Remove git_release functionality (#1042)

### Feature or Bugfix
- Bugfix

### Detail
Deprecate `git_release` functionality. It is a feature that results in
errors and unnecessary CICD pipeline executions. We could fix it, but we
are not aware of any customer using it. In case needed it could be
re-added.

Depending on the outcome of this PR I will open a PR to update the docs

### Relates
- #617 

### Security
Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?


By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

Makefile

@@ -85,28 +85,6 @@ upgrade-db: upgrade-pip install-backend
 	export PYTHONPATH=./backend && \
 	alembic -c backend/alembic.ini upgrade head
 
-version-major:
-	pip install bump2version
-	git config --global user.email git-cicd@codecommit.com
-	git config --global user.name git-cicd
-	git checkout ${branch}
-	git reset --hard origin/${branch}
-	git pull origin ${branch}
-	bump2version major
-	git push --set-upstream origin ${branch}
-	git push --follow-tags
-
-version-minor:
-	pip install bump2version
-	git config --global user.email git-cicd@codecommit.com
-	git config --global user.name git-cicd
-	git checkout ${branch}
-	git reset --hard origin/${branch}
-	git pull origin ${branch}
-	bump2version minor
-	git push --set-upstream origin ${branch}
-	git push --follow-tags
-
 clean:
 	@rm -fr cdk_out/
 	@rm -fr dist/

deploy/stacks/pipeline.py

@@ -206,9 +206,6 @@ def __init__(
             else:
                 self.set_albfront_stage(target_env, repository_name)
 
-        if self.node.try_get_context('git_release'):
-            self.set_release_stage()
-
         Tags.of(self).add('Application', f'{resource_prefix}-{git_branch}')
 
     def set_codebuild_iam_roles(self):
@@ -343,41 +340,6 @@ def set_codebuild_iam_roles(self):
                 )
             ],
         )
-        if self.node.try_get_context('git_release'):
-            self.git_project_role = iam.Role(
-                self,
-                id=f'GitReleaseCBRole{self.git_branch}',
-                role_name=f'{self.resource_prefix}-{self.git_branch}-git-release-role',
-                assumed_by=iam.CompositePrincipal(
-                    iam.ServicePrincipal('codebuild.amazonaws.com'),
-                    iam.AccountPrincipal(self.account),
-                ),
-            )
-            self.expanded_codebuild_policy.attach_to_role(self.git_project_role)
-            self.baseline_codebuild_policy.attach_to_role(self.git_project_role)
-            self.git_release_policy = iam.ManagedPolicy(
-                self,
-                'GitReleaseManagedPolicy',
-                managed_policy_name=f'{self.resource_prefix}-{self.git_branch}-gitrelease-policy',
-                roles=[self.git_project_role],
-                statements= [
-                    iam.PolicyStatement(
-                        actions=[
-                            'codecommit:CreateBranch',
-                            'codecommit:GetCommit',
-                            'codecommit:ListBranches',
-                            'codecommit:GetRepository',
-                            'codecommit:GetBranch',
-                            'codecommit:GitPull',
-                            'codecommit:PutFile',
-                            'codecommit:CreateCommit',
-                            'codecommit:GitPush',
-                            'codecommit:ListTagsForResource',
-                        ],
-                        resources=[f'arn:aws:codecommit:{self.region}:{self.account}:dataall'],
-                    )
-                ],
-            )
 
     def validate_deployment_params(self, source, repo_connection_arn, git_branch, resource_prefix, target_envs):
         if (source == "codestar_connection" and repo_connection_arn is None) or (repo_connection_arn is not None and not re.match(r"arn:aws(-[\w]+)*:.+:.+:[0-9]{12}:.+", repo_connection_arn)):
@@ -1013,42 +975,3 @@ def user_guide_pre_build_alb(self, repository_name):
             role=self.expanded_codebuild_role.without_policy_updates(),
             vpc=self.vpc,
         )
-
-    def set_release_stage(
-        self,
-    ):
-        self.pipeline.add_wave(
-            f'{self.resource_prefix}-{self.git_branch}-release-stage'
-        ).add_post(
-            pipelines.CodeBuildStep(
-                id='GitRelease',
-                build_environment=codebuild.BuildEnvironment(
-                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_5,
-                ),
-                partial_build_spec=codebuild.BuildSpec.from_object(
-                    dict(
-                        version='0.2',
-                        phases={
-                            'build': {
-                                'commands': [
-                                    'set -eu',
-                                    f'aws codeartifact login --tool pip --repository {self.codeartifact.codeartifact_pip_repo_name} --domain {self.codeartifact.codeartifact_domain_name} --domain-owner {self.codeartifact.domain.attr_owner}',
-                                    'python -m venv env',
-                                    '. env/bin/activate',
-                                    'pip install git-remote-codecommit',
-                                    'mkdir release && cd release',
-                                    f'git clone codecommit::{self.region}://dataall',
-                                    'cd dataall',
-                                    f'git checkout {self.git_branch}',
-                                    f'make version-minor branch={self.git_branch}',
-                                ]
-                            },
-                        },
-                    )
-                ),
-                role=self.git_project_role.without_policy_updates(),
-                vpc=self.vpc,
-                security_groups=[self.codebuild_sg],
-                commands=[],
-            )
-        )

template_cdk.json

@@ -9,7 +9,6 @@
     "tooling_vpc_id": "string_IMPORT_AN_EXISTING_VPC_FROM_TOOLING|DEFAULT=None",
     "tooling_vpc_restricted_nacl": "boolean_CREATE_CUSTOM_NACL|DEFAULT=false",
     "git_branch": "string_GIT_BRANCH_NAME|DEFAULT=dataall",
-    "git_release": "boolean_MANAGE_GIT_RELEASE|DEFAULT=false",
     "quality_gate": "boolean_MANAGE_QUALITY_GATE_STAGE|DEFAULT=true",
     "resource_prefix": "string_PREFIX_FOR_ALL_RESOURCES_CREATED_BY_THIS_APP|DEFAULT=dataall",
     "repository_source": "string_VERSION_CONTROL_SERVICE|(codecommit, codestar_connection) DEFAULT=codecommit",