1110a11: fix(experimental-ec2-pattern): Create Policy first
When deploying Prism with the GuEc2AppExperimental for the first time, the deployment failed with the cloud-init-output logs stating:
An error occurred (AccessDenied) when calling the DescribeTargetHealth operation: User: arn:aws:sts::000000000000:assumed-role/prism-CODE-InstanceRolePrism/i-0cee86d64de253ca4 is not authorized to perform: elasticloadbalancing:DescribeTargetHealth because no identity-based policy allows the elasticloadbalancing:DescribeTargetHealth action
This suggests the instance update was started before the policy was created.
Make the ASG depend on the policy that grants these permissions to resolve, as CloudFormation creates dependencies first.
5add16c: feat(experimental-ec2-pattern): Tag launch template to improve observability
v59.5.1
Patch Changes
fed2598: fix(experimental-ec2-pattern): Add buffer to rolling update timeout
If we consider the health check grace period to be the time it takes the "normal" user data to run,
the rolling update should be configured to be a little longer to cover the additional time spent polling the target group.
A buffer of 1 minute is somewhat arbitrarily chosen.
Too high a value, then we increase the time it takes to automatically rollback from a failing healthcheck.
Too low a value, then we risk flaky deploys.
1110a11: fix(experimental-ec2-pattern): Create Policy first
When deploying Prism with the GuEc2AppExperimental for the first time, the deployment failed with the cloud-init-output logs stating:
An error occurred (AccessDenied) when calling the DescribeTargetHealth operation: User: arn:aws:sts::000000000000:assumed-role/prism-CODE-InstanceRolePrism/i-0cee86d64de253ca4 is not authorized to perform: elasticloadbalancing:DescribeTargetHealth because no identity-based policy allows the elasticloadbalancing:DescribeTargetHealth action
This suggests the instance update was started before the policy was created.
Make the ASG depend on the policy that grants these permissions to resolve, as CloudFormation creates dependencies first.
5add16c: feat(experimental-ec2-pattern): Tag launch template to improve observability
59.5.1
Patch Changes
fed2598: fix(experimental-ec2-pattern): Add buffer to rolling update timeout
If we consider the health check grace period to be the time it takes the "normal" user data to run,
the rolling update should be configured to be a little longer to cover the additional time spent polling the target group.
A buffer of 1 minute is somewhat arbitrarily chosen.
Too high a value, then we increase the time it takes to automatically rollback from a failing healthcheck.
Too low a value, then we risk flaky deploys.
Commits
71af94b Merge pull request #2466 from guardian/changeset-release/main
[dynamic-import-chunkname]: add allowEmpty option to allow empty leading comments (#2942, thanks [@JiangWeixian])
[dynamic-import-chunkname]: Allow empty chunk name when webpackMode: 'eager' is set; add suggestions to remove name in eager mode (#3004, thanks [@amsardesai])
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
All deployment options
- [Deploy build 2947 of `security-hq` to CODE](https://riffraff.gutools.co.uk/deployment/deployAgain?project=security-hq&build=2947&stage=CODE&updateStrategy=MostlyHarmless&action=deploy)
- [Deploy parts of build 2947 to CODE by previewing it first](https://riffraff.gutools.co.uk/preview/yaml?project=security-hq&build=2947&stage=CODE&updateStrategy=MostlyHarmless)
- [What's on CODE right now?](https://riffraff.gutools.co.uk/deployment/history?projectName=security-hq&stage=CODE)
Bumps the all group in /cdk with 7 updates:
59.5.0
59.5.2
29.5.12
29.5.13
22.5.1
22.5.5
8.3.0
8.6.0
8.57.0
9.10.0
2.29.1
2.30.0
5.5.4
5.6.2
Updates
@guardian/cdk
from 59.5.0 to 59.5.2Release notes
Sourced from
@guardian/cdk
's releases.Changelog
Sourced from
@guardian/cdk
's changelog.Commits
71af94b
Merge pull request #2466 from guardian/changeset-release/main8bdea84
Bump package versione9f9862
Merge pull request #2465 from guardian/aa/build-identifier311607c
Merge pull request #2464 from guardian/aa/depends-on5add16c
chore: Add changeset17a00be
feat(experimental-ec2-pattern): AddbuildIdentifier
prop1110a11
chore: Add changeset21015c2
fix(experimental-ec2-pattern): Create Policy first70de4fb
Merge pull request #2463 from guardian/changeset-release/main5eee278
Bump package versionUpdates
@types/jest
from 29.5.12 to 29.5.13Commits
Updates
@types/node
from 22.5.1 to 22.5.5Commits
Updates
@typescript-eslint/eslint-plugin
from 8.3.0 to 8.6.0Release notes
Sourced from
@typescript-eslint/eslint-plugin
's releases.... (truncated)
Changelog
Sourced from
@typescript-eslint/eslint-plugin
's changelog.... (truncated)
Commits
343710e
chore(release): publish 8.6.0454d37e
feat(eslint-plugin): [no-misused-promises] check array predicate return (#9955)af92611
feat: addallow
option forrestrict-template-expressions
(#8556)2a809e2
test(eslint-plugin): [no-unnecessary-type-parameters] add tests with intrinsi...682299e
feat(eslint-plugin): [no-unnecessary-condition] check switch cases (#9912)77e65df
fix(eslint-plugin): [no-unnecessary-condition] properly reflect multiple nega...c11ca06
chore(eslint-plugin): make utility for static member access (#9836)2a956b2
fix(eslint-plugin): [no-deprecated] report on deprecated properties with func...9a80067
fix(eslint-plugin): [no-deprecated] report on deprecated variables used in de...3710c9c
feat(type-utils): isNullableType add Void logic (#9937)Updates
eslint
from 8.57.0 to 9.10.0Release notes
Sourced from eslint's releases.
... (truncated)
Changelog
Sourced from eslint's changelog.
... (truncated)
Commits
6448f32
9.10.0afeb9b1
Build: changelog update for 9.10.024c3ff7
chore: upgrade to@eslint/js
@9
.10.0 (#18866)1ebdde1
chore: package.json update for@eslint/js
release301b90d
feat: Add types (#18854)bee0e7a
docs: update README (#18865)bcf0df5
feat: limit namespace import identifier in id-length rule (#18849)45c18e1
feat: addrequireFlag
option torequire-unicode-regexp
rule (#18836)5d80b59
docs: specify thatruleId
can benull
in custom formatter docs (#18857)156b1c3
docs: Update READMEUpdates
eslint-plugin-import
from 2.29.1 to 2.30.0Release notes
Sourced from eslint-plugin-import's releases.
... (truncated)
Changelog
Sourced from eslint-plugin-import's changelog.
Commits
18787d3
Bump to 2.30.09902298
[Deps] updateeslint-module-utils
9d194a6
[utils] v2.9.00a58d75
[resolvers/webpack] v0.13.9a3015eb
[Test]namespace
: ensure valid case is actually included8bdb32b
[Test] add explicit marker for trailing whitespace in cases038c26c
[readme] Clarify how to install the plugin32a2b89
[Fix]order
: do not compare first path segment for relative paths (#2682)ee1ea02
[Fix]newline-after-import
: fix considerComments option when require806e3c2
[New] add support for Flat ConfigUpdates
typescript
from 5.5.4 to 5.6.2Release notes
Sourced from typescript's releases.
Commits
a7e3374
Bump version to 5.6.2 and LKG2063357
🤖 Pick PR #59708 (LEGO: Pull request from lego/hb_537...) into release-5.6 (#...4fe7e41
🤖 Pick PR #59670 (fix(59649): ts Move to a new file d...) into release-5.6 (#...1a03e53
🤖 Pick PR #59761 (this
can be nullish) into release-5.6 (#59762)6212132
Update LKGbbb5faf
🤖 Pick PR #59542 (Fixing delay caused in vscode due t...) into release-5.6 (#...e6914a5
Bump version to 5.6.1-rc and LKG34121c4
Update LKG2a30c2a
Merge remote-tracking branch 'origin/main' into release-5.6936a79b
Expose TypeChecker. getAwaitedType to public (#59268)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show