diff --git a/deployments/buildspec/service.yml b/deployments/buildspec/service.yml index f38d50d..be9d2f0 100644 --- a/deployments/buildspec/service.yml +++ b/deployments/buildspec/service.yml @@ -12,4 +12,4 @@ phases: post_build: commands: - docker push $REPO_URI:latest - - docker push $REPO_URI:$TAG + - docker push $REPO_URI:$TAG \ No newline at end of file diff --git a/deployments/pipeline-infrastructure.yml b/deployments/pipeline-infrastructure.yml index 051773a..42ac807 100644 --- a/deployments/pipeline-infrastructure.yml +++ b/deployments/pipeline-infrastructure.yml @@ -163,7 +163,7 @@ Resources: ArtifactBucket: Type: AWS::S3::Bucket Properties: - BucketName: !Sub microservices-${AWS::AccountId} + BucketName: !Sub microservices-infrastructure-${AWS::AccountId} # # This is the definition of how to build the code in the repository # CodeBuildProject: @@ -203,9 +203,7 @@ Resources: # PrivilegedMode: true # ServiceRole: !Ref CodeBuildServiceRole - # A Webhook for the pipeline. Triggered manually only. This is done by - # setting RegisterWithThirdParty to false. Also, PollForSourceChanges - # needs to be set to false in the pipeline's source action config. + # A Webhook for the pipeline which is set for manual action only PipelineWebhook: Type: AWS::CodePipeline::Webhook Properties: @@ -218,7 +216,7 @@ Resources: TargetPipeline: !Ref Pipeline TargetAction: Source TargetPipelineVersion: !GetAtt Pipeline.Version - RegisterWithThirdParty: false + RegisterWithThirdParty: false # only manual action # This pipeline defines the steps to build, deploy, and release the application Pipeline: diff --git a/deployments/pipeline-new.yml b/deployments/pipeline-new.yml new file mode 100644 index 0000000..f09ed07 --- /dev/null +++ b/deployments/pipeline-new.yml @@ -0,0 +1,390 @@ +Parameters: + GitHubRepo: + Type: String + GitHubBranch: + Type: String + GitHubToken: + Type: String + NoEcho: true + GitHubUser: + Type: String + EnvironmentName: + Type: String + Default: production + DeploymentType: + Type: String + Default: fargate + AllowedValues: [ecs, fargate] + +Resources: + + #-----------------------------------------------------------------------------# + # Artifact Bucket + #-----------------------------------------------------------------------------# + ArtifactBucket: + Type: AWS::S3::Bucket + Properties: + BucketName: !Sub microservices-${EnvironmentName}-${AWS::AccountId} + + #-----------------------------------------------------------------------------# + # CodePipeline + #-----------------------------------------------------------------------------# + PipelineWebhook: + Type: AWS::CodePipeline::Webhook + Properties: + AuthenticationConfiguration: + SecretToken: !Ref GitHubToken + Filters: + - JsonPath: "$.ref" + MatchEquals: refs/heads/{Branch} + Authentication: GITHUB_HMAC + TargetPipeline: !Ref Pipeline + TargetAction: Source + TargetPipelineVersion: !GetAtt Pipeline.Version + RegisterWithThirdParty: false # only manual action + + Pipeline: + Type: AWS::CodePipeline::Pipeline + Properties: + RoleArn: !GetAtt CodePipelineServiceRole.Arn + ArtifactStore: + Type: S3 + Location: !Ref ArtifactBucket + Stages: + + #-----------------------------------------------------------------------------# + # Source + #-----------------------------------------------------------------------------# + - Name: Source + Actions: + - Name: Source + Namespace: SourceVariables + ActionTypeId: + Category: Source + Owner: ThirdParty + Version: 1 + Provider: GitHub + Configuration: + Owner: !Ref GitHubUser + Repo: !Ref GitHubRepo + Branch: !Ref GitHubBranch + OAuthToken: !Ref GitHubToken + OutputArtifacts: + - Name: Source + RunOrder: 1 + + #-----------------------------------------------------------------------------# + # Infrastructure Resources + #-----------------------------------------------------------------------------# + - Name: Network_Resources + Actions: + - Name: Deploy + ActionTypeId: + Category: Deploy + Owner: AWS + Version: 1 + Provider: CloudFormation + Configuration: + ActionMode: CREATE_UPDATE + RoleArn: !GetAtt CloudFormationDeployRole.Arn + StackName: !Sub ${EnvironmentName}-Network + TemplatePath: Source::deployments/network.yml + Capabilities: CAPABILITY_IAM + ParameterOverrides: !Sub | + { + "EnvironmentName": "${EnvironmentName}" + } + InputArtifacts: + - Name: Source + OutputArtifacts: + - Name: Network + + - Name: Base_Resources + Actions: + # Rabbit, Redis, and Postgres + - Name: Resources + ActionTypeId: + Category: Deploy + Owner: AWS + Version: 1 + Provider: CloudFormation + Configuration: + ActionMode: CREATE_UPDATE + RoleArn: !GetAtt CloudFormationDeployRole.Arn + StackName: !Sub ${EnvironmentName}-Resources + TemplatePath: Source::deployments/resources.yml + Capabilities: CAPABILITY_IAM + ParameterOverrides: !Sub | + { + "EnvironmentName": "${EnvironmentName}" + } + InputArtifacts: + - Name: Source + OutputArtifacts: + - Name: Resources + + # Application load balancer + - Name: Load_Balancer + ActionTypeId: + Category: Deploy + Owner: AWS + Version: 1 + Provider: CloudFormation + Configuration: + ActionMode: CREATE_UPDATE + RoleArn: !GetAtt CloudFormationDeployRole.Arn + StackName: !Sub ${EnvironmentName}-LoadBalancer + TemplatePath: Source::deployments/alb.yml + Capabilities: CAPABILITY_IAM + ParameterOverrides: !Sub | + { + "EnvironmentName": "${EnvironmentName}" + } + InputArtifacts: + - Name: Source + OutputArtifacts: + - Name: LoadBalancer + + # ECS/Fargate cluster + - Name: Cluster + ActionTypeId: + Category: Deploy + Owner: AWS + Version: 1 + Provider: CloudFormation + Configuration: + ActionMode: CREATE_UPDATE + RoleArn: !GetAtt CloudFormationDeployRole.Arn + StackName: !Sub ${EnvironmentName}-Cluster + TemplatePath: !Sub Source::deployments/cluster-${DeploymentType}.yml + Capabilities: CAPABILITY_IAM + ParameterOverrides: !Sub | + { + "EnvironmentName": "${EnvironmentName}" + } + InputArtifacts: + - Name: Source + OutputArtifacts: + - Name: Cluster + + #-----------------------------------------------------------------------------# + # Service Pipelines + #-----------------------------------------------------------------------------# + - Name: Service_Pipelines + Actions: + + - Name: Server + ActionTypeId: + Category: Deploy + Owner: AWS + Version: 1 + Provider: CloudFormation + Configuration: + ActionMode: CREATE_UPDATE + RoleArn: !GetAtt CloudFormationDeployRole.Arn + StackName: !Sub ${EnvironmentName}-Server + TemplatePath: Source::deployments/pipeline-service.yml + Capabilities: CAPABILITY_IAM + ParameterOverrides: !Sub | + { + "ServiceName": "server", + "EnvironmentName": "${EnvironmentName}", + "DeploymentType": "${DeploymentType}", + "TriggerMessagePattern": "\[(BuildServer|BuildAll)\]" + "GitHubRepo": "${GitHubRepo}", + "GitHubBranch": "${GitHubBranch}", + "GitHubToken": "${GitHubToken}", + "GitHubUser": "${GitHubUser}" + } + InputArtifacts: + - Name: Source + + - Name: Cache + ActionTypeId: + Category: Deploy + Owner: AWS + Version: 1 + Provider: CloudFormation + Configuration: + ActionMode: CREATE_UPDATE + RoleArn: !GetAtt CloudFormationDeployRole.Arn + StackName: !Sub ${EnvironmentName}-Cache + TemplatePath: Source::deployments/pipeline-service.yml + Capabilities: CAPABILITY_IAM + ParameterOverrides: !Sub | + { + "ServiceName": "cache", + "EnvironmentName": "${EnvironmentName}", + "DeploymentType": "${DeploymentType}", + "TriggerMessagePattern": "\[(BuildCache|BuildAll)\]" + "GitHubRepo": "${GitHubRepo}", + "GitHubBranch": "${GitHubBranch}", + "GitHubToken": "${GitHubToken}", + "GitHubUser": "${GitHubUser}" + } + InputArtifacts: + - Name: Source + + - Name: Database + ActionTypeId: + Category: Deploy + Owner: AWS + Version: 1 + Provider: CloudFormation + Configuration: + ActionMode: CREATE_UPDATE + RoleArn: !GetAtt CloudFormationDeployRole.Arn + StackName: !Sub ${EnvironmentName}-Database + TemplatePath: Source::deployments/pipeline-service.yml + Capabilities: CAPABILITY_IAM + ParameterOverrides: !Sub | + { + "ServiceName": "database", + "EnvironmentName": "${EnvironmentName}", + "DeploymentType": "${DeploymentType}", + "TriggerMessagePattern": "\[(BuildDatabase|BuildAll)\]" + "GitHubRepo": "${GitHubRepo}", + "GitHubBranch": "${GitHubBranch}", + "GitHubToken": "${GitHubToken}", + "GitHubUser": "${GitHubUser}" + } + InputArtifacts: + - Name: Source + + #-----------------------------------------------------------------------------# + # Role for CodePipeline service + #-----------------------------------------------------------------------------# + CodePipelineServiceRole: + Type: AWS::IAM::Role + Properties: + Path: / + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: + Service: codepipeline.amazonaws.com + Action: sts:AssumeRole + Policies: + - PolicyName: root + PolicyDocument: + Version: 2012-10-17 + Statement: + # Allow codepipeline to put artifacts in the S3 bucket + # as well as get artifacts back out of it. + - Resource: + - !Sub arn:aws:s3:::${ArtifactBucket}/* + Effect: Allow + Action: + - s3:PutObject + - s3:GetObject + - s3:GetObjectVersion + - s3:GetBucketVersioning + # Allow codepipeline to build code builds + - Resource: "*" + Effect: Allow + Action: + - codebuild:StartBuild + - codebuild:BatchGetBuilds + - iam:PassRole + # Allow codepipeline to deploy cloudformation stacks + - Effect: Allow + Action: + - cloudformation:CreateChangeSet + - cloudformation:CreateStack + - cloudformation:CreateUploadBucket + - cloudformation:DeleteStack + - cloudformation:Describe* + - cloudformation:List* + - cloudformation:UpdateStack + - cloudformation:ValidateTemplate + - cloudformation:ExecuteChangeSet + Resource: "*" + + # This role is passed by CodePipeline to CloudFormation to use + # when setting up resources in the pipeline + CloudFormationDeployRole: + Type: AWS::IAM::Role + Properties: + Path: / + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: + Service: cloudformation.amazonaws.com + Action: sts:AssumeRole + Policies: + - PolicyName: deploy-stack + PolicyDocument: + Statement: + - Effect: Allow + Action: + - "iam:*" + - "ec2:*" + - "ecs:*" + - "elasticloadbalancing:*" + - "autoscaling:*" + - "elasticache:*" + - "logs:*" + - "application-autoscaling:*" + - "cloudwatch:*" + - "route53:*" + - "rds:*" + - "mq:*" + # - "secretsmanager:*" + - "ssm:*" + Resource: "*" + + #-----------------------------------------------------------------------------# + # Role for CodeBuild service + #-----------------------------------------------------------------------------# + CodeBuildServiceRole: + Type: AWS::IAM::Role + Properties: + Path: / + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: + Service: codebuild.amazonaws.com + Action: sts:AssumeRole + Policies: + - PolicyName: root + PolicyDocument: + Version: 2012-10-17 + Statement: + - Resource: "*" + Effect: Allow + Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents + - ecr:GetAuthorizationToken + - Resource: !Sub arn:aws:s3:::${ArtifactBucket}/* + Effect: Allow + Action: + - s3:GetObject + - s3:PutObject + - s3:GetObjectVersion + - Resource: "*" + Effect: Allow + Action: + - ecr:GetDownloadUrlForLayer + - ecr:BatchGetImage + - ecr:BatchCheckLayerAvailability + - ecr:PutImage + - ecr:InitiateLayerUpload + - ecr:UploadLayerPart + - ecr:CompleteLayerUpload + +Outputs: + PipelineUrl: + Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline} + ArtifactBucket: + Description: The bucket to store pipeline artifacts + Value: !Ref ArtifactBucket + Export: + Name: !Sub ${EnvironmentName}:ArtifactBucket + \ No newline at end of file diff --git a/deployments/pipeline-services.yml b/deployments/pipeline-service.yml similarity index 51% rename from deployments/pipeline-services.yml rename to deployments/pipeline-service.yml index 6934a98..dbead57 100644 --- a/deployments/pipeline-services.yml +++ b/deployments/pipeline-service.yml @@ -15,68 +15,196 @@ Parameters: Type: String Default: fargate AllowedValues: [ecs, fargate] + ServiceName: + Type: String + Description: The name of the service + AllowedValues: [server, cache, database] + TriggerMessagePattern: + Type: String + Description: A commit message that triggers the build process + Default: \[BuildAll\] Resources: - # Create ECR respositories to hold built docker images + + #-----------------------------------------------------------------------------# + # ECR + #-----------------------------------------------------------------------------# ServerRepository: Type: AWS::ECR::Repository Properties: - RepositoryName: !Sub ${EnvironmentName}/server - # CacheRepository: - # Type: AWS::ECR::Repository - # DeletionPolicy: Retain - # UpdateReplacePolicy: Retain - # DatabaseRepository: - # Type: AWS::ECR::Repository - # DeletionPolicy: Retain - # UpdateReplacePolicy: Retain + RepositoryName: !Sub ${EnvironmentName}/${ServiceName} - # A role used to give CodeBuild permission to access code, - # build it, and upload the build results to ECR - CodeBuildServiceRole: - Type: AWS::IAM::Role + #-----------------------------------------------------------------------------# + # Artifact Bucket + #-----------------------------------------------------------------------------# + ArtifactBucket: + Type: AWS::S3::Bucket Properties: - Path: / - AssumeRolePolicyDocument: - Version: 2012-10-17 - Statement: - - Effect: Allow - Principal: - Service: codebuild.amazonaws.com - Action: sts:AssumeRole - Policies: - - PolicyName: root - PolicyDocument: - Version: 2012-10-17 - Statement: - - Resource: "*" - Effect: Allow - Action: - - logs:CreateLogGroup - - logs:CreateLogStream - - logs:PutLogEvents - - ecr:GetAuthorizationToken - - Resource: !Sub arn:aws:s3:::${ArtifactBucket}/* - Effect: Allow - Action: - - s3:GetObject - - s3:PutObject - - s3:GetObjectVersion - - Resource: - - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/${ServerRepository} - # - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/${CacheRepository} - # - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/${DatabaseRepository} - Effect: Allow - Action: - - ecr:GetDownloadUrlForLayer - - ecr:BatchGetImage - - ecr:BatchCheckLayerAvailability - - ecr:PutImage - - ecr:InitiateLayerUpload - - ecr:UploadLayerPart - - ecr:CompleteLayerUpload + BucketName: !Sub microservices-services-${AWS::AccountId} - # Role used to give CodePipeline to release a build. + #-----------------------------------------------------------------------------# + # CodeBuild Project + #-----------------------------------------------------------------------------# + SourceCreds: + Type: AWS::CodeBuild::SourceCredential + Properties: + Token: !Ref GitHubToken + ServerType: GITHUB + AuthType: PERSONAL_ACCESS_TOKEN + + CodeBuildProject: + Type: AWS::CodeBuild::Project + DependsOn: SourceCreds + Properties: + Artifacts: + Type: NO_ARTIFACTS + Source: + Type: GITHUB + Location: !Sub https://github.com/${GitHubUser}/${GitHubRepo}.git + BuildSpec: deployments/buildspec/service.yml + SourceVersion: !Ref GitHubBranch + Environment: + ComputeType: BUILD_GENERAL1_SMALL + Image: aws/codebuild/standard:5.0 + Type: LINUX_CONTAINER + PrivilegedMode: true + EnvironmentVariables: + - Name: AWS_ACCOUNT_ID + Value: !Sub ${AWS::AccountId} + - Name: SERVICE + Value: server + - Name: REPO_URI + Value: !Sub ${ServerRepository.RepositoryUri} + Triggers: + Webhook: true + FilterGroups: + - - Type: EVENT + Pattern: PUSH + ExcludeMatchedPattern: false + - Type: HEAD_REF + Pattern: !Sub ^refs/heads/${GitHubBranch}$ + ExcludeMatchedPattern: false + - Type: COMMIT_MESSAGE + Pattern: !Ref TriggerMessagePattern + ExcludeMatchedPattern: false + # - - Type: EVENT + # Pattern: PUSH + # ExcludeMatchedPattern: false + # - Type: HEAD_REF + # Pattern: !Sub ^refs/heads/${GitHubBranch}$ + # ExcludeMatchedPattern: false + # - Type: FILE_PATH + # Pattern: ^(cmd/server/|internal/|web/|server.Dockerfile) + # ExcludeMatchedPattern: false + ServiceRole: !Ref CodeBuildServiceRole + TimeoutInMinutes: 10 + + #-----------------------------------------------------------------------------# + # CodePipeline + #-----------------------------------------------------------------------------# + CloudWatchEventRule: + Type: AWS::Events::Rule + Properties: + EventPattern: + detail: + action-type: [PUSH] + image-tag: [latest] + repository-name: [!Ref ServerRepository] + result: [SUCCESS] + detail-type: [ECR Image Action] + source: [aws.ecr] + Targets: + - Arn: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline} + RoleArn: !GetAtt CloudWatchEventRole.Arn + Id: server-pipeline + + PipelineWebhook: + Type: AWS::CodePipeline::Webhook + Properties: + AuthenticationConfiguration: + SecretToken: !Ref GitHubToken + Filters: + - JsonPath: "$.ref" + MatchEquals: refs/heads/{Branch} + Authentication: GITHUB_HMAC + TargetPipeline: !Ref Pipeline + TargetAction: Code + TargetPipelineVersion: !GetAtt Pipeline.Version + RegisterWithThirdParty: false # only manual action + + Pipeline: + Type: AWS::CodePipeline::Pipeline + Properties: + RoleArn: !GetAtt CodePipelineServiceRole.Arn + ArtifactStore: + Type: S3 + Location: !Ref ArtifactBucket + Stages: + + #-----------------------------------------------------------------------------# + # Source + #-----------------------------------------------------------------------------# + - Name: Source + Actions: + - Name: Source + Namespace: SourceVariables + ActionTypeId: + Category: Source + Owner: AWS + Version: 1 + Provider: ECR + Configuration: + RepositoryName: !Ref ServerRepository + ImageTag: latest + OutputArtifacts: + - Name: SourceImage + RunOrder: 1 + + - Name: Code + ActionTypeId: + Category: Source + Owner: ThirdParty + Version: 1 + Provider: GitHub + Configuration: + Owner: !Ref GitHubUser + Repo: !Ref GitHubRepo + Branch: !Ref GitHubBranch + OAuthToken: !Ref GitHubToken + PollForSourceChanges: false + OutputArtifacts: + - Name: SourceCode + RunOrder: 1 + + #-----------------------------------------------------------------------------# + # Deploy + #-----------------------------------------------------------------------------# + - Name: Deploy + Actions: + - Name: Deploy + ActionTypeId: + Category: Deploy + Owner: AWS + Version: 1 + Provider: CloudFormation + Configuration: + ActionMode: CREATE_UPDATE + RoleArn: !GetAtt CloudFormationDeployRole.Arn + StackName: !Sub ${EnvironmentName}-ServerService + TemplatePath: !Sub SourceCode::deployments/services-${DeploymentType}/server.yml + Capabilities: CAPABILITY_IAM + ParameterOverrides: !Sub | + { + "EnvironmentName": "${EnvironmentName}", + "ImageUrl": "${ServerRepository.RepositoryUri}@#{SourceVariables.ImageDigest}" + } + InputArtifacts: + - Name: SourceImage + - Name: SourceCode + + #-----------------------------------------------------------------------------# + # Role for CodePipeline service + #-----------------------------------------------------------------------------# CodePipelineServiceRole: Type: AWS::IAM::Role Properties: @@ -123,8 +251,7 @@ Resources: - cloudformation:ValidateTemplate - cloudformation:ExecuteChangeSet Resource: "*" - # Allow codepipeline to get images from ECR. - # Actions from AmazonEC2ContainerRegistryReadOnly. + # Allow codepipeline to get images from ECR - Effect: Allow Action: - ecr:GetAuthorizationToken @@ -141,8 +268,8 @@ Resources: - ecr:DescribeImageScanFindings Resource: "*" - # CloudFormation deployment role. This role is passed by CodeBuild to - # CloudFormation to use when setting up the application resources + # This role is passed by CodePipeline to CloudFormation to use + # when setting up resources in the pipeline CloudFormationDeployRole: Type: AWS::IAM::Role Properties: @@ -176,7 +303,52 @@ Resources: - "ssm:*" Resource: "*" - # CloudWatch event role. This role allows an event to start our pipeline. + #-----------------------------------------------------------------------------# + # Role for CodeBuild service + #-----------------------------------------------------------------------------# + CodeBuildServiceRole: + Type: AWS::IAM::Role + Properties: + Path: / + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: + Service: codebuild.amazonaws.com + Action: sts:AssumeRole + Policies: + - PolicyName: root + PolicyDocument: + Version: 2012-10-17 + Statement: + - Resource: "*" + Effect: Allow + Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents + - ecr:GetAuthorizationToken + - Resource: !Sub arn:aws:s3:::${ArtifactBucket}/* + Effect: Allow + Action: + - s3:GetObject + - s3:PutObject + - s3:GetObjectVersion + - Resource: !GetAtt ServerRepository.Arn + Effect: Allow + Action: + - ecr:GetDownloadUrlForLayer + - ecr:BatchGetImage + - ecr:BatchCheckLayerAvailability + - ecr:PutImage + - ecr:InitiateLayerUpload + - ecr:UploadLayerPart + - ecr:CompleteLayerUpload + + #-----------------------------------------------------------------------------# + # Role for CloudWatch service + #-----------------------------------------------------------------------------# CloudWatchEventRole: Type: AWS::IAM::Role Properties: @@ -197,359 +369,6 @@ Resources: Action: codepipeline:StartPipelineExecution Resource: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline} - # While the build is in progress we need a place to store artifacts - ArtifactBucket: - Type: AWS::S3::Bucket - Properties: - BucketName: !Sub microservices-services-${AWS::AccountId} - - # GitHub source credentials - SourceCreds: - Type: AWS::CodeBuild::SourceCredential - Properties: - Token: !Ref GitHubToken - ServerType: GITHUB - AuthType: PERSONAL_ACCESS_TOKEN - - # Build a service - CodeBuildProject: - Type: AWS::CodeBuild::Project - DependsOn: SourceCreds - Properties: - Artifacts: - Type: NO_ARTIFACTS - Source: - Type: GITHUB - Location: !Sub https://github.com/${GitHubUser}/${GitHubRepo}.git - BuildSpec: deployments/buildspec/service.yml - SourceVersion: !Ref GitHubBranch - Environment: - ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/standard:5.0 - Type: LINUX_CONTAINER - PrivilegedMode: true - EnvironmentVariables: - - Name: AWS_ACCOUNT_ID - Value: !Sub ${AWS::AccountId} - - Name: SERVICE - Value: server - - Name: REPO_URI - Value: !Sub ${ServerRepository.RepositoryUri} - Triggers: - Webhook: true - FilterGroups: - - - Type: EVENT - Pattern: PUSH - ExcludeMatchedPattern: false - - Type: HEAD_REF - Pattern: !Sub ^refs/heads/${GitHubBranch}$ - ExcludeMatchedPattern: false - - Type: FILE_PATH - Pattern: ^(cmd/server/|internal/|web/|server.Dockerfile) - ExcludeMatchedPattern: false - - - Type: EVENT - Pattern: PUSH - ExcludeMatchedPattern: false - - Type: HEAD_REF - Pattern: !Sub ^refs/heads/${GitHubBranch}$ - ExcludeMatchedPattern: false - - Type: COMMIT_MESSAGE - Pattern: \[(BuildServer|BuildAll)\] - ExcludeMatchedPattern: false - ServiceRole: !Ref CodeBuildServiceRole - TimeoutInMinutes: 10 - - # A Webhook for the pipeline - PipelineWebhook: - Type: AWS::CodePipeline::Webhook - Properties: - AuthenticationConfiguration: - SecretToken: !Ref GitHubToken - Filters: - - JsonPath: "$.ref" - MatchEquals: refs/heads/{Branch} - Authentication: GITHUB_HMAC - TargetPipeline: !Ref Pipeline - TargetAction: Code - TargetPipelineVersion: !GetAtt Pipeline.Version - RegisterWithThirdParty: false - - # Pipeline - # Also need a CloudWatch event: - # https://docs.aws.amazon.com/codepipeline/latest/userguide/create-cwe-ecr-source-cfn.html - Pipeline: - Type: AWS::CodePipeline::Pipeline - Properties: - RoleArn: !GetAtt CodePipelineServiceRole.Arn - ArtifactStore: - Type: S3 - Location: !Ref ArtifactBucket - Stages: - # Get source artifacts - - Name: Source - Actions: - # Get an image from an ECR repository - - Name: Source - Namespace: SourceVariables - ActionTypeId: - Category: Source - Owner: AWS - Version: 1 - Provider: ECR - Configuration: - RepositoryName: !Ref ServerRepository - ImageTag: latest - OutputArtifacts: - - Name: SourceImage - RunOrder: 1 - # Get source from a GitHub repository - - Name: Code - ActionTypeId: - Category: Source - Owner: ThirdParty - Version: 1 - Provider: GitHub - Configuration: - Owner: !Ref GitHubUser - Repo: !Ref GitHubRepo - Branch: !Ref GitHubBranch - OAuthToken: !Ref GitHubToken - PollForSourceChanges: false - OutputArtifacts: - - Name: SourceCode - RunOrder: 1 - # Deploy the service to the ECS/Fargate cluster - - Name: Deploy - Actions: - - Name: Deploy - ActionTypeId: - Category: Deploy - Owner: AWS - Version: 1 - Provider: CloudFormation - Configuration: - ActionMode: CREATE_UPDATE - RoleArn: !GetAtt CloudFormationDeployRole.Arn - StackName: !Sub ${EnvironmentName}-ServerService - TemplatePath: !Sub SourceCode::deployments/services-${DeploymentType}/server.yml - Capabilities: CAPABILITY_IAM - # Using a digest as an image identifier, bacause with the 'latest' - # tag cfn does not make any updates upon image change. - ParameterOverrides: !Sub | - { - "EnvironmentName": "${EnvironmentName}", - "ImageUrl": "${ServerRepository.RepositoryUri}@#{SourceVariables.ImageDigest}" - } - InputArtifacts: - - Name: SourceImage - - Name: SourceCode - - # A CloudWatch event that will trigger out pipeline when an image is pushed - # to the specified ECR repository - CloudWatchEventRule: - Type: AWS::Events::Rule - Properties: - EventPattern: - detail: - action-type: [PUSH] - image-tag: [latest] - repository-name: [!Ref ServerRepository] - result: [SUCCESS] - detail-type: [ECR Image Action] - source: [aws.ecr] - Targets: - - Arn: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline} - RoleArn: !GetAtt CloudWatchEventRole.Arn - Id: codepipeline-Pipeline - - # # The cache pipeline - # PipelineCache: - # Type: AWS::CodePipeline::Pipeline - # Properties: - # RoleArn: !GetAtt CodePipelineServiceRole.Arn - # ArtifactStore: - # Type: S3 - # Location: !Ref ArtifactBucket - # Stages: - # # Pull the source code from the Github repository - # - Name: Source - # Actions: - # - Name: Source - # Namespace: SourceVariables - # ActionTypeId: - # Category: Source - # Owner: ThirdParty - # Version: 1 - # Provider: GitHub - # Configuration: - # Owner: !Ref GitHubUser - # Repo: !Ref GitHubRepo - # Branch: !Ref GitHubBranch - # OAuthToken: !Ref GitHubToken - # OutputArtifacts: - # - Name: Source - # RunOrder: 1 - # # Build a service image - # - Name: Build - # Actions: - # - Name: Build - # ActionTypeId: - # Category: Build - # Owner: AWS - # Version: 1 - # Provider: CodeBuild - # Configuration: - # ProjectName: !Ref CodeBuildProject - # EnvironmentVariables: !Sub | - # [ - # { - # "name":"AWS_DEFAULT_REGION", - # "value":"${AWS::Region}", - # "type":"PLAINTEXT" - # }, - # { - # "name":"AWS_ACCOUNT_ID", - # "value":"${AWS::AccountId}", - # "type":"PLAINTEXT" - # }, - # { - # "name":"SERVICE", - # "value":"cache", - # "type":"PLAINTEXT" - # }, - # { - # "name":"REPO_URI", - # "value":"${CacheRepository.RepositoryUri}", - # "type":"PLAINTEXT" - # } - # ] - # InputArtifacts: - # - Name: Source - # OutputArtifacts: - # - Name: BuildOutput - # RunOrder: 1 - # # Deploy the service to the ECS/Fargate cluster - # - Name: Deploy - # Actions: - # - Name: Deploy - # ActionTypeId: - # Category: Deploy - # Owner: AWS - # Version: 1 - # Provider: CloudFormation - # Configuration: - # ActionMode: CREATE_UPDATE - # RoleArn: !GetAtt CloudFormationDeployRole.Arn - # StackName: !Sub ${EnvironmentName}-CacheService - # TemplatePath: !Sub Source::deployments/services-${DeploymentType}/cache.yml - # Capabilities: CAPABILITY_IAM - # ParameterOverrides: !Sub | - # { - # "EnvironmentName": "${EnvironmentName}", - # "ImageUrl": { - # "Fn::GetParam" : ["BuildOutput", "build.json", "ImageUri"] - # } - # } - # InputArtifacts: - # - Name: Source - # - Name: BuildOutput - - # # The database pipeline - # PipelineDatabase: - # Type: AWS::CodePipeline::Pipeline - # Properties: - # RoleArn: !GetAtt CodePipelineServiceRole.Arn - # ArtifactStore: - # Type: S3 - # Location: !Ref ArtifactBucket - # Stages: - # # Pull the source code from the Github repository - # - Name: Source - # Actions: - # - Name: Source - # Namespace: SourceVariables - # ActionTypeId: - # Category: Source - # Owner: ThirdParty - # Version: 1 - # Provider: GitHub - # Configuration: - # Owner: !Ref GitHubUser - # Repo: !Ref GitHubRepo - # Branch: !Ref GitHubBranch - # OAuthToken: !Ref GitHubToken - # OutputArtifacts: - # - Name: Source - # RunOrder: 1 - # # Build a service image - # - Name: Build - # Actions: - # - Name: Build - # ActionTypeId: - # Category: Build - # Owner: AWS - # Version: 1 - # Provider: CodeBuild - # Configuration: - # ProjectName: !Ref CodeBuildProject - # EnvironmentVariables: !Sub | - # [ - # { - # "name":"AWS_DEFAULT_REGION", - # "value":"${AWS::Region}", - # "type":"PLAINTEXT" - # }, - # { - # "name":"AWS_ACCOUNT_ID", - # "value":"${AWS::AccountId}", - # "type":"PLAINTEXT" - # }, - # { - # "name":"SERVICE", - # "value":"database", - # "type":"PLAINTEXT" - # }, - # { - # "name":"REPO_URI", - # "value":"${DatabaseRepository.RepositoryUri}", - # "type":"PLAINTEXT" - # } - # ] - # InputArtifacts: - # - Name: Source - # OutputArtifacts: - # - Name: BuildOutput - # RunOrder: 1 - # # Deploy the service to the ECS/Fargate cluster - # - Name: Deploy - # Actions: - # - Name: Deploy - # ActionTypeId: - # Category: Deploy - # Owner: AWS - # Version: 1 - # Provider: CloudFormation - # Configuration: - # ActionMode: CREATE_UPDATE - # RoleArn: !GetAtt CloudFormationDeployRole.Arn - # StackName: !Sub ${EnvironmentName}-DatabaseService - # TemplatePath: !Sub Source::deployments/services-${DeploymentType}/database.yml - # Capabilities: CAPABILITY_IAM - # ParameterOverrides: !Sub | - # { - # "EnvironmentName": "${EnvironmentName}", - # "ImageUrl": { - # "Fn::GetParam" : ["BuildOutput", "build.json", "ImageUri"] - # } - # } - # InputArtifacts: - # - Name: Source - # - Name: BuildOutput - -# Outputs: -# PipelineServerUrl: -# Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineServer} -# PipelineCacheUrl: -# Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineCache} -# PipelineDatabaseUrl: -# Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineDatabase} \ No newline at end of file +Outputs: + PipelineUrl: + Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline} diff --git a/deployments/pipeline.yml b/deployments/pipeline.yml index 37451b6..e151aa7 100644 --- a/deployments/pipeline.yml +++ b/deployments/pipeline.yml @@ -447,4 +447,4 @@ Resources: Outputs: PipelineUrl: - Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline} \ No newline at end of file + Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline}