From 885fe93abc45f0b640598c66cc413f6800ca3beb Mon Sep 17 00:00:00 2001 From: "sre-read-write[bot]" <92993749+sre-read-write[bot]@users.noreply.github.com> Date: Fri, 20 Sep 2024 15:01:27 -0400 Subject: [PATCH 1/5] chore: synced local '.github/workflows/backstage-catalog-helper.yml' with remote 'tools/sre_file_sync/backstage-catalog-helper.yml' (#1545) Co-authored-by: sre-read-write[bot] <92993749+sre-read-write[bot]@users.noreply.github.com> --- .github/workflows/backstage-catalog-helper.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/backstage-catalog-helper.yml b/.github/workflows/backstage-catalog-helper.yml index 65063b67c..1a551f24c 100644 --- a/.github/workflows/backstage-catalog-helper.yml +++ b/.github/workflows/backstage-catalog-helper.yml @@ -25,7 +25,7 @@ jobs: app_id: ${{ secrets.SRE_BOT_RW_APP_ID }} private_key: ${{ secrets.SRE_BOT_RW_PRIVATE_KEY }} - name: Create pull request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@6cd32fd93684475c31847837f87bb135d40a2b79 # v7.0.3 with: token: ${{ steps.generate_token.outputs.token}} sign-commits: true From 2262f5325ee32a8004dff8acd0955bbeaca9f44e Mon Sep 17 00:00:00 2001 From: Steve Astels Date: Mon, 23 Sep 2024 09:41:28 -0400 Subject: [PATCH 2/5] script to request long codes and add them to a pool (#1547) * script to request long codes and add them to a pool * add a script to delete numbers from a pool * add a verification step --- scripts/manage_longcodes/drain_pool.sh | 41 ++++++++++++ .../manage_longcodes/request_long_codes.sh | 64 +++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100755 scripts/manage_longcodes/drain_pool.sh create mode 100755 scripts/manage_longcodes/request_long_codes.sh diff --git a/scripts/manage_longcodes/drain_pool.sh b/scripts/manage_longcodes/drain_pool.sh new file mode 100755 index 000000000..63d272325 --- /dev/null +++ b/scripts/manage_longcodes/drain_pool.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +# Usage: +# . drain_pool.sh + +# This script will remove and release all but one number from a Pinpoint pool + +set -e + +if [ -z "$1" ]; then + echo "Usage: . drain_pool.sh " + return +fi + +printf "\n------------------------------------------------------------\n" +printf " WARNING!!!!\n" +printf " This will delete all but one long code from a Pinpoint pool!\n" +printf " You do not want to run this or production!\n" +printf "\n------------------------------------------------------------\n" +printf "Are you sure you want to continue?" +echo -n "If so, type 'drain'> " +read -r check + +if [ "$check" != "drain" ]; then + echo "Exiting..." + exit 1 +fi + +if aws pinpoint-sms-voice-v2 describe-pools --pool-ids $1; then + numbers=$(aws pinpoint-sms-voice-v2 list-pool-origination-identities --pool-id $1 | jq -r ".OriginationIdentities[].OriginationIdentity") + read -ra numbersArray <<< $numbers # Split the string into an array + + echo "Found ${#numbersArray[@]} numbers in pool $1. Releasing all but one." + for number in ${numbersArray[@]:1}; do # Skip the first number - have to keep at least one number in the pool + echo "Releasing $number..." + aws pinpoint-sms-voice-v2 disassociate-origination-identity --iso-country-code CA --pool-id $1 --origination-identity $number + aws pinpoint-sms-voice-v2 release-phone-number --phone-number-id $number + done +else + echo "Pool $1 does not exist" +fi diff --git a/scripts/manage_longcodes/request_long_codes.sh b/scripts/manage_longcodes/request_long_codes.sh new file mode 100755 index 000000000..16550d5f8 --- /dev/null +++ b/scripts/manage_longcodes/request_long_codes.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +# Usage: +# . request_long_codes.sh numberOfLongCodes poolId + +# This script requests a number of long codes from Pinpoint SMS and assigns them to a pool + +set -e + +if [ -z "$1" ]; then + echo "Please provide the number of long codes to request" + exit 1 +fi +if [ $1 -lt 1 ]; then + echo "Number of long codes must be greater than 0" + exit 1 +fi +if [ -z "$2" ]; then + echo "Please provide the pool ID to assign the long codes to" + exit 1 +fi +if ! aws pinpoint-sms-voice-v2 describe-pools --pool-ids $2; then + echo "Pool $2 does not exist" + exit 1 +fi +numberOfLongCodes=$1 +poolId=$2 + + +printf "\n------------------------------------------------------------\n" +printf " WARNING!!!!\n" +printf " This will add new phone numbers to a Pinpoint pool\n" +printf " You might not want to run this in production!\n" +printf "\n------------------------------------------------------------\n" +printf "Are you sure you want to continue?" +echo -n "If so, type 'request'> " +read -r check + +if [ "$check" != "request" ]; then + echo "Exiting..." + exit 1 +fi + +for i in $(seq 1 $numberOfLongCodes); do + number=$(aws pinpoint-sms-voice-v2 request-phone-number \ + --iso-country-code CA --message-type TRANSACTIONAL \ + --number-capabilities SMS \ + --number-type LONG_CODE \ + | jq -r ".PhoneNumberId") + + numberStatus="PENDING" + while [ "$numberStatus" != "\"ACTIVE\"" ]; do + echo "Waiting for number $number to become ACTIVE..." + sleep 1 + numberStatus=$(aws pinpoint-sms-voice-v2 describe-phone-numbers \ + --phone-number-ids $number \ + | jq '.PhoneNumbers[0].Status') + done + + aws pinpoint-sms-voice-v2 associate-origination-identity \ + --pool-id $poolId \ + --origination-identity $number \ + --iso-country-code CA +done From 8b172aa3118c7641a088798e3fa1a426dfb1b59d Mon Sep 17 00:00:00 2001 From: Mike Pond <32133001+P0NDER0SA@users.noreply.github.com> Date: Mon, 23 Sep 2024 09:51:18 -0400 Subject: [PATCH 3/5] updating kube (#1548) --- env/dev/eks/terragrunt.hcl | 4 ++-- env/staging/eks/terragrunt.hcl | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/env/dev/eks/terragrunt.hcl b/env/dev/eks/terragrunt.hcl index 6378ab752..f4d4533df 100644 --- a/env/dev/eks/terragrunt.hcl +++ b/env/dev/eks/terragrunt.hcl @@ -108,8 +108,8 @@ inputs = { eks_addon_kube_proxy_version = "v1.30.0-eksbuild.3" eks_addon_vpc_cni_version = "v1.18.1-eksbuild.3" eks_addon_ebs_driver_version = "v1.31.0-eksbuild.1" - eks_node_ami_version = "1.30.2-20240904" - eks_karpenter_ami_id = "ami-044d9a1702f61f5c3" + eks_node_ami_version = "1.30.4-20240917" + eks_karpenter_ami_id = "ami-0d94e40728580643b" non_api_waf_rate_limit = 500 api_waf_rate_limit = 5000 sign_in_waf_rate_limit = 100 diff --git a/env/staging/eks/terragrunt.hcl b/env/staging/eks/terragrunt.hcl index fe7985e81..a4f4d7103 100644 --- a/env/staging/eks/terragrunt.hcl +++ b/env/staging/eks/terragrunt.hcl @@ -114,8 +114,8 @@ inputs = { eks_addon_kube_proxy_version = "v1.30.0-eksbuild.3" eks_addon_vpc_cni_version = "v1.18.1-eksbuild.3" eks_addon_ebs_driver_version = "v1.31.0-eksbuild.1" - eks_node_ami_version = "1.30.2-20240904" - eks_karpenter_ami_id = "ami-044d9a1702f61f5c3" + eks_node_ami_version = "1.30.4-20240917" + eks_karpenter_ami_id = "ami-0d94e40728580643b" non_api_waf_rate_limit = 500 api_waf_rate_limit = 30000 sign_in_waf_rate_limit = 100 From 7f795737dad9f240c8b430c71010c100a1ccfd10 Mon Sep 17 00:00:00 2001 From: Mike Pond <32133001+P0NDER0SA@users.noreply.github.com> Date: Mon, 23 Sep 2024 14:21:16 -0400 Subject: [PATCH 4/5] Update terragrunt_destroy_environment.yml (#1552) commenting out the quicksight portion because it has been causing too many problems --- .../terragrunt_destroy_environment.yml | 80 +++++++++---------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/.github/workflows/terragrunt_destroy_environment.yml b/.github/workflows/terragrunt_destroy_environment.yml index 614d3b8e0..490d8316a 100644 --- a/.github/workflows/terragrunt_destroy_environment.yml +++ b/.github/workflows/terragrunt_destroy_environment.yml @@ -221,45 +221,45 @@ jobs: cd env/dev/lambda-google-cidr terragrunt destroy --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve - terragrunt-destroy-quicksight: - if: | - always() && - - !contains(needs.*.result, 'cancelled') - runs-on: ubuntu-latest - continue-on-error: true - needs: [terragrunt-destroy-newrelic,terragrunt-destroy-lambda-google-cidr,terragrunt-destroy-sns_to_sqs_sms_callbacks,terragrunt-destroy-pinpoint_to_sqs_sms_callbacks,terragrunt-destroy-system_status,terragrunt-destroy-system_status_static_site,terragrunt-destroy-ses_to_sqs_email_callbacks] - - steps: - - name: Checkout - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + # terragrunt-destroy-quicksight: + # if: | + # always() && + + # !contains(needs.*.result, 'cancelled') + # runs-on: ubuntu-latest + # continue-on-error: true + # needs: [terragrunt-destroy-newrelic,terragrunt-destroy-lambda-google-cidr,terragrunt-destroy-sns_to_sqs_sms_callbacks,terragrunt-destroy-pinpoint_to_sqs_sms_callbacks,terragrunt-destroy-system_status,terragrunt-destroy-system_status_static_site,terragrunt-destroy-ses_to_sqs_email_callbacks] + + # steps: + # - name: Checkout + # uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - - name: setup-terraform - uses: ./.github/actions/setup-terraform - with: - role_to_assume: arn:aws:iam::800095993820:role/notification-terraform-apply - role_session_name: NotifyTerraformDestroy - - - name: Install 1Pass CLI - run: | - curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb - sudo dpkg -i 1pass.deb - - - name: terragrunt destroy vpc connection - continue-on-error: true - run: | - aws quicksight delete-vpc-connection --aws-account-id 800095993820 --vpc-connection-id $(aws quicksight list-vpc-connections --aws-account-id 800095993820 --query 'VPCConnectionSummaries[].VPCConnectionId' --output text) || true - - - name: update account settings - continue-on-error: true - run: | - aws quicksight update-account-settings --aws-account-id 800095993820 --default-namespace default --no-termination-protection-enabled - - - name: terragrunt destroy quicksight - run: | - op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - Dev"/notesPlain > /var/tmp/dev.tfvars - cd env/dev/quicksight - terragrunt destroy --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve + # - name: setup-terraform + # uses: ./.github/actions/setup-terraform + # with: + # role_to_assume: arn:aws:iam::800095993820:role/notification-terraform-apply + # role_session_name: NotifyTerraformDestroy + + # - name: Install 1Pass CLI + # run: | + # curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + # sudo dpkg -i 1pass.deb + + # - name: terragrunt destroy vpc connection + # continue-on-error: true + # run: | + # aws quicksight delete-vpc-connection --aws-account-id 800095993820 --vpc-connection-id $(aws quicksight list-vpc-connections --aws-account-id 800095993820 --query 'VPCConnectionSummaries[].VPCConnectionId' --output text) || true + + # - name: update account settings + # continue-on-error: true + # run: | + # aws quicksight update-account-settings --aws-account-id 800095993820 --default-namespace default --no-termination-protection-enabled + + # - name: terragrunt destroy quicksight + # run: | + # op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - Dev"/notesPlain > /var/tmp/dev.tfvars + # cd env/dev/quicksight + # terragrunt destroy --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve terragrunt-destroy-database-tools: @@ -268,7 +268,7 @@ jobs: !contains(needs.*.result, 'cancelled') runs-on: ubuntu-latest - needs: [terragrunt-destroy-newrelic,terragrunt-destroy-quicksight,terragrunt-destroy-lambda-google-cidr,terragrunt-destroy-sns_to_sqs_sms_callbacks,terragrunt-destroy-pinpoint_to_sqs_sms_callbacks,terragrunt-destroy-system_status,terragrunt-destroy-system_status_static_site,terragrunt-destroy-ses_to_sqs_email_callbacks] + needs: [terragrunt-destroy-newrelic,terragrunt-destroy-lambda-google-cidr,terragrunt-destroy-sns_to_sqs_sms_callbacks,terragrunt-destroy-pinpoint_to_sqs_sms_callbacks,terragrunt-destroy-system_status,terragrunt-destroy-system_status_static_site,terragrunt-destroy-ses_to_sqs_email_callbacks] steps: - name: Checkout @@ -687,4 +687,4 @@ jobs: scripts/cleanupSecurityGroups.sh op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - Dev"/notesPlain > /var/tmp/dev.tfvars cd env/dev/common - terragrunt destroy --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve \ No newline at end of file + terragrunt destroy --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve From 0ca543e56bb467347f3180f343d59ac2133af2da Mon Sep 17 00:00:00 2001 From: Jimmy Royer Date: Mon, 23 Sep 2024 15:17:22 -0400 Subject: [PATCH 5/5] Re-enable the code review bot but on push gh event. (#1549) --- .github/workflows/ai-code-scanner.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ai-code-scanner.yml b/.github/workflows/ai-code-scanner.yml index 3f97959c8..9355c760f 100644 --- a/.github/workflows/ai-code-scanner.yml +++ b/.github/workflows/ai-code-scanner.yml @@ -1,14 +1,13 @@ name: AI Code Review -# Disabled the AI code reviewer for now -# on: -# pull_request: -# types: -# - opened -# - synchronize +on: + push: + branches-ignore: + - main jobs: ai_code_review: + if: contains(github.event.head_commit.message, '[review]') runs-on: ubuntu-latest steps: