Merge branch 'main' into tg-tfvars-function

.github/workflows/ai-code-scanner.yml

@@ -1,14 +1,13 @@
 name: AI Code Review
 
-# Disabled the AI code reviewer for now
-# on:
-#   pull_request:
-#     types:
-#       - opened
-#       - synchronize
+on:
+  push:
+    branches-ignore:
+      - main
 
 jobs:
   ai_code_review:
+    if: contains(github.event.head_commit.message, '[review]')
     runs-on: ubuntu-latest
 
     steps:

.github/workflows/backstage-catalog-helper.yml

@@ -25,7 +25,7 @@ jobs:
           app_id: ${{ secrets.SRE_BOT_RW_APP_ID }}
           private_key: ${{ secrets.SRE_BOT_RW_PRIVATE_KEY }}
       - name: Create pull request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@6cd32fd93684475c31847837f87bb135d40a2b79 # v7.0.3
         with:
           token: ${{ steps.generate_token.outputs.token}}
           sign-commits: true

.github/workflows/terragrunt_destroy_environment.yml

@@ -221,45 +221,45 @@ jobs:
           cd env/dev/lambda-google-cidr
           terragrunt destroy --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve
 
-  terragrunt-destroy-quicksight:
-    if: |
-      always() &&
-
-      !contains(needs.*.result, 'cancelled')
-    runs-on: ubuntu-latest  
-    continue-on-error: true
-    needs: [terragrunt-destroy-newrelic,terragrunt-destroy-lambda-google-cidr,terragrunt-destroy-sns_to_sqs_sms_callbacks,terragrunt-destroy-pinpoint_to_sqs_sms_callbacks,terragrunt-destroy-system_status,terragrunt-destroy-system_status_static_site,terragrunt-destroy-ses_to_sqs_email_callbacks]
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+  # terragrunt-destroy-quicksight:
+  #   if: |
+  #     always() &&
+
+  #     !contains(needs.*.result, 'cancelled')
+  #   runs-on: ubuntu-latest  
+  #   continue-on-error: true
+  #   needs: [terragrunt-destroy-newrelic,terragrunt-destroy-lambda-google-cidr,terragrunt-destroy-sns_to_sqs_sms_callbacks,terragrunt-destroy-pinpoint_to_sqs_sms_callbacks,terragrunt-destroy-system_status,terragrunt-destroy-system_status_static_site,terragrunt-destroy-ses_to_sqs_email_callbacks]
+
+  #   steps:
+  #     - name: Checkout
+  #       uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
-      - name: setup-terraform
-        uses: ./.github/actions/setup-terraform
-        with:
-          role_to_assume: arn:aws:iam::800095993820:role/notification-terraform-apply
-          role_session_name: NotifyTerraformDestroy                  
-
-      - name: Install 1Pass CLI
-        run: |
-          curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
-          sudo dpkg -i 1pass.deb          
-
-      - name: terragrunt destroy vpc connection
-        continue-on-error: true
-        run: |
-          aws quicksight delete-vpc-connection --aws-account-id 800095993820 --vpc-connection-id $(aws quicksight list-vpc-connections --aws-account-id 800095993820 --query 'VPCConnectionSummaries[].VPCConnectionId' --output text) || true
-
-      - name: update account settings
-        continue-on-error: true
-        run: |
-          aws quicksight update-account-settings --aws-account-id 800095993820 --default-namespace default --no-termination-protection-enabled
-
-      - name: terragrunt destroy quicksight
-        run: |
-          op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - Dev"/notesPlain > /var/tmp/dev.tfvars
-          cd env/dev/quicksight
-          terragrunt destroy --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve
+  #     - name: setup-terraform
+  #       uses: ./.github/actions/setup-terraform
+  #       with:
+  #         role_to_assume: arn:aws:iam::800095993820:role/notification-terraform-apply
+  #         role_session_name: NotifyTerraformDestroy                  
+
+  #     - name: Install 1Pass CLI
+  #       run: |
+  #         curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
+  #         sudo dpkg -i 1pass.deb          
+
+  #     - name: terragrunt destroy vpc connection
+  #       continue-on-error: true
+  #       run: |
+  #         aws quicksight delete-vpc-connection --aws-account-id 800095993820 --vpc-connection-id $(aws quicksight list-vpc-connections --aws-account-id 800095993820 --query 'VPCConnectionSummaries[].VPCConnectionId' --output text) || true
+
+  #     - name: update account settings
+  #       continue-on-error: true
+  #       run: |
+  #         aws quicksight update-account-settings --aws-account-id 800095993820 --default-namespace default --no-termination-protection-enabled
+
+  #     - name: terragrunt destroy quicksight
+  #       run: |
+  #         op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - Dev"/notesPlain > /var/tmp/dev.tfvars
+  #         cd env/dev/quicksight
+  #         terragrunt destroy --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve
 
 
   terragrunt-destroy-database-tools:
@@ -268,7 +268,7 @@ jobs:
 
       !contains(needs.*.result, 'cancelled')
     runs-on: ubuntu-latest  
-    needs: [terragrunt-destroy-newrelic,terragrunt-destroy-quicksight,terragrunt-destroy-lambda-google-cidr,terragrunt-destroy-sns_to_sqs_sms_callbacks,terragrunt-destroy-pinpoint_to_sqs_sms_callbacks,terragrunt-destroy-system_status,terragrunt-destroy-system_status_static_site,terragrunt-destroy-ses_to_sqs_email_callbacks]
+    needs: [terragrunt-destroy-newrelic,terragrunt-destroy-lambda-google-cidr,terragrunt-destroy-sns_to_sqs_sms_callbacks,terragrunt-destroy-pinpoint_to_sqs_sms_callbacks,terragrunt-destroy-system_status,terragrunt-destroy-system_status_static_site,terragrunt-destroy-ses_to_sqs_email_callbacks]
 
     steps:
       - name: Checkout
@@ -687,4 +687,4 @@ jobs:
           scripts/cleanupSecurityGroups.sh
           op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - Dev"/notesPlain > /var/tmp/dev.tfvars
           cd env/dev/common
-          terragrunt destroy --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve
+          terragrunt destroy --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve

scripts/manage_longcodes/drain_pool.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# Usage:
+# . drain_pool.sh <pool_id>
+
+# This script will remove and release all but one number from a Pinpoint pool
+
+set -e
+
+if [ -z "$1" ]; then
+    echo "Usage: . drain_pool.sh <pool_id>"
+    return
+fi
+
+printf "\n------------------------------------------------------------\n"
+printf "                         WARNING!!!!\n"
+printf "  This will delete all but one long code from a Pinpoint pool!\n"
+printf "         You do not want to run this or production!\n"
+printf "\n------------------------------------------------------------\n"
+printf "Are you sure you want to continue?"
+echo -n "If so, type 'drain'> "
+read -r check
+
+if [ "$check" != "drain" ]; then
+    echo "Exiting..."
+    exit 1
+fi
+
+if aws pinpoint-sms-voice-v2 describe-pools --pool-ids $1; then    
+    numbers=$(aws pinpoint-sms-voice-v2 list-pool-origination-identities --pool-id $1 | jq -r ".OriginationIdentities[].OriginationIdentity")
+    read -ra numbersArray <<< $numbers # Split the string into an array
+
+    echo "Found ${#numbersArray[@]} numbers in pool $1. Releasing all but one."
+    for number in ${numbersArray[@]:1}; do # Skip the first number - have to keep at least one number in the pool
+        echo "Releasing $number..."
+        aws pinpoint-sms-voice-v2 disassociate-origination-identity --iso-country-code CA --pool-id $1 --origination-identity $number
+        aws pinpoint-sms-voice-v2 release-phone-number --phone-number-id $number
+    done
+else
+    echo "Pool $1 does not exist"
+fi

scripts/manage_longcodes/request_long_codes.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+
+# Usage:
+# . request_long_codes.sh numberOfLongCodes poolId
+
+# This script requests a number of long codes from Pinpoint SMS and assigns them to a pool
+
+set -e
+
+if [ -z "$1" ]; then
+    echo "Please provide the number of long codes to request"
+    exit 1
+fi
+if [ $1 -lt 1 ]; then
+    echo "Number of long codes must be greater than 0"
+    exit 1
+fi
+if [ -z "$2" ]; then
+    echo "Please provide the pool ID to assign the long codes to"
+    exit 1
+fi
+if ! aws pinpoint-sms-voice-v2 describe-pools --pool-ids $2; then
+    echo "Pool $2 does not exist"
+    exit 1
+fi
+numberOfLongCodes=$1
+poolId=$2
+
+
+printf "\n------------------------------------------------------------\n"
+printf "                        WARNING!!!!\n"
+printf "  This will add new phone numbers to a Pinpoint pool\n"
+printf "    You might not want to run this in production!\n"
+printf "\n------------------------------------------------------------\n"
+printf "Are you sure you want to continue?"
+echo -n "If so, type 'request'> "
+read -r check
+
+if [ "$check" != "request" ]; then
+    echo "Exiting..."
+    exit 1
+fi
+
+for i in $(seq 1 $numberOfLongCodes); do
+    number=$(aws pinpoint-sms-voice-v2 request-phone-number \
+      --iso-country-code CA --message-type TRANSACTIONAL \
+      --number-capabilities SMS \
+      --number-type LONG_CODE \
+      | jq -r ".PhoneNumberId")
+
+    numberStatus="PENDING"
+    while [ "$numberStatus" != "\"ACTIVE\"" ]; do
+        echo "Waiting for number $number to become ACTIVE..."
+        sleep 1
+        numberStatus=$(aws pinpoint-sms-voice-v2 describe-phone-numbers \
+          --phone-number-ids $number \
+          | jq '.PhoneNumbers[0].Status')
+    done
+
+    aws pinpoint-sms-voice-v2 associate-origination-identity \
+      --pool-id $poolId \
+      --origination-identity $number \
+      --iso-country-code CA
+done