[AUTO-PR] Automatically generated new release 2024-12-12T19:47:10.693Z

[notify-pr-bot]

What happens when your PR merges?

• Prefix the title of your PR:
  • fix: - tag main as a new patch release
  • feat: - tag main as a new minor release
  • BREAKING CHANGE: - tag main as a new major release
  • [MANIFEST] or [AUTO-PR] - tag main as a new patch release and deploy to production
  • chore: - use for changes to non-app code (ex: GitHub actions)
• Alternatively, change the VERSION file - this will not create a new tag, but rather will release the tag in VERSION to production.

What are you changing?

• Releasing a new version of Notify
• Changing kubernetes configuration

Provide some background on the changes

⚠️ The production version of the Terraform infrastructure is behind the latest staging version. Consider upgrading to the latest version before merging this pull request.

⚠️ The production version of manifests is behind the latest staging version. Consider upgrading to the latest version before merging this pull request.

NOTIFICATION-API

• Update Staging Deployment Name (#2393) by Mike Pond

NOTIFICATION-ADMIN

• Update Staging Deployment Name (#2019) by Mike Pond

NOTIFICATION-DOCUMENT-DOWNLOAD-API

• Update Staging Deployment Name (#204) by Mike Pond

NOTIFICATION-DOCUMENTATION

• Update Staging Deployment Name (#168) by Mike Pond

If you are releasing a new version of Notify, what components are you updating

• API
• Admin
• Documentation
• Document download API

Checklist if releasing new version

• I made sure that the changes are as expected in Notify staging
• I have checked if the docker images I am referencing exist
  • api lambda (requires Notification-Production / AdministratorAccess login)
  • api k8s
  • admin
  • documentation
  • document download API

Checklist if making changes to Kubernetes

• I know how to get kubectl credentials in case it catches on fire

After merging this PR

• I have verified that the tests / deployment actions succeeded
• I have verified that any affected pods were restarted successfully
• I have verified that I can still log into Notify production
• I have verified that the smoke tests still pass on production
• I have communicated the release in the #notify Slack channel.

[github-actions]

ingress	nginx    	5       	2024-12-12 19:44:14.151203857 +0000 UTC	deployed	nginx-ingress-1.1.2	3.4.2      

xray-daemon	xray     	4       	2024-12-12 19:44:13.620425009 +0000 UTC	deployed	aws-xray-4.0.8	3.3.12     

Comparing release=notify-documentation, chart=charts/notify-documentation
Comparing release=notify-api, chart=charts/notify-api
Comparing release=notify-admin, chart=charts/notify-admin
notification-canada-ca, notify-admin, Deployment (apps) has changed:
  # Source: notify-admin/templates/deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: notify-admin
    labels:
      app: notify-admin
  spec:
    priorityClassName: high-priority
    strategy:
      
      rollingUpdate:
        maxSurge: 25%
        maxUnavailable: 25%
      type: RollingUpdate
    selector:
      matchLabels:
        app: notify-admin
    template:
      metadata:
        labels:
          app: notify-admin
      spec:
        serviceAccountName: notify-admin
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        terminationGracePeriodSeconds: 60
        securityContext:
          {}
        initContainers:
          - name: init-postgres
            image: alpine
            command:
              [
                "sh",
                "-c",
                "until nc -z -w 2 $API_HOST_NAME 443; do echo waiting for api; sleep 2; done"
              ]
            env:
              - name: API_HOST_NAME
                value: api.staging.notification.cdssandbox.xyz            
        containers:
          - name: notify-admin
            securityContext:
              {}
            image: "public.ecr.aws/cds-snc/notify-admin:latest"
            imagePullPolicy: Always
            env:
              # Includes common ENV Variables
              - name: ADMIN_BASE_URL
                value: "staging.notification.cdssandbox.xyz"
              - name: ALLOW_DEBUG_ROUTE
                value: "true"
              - name: ALLOW_HTML_SERVICE_IDS
                value: "4de8b784-03a8-4ba8-a440-3bfea1b04fe6,ea608120-148a-4eba-a64c-4d9a8010e7b0"
              - name: API_HOST_NAME
                value: "https://api.staging.notification.cdssandbox.xyz"
              - name: ASSET_UPLOAD_BUCKET_NAME
                value: "notification-canada-ca-staging-asset-upload"
              - name: AWS_REGION
                value: "ca-central-1"
              - name: AWS_XRAY_CONTEXT_MISSING
                value: "LOG_WARNING"
              - name: AWS_XRAY_SDK_ENABLED
                value: "true"
              - name: AWS_XRAY_TRACING_ENABLED
                value: "true"
              - name: BASE_DOMAIN
                value: "staging.notification.cdssandbox.xyz"
              - name: BULK_SEND_AWS_BUCKET
                value: "notification-canada-ca-staging-bulk-send"
              - name: BULK_SEND_TEST_SERVICE_ID
                value: "ea608120-148a-4eba-a64c-4d9a8010e7b0"
              - name: CONTACT_EMAIL
                value: "[email protected]"
              - name: CRM_ORG_LIST_URL
                value: "https://raw.githubusercontent.com/cds-snc/gc-organisations/main/data/all.json"
              - name: CSV_UPLOAD_BUCKET_NAME
-               value: "notification-canada-ca-staging-csv-upload"
+               value: "notification-canada-ca-staging-csv"
              - name: DOCUMENTATION_DOMAIN
                value: "https://documentation.staging.notification.cdssandbox.xyz"
              - name: FF_ANNUAL_LIMIT
                value: "true"
              - name: FF_SALESFORCE_CONTACT
                value: "false"
              - name: FLASK_APP
                value: "application.py"
              - name: GC_ARTICLES_API
                value: "articles.alpha.canada.ca/notification-gc-notify"
              - name: HC_EN_SERVICE_ID
                value: "c2fe9fac-2f28-40ca-b152-08ee41cd6843"
              - name: HC_FR_SERVICE_ID
                value: "changeme"
              - name: IP_GEOLOCATE_SERVICE
                value: "http://ipv4.notification-canada-ca.svc.cluster.local:8080"
              - name: NEW_RELIC_APP_NAME
                value: "notification-admin-staging"
              - name: NEW_RELIC_CONFIG_FILE
                value: "/app/newrelic.ini"
              - name: NEW_RELIC_DISTRIBUTED_TRACING_ENABLED
                value: "true"
              - name: NEW_RELIC_MONITOR_MODE
                value: "true"
              - name: NOTIFY_ENVIRONMENT
                value: "staging"
              - name: REDIS_ENABLED
                value: "true"
              - name: SENTRY_URL
                value: "https://[email protected]/1522933"
              - name: SHOW_STYLE_GUIDE
                value: "true"
              # Includes secret ENV Variables
              - name: ADMIN_CLIENT_SECRET
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: ADMIN_CLIENT_SECRET
              - name: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: CRM_GITHUB_PERSONAL_ACCESS_TOKEN
              - name: DANGEROUS_SALT
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: DANGEROUS_SALT
              - name: DEBUG_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: DEBUG_KEY
              - name: GC_ARTICLES_API_AUTH_PASSWORD
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: GC_ARTICLES_API_AUTH_PASSWORD
              - name: GC_ARTICLES_API_AUTH_USERNAME
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: GC_ARTICLES_API_AUTH_USERNAME
              - name: MIXPANEL_PROJECT_TOKEN
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: MIXPANEL_PROJECT_TOKEN
              - name: NEW_RELIC_LICENSE_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: NEW_RELIC_LICENSE_KEY
              - name: REDIS_PUBLISH_URL
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: REDIS_PUBLISH_URL
              - name: REDIS_URL
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: REDIS_URL
              - name: SECRET_KEY
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: SECRET_KEY
              - name: SQLALCHEMY_DATABASE_URI
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: SQLALCHEMY_DATABASE_URI
              - name: WAF_SECRET
                valueFrom:
                  secretKeyRef:
                    name: notify-admin
                    key: WAF_SECRET
              - name: STATSD_HOST
                valueFrom:
                  fieldRef:
                    fieldPath: spec.nodeName
                
            volumeMounts:
              - name: secrets-store-inline
                mountPath: "/mnt/secrets-store"
                readOnly: true          
               
            ports:
              - name: http
                containerPort: 6012
                protocol: TCP
            readinessProbe:
              httpGet:
                path: /_status?simple=true
                port: 6012
              initialDelaySeconds: 10
              periodSeconds: 3
              timeoutSeconds: 1
              successThreshold: 3
              failureThreshold: 10
            livenessProbe:
              httpGet:
                path: "/_status?simple=true"
                port: 6012
              initialDelaySeconds: 30
              periodSeconds: 3
              timeoutSeconds: 1
              successThreshold: 1
              failureThreshold: 3
            resources:
              limits:
                cpu: 1200m
                memory: 900Mi
              requests:
                cpu: 250m
                memory: 700Mi
            
        volumes:
          - name: secrets-store-inline
            csi:
              driver: secrets-store.csi.k8s.io
              readOnly: true
              volumeAttributes:
                secretProviderClass: notify-admin
        
        nodeSelector:
          eks.amazonaws.com/capacityType: ON_DEMAND

Comparing release=notify-document-download, chart=charts/notify-document-download
Comparing release=notify-celery, chart=charts/notify-celery
Comparing release=k8s-event-logger, chart=/tmp/helmfile3492164311/amazon-cloudwatch/staging/k8s-event-logger/k8s-event-logger/1.1.8/k8s-event-logger
Comparing release=karpenter-crd, chart=/tmp/helmfile3492164311/karpenter/staging/karpenter-crd/karpenter-crd/0.36.1/karpenter-crd
Comparing release=karpenter, chart=/tmp/helmfile3492164311/karpenter/staging/karpenter/karpenter/0.36.1/karpenter
Comparing release=karpenter-nodepool, chart=charts/karpenter-nodepool
Comparing release=priority-classes, chart=deliveryhero/priority-class
Comparing release=secrets-store-csi-driver, chart=secrets-store-csi-driver/secrets-store-csi-driver
Comparing release=aws-secrets-provider, chart=aws-secrets-manager/secrets-store-csi-driver-provider-aws
Comparing release=kube-state-metrics, chart=prometheus-community/kube-state-metrics
Comparing release=blazer, chart=stakater/application
Comparing release=ingress, chart=charts/nginx-ingress
Comparing release=xray-daemon, chart=okgolove/aws-xray