build: release v6.79.0 #6762
Merged
build: release v6.79.0 #6762
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
build: merge v6.78.1 into develop
build: merge v6.78.2 back into develop
…#6735) * feat: add error message for child subfields * fix: correct typo * feat: validate upon input change * feat: try ref * feat: compare ref by id * fix: check for ref on error and remove console.log statements * fix: remove comment --------- Co-authored-by: Ken <[email protected]>
* chore: update hydrogen-alpine version * chore: update hydrogen-alpine version * chore: update chromium and puppeteer versions to be compatible with alpine3.18 * chore: update node version on ci as 14 has reached eol * chore: add openssl-legacy-provider flag to ci before we upgrade to webpack5 * chore: reduce memory consumed by node as ci runner is running out of memory * chore: cache node modules directory so we run npm ci once and reuse for subsequent jobs * chore: set space to 4096 * chore: remove open-ssl flag * chore: add open-ssl flag * chore: increase swap file to prevent ci from failing * chore: increase space size to 8192 * increase space for backend test * chore: increase timeout for jest test * chore: increase jest timeout
…ronment) (#6743) * feat: add feAppUrl as a new env var * feat: change redirectDestination for local dev
* feat: add fileKey to joi validation * feat: test lambda invoke v3 * feat: trigger virus scanner lambda * feat: log return payload * fix: show payload and logresult as string * fix: parsing of payload to json * feat: trigger lambda on local * refactor: rm version check in receiveStorageSubmission * docs: add comments with relevant references to tix * chore: update logger meta.action * fix: broken receiver tests due to answer field * docs: incl storage v2+ forms * feat: runtime typeguards for lambda output parsing * feat: add uuid check for quarantine file key * fix: use answer for quarantine file key * fix: isQuarantinedAttachmentResponse answer check * fix: playwright tests - set answer as filename * revert: "fix: broken receiver tests due to answer field" This reverts commit 4555583. * feat: parse json safely * test: triggerVirusScanning * refactor: use typeguards for type checking logic - docs: added stronger warnings in comments * feat: invalid quarantine file key error * fix: broken test due to file key error update * fix: import from shared * refactor: typeguards to know better than 'any'
chore: specify checkout branch
fix: rm legacy streaming prop
* feat: download s3 clean file * fix: temporarily bump hydrogen-alpine version down * fix: map DownloadCleanFileFailedError * docs: get clean file * fix: filename when admin downloads * test: downloadCleanFile * feat: check for clean file key valid uuid * chore: more specific log message * feat: async retrieving of clean attachments * chore: add _ to req unused var * refactor: rm mutation in scanAndRetrieveFiles
…6751) fix: remove premature return
* feat: payment proof through s3 * feat: add memory of upload to s3 to payments model * chore: add s3 bucket url to config * feat: refetch from stripe.charges * chore: add debug logs * chore: switch redirect to json message * test: update test config * fix: increase nginx proxy buffer size * Revert "chore: switch redirect to json message" This reverts commit e0214db. * fix: include .platform in ECR * chore: refactor with refined completed payment schema * chore: follow repo convention of returning true for success result * refactor: move invoice generation code to payment-proof folder * test: add cases for payment-proof * chore: remove stray comments * feat: remove ebs .platform config * refactor: uppercase for global constants * test: update mock http to https * chore: fix duplicates, empty imports, terser mock return statements * test: fix missing mock for s3upload
…6753) Bumps [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js) from 1.10.43 to 1.10.45. - [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/compare/v1.10.43...v1.10.45) --- updated-dependencies: - dependency-name: libphonenumber-js dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore: update hydrogen-alpine version * chore: update hydrogen-alpine version * chore: update chromium and puppeteer versions to be compatible with alpine3.18 * chore: update node version on ci as 14 has reached eol * chore: add openssl-legacy-provider flag to ci before we upgrade to webpack5 * chore: reduce memory consumed by node as ci runner is running out of memory * chore: cache node modules directory so we run npm ci once and reuse for subsequent jobs * chore: set space to 4096 * chore: remove open-ssl flag * chore: add open-ssl flag * chore: increase swap file to prevent ci from failing * chore: increase space size to 8192 * increase space for backend test * chore: increase timeout for jest test * chore: increase jest timeout * chore: update chromium and puppeteer versions * chore: update chromium and puppeteer versions * chore: updated test to resolve econnreset issue * chore: updated test to resolve econnreset issue
* chore: updated connect-mongo from 4.4.1 to 4.6.0 * chore: updated dd-trace from 3.9.3 to 3.36.0 * chore: update stoplight from 4.10.6 to 5.3.2 * chore: updated package.json * chore: updated bson-ext from 2.0.6 to 4.0.3 * chore: revert update to bson * chore: update bcrypt from 5.1.0 to 5.1.1 * chore: update twilio 4.11.0 to 4.18.0 * chore: update package-lock.json for twilio upgrade * chore: update jsonwebtoken from 9.0.0 to 9.0.2 * chore: update jsonwebtoken from 9.0.0 to 9.0.2 * chore: merge and moved jest options from cli to config * chore: update maxworkers to 4 * chore: update timeout to 300s
* feat: rename NRIC field to NRIC/FIN * chore: set 5s timeout for frontend tests * chore: set timeout in cli call * Revert "chore: set timeout in cli call" This reverts commit 401d45e. * chore: increase memory to 2gb for frontend test * chore: increase memory to 4gb
FRM-993 Upgrade to AWS SDK v3
Description We see a lot of warnings in logs and tests because AWS will be retiring the rAWS SDK V2 in 2023, and we are urged to upgrade to AWS SDK v3 |
LinHuiqing
approved these changes
Oct 3, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New
#6759#6728#6752#6733#6751#6747#6744#6746#6748#6734#6743#6720#6735#6742#6741#6738Dependencies
#6753Dev-Dependencies
Tests
feat: rename NRIC field to NRIC/FIN
#6759@KenLSM
Before & After Screenshots
BEFORE:
AFTER:
chore: fix snyk vulnerabilities
#6728@KenLSM
chore: update hydrogen alpine
#6752@KenLSM
feat(payment): invoice through s3
#6733@LinHuiqing
Regression
Downloading proof of payments should respond with pdf file
Disconnected Payment Forms should still allow user to download proof of payment
(record the download link from the test above)
New Feature
hasReceiptStoredInS3should be set in the DB for the particular paymentDeploy Notes
staging,staging-alt,prod,uatPAYMENT_PROOF_S3_BUCKETto be added onstaging,staging-alt,prod,uatstaging,prod,uatroles (see comment on linear issue)New environment variables:
env var:PAYMENT_PROOF_S3_BUCKETto configure the name of payment proof s3 bucketThis PR is risky, as there were some issues with nginx when it was deployed to staging but unreproducible on staging-alt, staging-alt2, and uat. To be safe, we need to deploy during the low traffic period.To verify that the issue doesn't occur, we will need to trigger the invoice download multiple times, and ensure that we don't see a 5xx from the ec2. Note that our express server isn't the one returning 5xx, but nginx's reverse proxy itself.fix: reinstate MyInfo verified field indicator for MyInfo child DOB
#6751@tshuli
[MyInfo]feat(virus-scanner): download clean file
#6747@foochifa
Make sure clean files can be downloaded from clean bucket
Preparations:
Get the storage submission request:
/storage.text/plainapplication/pdfimage/pngimage/gifAfor the submission. It should be to the endpoint that shows up asstorage?recaptcha....Ato change the version to 2.1. Save this as requestB.Put a valid file in the quarantine bucket:
1b90195b-ce8a-4590-810b-04ebaef8e4dd).formsg-backend-1's terminal.echo "testing 123" > 1b90195b-ce8a-4590-810b-04ebaef8e4dd.aws --endpoint=http://localhost:4566 s3 cp 1b90195b-ce8a-4590-810b-04ebaef8e4dd s3://local-virus-scanner-quarantine-bucketaws --endpoint=http://localhost:4566 s3 ls s3://local-virus-scanner-quarantine-bucket[staging|prod|uat].virus.scanner.quarantine.Allow virus scanner to be used on BE:
featureflagscollection, add the flagencryption-boundary-shift-virus-scannerand set enabled totrue.Make sure that virus scanner runs and clean file is downloaded when feature flag is on and version number is 2.1+:
Bby changing the attachment field's answer to the file that you've added to the quarantine bucket. The file you've added should have a key that's a valid uuid. Save this as requestC.C.C. This should now fail with a virus scan failure message since the quarantine bucket file has poofed.Regression
Make sure that
encryption-boundary-shift-virus-scannerfeature flag worksencryption-boundary-shift-virus-scannerfeature flag or disable it.C. The file in the quarantine bucket should remain.Make sure that versioning works
encryption-boundary-shift-virus-scannerfeature flag.Cby changing the version number to 2. The file in the quarantine bucket should remain.Make sure that only uuid file keys are accepted
C, where the filename is not a valid UUID. An error should be thrown flagging that the file key is not a valid UUID.Normal E2E flows
encryption-boundary-shift-virus-scannerflag disabled, submit a storage mode form (/storage endpoint) with multiple attachments.Deploy Notes
Modified AWS policies:
formsg-staging-virus-scanner-s3-lambdapolicy modified (forformsg-staging-ec2-role-1), in the Statement forSid"GetFileFromClean",GetObjectis replaced byGetObjectVersion. As such, the statement should look like the following:{ "Sid": "GetFileFromClean", "Effect": "Allow", "Action": "s3:GetObjectVersion", "Resource": "arn:aws:s3:::staging.virus.scanner.clean/*" }fix: rm growthbook legacy streaming prop
#6744@wanlingt
Before tests: Make sure that growthbook is connected.
Regression tests:
encryption-boundary-shiftflag on growthbook to on./submissions/storageendpoint.encryption-boundary-shiftflag on growthbook to off./submissions/encryptendpoint.feat(virus-scanner): invoke lambda to scan file
#6734@justynoh
Sed I can't put the requests for this set of tests on Insomnia :'(
Make sure virus scanning lamda is invoked under the right conditions:
Preparations:
Get the storage submission request:
/storage.Afor the submission. It should be to the endpoint that shows up asstorage?recaptcha....Ato change the version to 2.1. Save this as requestB.Put a valid file in the quarantine bucket:
1b90195b-ce8a-4590-810b-04ebaef8e4dd).formsg-backend-1's terminal.echo "testing 123" > 1b90195b-ce8a-4590-810b-04ebaef8e4dd.aws --endpoint=http://localhost:4566 s3 cp 1b90195b-ce8a-4590-810b-04ebaef8e4dd s3://local-virus-scanner-quarantine-bucketaws --endpoint=http://localhost:4566 s3 ls s3://local-virus-scanner-quarantine-bucket[staging|prod|uat].virus.scanner.quarantine.Allow virus scanner to be used on BE:
featureflagscollection, add the flagencryption-boundary-shift-virus-scannerand set enabled totrue.Make sure that virus scanner runs when feature flag is on and version number is 2.1+:
Bby changing the filename to the file that you've added to the quarantine bucket. The file you've added should have a key that's a valid uuid. Save this as requestC.C. Ifencryption-boundary-shift-hard-validationis disabled,encryption-boundary-shift-hard-validationflag.C. Ifencryption-boundary-shift-hard-validationis enabled,encryption-boundary-shift-hard-validationflag.encryption-boundary-shift-hard-validationto disabled.C. This should now fail with a virus scan failure message since the quarantine bucket file has poofed.Make sure that
encryption-boundary-shift-virus-scannerfeature flag worksencryption-boundary-shift-virus-scannerfeature flag or disable it.C. The file in the quarantine bucket should remain.Make sure that versioning works
encryption-boundary-shift-virus-scannerfeature flag.Cby changing the version number to 2. The file in the quarantine bucket should remain.Make sure that only uuid file keys are accepted
C, where the filename is not a valid UUID. An error should be thrown flagging that the file key is not a valid UUID.Regression tests:
encryption-boundary-shift-virus-scannerflag disabled, submit a storage mode form (/storage endpoint) with multiple attachments.Deploy Notes
Note: In production, ensure that in the DB's
featureflagscollection, the flagencryption-boundary-shift-virus-scanneris either unset or set to false.New environment variables:
VIRUS_SCANNER_LAMBDA_FUNCTION_NAME: name of virus scanner lambdafunctionvirus-scanner-production-virus-scannervirus-scanner-staging-virus-scannervirus-scanner-uat-virus-scannerNew dependencies:
@aws-sdk/client-lambda: lambda package from aws-sdk v3, as part of FRM-993.New AWS policies:
formsg-staging-virus-scanner-s3-lambdapolicy added (forformsg-staging-ec2-role-1):{ "Version": "2012-10-17", "Statement": [ { "Sid": "TriggerVirusScanningLambda", "Effect": "Allow", "Action": "lambda:InvokeFunction", "Resource": "arn:aws:lambda:ap-southeast-1:652261905145:function:virus-scanner-staging-virus-scanner" }, { "Sid": "PutFileInQuarantine", "Effect": "Allow", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::staging.virus.scanner.quarantine/*" }, { "Sid": "GetFileFromClean", "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::staging.virus.scanner.clean/*" } ] }fix: redirect to frontend app after myinfo log in (for local dev environment)
#6743@justynoh
Staging/Prod
Local dev
localhost:3000Deploy Notes
New environment variables:
FE_APP_URL: Frontend application URL (for local development use only)chore: update hydrogen-alpine version
#6720@LinHuiqing
fix: display error message when myinfo child fields are not filled in
#6735@LinHuiqing
### fix: hotfix for 500 errors thrown on email bounce notification endpoint#6741@tshuliPrior to release, this should be tested on staging by triggering a bounce notification to staging prior to and after deployment. If a 500 error was thrown on staging prior to deployment, we should expect it not to happen after deployment.Update: Not able to replicate 500s, but we have tested multiple times on email submissions and the bounce notifications were successfully parsed and returned 200.