'val' && github.ref_name != 'prod' }}
     runs-on: ubuntu-latest
     needs:
       - e2e-tests-init
@@ -310,6 +336,7 @@ jobs:
       - adult-e2e-measure-tests
       - health-home-e2e-measure-tests
       - deploy
+      - register-runner
       - a11y-tests
     env:
       SLS_DEPRECATION_DISABLE: "*" # Turn off deprecation warnings in the pipeline
@@ -322,7 +349,7 @@ jobs:
           aws-region: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
       - name: clean-up-iplist
         id: reset-ip-set
-        run: ./.github/waf-controller.sh set ${{ needs.e2e-tests-init.outputs.ipset_name }} ${{ needs.e2e-tests-init.outputs.ipset_id }} '[]'
+        run: ./.github/waf-controller.sh set ${{ needs.register-runner.outputs.ipset_name }} ${{ needs.register-runner.outputs.ipset_id }} '[]'
         env:
           AWS_RETRY_MODE: adaptive
           AWS_MAX_ATTEMPTS: 10

.github/workflows/destroy.yml

@@ -1,6 +1,6 @@
 name: Destroy
 
-on: 
+on:
   delete:
   workflow_dispatch:
     inputs:

.github/workflows/snyk-auto-merge.yml

@@ -1,4 +1,3 @@
-# Adapted from https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
 name: Snyk auto-merge
 on:
   pull_request:
@@ -9,21 +8,17 @@ permissions:
   contents: write
 
 jobs:
-  dependabot:
+  snyk:
     runs-on: ubuntu-latest
     if: ${{ github.actor == 'mdct-github-service-account' }}
     steps:
-      - name: Snyk Gather Metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v1
-      - name: Approve a PR
+      - name: Auto-approve Snyk PR
         run: gh pr review --approve "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
       - name: Enable auto-merge for Snyk PRs
-        if: ${{ steps.metadata.outputs.update-type != 'version-update:semver-major'}}
-        run: gh pr merge --auto --merge "$PR_URL"
+        run: gh pr merge --auto --squash "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

README.md

@@ -376,8 +376,6 @@ The Kafka Queues we link to are in the BigMac account and are currently not bein
 
 `postKafkaData`: Fires when an update to the database happens and syncs kafka to reflect the current state of the database.
 
-`forceKafkaSync`: This can be manually triggered to force kafka to reflect the current state of the database.
-
 ### Utilities
 
 ---

package.json

@@ -28,7 +28,6 @@
     "@types/yargs": "^15.0.10",
     "@typescript-eslint/eslint-plugin": "5.18.0",
     "@typescript-eslint/parser": "5.18.0",
-    "aws-sdk": "^2.1310.0",
     "dotenv": "^8.2.0",
     "eslint": "^7.32.0",
     "eslint-config-airbnb": "^18.2.1",

services/app-api/handlers/banners/fetch.ts

@@ -1,6 +1,7 @@
 import handler from "../../libs/handler-lib";
 import dynamoDb from "../../libs/dynamodb-lib";
 import { Errors, StatusCodes } from "../../utils/constants/constants";
+import { Banner } from "../../types";
 
 export const fetchBanner = handler(async (event, _context) => {
   if (!event?.pathParameters?.bannerId!) {
@@ -12,8 +13,8 @@ export const fetchBanner = handler(async (event, _context) => {
       key: event?.pathParameters?.bannerId!,
     },
   };
-  const response = await dynamoDb.get(params);
+  const response = await dynamoDb.get<Banner>(params);
 
   const status = StatusCodes.SUCCESS;
-  return { status: status, body: response };
+  return { status: status, body: { Item: response } };
 });