From 7a98671d57d0a12fd51e0be889869e961b19a403 Mon Sep 17 00:00:00 2001 From: Your Name Date: Tue, 7 Apr 2026 14:21:08 -0400 Subject: [PATCH] chore: commit callnotes updates and whitespace alignment in examples --- callnotes.md | 38 +++++++++++++++++++++++++++++++++ examples/adsd-tools-dev/main.tf | 16 +++++++------- examples/basic/main.tf | 16 +++++++------- 3 files changed, 54 insertions(+), 16 deletions(-) diff --git a/callnotes.md b/callnotes.md index 5c98e0f..d00f967 100644 --- a/callnotes.md +++ b/callnotes.md @@ -120,3 +120,41 @@ Action Plan from Matt Sync - STEP 4: Wire CodeBuild project to terraform-eks-deployment workspace - CodeBuild buildspec: tf init → tf apply (with env var → tfvar mapping) - STATUS: 🔄 PENDING — commit current state first, then begin refactor +6. CodeBuild e2e Debugging (2026-04-07) — Chain of fixes to get first green test + - STATUS: ✅ ALL FIXED — e2e test sc-e2e-test-20260407-1402 PASSED (207s) on 2026-04-07 + - Fix 1: packer YAML_FILE_ERROR in csvd_config_packer.hcl + - `additional_post_build_commands` had `"- docker push ..."` — the template already wraps with `- ` + - Fixed: removed the `- ` prefix. Commit eb18463 on lambda-template-repo-generator. + - Fix 2: `terraform_1.9.0_linux_amd64.zip` not in S3; releases.hashicorp.com blocked + - Uploaded `terraform_1.9.1_linux_amd64.zip` from local tfenv cache to s3://csvd-packer-pipeline-assets/terraform/ + - Updated TF_VERSION=1.9.1 in buildspec.yml. Commit 5e50d7b. + - Fix 3: `registry.terraform.io` blocked by Census network + - Added `HTTPS_PROXY=http://proxy.tco.census.gov:3128` + `HTTP_PROXY` to buildspec env vars. Commit 0ada33a. + - Fix 4: GitHub provider version conflict — workspace `>= 6.6.0, < 6.7.0` vs CSVD module `~> 6.11` + - Changed providers.tf to `>= 6.11.0`, deleted stale .terraform.lock.hcl. Commit 05d6103. + - Fix 5: x509 cert error on github.e.it.census.gov — Census CA not in CodeBuild Amazon Linux 2 trust store + - Extracted Census CA (`US Census Bureau CA 1`) and uploaded to s3://csvd-packer-pipeline-assets/certs/census-ca.pem + - Added INSTALL phase to buildspec: downloads cert, runs update-ca-trust + - Added github.e.it.census.gov to NO_PROXY (bypass proxy for direct connection) + - Added `provider "github" { insecure = true }` as belt-and-suspenders in providers.tf + - Commits d490e1f, 20f9681. + - Fix 6: GitHub App token (ghs_) cannot call /api/v3/user — required by CSVD module's data.github_user.current + - Root cause: /eks-cluster-deployment/github_token is a GitHub App installation token (ghs_) + - Solution: use ghe-runner/github-token (a ghp_ PAT, login: arnol377) for Terraform / CodeBuild + - Lambda app.py: reads TF_GITHUB_TOKEN_SECRET_NAME first, falls back to GITHUB_TOKEN_SECRET_NAME + - deploy/main.tf: added TF_GITHUB_TOKEN_SECRET_NAME=ghe-runner/github-token env var + IAM policy + - Lambda rebuilt via packer (build #10 SUCCEEDED). Commits 5d3ff19 on lambda-template-repo-generator. + - Fix 7: DELETE /vulnerability-alerts: 404 on GHE 3.13 + - CSVD module had `vulnerability_alerts = false` (default) → GitHub provider calls DELETE → GHE 3.13 returns 404 + - Fixed CSVD/terraform-github-repo directly (admin access): + - variables.tf: changed `default = false` → `default = null, nullable = true` + - github_repo.tf: added `vulnerability_alerts` to lifecycle `ignore_changes` + - Pushed commits d7d39cb + 7e088f3 to CSVD/terraform-github-repo main branch + - Fix 8: CFN Outputs require pull_request_url + branch_name but Lambda EKS path wasn't returning them + - Root error: `Vendor response doesn't contain pull_request_url attribute` + - Fixed app.py: after CodeBuild SUCCEEDED, query GitHub API /repos/{org}/{repo}/pulls?state=open + to fetch real PR URL and branch name, include in cfn-response Data. Commit 26c6fe9. + - FINAL RESULT: sc-e2e-test-20260407-1402 → ✔ PASS (207s) + - Repo created: https://github.e.it.census.gov/SCT-Engineering/sc-e2e-test-20260407-1402 + - GitHub Verification: public, default_branch=main + - All CFN outputs populated correctly \ No newline at end of file diff --git a/examples/adsd-tools-dev/main.tf b/examples/adsd-tools-dev/main.tf index 1f072fc..be56914 100644 --- a/examples/adsd-tools-dev/main.tf +++ b/examples/adsd-tools-dev/main.tf @@ -19,15 +19,15 @@ module "eks_deployment" { # Cluster configuration - simplified interface cluster_config = { - account_name = "adsd-tools-nonprod-gov" - aws_account_id = "533109815932" - cluster_mailing_list = "adsd.enterprise.tools.support.branch.list@census.gov" - environment_abbr = "prod" + account_name = "adsd-tools-nonprod-gov" + aws_account_id = "533109815932" + cluster_mailing_list = "adsd.enterprise.tools.support.branch.list@census.gov" + environment_abbr = "prod" finops_project_name = "adsd_etdsb_tools_migration" - finops_project_number = "fs0000000069" - finops_project_role = "adsd_tools_mgrn_eks" - vpc_domain_name = "dev.adsd.csp1.census.gov" - vpc_name = "vpc3-inf-dev" + finops_project_number = "fs0000000069" + finops_project_role = "adsd_tools_mgrn_eks" + vpc_domain_name = "dev.adsd.csp1.census.gov" + vpc_name = "vpc3-inf-dev" tags = { Owner = "adsd.enterprise.tools.support.branch.list@census.gov" Environment = "development" diff --git a/examples/basic/main.tf b/examples/basic/main.tf index 4bef0dd..c6af14a 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -16,15 +16,15 @@ module "eks_deployment" { # Cluster configuration - simplified interface cluster_config = { - account_name = "ma6-gov" - aws_account_id = "252960665057" - cluster_mailing_list = "adep.mojo.development.list@census.gov" - environment_abbr = "dev" + account_name = "ma6-gov" + aws_account_id = "252960665057" + cluster_mailing_list = "adep.mojo.development.list@census.gov" + environment_abbr = "dev" finops_project_name = "PPSI_DICE" - finops_project_number = "fs0000000015" - finops_project_role = "dice:dev:mojo" - vpc_domain_name = "dev.dice.census.gov" - vpc_name = "vpc2-dice-dev" + finops_project_number = "fs0000000015" + finops_project_role = "dice:dev:mojo" + vpc_domain_name = "dev.dice.census.gov" + vpc_name = "vpc2-dice-dev" tags = { Owner = "PETeam" Environment = "Development"