Node14 Serverless 3 upgrade

[nnti]

Purpose

Upgraded 508 to serverless version 3 and upgraded the runtime node 14.

Linked Issues to Close

https://qmacbis.atlassian.net/jira/software/c/projects/OY2/boards/216?modal=detail&selectedIssue=OY2-17896 https://qmacbis.atlassian.net/jira/software/c/projects/OY2/boards/216?modal=detail&selectedIssue=OY2-18071

Approach

• Serverless framework was updated from version 2 to version 3 in the top level package.json.
• Runtime was updated from version 12 to version 14
• As many plugins in the sls plugin ecosystem made updates to accommodate v3, all sls plugins were updated to latest ( yarn upgrade pluginname --latest ). No issues were found.
• Deployment and app functionality was verified to work as intended.

Pull Request Creator Checklist

• [x] This PR has an associated issue or issues.
• [x] The associated issue(s) are linked above.
• [x] This PR meets all acceptance criteria for those issues.
• [x] This PR and linked issue(s) are adequately documented
• [x] This PR and linked issues(s) are a complete description of the changeset; an individual or team should be able to understand the issue(s) and changes by reading through this PR and it's links, with no further interaction.
• [x] Someone has been assigned this PR.
• [x] At least one person has been marked as reviewer on this PR.

Pull Request Reviewer/Assignee Checklist

• [ ] This PR has an associated issue or issues.
• [ ] The associated issue(s) are linked above.
• [ ] This PR meets all acceptance criteria for those issues.
• [ ] This PR and linked issue(s) are adequately documented
• [ ] This PR and linked issues(s) are a complete description of the changeset; an individual or team should be able to understand the issue(s) and changes by reading through this PR and it's links, with no further interaction.

[kenrickveit]

@nnti now that we are moving this to serverless v3, can you please try removing this line where I was specifying the v3 variable resolver? variablesResolutionMode: "20210326"

[kenrickveit]

@nnti the reason deploy-support failed after you merged this before is that we don't have a few variables set in SSM, and now in v3 it fails instead of warning on this issue.

@mdial89f do we use a Github PAT for this? https://github.com/CMSgov/macpro-platform-doc-conversion/blob/master/services/.sechub/serverless.yml#L51

[mdial89f]

@nnti the reason deploy-support failed after you merged this before is that we don't have a few variables set in SSM, and now in v3 it fails instead of warning on this issue.

@mdial89f do we use a Github PAT for this? https://github.com/CMSgov/macpro-platform-doc-conversion/blob/master/services/.sechub/serverless.yml#L51

Yep

[kenrickveit]

@nnti the reason deploy-support failed after you merged this before is that we don't have a few variables set in SSM, and now in v3 it fails instead of warning on this issue. Mike Dial do we use a Github PAT for this? https://github.com/CMSgov/macpro-platform-doc-conversion/blob/master/services/.sechub/serverless.yml#L51

Yep

Thank you sir. @nnti can you try generating a PAT and adding these vars in SSM in the platform dev account please?

[nnti]

@nnti I've finished the review. Please make the requested changes and re-test they example py script is giving us a good pdf.

Thanks!

@kenrickveit for the pat, what scopes and expiration timeframe am I am I selecting? Also, should I add githubAccessToken, githubRepository, githubRepositoryProjects, githubOrganizationProjects, and severity values to ssm?

[nnti]

ok I've added the values for githubRepository, githubRepositoryProjects, and githubOrganizationProjects in ssm. Let me know the expiration timeframe and scopes for the PAT. Also, I'm not sure what value I need for severity.

[nnti]

@kenrickveit Requested updates have been made. Let me know what to do for the githubAccessToken

[kenrickveit]

@kenrickveit Requested updates have been made. Let me know what to do for the githubAccessToken

Nathan, On the token expiration, this will be your token, so it is up to you. I'd prefer no expiration or at least one year, as we'll need to rotate it.

On scope, I'm not certain, I'd try repo and we could adjust it re-run deploy-support after.

@mdial89f since you originally created this in the quickstart, do you happen to know what scope we need here for the PAT to be sufficient for the .sechub service? https://github.com/CMSgov/macpro-quickstart-serverless/pull/319

@nnti please confirm you have re-tested the Python generation of the pdf since the last changes, and I'll approve. We can always re-run deploy-support with the correct params in SSM after the fact.

[nnti]

@kenrickveit Requested updates have been made. Let me know what to do for the githubAccessToken

Nathan, On the token expiration, this will be your token, so it is up to you. I'd prefer no expiration or at least one year, as we'll need to rotate it.

On scope, I'm not certain, I'd try repo and we could adjust it re-run deploy-support after.

@mdial89f since you originally created this in the quickstart, do you happen to know what scope we need here for the PAT to be sufficient for the .sechub service? CMSgov/macpro-quickstart-serverless#319

@nnti please confirm you have re-tested the Python generation of the pdf since the last changes, and I'll approve. We can always re-run deploy-support with the correct params in SSM after the fact.

@kenrickveit Done. I've generated the githubAccessToken and stored its value in ssm. Also, the python gen command successfully generated the pdf.

[mdial89f]

I don't remember the required scope, no.