From 036a511e12aae69cc2f9c7d3baf7db532bf39706 Mon Sep 17 00:00:00 2001 From: Steven Reilly Date: Fri, 23 Dec 2022 10:13:28 -0500 Subject: [PATCH 1/5] update sandbox teardown steps --- docs/deploying.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/deploying.md b/docs/deploying.md index 15c41afbc..079960d26 100644 --- a/docs/deploying.md +++ b/docs/deploying.md @@ -42,7 +42,12 @@ for experimenting with infrastructure changes without going through the full CI/ Rules for use: 1. Ensure that no other developer is using the environment, as there is nothing stopping changes from overwriting each other. -1. Clean up services you create when you are done. `terraform destroy` from within the `terraform/sandbox` directory should do it. +1. Clean up when you are done: + - `terraform destroy` from within the `terraform/sandbox` directory will take care of the provisioned services + - Delete the routes shown in `cf routes` + - Delete the apps shown in `cf apps` + - Delete the service keys for any remaining space deployers, likely `cf dsk service-account-key` + - Delete the space deployers still shown in `cf services` ### Deploying to the sandbox From 276546fc99348237407623baab8b03b518d2560f Mon Sep 17 00:00:00 2001 From: Steven Reilly Date: Fri, 23 Dec 2022 11:25:44 -0500 Subject: [PATCH 2/5] simplify cleanup steps Co-authored-by: Ryan Ahearn --- docs/deploying.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/deploying.md b/docs/deploying.md index 079960d26..264c87955 100644 --- a/docs/deploying.md +++ b/docs/deploying.md @@ -44,8 +44,7 @@ Rules for use: 1. Ensure that no other developer is using the environment, as there is nothing stopping changes from overwriting each other. 1. Clean up when you are done: - `terraform destroy` from within the `terraform/sandbox` directory will take care of the provisioned services - - Delete the routes shown in `cf routes` - - Delete the apps shown in `cf apps` + - Delete the apps and routes shown in `cf apps` by running `cf delete APP_NAME -r` - Delete the service keys for any remaining space deployers, likely `cf dsk service-account-key` - Delete the space deployers still shown in `cf services` From d7b889767e0afb636e725bc3f6497e0963227532 Mon Sep 17 00:00:00 2001 From: Steven Reilly Date: Fri, 23 Dec 2022 11:26:11 -0500 Subject: [PATCH 3/5] simplify to use the script for this exact purpose Co-authored-by: Ryan Ahearn --- docs/deploying.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/deploying.md b/docs/deploying.md index 264c87955..94d85af36 100644 --- a/docs/deploying.md +++ b/docs/deploying.md @@ -45,8 +45,7 @@ Rules for use: 1. Clean up when you are done: - `terraform destroy` from within the `terraform/sandbox` directory will take care of the provisioned services - Delete the apps and routes shown in `cf apps` by running `cf delete APP_NAME -r` - - Delete the service keys for any remaining space deployers, likely `cf dsk service-account-key` - - Delete the space deployers still shown in `cf services` + - Delete the space deployers still shown in `cf services` by running `terraform/destroy_service_account.sh -s notify-sandbox -u ` ### Deploying to the sandbox From bc21cd3d3f3052e87fea95f2c8dbed9e447fb391 Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Tue, 3 Jan 2023 09:43:32 -0500 Subject: [PATCH 4/5] Remove restart: always from devcontainer --- docker-compose.devcontainer.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/docker-compose.devcontainer.yml b/docker-compose.devcontainer.yml index 62bdfad51..d08ca2972 100644 --- a/docker-compose.devcontainer.yml +++ b/docker-compose.devcontainer.yml @@ -48,7 +48,6 @@ services: - redis links: - db - restart: always worker: container_name: worker image: dev-notification-api From 7e02e6b33d5629cc097a6e299d6da825bcd4d958 Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Tue, 3 Jan 2023 09:44:53 -0500 Subject: [PATCH 5/5] Update to most recent pip-audit action --- .github/workflows/checks.yml | 2 +- .github/workflows/daily_checks.yml | 2 +- Makefile | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 9143504a4..0d3ca945a 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -60,7 +60,7 @@ jobs: - uses: ./.github/actions/setup-project - name: Create requirements.txt run: pipenv requirements > requirements.txt - - uses: trailofbits/gh-action-pip-audit@v1.0.0 + - uses: pypa/gh-action-pip-audit@v1.0.4 with: inputs: requirements.txt ignore-vulns: PYSEC-2022-237 diff --git a/.github/workflows/daily_checks.yml b/.github/workflows/daily_checks.yml index c0b981b7c..34cef2173 100644 --- a/.github/workflows/daily_checks.yml +++ b/.github/workflows/daily_checks.yml @@ -29,7 +29,7 @@ jobs: - uses: ./.github/actions/setup-project - name: Create requirements.txt run: pipenv requirements > requirements.txt - - uses: trailofbits/gh-action-pip-audit@v1.0.0 + - uses: pypa/gh-action-pip-audit@v1.0.4 with: inputs: requirements.txt ignore-vulns: PYSEC-2022-237 diff --git a/Makefile b/Makefile index 9ced0aaa5..9b22547bc 100644 --- a/Makefile +++ b/Makefile @@ -66,8 +66,8 @@ freeze-requirements: ## Pin all requirements including sub dependencies into req audit: pipenv requirements > requirements.txt pipenv requirements --dev > requirements_for_test.txt - pipenv run pip-audit -r requirements.txt -l --ignore-vuln PYSEC-2022-237 - -pipenv run pip-audit -r requirements_for_test.txt -l + pipenv run pip-audit -r requirements.txt --ignore-vuln PYSEC-2022-237 + -pipenv run pip-audit -r requirements_for_test.txt .PHONY: static-scan static-scan: