Merge pull request #115 from Enterprise-CMCS/val

Release to production

.github/workflows/deploy.yml

@@ -7,10 +7,10 @@ on:
       - "!skipci*"
 
 concurrency:
-  group: ${{ github.ref_name }}-group
+  group: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}-group
 
 env:
-  STAGE_NAME: ${{ github.ref_name }}
+  STAGE_NAME: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
 
 permissions:
   id-token: write
@@ -33,7 +33,7 @@ jobs:
     needs:
       - init
     environment:
-      name: ${{ github.ref_name }}
+      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -55,7 +55,7 @@ jobs:
     needs:
       - deploy
     environment:
-      name: ${{ github.ref_name }}
+      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -77,7 +77,7 @@ jobs:
     needs:
       - deploy
     environment:
-      name: ${{ github.ref_name }}
+      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -109,7 +109,7 @@ jobs:
     needs:
       - deploy
     environment:
-      name: ${{ github.ref_name }}
+      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -138,7 +138,7 @@ jobs:
       - name: Archive stage resources
         uses: actions/upload-artifact@v3
         with:
-          name: aws-resources-${{ github.ref_name }}
+          name: aws-resources-${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
           path: resources/aws-resources.json
 
   release:

.github/workflows/destroy.yml

@@ -22,9 +22,9 @@ jobs:
       )
     runs-on: ubuntu-20.04
     environment:
-      name: ${{ inputs.environment || github.event.ref }}
+      name: ${{ inputs.environment || (startsWith(github.event.ref, 'snyk-') && 'snyk' || github.event.ref) }}
     env:
-      STAGE_NAME: ${{ inputs.environment || github.event.ref }}
+      STAGE_NAME: ${{ inputs.environment || (startsWith(github.event.ref, 'snyk-') && 'snyk' || github.event.ref) }}
     permissions:
       id-token: write
       contents: read
@@ -61,5 +61,5 @@ jobs:
       - uses: strumwolf/delete-deployment-environment@v2
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-          environment: ${{ inputs.environment || github.event.ref }}
+          environment: ${{ inputs.environment || (startsWith(github.event.ref, 'snyk-') && 'snyk' || github.event.ref) }}
           onlyRemoveDeployments: true

.github/workflows/security-group-cleanup.yml

@@ -0,0 +1,53 @@
+name: Security Group Cleanup
+
+on:
+  schedule:
+    - cron: "0 2 * * *"
+  workflow_dispatch:
+
+jobs:
+  security-group-cleanup:
+    name: Security Group Cleanup
+    runs-on: ubuntu-20.04
+
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - uses: ./.github/actions/setup # We need this largely for the PROJECT variable setting
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
+          aws-region: us-east-1
+          role-duration-seconds: 10800
+
+      - name: Clean Up Unassigned Security Groups
+        id: runningStages
+        run: |
+          # Step 1, get a list of all security groups attached to ENIs
+          inusesgs=(`aws ec2 describe-network-interfaces \
+              --query "NetworkInterfaces[].Groups[].GroupId" \
+              --output text`)
+
+          # Step 2, get a list of all security groups owned by our project.
+          allsgs=(`aws ec2 describe-security-groups \
+              --filters Name=tag:PROJECT,Values="$PROJECT" \
+              --query "SecurityGroups[].GroupId" \
+              --output text`)
+
+          # Step 3, delete any security group owned by our project that's not attached to an ENI
+          for i in "${allsgs[@]}"
+          do
+              if [[ " ${inusesgs[*]} " =~ " ${i} " ]]; then
+                  echo "Keping $i as it is in use"
+              else
+                  echo "Deleting $i as it is not in use..."
+                  aws ec2 delete-security-group --group-id $i
+              fi
+          done

.github/workflows/workspace-setup.yml

@@ -6,7 +6,7 @@ on:
     - cron: "0 10 * * SUN"
 
 concurrency:
-  group: ${{ github.ref_name }}-test-ws-setup
+  group: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}-test-ws-setup
 
 jobs:
   test:

README.md

@@ -10,8 +10,8 @@
   <a href="https://codeclimate.com/github/Enterprise-CMCS/seatool-connectors/maintainability">
     <img src="https://api.codeclimate.com/v1/badges/d23421cdd24aea696605/maintainability" />
   </a>
-  <a href="https://dependabot.com/">
-    <img alt="Dependabot" src="https://badgen.net/badge/Dependabot/enabled/green?icon=dependabot">
+  <a href="https://snyk.io/">
+    <img alt="Snyk" src="https://img.shields.io/badge/Snyk-protected-purple">
   </a>
   <a href="https://github.com/prettier/prettier">
     <img alt="code style: prettier" src="https://img.shields.io/badge/code_style-prettier-ff69b4.svg?style=flat-square">

docs/_deploy-metrics/package.json

@@ -24,7 +24,7 @@
     "react-dom": "18.2.0",
     "react-icons": "^4.8.0",
     "react-json-to-csv": "^1.2.0",
-    "recharts": "^2.2.0"
+    "recharts": "^2.11.0"
   },
   "devDependencies": {
     "@types/node": "18.11.0",