Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 2022.12.1 #232

Merged
merged 59 commits into from
Dec 19, 2022
Merged

Release 2022.12.1 #232

merged 59 commits into from
Dec 19, 2022

Conversation

angela-tran
Copy link
Member

@angela-tran angela-tran commented Dec 19, 2022
edited
Loading

This release is a follow-up to our initial deploy into production for MST Courtesy Cards.

It includes:

  • configuration of Azure Front Door to restrict the IP addresses that the server will respond to
  • downgrade of the app service plan to Basic
  • security improvements in Azure resource configuration
  • infrastructure / pipeline improvements
  • dependency updates

dependabot bot and others added 30 commits September 15, 2022 17:30
@dependabot
chore (deps): bump jwcrypto from 1.3.1 to 1.4.2
714186c 
Bumps [jwcrypto](https://github.com/latchset/jwcrypto) from 1.3.1 to 1.4.2.
- [Release notes](https://github.com/latchset/jwcrypto/releases)
- [Commits](latchset/jwcrypto@v1.3.1...v1.4.2)

---
updated-dependencies:
- dependency-name: jwcrypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore (deps): bump cryptography from 37.0.4 to 38.0.3
43ff4c2 
Bumps [cryptography](https://github.com/pyca/cryptography) from 37.0.4 to 38.0.3.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@37.0.4...38.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@afeld
fix: get devcontainer building on Apple M1 hardware
c02a5e2 
Requires a Docker setting change.
@afeld
chore (deps): bump jwcrypto from 1.3.1 to 1.4.2 (#152)
5ee5c1b
@afeld
chore (deps): bump cryptography from 37.0.4 to 38.0.3 (#168)
b1c8261
@afeld
fix(Terraform): enable purge protection on the Key Vault
e0d8747
@afeld
fix(Terraform): set the storage account minimum TLS version
18576a1
@afeld
fix(Terraform): enable HTTP/2
ae6a348
@afeld
fix(Terraform): enable better error logging
180f7ae
@afeld
fix(Terraform): change Vault retention to match current value
73687cb
@afeld
adjust various security settings in Terraform (#202)
d35d213
@afeld
fix: enable strict transport security
976c745
@afeld
fix: enable strict transport security (#201)
4952992
@afeld
fix: get devcontainer building on Apple M1 hardware (#172)
9a98c8c
@angela-tran
chore(test): remove whirlpool from hash test cases
e508661
@angela-tran
Chore(test): remove deprecated algorithm (#206)
5135cfc
@afeld
chore(Terraform): increase the lock timeout
2abda08 
Will help if multiple pipelines are running at the same time.
@afeld
chore(pipeline): clarify what the pipeline is doing
e7cbb55
@afeld
chore(pipeline): don't bother doing a Terraform plan when it's being …
1a12e0a 
…followed by an apply
@afeld
faster deploy (#205)
7be7123
@angela-tran
fix(terraform): downgrade app service plan to Basic
9a2e876 
we can upgrade if we find we're missing features
@angela-tran
Fix(terraform): downgrade app service plan (#207)
e28d096
@angela-tran
Deploy to test (#209)
fe598c9
@afeld
chore: remove unused pre-commit workflow
0e70b11 
Happened to see that the GitHub Actions workflow was "manually disabled"; since we're using pre-commit.ci, seems this isn't necessary anymore. We can always revert if we change our minds.
@afeld
chore: remove unused pre-commit workflow (#218)
5310401
@pre-commit-ci
chore(pre-commit): autoupdate hooks
67c2f51 
updates:
- [github.com/pre-commit/pre-commit-hooks: v4.3.0 → v4.4.0](pre-commit/pre-commit-hooks@v4.3.0...v4.4.0)
- [github.com/PyCQA/flake8: 5.0.4 → 6.0.0](PyCQA/flake8@5.0.4...6.0.0)
@machikoyasuda
chore(pre-commit): autoupdate hooks (#221)
8625444
@angela-tran
feat(terraform): create front door and origin group
2a0e24b
@angela-tran
refactor(terraform): simplify naming of front door resources
c4a8747 
make endpoint name more unique
@angela-tran
feat(terraform): create front door security policy
0d74b6a 
remove ip restriction blocks from app service because for app services
that integrate with a virtual network using service endpoints (such as
the CDT-hosted Benefits client), requests will be routed through Azure's
optimized backbone and will not use the app's list of outbound IP
addresses.
angela-tran and others added 24 commits December 5, 2022 20:14
@angela-tran
docs(uptime): add a comment to uptime module about access restrictions
17af406
@angela-tran
docs(terraform): add docs on access restrictions / front door
5e6f74e
@dependabot
chore(deps): bump cardinalby/export-env-action from 1 to 2
ce3b639 
Bumps [cardinalby/export-env-action](https://github.com/cardinalby/export-env-action) from 1 to 2.
- [Release notes](https://github.com/cardinalby/export-env-action/releases)
- [Commits](cardinalby/export-env-action@v1...v2)

---
updated-dependencies:
- dependency-name: cardinalby/export-env-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore (deps): bump flask-sqlalchemy from 2.5.1 to 3.0.2
0e38cc9 
Bumps [flask-sqlalchemy](https://github.com/pallets-eco/flask-sqlalchemy) from 2.5.1 to 3.0.2.
- [Release notes](https://github.com/pallets-eco/flask-sqlalchemy/releases)
- [Changelog](https://github.com/pallets-eco/flask-sqlalchemy/blob/main/CHANGES.rst)
- [Commits](pallets-eco/flask-sqlalchemy@2.5.1...3.0.2)

---
updated-dependencies:
- dependency-name: flask-sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@angela-tran
chore(terraform): change custom block response body to match status code
14a548b
@angela-tran
chore(terraform): add comment about empty load balancing block
8ed904e
@angela-tran
refactor(terraform): make healthcheck custom rule allow exact path
f9b039d
@pre-commit-ci
chore(pre-commit): autoupdate hooks
9a2f357 
updates:
- [github.com/psf/black: 22.10.0 → 22.12.0](psf/black@22.10.0...22.12.0)
@thekaveman
chore(pre-commit): autoupdate hooks (#225)
0ff4f8d
@angela-tran
Feat(Terraform): front door (#222)
caa686c
@angela-tran
fix(terraform): typo in custom rule operator
dc1ede2 
this wasn't validated in a `terraform plan`, only in `terraform apply`
@angela-tran
fix(terraform): typo in custom rule operator (#226)
da3cbf4
@angela-tran
fix(terraform): use one of the valid operators for SocketAddr
c90ab2d 
the error message from Terraform said it must use either Any, IPMatch,
or GeoMatch
@angela-tran
fix(terraform): cdn_frontdoor_domain_id expects a resource ID
4ac08e0
@angela-tran
Fix: IP restriction custom rule (#227)
0e56e37
@angela-tran
fix(db): use a more direct import to get inspect function
563c4cb
@angela-tran
chore(deps): bump cardinalby/export-env-action from 1 to 2 (#204)
4598ddf
@angela-tran
chore (deps): bump flask-sqlalchemy from 2.5.1 to 3.0.2 (#164)
4529c11
@dependabot
chore (deps): bump cryptography from 38.0.3 to 38.0.4
8b2196c 
Bumps [cryptography](https://github.com/pyca/cryptography) from 38.0.3 to 38.0.4.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@38.0.3...38.0.4)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@angela-tran
chore: remove space from prefix for dependabot's pip PRs
255e626
@angela-tran
chore (deps): bump cryptography from 38.0.3 to 38.0.4 (#219)
99850b7
@angela-tran
chore: bump version to 2022.12.1
2ff51a8
@angela-tran
Prep Release 2022.12.1 (#230)
adb52b5
@angela-tran
Deploy 2022.12.1 to test (#231)
24e360c
@angela-tran angela-tran added this to the Courtesy Cards milestone Dec 19, 2022
@angela-tran angela-tran self-assigned this Dec 19, 2022
@angela-tran angela-tran requested a review from a team as a code owner December 19, 2022 21:13
@angela-tran angela-tran mentioned this pull request Dec 19, 2022
Closed
12 tasks
@angela-tran angela-tran merged commit 6e9ecba into prod Dec 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@machikoyasuda machikoyasuda machikoyasuda approved these changes

Assignees

@angela-tran angela-tran

Labels
None yet
Projects
None yet
Milestone
Courtesy Cards
Development

Successfully merging this pull request may close these issues.
4 participants
@angela-tran @machikoyasuda @afeld @thekaveman