diff --git a/.github/workflows/ai-code-scanner.yml b/.github/workflows/ai-code-scanner.yml index 3f97959c8..9355c760f 100644 --- a/.github/workflows/ai-code-scanner.yml +++ b/.github/workflows/ai-code-scanner.yml @@ -1,14 +1,13 @@ name: AI Code Review -# Disabled the AI code reviewer for now -# on: -# pull_request: -# types: -# - opened -# - synchronize +on: + push: + branches-ignore: + - main jobs: ai_code_review: + if: contains(github.event.head_commit.message, '[review]') runs-on: ubuntu-latest steps: diff --git a/.github/workflows/backstage-catalog-helper.yml b/.github/workflows/backstage-catalog-helper.yml index 65063b67c..1a551f24c 100644 --- a/.github/workflows/backstage-catalog-helper.yml +++ b/.github/workflows/backstage-catalog-helper.yml @@ -25,7 +25,7 @@ jobs: app_id: ${{ secrets.SRE_BOT_RW_APP_ID }} private_key: ${{ secrets.SRE_BOT_RW_PRIVATE_KEY }} - name: Create pull request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@6cd32fd93684475c31847837f87bb135d40a2b79 # v7.0.3 with: token: ${{ steps.generate_token.outputs.token}} sign-commits: true diff --git a/.github/workflows/terragrunt_destroy_environment.yml b/.github/workflows/terragrunt_destroy_environment.yml index 614d3b8e0..490d8316a 100644 --- a/.github/workflows/terragrunt_destroy_environment.yml +++ b/.github/workflows/terragrunt_destroy_environment.yml @@ -221,45 +221,45 @@ jobs: cd env/dev/lambda-google-cidr terragrunt destroy --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve - terragrunt-destroy-quicksight: - if: | - always() && - - !contains(needs.*.result, 'cancelled') - runs-on: ubuntu-latest - continue-on-error: true - needs: [terragrunt-destroy-newrelic,terragrunt-destroy-lambda-google-cidr,terragrunt-destroy-sns_to_sqs_sms_callbacks,terragrunt-destroy-pinpoint_to_sqs_sms_callbacks,terragrunt-destroy-system_status,terragrunt-destroy-system_status_static_site,terragrunt-destroy-ses_to_sqs_email_callbacks] - - steps: - - name: Checkout - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + # terragrunt-destroy-quicksight: + # if: | + # always() && + + # !contains(needs.*.result, 'cancelled') + # runs-on: ubuntu-latest + # continue-on-error: true + # needs: [terragrunt-destroy-newrelic,terragrunt-destroy-lambda-google-cidr,terragrunt-destroy-sns_to_sqs_sms_callbacks,terragrunt-destroy-pinpoint_to_sqs_sms_callbacks,terragrunt-destroy-system_status,terragrunt-destroy-system_status_static_site,terragrunt-destroy-ses_to_sqs_email_callbacks] + + # steps: + # - name: Checkout + # uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - - name: setup-terraform - uses: ./.github/actions/setup-terraform - with: - role_to_assume: arn:aws:iam::800095993820:role/notification-terraform-apply - role_session_name: NotifyTerraformDestroy - - - name: Install 1Pass CLI - run: | - curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb - sudo dpkg -i 1pass.deb - - - name: terragrunt destroy vpc connection - continue-on-error: true - run: | - aws quicksight delete-vpc-connection --aws-account-id 800095993820 --vpc-connection-id $(aws quicksight list-vpc-connections --aws-account-id 800095993820 --query 'VPCConnectionSummaries[].VPCConnectionId' --output text) || true - - - name: update account settings - continue-on-error: true - run: | - aws quicksight update-account-settings --aws-account-id 800095993820 --default-namespace default --no-termination-protection-enabled - - - name: terragrunt destroy quicksight - run: | - op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - Dev"/notesPlain > /var/tmp/dev.tfvars - cd env/dev/quicksight - terragrunt destroy --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve + # - name: setup-terraform + # uses: ./.github/actions/setup-terraform + # with: + # role_to_assume: arn:aws:iam::800095993820:role/notification-terraform-apply + # role_session_name: NotifyTerraformDestroy + + # - name: Install 1Pass CLI + # run: | + # curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + # sudo dpkg -i 1pass.deb + + # - name: terragrunt destroy vpc connection + # continue-on-error: true + # run: | + # aws quicksight delete-vpc-connection --aws-account-id 800095993820 --vpc-connection-id $(aws quicksight list-vpc-connections --aws-account-id 800095993820 --query 'VPCConnectionSummaries[].VPCConnectionId' --output text) || true + + # - name: update account settings + # continue-on-error: true + # run: | + # aws quicksight update-account-settings --aws-account-id 800095993820 --default-namespace default --no-termination-protection-enabled + + # - name: terragrunt destroy quicksight + # run: | + # op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - Dev"/notesPlain > /var/tmp/dev.tfvars + # cd env/dev/quicksight + # terragrunt destroy --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve terragrunt-destroy-database-tools: @@ -268,7 +268,7 @@ jobs: !contains(needs.*.result, 'cancelled') runs-on: ubuntu-latest - needs: [terragrunt-destroy-newrelic,terragrunt-destroy-quicksight,terragrunt-destroy-lambda-google-cidr,terragrunt-destroy-sns_to_sqs_sms_callbacks,terragrunt-destroy-pinpoint_to_sqs_sms_callbacks,terragrunt-destroy-system_status,terragrunt-destroy-system_status_static_site,terragrunt-destroy-ses_to_sqs_email_callbacks] + needs: [terragrunt-destroy-newrelic,terragrunt-destroy-lambda-google-cidr,terragrunt-destroy-sns_to_sqs_sms_callbacks,terragrunt-destroy-pinpoint_to_sqs_sms_callbacks,terragrunt-destroy-system_status,terragrunt-destroy-system_status_static_site,terragrunt-destroy-ses_to_sqs_email_callbacks] steps: - name: Checkout @@ -687,4 +687,4 @@ jobs: scripts/cleanupSecurityGroups.sh op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - Dev"/notesPlain > /var/tmp/dev.tfvars cd env/dev/common - terragrunt destroy --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve \ No newline at end of file + terragrunt destroy --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve diff --git a/scripts/manage_longcodes/drain_pool.sh b/scripts/manage_longcodes/drain_pool.sh new file mode 100755 index 000000000..63d272325 --- /dev/null +++ b/scripts/manage_longcodes/drain_pool.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +# Usage: +# . drain_pool.sh + +# This script will remove and release all but one number from a Pinpoint pool + +set -e + +if [ -z "$1" ]; then + echo "Usage: . drain_pool.sh " + return +fi + +printf "\n------------------------------------------------------------\n" +printf " WARNING!!!!\n" +printf " This will delete all but one long code from a Pinpoint pool!\n" +printf " You do not want to run this or production!\n" +printf "\n------------------------------------------------------------\n" +printf "Are you sure you want to continue?" +echo -n "If so, type 'drain'> " +read -r check + +if [ "$check" != "drain" ]; then + echo "Exiting..." + exit 1 +fi + +if aws pinpoint-sms-voice-v2 describe-pools --pool-ids $1; then + numbers=$(aws pinpoint-sms-voice-v2 list-pool-origination-identities --pool-id $1 | jq -r ".OriginationIdentities[].OriginationIdentity") + read -ra numbersArray <<< $numbers # Split the string into an array + + echo "Found ${#numbersArray[@]} numbers in pool $1. Releasing all but one." + for number in ${numbersArray[@]:1}; do # Skip the first number - have to keep at least one number in the pool + echo "Releasing $number..." + aws pinpoint-sms-voice-v2 disassociate-origination-identity --iso-country-code CA --pool-id $1 --origination-identity $number + aws pinpoint-sms-voice-v2 release-phone-number --phone-number-id $number + done +else + echo "Pool $1 does not exist" +fi diff --git a/scripts/manage_longcodes/request_long_codes.sh b/scripts/manage_longcodes/request_long_codes.sh new file mode 100755 index 000000000..16550d5f8 --- /dev/null +++ b/scripts/manage_longcodes/request_long_codes.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +# Usage: +# . request_long_codes.sh numberOfLongCodes poolId + +# This script requests a number of long codes from Pinpoint SMS and assigns them to a pool + +set -e + +if [ -z "$1" ]; then + echo "Please provide the number of long codes to request" + exit 1 +fi +if [ $1 -lt 1 ]; then + echo "Number of long codes must be greater than 0" + exit 1 +fi +if [ -z "$2" ]; then + echo "Please provide the pool ID to assign the long codes to" + exit 1 +fi +if ! aws pinpoint-sms-voice-v2 describe-pools --pool-ids $2; then + echo "Pool $2 does not exist" + exit 1 +fi +numberOfLongCodes=$1 +poolId=$2 + + +printf "\n------------------------------------------------------------\n" +printf " WARNING!!!!\n" +printf " This will add new phone numbers to a Pinpoint pool\n" +printf " You might not want to run this in production!\n" +printf "\n------------------------------------------------------------\n" +printf "Are you sure you want to continue?" +echo -n "If so, type 'request'> " +read -r check + +if [ "$check" != "request" ]; then + echo "Exiting..." + exit 1 +fi + +for i in $(seq 1 $numberOfLongCodes); do + number=$(aws pinpoint-sms-voice-v2 request-phone-number \ + --iso-country-code CA --message-type TRANSACTIONAL \ + --number-capabilities SMS \ + --number-type LONG_CODE \ + | jq -r ".PhoneNumberId") + + numberStatus="PENDING" + while [ "$numberStatus" != "\"ACTIVE\"" ]; do + echo "Waiting for number $number to become ACTIVE..." + sleep 1 + numberStatus=$(aws pinpoint-sms-voice-v2 describe-phone-numbers \ + --phone-number-ids $number \ + | jq '.PhoneNumbers[0].Status') + done + + aws pinpoint-sms-voice-v2 associate-origination-identity \ + --pool-id $poolId \ + --origination-identity $number \ + --iso-country-code CA +done