From 6188b05b2f2b3f139ef3b4d663b7614bae373402 Mon Sep 17 00:00:00 2001
From: Lee Brown <lee@geeksinthewoods.com>
Date: Sun, 14 Jul 2019 16:39:17 -0800
Subject: [PATCH] gitlab json encode build info fields title and description

---
 tools/devops/cmd/cicd/aws.go            |  6 +++++
 tools/devops/cmd/cicd/service_deploy.go | 30 +++++++++++++++++++++----
 2 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/tools/devops/cmd/cicd/aws.go b/tools/devops/cmd/cicd/aws.go
index 81ab403..82ddc2f 100644
--- a/tools/devops/cmd/cicd/aws.go
+++ b/tools/devops/cmd/cicd/aws.go
@@ -327,3 +327,9 @@ func convertKeys(j json.RawMessage) json.RawMessage {
 func fixKey(key string) string {
 	return strings.ToTitle(key)
 }
+
+// jsonEncodeStringValue json encodes string values to be used in the ECS task definition.
+func jsonEncodeStringValue(str string) string {
+	dat, _ := json.Marshal(str)
+	return strings.Trim(string(dat), "\"")
+}
diff --git a/tools/devops/cmd/cicd/service_deploy.go b/tools/devops/cmd/cicd/service_deploy.go
index f500d67..8b062c0 100644
--- a/tools/devops/cmd/cicd/service_deploy.go
+++ b/tools/devops/cmd/cicd/service_deploy.go
@@ -100,6 +100,8 @@ type serviceDeployRequest struct {
 	Ec2SecurityGroupName string `validate:"required"`
 	Ec2SecurityGroup     *ec2.CreateSecurityGroupInput
 
+	GitlabRunnerEc2SecurityGroupName string `validate:"required"`
+
 	CloudWatchLogGroupName string `validate:"required"`
 	CloudWatchLogGroup     *cloudwatchlogs.CreateLogGroupInput
 
@@ -488,6 +490,10 @@ func NewServiceDeployRequest(log *log.Logger, flags ServiceDeployFlags) (*servic
 			}
 			log.Printf("\t\t\tSet ECS Security Group Name to '%s'.", req.Ec2SecurityGroupName)
 
+			// Set the name of the EC2 Security Group used by the gitlab runner. This is used to ensure the security
+			// group defined above has access to the RDS cluster/instance and can thus handle schema migrations.
+			req.GitlabRunnerEc2SecurityGroupName = "gitlab-runner"
+
 			// Set default ELB Load Balancer Name when ELB is enabled.
 			if req.EnableEcsElb {
 				if !strings.Contains(req.EcsClusterName, req.Env) && !strings.Contains(req.ServiceName, req.Env) {
@@ -1049,13 +1055,15 @@ func ServiceDeploy(log *log.Logger, req *serviceDeployRequest) error {
 		req.Ec2SecurityGroup.VpcId = aws.String(projectVpcId)
 
 		// Find all the security groups and then parse the group name to get the Id of the security group.
+		var runnerSgId string
 		err := svc.DescribeSecurityGroupsPages(&ec2.DescribeSecurityGroupsInput{
-			GroupNames: aws.StringSlice([]string{req.Ec2SecurityGroupName}),
+			GroupNames: aws.StringSlice([]string{req.Ec2SecurityGroupName, req.GitlabRunnerEc2SecurityGroupName}),
 		}, func(res *ec2.DescribeSecurityGroupsOutput, lastPage bool) bool {
 			for _, s := range res.SecurityGroups {
 				if *s.GroupName == req.Ec2SecurityGroupName {
 					securityGroupId = *s.GroupId
-					break
+				} else if *s.GroupName == req.GitlabRunnerEc2SecurityGroupName {
+					runnerSgId = *s.GroupId
 				}
 			}
 			return !lastPage
@@ -1108,6 +1116,20 @@ func ServiceDeploy(log *log.Logger, req *serviceDeployRequest) error {
 			})
 		}
 
+		// When a db instance is defined, deploy needs access to the RDS instance to handle executing schema migration.
+		if req.DBInstance != nil {
+			// The gitlab runner security group is required when a db instance is defined.
+			if runnerSgId == "" {
+				return errors.Errorf("Failed to find security group '%s'", req.GitlabRunnerEc2SecurityGroupName)
+			}
+
+			// Enable GitLab runner to communicate with deployment created services.
+			ingressInputs = append(ingressInputs, &ec2.AuthorizeSecurityGroupIngressInput{
+				SourceSecurityGroupName: aws.String(req.GitlabRunnerEc2SecurityGroupName),
+				GroupId:                 aws.String(securityGroupId),
+			})
+		}
+
 		// Add all the default ingress to the security group.
 		for _, ingressInput := range ingressInputs {
 			_, err = svc.AuthorizeSecurityGroupIngress(ingressInput)
@@ -2302,8 +2324,8 @@ func ServiceDeploy(log *log.Logger, req *serviceDeployRequest) error {
 			"{CI_COMMIT_REF_SLUG}":     os.Getenv("CI_COMMIT_REF_SLUG"),
 			"{CI_COMMIT_SHA}":          os.Getenv("CI_COMMIT_SHA"),
 			"{CI_COMMIT_TAG}":          os.Getenv("CI_COMMIT_TAG"),
-			"{CI_COMMIT_TITLE}":        os.Getenv("CI_COMMIT_TITLE"),
-			"{CI_COMMIT_DESCRIPTION}":  os.Getenv("CI_COMMIT_DESCRIPTION"),
+			"{CI_COMMIT_TITLE}":        jsonEncodeStringValue(os.Getenv("CI_COMMIT_TITLE")),
+			"{CI_COMMIT_DESCRIPTION}":  jsonEncodeStringValue(os.Getenv("CI_COMMIT_DESCRIPTION")),
 			"{CI_COMMIT_JOB_ID}":       os.Getenv("CI_COMMIT_JOB_ID"),
 			"{CI_COMMIT_JOB_URL}":      os.Getenv("CI_COMMIT_JOB_URL"),
 			"{CI_COMMIT_PIPELINE_ID}":  os.Getenv("CI_COMMIT_PIPELINE_ID"),