Merge branch 'develop' into HARJA-502-insertoi-2024-lupaukset

finnishtransportagency · Sep 17, 2024 · d5ff567 · d5ff567
2 parents 95a5617 + d96e96a
commit d5ff567
Show file tree

Hide file tree

Showing 19 changed files with 589 additions and 99 deletions.
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -0,0 +1,94 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    ":dependencyDashboard",
+    ":semanticPrefixFixDepsChoreOthers",
+    ":ignoreModulesAndTests",
+    "group:monorepos",
+    "group:recommended",
+    "replacements:all",
+    "workarounds:all"
+  ],
+  "prConcurrentLimit": 5,
+  "timezone": "Europe/Helsinki",
+  "schedule": [
+    "before 8am on Tuesday"
+  ],
+  "vulnerabilityAlerts": {
+    "description": "Tekee PR:n välittömästi, mikäli Renovate havaitsee haavoittuvan kirjaston GitHubin Dependabot alerteista.",
+    "enabled": false,
+    "labels": [
+      "security"
+    ],
+    "automerge": false
+  },
+  "enabledManagers": [
+    "leiningen"
+  ],
+  "packageRules": [
+    {
+      "matchDatasources": [
+        "clojure"
+      ],
+      "description": "Lisätään default clojuren pakettilähteet ja project.clj:ssä olevat muut pakettilähteet",
+      "registryUrls": [
+        "https://repo1.maven.org/maven2/",
+        "https://repo.clojars.org/",
+        "https://repo.osgeo.org/repository/geotools-releases/",
+        "https://repo.osgeo.org/repository/release/",
+        "https://maven.atlassian.com/content/repositories/atlassian-public/"
+      ]
+    },
+    {
+      "description": "Erottele patch ja minor päivitykset Clojure ja ClojureScript kirjastoille",
+      "matchDatasources": [
+        "clojure"
+      ],
+      "matchPackageNames": [
+        "org.clojure:clojure",
+        "org.clojure:clojurescript"
+      ],
+      "separateMinorPatch": true
+    },
+    {
+      "description": "Ryhmittele org.geotools:gt-* päivitykset",
+      "matchDatasources": [
+        "clojure"
+      ],
+      "matchPackageNames": [
+        "org.geotools:gt-*"
+      ],
+      "groupName": "org.geotools"
+    },
+    {
+      "description": "Ryhmittele org.apache.poi:* päivitykset",
+      "matchDatasources": [
+        "clojure"
+      ],
+      "matchPackageNames": [
+        "org.apache.poi:*"
+      ],
+      "groupName": "org.apache.poi"
+    },
+    {
+      "description": "Ryhmittele org.apache.httpcomponents:* päivitykset",
+      "matchDatasources": [
+        "clojure"
+      ],
+      "matchPackageNames": [
+        "org.apache.httpcomponents:*"
+      ],
+      "groupName": "org.apache.httpcomponents"
+    },
+    {
+      "description": "Ryhmittele com.cognitect:transit-* päivitykset",
+      "matchDatasources": [
+        "clojure"
+      ],
+      "matchPackageNames": [
+        "com.cognitect:transit-*"
+      ],
+      "groupName": "com.cognitect:transit"
+    }
+  ]
+}
diff --git a/.github/workflows/harja_test_extra_browsers_cron.yml b/.github/workflows/harja_test_extra_browsers_cron.yml
@@ -45,6 +45,7 @@ jobs:
       e2e-tests: 'true'
       build-harja: 'light'
       # Disabloidaan kaikki muut testit
+      deps-tree: 'false'
       lint-clj: 'false'
       backend-tests: 'false'
       basic-tests: 'false'

diff --git a/.github/workflows/infra_restart_fargate_tasks.yml b/.github/workflows/infra_restart_fargate_tasks.yml
@@ -47,7 +47,7 @@ jobs:
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: "eu-west-1"
-          role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/cicd-github-harja-infra-admin"
+          role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/cicd-github-harja-app-admin"
           role-duration-seconds: 3600
           role-skip-session-tagging: true
 

diff --git a/.github/workflows/infra_shutdown_fargate_tasks.yml b/.github/workflows/infra_shutdown_fargate_tasks.yml
@@ -47,7 +47,7 @@ jobs:
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: "eu-west-1"
-          role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/cicd-github-harja-infra-admin"
+          role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/cicd-github-harja-app-admin"
           role-duration-seconds: 3600
           role-skip-session-tagging: true
 

diff --git a/.github/workflows/infra_start_fargate_tasks.yml b/.github/workflows/infra_start_fargate_tasks.yml
@@ -47,7 +47,7 @@ jobs:
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: "eu-west-1"
-          role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/cicd-github-harja-infra-admin"
+          role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/cicd-github-harja-app-admin"
           role-duration-seconds: 3600
           role-skip-session-tagging: true
 

diff --git a/.github/workflows/reusable_deploy-harja-image-to-ecs.yml b/.github/workflows/reusable_deploy-harja-image-to-ecs.yml
@@ -1,23 +1,23 @@
 # Security hardening for GitHub Actions
 # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions
 
-name: '[Reusable] Deploy Harja image to ECS'
+name: "[Reusable] Deploy Harja image to ECS"
 
 on:
   workflow_call:
     inputs:
       environment:
-        description: 'Deploymentin kohdeympäristö'
+        description: "Deploymentin kohdeympäristö"
         type: string
         required: true
       commit-sha:
-        description: 'Deploymentin commit SHA. Tämän perusteella haetaan migraatiot ja tagataan deployattava image.
-                      Inputille pitää antaa arvo ulkopuolelta selkeyden vuoksi, default arvoa ei käytetä.'
+        description: "Deploymentin commit SHA. Tämän perusteella haetaan migraatiot ja tagataan deployattava image.
+          Inputille pitää antaa arvo ulkopuolelta selkeyden vuoksi, default arvoa ei käytetä."
         type: string
         required: true
       artifact-run-id:
-        description: 'Tietyn workflowin run ID, josta build artifact haetaan ja joka deployataan kohdeympäristöön.
-                      Inputille pitää antaa arvo ulkopuolelta selkeyden vuoksi, default arvoa ei käytetä.'
+        description: "Tietyn workflowin run ID, josta build artifact haetaan ja joka deployataan kohdeympäristöön.
+          Inputille pitää antaa arvo ulkopuolelta selkeyden vuoksi, default arvoa ei käytetä."
         type: string
         required: true
     secrets:
@@ -28,7 +28,6 @@ on:
 
 run-name: Deploy to '${{ inputs.environment }}' AWS env by @${{ github.actor }}
 
-
 # Note: Each job runs in a fresh VM, so the environment is not shared between jobs.
 jobs:
   deploy-image-to-ecs:
@@ -94,8 +93,8 @@ jobs:
       - name: Assume role with OIDC
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-region: 'eu-west-1'
-          role-to-assume: 'arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/cicd-github-harja-infra-admin'
+          aws-region: "eu-west-1"
+          role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/cicd-github-harja-app-admin"
           role-duration-seconds: 3600
           role-skip-session-tagging: true
 
@@ -106,7 +105,7 @@ jobs:
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
         with:
-          mask-password: 'true'
+          mask-password: "true"
 
       - name: Build, tag and push image to ECR
         id: build-image
@@ -115,11 +114,11 @@ jobs:
           ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY_NAME }}
           # Image tag muodostetaan annetun commit SHA:n perusteella
           IMAGE_TAG: ${{ inputs.commit-sha }}
-          DOCKERFILE_PATH: 'aws/fargate/Dockerfile'
+          DOCKERFILE_PATH: "aws/fargate/Dockerfile"
         run: |
           echo "Building image with tag $IMAGE_TAG"
           docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:latest -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --file $DOCKERFILE_PATH .
-          
+
           echo "Pushing 'latest' and '${IMAGE_TAG}' tags to ECR"
           docker push --all-tags $ECR_REGISTRY/$ECR_REPOSITORY
           echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
@@ -203,4 +202,3 @@ jobs:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
           JOB_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
-
diff --git a/.github/workflows/reusable_run_app_tests.yml b/.github/workflows/reusable_run_app_tests.yml
@@ -35,6 +35,11 @@ on:
         default: 'true'
         type: string
         required: false
+      deps-tree:
+        description: 'Enabloi deps-tree job'
+        default: 'true'
+        type: string
+        required: false
       lint-clj:
         description: 'Enabloi lint-clj job'
         default: 'true'
@@ -66,6 +71,28 @@ env:
   GH_DOCKER_REGISTRY: ghcr.io
 
 jobs:
+  # Tulosta Clojure deps tree, jotta voidaan nähdä riippuuvuuksien hierarkia PR:ssä
+  deps-tree:
+    if: ${{ inputs.deps-tree == 'true' }}
+    name: "Print Clojure deps tree"
+    runs-on: ubuntu-latest
+    permissions:
+      # Contents read lupaa tarvitaan checkout actionissa
+      contents: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup clojure environment
+        uses: ./.github/actions/setup-build-env-and-tools
+
+      # https://github.com/clj-kondo/clj-kondo/blob/master/doc/ci-integration.md
+      - name: Lein deps :tree
+        continue-on-error: true
+        run: lein with-profile +pedantic-warn deps :tree
+        #run: lein with-profile +pedantic-abort deps :tree
+
   # Linter job
   lint-clj:
     if: ${{ inputs.lint-clj == 'true' }}