chore: update deploy Terraform state after tf apply

CSVD · Apr 7, 2026 · 065d2f2 · 065d2f2
1 parent 12a742a
commit 065d2f2
Show file tree

Hide file tree

Showing 3 changed files with 156 additions and 30 deletions.
diff --git a/deploy/.terraform_commits b/deploy/.terraform_commits
@@ -94,5 +94,71 @@
     "commit_message": "fix: VERIFY_SSL=false; public repo visibility; add ec2:DescribeVpcs to SC launch role\n\n- VERIFY_SSL was incorrectly set to 'true' (Census CA cert not in certifi)\n- repo_visibility changed from 'internal' to 'public' per ECA requirements\n- Added EC2DescribeVpcs permission to SC launch role IAM policy",
     "author": "Your Name",
     "timestamp": "2026-04-06T12:18:21.814330"
+  },
+  {
+    "commit_hash": "ec54b54a1c66f0ed6fa814ceda538f18e8453284",
+    "commit_message": "feat: Lambda delegates EKS repos to CodeBuild + terraform-eks-deployment\n\n- app.py: add start_codebuild_build() and poll_codebuild_build() helpers\n- app.py: EKS deployment path (is_eks_deployment=True) now starts CodeBuild\n  project 'eks-terragrunt-repo-creator', polls until SUCCEEDED/FAILED,\n  and sends cfn-response accordingly; non-EKS path unchanged\n- deploy/main.tf: add aws_codebuild_project.eks_repo_creator resource\n  (NO_SOURCE, uses buildspec.yml from terraform-eks-deployment)\n  CODEBUILD_PROJECT_NAME injected into Lambda environment\n- deploy/variables.tf: codebuild_project_name, codebuild_role_arn, codebuild_vpc_id\n- deploy/terraform.tfvars: set CodeBuild project name, role ARN, VPC ID",
+    "author": "Your Name",
+    "timestamp": "2026-04-06T13:55:14.843964"
+  },
+  {
+    "commit_hash": "52ebef0541aa8bac0dc9fab41e4e4be4a0ebbbbe",
+    "commit_message": "chore: tf apply \u2014 add eks-terragrunt-repo-creator CodeBuild project + Lambda CODEBUILD_PROJECT_NAME env var",
+    "author": "Your Name",
+    "timestamp": "2026-04-06T14:07:45.300705"
+  },
+  {
+    "commit_hash": "52ebef0541aa8bac0dc9fab41e4e4be4a0ebbbbe",
+    "commit_message": "chore: tf apply \u2014 add eks-terragrunt-repo-creator CodeBuild project + Lambda CODEBUILD_PROJECT_NAME env var",
+    "author": "Your Name",
+    "timestamp": "2026-04-06T14:08:05.836742"
+  },
+  {
+    "commit_hash": "8310ee1b5d65d5b112d891a7eb987ac0856ba9f3",
+    "commit_message": "fix: increase Lambda timeout to 900s to cover CodeBuild poll window\n\nLambda was set to 300s but poll_codebuild_build loops for up to 12 min (720s).\nLambda would be killed by AWS before it could report back to CloudFormation.\n900s gives a ~180s buffer beyond the poll window.",
+    "author": "Your Name",
+    "timestamp": "2026-04-06T14:32:04.632013"
+  },
+  {
+    "commit_hash": "8310ee1b5d65d5b112d891a7eb987ac0856ba9f3",
+    "commit_message": "fix: increase Lambda timeout to 900s to cover CodeBuild poll window\n\nLambda was set to 300s but poll_codebuild_build loops for up to 12 min (720s).\nLambda would be killed by AWS before it could report back to CloudFormation.\n900s gives a ~180s buffer beyond the poll window.",
+    "author": "Your Name",
+    "timestamp": "2026-04-07T12:07:10.663787"
+  },
+  {
+    "commit_hash": "eb184634fcc11c9d9146d06e401b7fcd04cde322",
+    "commit_message": "fix: remove spurious '- ' prefix from additional_post_build_commands\n\nThe packer-pipeline internal buildspec template already wraps the value\nin '- {{ additional_post_build_commands }}', so prefixing the value with\n'- ' caused YAML_FILE_ERROR (nested list) in CodeBuild build #8.",
+    "author": "Your Name",
+    "timestamp": "2026-04-07T12:36:02.814421"
+  },
+  {
+    "commit_hash": "eb184634fcc11c9d9146d06e401b7fcd04cde322",
+    "commit_message": "fix: remove spurious '- ' prefix from additional_post_build_commands\n\nThe packer-pipeline internal buildspec template already wraps the value\nin '- {{ additional_post_build_commands }}', so prefixing the value with\n'- ' caused YAML_FILE_ERROR (nested list) in CodeBuild build #8.",
+    "author": "Your Name",
+    "timestamp": "2026-04-07T12:39:29.803299"
+  },
+  {
+    "commit_hash": "eb184634fcc11c9d9146d06e401b7fcd04cde322",
+    "commit_message": "fix: remove spurious '- ' prefix from additional_post_build_commands\n\nThe packer-pipeline internal buildspec template already wraps the value\nin '- {{ additional_post_build_commands }}', so prefixing the value with\n'- ' caused YAML_FILE_ERROR (nested list) in CodeBuild build #8.",
+    "author": "Your Name",
+    "timestamp": "2026-04-07T12:39:47.151568"
+  },
+  {
+    "commit_hash": "eb184634fcc11c9d9146d06e401b7fcd04cde322",
+    "commit_message": "fix: remove spurious '- ' prefix from additional_post_build_commands\n\nThe packer-pipeline internal buildspec template already wraps the value\nin '- {{ additional_post_build_commands }}', so prefixing the value with\n'- ' caused YAML_FILE_ERROR (nested list) in CodeBuild build #8.",
+    "author": "Your Name",
+    "timestamp": "2026-04-07T12:56:16.684733"
+  },
+  {
+    "commit_hash": "5d3ff19015b916206a52dc8d591cea529b9d62ce",
+    "commit_message": "fix: use PAT (ghe-runner/github-token) for Terraform GitHub provider in CodeBuild\n\nThe standard github_token (/eks-cluster-deployment/github_token) is a GitHub\nApp installation token (ghs_ prefix) which cannot access /api/v3/user. This\nendpoint is always called by the CSVD terraform-github-repo module's\ndata.github_user.current resource.\n\nChanges:\n- app.py: check TF_GITHUB_TOKEN_SECRET_NAME env var first for CodeBuild token;\n  falls back to GITHUB_TOKEN_SECRET_NAME if not set\n- deploy/main.tf: add TF_GITHUB_TOKEN_SECRET_NAME=ghe-runner/github-token env var\n- deploy/main.tf: add IAM policy granting Lambda access to ghe-runner/github-token",
+    "author": "Your Name",
+    "timestamp": "2026-04-07T13:10:02.295504"
+  },
+  {
+    "commit_hash": "5d3ff19015b916206a52dc8d591cea529b9d62ce",
+    "commit_message": "fix: use PAT (ghe-runner/github-token) for Terraform GitHub provider in CodeBuild\n\nThe standard github_token (/eks-cluster-deployment/github_token) is a GitHub\nApp installation token (ghs_ prefix) which cannot access /api/v3/user. This\nendpoint is always called by the CSVD terraform-github-repo module's\ndata.github_user.current resource.\n\nChanges:\n- app.py: check TF_GITHUB_TOKEN_SECRET_NAME env var first for CodeBuild token;\n  falls back to GITHUB_TOKEN_SECRET_NAME if not set\n- deploy/main.tf: add TF_GITHUB_TOKEN_SECRET_NAME=ghe-runner/github-token env var\n- deploy/main.tf: add IAM policy granting Lambda access to ghe-runner/github-token",
+    "author": "Your Name",
+    "timestamp": "2026-04-07T13:10:20.067727"
   }
 ]