[UNSAFE] Update dependency securetrading-gl/st-server-project/project-infrastructure-cicd to v69
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
securetrading-gl/st-server-project/project-infrastructure-cicd | repository | major |
64.3.15 -> 69.0.1
|
⚠ ️ WarningSome dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
securetrading-gl/st-server-project/project-infrastructure-cicd (securetrading-gl/st-server-project/project-infrastructure-cicd)
v69.0.1
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1209 - Adding logs
Fixes
- Logging for check_amplify_app_health and check_amplify_pipeline_status
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1114 - ERYR-637 Improve CICD behave script for local execution
New features
- ERYR-637 Improve CICD behave script for local execution
- .cicd_scripts/execute/local/component_tests.sh now accepts --format argument
Breaking Changes
- .cicd_scripts/execute/local/component_tests.sh default value for --outfile is now stdout
- After this change local execution for behave tests will output results to stdout. Execution in pipeline will still output to artifact files
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1239 - SI-2351: Fix amplify cleanup step.
Changes
- Added
.cleanup-amplify
job to deal with amplify review envs.
Commit history
- 5a79e9e Adding logs
- c0cc967 ERYR-637 Improve CICD behave script for local execution
- 4403628 SI-2351: Fix amplify cleanup step.
v68.0.3
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1243 - Hotfix - Fix typo in ALLOWED_ENVIRONMENTS list
Hotfix
Fixing typo in
ALLOWED_ENVIRONMENTS
list in scriptwait_for_related_pipelines.py
.
Commit history
- 682969c Hotfix - Fix typo in ALLOWED_ENVIRONMENTS list
v68.0.2
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1242 - Hotfix - SI-2114 - Add missing CI rules for shared CI downstream job
Hotfix
Add missing gitlab-ci rules
.rules-when-create-downstream-shared-core-infrastructure
for downstream job used in Shared Core Infrastructure environments.
Commit history
- 28c8800 Hotfix - SI-2114 - Add missing CI rules for shared CI downstream job
v68.0.1
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1240 - Hotfix - fix ci fules for core-infra and shared-core-infra
Hotfix
Fix rules for Core-Infrastructure and Shared Core-Infrastructure to use only rules for
when: never
ifSHARED_CORE_INFRASTRUCTURE_WORKSPACE
is set (for shared CI) or not set (for separated CI).Rules were copied from
.rules-when-review
and added one rule forwhen:never
set:.rules-when-review: rules: - <<: *not-on-scheduled-pact-verification - <<: *not-on-scheduled-smoke-tests - <<: *not-on-scheduled-nightly-tests-supervisor - <<: *not-on-scheduled-renovate-trigger - <<: *not-on-scheduled-mulesoft-remove-old-environments - <<: *not-on-scheduled-dependency-update - <<: *not-on-scheduled-dependency-update-auto-merge - <<: *not-on-scheduled-hotfix-branch-tests-supervisor - <<: *not-on-publish-to-s3 - <<: *not-on-delete-environment - <<: *not-on-downstream-create-trigger - <<: *not-on-downstream-destroy-trigger - <<: *not-on-hotfix-branch - <<: *not-on-scheduled-hotfix-branch-tests-worker - <<: *on-review-branch - <<: *on-renovate-branch - <<: *on-scheduled-nightly-tests-worker - <<: *not-otherwise
added new rules:
# Rules used when creating or updating Core Infrastructure (copy of .rules-when-review with added one rule `not-on-create-or-update-shared-core-infrastructure`) .rules-when-create-or-update-core-infrastructure: rules: - <<: *not-on-scheduled-pact-verification - <<: *not-on-scheduled-smoke-tests - <<: *not-on-scheduled-nightly-tests-supervisor - <<: *not-on-scheduled-renovate-trigger - <<: *not-on-scheduled-mulesoft-remove-old-environments - <<: *not-on-scheduled-dependency-update - <<: *not-on-scheduled-dependency-update-auto-merge - <<: *not-on-scheduled-hotfix-branch-tests-supervisor - <<: *not-on-publish-to-s3 - <<: *not-on-delete-environment - <<: *not-on-downstream-create-trigger - <<: *not-on-downstream-destroy-trigger - <<: *not-on-hotfix-branch - <<: *not-on-scheduled-hotfix-branch-tests-worker - <<: *not-on-create-or-update-shared-core-infrastructure <--- added here new rule entry - <<: *on-review-branch - <<: *on-renovate-branch - <<: *on-scheduled-nightly-tests-worker - <<: *not-otherwise # Rules used when creating or updating shared Core Infrastructure (copy of .rules-when-review with added one rule `not-on-create-or-update-shared-core-infrastructure-when-empty`) .rules-when-create-or-update-shared-core-infrastructure: rules: - <<: *not-on-scheduled-pact-verification - <<: *not-on-scheduled-smoke-tests - <<: *not-on-scheduled-nightly-tests-supervisor - <<: *not-on-scheduled-renovate-trigger - <<: *not-on-scheduled-mulesoft-remove-old-environments - <<: *not-on-scheduled-dependency-update - <<: *not-on-scheduled-dependency-update-auto-merge - <<: *not-on-scheduled-hotfix-branch-tests-supervisor - <<: *not-on-publish-to-s3 - <<: *not-on-delete-environment - <<: *not-on-downstream-create-trigger - <<: *not-on-downstream-destroy-trigger - <<: *not-on-hotfix-branch - <<: *not-on-scheduled-hotfix-branch-tests-worker - <<: *not-on-create-or-update-shared-core-infrastructure-when-empty <--- added here new rule entry - <<: *on-review-branch - <<: *on-renovate-branch - <<: *on-scheduled-nightly-tests-worker - <<: *not-otherwise
Commit history
- 83374cd Hotfix - fix ci fules for core-infra and shared-core-infra
v68.0.0
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1229 - SI-2153 Add new environments to PI-CICD for DataHub and MBase
Breaking changes
SI-2153 Add new environments to PI-CICD for DataHub and MBase
Closes SI-2153
Commit history
- 67c3e1b SI-2153 Add new environments to PI-CICD for DataHub and MBase
v67.2.2
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1230 - SI-2209 lacework inline scanner
Changes
This merge request introduces the Lacework Inline Scanner, which checks the project's images for security vulnerabilities. Previously, only Docker images pushed to the ECR registry were scanned.
By default this scanner will be disabled for now until a new vulnerability management process is established.
Commit history
- 79e437f SI-2209 lacework inline scanner
v67.2.1
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1227 - SI-2215: Amplify review envs fixes (Renovate)
Fixes
- Fixed ENV Var to prevent amplify-src repos from committing recursively.
- Edited
terraform_configure_workspace.sh
to do:
- For
renovate
branches ifAMPLIFY_PROJECT_OVERRIDE_NAME
is set use this value instead of the caller project.- Edited amplify review scripts to pass the terraform workspace from SRC to INFRA so they match. (This was not the case before and causing problems with
renovates
)
Commit history
- fcdac5a SI-2215: Amplify review envs fixes (Renovate)
v67.2.0
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1236 - SI-2115 - Support for shared core infrastructure deployment and check
New features
- Adding support for deployment of Shared Core Infrastructure for review environments.
- To implement Shared Core Infrastructure define variable
SHARED_CORE_INFRASTRUCTURE_WORKSPACE
in repository.gitlab-ci.yml
(invariables
section) file as a shared workspace used in terraform forcore-infrastructure
deployment. Info: This is an info message.
❗ Important note: The name of shared workspace defined in variableSHARED_CORE_INFRASTRUCTURE_WORKSPACE
should be a short name of project/team up to 6 characters.
- Added new section
environments
inis_core_deployed
SSM parameter that will be updated when using Shared Core Infrastructure with the following values:"environments" : { "s123p" : {"workspace": "s123p","project": "st-python-service-template", "last_modified": "YYYY-MM-DD HH:MM:SS"} }
- Added new scripts for
wait_for_related_pipelines_by_variable
to use incore-infrastructure
repository (but they are generic scripts so can be used in any other repository) to support finding pipelines that were triggered inCI
with specified variable (in this case withSHARED_CORE_INFRASTRUCTURE_WORKSPACE
when is set to a shared workspace) and wait for any pipelines that were also triggered at the same time - to fix issue with access simultaneously to shared core-infrastructuretfstate
intf-apply
job for the same workspace.- Added hidden job
.wait-for-related-shared-core-infrastructure-pipelines
to be used incore-infrastructure
for the above use case.- Modified
terraform_configure_workspace.sh
to updateTERRAFORM_WORKSPACE
environment variable withSHARED_CORE_INFRASTRUCTURE_WORKSPACE
and also to updateUPSTREAM_WORKSPACE
as a workspace for review environment.
For example inspst
repository for ticketSI-123
:
TERRAFORM_WORKSPACE = 'spst'
UPSTREAM_WORKSPACE = 's123p'
- used then inenvironments
section inis_core_deployed
SSM parameter- Modified Gitlab CI rules to support new jobs for Shared Core Infrastructure (details below)
More info about the
SHARED_CORE_INFRASTRUCTURE_WORKSPACE
variable1. When
SHARED_CORE_INFRASTRUCTURE_WORKSPACE
is set:variables: SHARED_CORE_INFRASTRUCTURE_WORKSPACE: 'spst'
deploy-shared-core-infrastructure
job is enabled inbuild
stage like in example:
https://gitlab.com/securetrading-gl/st-server-project/st-python-service-template/-/jobs/6889608074
build-core-infrastructure
job is disabled inbuild
stage automatically.
2. When
SHARED_CORE_INFRASTRUCTURE_WORKSPACE
is not defined:
- nothing changes, separated Core Infrastructure will be deployed for review environments
Commit history
- b65e394 SI-2115 - Support for shared core infrastructure deployment and check
v67.1.6
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1238 - [SI-2211] Scheduled Hotfix Branch Tests Supervisor issue
Hotfix
- SI-2211 Waiting for pipeline base on branch name and not on git reference. This change has fixed the error with hanging
scheduled-hotfix-tests-prepare-test-branch-and-trigger-worker
GitLab jobs. It does not require any changes from the end user.- Adding additional logs for diagnosing issues related to GitLab API calls.
Commit history
- c926440 [SI-2211] Scheduled Hotfix Branch Tests Supervisor issue
v67.1.5
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1233 - SI-2224 re-enable amplify template check
Changes
- Re-enable
amplify-service-check-template-release
- Add
amplify-cleanup-review
job.
Commit history
- 15c698e SI-2224 re-enable amplify template check
v67.1.4
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1232 - SI-2207: PyPI Change "index-url" to private "gitlab" registry.
Changes
For
.py-unit-tests-package-installed-review
and.py-unit-tests-package-installed-release
jobs:
- No longer set
https://pypi.org/simple
as the mainindex-url
inpip.conf
. Instead usehttps://token:${GITLAB_API_TOKEN}@​gitlab.com/api/v4/projects/26595653/packages/pypi/simple
. This is to mitigate the "CVE" described in this ticket https://securetrading.atlassian.net/browse/SI-2207Fixes
Disable job
validate-merge-request-description
that is not required when triggeringinfra
pipeline. It caused issues when last commit for a new branch taken from master was renovate's commit.
Commit history
- eab48f26 SI-2207: PyPI Change "index-url" to private "gitlab" registry.
v67.1.3
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1234 - Change default branch for jpc-merge-to-master job
Hotfix
Change branch used in
jpc-merge-to-master
job for JS Payments Card project as it's usingdev-1
instead ofdevelop
.
Commit history
- fdb4cc2f Change default branch for jpc-merge-to-master job
v67.1.2
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1231 - Fix issue with merge to master creating conflicts for projects using branches...
Hotfix
- Fix
*-merge-to-master
jobs so target branch can be adjusted based on the git branching strategy. This is an internal fix - does not affect feature teams.- Fix TFLint logs output by exposing them as artifacts. This can be helpful when we need to debug TFLint activity by passing
TFLINT_LOG
variable and settings its value todebug
ortrace
which can produce a lot of output (more than 100MB), which cuts off job output and prevents proper debugging. See example output: https://gitlab.com/securetrading-gl/st-server-project/st-python-service-template/-/jobs/6814517419.
Commit history
- 6ebf346 Fix issue with merge to master creating conflicts for projects using branches...
v67.1.1
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1228 - Amplify Review Envs: Prevent recursive SRC triggering INFRA
Hotfix
Amplify Review Envs: Check if the last commit message was the automatic commit, if so do not add another. Prevents recursive loop
Commit history
- e9bc539 Amplify Review Envs: Prevent recursive SRC triggering INFRA
v67.1.0
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1212 - SI-1669: Skip ecr scan option
New features
If
SKIP_ECR_SCAN
is set totrue
in the.service-images-build:
job, we skip the ECR image scanner step as sometimes we want to use newer images that are not supported by AWS ECR image scanning. A few examples would be Datadog and Envoy.
Commit history
- 8080dcbe SI-1669: Skip ecr scan option
v67.0.5
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1225 - SI-2205 Added logic to handle CICD releases (Amplify)
Fixes
Updated Amplify review environments to correctly handle CICD releases and template checks, as before CICD would trigger amplify with a trigger token causing the INFRA for amplify to never get created (expected behaviour when the project was trigged via a trigger token). However we want INFRA to be created when a template check happens.
We do this by passing a new variable called
AMPLIFY_REVIEW_FORCE_INFRA
to the amplify template repo when we trigger it.
Commit history
- ff0d8996 SI-2205 Added logic to handle CICD releases (Amplify)
v67.0.4
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1226 - Hotfix - Fix Assume Role on scheduled hotfix
Hotfix
- Assume role fix on scheduled hotfix for SI-2179.
Commit history
- 61d05d4 Hotfix - Fix Assume Role on scheduled hotfix
v67.0.2
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1219 - SI-2166 disable amplify-service-check-template-release to unblock PI-CICD releases
Hotfix
disable
amplify-service-check-template-release
to unblock pi-cicd releases
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1216 - [UNSAFE] Update TP Projects - Major to v10 (major)
Commit history
- 479870cf SI-2166 disable amplify-service-check-template-release to unblock PI-CICD releases
- c54e1fc6 [UNSAFE] Update TP Projects - Major to v10 (major)
v67.0.0
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1184 - SI-1722: AWS Amplify Review Envs
Breaking changes
- Added scripts & jobs to provide review environments for amplify projects. As a result the shared
dev
will no longer get updated. Note this is only a breaking change for AWS amplify based projects.Migration process
Nothing to migrate, just be aware that the shared dev environment will not be updated with your changes and you will need to implement review environments as seen in the template src and infra examples
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1215 - [UNSAFE] Update Maven - Major (major)
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1214 - [SAFE] Update TP Projects - Minor/Patch to v9.10.13
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1213 - [SAFE] Update Maven - Minor/Patch
Commit history
- fca267f SI-1722: AWS Amplify Review Envs
- a599657 [UNSAFE] Update Maven - Major (major)
- c9bcb8a [SAFE] Update TP Projects - Minor/Patch to v9.10.13
- b507a3b [SAFE] Update Maven - Minor/Patch
v66.0.0
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1211 - SI-2107 check_amplify_pipeline_status.sh fix
Breaking changes
The script
check_amplify_pipeline_status.sh
has been changed. Now it requires theAMPLIFY_FRAMEWORK
variable to be specified (default value isNext.js - SSR
). If you are using a framework other thanNext.js - SSR
, then you need specifyAMPLIFY_FRAMEWORK
in.gitlab-ci.yml
file with proper value. These modifications apply only to projects utilizing the CICD Amplify pipeline.
Commit history
- f01bca7 SI-2107 check_amplify_pipeline_status.sh fix
v65.0.1
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1210 - SI-1980 localstack_add_lambda.py fix
Changes
Fixed
localstack_add_lambda.py
to run on EKS Gitlab Runners.
Commit history
- 48eb7c8 SI-1980 localstack_add_lambda.py fix
v65.0.0
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1207 - SI-1849 - Remove US Jobs
Breaking changes
SI-1849 - Removing US related jobs from PI-CICD
Migration process
- Remove US related jobs from gitlab-ci.yml or files inside .gitlab/
- eg,
DISABLE_JOB_tf_plan_stage_us: 'true'
,tf-apply-prod-us
etc
Commit history
- 34e7415 SI-1849 - Remove US Jobs
v64.4.3
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1208 - Check output file from behave tests
Fixes
- SI-2031 Fixing error with "False positive pipeline for an error before tests and their omissions"
Commit history
- 9b3e745 Check output file from behave tests
v64.4.2
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1197 - SI-1987 Issue with assumerole
Hotfix
- Fix tags on prod-eu-sandbox as per outlined in SI-1987
- Revert tag change on Core Infra, as underlying issue with permissions previously merged in https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1196 was in downstream tf-apply rather than core. Correct fix is now applied in https://gitlab.com/securetrading-gl/st-server-project/core-infrastructure/-/merge_requests/1011
Commit history
- e30696e SI-1987 Issue with assumerole
v64.4.1
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1205 - Hotfix skip js vuln
Hotfix
Fixing issue with
DISABLE_JOB_vuln_check
variable and passing this variable to dependent templates This change applies to all java-script project which are using.gitlab/pipeline/stages/js/fast-tests.yml configuration file.
DISABLE_JOB_vuln_check
hasn't work, because Gitlab rules forvuln-check
job have been overriding by.rules-always
rule mentioned in .fast-tests. Eg.:After changing the order, expected rules for
vuln-check
job have been set.
Commit history
- cd9ce01 Hotfix skip js vuln
v64.4.0
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1203 - SI-1910: JS pipeline image with Python 3.11
New Features
Added support for Python 3.11 in Ubuntu 22.04 JS Docker image.
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1202 - Hotfix - correct pact-bin dir path
Hotfix
Correct directory for
pact/bin
Commit history
- a2b273d SI-1910: JS pipeline image with Python 3.11
- 888d86d Hotfix - correct pact-bin dir path
v64.3.23
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1201 - SI-1701: Update Maven to 3.9.6
Changes
- Updated
maven
to 3.9.6 on the2204
image.
Commit history
- da6a0e6 SI-1701: Update Maven to 3.9.6
v64.3.22
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1198 - SI-1984: Migration from ST/AppMesh to ST/Filtered/AppMesh
Changes
Due to the cost savings, there is a migration from ST/AppMesh to ST/Filtered/AppMesh
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1200 - Fix
Hotfix
Fix tags on prod-eu-sandbox as per outlined in SI-1987
Commit history
- 94df726 SI-1984: Migration from ST/AppMesh to ST/Filtered/AppMesh
- 87543eb Fix
v64.3.20
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1195 - Hotfix k8s cpu mem requests
Fixes
k8s cpu mem requests
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1196 - Hotfix - Core Deployment Permissions
Hotfix
- Patch permissions to ensure Core deployments on review envs use the RW role.
Commit history
- 439ceb5 Hotfix k8s cpu mem requests
- cd0bb0e Hotfix - Core Deployment Permissions
v64.3.18
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1181 - SmartPOS - Gradle Lint Modifications
Changes
- Updated Android lint to allow passing of specific build flavours during the lint instead of all.
Commit history
- 050b082 SmartPOS - Gradle Lint Modifications
v64.3.17
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1193 - Adding tag for smoke-candidate-data-prod-eu
Hotfix
Adding tag for smoke-candidate-data-prod-eu
https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1192 - SI-1874 Kubernetes MEM/CPU requests
Changes
SI-1874 Kubernetes MEM/CPU requests
Commit history
- 0245680 SI-1874 Kubernetes MEM/CPU requests
- 54d84af Adding tag for smoke-candidate-data-prod-eu
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.