CMDCT-4105 Upgrading to Serverless V4 (#2536)

.env.tpl

@@ -27,3 +27,5 @@ CYPRESS_STATE_USER_2=op://mdct_devs/qmr_secrets/CYPRESS_STATE_USER_2
 CYPRESS_STATE_USER_4=op://mdct_devs/qmr_secrets/CYPRESS_STATE_USER_4
 CYPRESS_ADMIN_USER=op://mdct_devs/qmr_secrets/CYPRESS_ADMIN_USER
 CYPRESS_QMR_PASSWORD=op://mdct_devs/qmr_secrets/CYPRESS_QMR_PASSWORD # pragma: allowlist secret
+
+SERVERLESS_LICENSE_KEY=op://mdct_devs/qmr_secrets/SERVERLESS_LICENSE_KEY

.github/workflows/deploy.yml

@@ -14,6 +14,9 @@ permissions:
   contents: read
   actions: read
 
+env:
+  SERVERLESS_LICENSE_KEY: ${{ secrets.SERVERLESS_LICENSE_KEY }}
+
 jobs:
   unit-tests:
     name: Unit Tests
@@ -70,7 +73,7 @@ jobs:
           echo "<$APPLICATION_ENDPOINT>" >> $GITHUB_STEP_SUMMARY
         working-directory: services
     outputs:
-      application_endpoint: ${{ steps.endpoint.outputs.application_endpoint}}
+      application_endpoint: ${{ steps.endpoint.outputs.application_endpoint }}
       BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION: ${{ steps.set_names.outputs.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION }}
       BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME: ${{ steps.set_names.outputs.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME }}
 

.github/workflows/destroy.yml

@@ -16,6 +16,9 @@ permissions:
   contents: read
   actions: read
 
+env:
+  SERVERLESS_LICENSE_KEY: ${{ secrets.SERVERLESS_LICENSE_KEY }}
+
 jobs:
   destroy:
     # Protected branches should be designated as such in the GitHub UI.
@@ -62,7 +65,7 @@ jobs:
   # Notify the integrations channel when a destroy action fails
   notify_on_destroy_failure:
     runs-on: ubuntu-latest
-    needs: 
+    needs:
       - destroy
     if: ${{ failure() }}
     steps:

package.json

@@ -39,7 +39,7 @@
     "eslint-plugin-react": "^7.24.0",
     "eslint-plugin-react-hooks": "^2.x",
     "prettier": "^2.4.1",
-    "serverless": "^3.39.0",
+    "serverless": "^4.4.18",
     "serverless-bundle": "^6.0.0",
     "serverless-dotenv-plugin": "^4.0.0",
     "serverless-iam-helper": "github:Enterprise-CMCS/serverless-iam-helper",

run

@@ -34,7 +34,7 @@ fi
 # check serverless is installed globally.
 if ! which serverless > /dev/null ; then
 	echo "installing serverless globally"
-	yarn global add serverless@3.38.0
+	yarn global add serverless@4.4.18
 fi
 
 # have to ensure that yarn install is up to date.

services/app-api/package.json

@@ -25,7 +25,6 @@
     "aws-sdk-client-mock": "^3.0.1",
     "jest": "^27.4.7",
     "serverless-associate-waf": "^1.2.1",
-    "serverless-plugin-typescript": "^2.1.4",
     "ts-jest": "^27.1.3",
     "ts-node": "^10.7.0",
     "typescript": "^4.6.4"

services/app-api/serverless.yml

@@ -1,20 +1,18 @@
 # Refer to the README.md file in within this service directory to configure all ssm parameters required for this service.
 service: app-api
 
-frameworkVersion: "3"
+frameworkVersion: "4"
 
 package:
   individually: true
 
 plugins:
-  - serverless-plugin-typescript
   - serverless-associate-waf
   - "@enterprise-cmcs/serverless-waf-plugin"
   - serverless-offline-ssm
   - serverless-offline
   - serverless-stack-termination-protection
   - serverless-iam-helper
-  - serverless-s3-bucket-helper
   - serverless-dotenv-plugin
 
 custom:
@@ -81,8 +79,8 @@ provider:
     restApi: true
   iam:
     role:
-      path: ${ssm:/configuration/${self:custom.stage}/iam/path, ssm:/configuration/default/iam/path, "/"}
-      permissionsBoundary: ${ssm:/configuration/${self:custom.stage}/iam/permissionsBoundaryPolicy, ssm:/configuration/default/iam/permissionsBoundaryPolicy, ""}
+      path: /delegatedadmin/developer/
+      permissionsBoundary: !Sub arn:aws:iam::${AWS::AccountId}:policy/cms-cloud-admin/developer-boundary-policy
       statements:
         - Effect: "Allow"
           Action: "execute-api:Invoke"