Skip to content

Commit

Permalink
Merge branch 'main' into Szymon-Wyrwiak/SEC-11179/remove-admin-rights…
Browse files Browse the repository at this point in the history
…-from-squads
  • Loading branch information
swyrwiak-cu authored Jan 30, 2024
2 parents aea3e90 + 40e242a commit 2e4a61f
Show file tree
Hide file tree
Showing 8 changed files with 261 additions and 65 deletions.
26 changes: 26 additions & 0 deletions API.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions docs/cdk-diff/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,18 +28,21 @@ Details follow.
+ oidcRoleArn: `arn:aws:iam::${core.Environment.usQa.account}:role/${name}-github-actions-role`,
+ labelToApplyWhenNoDiffPresent: 'no-changes-qa',
+ stackSearchString: 'Qa',
roleDuration: 1800, // Set this value to a desired value only if the diff workflow is expected to take longer than 900 seconds.
+ },
+ {
+ name: 'staging',
+ oidcRoleArn: `arn:aws:iam::${core.Environment.globalStaging.account}:role/${name}-github-actions-role`,
+ labelToApplyWhenNoDiffPresent: 'no-changes-staging',
+ stackSearchString: 'Staging',
roleDuration: 1800, // Set this value to a desired value only if the diff workflow is expected to take longer than 900 seconds.
+ },
+ {
+ name: 'prod',
+ oidcRoleArn: `arn:aws:iam::${core.Environment.globalProd.account}:role/${name}-github-actions-role`,
+ labelToApplyWhenNoDiffPresent: 'no-changes-prod',
+ stackSearchString: 'Prod',
roleDuration: 1800, // Set this value to a desired value only if the diff workflow is expected to take longer than 900 seconds.
+ },
+ ],
+ createOidcRoleStack: true,
Expand Down
26 changes: 26 additions & 0 deletions docs/slack-notifications/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Slack notifications

For compliance purposes we need alerts in slack for all CDK repo changes. By default, all `clickup-projen` repos will post alerts for all commits to the `main` branch of your CDK repo to the [`#eng-cdk-release-alerts` slack channel](https://clickup.enterprise.slack.com/archives/C04KH6EKMJ5).

## Customising the slack webhook channel

If you would like to customise the slack channel your repos alerts get posted to, then you can do the following:
1. Create your alert channel in slack
2. Setup a [new Slack webhook](https://api.slack.com/apps/AB50VMKMF/incoming-webhooks?) for your channel. If you don't have access to this slack app, you can ask the eng-prod or IT team to create the webhook for you and share it via 1password.
3. Add your new webhook URL to your repos action secrets with the secret name `PROJEN_RELEASE_SLACK_WEBHOOK` (it should override the organisation level secret)

## Customising the slack webhook title and body

If you would like to override the [default message title and / or body](https://github.com/time-loop/clickup-projen/blob/03ffb318426fc10d31a4267aa4143bf9000263ec/src/slack-alert.ts#L77-L82) posted in the slack alert, you can set the following configuration in your repos `.projenrc.ts`:
```
// .projenrc.ts
const project = new clickupCdk.ClickUpCdkTypeScriptApp({
...rest of props,
sendSlackWebhookOnReleaseOpts: {
messageTitle: 'My custom message title',
messageBody: 'My custom message body',
}
});
```

Then run `npx projen` and commit the changes.
8 changes: 4 additions & 4 deletions package.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 7 additions & 1 deletion src/cdk-diff-workflow.ts
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ export module cdkDiffWorkflow {
uses: 'aws-actions/configure-aws-credentials@v1',
with: {
'role-to-assume': env.oidcRoleArn,
'role-duration-seconds': 900,
'role-duration-seconds': env.roleDuration ?? 900,
'aws-region': 'us-west-2',
},
},
Expand Down Expand Up @@ -249,6 +249,12 @@ export module cdkDiffWorkflow {
* Example: `no-qa-changes`
*/
readonly labelToApplyWhenNoDiffPresent: string;

/**
* Duration in seconds for the assumed role to be valid
* Defaut value: `900`
*/
readonly roleDuration?: number;
}

export interface EnvToDiff extends BaseEnvToDiff {
Expand Down
114 changes: 114 additions & 0 deletions test/__snapshots__/cdk-diff-workflow.test.ts.snap

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

21 changes: 21 additions & 0 deletions test/cdk-diff-workflow.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,27 @@ describe('addCdkDiffWorkflowYml - cdk diff.yml file added', () => {
expect(synth['.github/workflows/cdk-diff.yml']).toMatchSnapshot();
});

test('diff with roleDuration value set', () => {
const project = new clickupCdk.ClickUpCdkTypeScriptApp({
cdkVersion: '2.91.0',
defaultReleaseBranch: 'main',
name: 'test',
});
cdkDiffWorkflow.addCdkDiffWorkflowYml(project, {
envsToDiff: [
{
name: 'qa',
oidcRoleArn: 'arn:aws:iam::123456789012:role/squad-github-actions-oidc-role-name-qa',
labelToApplyWhenNoDiffPresent: 'qa-no-changes',
stackSearchString: 'Qa',
roleDuration: 1800,
},
],
});
const synth = Testing.synth(project);
expect(synth['.github/workflows/cdk-diff.yml']).toMatchSnapshot();
});

test('node20', () => {
const project = new clickupCdk.ClickUpCdkTypeScriptApp({
cdkVersion: '2.91.0',
Expand Down
Loading

0 comments on commit 2e4a61f

Please sign in to comment.