Misc fixes for deployment (issue #7)

[TylerHendrickson]

Relates to #7 #26

This is the latest round of fixes addressing what should be the remaining issues preventing successful deployment to Staging, as well some post-deployment fixes related to VPC connectivity.

Summary of changes:

• Ensure that S3 objects' content-type header is set for web artifacts
• Update VPC security group settings to ensure Lambda functions can connect to RDS Postgres
• Miscellaneous fixes related to typo/syntax issues in Terraform
• Ensure that Prisma logging is only configured once the db client has actually been initialized

[github-actions]

QA Summary

QA Check	Result
🌐 Web Tests	✅
🔗 API Tests	✅
📏 ESLint	✅
🧹 TFLint	✅

Test Coverage

Coverage report for api suite

St	File	% Stmts	% Branch	% Funcs	% Lines	Uncovered Line #s
🔴	All files	32.25	0	30	32.25
🟢	directives/requireAuth	100	100	100	100
🟢	requireAuth.ts	100	100	100	100
🟡	directives/skipAuth	50	100	0	50
🟡	skipAuth.ts	50	100	0	50	13
🔴	functions	0	100	0	0
🔴	graphql.ts	0	100	0	0	10-17
🔴	lib	21.73	0	28.57	21.73
🟢	auth.ts	83.33	100	66.66	83.33	15
🔴	db.ts	0	0	0	0	13-55
🔴	logger.ts	0	100	100	0	17

Coverage report for web suite

St	File	% Stmts	% Branch	% Funcs	% Lines	Uncovered Line #s
🔴	All files	0	0	0	0

Pusher: @TylerHendrickson, Action: pull_request_target, Workflow: Continuous Integration

[github-actions]

Terraform Summary

Step	Result
🖌 Terraform Format & Style	✅
⚙️ Terraform Initialization	✅
🤖 Terraform Validation	✅
📖 Terraform Plan	✅

Hint: If "Terraform Format & Style" failed, run terraform fmt -recursive from the terraform/ directory and commit the results.

Output

Validation Output

Success! The configuration is valid.

Plan Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement
+/- create replacement and then destroy

Terraform will perform the following actions:

  # aws_s3_object.lambda_artifact-graphql must be replaced
+/- resource "aws_s3_object" "lambda_artifact-graphql" {
+       acl                    = (known after apply)
      ~ bucket_key_enabled     = false -> (known after apply)
+       checksum_crc32         = (known after apply)
+       checksum_crc32c        = (known after apply)
+       checksum_sha1          = (known after apply)
+       checksum_sha256        = (known after apply)
      ~ content_type           = "binary/octet-stream" -> (known after apply)
      ~ etag                   = "958e24f50573890581b8d71f1fde92df-6" -> "9cce98a76cd3a4520badf646ecc1ce6a"
      ~ id                     = "graphql.847abcaf0d2752b96bbdd479e22d5386.zip" -> (known after apply)
      ~ key                    = "graphql.847abcaf0d2752b96bbdd479e22d5386.zip" -> "graphql.9cce98a76cd3a4520badf646ecc1ce6a.zip" # forces replacement
+       kms_key_id             = (known after apply)
-       metadata               = {} -> null
      ~ source                 = "./../api/dist/zipballs/graphql.zip" -> "/home/runner/work/cpf-reporter/cpf-reporter/api/dist/zipballs/graphql.zip"
      ~ source_hash            = "847abcaf0d2752b96bbdd479e22d5386" -> "9cce98a76cd3a4520badf646ecc1ce6a"
      ~ storage_class          = "STANDARD" -> (known after apply)
-       tags                   = {} -> null
      ~ version_id             = "0r0EBmasT2FKfJek0UaOpSZulftqbrQs" -> (known after apply)
        # (4 unchanged attributes hidden)
    }

  # aws_s3_object.origin_dist_artifact["200.html"] will be updated in-place
  ~ resource "aws_s3_object" "origin_dist_artifact" {
        id                     = "dist/200.html"
      ~ source                 = "./../web/dist/200.html" -> "/home/runner/work/cpf-reporter/cpf-reporter/web/dist/200.html"
        tags                   = {}
      ~ version_id             = "8pO3BPow48d7G7uvM1X20Nm9vKBts5mQ" -> (known after apply)
        # (11 unchanged attributes hidden)
    }

  # aws_s3_object.origin_dist_artifact["build-manifest.json"] will be updated in-place
  ~ resource "aws_s3_object" "origin_dist_artifact" {
        id                     = "dist/build-manifest.json"
      ~ source                 = "./../web/dist/build-manifest.json" -> "/home/runner/work/cpf-reporter/cpf-reporter/web/dist/build-manifest.json"
        tags                   = {}
      ~ version_id             = "wpbLdBE6w8mTDh3kVjMInesOU3fxa2rT" -> (known after apply)
        # (11 unchanged attributes hidden)
    }

  # aws_s3_object.origin_dist_artifact["chunk-references.json"] will be updated in-place
  ~ resource "aws_s3_object" "origin_dist_artifact" {
        id                     = "dist/chunk-references.json"
      ~ source                 = "./../web/dist/chunk-references.json" -> "/home/runner/work/cpf-reporter/cpf-reporter/web/dist/chunk-references.json"
        tags                   = {}
      ~ version_id             = "Zzh9yuyr2EeE4IUjOiRlSTfFGNsOVQMy" -> (known after apply)
        # (11 unchanged attributes hidden)
    }

  # aws_s3_object.origin_dist_artifact["favicon.png"] will be updated in-place
  ~ resource "aws_s3_object" "origin_dist_artifact" {
        id                     = "dist/favicon.png"
      ~ source                 = "./../web/dist/favicon.png" -> "/home/runner/work/cpf-reporter/cpf-reporter/web/dist/favicon.png"
        tags                   = {}
      ~ version_id             = "bbARlxjhT042RBsIGssQoUCepdJ8X_VL" -> (known after apply)
        # (11 unchanged attributes hidden)
    }

  # aws_s3_object.origin_dist_artifact["index.html"] will be updated in-place
  ~ resource "aws_s3_object" "origin_dist_artifact" {
        id                     = "dist/index.html"
      ~ source                 = "./../web/dist/index.html" -> "/home/runner/work/cpf-reporter/cpf-reporter/web/dist/index.html"
        tags                   = {}
      ~ version_id             = "vebtdnLhbilrbueMGUnISG7ZFJc261Ka" -> (known after apply)
        # (11 unchanged attributes hidden)
    }

  # aws_s3_object.origin_dist_artifact["robots.txt"] will be updated in-place
  ~ resource "aws_s3_object" "origin_dist_artifact" {
        id                     = "dist/robots.txt"
      ~ source                 = "./../web/dist/robots.txt" -> "/home/runner/work/cpf-reporter/cpf-reporter/web/dist/robots.txt"
        tags                   = {}
      ~ version_id             = "rNarGyxTu.f6rursQVf8Yqg2pdLNIpjg" -> (known after apply)
        # (11 unchanged attributes hidden)
    }

  # aws_s3_object.origin_dist_artifact["static/css/app.17717d38.css"] will be updated in-place
  ~ resource "aws_s3_object" "origin_dist_artifact" {
        id                     = "dist/static/css/app.17717d38.css"
      ~ source                 = "./../web/dist/static/css/app.17717d38.css" -> "/home/runner/work/cpf-reporter/cpf-reporter/web/dist/static/css/app.17717d38.css"
        tags                   = {}
      ~ version_id             = "22xHNz_ymQpE239Cve5GYu8kr1Ogr.b3" -> (known after apply)
        # (11 unchanged attributes hidden)
    }

  # aws_s3_object.origin_dist_artifact["static/js/NotFoundPage.fd8a8c88.chunk.js"] will be updated in-place
  ~ resource "aws_s3_object" "origin_dist_artifact" {
        id                     = "dist/static/js/NotFoundPage.fd8a8c88.chunk.js"
      ~ source                 = "./../web/dist/static/js/NotFoundPage.fd8a8c88.chunk.js" -> "/home/runner/work/cpf-reporter/cpf-reporter/web/dist/static/js/NotFoundPage.fd8a8c88.chunk.js"
        tags                   = {}
      ~ version_id             = "7Vk8Dtj2BP.L2CT5AriGgvRI.0zGyOW8" -> (known after apply)
        # (11 unchanged attributes hidden)
    }

  # aws_s3_object.origin_dist_artifact["static/js/NotFoundPage.fd8a8c88.chunk.js.LICENSE.txt"] will be updated in-place
  ~ resource "aws_s3_object" "origin_dist_artifact" {
        id                     = "dist/static/js/NotFoundPage.fd8a8c88.chunk.js.LICENSE.txt"
      ~ source                 = "./../web/dist/static/js/NotFoundPage.fd8a8c88.chunk.js.LICENSE.txt" -> "/home/runner/work/cpf-reporter/cpf-reporter/web/dist/static/js/NotFoundPage.fd8a8c88.chunk.js.LICENSE.txt"
        tags                   = {}
      ~ version_id             = "bgKXDFEW3CIkKPF0EWq87WjNuOmUsCJf" -> (known after apply)
        # (11 unchanged attributes hidden)
    }

  # aws_s3_object.origin_dist_artifact["static/js/app.1d097a71.js"] will be updated in-place
  ~ resource "aws_s3_object" "origin_dist_artifact" {
        id                     = "dist/static/js/app.1d097a71.js"
      ~ source                 = "./../web/dist/static/js/app.1d097a71.js" -> "/home/runner/work/cpf-reporter/cpf-reporter/web/dist/static/js/app.1d097a71.js"
        tags                   = {}
      ~ version_id             = "jAJtv3fODC5Ld2v_SDNnzTing4Rwz9M9" -> (known after apply)
        # (11 unchanged attributes hidden)
    }

  # aws_s3_object.origin_dist_artifact["static/js/app.1d097a71.js.LICENSE.txt"] will be updated in-place
  ~ resource "aws_s3_object" "origin_dist_artifact" {
        id                     = "dist/static/js/app.1d097a71.js.LICENSE.txt"
      ~ source                 = "./../web/dist/static/js/app.1d097a71.js.LICENSE.txt" -> "/home/runner/work/cpf-reporter/cpf-reporter/web/dist/static/js/app.1d097a71.js.LICENSE.txt"
        tags                   = {}
      ~ version_id             = "q_Aq0cnXHsV.BobA2S22jedkVW2kIGjV" -> (known after apply)
        # (11 unchanged attributes hidden)
    }

  # aws_s3_object.origin_dist_artifact["static/js/runtime-app.c4894ab1.js"] will be updated in-place
  ~ resource "aws_s3_object" "origin_dist_artifact" {
        id                     = "dist/static/js/runtime-app.c4894ab1.js"
      ~ source                 = "./../web/dist/static/js/runtime-app.c4894ab1.js" -> "/home/runner/work/cpf-reporter/cpf-reporter/web/dist/static/js/runtime-app.c4894ab1.js"
        tags                   = {}
      ~ version_id             = "smAWqM6kZaBqHgA6wr7uIU8Plo37qYPg" -> (known after apply)
        # (11 unchanged attributes hidden)
    }

  # module.lambda_function-graphql.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "cpfreporter-graphql"
      ~ last_modified                  = "2023-12-07T07:55:32.000+0000" -> (known after apply)
      ~ qualified_arn                  = "arn:aws:lambda:us-west-2:357150818708:function:cpfreporter-graphql:10" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:357150818708:function:cpfreporter-graphql:10/invocations" -> (known after apply)
      ~ s3_key                         = "graphql.847abcaf0d2752b96bbdd479e22d5386.zip" -> "graphql.9cce98a76cd3a4520badf646ecc1ce6a.zip"
        tags                           = {}
      ~ version                        = "10" -> (known after apply)
        # (19 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "DD_TAGS"                            = "git.commit.sha:,git.repository_url:github.com/usdigitalresponse/cpf-reporter" -> "git.commit.sha:0f28f59f7cde89b65b5572988cb7a33397b72d12,git.repository_url:github.com/usdigitalresponse/cpf-reporter"
              ~ "DD_VERSION"                         = "e1e9ad3a667d626c7daa34ac0f5782c76236e947" -> "0f28f59f7cde89b65b5572988cb7a33397b72d12"
                # (13 unchanged elements hidden)
            }
        }

        # (4 unchanged blocks hidden)
    }

  # module.lambda_function-graphql.aws_lambda_permission.current_version_triggers["APIGateway"] must be replaced
-/+ resource "aws_lambda_permission" "current_version_triggers" {
      ~ id                  = "APIGateway" -> (known after apply)
      ~ qualifier           = "10" # forces replacement -> (known after apply) # forces replacement
+       statement_id_prefix = (known after apply)
        # (5 unchanged attributes hidden)
    }

Plan: 2 to add, 13 to change, 2 to destroy.

Pusher: @TylerHendrickson, Action: pull_request_target, Workflow: Continuous Integration