v2.1.0 - Infrastructure as Code

v2.1.0 — Infrastructure as Code

This release completes milestone 3 and moves the AWS deployment onto a real Infrastructure as Code workflow.

Included work

• #60 — added a Python AWS CDK app under infra/ that models the deployment stack, documents the rebuild workflow, and adds teardown support through repo tooling
• #73 — created the full cutover runbook for removing the pre-CDK AWS environment and performing the first CDK-owned deploy, including validation steps and follow-up expectations
• #74 — added the infra/manual-removal/ toolkit and completed the live cutover work:
  • automated teardown and validation scripts
  • cleanup for hidden console-created CloudFormation stacks
  • CDK bootstrap and predeploy validation
  • reuse of the existing GitHub OIDC provider
  • bootstrap Docker asset fixes and deploy-order fixes
  • successful deployment of CourseEnrollmentAppStack

Outcome

• the AWS environment can now be rebuilt from the CDK app
• the manual-to-CDK cutover path is documented and scripted
• the new CDK-managed stack has been deployed successfully

Post-release note

The remaining operational follow-up is external to the repo: update the Namecheap CNAME for course-enrollment-app.robertlech.com so it points to the rebuilt ALB DNS name.

v2.0.0 - AWS Cloud Deployment

Highlights

• Deploys the Course Enrollment App to AWS on ECS Fargate behind an Application Load Balancer, with production traffic routed through HTTPS.
• Moves production secrets into SSM Parameter Store, uses MongoDB Atlas as the hosted database, and authenticates GitHub Actions to AWS via OIDC instead of long-lived access keys.
• Adds continuous delivery from main: GitHub Actions builds the container image, pushes it to ECR, renders a new ECS task definition, and deploys the service automatically.
• Includes final deployment polish from #70, covering CI cleanup plus the HTTPS/static-asset fixes needed for the live AWS environment.

Milestone

This release packages the completed v2.0.0 — AWS Cloud Deployment milestone:

• #50 Document AWS deployment design decisions and architecture diagram
• #54 Phase 0: Replace Flask dev server with Gunicorn
• #55 Phase 1: AWS foundation — ECR, IAM OIDC, SSM Parameter Store
• #56 Phase 2: MongoDB Atlas free-tier setup
• #57 Phase 3: ECS Fargate cluster, task definition, and service
• #58 Phase 4: ALB, security groups, and networking
• #59 Phase 5: Extend GitHub Actions with deploy-to-AWS job

Deployment Snapshot

At release time, the AWS deployment is up with:

• ECS service course-enrollment-app-svc in ACTIVE state with desired=1 and running=1
• ALB course-enrollment-app-alb in active state
• release tag targeting commit edd82486855273174c4048d296c7c6479a109f49

Validation

• milestone issues for v2.0.0 — AWS Cloud Deployment are closed
• aws ecs describe-services --cluster course-enrollment-app --services course-enrollment-app-svc --query 'services[0].{Status:status,Desired:desiredCount,Running:runningCount}' --output yaml
• aws elbv2 describe-load-balancers --names course-enrollment-app-alb --query 'LoadBalancers[0].{DnsName:DNSName,State:State.Code}' --output yaml

v1.1.0 - Security Hardening

Highlights

• Hardens the production container build with a digest-pinned Python base image, a non-root runtime user, and a .dockerignore that keeps local/test artifacts out of the image.
• Adds stronger production security defaults with explicit session settings, browser security headers, and HSTS enabled for APP_ENV=production.
• Tightens authentication and enrollment flows with POST rate limiting, stricter email/password validation, safer logout handling, and course existence checks during enrollment.
• Expands release readiness with AWS deployment documentation plus deeper config, route, and UI walkthrough coverage.

Milestone

This release packages the completed v1.1.0 — Security Hardening milestone:

• #51 Security: Harden Docker image for production
• #52 Security: Flask session security and HTTP security headers
• #53 Security: Authentication hardening and input validation

Validation

• docker compose exec course-enrollment-app python -m pytest
• pre-commit run --all-files
• docker compose run --rm e2e-tests

v1.0.0 — MVP: Local/Docker Deployment

What's included

This is the baseline release of the Course Enrollment App — a fully working, fully tested university course enrollment system.

Features

• User registration and session-based login
• Course catalog browsing (by term)
• Course enrollment with joined view (user → enrollment → course)
• REST API with Swagger UI (/api/v1/docs)

Tech Stack

• Backend: Python 3.13, Flask 3.1, Flask-RESTX, MongoEngine
• Database: MongoDB 8.2
• Auth: Session cookies, CSRF protection via Flask-WTF
• Containerization: Docker + Docker Compose

Quality

• 100% test coverage enforced (pytest + mongomock)
• Playwright end-to-end test suite
• GitHub Actions CI: lint, unit tests, docker build, e2e

Running locally

make setup  # generates .env with SECRET_KEY
make run    # starts app + MongoDB via Docker Compose

App available at http://localhost:5000 · API docs at http://localhost:5000/api/v1/docs

---

Next milestone: v1.1.0 — Security Hardening — OWASP hardening before cloud deployment.