From 7162facc90ecbaadfe6a7ef8b264adc66063c5fc Mon Sep 17 00:00:00 2001 From: Eddie Goynes Date: Mon, 1 May 2023 13:33:06 -0700 Subject: [PATCH 1/3] Update to version v6.1.2 --- .github/workflows/pipeline-workflow.yml | 26 ------- .github/workflows/pull-request-workflow.yml | 23 ------- .gitignore | 1 - .viperlightignore | 4 -- .viperlightrc | 4 -- CHANGELOG.md | 7 ++ buildspec.yml | 34 --------- sonar-project.properties | 69 ------------------- source/cdk/lib/vod-stack.ts | 7 +- .../cdk/test/__snapshots__/vod.test.ts.snap | 24 +++++-- 10 files changed, 30 insertions(+), 169 deletions(-) delete mode 100644 .github/workflows/pipeline-workflow.yml delete mode 100644 .github/workflows/pull-request-workflow.yml delete mode 100644 .viperlightignore delete mode 100644 .viperlightrc delete mode 100644 buildspec.yml delete mode 100644 sonar-project.properties diff --git a/.github/workflows/pipeline-workflow.yml b/.github/workflows/pipeline-workflow.yml deleted file mode 100644 index 405892fd..00000000 --- a/.github/workflows/pipeline-workflow.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: Pipeline Workflow - -env: - REGION: us-east-1 - -on: push - -jobs: - pipeline-job: - name: Pipeline Job - if: github.repository_owner == 'aws-solutions' - runs-on: ubuntu-latest - permissions: - id-token: write - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - role-to-assume: ${{ secrets.DISPATCHER_ROLE_ARN }} - aws-region: ${{ env.REGION }} - role-duration-seconds: 900 - role-session-name: OIDCSession - - name: Run CodeBuild - uses: aws-actions/aws-codebuild-run-build@v1 - with: - project-name: ${{ secrets.DISPATCHER_CODEBUILD_PROJECT_NAME }} \ No newline at end of file diff --git a/.github/workflows/pull-request-workflow.yml b/.github/workflows/pull-request-workflow.yml deleted file mode 100644 index 466dec48..00000000 --- a/.github/workflows/pull-request-workflow.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Pull Request Workflow - -on: - pull_request: - types: [opened, edited, reopened, synchronize] - -jobs: - pull-request-job: - name: Status Checks - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Viperlight - run: | - wget -q https://viperlight-scanner.s3.amazonaws.com/latest/.viperlightrc - wget -q https://viperlight-scanner.s3.amazonaws.com/latest/viperlight.zip - unzip -q viperlight.zip -d ../viperlight - rm -r ./viperlight.zip - echo "Content scanning utility installation complete `date`" - echo "Starting content scanning `date` in `pwd`" - ../viperlight/bin/viperlight scan -m files-contents -m files-aws -m files-binary -m files-entropy -m files-secrets - echo "Completed content scanning `date`" \ No newline at end of file diff --git a/.gitignore b/.gitignore index 509c06af..a4ca05af 100644 --- a/.gitignore +++ b/.gitignore @@ -14,7 +14,6 @@ # dependencies **/node_modules -package-lock.json # misc **/npm-debug.log diff --git a/.viperlightignore b/.viperlightignore deleted file mode 100644 index ab3158fe..00000000 --- a/.viperlightignore +++ /dev/null @@ -1,4 +0,0 @@ -CONTRIBUTING.md:44 -CODE_OF_CONDUCT.md:4 -source/custom-resource/lib/cfn/index.spec.js:29 -Config \ No newline at end of file diff --git a/.viperlightrc b/.viperlightrc deleted file mode 100644 index 34036e5a..00000000 --- a/.viperlightrc +++ /dev/null @@ -1,4 +0,0 @@ -{ - "all": true, - "failOn": "medium" -} diff --git a/CHANGELOG.md b/CHANGELOG.md index e7bc7a2b..5223acc3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,9 +3,16 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [6.1.2] - 2023-5-01 +### Changed +- Created unique cachePolicyName for CloudFront cache policy allowing the stack to deployed multiple times across regions. +- Added unique prefix for Application Registry name so if a stack update is performance the new application will show up in app manager. +- Added package-lock files to show snapshot of packages used during build. + ## [6.1.1] - 2023-4-17 ### Changed - Updated object ownership configuration on the CloudFormation logging bucket + ## [6.1.0] - 2023-2-27 ### Changed - Added region name and account ID to AppRegistry Application name diff --git a/buildspec.yml b/buildspec.yml deleted file mode 100644 index 911d02aa..00000000 --- a/buildspec.yml +++ /dev/null @@ -1,34 +0,0 @@ -version: 0.2 - -phases: - install: - runtime-versions: - nodejs: 16 - python: 3.10 - pre_build: - commands: - - echo "Installing dependencies and executing unit tests - `pwd`" - - cd deployment && chmod +x ./run-unit-tests.sh && ./run-unit-tests.sh - - echo "Installing dependencies and executing unit tests completed `date`" - build: - commands: - - echo "Starting build `date` in `pwd`" - - chmod +x ./build-s3-dist.sh && ./build-s3-dist.sh $DIST_OUTPUT_BUCKET $SOLUTION_NAME $VERSION - - echo "Build completed `date`" - - echo "Starting open-source-dist `date` in `pwd`" - - chmod +x ./build-open-source-dist.sh && ./build-open-source-dist.sh $SOLUTION_NAME - - echo "Open Source Dist completed `date`" - post_build: - commands: - - echo "Retrieving next stage buildspec `date` in `pwd`" - - aws s3 cp s3://solutions-build-assets/changelog-spec.yml ../buildspec.yml - - echo "Retrieving next stage buildspec complete" - - echo "Post build completed on `date`" -artifacts: - files: - - deployment/**/* - - source/**/* - - CHANGELOG.md - - buildspec.yml - - .gitignore - - sonar-project.properties diff --git a/sonar-project.properties b/sonar-project.properties deleted file mode 100644 index 9045f359..00000000 --- a/sonar-project.properties +++ /dev/null @@ -1,69 +0,0 @@ -# Note: Currently testing and supported with code coverage sonarqube -# collection for python lambda (python pytest, python unittest) and javascript jest -# and CDK TypeScript - -# Uncomment to enable debugging by default -#sonar.verbose=true -#sonar.log.level=DEBUG - -# Disable if needed -#sonar.scm.disabled=true - -# -# Refer to https://docs.sonarqube.org/latest/project-administration/narrowing-the-focus/ -# for details on sources and exclusions. Note also .gitignore -# - - -sonar.sources=source - -sonar.exclusions= \ - **/cdk.out/**, \ - **/node_modules/**, \ - **/**.spec.js, \ - **/test**.py, \ - **/setup.py, \ - **/**.test.**, \ - **/jest.config.js, \ - source/test/**, \ - source/custom-resource/index.js - - - -sonar.sourceEncoding=UTF-8 - -## Python Specific Properties* -# coverage -# https://docs.sonarqube.org/pages/viewpage.action?pageId=4784149 -# Comma-separated list of ant pattern describing paths to coverage reports, relative to projects -# root. Leave unset to use the default ("coverage-reports/*coverage-*.xml"). -sonar.python.coverage.reportPaths= \ - source/test/coverage-reports/pytest/mediainfo/coverage.xml - - -# Sensor SonarJS Coverage [javascript] was not allowing globbing -# for sonar.javascript.lcov.reportPaths such as this -# source/test/coverage-reports/jest/*/lcov.info -# so we have to provide an explicit list of reportPaths -sonar.javascript.lcov.reportPaths= \ - source/test/coverage-reports/jest/cdk/lcov.info, \ - source/test/coverage-reports/jest/custom-resource/lcov.info, \ - source/test/coverage-reports/jest/archive-source/lcov.info, \ - source/test/coverage-reports/jest/dynamo/lcov.info, \ - source/test/coverage-reports/jest/encode/lcov.info, \ - source/test/coverage-reports/jest/error-handler/lcov.info, \ - source/test/coverage-reports/jest/input-validate/lcov.info, \ - source/test/coverage-reports/jest/media-package-assets/lcov.info, \ - source/test/coverage-reports/jest/output-validate/lcov.info, \ - source/test/coverage-reports/jest/profiler/lcov.info, \ - source/test/coverage-reports/jest/sns-notification/lcov.info, \ - source/test/coverage-reports/jest/sqs-publish/lcov.info, \ - source/test/coverage-reports/jest/step-functions/lcov.info - -# Project Specific ignores with rational -# sonar.issue.ignore.multicriteria=ts1 - -# TODO: Temporary ignore for typescript:S1848. Review and update code as needed. Only ignore this for typescript file which are in CDK since there are many common cases of new (this, ...) without using the created object. -#typescript:S1848 Objects should not be created to be dropped immediately without being used -# sonar.issue.ignore.multicriteria.ts1.ruleKey=typescript:S1848 -# sonar.issue.ignore.multicriteria.ts1.resourceKey=**/*.ts \ No newline at end of file diff --git a/source/cdk/lib/vod-stack.ts b/source/cdk/lib/vod-stack.ts index 76370539..d1f135ec 100644 --- a/source/cdk/lib/vod-stack.ts +++ b/source/cdk/lib/vod-stack.ts @@ -333,7 +333,10 @@ export class VideoOnDemand extends cdk.Stack { * Construct includes a logs bucket for the CloudFront distribution and a CloudFront * OriginAccessIdentity which is used to restrict access to S3 from CloudFront. */ + const cachePolicyName = `cp-${cdk.Aws.REGION}-${cdk.Aws.STACK_NAME}`; + const cachePolicy = new cloudfront.CachePolicy(this, 'CachePolicy', { + cachePolicyName: cachePolicyName, cookieBehavior: cloudfront.CacheCookieBehavior.none(), headerBehavior: cloudfront.CacheHeaderBehavior.allowList( 'Origin', @@ -2296,8 +2299,8 @@ export class VideoOnDemand extends cdk.Stack { * AppRegistry */ const applicationName = `video-on-demand-on-aws-${cdk.Aws.REGION}-${cdk.Aws.ACCOUNT_ID}-${cdk.Aws.STACK_NAME}`; - const attributeGroup = new appreg.AttributeGroup(this, 'AppRegistryAttributeGroup', { - attributeGroupName: `${cdk.Aws.REGION}-${cdk.Aws.STACK_NAME}`, + const attributeGroup = new appreg.AttributeGroup(this, 'AppRegistryAttributeGroupId', { + attributeGroupName: `A30-${cdk.Aws.REGION}-${cdk.Aws.STACK_NAME}`, description: 'Attribute group for solution information', attributes: { applicationType: 'AWS-Solutions', diff --git a/source/cdk/test/__snapshots__/vod.test.ts.snap b/source/cdk/test/__snapshots__/vod.test.ts.snap index c9527462..5704b441 100644 --- a/source/cdk/test/__snapshots__/vod.test.ts.snap +++ b/source/cdk/test/__snapshots__/vod.test.ts.snap @@ -415,7 +415,7 @@ exports[`VideoOnDemand Stack Test 1`] = ` }, AppRegistryApp5349BE86: { DependsOn: [ - AppRegistryAttributeGroup7AF07446, + AppRegistryAttributeGroupId7C2D526E, ], Properties: { Description: Service Catalog application to track and manage all your resources. The SolutionId is SO0021 and SolutionVersion is %%VERSION%%., @@ -448,9 +448,9 @@ exports[`VideoOnDemand Stack Test 1`] = ` }, Type: AWS::ServiceCatalogAppRegistry::Application, }, - AppRegistryAppAttributeGroupAssociation89f88b663a927A6EC94A: { + AppRegistryAppAttributeGroupAssociation9a1cc5a2b862D1166969: { DependsOn: [ - AppRegistryAttributeGroup7AF07446, + AppRegistryAttributeGroupId7C2D526E, ], Properties: { Application: { @@ -461,7 +461,7 @@ exports[`VideoOnDemand Stack Test 1`] = ` }, AttributeGroup: { Fn::GetAtt: [ - AppRegistryAttributeGroup7AF07446, + AppRegistryAttributeGroupId7C2D526E, Id, ], }, @@ -483,7 +483,7 @@ exports[`VideoOnDemand Stack Test 1`] = ` }, Type: AWS::ServiceCatalogAppRegistry::ResourceAssociation, }, - AppRegistryAttributeGroup7AF07446: { + AppRegistryAttributeGroupId7C2D526E: { Properties: { Attributes: { applicationType: AWS-Solutions, @@ -496,6 +496,7 @@ exports[`VideoOnDemand Stack Test 1`] = ` Fn::Join: [ , [ + A30-, { Ref: AWS::Region, }, @@ -719,10 +720,14 @@ exports[`VideoOnDemand Stack Test 1`] = ` Fn::Join: [ , [ - VideoOnDemandCachePolicy7E8194AA-, + cp-, { Ref: AWS::Region, }, + -, + { + Ref: AWS::StackName, + }, ], ], }, @@ -2590,6 +2595,13 @@ exports[`VideoOnDemand Stack Test 1`] = ` }, ], }, + OwnershipControls: { + Rules: [ + { + ObjectOwnership: ObjectWriter, + }, + ], + }, PublicAccessBlockConfiguration: { BlockPublicAcls: true, BlockPublicPolicy: true, From eb9c470026aac5806151107c5c935a115d9c0f58 Mon Sep 17 00:00:00 2001 From: Eddie Goynes Date: Mon, 1 May 2023 13:48:11 -0700 Subject: [PATCH 2/3] Update to version v6.1.2 --- deployment/build-open-source-dist.sh | 79 ---------------------------- 1 file changed, 79 deletions(-) delete mode 100644 deployment/build-open-source-dist.sh diff --git a/deployment/build-open-source-dist.sh b/deployment/build-open-source-dist.sh deleted file mode 100644 index 6a480122..00000000 --- a/deployment/build-open-source-dist.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/bash -# -# This assumes all of the OS-level configuration has been completed and git repo has already been cloned -# -# This script should be run from the repo's deployment directory -# cd deployment -# ./build-open-source-dist.sh solution-name -# -# Parameters: -# - solution-name: name of the solution for consistency - -# Check to see if input has been provided: -if [ -z "$1" ]; then - echo "Please provide the trademark approved solution name for the open source package." - echo "For example: ./build-open-source-dist.sh trademarked-solution-name" - exit 1 -fi - -# Get reference for all important folders -source_template_dir="$PWD" -dist_dir="$source_template_dir/open-source" -dist_template_dir="$dist_dir/deployment" -source_dir="$source_template_dir/../source" - -echo "------------------------------------------------------------------------------" -echo "Building open-source folder" -echo "------------------------------------------------------------------------------" -rm -rf $dist_dir -mkdir -p $dist_dir -mkdir -p $dist_template_dir - -echo "------------------------------------------------------------------------------" -echo "Copying Deployment Folder" -echo "------------------------------------------------------------------------------" -cp -v $source_template_dir/build-s3-dist.sh $dist_template_dir -cp -v $source_template_dir/run-unit-tests.sh $dist_template_dir -cp -vr $source_template_dir/cdk-solution-helper $dist_template_dir - -echo "------------------------------------------------------------------------------" -echo "Copying Source Folder" -echo "------------------------------------------------------------------------------" -cp -r $source_dir $dist_dir -cp $source_template_dir/../LICENSE.txt $dist_dir -cp $source_template_dir/../NOTICE.txt $dist_dir -cp $source_template_dir/../README.md $dist_dir -cp $source_template_dir/../CODE_OF_CONDUCT.md $dist_dir -cp $source_template_dir/../CONTRIBUTING.md $dist_dir -cp $source_template_dir/../CHANGELOG.md $dist_dir -cp $source_template_dir/../.gitignore $dist_dir - -echo "------------------------------------------------------------------------------" -echo "Copying Architecture Diagram and GitHub Templates" -echo "------------------------------------------------------------------------------" -cp -r $source_template_dir/assets/.github $dist_dir/ -cp $source_template_dir/assets/architecture.png $dist_dir/ - -echo "------------------------------------------------------------------------------" -echo "Removing Build Files From Open Source Packaging" -echo "------------------------------------------------------------------------------" -find $dist_dir -iname "dist" -type d -exec rm -r "{}" \; 2> /dev/null -find $dist_dir -iname "node_modules" -type d -exec rm -r "{}" \; 2> /dev/null -find $dist_dir -name "package-lock.json" -type f -exec rm -r "{}" \; 2> /dev/null - -find $dist_dir -iname "pypackage" -type d -exec rm -r "{}" \; 2> /dev/null -find $dist_dir -iname "pytests" -type d -exec rm -r "{}" \; 2> /dev/null -find $dist_dir -iname "__pycache__" -type d -exec rm -r "{}" \; 2> /dev/null -find $dist_dir -iname "*.egg-info" -type d -exec rm -r "{}" \; 2> /dev/null -find $dist_dir -type f -name '*.pyc' -delete -rm $dist_dir/source/mediainfo/bin/mediainfo - -echo "------------------------------------------------------------------------------" -echo "Creating GitHub zip file" -echo "------------------------------------------------------------------------------" -cd $dist_dir -zip -q -r9 ../$1.zip * .github .gitignore -rm -rf * -rm -rf .github .gitignore -mv ../$1.zip . -echo "Completed building $1.zip" \ No newline at end of file From 69104cebc01e147805d4cabc8aba73e50f5e98e0 Mon Sep 17 00:00:00 2001 From: Eddie Goynes Date: Mon, 1 May 2023 13:57:26 -0700 Subject: [PATCH 3/3] Update to v6.1.2 --- CHANGELOG.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5223acc3..7ce9c059 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,10 +4,13 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [6.1.2] - 2023-5-01 -### Changed -- Created unique cachePolicyName for CloudFront cache policy allowing the stack to deployed multiple times across regions. -- Added unique prefix for Application Registry name so if a stack update is performance the new application will show up in app manager. -- Added package-lock files to show snapshot of packages used during build. +### Added +- Created unique cachePolicyName for CloudFront cache policy allowing the stack to deployed multiple times across regions. +- Added unique prefix for Application Registry name so if a stack update is performance the new application will show up in app manager. +- Added package-lock files to show snapshot of packages used during build. + +### Removed +- Removed github action workflow files ## [6.1.1] - 2023-4-17 ### Changed