go/microservices
1
0
Fork 0
mirror of https://github.com/ebosas/microservices.git synced 2025-08-24 20:08:55 +02:00
Code Issues Releases Activity

Pipeline for separate builds

Browse Source
This commit is contained in:
ebosas
2021-11-10 21:14:52 +02:00
parent 253fd89a18
commit 29de2e0201
5 changed files with 629 additions and 422 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
deployments/buildspec/service.yml
View File

@@ -12,4 +12,4 @@ phases:
post_build: post_build:
commands: commands:
- docker push $REPO_URI:latest - docker push $REPO_URI:latest
- docker push $REPO_URI:$TAG - docker push $REPO_URI:$TAG

8
deployments/pipeline-infrastructure.yml
View File

@@ -163,7 +163,7 @@ Resources:
ArtifactBucket: ArtifactBucket:
Type: AWS::S3::Bucket Type: AWS::S3::Bucket
Properties: Properties:
BucketName: !Sub microservices-${AWS::AccountId} BucketName: !Sub microservices-infrastructure-${AWS::AccountId}
# # This is the definition of how to build the code in the repository # # This is the definition of how to build the code in the repository
# CodeBuildProject: # CodeBuildProject:
@@ -203,9 +203,7 @@ Resources:
# PrivilegedMode: true # PrivilegedMode: true
# ServiceRole: !Ref CodeBuildServiceRole # ServiceRole: !Ref CodeBuildServiceRole
# A Webhook for the pipeline. Triggered manually only. This is done by # A Webhook for the pipeline which is set for manual action only
# setting RegisterWithThirdParty to false. Also, PollForSourceChanges
# needs to be set to false in the pipeline's source action config.
PipelineWebhook: PipelineWebhook:
Type: AWS::CodePipeline::Webhook Type: AWS::CodePipeline::Webhook
Properties: Properties:
@@ -218,7 +216,7 @@ Resources:
TargetPipeline: !Ref Pipeline TargetPipeline: !Ref Pipeline
TargetAction: Source TargetAction: Source
TargetPipelineVersion: !GetAtt Pipeline.Version TargetPipelineVersion: !GetAtt Pipeline.Version
RegisterWithThirdParty: false RegisterWithThirdParty: false # only manual action
# This pipeline defines the steps to build, deploy, and release the application # This pipeline defines the steps to build, deploy, and release the application
Pipeline: Pipeline:

390
deployments/pipeline-new.yml Normal file
View File

@@ -0,0 +1,390 @@
Parameters:
GitHubRepo:
Type: String
GitHubBranch:
Type: String
GitHubToken:
Type: String
NoEcho: true
GitHubUser:
Type: String
EnvironmentName:
Type: String
Default: production
DeploymentType:
Type: String
Default: fargate
AllowedValues: [ecs, fargate]
Resources:
#-----------------------------------------------------------------------------#
# Artifact Bucket
#-----------------------------------------------------------------------------#
ArtifactBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub microservices-${EnvironmentName}-${AWS::AccountId}
#-----------------------------------------------------------------------------#
# CodePipeline
#-----------------------------------------------------------------------------#
PipelineWebhook:
Type: AWS::CodePipeline::Webhook
Properties:
AuthenticationConfiguration:
SecretToken: !Ref GitHubToken
Filters:
- JsonPath: "$.ref"
MatchEquals: refs/heads/{Branch}
Authentication: GITHUB_HMAC
TargetPipeline: !Ref Pipeline
TargetAction: Source
TargetPipelineVersion: !GetAtt Pipeline.Version
RegisterWithThirdParty: false # only manual action
Pipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
RoleArn: !GetAtt CodePipelineServiceRole.Arn
ArtifactStore:
Type: S3
Location: !Ref ArtifactBucket
Stages:
#-----------------------------------------------------------------------------#
# Source
#-----------------------------------------------------------------------------#
- Name: Source
Actions:
- Name: Source
Namespace: SourceVariables
ActionTypeId:
Category: Source
Owner: ThirdParty
Version: 1
Provider: GitHub
Configuration:
Owner: !Ref GitHubUser
Repo: !Ref GitHubRepo
Branch: !Ref GitHubBranch
OAuthToken: !Ref GitHubToken
OutputArtifacts:
- Name: Source
RunOrder: 1
#-----------------------------------------------------------------------------#
# Infrastructure Resources
#-----------------------------------------------------------------------------#
- Name: Network_Resources
Actions:
- Name: Deploy
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
Configuration:
ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-Network
TemplatePath: Source::deployments/network.yml
Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub |
{
"EnvironmentName": "${EnvironmentName}"
}
InputArtifacts:
- Name: Source
OutputArtifacts:
- Name: Network
- Name: Base_Resources
Actions:
# Rabbit, Redis, and Postgres
- Name: Resources
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
Configuration:
ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-Resources
TemplatePath: Source::deployments/resources.yml
Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub |
{
"EnvironmentName": "${EnvironmentName}"
}
InputArtifacts:
- Name: Source
OutputArtifacts:
- Name: Resources
# Application load balancer
- Name: Load_Balancer
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
Configuration:
ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-LoadBalancer
TemplatePath: Source::deployments/alb.yml
Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub |
{
"EnvironmentName": "${EnvironmentName}"
}
InputArtifacts:
- Name: Source
OutputArtifacts:
- Name: LoadBalancer
# ECS/Fargate cluster
- Name: Cluster
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
Configuration:
ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-Cluster
TemplatePath: !Sub Source::deployments/cluster-${DeploymentType}.yml
Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub |
{
"EnvironmentName": "${EnvironmentName}"
}
InputArtifacts:
- Name: Source
OutputArtifacts:
- Name: Cluster
#-----------------------------------------------------------------------------#
# Service Pipelines
#-----------------------------------------------------------------------------#
- Name: Service_Pipelines
Actions:
- Name: Server
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
Configuration:
ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-Server
TemplatePath: Source::deployments/pipeline-service.yml
Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub |
{
"ServiceName": "server",
"EnvironmentName": "${EnvironmentName}",
"DeploymentType": "${DeploymentType}",
"TriggerMessagePattern": "\[(BuildServer|BuildAll)\]"
"GitHubRepo": "${GitHubRepo}",
"GitHubBranch": "${GitHubBranch}",
"GitHubToken": "${GitHubToken}",
"GitHubUser": "${GitHubUser}"
}
InputArtifacts:
- Name: Source
- Name: Cache
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
Configuration:
ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-Cache
TemplatePath: Source::deployments/pipeline-service.yml
Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub |
{
"ServiceName": "cache",
"EnvironmentName": "${EnvironmentName}",
"DeploymentType": "${DeploymentType}",
"TriggerMessagePattern": "\[(BuildCache|BuildAll)\]"
"GitHubRepo": "${GitHubRepo}",
"GitHubBranch": "${GitHubBranch}",
"GitHubToken": "${GitHubToken}",
"GitHubUser": "${GitHubUser}"
}
InputArtifacts:
- Name: Source
- Name: Database
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
Configuration:
ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-Database
TemplatePath: Source::deployments/pipeline-service.yml
Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub |
{
"ServiceName": "database",
"EnvironmentName": "${EnvironmentName}",
"DeploymentType": "${DeploymentType}",
"TriggerMessagePattern": "\[(BuildDatabase|BuildAll)\]"
"GitHubRepo": "${GitHubRepo}",
"GitHubBranch": "${GitHubBranch}",
"GitHubToken": "${GitHubToken}",
"GitHubUser": "${GitHubUser}"
}
InputArtifacts:
- Name: Source
#-----------------------------------------------------------------------------#
# Role for CodePipeline service
#-----------------------------------------------------------------------------#
CodePipelineServiceRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: codepipeline.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
# Allow codepipeline to put artifacts in the S3 bucket
# as well as get artifacts back out of it.
- Resource:
- !Sub arn:aws:s3:::${ArtifactBucket}/*
Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
- s3:GetObjectVersion
- s3:GetBucketVersioning
# Allow codepipeline to build code builds
- Resource: "*"
Effect: Allow
Action:
- codebuild:StartBuild
- codebuild:BatchGetBuilds
- iam:PassRole
# Allow codepipeline to deploy cloudformation stacks
- Effect: Allow
Action:
- cloudformation:CreateChangeSet
- cloudformation:CreateStack
- cloudformation:CreateUploadBucket
- cloudformation:DeleteStack
- cloudformation:Describe*
- cloudformation:List*
- cloudformation:UpdateStack
- cloudformation:ValidateTemplate
- cloudformation:ExecuteChangeSet
Resource: "*"
# This role is passed by CodePipeline to CloudFormation to use
# when setting up resources in the pipeline
CloudFormationDeployRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: cloudformation.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: deploy-stack
PolicyDocument:
Statement:
- Effect: Allow
Action:
- "iam:*"
- "ec2:*"
- "ecs:*"
- "elasticloadbalancing:*"
- "autoscaling:*"
- "elasticache:*"
- "logs:*"
- "application-autoscaling:*"
- "cloudwatch:*"
- "route53:*"
- "rds:*"
- "mq:*"
# - "secretsmanager:*"
- "ssm:*"
Resource: "*"
#-----------------------------------------------------------------------------#
# Role for CodeBuild service
#-----------------------------------------------------------------------------#
CodeBuildServiceRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: codebuild.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
- Resource: "*"
Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
- ecr:GetAuthorizationToken
- Resource: !Sub arn:aws:s3:::${ArtifactBucket}/*
Effect: Allow
Action:
- s3:GetObject
- s3:PutObject
- s3:GetObjectVersion
- Resource: "*"
Effect: Allow
Action:
- ecr:GetDownloadUrlForLayer
- ecr:BatchGetImage
- ecr:BatchCheckLayerAvailability
- ecr:PutImage
- ecr:InitiateLayerUpload
- ecr:UploadLayerPart
- ecr:CompleteLayerUpload
Outputs:
PipelineUrl:
Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline}
ArtifactBucket:
Description: The bucket to store pipeline artifacts
Value: !Ref ArtifactBucket
Export:
Name: !Sub ${EnvironmentName}:ArtifactBucket

649
deployments/pipeline-services.yml → deployments/pipeline-service.yml
View File

@@ -15,68 +15,196 @@ Parameters:
Type: String Type: String
Default: fargate Default: fargate
AllowedValues: [ecs, fargate] AllowedValues: [ecs, fargate]
ServiceName:
Type: String
Description: The name of the service
AllowedValues: [server, cache, database]
TriggerMessagePattern:
Type: String
Description: A commit message that triggers the build process
Default: \[BuildAll\]
Resources: Resources:
# Create ECR respositories to hold built docker images
#-----------------------------------------------------------------------------#
# ECR
#-----------------------------------------------------------------------------#
ServerRepository: ServerRepository:
Type: AWS::ECR::Repository Type: AWS::ECR::Repository
Properties: Properties:
RepositoryName: !Sub ${EnvironmentName}/server RepositoryName: !Sub ${EnvironmentName}/${ServiceName}
# CacheRepository:
# Type: AWS::ECR::Repository
# DeletionPolicy: Retain
# UpdateReplacePolicy: Retain
# DatabaseRepository:
# Type: AWS::ECR::Repository
# DeletionPolicy: Retain
# UpdateReplacePolicy: Retain
# A role used to give CodeBuild permission to access code, #-----------------------------------------------------------------------------#
# build it, and upload the build results to ECR # Artifact Bucket
CodeBuildServiceRole: #-----------------------------------------------------------------------------#
Type: AWS::IAM::Role ArtifactBucket:
Type: AWS::S3::Bucket
Properties: Properties:
Path: / BucketName: !Sub microservices-services-${AWS::AccountId}
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: codebuild.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
- Resource: "*"
Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
- ecr:GetAuthorizationToken
- Resource: !Sub arn:aws:s3:::${ArtifactBucket}/*
Effect: Allow
Action:
- s3:GetObject
- s3:PutObject
- s3:GetObjectVersion
- Resource:
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/${ServerRepository}
# - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/${CacheRepository}
# - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/${DatabaseRepository}
Effect: Allow
Action:
- ecr:GetDownloadUrlForLayer
- ecr:BatchGetImage
- ecr:BatchCheckLayerAvailability
- ecr:PutImage
- ecr:InitiateLayerUpload
- ecr:UploadLayerPart
- ecr:CompleteLayerUpload
# Role used to give CodePipeline to release a build. #-----------------------------------------------------------------------------#
# CodeBuild Project
#-----------------------------------------------------------------------------#
SourceCreds:
Type: AWS::CodeBuild::SourceCredential
Properties:
Token: !Ref GitHubToken
ServerType: GITHUB
AuthType: PERSONAL_ACCESS_TOKEN
CodeBuildProject:
Type: AWS::CodeBuild::Project
DependsOn: SourceCreds
Properties:
Artifacts:
Type: NO_ARTIFACTS
Source:
Type: GITHUB
Location: !Sub https://github.com/${GitHubUser}/${GitHubRepo}.git
BuildSpec: deployments/buildspec/service.yml
SourceVersion: !Ref GitHubBranch
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/standard:5.0
Type: LINUX_CONTAINER
PrivilegedMode: true
EnvironmentVariables:
- Name: AWS_ACCOUNT_ID
Value: !Sub ${AWS::AccountId}
- Name: SERVICE
Value: server
- Name: REPO_URI
Value: !Sub ${ServerRepository.RepositoryUri}
Triggers:
Webhook: true
FilterGroups:
- - Type: EVENT
Pattern: PUSH
ExcludeMatchedPattern: false
- Type: HEAD_REF
Pattern: !Sub ^refs/heads/${GitHubBranch}$
ExcludeMatchedPattern: false
- Type: COMMIT_MESSAGE
Pattern: !Ref TriggerMessagePattern
ExcludeMatchedPattern: false
# - - Type: EVENT
# Pattern: PUSH
# ExcludeMatchedPattern: false
# - Type: HEAD_REF
# Pattern: !Sub ^refs/heads/${GitHubBranch}$
# ExcludeMatchedPattern: false
# - Type: FILE_PATH
# Pattern: ^(cmd/server/|internal/|web/|server.Dockerfile)
# ExcludeMatchedPattern: false
ServiceRole: !Ref CodeBuildServiceRole
TimeoutInMinutes: 10
#-----------------------------------------------------------------------------#
# CodePipeline
#-----------------------------------------------------------------------------#
CloudWatchEventRule:
Type: AWS::Events::Rule
Properties:
EventPattern:
detail:
action-type: [PUSH]
image-tag: [latest]
repository-name: [!Ref ServerRepository]
result: [SUCCESS]
detail-type: [ECR Image Action]
source: [aws.ecr]
Targets:
- Arn: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline}
RoleArn: !GetAtt CloudWatchEventRole.Arn
Id: server-pipeline
PipelineWebhook:
Type: AWS::CodePipeline::Webhook
Properties:
AuthenticationConfiguration:
SecretToken: !Ref GitHubToken
Filters:
- JsonPath: "$.ref"
MatchEquals: refs/heads/{Branch}
Authentication: GITHUB_HMAC
TargetPipeline: !Ref Pipeline
TargetAction: Code
TargetPipelineVersion: !GetAtt Pipeline.Version
RegisterWithThirdParty: false # only manual action
Pipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
RoleArn: !GetAtt CodePipelineServiceRole.Arn
ArtifactStore:
Type: S3
Location: !Ref ArtifactBucket
Stages:
#-----------------------------------------------------------------------------#
# Source
#-----------------------------------------------------------------------------#
- Name: Source
Actions:
- Name: Source
Namespace: SourceVariables
ActionTypeId:
Category: Source
Owner: AWS
Version: 1
Provider: ECR
Configuration:
RepositoryName: !Ref ServerRepository
ImageTag: latest
OutputArtifacts:
- Name: SourceImage
RunOrder: 1
- Name: Code
ActionTypeId:
Category: Source
Owner: ThirdParty
Version: 1
Provider: GitHub
Configuration:
Owner: !Ref GitHubUser
Repo: !Ref GitHubRepo
Branch: !Ref GitHubBranch
OAuthToken: !Ref GitHubToken
PollForSourceChanges: false
OutputArtifacts:
- Name: SourceCode
RunOrder: 1
#-----------------------------------------------------------------------------#
# Deploy
#-----------------------------------------------------------------------------#
- Name: Deploy
Actions:
- Name: Deploy
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
Configuration:
ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-ServerService
TemplatePath: !Sub SourceCode::deployments/services-${DeploymentType}/server.yml
Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub |
{
"EnvironmentName": "${EnvironmentName}",
"ImageUrl": "${ServerRepository.RepositoryUri}@#{SourceVariables.ImageDigest}"
}
InputArtifacts:
- Name: SourceImage
- Name: SourceCode
#-----------------------------------------------------------------------------#
# Role for CodePipeline service
#-----------------------------------------------------------------------------#
CodePipelineServiceRole: CodePipelineServiceRole:
Type: AWS::IAM::Role Type: AWS::IAM::Role
Properties: Properties:
@@ -123,8 +251,7 @@ Resources:
- cloudformation:ValidateTemplate - cloudformation:ValidateTemplate
- cloudformation:ExecuteChangeSet - cloudformation:ExecuteChangeSet
Resource: "*" Resource: "*"
# Allow codepipeline to get images from ECR. # Allow codepipeline to get images from ECR
# Actions from AmazonEC2ContainerRegistryReadOnly.
- Effect: Allow - Effect: Allow
Action: Action:
- ecr:GetAuthorizationToken - ecr:GetAuthorizationToken
@@ -141,8 +268,8 @@ Resources:
- ecr:DescribeImageScanFindings - ecr:DescribeImageScanFindings
Resource: "*" Resource: "*"
# CloudFormation deployment role. This role is passed by CodeBuild to # This role is passed by CodePipeline to CloudFormation to use
# CloudFormation to use when setting up the application resources # when setting up resources in the pipeline
CloudFormationDeployRole: CloudFormationDeployRole:
Type: AWS::IAM::Role Type: AWS::IAM::Role
Properties: Properties:
@@ -176,7 +303,52 @@ Resources:
- "ssm:*" - "ssm:*"
Resource: "*" Resource: "*"
# CloudWatch event role. This role allows an event to start our pipeline. #-----------------------------------------------------------------------------#
# Role for CodeBuild service
#-----------------------------------------------------------------------------#
CodeBuildServiceRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: codebuild.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
- Resource: "*"
Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
- ecr:GetAuthorizationToken
- Resource: !Sub arn:aws:s3:::${ArtifactBucket}/*
Effect: Allow
Action:
- s3:GetObject
- s3:PutObject
- s3:GetObjectVersion
- Resource: !GetAtt ServerRepository.Arn
Effect: Allow
Action:
- ecr:GetDownloadUrlForLayer
- ecr:BatchGetImage
- ecr:BatchCheckLayerAvailability
- ecr:PutImage
- ecr:InitiateLayerUpload
- ecr:UploadLayerPart
- ecr:CompleteLayerUpload
#-----------------------------------------------------------------------------#
# Role for CloudWatch service
#-----------------------------------------------------------------------------#
CloudWatchEventRole: CloudWatchEventRole:
Type: AWS::IAM::Role Type: AWS::IAM::Role
Properties: Properties:
@@ -197,359 +369,6 @@ Resources:
Action: codepipeline:StartPipelineExecution Action: codepipeline:StartPipelineExecution
Resource: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline} Resource: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline}
# While the build is in progress we need a place to store artifacts Outputs:
ArtifactBucket: PipelineUrl:
Type: AWS::S3::Bucket Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline}
Properties:
BucketName: !Sub microservices-services-${AWS::AccountId}
# GitHub source credentials
SourceCreds:
Type: AWS::CodeBuild::SourceCredential
Properties:
Token: !Ref GitHubToken
ServerType: GITHUB
AuthType: PERSONAL_ACCESS_TOKEN
# Build a service
CodeBuildProject:
Type: AWS::CodeBuild::Project
DependsOn: SourceCreds
Properties:
Artifacts:
Type: NO_ARTIFACTS
Source:
Type: GITHUB
Location: !Sub https://github.com/${GitHubUser}/${GitHubRepo}.git
BuildSpec: deployments/buildspec/service.yml
SourceVersion: !Ref GitHubBranch
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/standard:5.0
Type: LINUX_CONTAINER
PrivilegedMode: true
EnvironmentVariables:
- Name: AWS_ACCOUNT_ID
Value: !Sub ${AWS::AccountId}
- Name: SERVICE
Value: server
- Name: REPO_URI
Value: !Sub ${ServerRepository.RepositoryUri}
Triggers:
Webhook: true
FilterGroups:
- - Type: EVENT
Pattern: PUSH
ExcludeMatchedPattern: false
- Type: HEAD_REF
Pattern: !Sub ^refs/heads/${GitHubBranch}$
ExcludeMatchedPattern: false
- Type: FILE_PATH
Pattern: ^(cmd/server/|internal/|web/|server.Dockerfile)
ExcludeMatchedPattern: false
- - Type: EVENT
Pattern: PUSH
ExcludeMatchedPattern: false
- Type: HEAD_REF
Pattern: !Sub ^refs/heads/${GitHubBranch}$
ExcludeMatchedPattern: false
- Type: COMMIT_MESSAGE
Pattern: \[(BuildServer|BuildAll)\]
ExcludeMatchedPattern: false
ServiceRole: !Ref CodeBuildServiceRole
TimeoutInMinutes: 10
# A Webhook for the pipeline
PipelineWebhook:
Type: AWS::CodePipeline::Webhook
Properties:
AuthenticationConfiguration:
SecretToken: !Ref GitHubToken
Filters:
- JsonPath: "$.ref"
MatchEquals: refs/heads/{Branch}
Authentication: GITHUB_HMAC
TargetPipeline: !Ref Pipeline
TargetAction: Code
TargetPipelineVersion: !GetAtt Pipeline.Version
RegisterWithThirdParty: false
# Pipeline
# Also need a CloudWatch event:
# https://docs.aws.amazon.com/codepipeline/latest/userguide/create-cwe-ecr-source-cfn.html
Pipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
RoleArn: !GetAtt CodePipelineServiceRole.Arn
ArtifactStore:
Type: S3
Location: !Ref ArtifactBucket
Stages:
# Get source artifacts
- Name: Source
Actions:
# Get an image from an ECR repository
- Name: Source
Namespace: SourceVariables
ActionTypeId:
Category: Source
Owner: AWS
Version: 1
Provider: ECR
Configuration:
RepositoryName: !Ref ServerRepository
ImageTag: latest
OutputArtifacts:
- Name: SourceImage
RunOrder: 1
# Get source from a GitHub repository
- Name: Code
ActionTypeId:
Category: Source
Owner: ThirdParty
Version: 1
Provider: GitHub
Configuration:
Owner: !Ref GitHubUser
Repo: !Ref GitHubRepo
Branch: !Ref GitHubBranch
OAuthToken: !Ref GitHubToken
PollForSourceChanges: false
OutputArtifacts:
- Name: SourceCode
RunOrder: 1
# Deploy the service to the ECS/Fargate cluster
- Name: Deploy
Actions:
- Name: Deploy
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
Configuration:
ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-ServerService
TemplatePath: !Sub SourceCode::deployments/services-${DeploymentType}/server.yml
Capabilities: CAPABILITY_IAM
# Using a digest as an image identifier, bacause with the 'latest'
# tag cfn does not make any updates upon image change.
ParameterOverrides: !Sub |
{
"EnvironmentName": "${EnvironmentName}",
"ImageUrl": "${ServerRepository.RepositoryUri}@#{SourceVariables.ImageDigest}"
}
InputArtifacts:
- Name: SourceImage
- Name: SourceCode
# A CloudWatch event that will trigger out pipeline when an image is pushed
# to the specified ECR repository
CloudWatchEventRule:
Type: AWS::Events::Rule
Properties:
EventPattern:
detail:
action-type: [PUSH]
image-tag: [latest]
repository-name: [!Ref ServerRepository]
result: [SUCCESS]
detail-type: [ECR Image Action]
source: [aws.ecr]
Targets:
- Arn: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline}
RoleArn: !GetAtt CloudWatchEventRole.Arn
Id: codepipeline-Pipeline
# # The cache pipeline
# PipelineCache:
# Type: AWS::CodePipeline::Pipeline
# Properties:
# RoleArn: !GetAtt CodePipelineServiceRole.Arn
# ArtifactStore:
# Type: S3
# Location: !Ref ArtifactBucket
# Stages:
# # Pull the source code from the Github repository
# - Name: Source
# Actions:
# - Name: Source
# Namespace: SourceVariables
# ActionTypeId:
# Category: Source
# Owner: ThirdParty
# Version: 1
# Provider: GitHub
# Configuration:
# Owner: !Ref GitHubUser
# Repo: !Ref GitHubRepo
# Branch: !Ref GitHubBranch
# OAuthToken: !Ref GitHubToken
# OutputArtifacts:
# - Name: Source
# RunOrder: 1
# # Build a service image
# - Name: Build
# Actions:
# - Name: Build
# ActionTypeId:
# Category: Build
# Owner: AWS
# Version: 1
# Provider: CodeBuild
# Configuration:
# ProjectName: !Ref CodeBuildProject
# EnvironmentVariables: !Sub |
# [
# {
# "name":"AWS_DEFAULT_REGION",
# "value":"${AWS::Region}",
# "type":"PLAINTEXT"
# },
# {
# "name":"AWS_ACCOUNT_ID",
# "value":"${AWS::AccountId}",
# "type":"PLAINTEXT"
# },
# {
# "name":"SERVICE",
# "value":"cache",
# "type":"PLAINTEXT"
# },
# {
# "name":"REPO_URI",
# "value":"${CacheRepository.RepositoryUri}",
# "type":"PLAINTEXT"
# }
# ]
# InputArtifacts:
# - Name: Source
# OutputArtifacts:
# - Name: BuildOutput
# RunOrder: 1
# # Deploy the service to the ECS/Fargate cluster
# - Name: Deploy
# Actions:
# - Name: Deploy
# ActionTypeId:
# Category: Deploy
# Owner: AWS
# Version: 1
# Provider: CloudFormation
# Configuration:
# ActionMode: CREATE_UPDATE
# RoleArn: !GetAtt CloudFormationDeployRole.Arn
# StackName: !Sub ${EnvironmentName}-CacheService
# TemplatePath: !Sub Source::deployments/services-${DeploymentType}/cache.yml
# Capabilities: CAPABILITY_IAM
# ParameterOverrides: !Sub |
# {
# "EnvironmentName": "${EnvironmentName}",
# "ImageUrl": {
# "Fn::GetParam" : ["BuildOutput", "build.json", "ImageUri"]
# }
# }
# InputArtifacts:
# - Name: Source
# - Name: BuildOutput
# # The database pipeline
# PipelineDatabase:
# Type: AWS::CodePipeline::Pipeline
# Properties:
# RoleArn: !GetAtt CodePipelineServiceRole.Arn
# ArtifactStore:
# Type: S3
# Location: !Ref ArtifactBucket
# Stages:
# # Pull the source code from the Github repository
# - Name: Source
# Actions:
# - Name: Source
# Namespace: SourceVariables
# ActionTypeId:
# Category: Source
# Owner: ThirdParty
# Version: 1
# Provider: GitHub
# Configuration:
# Owner: !Ref GitHubUser
# Repo: !Ref GitHubRepo
# Branch: !Ref GitHubBranch
# OAuthToken: !Ref GitHubToken
# OutputArtifacts:
# - Name: Source
# RunOrder: 1
# # Build a service image
# - Name: Build
# Actions:
# - Name: Build
# ActionTypeId:
# Category: Build
# Owner: AWS
# Version: 1
# Provider: CodeBuild
# Configuration:
# ProjectName: !Ref CodeBuildProject
# EnvironmentVariables: !Sub |
# [
# {
# "name":"AWS_DEFAULT_REGION",
# "value":"${AWS::Region}",
# "type":"PLAINTEXT"
# },
# {
# "name":"AWS_ACCOUNT_ID",
# "value":"${AWS::AccountId}",
# "type":"PLAINTEXT"
# },
# {
# "name":"SERVICE",
# "value":"database",
# "type":"PLAINTEXT"
# },
# {
# "name":"REPO_URI",
# "value":"${DatabaseRepository.RepositoryUri}",
# "type":"PLAINTEXT"
# }
# ]
# InputArtifacts:
# - Name: Source
# OutputArtifacts:
# - Name: BuildOutput
# RunOrder: 1
# # Deploy the service to the ECS/Fargate cluster
# - Name: Deploy
# Actions:
# - Name: Deploy
# ActionTypeId:
# Category: Deploy
# Owner: AWS
# Version: 1
# Provider: CloudFormation
# Configuration:
# ActionMode: CREATE_UPDATE
# RoleArn: !GetAtt CloudFormationDeployRole.Arn
# StackName: !Sub ${EnvironmentName}-DatabaseService
# TemplatePath: !Sub Source::deployments/services-${DeploymentType}/database.yml
# Capabilities: CAPABILITY_IAM
# ParameterOverrides: !Sub |
# {
# "EnvironmentName": "${EnvironmentName}",
# "ImageUrl": {
# "Fn::GetParam" : ["BuildOutput", "build.json", "ImageUri"]
# }
# }
# InputArtifacts:
# - Name: Source
# - Name: BuildOutput
# Outputs:
# PipelineServerUrl:
# Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineServer}
# PipelineCacheUrl:
# Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineCache}
# PipelineDatabaseUrl:
# Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineDatabase}

2
deployments/pipeline.yml
View File

@@ -447,4 +447,4 @@ Resources:
Outputs: Outputs:
PipelineUrl: PipelineUrl:
Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline} Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline}