Skip to content

[UNSAFE] Update dependency securetrading-gl/st-server-project/project-infrastructure-cicd to v69

GitLab Scheduler requested to merge renovate/unsafe/trustpayments-public/mobile-sdk/android-major-tp-projects-major into master

This MR contains the following updates:

Package Type Update Change
securetrading-gl/st-server-project/project-infrastructure-cicd repository major 64.3.15 -> 69.0.1

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

securetrading-gl/st-server-project/project-infrastructure-cicd (securetrading-gl/st-server-project/project-infrastructure-cicd)

v69.0.1

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1209 - Adding logs

Fixes

  • Logging for check_amplify_app_health and check_amplify_pipeline_status

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1114 - ERYR-637 Improve CICD behave script for local execution

New features

  • ERYR-637 Improve CICD behave script for local execution
  • .cicd_scripts/execute/local/component_tests.sh now accepts --format argument

Breaking Changes

  • .cicd_scripts/execute/local/component_tests.sh default value for --outfile is now stdout
  • After this change local execution for behave tests will output results to stdout. Execution in pipeline will still output to artifact files

image.png

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1239 - SI-2351: Fix amplify cleanup step.

Changes

  • Added .cleanup-amplify job to deal with amplify review envs.

Commit history

  • 5a79e9e Adding logs
  • c0cc967 ERYR-637 Improve CICD behave script for local execution
  • 4403628 SI-2351: Fix amplify cleanup step.

v68.0.3

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1243 - Hotfix - Fix typo in ALLOWED_ENVIRONMENTS list

Hotfix

Fixing typo in ALLOWED_ENVIRONMENTS list in script wait_for_related_pipelines.py.

Commit history

  • 682969c Hotfix - Fix typo in ALLOWED_ENVIRONMENTS list

v68.0.2

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1242 - Hotfix - SI-2114 - Add missing CI rules for shared CI downstream job

Hotfix

Add missing gitlab-ci rules .rules-when-create-downstream-shared-core-infrastructure for downstream job used in Shared Core Infrastructure environments.

Commit history

  • 28c8800 Hotfix - SI-2114 - Add missing CI rules for shared CI downstream job

v68.0.1

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1240 - Hotfix - fix ci fules for core-infra and shared-core-infra

Hotfix

Fix rules for Core-Infrastructure and Shared Core-Infrastructure to use only rules for when: never if SHARED_CORE_INFRASTRUCTURE_WORKSPACE is set (for shared CI) or not set (for separated CI).

Rules were copied from .rules-when-review and added one rule for when:never set:

.rules-when-review:
  rules:
    - <<: *not-on-scheduled-pact-verification
    - <<: *not-on-scheduled-smoke-tests
    - <<: *not-on-scheduled-nightly-tests-supervisor
    - <<: *not-on-scheduled-renovate-trigger
    - <<: *not-on-scheduled-mulesoft-remove-old-environments
    - <<: *not-on-scheduled-dependency-update
    - <<: *not-on-scheduled-dependency-update-auto-merge
    - <<: *not-on-scheduled-hotfix-branch-tests-supervisor
    - <<: *not-on-publish-to-s3
    - <<: *not-on-delete-environment
    - <<: *not-on-downstream-create-trigger
    - <<: *not-on-downstream-destroy-trigger
    - <<: *not-on-hotfix-branch
    - <<: *not-on-scheduled-hotfix-branch-tests-worker
    - <<: *on-review-branch
    - <<: *on-renovate-branch
    - <<: *on-scheduled-nightly-tests-worker
    - <<: *not-otherwise

added new rules:

# Rules used when creating or updating Core Infrastructure (copy of .rules-when-review with added one rule `not-on-create-or-update-shared-core-infrastructure`)
.rules-when-create-or-update-core-infrastructure:
  rules:
    - <<: *not-on-scheduled-pact-verification
    - <<: *not-on-scheduled-smoke-tests
    - <<: *not-on-scheduled-nightly-tests-supervisor
    - <<: *not-on-scheduled-renovate-trigger
    - <<: *not-on-scheduled-mulesoft-remove-old-environments
    - <<: *not-on-scheduled-dependency-update
    - <<: *not-on-scheduled-dependency-update-auto-merge
    - <<: *not-on-scheduled-hotfix-branch-tests-supervisor
    - <<: *not-on-publish-to-s3
    - <<: *not-on-delete-environment
    - <<: *not-on-downstream-create-trigger
    - <<: *not-on-downstream-destroy-trigger
    - <<: *not-on-hotfix-branch
    - <<: *not-on-scheduled-hotfix-branch-tests-worker
    - <<: *not-on-create-or-update-shared-core-infrastructure     <--- added here new rule entry
    - <<: *on-review-branch
    - <<: *on-renovate-branch
    - <<: *on-scheduled-nightly-tests-worker
    - <<: *not-otherwise

# Rules used when creating or updating shared Core Infrastructure (copy of .rules-when-review with added one rule `not-on-create-or-update-shared-core-infrastructure-when-empty`)
.rules-when-create-or-update-shared-core-infrastructure:
  rules:
    - <<: *not-on-scheduled-pact-verification
    - <<: *not-on-scheduled-smoke-tests
    - <<: *not-on-scheduled-nightly-tests-supervisor
    - <<: *not-on-scheduled-renovate-trigger
    - <<: *not-on-scheduled-mulesoft-remove-old-environments
    - <<: *not-on-scheduled-dependency-update
    - <<: *not-on-scheduled-dependency-update-auto-merge
    - <<: *not-on-scheduled-hotfix-branch-tests-supervisor
    - <<: *not-on-publish-to-s3
    - <<: *not-on-delete-environment
    - <<: *not-on-downstream-create-trigger
    - <<: *not-on-downstream-destroy-trigger
    - <<: *not-on-hotfix-branch
    - <<: *not-on-scheduled-hotfix-branch-tests-worker
    - <<: *not-on-create-or-update-shared-core-infrastructure-when-empty     <--- added here new rule entry
    - <<: *on-review-branch
    - <<: *on-renovate-branch
    - <<: *on-scheduled-nightly-tests-worker
    - <<: *not-otherwise

Commit history

  • 83374cd Hotfix - fix ci fules for core-infra and shared-core-infra

v68.0.0

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1229 - SI-2153 Add new environments to PI-CICD for DataHub and MBase

Breaking changes

SI-2153 Add new environments to PI-CICD for DataHub and MBase

Closes SI-2153

Commit history

  • 67c3e1b SI-2153 Add new environments to PI-CICD for DataHub and MBase

v67.2.2

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1230 - SI-2209 lacework inline scanner

Changes

This merge request introduces the Lacework Inline Scanner, which checks the project's images for security vulnerabilities. Previously, only Docker images pushed to the ECR registry were scanned.

By default this scanner will be disabled for now until a new vulnerability management process is established.

Commit history

  • 79e437f SI-2209 lacework inline scanner

v67.2.1

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1227 - SI-2215: Amplify review envs fixes (Renovate)

Fixes

  • Fixed ENV Var to prevent amplify-src repos from committing recursively.
  • Edited terraform_configure_workspace.sh to do:
    • For renovate branches if AMPLIFY_PROJECT_OVERRIDE_NAME is set use this value instead of the caller project.
  • Edited amplify review scripts to pass the terraform workspace from SRC to INFRA so they match. (This was not the case before and causing problems with renovates)

Commit history

  • fcdac5a SI-2215: Amplify review envs fixes (Renovate)

v67.2.0

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1236 - SI-2115 - Support for shared core infrastructure deployment and check

New features

  • Adding support for deployment of Shared Core Infrastructure for review environments.
  • To implement Shared Core Infrastructure define variable SHARED_CORE_INFRASTRUCTURE_WORKSPACE in repository .gitlab-ci.yml (in variables section) file as a shared workspace used in terraform for core-infrastructure deployment. Info: This is an info message.

Important note: The name of shared workspace defined in variable SHARED_CORE_INFRASTRUCTURE_WORKSPACE should be a short name of project/team up to 6 characters.

  • Added new section environments in is_core_deployed SSM parameter that will be updated when using Shared Core Infrastructure with the following values:
    "environments" : {
      "s123p" : {"workspace": "s123p","project": "st-python-service-template", "last_modified": "YYYY-MM-DD HH:MM:SS"}
    }
  • Added new scripts for wait_for_related_pipelines_by_variable to use in core-infrastructure repository (but they are generic scripts so can be used in any other repository) to support finding pipelines that were triggered in CI with specified variable (in this case with SHARED_CORE_INFRASTRUCTURE_WORKSPACE when is set to a shared workspace) and wait for any pipelines that were also triggered at the same time - to fix issue with access simultaneously to shared core-infrastructure tfstate in tf-apply job for the same workspace.
  • Added hidden job .wait-for-related-shared-core-infrastructure-pipelines to be used in core-infrastructure for the above use case.
  • Modified terraform_configure_workspace.sh to update TERRAFORM_WORKSPACE environment variable with SHARED_CORE_INFRASTRUCTURE_WORKSPACE and also to update UPSTREAM_WORKSPACE as a workspace for review environment.
    For example in spst repository for ticket SI-123:
    TERRAFORM_WORKSPACE = 'spst'
    UPSTREAM_WORKSPACE = 's123p' - used then in environments section in is_core_deployed SSM parameter
  • Modified Gitlab CI rules to support new jobs for Shared Core Infrastructure (details below)

More info about the SHARED_CORE_INFRASTRUCTURE_WORKSPACE variable

1. When SHARED_CORE_INFRASTRUCTURE_WORKSPACE is set:

variables:
  SHARED_CORE_INFRASTRUCTURE_WORKSPACE: 'spst'

2. When SHARED_CORE_INFRASTRUCTURE_WORKSPACE is not defined:

  • nothing changes, separated Core Infrastructure will be deployed for review environments

Commit history

  • b65e394 SI-2115 - Support for shared core infrastructure deployment and check

v67.1.6

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1238 - [SI-2211] Scheduled Hotfix Branch Tests Supervisor issue

Hotfix

  • SI-2211 Waiting for pipeline base on branch name and not on git reference. This change has fixed the error with hanging scheduled-hotfix-tests-prepare-test-branch-and-trigger-worker GitLab jobs. It does not require any changes from the end user.
  • Adding additional logs for diagnosing issues related to GitLab API calls.

Commit history

  • c926440 [SI-2211] Scheduled Hotfix Branch Tests Supervisor issue

v67.1.5

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1233 - SI-2224 re-enable amplify template check

Changes

  • Re-enable amplify-service-check-template-release
  • Add amplify-cleanup-review job.

Commit history

  • 15c698e SI-2224 re-enable amplify template check

v67.1.4

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1232 - SI-2207: PyPI Change "index-url" to private "gitlab" registry.

Changes

For .py-unit-tests-package-installed-review and .py-unit-tests-package-installed-release jobs:

  • No longer set https://pypi.org/simple as the main index-url in pip.conf. Instead use https://token:${GITLAB_API_TOKEN}@&#8203;gitlab.com/api/v4/projects/26595653/packages/pypi/simple. This is to mitigate the "CVE" described in this ticket https://securetrading.atlassian.net/browse/SI-2207

Fixes

Disable job validate-merge-request-description that is not required when triggering infra pipeline. It caused issues when last commit for a new branch taken from master was renovate's commit.

Commit history

  • eab48f26 SI-2207: PyPI Change "index-url" to private "gitlab" registry.

v67.1.3

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1234 - Change default branch for jpc-merge-to-master job

Hotfix

Change branch used in jpc-merge-to-master job for JS Payments Card project as it's using dev-1 instead of develop.

Commit history

  • fdb4cc2f Change default branch for jpc-merge-to-master job

v67.1.2

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1231 - Fix issue with merge to master creating conflicts for projects using branches...

Hotfix

  • Fix *-merge-to-master jobs so target branch can be adjusted based on the git branching strategy. This is an internal fix - does not affect feature teams.
  • Fix TFLint logs output by exposing them as artifacts. This can be helpful when we need to debug TFLint activity by passing TFLINT_LOG variable and settings its value to debug or trace which can produce a lot of output (more than 100MB), which cuts off job output and prevents proper debugging. See example output: https://gitlab.com/securetrading-gl/st-server-project/st-python-service-template/-/jobs/6814517419.

Commit history

  • 6ebf346 Fix issue with merge to master creating conflicts for projects using branches...

v67.1.1

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1228 - Amplify Review Envs: Prevent recursive SRC triggering INFRA

Hotfix

Amplify Review Envs: Check if the last commit message was the automatic commit, if so do not add another. Prevents recursive loop

Commit history

  • e9bc539 Amplify Review Envs: Prevent recursive SRC triggering INFRA

v67.1.0

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1212 - SI-1669: Skip ecr scan option

New features

If SKIP_ECR_SCAN is set to true in the .service-images-build: job, we skip the ECR image scanner step as sometimes we want to use newer images that are not supported by AWS ECR image scanning. A few examples would be Datadog and Envoy.

Commit history

  • 8080dcbe SI-1669: Skip ecr scan option

v67.0.5

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1225 - SI-2205 Added logic to handle CICD releases (Amplify)

Fixes

Updated Amplify review environments to correctly handle CICD releases and template checks, as before CICD would trigger amplify with a trigger token causing the INFRA for amplify to never get created (expected behaviour when the project was trigged via a trigger token). However we want INFRA to be created when a template check happens.

We do this by passing a new variable called AMPLIFY_REVIEW_FORCE_INFRA to the amplify template repo when we trigger it.

Commit history

  • ff0d8996 SI-2205 Added logic to handle CICD releases (Amplify)

v67.0.4

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1226 - Hotfix - Fix Assume Role on scheduled hotfix

Hotfix

  • Assume role fix on scheduled hotfix for SI-2179.

Commit history

  • 61d05d4 Hotfix - Fix Assume Role on scheduled hotfix

v67.0.2

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1219 - SI-2166 disable amplify-service-check-template-release to unblock PI-CICD releases

Hotfix

disable amplify-service-check-template-release to unblock pi-cicd releases

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1216 - [UNSAFE] Update TP Projects - Major to v10 (major)

Commit history

  • 479870cf SI-2166 disable amplify-service-check-template-release to unblock PI-CICD releases
  • c54e1fc6 [UNSAFE] Update TP Projects - Major to v10 (major)

v67.0.0

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1184 - SI-1722: AWS Amplify Review Envs

Breaking changes

  • Added scripts & jobs to provide review environments for amplify projects. As a result the shared dev will no longer get updated. Note this is only a breaking change for AWS amplify based projects.

Migration process

Nothing to migrate, just be aware that the shared dev environment will not be updated with your changes and you will need to implement review environments as seen in the template src and infra examples

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1215 - [UNSAFE] Update Maven - Major (major)

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1214 - [SAFE] Update TP Projects - Minor/Patch to v9.10.13

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1213 - [SAFE] Update Maven - Minor/Patch

Commit history

  • fca267f SI-1722: AWS Amplify Review Envs
  • a599657 [UNSAFE] Update Maven - Major (major)
  • c9bcb8a [SAFE] Update TP Projects - Minor/Patch to v9.10.13
  • b507a3b [SAFE] Update Maven - Minor/Patch

v66.0.0

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1211 - SI-2107 check_amplify_pipeline_status.sh fix

Breaking changes

The script check_amplify_pipeline_status.sh has been changed. Now it requires the AMPLIFY_FRAMEWORK variable to be specified (default value is Next.js - SSR). If you are using a framework other than Next.js - SSR, then you need specify AMPLIFY_FRAMEWORK in .gitlab-ci.yml file with proper value. These modifications apply only to projects utilizing the CICD Amplify pipeline.

tests: https://gitlab.com/securetrading-gl/st-server-project/amplify-apps/st-template-next-amplify/st-template-next-amplify-src/-/jobs/6724680096

Commit history

  • f01bca7 SI-2107 check_amplify_pipeline_status.sh fix

v65.0.1

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1210 - SI-1980 localstack_add_lambda.py fix

Changes

Fixed localstack_add_lambda.py to run on EKS Gitlab Runners.

Commit history

  • 48eb7c8 SI-1980 localstack_add_lambda.py fix

v65.0.0

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1207 - SI-1849 - Remove US Jobs

Breaking changes

SI-1849 - Removing US related jobs from PI-CICD

Migration process

  • Remove US related jobs from gitlab-ci.yml or files inside .gitlab/
  • eg, DISABLE_JOB_tf_plan_stage_us: 'true', tf-apply-prod-us etc

Commit history

  • 34e7415 SI-1849 - Remove US Jobs

v64.4.3

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1208 - Check output file from behave tests

Fixes

  • SI-2031 Fixing error with "False positive pipeline for an error before tests and their omissions"

Commit history

  • 9b3e745 Check output file from behave tests

v64.4.2

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1197 - SI-1987 Issue with assumerole

Hotfix

Commit history

  • e30696e SI-1987 Issue with assumerole

v64.4.1

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1205 - Hotfix skip js vuln

Hotfix

Fixing issue with DISABLE_JOB_vuln_check variable and passing this variable to dependent templates This change applies to all java-script project which are using.gitlab/pipeline/stages/js/fast-tests.yml configuration file.

DISABLE_JOB_vuln_check hasn't work, because Gitlab rules for vuln-check job have been overriding by .rules-always rule mentioned in .fast-tests. Eg.:

image

After changing the order, expected rules for vuln-check job have been set.

image

Commit history

  • cd9ce01 Hotfix skip js vuln

v64.4.0

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1203 - SI-1910: JS pipeline image with Python 3.11

New Features

Added support for Python 3.11 in Ubuntu 22.04 JS Docker image.

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1202 - Hotfix - correct pact-bin dir path

Hotfix

Correct directory for pact/bin

Commit history

  • a2b273d SI-1910: JS pipeline image with Python 3.11
  • 888d86d Hotfix - correct pact-bin dir path

v64.3.23

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1201 - SI-1701: Update Maven to 3.9.6

Changes

  • Updated maven to 3.9.6 on the 2204 image.

Commit history

  • da6a0e6 SI-1701: Update Maven to 3.9.6

v64.3.22

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1198 - SI-1984: Migration from ST/AppMesh to ST/Filtered/AppMesh

Changes

Due to the cost savings, there is a migration from ST/AppMesh to ST/Filtered/AppMesh

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1200 - Fix

Hotfix

Fix tags on prod-eu-sandbox as per outlined in SI-1987

Commit history

  • 94df726 SI-1984: Migration from ST/AppMesh to ST/Filtered/AppMesh
  • 87543eb Fix

v64.3.20

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1195 - Hotfix k8s cpu mem requests

Fixes

k8s cpu mem requests

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1196 - Hotfix - Core Deployment Permissions

Hotfix

  • Patch permissions to ensure Core deployments on review envs use the RW role.

Commit history

  • 439ceb5 Hotfix k8s cpu mem requests
  • cd0bb0e Hotfix - Core Deployment Permissions

v64.3.18

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1181 - SmartPOS - Gradle Lint Modifications

Changes

  • Updated Android lint to allow passing of specific build flavours during the lint instead of all.

Commit history

  • 050b082 SmartPOS - Gradle Lint Modifications

v64.3.17

Compare Source

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1193 - Adding tag for smoke-candidate-data-prod-eu

Hotfix

Adding tag for smoke-candidate-data-prod-eu

https://gitlab.com/securetrading-gl/st-server-project/project-infrastructure-cicd/-/merge_requests/1192 - SI-1874 Kubernetes MEM/CPU requests

Changes

SI-1874 Kubernetes MEM/CPU requests

Commit history

  • 0245680 SI-1874 Kubernetes MEM/CPU requests
  • 54d84af Adding tag for smoke-candidate-data-prod-eu

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by GitLab Scheduler

Merge request reports