checkpoint

example-project/cmd/web-api/ecs-task-definition.json

@@ -6,13 +6,13 @@
   "containerDefinitions": [
     {
       "name": "{ECS_SERVICE}",
-      "image": "421734222910.dkr.ecr.us-west-2.amazonaws.com/procedures:{ECS_SERVICE}",
+      "image": "{RELEASE_IMAGE}",
       "essential": true,
       "logConfiguration": {
         "logDriver": "awslogs",
         "options": {
           "awslogs-group": "{AWSLOGS_GROUP}",
-          "awslogs-region": "us-west-2",
+          "awslogs-region": "{AWS_REGION}",
           "awslogs-stream-prefix": "ecs"
         }
       },

example-project/go.mod

@@ -2,7 +2,7 @@ module geeks-accelerator/oss/saas-starter-kit/example-project
 
 require (
 	github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc
-	github.com/aws/aws-sdk-go v1.20.15
+	github.com/aws/aws-sdk-go v1.20.16
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/dimfeld/httptreemux v5.0.1+incompatible
 	github.com/dustin/go-humanize v1.0.0

example-project/go.sum

@@ -9,6 +9,8 @@ github.com/aws/aws-sdk-go v1.19.33 h1:qz9ZQtxCUuwBKdc5QiY6hKuISYGeRQyLVA2RryDEDa
 github.com/aws/aws-sdk-go v1.19.33/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.20.15 h1:y9ts8MJhB7ReUidS6Rq+0KxdFeL01J+pmOlGq6YqpiQ=
 github.com/aws/aws-sdk-go v1.20.15/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go v1.20.16 h1:Dq68fBH39XnSjjb2hX/iW6mui8JtXcVAuhRYGSRiisY=
+github.com/aws/aws-sdk-go v1.20.16/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=

example-project/tools/truss/cmd/devops/models.go

@@ -0,0 +1,117 @@
+package devops
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/iancoleman/strcase"
+)
+
+// ServiceDeployFlags defines the flags used for executing a service deployment.
+type ServiceDeployFlags struct {
+	// Required flags.
+	ServiceName string  `validate:"required" example:"web-api"`
+	Env string `validate:"oneof=dev stage prod" example:"dev"`
+
+	// Optional flags.
+	ProjectRoot  string `validate:"omitempty" example:"."`
+	ProjectName string ` validate:"omitempty" example:"example-project"`
+	DockerFile string `validate:"omitempty" example:"./cmd/web-api/Dockerfile"`
+	EnableLambdaVPC bool `validate:"omitempty" example:"false"`
+	EnableEcsElb bool  `validate:"omitempty" example:"false"`
+	NoBuild  bool  `validate:"omitempty" example:"false"`
+	NoDeploy bool  `validate:"omitempty" example:"false"`
+	NoCache bool `validate:"omitempty" example:"false"`
+	NoPush bool `validate:"omitempty" example:"false"`
+}
+
+// serviceDeployRequest defines the details needed to execute a service deployment.
+type serviceDeployRequest struct {
+	// Required flags.
+	serviceName string  `validate:"required"`
+	serviceDir string `validate:"required"`
+	env string `validate:"oneof=dev stage prod"`
+	projectRoot  string  `validate:"required"`
+	projectName string `validate:"required"`
+	dockerFile string  `validate:"required"`
+	goModFile string  `validate:"required"`
+	goModName string  `validate:"required"`
+	ecrRepositoryName string  `validate:"required"`
+	ecsClusterName string   `validate:"required"`
+	ecsServiceName string   `validate:"required"`
+	ecsExecutionRoleArn string  `validate:"required"`
+	ecsTaskRoleArn string  `validate:"required"`
+	ecsServiceDesiredCount int64  `validate:"required"`
+
+	ec2SecurityGroupName string  `validate:"required"`
+	elbLoadBalancerName string  `validate:"required"`
+	cloudWatchLogGroupName string   `validate:"required"`
+	releaseImage string   `validate:"required"`
+	buildTags []string   `validate:"required"`
+	awsCreds *awsCredentials  `validate:"required,dive"`
+
+	// Optional flags.
+	ecrRepositoryMaxImages int `validate:"omitempty"`
+	ecsServiceMinimumHealthyPercent  *int64 `validate:"omitempty"`
+	ecsServiceMaximumPercent *int64 `validate:"omitempty"`
+	escServiceHealthCheckGracePeriodSeconds *int64 `validate:"omitempty"`
+	elbDeregistrationDelay *int  `validate:"omitempty"`
+	enableLambdaVPC bool `validate:"omitempty"`
+	enableEcsElb bool  `validate:"omitempty"`
+	noBuild  bool  `validate:"omitempty"`
+	noDeploy bool  `validate:"omitempty"`
+	noCache bool `validate:"omitempty"`
+	noPush bool `validate:"omitempty"`
+
+	_awsSession *session.Session
+}
+
+// projectNameCamel takes a project name and returns the camel cased version.
+func (r *serviceDeployRequest) projectNameCamel() string {
+	s := strings.Replace(r.projectName, "_", " ", -1)
+	s = strings.Replace(s, "-", " ", -1)
+	s =  strcase.ToCamel(s)
+	return s
+}
+
+// awsSession returns the current AWS session for the serviceDeployRequest.
+func (r *serviceDeployRequest) awsSession() *session.Session {
+	if r._awsSession == nil {
+		r._awsSession = r.awsCreds.Session()
+	}
+
+	return r._awsSession
+}
+
+// AwsCredentials defines AWS credentials used for deployment. Unable to use roles when deploying
+// using gitlab CI/CD pipeline.
+type awsCredentials struct {
+	accessKeyID string `validate:"required"`
+	secretAccessKey string `validate:"required"`
+	region string `validate:"required"`
+}
+
+// Session returns a new AWS Session used to access AWS services.
+func (creds awsCredentials) Session() *session.Session {
+	return session.New(
+		&aws.Config{
+			Region: aws.String(creds.region),
+			Credentials: credentials.NewStaticCredentials(creds.accessKeyID, creds.secretAccessKey, ""),
+		})
+}
+
+// IamPolicyDocument defines an AWS IAM policy used for defining access for IAM roles, users, and groups.
+type IamPolicyDocument struct {
+	Version   string  `json:"Version"`
+	Statement []IamStatementEntry   `json:"Statement"`
+}
+
+// IamStatementEntry defines a single statement for an IAM policy.
+type IamStatementEntry struct {
+	Sid string `json:"Sid"`
+	Effect   string `json:"Effect"`
+	Action   []string  `json:"Action"`
+	Resource interface{}  `json:"Resource"`
+}

example-project/tools/truss/sample.env

@@ -4,26 +4,11 @@ export TRUSS_DB_USER=postgres
 export TRUSS_DB_PASS=postgres
 export TRUSS_DB_DISABLE_TLS=true
 
-
-# Variables to configure service build and deploy.
-#export PROJECT_NAME=example-project
-#export DEPLOY_MIN_HEALTH=100 # percentage expressed as int
-#export DEPLOY_MAX_HEALTH=200 # percentage expressed as int
-#export DEPLOY_DEREG_DELAY=0 # seconds to wait for connections to drain
-
-
-
 # Variables to configure AWS for service build and deploy.
 # Use the same set for AWS credentials for all target envinments.
 #AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXX
 #AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXX
 #AWS_REGION=us-west-2
-#AWS_ECR_REPOSITORY_NAME=example-project
-#AWS_ECR_REPOSITORY_MAX_IMAGES=1000
-#AWS_ECS_CLUSTER_NAME=example-project
-#AWS_ECS_SERVICE_NAME=web-api-dev
-#AWS_CLOUDWATCH_LOG_GROUP_NAME=logs/env/dev
-
 
 # AWS credentials can be prefixed with the target uppercased target envinments.
 # This allows credentials unique accounts to be used for each target envinments.
@@ -31,8 +16,6 @@ export TRUSS_DB_DISABLE_TLS=true
 #DEV_AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXX
 #DEV_AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXX
 #DEV_AWS_REGION=us-west-2
-#DEV_AWS_REPOSITORY_NAME=example-project
-#DEV_AWS_REPOSITORY_MAX_IMAGES=1000
 
 # GitLab CI/CD environment variables. These are set by the GitLab when the build
 # pipeline is running. These can be optional set for testing/debugging locally.