Releases: navapbc/template-infra
v0.12.4
What's Changed
This release introduces some minor improvements and bug fixes.
| Layer | Has changes | Needs migration |
|---|---|---|
| Account | ||
| Network | ||
| Build repository | ||
| Database | ||
| Service | ✅ | |
| CI/CD | ✅ |
Service layer
- 🔧 Execute event-based jobs via Step Functions to get more visibility and control by @coilysiren in #757
CI / CD
- 🐞 Fix typo in e2e testing configuration by @lamroger-nava in #748
- 🔧 Retry wait for stable service in deploy release by @KevinJBoyer in #761
New Contributors
- @lamroger-nava made their first contribution in #748
Full Changelog: v0.12.3...v0.12.4
Contributors
Assets 2
v0.12.3
What's Changed
This release helps projects set up a production release management process by adding the ability to deploy specific versions of code (as defined by a git tag, commit hash, or branch name) rather than just the HEAD of a branch
| Layer | Has changes | Needs migration |
|---|---|---|
| Account | ||
| Network | ||
| Build repository | ||
| Database | ||
| Service | ||
| CI/CD | ✅ |
CI / CD
- 🚀 Add input for which version to deploy on
Deploy Appworkflow by @doshitan in https://github.com/navapbc/template-
Tech debt and maintenance
- 🔧 Use underscores instead of dashes in Terraform file names by @lorenyu in #746 and #747
infra/pull/756 - 🔧 docs: Update broken Terraform documentation links by @doshitan in #758
Full Changelog: v0.12.2...v0.12.3
Contributors
Assets 2
v0.12.2
Summary
This release adds the ability to define scheduled jobs aka cron jobs.
It also includes a few small edge case fixes (see release notes below).
| Layer | Has changes | Needs migration |
|---|---|---|
| Account | ||
| Network | ||
| Build repository | ||
| Database | ||
| Service | ✅ | |
| CI/CD |
Service
- 🚀 Add scheduled jobs by @coilysiren in #745
- 🐞 Remove manually defined CloudWatch log resource policy to prevent hitting limit on number of temporary environments by @lorenyu in #742
- 🐞 Fix configure-aws-credentials when network_name has dashes by @lorenyu in #743
Full Changelog: v0.12.1...v0.12.2
Contributors
Assets 2
v0.12.1 ⚠️ Requires migration steps
Summary
This release:
- Fixes an issue with projects that separate their environments into different AWS accounts from being able to deploy to an environment that is in a different account than the account that contains the image repository.
- Improves developer experience by letting users log in to PR environments with the same credentials that they log into the dev environment
| Layer | Has changes | Needs migration |
|---|---|---|
| Account | ||
| Network | ||
| Build repository | ||
| Database | ||
| Service | ✅ | |
| CI/CD |
⚠️ Migration notes
Run the following command for each app and environment to upgrade the terraform aws provider to the next major version.
terraform -chdir=infra/<APP_NAME>/service init -upgrade -backend-config="<ENVIRONMENT>.s3.tfbackend"
Service
- 🐞 Fix access to build repository from different AWS account by @lorenyu in #737
- 🚀 Use existing identity provider in temporary environments by @rocketnova in #717
Tech debt and maintenance
- 🔧 Update app/service root module aws provider version to >=5.35.0 by @rocketnova in #731
Full Changelog: v0.12.0...v0.12.1
Contributors
Assets 2
v0.12.0
Summary
This release:
- 🚀 Adds an identity provider (AWS Cognito) to the service layer that can be enabled or disabled
- 🚀 Adds support for running end-to-end (e2e) tests on every PR using Playwright
Additional enhancements related to these features will be added soon.
| Layer | Has changes | Needs migration |
|---|---|---|
| Account | ||
| Network | ||
| Build repository | ||
| Database | ||
| Service | ✅ | |
| CI/CD | ✅ |
CI / CD
Service
- 🚀 Add identity provider modules by @rocketnova in #650
New Contributors
- @rylew1 made their first contribution in #694
- @coilysiren made their first contribution in #728
Full Changelog: v0.11.2...v0.12.0
Contributors
Assets 2
v0.11.2
Summary
This release:
- 🚀 Introduces a workflow that runs overnight that checks the deploy status for infrastructure changes. This is useful to ensure the infrastructure code matches what is deployed.
- 🐞 Fixes a bug that causes DB migrations to fail when adding new secret configurations to the service layer
- 🐞 Works around a bug that causes PR environment workflows to fail on repos that use GitHub Projects
| Layer | Has changes | Needs migration |
|---|---|---|
| Account | ||
| Network | ||
| Build repository | ||
| Database | ||
| Service | ||
| CI/CD | ✅ |
CI / CD
- 🚀 Add check infra deploy status workflow by @lorenyu in #682 and #707
- 🐞 Workaround GitHub CLI bug that causes PR environment workflows to fail by @lorenyu in #710
Database
Full Changelog: v0.11.1...v0.12.0
Contributors
Assets 2
v0.11.1
Summary
- Fix issue that causes Terraform plan in database layer to show a diff on a clean checkout of the repo
| Layer | Has changes | Needs migration |
|---|---|---|
| Account | ||
| Network | ||
| Build repository | ||
| Database | ✅ | |
| Service | ||
| CI/CD |
Database layer
- 🐞 Check in role manager archive by @lorenyu in #695
- Fixes issue that causes Terraform plan in database layer to show a diff on a clean checkout of the repo
Tech debt and maintenance
- Bump google.golang.org/protobuf from 1.26.0 to 1.33.0 in /template-only-test by @dependabot in #572
- Organize outputs alphabetically by @daphnegold in #687
Full Changelog: v0.11.0...v0.11.1
Contributors
Assets 2
v0.11.0 ⚠️ Requires migration steps
Summary
- 🚀 Add pull request environments
| Layer | Has changes | Needs migration |
|---|---|---|
| Account | ||
| Network | ||
| Build repository | ||
| Database | ||
| Service | ||
| CI/CD | ✅ |
⚠️ Migration notes
There is one minor breaking change:
1. Account name configuration moved from app config to network config
Each application environment is mapped to an AWS account. Previously, this was done via an account_name attribute in each application environment's <ENVIRONMENT>.tf file in infra/<APP_NAME>/app-config/. Now, to DRY things up, the application environment is now mapped to the network via the network_name attribute, and the network is mapped to the AWS account via an account_name attribute in the network configuration in infra/project-config/networks.tf. To make this migration, follow these steps:
- Remove
account_namefrom each environment config file<ENVIRONMENT>.tfin theinfra/<APP_NAME>/app-config/folder - Add
account_nameto each network config ininfra/project-config/networks.tf
This should not produce any changes in the Terraform plan for any of the infrastructure layers.
Database layer
CI/CD
Other DevEx updates
Tech debt and maintenance
⚠️ Move account_name from app config to network config by @lorenyu in #673- Change references to ${var} from $var in scripts by @daphnegold in #663
- Alphabetize variables.tf files by @daphnegold in #667 and #680
- Set up specific terraform version in deploy workflow by @lorenyu in #684
- Upgrade actions/checkout to v4 by @daphnegold in #681
Full Changelog: v0.10.0...v0.11.0
Contributors
Assets 2
v0.10.0 ⚠️ Requires migration steps
Summary
| Layer | Has changes | Needs migration |
|---|---|---|
| Account | ||
| Network | ||
| Build repository | ||
| Database | ✅ | 🚚 |
| Service |
⚠️ Migration notes
There are two minor breaking changes.
1. Major version upgrade to Postgres database
If you want to upgrade your Postgres version to the latest version (16.2), then follow the instructions in upgrade-database.md. If you are not yet ready for upgrading, revert the line of code that sets the engine_version back to your current version, and defer the upgrade to a future point.
2. Possible breaking change to how the database schema is named
For projects that have renamed the application to from app to some other string, this release is a breaking change. The database schema used to be given the same name as the app. In this release, the database schema is now hardcoded to the string "app". To avoid this breaking change, revert this line to set schema_name = var.app_name.
Database layer
- Alter default privileges for migrator to grant all privileges to app by @lorenyu in #622
⚠️ Upgrade Postgres version from 14.6 to 16.2 by @KevinJBoyer in #627- Add support for Postgres extensions that require the rds_superuser role by @KevinJBoyer in #631
- 🐞 Fix role manager print strings by @rocketnova in #640
- Refine replace trigger for installation of role manager packages by @lorenyu in #648
⚠️ Set database schema name to "app" instead of using the application name by @rocketnova in #646- Set the default app service to expect a database by @rocketnova in #485
CI/CD
Other DevEx updates
- Set non-default workspaces as temporary by @rocketnova in #649
Tech debt and maintenance
- Remove old .terraform.lock.hcl by @rocketnova in #625
- Rename internal shell variables to be lower case by @daphnegold in #629 and #633
- Eliminate .sh extension from shell scripts by @daphnegold in #635
- Remove no longer needed manual deletion in CI Infra Service Checks by @rocketnova in #668
Documentation
- Add instruction to check build repository by @lorenyu in #617
- Add infra style guide by @lorenyu in #619
- Update example to minimum Terraform version by @KevinJBoyer in #628
- Update decision log index by @KevinJBoyer in #634
- Add troubleshooting instructions to ECS Exec documentation by @tdooner in #636
- Update network docs by @KevinJBoyer in #637
- Add instructions for setting up public internet access by @lorenyu in #651
- Improve and document CI/CD auth check by @lorenyu in #657
- Document dev and test workflow using workspaces by @lorenyu in #656 and #666
- Add docs on config modules by @lorenyu in #653
New Contributors
Full Changelog: v0.9.0...v0.10.0
Contributors
Assets 2
v0.9.0 ⚠️ Requires migration steps
Summary
| Layer | Has changes | Needs migration |
|---|---|---|
| Account | ||
| Network | ✅ | |
| Build repository | ||
| Database | ||
| Service | ✅ | 🚚 |
⚠️ Migration notes
There are two minor breaking changes.
1. Breaking change to way secrets are defined in app-config in environment-variables.tf
Secrets are now defined as a map:
secrets = {
ENV_VAR_NAME = {
manage_method = "code" or "manual"
secret_store_path = "/ssm/param/name"
}
}
It was previously defined as a list:
secrets = [
{
name = "ENV_VAR_NAME",
ssm_param_name = "/ssm/param/name"
}
]
- Add new module modules/secret for generating new secrets or referencing existing secrets
- Refactor interface
To migrate:
- In app-config's environment-variables.tf, update secret definitions to use the new format.
- For secrets managed outside of the project's codebase, set manage_method = "manual"
- For secrets created within the project's codebase but defined elsewhere, move (using terraform mv) the aws_ssm_parameter to module.secret[ENV_VAR_NAME].aws_ssm_parameter.secret
For more info see: Add ability to generate secrets for the application
2. Breaking change to how the mapping from environment to account name is defined in app-config module.
Account name is now defined in each environment config (dev.tf, staging.tf, prod.tf, etc) rather than as a single account_names_by_environment map in app-config/main.tf. To migrate:
- Add a new parameter
account_nameto the env-config module call in each of your environment config files (e.g. app-config/dev.tf, app-config/staging.tf, app-config/prod.tf, etc.) - Clean up (remove) account_names_by_environment map in app-config/main.tf
For more info see: Move account name config into into env-config
New and updated functionality
Service layer
- Add support for custom domains and HTTPS by @lorenyu in #561
- Simplify secret definitions by replacing ARNs with SSM param names by @lorenyu in #563
- Add ability to generate secrets for the application by @lorenyu in #602
- Add support for ECS Exec for debugging by @rocketnova in #594
- Fix: Add ListBucket permission for storage bucket (permission needed by Django) by @lorenyu in #566
CI/CD
- DevEx: Add app and ref to build workflow run name by @lorenyu in #564
- DevEx: Support concurrent migrations for different apps by @sawyerh in #570
- DevEx: Skip build step if image already published by @lorenyu in #611
- Fix: Remove terraform -refresh-only commands (fixes issue in terraform 1.8.0 which new github actions runners use that causes -refresh-only to error when there's no state file) by @rocketnova in #586
- Fix: omitted filename change when renaming ci-app-vulnerability-scans.yml by @rocketnova in #596
- Fix: build/publish concurrency group by @lorenyu in #607
Other DevEx updates
- Derive app_name from module path by @lorenyu in #568
- makefile: Improve help target by @doshitan in #573
Tech debt and maintenance
- Bump golang.org/x/crypto from 0.0.0-20210921155107-089bfa567519 to 0.17.0 in /infra/test by @dependabot in #518
- Bump google.golang.org/grpc from 1.50.1 to 1.56.3 in /infra/test by @dependabot in #468
- makefile: Breakout make target help text from target dependencies by @doshitan in #575
- makefile: Avoid mismatched quotes in
check_definedby @doshitan in #576 - Make VPC database resources to be conditionally added only if there is a database needed in the network by @rocketnova in #590
- Pin terraform version by @rocketnova in #599
- Add AWS defaults to container definitions to produce clean tf plan by @lorenyu in #603
- Move account name config into into env-config by @lorenyu in #605
Documentation
- Clarify setup documentation by @rocketnova in #579
- Explain CI/CD flow and files by @rocketnova in #580
- Clarify main README for new users by @rocketnova in #588
- Fix typos and grammar in md files by @yoomlam in #593
- Update set-up-infrastructure-tools.md by @allthesignals in #608
New Contributors
- @doshitan made their first contribution in #573
- @allthesignals made their first contribution in #608
Full Changelog: v0.8.0...v0.9.0
