[MCR] Upgrade to Serverless V4 (#12023)

.env.tpl

@@ -48,3 +48,5 @@ TEST_STATE_USER_EMAIL=op://mdct_devs/mcr_secrets/CYPRESS_STATE_USER_EMAIL
 TEST_STATE_USER_PASSWORD=op://mdct_devs/mcr_secrets/CYPRESS_STATE_USER_PASSWORD # pragma: allowlist secret
 TEST_STATE=DC
 TEST_STATE_NAME="District of Columbia"
+
+SERVERLESS_LICENSE_KEY=op://mdct_devs/mcr_secrets/SERVERLESS_LICENSE_KEY

.github/workflows/deploy.yml

@@ -15,6 +15,9 @@ permissions:
   pages: write
   actions: read
 
+env:
+  SERVERLESS_LICENSE_KEY: ${{ secrets.SERVERLESS_LICENSE_KEY }}
+
 jobs:
   unit-tests:
     name: Unit Tests
@@ -201,12 +204,11 @@ jobs:
 
     outputs:
       ipset_name: ${{ steps.fetch-ip-set-info.outputs.IPSET_NAME }}
-      ipset_id: ${{ steps.fetch-ip-set-info.outputs.IPSET_ID }} 
-
+      ipset_id: ${{ steps.fetch-ip-set-info.outputs.IPSET_ID }}
 
   e2e-test:
     name: E2E Integration Tests
-    needs: 
+    needs:
       - deploy
       - register-runner
     if: ${{ always() && !cancelled() && needs.deploy.result == 'success' && github.ref_name != 'production' }}
@@ -243,10 +245,9 @@ jobs:
             ${{github.workspace}}/tests/cypress/videos/
           retention-days: 14
 
-
   a11y-tests:
     name: E2E A11y Tests
-    needs: 
+    needs:
       - deploy
       - register-runner
     if: ${{ always() && !cancelled() && needs.deploy.result == 'success' && github.ref_name != 'production' }}
@@ -279,7 +280,7 @@ jobs:
             ${{github.workspace}}/tests/cypress/screenshots/
             ${{github.workspace}}/tests/cypress/videos/
           retention-days: 14
-  
+
   test:
     name: Playwright Tests
     needs:
@@ -404,4 +405,4 @@ jobs:
         run: ./.github/waf-controller.sh set ${{ needs.register-runner.outputs.ipset_name }} ${{ needs.register-runner.outputs.ipset_id }} '[]'
         env:
           AWS_RETRY_MODE: adaptive
-          AWS_MAX_ATTEMPTS: 10
+          AWS_MAX_ATTEMPTS: 10

.gitignore

@@ -23,3 +23,4 @@ tests/test-results/
 tests/playwright-report/
 tests/playwright/.cache/
 .auth/
+/.serverless

package.json

@@ -54,14 +54,12 @@
     "eslint-plugin-react-hooks": "^4.6.0",
     "jest-environment-jsdom": "^29.7.0",
     "prettier": "^2.4.1",
-    "serverless": "^3.39.0",
-    "serverless-bundle": "^6.0.0",
+    "serverless": "^4.4.18",
     "serverless-cloudfront-invalidate": "^1.11.0",
     "serverless-dotenv-plugin": "^3.0.0",
     "serverless-iam-helper": "github:Enterprise-CMCS/serverless-iam-helper",
-    "serverless-offline": "^13.5.0",
+    "serverless-offline": "^14.4.0",
     "serverless-plugin-scripts": "^1.0.2",
-    "serverless-s3-bucket-helper": "github:Enterprise-CMCS/serverless-s3-bucket-helper#master",
     "serverless-s3-sync": "^3.2.0",
     "serverless-stack-termination-protection": "^2.0.2",
     "typescript": "^4.6.3",

run

@@ -32,9 +32,9 @@ if ! which yarn > /dev/null ; then
 fi
 
 # check serverless is installed globally.
-if ! which serverless > /dev/null ; then
-    echo "installing serverless globally"
-    yarn global add serverless@3.38.0
+if ! which serverless > /dev/null || [[ "$(serverless --version | cut -d'.' -f1)" != "4" ]]; then
+    echo "installing serverless v4 globally"
+    yarn global add serverless@4.4.18
 fi
 
 # have to ensure that yarn install is up to date.

services/app-api/package.json

@@ -6,8 +6,7 @@
   "scripts": {
     "coverage": "jest --coverage",
     "test": "jest",
-    "test-watch": "jest --watch",
-    "test-serverless": "serverless-bundle test"
+    "test-watch": "jest --watch"
   },
   "author": "",
   "license": "CC0-1.0",
@@ -25,8 +24,6 @@
     "jest": "^27.4.7",
     "serverless-associate-waf": "^1.2.1",
     "serverless-plugin-common-excludes": "^4.0.0",
-    "serverless-plugin-include-dependencies": "^5.1.0",
-    "serverless-plugin-typescript": "^2.1.4",
     "ts-jest": "^27.1.3",
     "typescript": "^4.5.4"
   },

services/app-api/serverless.yml

@@ -1,36 +1,30 @@
 # Refer to the README.md file in within this service directory to configure all ssm parameters required for this service.
 service: app-api
 
-frameworkVersion: "3"
+frameworkVersion: "4"
 
 package:
   individually: true
-  patterns:
-    - node_modules/**
+
+build:
+  esbuild:
+    packages: external
 
 plugins:
-  - serverless-plugin-typescript
   - serverless-dotenv-plugin
   - serverless-associate-waf
   - "@enterprise-cmcs/serverless-waf-plugin"
   - serverless-stack-termination-protection
   - serverless-iam-helper
-  - serverless-s3-bucket-helper
   - serverless-offline
   - serverless-plugin-common-excludes # this should go before serverless-plugin-include-dependencies
-  - serverless-plugin-include-dependencies
-
-s3BucketHelper:
-  loggingConfiguration:
-    destinationBucketName: ${env:LOGGING_BUCKET, ssm:/configuration/${self:custom.stage}/s3/accessLogsBucket, ssm:/configuration/default/s3/accessLogsBucket}
-    logFilePrefix: ${env:LOGGING_BUCKET, ssm:/configuration/${self:custom.stage}/s3/accessLogsPrefix, ssm:/configuration/default/s3/accessLogsPrefix}
 
 custom:
   project: "mcr"
   serverlessPluginTypescript:
     tsConfigFileLocation: "./tsconfig.json"
   stage: ${sls:stage}
-  region: ${aws:region}
+  region: ${self:provider.region}
   wafPlugin:
     name: ${self:service}-${self:custom.stage}-webacl-waf
   wafExcludeRules:
@@ -80,15 +74,15 @@ provider:
   region: us-east-1
   stackTags:
     PROJECT: ${self:custom.project}
-    SERVICE: ${self:service}  
+    SERVICE: ${self:service}
   tracing:
     apiGateway: true
   logs:
     restApi: true
   iam:
     role:
-      path: ${env:IAM_PATH, ssm:/configuration/${self:custom.stage}/iam/path, ssm:/configuration/default/iam/path, "/"}
-      permissionsBoundary: ${env:IAM_PERMISSIONS_BOUNDARY, ssm:/configuration/${self:custom.stage}/iam/permissionsBoundaryPolicy, ssm:/configuration/default/iam/permissionsBoundaryPolicy, ""}
+      path: /delegatedadmin/developer/
+      permissionsBoundary: !Sub arn:aws:iam::${AWS::AccountId}:policy/cms-cloud-admin/developer-boundary-policy
       statements:
         - Effect: "Allow"
           Action: