[UNSAFE] Update dependency securetrading-gl/st-server-project/project-infrastructure-cicd to v67 (!430) · Merge requests · trustpayments-public / mobile-sdk / Android

GitLab Scheduler requested to merge renovate/unsafe/trustpayments-public/mobile-sdk/android-major-tp-projects-major into master Apr 30, 2024

This MR contains the following updates:

Package	Type	Update	Change
securetrading-gl/st-server-project/project-infrastructure-cicd	repository	major	`64.3.15` -> `67.1.4`

⚠️ Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

securetrading-gl/st-server-project/project-infrastructure-cicd (securetrading-gl/st-server-project/project-infrastructure-cicd)

`v67.1.4`

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1232 - SI-2207: PyPI Change "index-url" to private "gitlab" registry.

Changes

For .py-unit-tests-package-installed-review and .py-unit-tests-package-installed-release jobs:

No longer set https://pypi.org/simple as the main index-url in pip.conf. Instead use https://token:${GITLAB_API_TOKEN}@gitlab.com/api/v4/projects/26595653/packages/pypi/simple. This is to mitigate the "CVE" described in this ticket https://securetrading.atlassian.net/browse/SI-2207

Fixes

Disable job validate-merge-request-description that is not required when triggering infra pipeline. It caused issues when last commit for a new branch taken from master was renovate's commit.

Commit history

eab48f26 SI-2207: PyPI Change "index-url" to private "gitlab" registry.

`v67.1.3`

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1234 - Change default branch for jpc-merge-to-master job

Hotfix

Change branch used in jpc-merge-to-master job for JS Payments Card project as it's using dev-1 instead of develop.

Commit history

fdb4cc2f Change default branch for jpc-merge-to-master job

`v67.1.2`

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1231 - Fix issue with merge to master creating conflicts for projects using branches...

Hotfix

Fix *-merge-to-master jobs so target branch can be adjusted based on the git branching strategy. This is an internal fix - does not affect feature teams.

Fix TFLint logs output by exposing them as artifacts. This can be helpful when we need to debug TFLint activity by passing TFLINT_LOG variable and settings its value to debug or trace which can produce a lot of output (more than 100MB), which cuts off job output and prevents proper debugging. See example output: https://gitlab.com/securetrading-gl/st-server-project/st-python-service-template/-/jobs/6814517419.

Commit history

6ebf346 Fix issue with merge to master creating conflicts for projects using branches...

`v67.1.1`

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1228 - Amplify Review Envs: Prevent recursive SRC triggering INFRA

Hotfix

Amplify Review Envs: Check if the last commit message was the automatic commit, if so do not add another. Prevents recursive loop

Commit history

e9bc539 Amplify Review Envs: Prevent recursive SRC triggering INFRA

`v67.1.0`

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1212 - SI-1669: Skip ecr scan option

New features

If SKIP_ECR_SCAN is set to true in the .service-images-build: job, we skip the ECR image scanner step as sometimes we want to use newer images that are not supported by AWS ECR image scanning. A few examples would be Datadog and Envoy.

Commit history

8080dcbe SI-1669: Skip ecr scan option

`v67.0.5`

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1225 - SI-2205 Added logic to handle CICD releases (Amplify)

Fixes

Updated Amplify review environments to correctly handle CICD releases and template checks, as before CICD would trigger amplify with a trigger token causing the INFRA for amplify to never get created (expected behaviour when the project was trigged via a trigger token). However we want INFRA to be created when a template check happens.

We do this by passing a new variable called AMPLIFY_REVIEW_FORCE_INFRA to the amplify template repo when we trigger it.

Commit history

ff0d8996 SI-2205 Added logic to handle CICD releases (Amplify)

`v67.0.4`

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1226 - Hotfix - Fix Assume Role on scheduled hotfix

Hotfix

Assume role fix on scheduled hotfix for SI-2179.

Commit history

61d05d4 Hotfix - Fix Assume Role on scheduled hotfix

`v67.0.2`

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1219 - SI-2166 disable amplify-service-check-template-release to unblock PI-CICD releases

Hotfix

disable amplify-service-check-template-release to unblock pi-cicd releases

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1216 - [UNSAFE] Update TP Projects - Major to v10 (major)

Commit history

479870cf SI-2166 disable amplify-service-check-template-release to unblock PI-CICD releases
c54e1fc6 [UNSAFE] Update TP Projects - Major to v10 (major)

`v67.0.0`

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1184 - SI-1722: AWS Amplify Review Envs

Breaking changes

Added scripts & jobs to provide review environments for amplify projects. As a result the shared dev will no longer get updated. Note this is only a breaking change for AWS amplify based projects.

Migration process

Nothing to migrate, just be aware that the shared dev environment will not be updated with your changes and you will need to implement review environments as seen in the template src and infra examples

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1215 - [UNSAFE] Update Maven - Major (major)

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1214 - [SAFE] Update TP Projects - Minor/Patch to v9.10.13

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1213 - [SAFE] Update Maven - Minor/Patch

Commit history

fca267f SI-1722: AWS Amplify Review Envs
a599657 [UNSAFE] Update Maven - Major (major)
c9bcb8a [SAFE] Update TP Projects - Minor/Patch to v9.10.13
b507a3b [SAFE] Update Maven - Minor/Patch

`v66.0.0`

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1211 - SI-2107 check_amplify_pipeline_status.sh fix

Breaking changes

The script check_amplify_pipeline_status.sh has been changed. Now it requires the AMPLIFY_FRAMEWORK variable to be specified (default value is Next.js - SSR). If you are using a framework other than Next.js - SSR, then you need specify AMPLIFY_FRAMEWORK in .gitlab-ci.yml file with proper value. These modifications apply only to projects utilizing the CICD Amplify pipeline.

tests: https://gitlab.com/securetrading-gl/st-server-project/amplify-apps/st-template-next-amplify/st-template-next-amplify-src/-/jobs/6724680096

Commit history

f01bca7 SI-2107 check_amplify_pipeline_status.sh fix

`v65.0.1`

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1210 - SI-1980 localstack_add_lambda.py fix

Changes

Fixed localstack_add_lambda.py to run on EKS Gitlab Runners.

Commit history

48eb7c8 SI-1980 localstack_add_lambda.py fix

`v65.0.0`

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1207 - SI-1849 - Remove US Jobs

Breaking changes

SI-1849 - Removing US related jobs from PI-CICD

Migration process

Remove US related jobs from gitlab-ci.yml or files inside .gitlab/

eg, DISABLE_JOB_tf_plan_stage_us: 'true', tf-apply-prod-us etc

Commit history

34e7415 SI-1849 - Remove US Jobs

`v64.4.3`

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1208 - Check output file from behave tests

Fixes

SI-2031 Fixing error with "False positive pipeline for an error before tests and their omissions"

Commit history

9b3e745 Check output file from behave tests

`v64.4.2`

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1197 - SI-1987 Issue with assumerole

Hotfix

Fix tags on prod-eu-sandbox as per outlined in SI-1987

Revert tag change on Core Infra, as underlying issue with permissions previously merged in https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1196 was in downstream tf-apply rather than core. Correct fix is now applied in https://gitlab.com/securetrading-gl/st-server-project/core-infrastructure/-/merge_requests/1011

Commit history

e30696e SI-1987 Issue with assumerole

`v64.4.1`

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1205 - Hotfix skip js vuln

Hotfix

Fixing issue with DISABLE_JOB_vuln_check variable and passing this variable to dependent templates This change applies to all java-script project which are using.gitlab/pipeline/stages/js/fast-tests.yml configuration file.

DISABLE_JOB_vuln_check hasn't work, because Gitlab rules for vuln-check job have been overriding by .rules-always rule mentioned in .fast-tests. Eg.:

After changing the order, expected rules for vuln-check job have been set.