carlin 0.19.16 → 0.20.2

package/CHANGELOG.md

@@ -3,6 +3,35 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [0.20.2](https://github.com/ttoss/carlin/compare/v0.20.1...v0.20.2) (2022-02-01)
+
+### Bug Fixes
+
+- update actions iam ([0fe5300](https://github.com/ttoss/carlin/commit/0fe53000c541d56e9d410853551bacbcb326a92c))
+
+## [0.20.1](https://github.com/ttoss/carlin/compare/v0.20.0...v0.20.1) (2022-02-01)
+
+### Bug Fixes
+
+- update actions iam ([4ff073f](https://github.com/ttoss/carlin/commit/4ff073f6067ca20994c9af892d0c4aa62c2c2b90))
+- update actions iam ([b5dd158](https://github.com/ttoss/carlin/commit/b5dd158ec992720e33b1c98baff495962a9e3481))
+
+# [0.20.0](https://github.com/ttoss/carlin/compare/v0.19.17...v0.20.0) (2022-02-01)
+
+### Bug Fixes
+
+- update cloudfront protocol ([13678cd](https://github.com/ttoss/carlin/commit/13678cd3551924aa47d72ec322ea3d8c0e0502bc))
+
+### Features
+
+- add tags to ecs report ([d0bf69d](https://github.com/ttoss/carlin/commit/d0bf69d82a737053a539356d8ba7afba966dacc3))
+
+## [0.19.17](https://github.com/ttoss/carlin/compare/v0.19.16...v0.19.17) (2022-01-24)
+
+### Bug Fixes
+
+- pipelines commands ([1c01d40](https://github.com/ttoss/carlin/commit/1c01d4077ae6fc9fc1ab6a565c0d08b50a575664))
+
 ## [0.19.16](https://github.com/ttoss/carlin/compare/v0.19.15...v0.19.16) (2022-01-04)
 
 ### Bug Fixes

package/dist/deploy/cicd/cicd.template.js

@@ -311,7 +311,8 @@ const getCicdTemplate = ({ pipelines = [], cpu = config_2.ECS_TASK_DEFAULT_CPU,
                 ],
             },
         };
-        resources[exports.REPOSITORY_IMAGE_CODE_BUILD_PROJECT_LOGICAL_ID] = exports.getRepositoryImageBuilder();
+        resources[exports.REPOSITORY_IMAGE_CODE_BUILD_PROJECT_LOGICAL_ID] =
+            exports.getRepositoryImageBuilder();
     })();
     const createApiResources = () => {
         resources[exports.API_LOGICAL_ID] = {
@@ -376,6 +377,11 @@ const getCicdTemplate = ({ pipelines = [], cpu = config_2.ECS_TASK_DEFAULT_CPU,
                                         },
                                     ],
                                 },
+                                {
+                                    Effect: 'Allow',
+                                    Action: ['ecs:DescribeTasks'],
+                                    Resource: '*',
+                                },
                                 {
                                     Effect: 'Allow',
                                     Action: ['ecs:RunTask'],
@@ -517,27 +523,28 @@ const getCicdTemplate = ({ pipelines = [], cpu = config_2.ECS_TASK_DEFAULT_CPU,
         /**
          * Used to start the container.
          */
-        resources[exports.REPOSITORY_TASKS_ECS_TASK_DEFINITION_EXECUTION_ROLE_LOGICAL_ID] = {
-            Type: 'AWS::IAM::Role',
-            Properties: {
-                AssumeRolePolicyDocument: {
-                    Version: '2012-10-17',
-                    Statement: [
-                        {
-                            Effect: 'Allow',
-                            Principal: {
-                                Service: 'ecs-tasks.amazonaws.com',
+        resources[exports.REPOSITORY_TASKS_ECS_TASK_DEFINITION_EXECUTION_ROLE_LOGICAL_ID] =
+            {
+                Type: 'AWS::IAM::Role',
+                Properties: {
+                    AssumeRolePolicyDocument: {
+                        Version: '2012-10-17',
+                        Statement: [
+                            {
+                                Effect: 'Allow',
+                                Principal: {
+                                    Service: 'ecs-tasks.amazonaws.com',
+                                },
+                                Action: 'sts:AssumeRole',
                             },
-                            Action: 'sts:AssumeRole',
-                        },
+                        ],
+                    },
+                    ManagedPolicyArns: [
+                        'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy',
                     ],
+                    Path: utils_1.getIamPath(),
                 },
-                ManagedPolicyArns: [
-                    'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy',
-                ],
-                Path: utils_1.getIamPath(),
-            },
-        };
+            };
         /**
          * Used inside de container execution.
          */

package/dist/deploy/cicd/lambdas/ecsTaskReport.handler.js

@@ -1,13 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ecsTaskReportHandler = exports.getEcsTaskLogsUrl = void 0;
+exports.ecsTaskReportHandler = exports.getEcsTaskTags = exports.getEcsTaskLogsUrl = void 0;
 const webhook_1 = require("@slack/webhook");
+const aws_sdk_1 = require("aws-sdk");
 const putApprovalResultManualTask_1 = require("./putApprovalResultManualTask");
-const getEcsTaskLogsUrl = ({ ecsTaskArn }) => {
-    if (!process.env.ECS_TASK_CONTAINER_NAME ||
-        !process.env.ECS_TASK_LOGS_LOG_GROUP) {
-        return undefined;
-    }
+const ecs = new aws_sdk_1.ECS({ apiVersion: '2014-11-13' });
+const getEcsTaskId = ({ ecsTaskArn }) => {
     /**
      * Arn has the following format:
      * arn:aws:ecs:us-east-1:483684946879:task/CarlinCicdCarlinMonorepo-RepositoryTasksECSCluster-1J6saGT91hCr/6fcc78682de442ae89a0b7339ac7d981
@@ -15,6 +13,24 @@ const getEcsTaskLogsUrl = ({ ecsTaskArn }) => {
      * We want the "6fcc78682de442ae89a0b7339ac7d981" part.
      */
     const ecsTaskId = ecsTaskArn.split('/')[2];
+    return ecsTaskId;
+};
+const getEcsTaskCluster = ({ ecsTaskArn }) => {
+    /**
+     * Arn has the following format:
+     * arn:aws:ecs:us-east-1:483684946879:task/CarlinCicdCarlinMonorepo-RepositoryTasksECSCluster-1J6saGT91hCr/6fcc78682de442ae89a0b7339ac7d981
+     *
+     * We want the "CarlinCicdCarlinMonorepo-RepositoryTasksECSCluster-1J6saGT91hCr" part.
+     */
+    const ecsTaskCluster = ecsTaskArn.split('/')[1];
+    return ecsTaskCluster;
+};
+const getEcsTaskLogsUrl = ({ ecsTaskArn }) => {
+    if (!process.env.ECS_TASK_CONTAINER_NAME ||
+        !process.env.ECS_TASK_LOGS_LOG_GROUP) {
+        return undefined;
+    }
+    const ecsTaskId = getEcsTaskId({ ecsTaskArn });
     const ecsTaskLogsUrl = new URL([
         /**
          * https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-runtime
@@ -30,6 +46,23 @@ const getEcsTaskLogsUrl = ({ ecsTaskArn }) => {
     return ecsTaskLogsUrl.href;
 };
 exports.getEcsTaskLogsUrl = getEcsTaskLogsUrl;
+const getEcsTaskTags = async ({ ecsTaskArn, }) => {
+    try {
+        const cluster = getEcsTaskCluster({ ecsTaskArn });
+        const { tasks } = await ecs
+            .describeTasks({ cluster, include: ['TAGS'], tasks: [ecsTaskArn] })
+            .promise();
+        const task = tasks === null || tasks === void 0 ? void 0 : tasks[0];
+        if (!task) {
+            return undefined;
+        }
+        return task.tags;
+    }
+    catch (_a) {
+        return undefined;
+    }
+};
+exports.getEcsTaskTags = getEcsTaskTags;
 /**
  * This method is invoked when an ECS task is executed and the success or
  * failure commands calls `carlin cicd-ecs-task-report --status=<status>`.
@@ -47,6 +80,7 @@ const ecsTaskReportHandler = async ({ ecsTaskArn, status, pipelineName, }) => {
             });
         }
     };
+    const ecsTaskTags = ecsTaskArn && (await exports.getEcsTaskTags({ ecsTaskArn }));
     const handleStackNotification = async () => {
         /**
          * Do not send a notification if the task was main pipeline with tag.
@@ -79,6 +113,7 @@ const ecsTaskReportHandler = async ({ ecsTaskArn, status, pipelineName, }) => {
                         text: `\`\`\`${JSON.stringify({
                             status,
                             pipelineName,
+                            ecsTaskTags,
                         }, null, 2)}\`\`\``,
                     },
                 },

package/dist/deploy/cicd/pipelines.js

@@ -1,8 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getTagCommands = exports.getMainCommands = exports.getClosedPrCommands = exports.getPrCommands = exports.pipelines = void 0;
+exports.getTagCommands = exports.getMainCommands = exports.getClosedPrCommands = exports.getPrCommands = exports.getCommandFileDir = exports.pipelines = void 0;
 exports.pipelines = ['pr', 'main', 'tag'];
-const executeCommandFile = (pipeline) => `chmod +x ./cicd/commands/${pipeline} && ./cicd/commands/${pipeline}`;
+const getCommandFileDir = (pipeline) => `./cicd/commands/${pipeline}`;
+exports.getCommandFileDir = getCommandFileDir;
 const getPrCommands = ({ branch }) => [
     'set -e',
     'git status',
@@ -16,7 +17,7 @@ const getPrCommands = ({ branch }) => [
     'git rev-parse HEAD',
     'git status',
     'yarn',
-    executeCommandFile('pr'),
+    `sh -e ${exports.getCommandFileDir('pr')}`,
 ];
 exports.getPrCommands = getPrCommands;
 const getClosedPrCommands = ({ branch }) => [
@@ -28,7 +29,7 @@ const getClosedPrCommands = ({ branch }) => [
     'git pull origin main',
     'git rev-parse HEAD',
     `export CARLIN_BRANCH=${branch}`,
-    executeCommandFile('closed-pr'),
+    `sh ${exports.getCommandFileDir('closed-pr')} || true`,
 ];
 exports.getClosedPrCommands = getClosedPrCommands;
 const getMainCommands = () => [
@@ -43,7 +44,7 @@ const getMainCommands = () => [
      */
     'if git describe --exact-match; then echo "Tag found" && carlin cicd-ecs-task-report --status=MainTagFound && exit 0; fi',
     'yarn',
-    executeCommandFile('main'),
+    `sh -e ${exports.getCommandFileDir('main')}`,
 ];
 exports.getMainCommands = getMainCommands;
 const getTagCommands = ({ tag }) => [
@@ -54,6 +55,6 @@ const getTagCommands = ({ tag }) => [
     `git checkout tags/${tag} -b ${tag}-branch`,
     'git rev-parse HEAD',
     'yarn',
-    executeCommandFile('tag'),
+    `sh -e ${exports.getCommandFileDir('tag')}`,
 ];
 exports.getTagCommands = getTagCommands;

package/dist/deploy/staticApp/staticApp.template.js

@@ -777,6 +777,12 @@ const getCloudFrontTemplate = ({ acm, aliases, cloudfront, gtmId, csp, spa, host
         },
     };
     if (acm) {
+        const acmRegex = /^arn:aws:acm:[-a-z0-9]+:\d{12}:certificate\/[-a-z0-9]+$/;
+        const acmCertificateArn = acmRegex.test(acm)
+            ? acm
+            : {
+                'Fn::ImportValue': acm,
+            };
         /**
          * Add ACM to CloudFront template.
          */
@@ -785,11 +791,11 @@ const getCloudFrontTemplate = ({ acm, aliases, cloudfront, gtmId, csp, spa, host
                 .DistributionConfig,
             Aliases: aliases || { Ref: 'AWS::NoValue' },
             ViewerCertificate: {
-                AcmCertificateArn: /^arn:aws:acm:[-a-z0-9]+:\d{12}:certificate\/[-a-z0-9]+$/.test(acm)
-                    ? acm
-                    : {
-                        'Fn::ImportValue': acm,
-                    },
+                AcmCertificateArn: acmCertificateArn,
+                /**
+                 * AWS CloudFront recommendation.
+                 */
+                MinimumProtocolVersion: 'TLSv1.2_2021',
                 SslSupportMethod: 'sni-only',
             },
         };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "carlin",
-  "version": "0.19.16",
+  "version": "0.20.2",
   "description": "",
   "main": "dist/index.js",
   "scripts": {