From b3ec7f7aa3739ffb9579a0562d02c999563af407 Mon Sep 17 00:00:00 2001 From: David Sibley Date: Mon, 27 Jan 2025 11:59:34 +0000 Subject: [PATCH 1/8] update templates to use native lockfiles --- .../platform_backend.tf | 2 +- .../modernisation-platform-environments/platform_backend.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/templates/modernisation-platform-environments-isolated/platform_backend.tf b/terraform/templates/modernisation-platform-environments-isolated/platform_backend.tf index 725afa756..65159891e 100644 --- a/terraform/templates/modernisation-platform-environments-isolated/platform_backend.tf +++ b/terraform/templates/modernisation-platform-environments-isolated/platform_backend.tf @@ -5,10 +5,10 @@ terraform { backend "s3" { acl = "bucket-owner-full-control" bucket = "modernisation-platform-terraform-state" - dynamodb_table = "modernisation-platform-terraform-state-lock" encrypt = true key = "terraform.tfstate" region = "eu-west-2" + use_lockfile = true workspace_key_prefix = "environments/members/$application_name" # This will store the object as environments/members/$application_name/${workspace}/terraform.tfstate } } diff --git a/terraform/templates/modernisation-platform-environments/platform_backend.tf b/terraform/templates/modernisation-platform-environments/platform_backend.tf index 725afa756..65159891e 100644 --- a/terraform/templates/modernisation-platform-environments/platform_backend.tf +++ b/terraform/templates/modernisation-platform-environments/platform_backend.tf @@ -5,10 +5,10 @@ terraform { backend "s3" { acl = "bucket-owner-full-control" bucket = "modernisation-platform-terraform-state" - dynamodb_table = "modernisation-platform-terraform-state-lock" encrypt = true key = "terraform.tfstate" region = "eu-west-2" + use_lockfile = true workspace_key_prefix = "environments/members/$application_name" # This will store the object as environments/members/$application_name/${workspace}/terraform.tfstate } } From 7791f978e620775d7744297c4d13a47493a14719 Mon Sep 17 00:00:00 2001 From: Sukesh Date: Mon, 27 Jan 2025 16:09:22 +0000 Subject: [PATCH 2/8] Changed dates --- source/runbooks/dr-process.html.md.erb | 2 +- source/team/vision.html.md.erb | 2 +- source/user-guide/creating-environments.html.md.erb | 2 +- source/user-guide/platform-user-roles.html.md.erb | 2 +- source/user-guide/security-testing-and-ithc.html.md.erb | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/source/runbooks/dr-process.html.md.erb b/source/runbooks/dr-process.html.md.erb index 0100e7bea..8ee897256 100644 --- a/source/runbooks/dr-process.html.md.erb +++ b/source/runbooks/dr-process.html.md.erb @@ -1,7 +1,7 @@ --- owner_slack: "#modernisation-platform" title: Disaster Recovery Process -last_reviewed_on: 2024-07-24 +last_reviewed_on: 2025-01-27 review_in: 6 months --- diff --git a/source/team/vision.html.md.erb b/source/team/vision.html.md.erb index ae9262242..67c462158 100644 --- a/source/team/vision.html.md.erb +++ b/source/team/vision.html.md.erb @@ -1,7 +1,7 @@ --- owner_slack: "#modernisation-platform" title: Our vision -last_reviewed_on: 2024-10-25 +last_reviewed_on: 2025-01-27 review_in: 3 months --- diff --git a/source/user-guide/creating-environments.html.md.erb b/source/user-guide/creating-environments.html.md.erb index fa02209f0..e1eb23121 100644 --- a/source/user-guide/creating-environments.html.md.erb +++ b/source/user-guide/creating-environments.html.md.erb @@ -1,7 +1,7 @@ --- owner_slack: "#modernisation-platform" title: Creating environments in the Modernisation Platform -last_reviewed_on: 2024-07-22 +last_reviewed_on: 2025-01-27 review_in: 6 months --- diff --git a/source/user-guide/platform-user-roles.html.md.erb b/source/user-guide/platform-user-roles.html.md.erb index fb9e6f75f..0ce6a8dff 100644 --- a/source/user-guide/platform-user-roles.html.md.erb +++ b/source/user-guide/platform-user-roles.html.md.erb @@ -1,7 +1,7 @@ --- owner_slack: "#modernisation-platform" title: Platform User Roles -last_reviewed_on: 2024-07-20 +last_reviewed_on: 2025-01-27 review_in: 6 months --- diff --git a/source/user-guide/security-testing-and-ithc.html.md.erb b/source/user-guide/security-testing-and-ithc.html.md.erb index 25a12ef0b..201cc8aa5 100644 --- a/source/user-guide/security-testing-and-ithc.html.md.erb +++ b/source/user-guide/security-testing-and-ithc.html.md.erb @@ -1,7 +1,7 @@ --- owner_slack: "#modernisation-platform" title: Security Testing and ITHC -last_reviewed_on: 2024-07-25 +last_reviewed_on: 2025-01-27 review_in: 6 months --- From b5546560e22635c08c033d63e6be1b470e742275 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 28 Jan 2025 04:48:26 +0000 Subject: [PATCH 3/8] Automated code formatting fixes --- environments/sprinkler.json | 1 - 1 file changed, 1 deletion(-) diff --git a/environments/sprinkler.json b/environments/sprinkler.json index 5dd2921d9..c4a5648b3 100644 --- a/environments/sprinkler.json +++ b/environments/sprinkler.json @@ -58,4 +58,3 @@ "go-live-date": "", "github-oidc-team-repositories": [""] } - From 135d7a06a72a8447be46b10880db24aca4648459 Mon Sep 17 00:00:00 2001 From: Edward Proctor Date: Tue, 28 Jan 2025 09:16:33 +0000 Subject: [PATCH 4/8] Added lychee ignore file --- .lycheeignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .lycheeignore diff --git a/.lycheeignore b/.lycheeignore new file mode 100644 index 000000000..ba749d0c0 --- /dev/null +++ b/.lycheeignore @@ -0,0 +1 @@ +https://github.com/ministryofjustice/yjaf-infra-aws-mgmt/* \ No newline at end of file From 5ed1591c65c19e91cef6641c51c85915fb25fac3 Mon Sep 17 00:00:00 2001 From: Edward Proctor Date: Tue, 28 Jan 2025 09:17:44 +0000 Subject: [PATCH 5/8] Added lychee ignore file --- source/runbooks/yjaf-account-creation.html.md.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/runbooks/yjaf-account-creation.html.md.erb b/source/runbooks/yjaf-account-creation.html.md.erb index 7b147a68e..5f686302a 100644 --- a/source/runbooks/yjaf-account-creation.html.md.erb +++ b/source/runbooks/yjaf-account-creation.html.md.erb @@ -77,4 +77,4 @@ You will also need to set up 2FA on the account. Please ensure the device name i Any issues please let me know. ``` -13. Send email to users with new console login details. +13. Send email to users with new console login details. \ No newline at end of file From 7f64c1410316e03af6adaaa6512405bddd76af87 Mon Sep 17 00:00:00 2001 From: Edward Proctor Date: Tue, 28 Jan 2025 09:19:58 +0000 Subject: [PATCH 6/8] Added lychee ignore file --- .lycheeignore | 2 +- source/runbooks/yjaf-account-creation.html.md.erb | 2 +- source/runbooks/yjaf-delete-account.html.md.erb | 2 +- source/runbooks/yjaf-password-reset.html.md.erb | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.lycheeignore b/.lycheeignore index ba749d0c0..25b715fcf 100644 --- a/.lycheeignore +++ b/.lycheeignore @@ -1 +1 @@ -https://github.com/ministryofjustice/yjaf-infra-aws-mgmt/* \ No newline at end of file +https://github.com/ministryofjustice/yjaf-infra-aws-mgmt* \ No newline at end of file diff --git a/source/runbooks/yjaf-account-creation.html.md.erb b/source/runbooks/yjaf-account-creation.html.md.erb index 5f686302a..7b147a68e 100644 --- a/source/runbooks/yjaf-account-creation.html.md.erb +++ b/source/runbooks/yjaf-account-creation.html.md.erb @@ -77,4 +77,4 @@ You will also need to set up 2FA on the account. Please ensure the device name i Any issues please let me know. ``` -13. Send email to users with new console login details. \ No newline at end of file +13. Send email to users with new console login details. diff --git a/source/runbooks/yjaf-delete-account.html.md.erb b/source/runbooks/yjaf-delete-account.html.md.erb index 5c3319b84..723569208 100644 --- a/source/runbooks/yjaf-delete-account.html.md.erb +++ b/source/runbooks/yjaf-delete-account.html.md.erb @@ -37,4 +37,4 @@ There are two files to update: Raise a PR for changes to be reviewed by the Team. Merge changes to run automated pipelines. -Done. \ No newline at end of file +Done. diff --git a/source/runbooks/yjaf-password-reset.html.md.erb b/source/runbooks/yjaf-password-reset.html.md.erb index 5cc8248e0..60233a2ee 100644 --- a/source/runbooks/yjaf-password-reset.html.md.erb +++ b/source/runbooks/yjaf-password-reset.html.md.erb @@ -22,4 +22,4 @@ This is a manual process that is managed via the console. 7. Select the `Reset Password` option 8. Check that `Autogenerated password` is selected and tick the `User must create new password at next sign-in` 9. Click on the `Reset Password` button to generate a new password -10. Copy the autogenerated password and email it to the user \ No newline at end of file +10. Copy the autogenerated password and email it to the user From b060f6bfff8809bda9c56c0394cb68f99d1fcd32 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Jan 2025 09:39:51 +0000 Subject: [PATCH 7/8] Bump oxsecurity/megalinter from 8.4.0 to 8.4.1 Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 8.4.0 to 8.4.1. - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](https://github.com/oxsecurity/megalinter/compare/f90c800040e4f84800700b27b2394d3eecc1fdad...839e6d63c0423eb74ce2578225f8b8b4bed63ede) --- updated-dependencies: - dependency-name: oxsecurity/megalinter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/format-code.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/format-code.yml b/.github/workflows/format-code.yml index 4b4a2ab4e..65022878d 100644 --- a/.github/workflows/format-code.yml +++ b/.github/workflows/format-code.yml @@ -41,7 +41,7 @@ jobs: id: ml # You can override MegaLinter flavor used to have faster performances # More info at https://megalinter.io/flavors/ - uses: oxsecurity/megalinter/flavors/terraform@f90c800040e4f84800700b27b2394d3eecc1fdad #v8.4.0 + uses: oxsecurity/megalinter/flavors/terraform@839e6d63c0423eb74ce2578225f8b8b4bed63ede #v8.4.1 env: # All available variables are described in documentation # https://megalinter.io/configuration/#shared-variables From 5484c3a0d5ac0945340e26a9f170ca6d14b4c2e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Jan 2025 09:40:20 +0000 Subject: [PATCH 8/8] Bump github/codeql-action from 3.28.5 to 3.28.6 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.5 to 3.28.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4...17a820bf2e43b47be2c72b39cc905417bc1ab6d0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/code-scanning.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 35055c0d0..2156043e9 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -39,7 +39,7 @@ jobs: run: tflint --disable-rule=terraform_unused_declarations --format sarif > tflint.sarif - name: Upload SARIF file if: success() || failure() - uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 + uses: github/codeql-action/upload-sarif@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6 with: sarif_file: tflint.sarif trivy: @@ -64,7 +64,7 @@ jobs: - name: Upload Trivy scan results to GitHub Security tab if: success() || failure() - uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 + uses: github/codeql-action/upload-sarif@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6 with: sarif_file: 'trivy-results.sarif' checkov: @@ -92,6 +92,6 @@ jobs: skip_check: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39 - name: Upload SARIF file if: success() || failure() - uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 + uses: github/codeql-action/upload-sarif@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6 with: sarif_file: ./checkov.sarif diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index c4aabe9bb..180265a0e 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 + uses: github/codeql-action/upload-sarif@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6 with: sarif_file: results.sarif