chore: GCForms release v3.3.0

[bryan-robitaille]

🤖 I have created a release beep boop

3.3.0 (2023-09-12)

Features

• adapt code to benefit from Template DB schema rework (#315) (0838395)
• adapt existing invoke_archiver lambda script to work with new version of the lambda (a4d6b3c)
• add Alarms module to Production releases (#135) (1e9fc5a)
• add Athena access log queries (#313) (07642e0)
• add DDoS protection to ALB and hosted zone (#150) (865430e)
• Add freskdesk API key (d038c81)
• add GC Notify callback bearer token as env variable (f1acece)
• add iam permissions to forms client ECS (#270) (a5383b6)
• add lambda function to delete archived form templates (#271) (891319f)
• add log metric filter on ECS Log group and associated alarm that will tell us when an expired bearer token has been used (f176a2a)
• add log metric filter on ECS Log group and associated alarm that will tell us when we failed to generate temporary token too many times (6583ce0)
• add new Name attribute to form submission in Vault table (#322) (6b48783)
• add reprocess submission queue to SQS (5fee36a)
• add S3 object scan to Vault S3 bucket (#225) (98c4199)
• add SNS Terraform lock file (56835a8)
• add Status and ConfirmationCode fields when saving submission to the Vault (#316) (b26962e)
• Add submissionID and createdAt timestamp to email body (11ea267)
• add Terraform devcontainer (#90) (5431691)
• add variable to tf code and provide access to template lambda and ecs (3208e00)
• added account auto comfirmation using pre sign up lambda (#395) (#396) (42255ad)
• added missing cloudwatch subscription filter for submission logs (#431) (e50f391)
• added new 2FA alarm for when a user is locked out because of too many verification failed attempts (#400) (832e248)
• added new attribute Retrieved and global secondary index to DynamoDB Vault table (69f7fab)
• added severity level to alarms being sent to Slack (#451) (fe32554)
• added workflow_dispatch option to Apply Staging workflow file (#293) (fe595b6)
• Alarm for error in Reliability Queue processing (#168) (8e3f17e)
• alarm for tracking temporary token request made from outside of Canada (3f5a10b)
• alarm when temporary token is requested using unauthorized email address (#247) (98e737b)
• allow ECS task to interact with SQS (06f3425)
• create token on bearer insert (c9aa1a3)
• create token on bearer insert (92ca627)
• create token on bearer insert (66b14b8)
• dynamic WAF ACL rules per environment (#124) (77571a7)
• enable AWS Cognito hosted UI (#248) (af61192)
• enable DLQ redrive and increase timeout for reliability lambda (f55dc65)
• enable load balancer accessing log to cbs bucket (#173) (0ee403f)
• enable local development of lambdas using localstack ! (d9d8070)
• enable TTL feature on ReliabilityQueue DynamoDB table in order to delete entries after 48 hours (ef90d2c)
• enable versioning on Vault S3 bucket (#227) (a04d720)
• expire S3 items in reliability storage after 2 days instead of 5 (221dcde)
• Form Viewer read Vault S3 objects (#235) (24e4362)
• generate Software Bill of Materials (#212) (e120a91)
• group Docker and GitHub Renovate updates (#290) (13d8e4d)
• i18n Notify email (a8907d9)
• implement new dead letter queue consumer lambda (#210) (fff7575)
• improve Archiver lambda by using DynamoDB stream (f0d3e03)
• initial Terragrunt config for Scratch env (#94) (77263b0)
• Modify ECS IAM to give access to DynamoDB (00b8363)
• nagware lambda now ignores GC Notify safelist error in staging (#384) (c094e3c)
• nagware sends email to all template associated users (#442) (ad6022d)
• plugged Archiver lambda to local environment (a009966)
• production Terragrunt config and workflows (#125) (9169a21)
• reconfiguring lambda to account for removed question (a7b73be)
• release v1.0.2 to production (#134) (7bdecd7)
• release v1.0.3 to production (#136) (50d50a1)
• release v1.0.4 to production (#152) (580f343)
• remove code that deletes submissions from DynamoDB table and also files attached to form from temporary S3 bucket (c347abf)
• removed Cognito 2FA (#392) (e2f96f8)
• S3 scan object lambda CloudWatch alarm (#241) (6552f49)
• send VPC and WAF logs to Cloud Based Sensor (#253) (39b9938)
• Setup cognito for server side auth (abe9986)
• Setup cognito for server side auth (#250) (237cb7b)
• switch Staging infra to Terragrunt modules (#120) (4aacfb7)
• switch to central S3 scan object design (#226) (68425c7)
• Terragrunt CloudWatch alarm module (#112) (8b7501c)
• Terragrunt Elastic Container Registry (#104) (64bac8e)
• Terragrunt KMS module (#96) (db73e2e)
• Terragrunt load balancer (#107) (643b2ca)
• Terragrunt load testing and local dev (#114) (adaf27f)
• Terragrunt module for app (Lambda + ECS) (#108) (ab4b77a)
• Terragrunt moodule for DynamDB tables (#103) (c7733dd)
• Terragrunt network module (#97) (e00f534)
• Terragrunt RDS PostgreSQL cluster (#101) (1dbf1c0)
• Terragrunt Redis module (#98) (b9ddc39)
• Terragrunt SQS module (#106) (70ce0b2)
• Terragrunt to create the Route53 hosted zone (#95) (0dcb4ae)
• update devcontainer to use docker-in-docker (#214) (a912a83)
• update to environment specific secrets (#123) (3fc5029)
• upgrade S3_scan_object to SQS queue (#416) (064e0e6)
• use Lambda and Cloudwatch Logs to send reviewed alarms to Slack channels (#421) (7f502df)
• use latest localstack and run in devcontainer (#209) (98f5b63)
• workflow to check for Terraform updates (#105) (f76ed32)

Bug Fixes

• add limit and offset parameters (d729ddc)
• Add missing freshdesk api key to ecs task (d8a96ac)
• add SNS topic permission to invoke Slack Lambda (dba8a6d)
• add token secret so that it can be accessed (8386674)
• adjust Terraform to distinguish Prod/Staging (#126) (16d3395)
• Allow access to vault indexes by lambda (72c164a)
• allow Lambda forms client VPC access (#406) (4e6898b)
• allow lambdas access to vault index (c5a6d67)
• allow PR review env invoke Submission lambda (#414) (bda4198)
• archive form templates lambda function is missing a connection with the CRON even (#272) (3edd5db)
• archive form templates lambda unable to find lib dependency (#366) (acf4392)
• archiver lambda index name value is wrong (e253d05)
• block scoped variable called in other block (#223) (d517d94)
• bug with environment setting in s3 client in reliability lambda (09fdc7a)
• converting number to string while making dynamodb query (#348) (fc006e8)
• deployment issue with Nagware lambda (#345) (ca62109)
• deps: update all minor dependencies (#297) (137c240)
• detection of zombie dind_add_host script (#217) (ccc34e6)
• devcontainer Node.js version (#231) (0c6cd2f)
• devcontainer Python deps to install checkov (0356873)
• diff comment and version manifest workflows (#129) (133d148)
• DLQ consumer lambda is missing a dependency (#274) (ac21a41)
• DLQ lambda message formatting issue (#281) (7459e5d)
• DLQ lambda unable to parse message body (#280) (9a6c85e)
• dynamic parsing for Nagware SQL response depending on environment (LocalStack vs AWS) (#368) (3514ad5)
• ECS S3 IAM policy (#111) (0bbfc08)
• Ensure no duplicate responses are sent through Notify (#321) (ea3981f)
• ExecuteStatementCommand to create command instead of passing params object templates lambda (c9667ca)
• for loop syntax (#346) (c0c5a1e)
• force staging apply (de7e9b2)
• format lambda and secrets tf (b61bc84)
• formatting (c6d1bf2)
• get around checkov check relating to enabling point in time recovery (008e006)
• Github action logic for release-generator (#479) (dbb3a77)
• have production environment use local files (8ec863c)
• IAM permission for freshdesk secret (f22ee82)
• increased nagware lambda timeout (#382) (c8e63f5)
• install Lambda dependencies for prod (#133) (b4f8297)
• internet egress required by Google Auth (#93) (2e3b819)
• issue with map function while archiving form templates (#273) (918340e)
• lambda errors (1f94abc)
• limit tfsec to the forms/aws directory (6ddf1d4)
• limit scope of Terraform GitHub workflow (#91) (d99acaa)
• local database connection timeout (#216) (3c031bc)
• local devcontainer setup (#403) (618fa4b)
• local Reliability lambda execution (#234) (442f759)
• local terraform configuration (4354e76)
• lowercase sql variable instead of SQL for rds data client (88e6fcd)
• lowercase sql variable instead of SQL for rds data client (63b2eeb)
• make local lambdas use NodeJS 14 runtime instead of 12 (91b47f9)
• make queue visibility timeout greater than function timeout (216d47d)
• mark secret app variables as sensitive (#190) (7f7566b)
• Missing json attribute forms_dynamodb policy referencing forms_dynamodb policy document (3a536b0)
• missing permissions between Cognito and Lambdas (#390) (b1d1060)
• missing submission ID to display error (05404c5)
• missing variables in GC Notify call when Cognito tries to send emails (#398) (df926e2)
• multiple issues with NotifySlack lambda (#434) (642ea21)
• nagware function argument is not defined (#364) (d476c4b)
• nagware notification layout (#460) (fab09d2)
• needed space in line 110 (edac7fc)
• only run docker-in-docker helper in devcontainer (#215) (d77bf08)
• only use supported lambda_version value in userpool (70408de)
• only use supported lambda_version value in userpool (388d022)
• only use supported lambda_version value in userpool (e1c1aa6)
• only use supported lambda_version value in userpool (bef7b91)
• only use supported lambda_version value in userpool (0561b78)
• only use supported lambda_version value in userpool (#301) (092f7ed)
• part one of ECS egress security group removal (#92) (e3e5be5)
• permission for Cloudwatch to run Notify Slack lambda (#429) (0e2ef47)
• permission for Cloudwatch to run Notify Slack lambda (second attempt) (#430) (4c77f00)
• readme and DRY terragrunt.hcl (6a5d17d)
• remove bearerToken from the return data. (17d560f)
• Remove client secret from app client (#252) (047afc6)
• remove filtering of changed modules for production workflows (d976b2d)
• remove redrive allow policy (a0b608e)
• remove role policy attachment for invocation policy (a5be885)
• remove role policy attachment for invocation policy (2079d8e)
• remove unused cognito client secret (9c7b256)
• s3 scan object function timeout (#391) (25a39f6)
• serialization issue when adding form reponse to DynamoDB (5f35a18)
• sql parameters in wrong order and addition of retrieved attribute (36560a5)
• Submission lambda permission for PR review env (#415) (291c095)
• switch to managed AWS Lambda policy (#113) (c433c5c)
• TemporaryTokenGeneratedOutsideCanadaWarn alarm not using the right triggering metric (7b56721)
• Terraform module version reference (#427) (4a680fd)
• terragrunt.hcl remote state conflicts (cc75e1c)
• token_secret variable name (ac216d3)
• TTL only set after successful send (3def626)
• typo (952e6dc)
• updated AWS SDK version to 3.294.0 in order to fix an issue with S3 and complex filename (#349) (8f93da0)
• use correct event for sending verification code on signup (ae469d0)
• use valid ReCaptcha site key for production environment (#462) (8f96f8f)
• workflow (1fa3b39)
• wrong message body formatting (#282) (7fc9d43)

Documentation

• update the devcontainer setup commands (#213) (c7f6bc0)

Miscellaneous Chores

• add Production Terraform lock files (#127) (c03b16e)
• Created local '.github/workflows/s3-backup.yml' from remote 'tools/sre_file_sync/s3-backup.yml' (0969ef1)
• delete Scratch environment (#122) (e346f69)
• deps: add renovate.json (#254) (08e5484)
• deps: lock file maintenance (#289) (d53ba9a)
• deps: lock file maintenance (#320) (badbe3d)
• deps: lock file maintenance (#332) (3403da9)
• deps: lock file maintenance (#358) (662a1b9)
• deps: lock file maintenance (#363) (933744a)
• deps: lock file maintenance (#374) (ba3fc10)
• deps: lock file maintenance (#389) (59ca107)
• deps: lock file maintenance (#394) (51814ab)
• deps: lock file maintenance (#409) (2416037)
• deps: lock file maintenance (#419) (438f339)
• deps: lock file maintenance (#467) (d9329d5)
• deps: pin dependencies (#257) (fd449f9)
• deps: update actions/checkout action to v3.3.0 (#309) (8575a23)
• deps: update actions/checkout action to v3.5.2 (#365) (c4a6a26)
• deps: update all minor dependencies (#259) (8414700)
• deps: update all non-major docker images (#292) (74c9ea1)
• deps: update all non-major docker images (#303) (195b4d6)
• deps: update all non-major docker images (#310) (e4eaf17)
• deps: update all non-major docker images (#327) (075c4ad)
• deps: update all non-major docker images (#331) (cda3e09)
• deps: update all non-major docker images (#355) (b191e30)
• deps: update all non-major docker images (#373) (addf3ba)
• deps: update all non-major docker images (#393) (4f90721)
• deps: update all non-major docker images (#407) (d45516b)
• deps: update all non-major docker images (#417) (d77b8a3)
• deps: update all non-major docker images (#446) (72dcd3b)
• deps: update all non-major github action dependencies (#291) (923784b)
• deps: update all non-major github action dependencies (#302) (9fc8288)
• deps: update all non-major github action dependencies (#357) (dacf2a5)
• deps: update all non-major github action dependencies (#372) (73bfccc)
• deps: update all non-major github action dependencies (#408) (c710b96)
• deps: update all non-major github action dependencies (#418) (e0db056)
• deps: update all non-major github action dependencies (#447) (d9d35df)
• deps: update all non-major github action dependencies (#466) (38611b1)
• deps: update cds-snc/security-tools digest to ed1f03e (#260) (8096ff3)
• deps: update dorny/paths-filter digest to 4512585 (#258) (4946573)
• deps: update hashicorp/setup-terraform digest to 633666f (#261) (cff11c1)
• deps: update localstack/localstack docker digest to 0420c08 (#350) (97c9a69)
• deps: update localstack/localstack docker digest to 3069931 (#264) (d257c92)
• deps: update localstack/localstack docker digest to 6b6ac49 (#279) (2313bc4)
• deps: update localstack/localstack docker digest to 78c4245 (#339) (60f5b31)
• deps: update localstack/localstack docker digest to cdee453 (#362) (fd4acdd)
• deps: update mcr.microsoft.com/vscode/devcontainers/base:buster docker digest to db524eb (#265) (ecd0c0d)
• format all console logs in JSON (#432) (4e59047)
• new workflow for full infrastructure plan against staging (#424) (ae4b292)
• release generator (#475) (31e1b98)
• remove generate SBOM workflow (#312) (de7ee2c)
• Remove testing console logs in templates lambda (09a94e9)
• remove unused Staging Terraform (#121) (359a469)
• sync bearer token infra changes to app module (#118) (a836d27)
• sync the Templates Lambda fix from Staging (#119) (67db4a9)
• synced file(s) with cds-snc/site-reliability-engineering (#468) (563f2af)
• Synced local '.github/workflows/s3-backup.yml' with remote 'tools/sre_file_sync/s3-backup.yml' (#266) (1c0a2b4)
• synced local '.github/workflows/s3-backup.yml' with remote 'tools/sre_file_sync/s3-backup.yml' (#317) (f15180a)
• update engine to 13.9 and allow major version upgrade (#410) (4f374d6)
• upgrade python image (#471) (e75ef9b)
• use form builder edit page (#404) (9dfcc1e)

Code Refactoring

• rename organisation to organization (64a45cf)
• rework Nagware warning message being sent to Slack (#457) (40e32b0)

---

This PR was generated with Release Please. See documentation.

[bryan-robitaille]

Closing to force the action to recreate.