Merge pull request #33 from codeforjapan/feat/update-decidim-v0-27

Feat/update decidim v0 27

bin/decidim-cfj-cdk.ts

@@ -12,7 +12,7 @@ import { Tags } from 'aws-cdk-lib';
 
 const app = new cdk.App();
 
-const stages = ['dev', 'staging', 'prd-v0265']
+const stages = ['dev', 'staging', 'prd-v0265', 'prd-v0274']
 const stage = app.node.tryGetContext('stage')
 const tag = app.node.tryGetContext('tag')
 if (!stages.includes(stage)) {

config/dev.json

@@ -1,10 +1,12 @@
 {
   "rds": {
     "snapshot": true,
-    "snapshotIdentifier": "decidim-master-2023-01-30",
+    "snapshotIdentifier": "decidim-master-2023-08-15",
     "instanceType": "t2.micro",
     "deletionProtection": false,
-    "allocatedStorage": 20
+    "allocatedStorage": 20,
+    "maxAllocatedStorage": 20,
+    "enablePerformanceInsights": false
   },
 
   "aws": {

config/prd-v0265.json

@@ -4,7 +4,9 @@
     "snapshotIdentifier": "decidim-master-2023-04-03",
     "instanceType": "t2.medium",
     "deletionProtection": true,
-    "allocatedStorage": 20
+    "allocatedStorage": 20,
+    "maxAllocatedStorage": 30,
+    "enablePerformanceInsights": true
   },
 
   "aws": {

config/prd-v0252.json → config/prd-v0274.json

@@ -1,10 +1,12 @@
 {
   "rds": {
     "snapshot": true,
-    "snapshotIdentifier": "decidim-master-2022-12-19",
+    "snapshotIdentifier": "decidim-master-2023-08-31",
     "instanceType": "t2.medium",
     "deletionProtection": true,
-    "allocatedStorage": 20
+    "allocatedStorage": 20,
+    "maxAllocatedStorage": 30,
+    "enablePerformanceInsights": true
   },
 
   "aws": {

config/staging.json

@@ -4,7 +4,9 @@
     "snapshotIdentifier": "",
     "instanceType": "t2.micro",
     "deletionProtection": false,
-    "allocatedStorage": 20
+    "allocatedStorage": 20,
+    "maxAllocatedStorage": 20,
+    "enablePerformanceInsights": false
   },
 
   "aws": {

lib/cloudfront.ts

@@ -161,7 +161,7 @@ export class CloudFrontStack extends Stack {
       }
     ]
 
-    if (props.stage === 'prd-v0265') {
+    if (props.stage === 'prd-v0265' || props.stage === 'prd-v0274') {
       rules.push({
         name: 'production-AllowSystemLogin',
         priority: 7,
@@ -266,7 +266,7 @@ export class CloudFrontStack extends Stack {
       }
     )
 
-    if (props.stage === "prd-v0265") {
+    if (props.stage === "prd-v0265" || props.stage === 'prd-v0274') {
       new cloudfront.Distribution(this, 'Distribution', {
         priceClass: cloudfront.PriceClass.PRICE_CLASS_ALL,
         defaultBehavior: {

lib/config.ts

@@ -20,7 +20,9 @@ export interface RdsConfig {
   instanceType: InstanceType
   deletionProtection: boolean
   allocatedStorage: number
+  maxAllocatedStorage: number
   multiAz: boolean
+  enablePerformanceInsights: boolean
 }
 
 export interface EcsConfig {

lib/decidim-stack.ts

@@ -22,7 +22,6 @@ import { Repository } from 'aws-cdk-lib/aws-ecr';
 import { DockerImageAsset, Platform } from 'aws-cdk-lib/aws-ecr-assets';
 import { DockerImageName, ECRDeployment } from 'cdk-ecr-deployment';
 import { capacityProviderStrategy } from "../lib/config";
-import { Protocol } from "aws-cdk-lib/aws-ecs";
 import path = require('path');
 
 export interface DecidimStackProps extends BaseStackProps {
@@ -68,7 +67,7 @@ export class DecidimStack extends cdk.Stack {
     });
 
     backendTaskRole.addToPolicy(ECSExecPolicyStatement);
-    backendTaskRole.addManagedPolicy(aws_iam.ManagedPolicy.fromAwsManagedPolicyName('AWSXrayWriteOnlyAccess'))
+    // backendTaskRole.addManagedPolicy(aws_iam.ManagedPolicy.fromAwsManagedPolicyName('AWSXrayWriteOnlyAccess'))
 
     // Task Definition
     const taskDefinition = new ecs.FargateTaskDefinition(
@@ -127,6 +126,11 @@ export class DecidimStack extends cdk.Stack {
       DECIDIM_COMMENTS_LIMIT: "30",
       SLACK_API_TOKEN: ssm.StringParameter.valueForTypedStringParameterV2(this, `/decidim-cfj/${ props.stage }/SLACK_API_TOKEN`),
       AWS_XRAY_TRACING_NAME: `decidim-app${ props.stage }`,
+      DECIDIM_ADMIN_PASSWORD_STRONG: 'false',
+      DECIDIM_ADMIN_PASSWORD_EXPIRATION_DAYS: '0',
+      DECIDIM_ADMIN_PASSWORD_REPETITION_TIMES: '1000',
+      DECIDIM_ADMIN_PASSWORD_MIN_LENGTH: '8',
+      DECIDIM_ENABLE_HTML_HEADER_SNIPPETS: 'true',
     };
 
     const decidimRepository = aws_ecr.Repository.fromRepositoryName(this, 'DecidimRepository', props.ecs.repository)
@@ -157,9 +161,16 @@ export class DecidimStack extends cdk.Stack {
       image: new ecs.EcrImage(decidimRepository, props.tag),
       environment: {
         ...DecidimContainerEnvironment, ...{
-          NEW_RELIC_AGENT_ENABLED: props.stage === 'prd-v0265' ? 'true' : 'false',
-          NEW_RELIC_LICENSE_KEY: props.stage === 'prd-v0265' ? ssm.StringParameter.valueForTypedStringParameterV2(this, `/decidim-cfj/${ props.stage }/NEW_RELIC_LICENSE_KEY`) : '',
+          NEW_RELIC_AGENT_ENABLED: props.stage === 'prd-v0265' || props.stage === 'prd-v0274' ? 'true' : 'false',
+          NEW_RELIC_LICENSE_KEY: props.stage === 'prd-v0265' || props.stage === 'prd-v0274' ? ssm.StringParameter.valueForTypedStringParameterV2(this, `/decidim-cfj/${ props.stage }/NEW_RELIC_LICENSE_KEY`) : '',
           NEW_RELIC_APP_NAME: `decidim-app${ props.stage }`,
+          MAPS_PROVIDER: 'osm',
+          MAPS_STATIC_PROVIDER: 'cfj_osm',
+          MAPS_STATIC_URL: 'http://www.openstreetmap.org/',
+          MAPS_DYNAMIC_URL: 'http://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png',
+          MAPS_ATTRIBUTION: '<a href="https://www.openstreetmap.org/copyright" target="_blank">&copy; OpenStreetMap</a> contributors',
+          MAPS_DYNAMIC_API_KEY: 'true',
+          MAPS_GEOCODING_HOST: 'nominatim.openstreetmap.org'
         }
       },
       logging: ecs.LogDriver.awsLogs({
@@ -184,22 +195,26 @@ export class DecidimStack extends cdk.Stack {
       containerPort: 80
     })
 
-    taskDefinition.addContainer('xrayDaemon', {
-      image: ecs.ContainerImage.fromRegistry('amazon/aws-xray-daemon'),
-      cpu: 32,
-      portMappings: [
-        {
-          containerPort: 2000,
-          hostPort:2000,
-          protocol: Protocol.UDP
-        }
-      ],
-      essential: true
-    })
+    // taskDefinition.addContainer('xrayDaemon', {
+    //   image: ecs.ContainerImage.fromRegistry('amazon/aws-xray-daemon'),
+    //   cpu: 32,
+    //   portMappings: [
+    //     {
+    //       containerPort: 2000,
+    //       hostPort:2000,
+    //       protocol: Protocol.UDP
+    //     }
+    //   ],
+    //   essential: true
+    // })
 
     sidekiqTaskDefinition.addContainer('sidekiqContainer', {
       image: new ecs.EcrImage(decidimRepository, props.tag),
-      environment: DecidimContainerEnvironment,
+      environment: {
+        ...DecidimContainerEnvironment, ...{
+          NEW_RELIC_AGENT_ENABLED: 'false',
+        }
+      },
       logging: ecs.LogDriver.awsLogs({
         logGroup: new logs.LogGroup(this, 'sidekiqLogGroup', {
           logGroupName: `${ props.stage }-${ props.serviceName }-sidekiqLogGroup`,

lib/elasticache-stack.ts

@@ -31,7 +31,7 @@ export class ElasticacheStack extends Stack {
       cacheSubnetGroupName: props.ecSubnetGroup.cacheSubnetGroupName,
     }
 
-    if (props.stage === 'prd-v0265') {
+    if (props.stage === 'prd-v0265' || props.stage === 'prd-v0274') {
       this.redis = new elasticache.CfnReplicationGroup(this, 'prdElasticache', {
         ...elastiCacheProps,
         ...{

lib/rds-stack.ts

@@ -25,7 +25,7 @@ export class RdsStack extends Stack {
     const config = props.rds;
 
     const rdsProps: DatabaseInstanceSourceProps = {
-      engine: DatabaseInstanceEngine.postgres({ version: rds.PostgresEngineVersion.VER_12_11 }),
+      engine: DatabaseInstanceEngine.postgres({ version: rds.PostgresEngineVersion.VER_12_14 }),
       instanceType: config.instanceType,
       instanceIdentifier: `${ props.stage }-${ props.serviceName }-postgresql`,
       vpc: props.vpc,
@@ -35,8 +35,10 @@ export class RdsStack extends Stack {
       deletionProtection: config.deletionProtection,
       storageType: StorageType.GP2,
       allocatedStorage: config.allocatedStorage,
+      maxAllocatedStorage: config.maxAllocatedStorage,
       autoMinorVersionUpgrade: true,
       deleteAutomatedBackups: false,
+      enablePerformanceInsights: config.enablePerformanceInsights
     }
 
     // snapshotから復元するかどうか

lib/s3-stack.ts

@@ -1,12 +1,7 @@
-import {
-  aws_cloudfront as cloudfront,
-  aws_iam as iam,
-  aws_s3,
-  RemovalPolicy,
-  Stack
-} from "aws-cdk-lib";
+import { aws_cloudfront as cloudfront, aws_iam as iam, aws_s3, RemovalPolicy, Stack } from "aws-cdk-lib";
 import { Construct } from "constructs";
 import { BaseStackProps } from "./props";
+import { HttpMethods } from "aws-cdk-lib/aws-s3";
 
 export class S3Stack extends Stack {
   public readonly bucket: aws_s3.Bucket
@@ -16,10 +11,24 @@ export class S3Stack extends Stack {
 
     const bucket = new aws_s3.Bucket(this, 'createBucket', {
       bucketName: `${ props.stage }-${ props.serviceName }-bucket`,
-      versioned: props.stage === "prd-v0265",
+      versioned: props.stage === "prd-v0265" || props.stage === 'prd-v0274',
       removalPolicy: RemovalPolicy.DESTROY,
       autoDeleteObjects: true,
       blockPublicAccess: aws_s3.BlockPublicAccess.BLOCK_ALL,
+      cors: [
+        {
+          allowedHeaders: ['*'],
+          allowedMethods: [HttpMethods.PUT],
+          allowedOrigins: ['*'],
+          exposedHeaders: [
+            'Origin',
+            'Content-Type',
+            'Content-MD5',
+            'Content-Disposition'
+          ],
+          maxAge: 3600
+        }
+      ]
     });
 
     this.bucket = bucket