👔 Replace {mrn}_P IDs with r_id IDs

.github/workflows/terraform-test.yaml

@@ -0,0 +1,47 @@
+name: Terraform Tests
+on:
+  pull_request:
+    paths:
+      - 'infrastructure/**'
+  push:
+    branches:
+      - main
+      - fix-alerts-more
+    paths:
+      - 'infrastructure/**'
+jobs:
+  terraform-tests:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: infrastructure
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.9.0
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install testing tools
+        run: |
+          pip install checkov
+          curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
+
+      - name: Make test script executable
+        run: chmod +x tests/test-terraform.sh
+
+      - name: Run tests
+        run: ./tests/test-terraform.sh
+
+      - name: Terraform Plan
+        run: |
+          terraform init -backend=false
+          terraform plan -no-color
+        continue-on-error: true

.gitignore

@@ -26,6 +26,8 @@ terraform.rc
 # Generated files
 generated_*
 **/generated_*
+.generated_*
+**/.generated_*
 
 # Keep backups in git (they're important!)
 !backups/

.pre-commit-config.yaml

@@ -28,11 +28,13 @@ repos:
     - id: terraform_tflint
       args:
       - --init
-      - --config=__GIT_WORKING_DIR__/.tflint.hcl
+      - --config=__GIT_WORKING_DIR__/infrastructure/tests/.tflint.hcl
       files: ^infrastructure/
     - id: terraform_validate
       files: ^infrastructure/
     - id: terraform_checkov
+      args:
+      - --args=--config-file __GIT_WORKING_DIR__/infrastructure/tests/.checkov.yaml
       files: ^infrastructure/
 - repo: https://github.com/DavidAnson/markdownlint-cli2
   rev: v0.22.0
@@ -44,7 +46,7 @@ repos:
     - id: uv-sort
       files: pyproject.toml
 - repo: https://github.com/astral-sh/uv-pre-commit
-  rev: "0.11.6"
+  rev: "0.11.7"
   hooks:
     - id: uv-lock
       files: ^python_jobs/pyproject\.toml$

CHANGELOG.md

@@ -5,6 +5,80 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 1.10.6
+
+### Added
+
+- Protection against log injection attacks.
+
+### Fixed
+
+- Column misalignment in Ripple-to-REDCap.
+
+## 1.10.5
+
+### Fixed
+
+- Convert float values to int for `redcap_repeat_instance`.
+
+## 1.10.4
+
+### Changed
+
+- Updating caching logic to incorporate full state, not just record ID.
+
+### Fixed
+
+- Convert "parent_involvement" from a set to a list before JSON serializing.
+
+## 1.10.3
+
+### Fixed
+
+- Checking for fields we know don't exist in REDCap.
+
+## 1.10.2
+
+### Changed
+
+- Restored minute-by-minute jobs pending AWS permission update.
+
+## 1.10.1
+
+### Added
+
+- Endpoints to recieve REDCap Data Entry Triggers.
+
+### Changed
+
+- Updated `curious_account_created` tracking.
+
+### Fixed
+
+- Websocket now gets a new token when the one it's trying expires.
+- Bug in creating new Curious users after splitting REDCap and Curious projects.
+
+## 1.10.0
+
+### Added
+
+- REDCap «HBN - Responder Tracking (PID 879)» authentication.
+- Fields "r_id", "curious_email_child" and "curious_password_child" for PID 625 to Curious.
+
+### Changed
+
+- REDCap-to-Curious data now comes from PID 625.
+- Temporarily disabled connection to PID 879 in favor of manual `r_id` field in PID 625.
+- Handle more datetime options in `mindlogger-autoexport`.
+
+### Fixed
+
+- Send timestamps to Curious API in UTC.
+
+### Deprecated
+
+- `hbnmigration.from_redcap.config.Fields.export_247`
+
 ## 1.9.4
 
 ### Fixed

VERSION

@@ -1 +1 @@
-1.9.4
+1.10.6

infrastructure/Makefile

@@ -0,0 +1,65 @@
+.PHONY: help test init plan apply destroy fmt validate lint security clean install-tools
+
+help:
+    @echo "Available targets:"
+    @echo "  test          - Run all tests"
+    @echo "  install-tools - Install testing dependencies"
+    @echo "  init          - Initialize Terraform"
+    @echo "  plan          - Show execution plan"
+    @echo "  apply         - Apply infrastructure changes"
+    @echo "  destroy       - Destroy infrastructure"
+    @echo "  fmt           - Format Terraform files"
+    @echo "  validate      - Validate configuration"
+    @echo "  lint          - Run tflint"
+    @echo "  security      - Run security scan"
+    @echo "  clean         - Clean up generated files"
+
+test:
+    @./tests/test-terraform.sh
+
+install-tools:
+    @chmod +x tests/install-tools.sh
+    @./tests/install-tools.sh
+
+init:
+    terraform init
+
+plan: init
+    terraform plan
+
+apply: test
+    ./safe-apply.sh
+
+destroy:
+    terraform destroy
+
+fmt:
+    terraform fmt -recursive
+
+validate: init
+    terraform validate
+
+lint:
+    @if command -v tflint >/dev/null 2>&1; then \
+        tflint --config tests/.tflint.hcl --init; \
+        tflint --config tests/.tflint.hcl; \
+    else \
+        echo "tflint not installed. Run: make install-tools"; \
+        exit 1; \
+    fi
+
+security:
+    @if command -v checkov >/dev/null 2>&1; then \
+        checkov -d . --config-file tests/.checkov.yaml; \
+    else \
+        echo "checkov not installed. Run: make install-tools"; \
+        exit 1; \
+    fi
+
+clean:
+    rm -rf .terraform
+    rm -f .terraform.lock.hcl
+    rm -f terraform.tfstate
+    rm -f terraform.tfstate.backup
+    rm -f plan.tfplan
+    rm -rf generated/