Merge branch 'master' into wafv2-ipset

aws · Oct 5, 2020 · cc0857b · cc0857b
2 parents f7c3872 + a72cfbd
commit cc0857b
Show file tree

Hide file tree

Showing 1,711 changed files with 109,597 additions and 29,576 deletions.
diff --git a/.devcontainer.json b/.devcontainer.json
@@ -0,0 +1,8 @@
+{
+    "name": "Dev Container Definition - AWS CDK",
+    "image": "jsii/superchain",
+    "postCreateCommand": "yarn build --skip-test --no-bail --skip-prereqs --skip-compat",
+    "extensions": [
+        "dbaeumer.vscode-eslint@2.1.5"
+    ]
+}
diff --git a/.gitallowed b/.gitallowed
@@ -15,3 +15,9 @@ account: '012345678913'
 # Account patterns used in the CHANGELOG
 account: '123456789012'
 123456789012
+
+# The account ID's of public facing ECR images for App Mesh Envoy
+# https://docs.aws.amazon.com/app-mesh/latest/userguide/envoy.html
+account: '772975370895'
+account: '856666278305'
+account: '840364872350'
diff --git a/.github/actions/prlinter/action.yml b/.github/actions/prlinter/action.yml
@@ -1,9 +1,5 @@
 name: Pull Request Linter
 description: Execute validation rules on GitHub Pull Requests
-inputs:
-  check:
-    description: "Which check to execute. Choose one of: [MANDATORY_CHANGES]"
-    required: true    
 runs:
   using: node12
-  main: index.js
+  main: index.js
diff --git a/.github/actions/prlinter/index.js b/.github/actions/prlinter/index.js
@@ -2,25 +2,13 @@ const core = require('@actions/core');
 const github = require('@actions/github');
 const linter = require('prlint')
 
-const checks = {
-    "MANDATORY_CHANGES": linter.mandatoryChanges
-}
-
 async function run() {
     const number = github.context.issue.number;
 
     try {
 
-        const checkType = core.getInput('check', {required: true});
-
-        const check = checks[checkType];
-
-        if (!check) {
-            throw new Error(`Unsupported check type '${checkType}'. Choose one of: ${Object.keys(checks)}`)
-        }
+        await linter.validatePr(number);
 
-        await check(number);
-
     } catch (error) {
 
         core.setFailed(error.message);

diff --git a/.github/workflows/closed-issue-message.yml b/.github/workflows/closed-issue-message.yml
@@ -0,0 +1,17 @@
+name: Closed Issue Message
+on:
+    issues:
+       types: [closed]
+jobs:
+    auto_comment:
+        runs-on: ubuntu-latest
+        steps:
+        - uses: aws-actions/closed-issue-message@v1
+          with:
+            # These inputs are both required
+            repo-token: "${{ secrets.GITHUB_TOKEN }}"
+            message: |
+                     ### ⚠️COMMENT VISIBILITY WARNING⚠️ 
+                     Comments on closed issues are hard for our team to see. 
+                     If you need more assistance, please either tag a team member or open a new issue that references this one. 
+                     If you wish to keep having a conversation with other community members under this issue feel free to do so.
diff --git a/.github/workflows/issue-label-assign.yml b/.github/workflows/issue-label-assign.yml
diff --git a/.github/workflows/pr-linter.yml b/.github/workflows/pr-linter.yml
@@ -5,7 +5,7 @@ name: PR Linter
 on: pull_request
 
 jobs:
-  mandatory-changes:
+  validate-pr:
     runs-on: ubuntu-latest
     steps:
 
@@ -17,8 +17,5 @@ jobs:
 
       - name: Validate
         uses: ./.github/actions/prlinter
-        with:
-          check: MANDATORY_CHANGES
         env:
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-
diff --git a/.github/workflows/yarn-upgrade.yml b/.github/workflows/yarn-upgrade.yml
@@ -0,0 +1,77 @@
+name: Yarn Upgrade
+
+on:
+  schedule:
+    # Every wednesday at 13:37 UTC
+    - cron: 37 13 * * 3
+  workflow_dispatch: {}
+
+jobs:
+  upgrade:
+    name: Yarn Upgrade
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Check Out
+        uses: actions/checkout@v2
+
+      - name: Set up Node
+        uses: actions/setup-node@v2.1.0
+        with:
+          node-version: 10
+
+      - name: Locate Yarn cache
+        id: yarn-cache
+        run: echo "::set-output name=dir::$(yarn cache dir)"
+
+      - name: Restore Yarn cache
+        uses: actions/cache@v2
+        with:
+          path: ${{ steps.yarn-cache.outputs.dir }}
+          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |-
+            ${{ runner.os }}-yarn-
+      - name: Install Tools
+        run: |-
+          npm -g install lerna npm-check-updates@^9.0.0
+      - name: List Mono-Repo Packages
+        id: list-packages
+        # These need to be ignored from the `ncu` runs!
+        run: |-
+          echo -n "::set-output name=list::"
+          node -p "$(lerna ls --all --json 2>/dev/null).map(item => item.name).join(',')"
+      - name: Run "ncu -u"
+        # We special-case @types/node because we want to stay on the current major (minimum supported node release)
+        # We special-case @types/fs-extra because the current major (9.x) is broken with @types/node >= 10
+        # We special-case parcel because we are currently on a pre-release and don't want to move to nightlies
+        # We special-case aws-sdk because of breaking changes with TS interface exports in recent minor versions - https://github.com/aws/aws-sdk-js/issues/3453
+        # We special-case typescript because it's not semantically versionned
+        run: |-
+          # Upgrade dependencies at repository root
+          ncu --upgrade --filter=@types/node,@types/fs-extra --target=minor
+          ncu --upgrade --filter=typescript --target=patch
+          ncu --upgrade --reject=@types/node,@types/fs-extra,parcel,typescript --target=minor
+          # Upgrade all the packages
+          lerna exec --parallel ncu -- --upgrade --filter=@types/node,@types/fs-extra --target=minor
+          lerna exec --parallel ncu -- --upgrade --filter=typescript --target=patch
+          lerna exec --parallel ncu -- --upgrade --reject='@types/node,@types/fs-extra,parcel,typescript,aws-sdk,${{ steps.list-packages.outputs.list }}'  --target=minor
+      # This will create a brand new `yarn.lock` file (this is more efficient than `yarn install && yarn upgrade`)
+      - name: Run "yarn install --force"
+        run: yarn install --force
+
+      - name: Make Pull Request
+        uses: peter-evans/create-pull-request@v2
+        with:
+          # Git commit details
+          branch: automation/yarn-upgrade
+          commit-message: |-
+            chore: npm-check-updates && yarn upgrade
+            Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
+          # Pull Request details
+          title: 'chore: npm-check-updates && yarn upgrade'
+          body: |-
+            Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
+          labels: contribution/core,dependencies
+          team-reviewers: aws-cdk-team
+          # Privileged token so automated PR validation happens
+          token: ${{ secrets.AUTOMATION_GITHUB_TOKEN }}
diff --git a/.mergify.yml b/.mergify.yml
@@ -6,7 +6,7 @@ pull_request_rules:
       label:
         add: [ contribution/core ]
     conditions:
-      - author~=^(eladb|RomainMuller|garnaat|nija-at|shivlaks|skinny85|rix0rrr|NGL321|Jerry-AWS|SomayaB|MrArnoldPalmer|NetaNir|iliapolo|njlynch|ericzbeard|ccfife|fulghum|pkandasamy91|SoManyHs|uttarasridhar|BryanPan342|comcalvi|kaizen3031593|)$
+      - author~=^(eladb|RomainMuller|garnaat|nija-at|shivlaks|skinny85|rix0rrr|NGL321|Jerry-AWS|SomayaB|MrArnoldPalmer|NetaNir|iliapolo|njlynch|ericzbeard|ccfife|fulghum|pkandasamy91|SoManyHs|uttarasridhar)$
       - -label~="contribution/core"
   - name: automatic merge
     actions:
@@ -17,7 +17,6 @@ pull_request_rules:
         method: squash
         strict_method: merge
         commit_message: title+body
-      delete_head_branch: {}
     conditions:
       - base!=release
       - -title~=(WIP|wip)
@@ -30,8 +29,7 @@ pull_request_rules:
       - -approved-reviews-by~=author
       - "#changes-requested-reviews-by=0"
       - status-success~=AWS CodeBuild us-east-1
-      #- status-success=Semantic Pull Request
-      - status-success=mandatory-changes
+      - status-success=validate-pr
   - name: automatic merge (2+ approvers)
     actions:
       comment:
@@ -41,7 +39,6 @@ pull_request_rules:
         method: squash
         strict_method: merge
         commit_message: title+body
-      delete_head_branch: {}
     conditions:
       - base!=release
       - -title~=(WIP|wip)
@@ -55,8 +52,7 @@ pull_request_rules:
       - -approved-reviews-by~=author
       - "#changes-requested-reviews-by=0"
       - status-success~=AWS CodeBuild us-east-1
-      #- status-success=Semantic Pull Request
-      - status-success=mandatory-changes
+      - status-success=validate-pr
   - name: automatic merge (no-squash)
     actions:
       comment:
@@ -67,7 +63,6 @@ pull_request_rules:
         method: merge
         strict_method: merge
         commit_message: title+body
-      delete_head_branch: {}
     conditions:
       - -title~=(WIP|wip)
       - -label~=(blocked|do-not-merge)
@@ -81,8 +76,7 @@ pull_request_rules:
       - -approved-reviews-by~=author
       - "#changes-requested-reviews-by=0"
       - status-success~=AWS CodeBuild us-east-1
-      #- status-success=Semantic Pull Request
-      - status-success=mandatory-changes
+      - status-success=validate-pr
   - name: remove stale reviews
     actions:
       dismiss_reviews:
@@ -115,7 +109,6 @@ pull_request_rules:
         # It's not dangerous: GitHub branch protection settings prevent merging stale branches.
         strict: false
         method: squash
-      delete_head_branch: {}
     conditions:
       - -title~=(WIP|wip)
       - -label~=(blocked|do-not-merge)
@@ -125,5 +118,4 @@ pull_request_rules:
       - "#approved-reviews-by>=1"
       - "#changes-requested-reviews-by=0"
       - status-success~=AWS CodeBuild us-east-1
-      #- status-success=Semantic Pull Request
-      - status-success=mandatory-changes
+      - status-success=validate-pr