fix: korjaa tuotannon asennuskomennot, jotta muisti ei loppuisi kesken (

#553)
finnishtransportagency · Jan 26, 2023 · f733c76 · f733c76
1 parent 0e74787
commit f733c76
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 14 deletions.
diff --git a/deployment/bin/checkoutBranch.sh b/deployment/bin/checkoutBranch.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+# CodeBuildissa git on "detached head"-tilassa, jolloin semantic-release ei osaa tehdä release noteseja oikein, eikä osaa lisätä versiotagia
+if [ "$ENVIRONMENT" = "test" ] || [ "$ENVIRONMENT" = "training" ] || [ "$ENVIRONMENT" = "prod" ]; then
+  git checkout "$ENVIRONMENT"
+fi
diff --git a/deployment/lib/buildspec/buildspec-feature.yml b/deployment/lib/buildspec/buildspec-feature.yml
@@ -10,13 +10,14 @@ phases:
       - aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin 283563576583.dkr.ecr.eu-west-1.amazonaws.com
       - nohup /usr/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 --storage-driver=overlay2 &
       - timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
-      - nohup docker pull 283563576583.dkr.ecr.eu-west-1.amazonaws.com/localstack:1.3
+      - nohup docker pull 283563576583.dkr.ecr.eu-west-1.amazonaws.com/localstack:1.3 &
 
       - mv /packages/tools/velho/.gradle /tools/velho/
       - mv /packages/tools/velho/buildSrc/.gradle /tools/velho/buildSrc/
 
       - touch .env.test
       - npm ci
+      - fg || true
       - npm run buildimage:generate
   build:
     commands:

diff --git a/deployment/lib/buildspec/buildspec-prod.yml b/deployment/lib/buildspec/buildspec-prod.yml
@@ -10,19 +10,14 @@ env:
 phases:
   install:
     commands:
-      - ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account)
-      - aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin "$ACCOUNT_ID.dkr.ecr.eu-west-1.amazonaws.com"
-
-      - nohup /usr/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 --storage-driver=overlay2 &
-      - timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
-      - nohup docker pull "$ACCOUNT_ID.dkr.ecr.eu-west-1.amazonaws.com/localstack:1.3"
-
       - mv /packages/tools/velho/.gradle /tools/velho/
       - mv /packages/tools/velho/buildSrc/.gradle /tools/velho/buildSrc/
 
+      - ./deployment/bin/checkoutBranch.sh
       - touch .env.test
       - npm ci
       - npm run buildimage:generate
+      - ./tools/velho/gradlew --stop
   build:
     commands:
       - npm run get-next-version

diff --git a/deployment/lib/buildspec/buildspec-training.yml b/deployment/lib/buildspec/buildspec-training.yml
@@ -19,6 +19,7 @@ phases:
       - mv /packages/tools/velho/.gradle /tools/velho/
       - mv /packages/tools/velho/buildSrc/.gradle /tools/velho/buildSrc/
 
+      - ./deployment/bin/checkoutBranch.sh
       - touch .env.test
       - npm ci
       - npm run buildimage:generate

diff --git a/deployment/lib/buildspec/buildspec.yml b/deployment/lib/buildspec/buildspec.yml
@@ -16,13 +16,15 @@ phases:
       - aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin 283563576583.dkr.ecr.eu-west-1.amazonaws.com
       - nohup /usr/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 --storage-driver=overlay2 &
       - timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
-      - nohup docker pull 283563576583.dkr.ecr.eu-west-1.amazonaws.com/localstack:1.3
+      - nohup docker pull 283563576583.dkr.ecr.eu-west-1.amazonaws.com/localstack:1.3 &
 
       - mv /packages/tools/velho/.gradle /tools/velho/
       - mv /packages/tools/velho/buildSrc/.gradle /tools/velho/buildSrc/
 
+      - ./deployment/bin/checkoutBranch.sh
       - touch .env.test
       - npm ci
+      - fg || true
       - npm run buildimage:generate
   build:
     commands:
@@ -33,7 +35,6 @@ phases:
       - npm run test
       - npm run localstack:stop &
       - npm run sonar
-      - npm run maintenancemode set
       - npm run deploy:database
       - npm run deploy:backend
       - npm run deploy:frontend
@@ -46,7 +47,6 @@ phases:
   post_build:
     on-failure: ABORT
     commands:
-      - npm run maintenancemode clear
       - ./deployment/bin/reportBuildStatus.sh -t "$ROCKET_CHAT_TOKEN" -u "$ROCKET_CHAT_USER_ID" -r "$CODEBUILD_BUILD_SUCCEEDING" -m "$ENVIRONMENT build" -d "CodeBuild $CODEBUILD_BUILD_URL"
 cache:
   paths:

diff --git a/deployment/lib/hassu-pipelines.ts b/deployment/lib/hassu-pipelines.ts
@@ -278,8 +278,8 @@ export class HassuPipelineStack extends Stack {
             "lambda:ListFunctions",
             "lambda:InvokeFunction",
             "lambda:GetFunction",
-            "waf:ListRegexPatternSets",
-            "waf:UpdateRegexPatternSet",
+            "wafv2:ListRegexPatternSets",
+            "wafv2:UpdateRegexPatternSet",
           ],
           resources: ["*"],
         })

diff --git a/deployment/lib/hassu-waf.ts b/deployment/lib/hassu-waf.ts
@@ -90,7 +90,7 @@ export class FrontendWafStack extends Stack {
   }
 }
 
-const managedRules = [
+const managedRules: CfnWebACL.RuleProperty[] = [
   {
     name: "AWS-AWSManagedRulesAdminProtectionRuleSet",
     priority: 0,
@@ -152,6 +152,14 @@ const managedRules = [
       managedRuleGroupStatement: {
         vendorName: "AWS",
         name: "AWSManagedRulesCommonRuleSet",
+        ruleActionOverrides: [
+          {
+            name: "SizeRestrictions_BODY",
+            actionToUse: {
+              allow: {},
+            },
+          },
+        ],
       },
     },
     overrideAction: {