go/microservices
1
0
Fork 0
mirror of https://github.com/ebosas/microservices.git synced 2025-02-16 18:34:37 +02:00
Code Issues Releases Activity

Create pipeline with separate builds

Browse Source
This commit is contained in:
ebosas 2021-11-11 09:59:04 +02:00
parent 29de2e0201
commit 6293af504a
5 changed files with 182 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

232
deployments/pipeline-new.yml
View File

@ -45,6 +45,9 @@ Resources:
Pipeline: Pipeline:
Type: AWS::CodePipeline::Pipeline Type: AWS::CodePipeline::Pipeline
DependsOn:
- SSMArtifactBucket
- SSMCodePipelineServiceRole
Properties: Properties:
RoleArn: !GetAtt CodePipelineServiceRole.Arn RoleArn: !GetAtt CodePipelineServiceRole.Arn
ArtifactStore: ArtifactStore:
@ -73,36 +76,99 @@ Resources:
- Name: Source - Name: Source
RunOrder: 1 RunOrder: 1
# #-----------------------------------------------------------------------------#
# # Infrastructure Resources
# #-----------------------------------------------------------------------------#
# - Name: Network_Resources
# Actions:
# - Name: Deploy
# ActionTypeId:
# Category: Deploy
# Owner: AWS
# Version: 1
# Provider: CloudFormation
# Configuration:
# ActionMode: CREATE_UPDATE
# RoleArn: !GetAtt CloudFormationDeployRole.Arn
# StackName: !Sub ${EnvironmentName}-Network
# TemplatePath: Source::deployments/network.yml
# Capabilities: CAPABILITY_IAM
# ParameterOverrides: !Sub |
# {
# "EnvironmentName": "${EnvironmentName}"
# }
# InputArtifacts:
# - Name: Source
# - Name: Base_Resources
# Actions:
# # Rabbit, Redis, and Postgres
# - Name: Resources
# ActionTypeId:
# Category: Deploy
# Owner: AWS
# Version: 1
# Provider: CloudFormation
# Configuration:
# ActionMode: CREATE_UPDATE
# RoleArn: !GetAtt CloudFormationDeployRole.Arn
# StackName: !Sub ${EnvironmentName}-Resources
# TemplatePath: Source::deployments/resources.yml
# Capabilities: CAPABILITY_IAM
# ParameterOverrides: !Sub |
# {
# "EnvironmentName": "${EnvironmentName}"
# }
# InputArtifacts:
# - Name: Source
# # Application load balancer
# - Name: Load_Balancer
# ActionTypeId:
# Category: Deploy
# Owner: AWS
# Version: 1
# Provider: CloudFormation
# Configuration:
# ActionMode: CREATE_UPDATE
# RoleArn: !GetAtt CloudFormationDeployRole.Arn
# StackName: !Sub ${EnvironmentName}-LoadBalancer
# TemplatePath: Source::deployments/alb.yml
# Capabilities: CAPABILITY_IAM
# ParameterOverrides: !Sub |
# {
# "EnvironmentName": "${EnvironmentName}"
# }
# InputArtifacts:
# - Name: Source
# # ECS/Fargate cluster
# - Name: Cluster
# ActionTypeId:
# Category: Deploy
# Owner: AWS
# Version: 1
# Provider: CloudFormation
# Configuration:
# ActionMode: CREATE_UPDATE
# RoleArn: !GetAtt CloudFormationDeployRole.Arn
# StackName: !Sub ${EnvironmentName}-Cluster
# TemplatePath: !Sub Source::deployments/cluster-${DeploymentType}.yml
# Capabilities: CAPABILITY_IAM
# ParameterOverrides: !Sub |
# {
# "EnvironmentName": "${EnvironmentName}"
# }
# InputArtifacts:
# - Name: Source
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
# Infrastructure Resources # Services
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
- Name: Network_Resources - Name: Services
Actions: Actions:
- Name: Deploy
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
Configuration:
ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-Network
TemplatePath: Source::deployments/network.yml
Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub |
{
"EnvironmentName": "${EnvironmentName}"
}
InputArtifacts:
- Name: Source
OutputArtifacts:
- Name: Network
- Name: Base_Resources - Name: Server
Actions:
# Rabbit, Redis, and Postgres
- Name: Resources
ActionTypeId: ActionTypeId:
Category: Deploy Category: Deploy
Owner: AWS Owner: AWS
@ -111,20 +177,18 @@ Resources:
Configuration: Configuration:
ActionMode: CREATE_UPDATE ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-Resources StackName: !Sub ${EnvironmentName}-Server
TemplatePath: Source::deployments/resources.yml TemplatePath: !Sub Source::deployments/services-${DeploymentType}/server.yml
Capabilities: CAPABILITY_IAM Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub | ParameterOverrides: !Sub |
{ {
"EnvironmentName": "${EnvironmentName}" "EnvironmentName": "${EnvironmentName}",
"ServiceName": "server"
} }
InputArtifacts: InputArtifacts:
- Name: Source - Name: Source
OutputArtifacts:
- Name: Resources
# Application load balancer - Name: Cache
- Name: Load_Balancer
ActionTypeId: ActionTypeId:
Category: Deploy Category: Deploy
Owner: AWS Owner: AWS
@ -133,20 +197,18 @@ Resources:
Configuration: Configuration:
ActionMode: CREATE_UPDATE ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-LoadBalancer StackName: !Sub ${EnvironmentName}-Cache
TemplatePath: Source::deployments/alb.yml TemplatePath: !Sub Source::deployments/services-${DeploymentType}/cache.yml
Capabilities: CAPABILITY_IAM Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub | ParameterOverrides: !Sub |
{ {
"EnvironmentName": "${EnvironmentName}" "EnvironmentName": "${EnvironmentName}",
"ServiceName": "cache"
} }
InputArtifacts: InputArtifacts:
- Name: Source - Name: Source
OutputArtifacts:
- Name: LoadBalancer
# ECS/Fargate cluster - Name: Database
- Name: Cluster
ActionTypeId: ActionTypeId:
Category: Deploy Category: Deploy
Owner: AWS Owner: AWS
@ -155,17 +217,17 @@ Resources:
Configuration: Configuration:
ActionMode: CREATE_UPDATE ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-Cluster StackName: !Sub ${EnvironmentName}-Database
TemplatePath: !Sub Source::deployments/cluster-${DeploymentType}.yml TemplatePath: !Sub Source::deployments/services-${DeploymentType}/database.yml
Capabilities: CAPABILITY_IAM Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub | ParameterOverrides: !Sub |
{ {
"EnvironmentName": "${EnvironmentName}" "EnvironmentName": "${EnvironmentName}",
"ServiceName": "database"
} }
InputArtifacts: InputArtifacts:
- Name: Source - Name: Source
OutputArtifacts:
- Name: Cluster
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
# Service Pipelines # Service Pipelines
@ -182,7 +244,7 @@ Resources:
Configuration: Configuration:
ActionMode: CREATE_UPDATE ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-Server StackName: !Sub ${EnvironmentName}-ServerPipeline
TemplatePath: Source::deployments/pipeline-service.yml TemplatePath: Source::deployments/pipeline-service.yml
Capabilities: CAPABILITY_IAM Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub | ParameterOverrides: !Sub |
@ -208,7 +270,7 @@ Resources:
Configuration: Configuration:
ActionMode: CREATE_UPDATE ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-Cache StackName: !Sub ${EnvironmentName}-CachePipeline
TemplatePath: Source::deployments/pipeline-service.yml TemplatePath: Source::deployments/pipeline-service.yml
Capabilities: CAPABILITY_IAM Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub | ParameterOverrides: !Sub |
@ -234,7 +296,7 @@ Resources:
Configuration: Configuration:
ActionMode: CREATE_UPDATE ActionMode: CREATE_UPDATE
RoleArn: !GetAtt CloudFormationDeployRole.Arn RoleArn: !GetAtt CloudFormationDeployRole.Arn
StackName: !Sub ${EnvironmentName}-Database StackName: !Sub ${EnvironmentName}-DatabasePipeline
TemplatePath: Source::deployments/pipeline-service.yml TemplatePath: Source::deployments/pipeline-service.yml
Capabilities: CAPABILITY_IAM Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub | ParameterOverrides: !Sub |
@ -300,6 +362,22 @@ Resources:
- cloudformation:ValidateTemplate - cloudformation:ValidateTemplate
- cloudformation:ExecuteChangeSet - cloudformation:ExecuteChangeSet
Resource: "*" Resource: "*"
# Allow codepipeline to get images from ECR
- Effect: Allow
Action:
- ecr:GetAuthorizationToken
- ecr:BatchCheckLayerAvailability
- ecr:GetDownloadUrlForLayer
- ecr:GetRepositoryPolicy
- ecr:DescribeRepositories
- ecr:ListImages
- ecr:DescribeImages
- ecr:BatchGetImage
- ecr:GetLifecyclePolicy
- ecr:GetLifecyclePolicyPreview
- ecr:ListTagsForResource
- ecr:DescribeImageScanFindings
Resource: "*"
# This role is passed by CodePipeline to CloudFormation to use # This role is passed by CodePipeline to CloudFormation to use
# when setting up resources in the pipeline # when setting up resources in the pipeline
@ -337,54 +415,22 @@ Resources:
Resource: "*" Resource: "*"
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
# Role for CodeBuild service # Parameter Store
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
CodeBuildServiceRole: SSMArtifactBucket:
Type: AWS::IAM::Role Type: AWS::SSM::Parameter
Properties: Properties:
Path: / Name: /microservices/artifact_bucket
AssumeRolePolicyDocument: Type: String
Version: 2012-10-17 Value: !Ref ArtifactBucket
Statement: SSMCodePipelineServiceRole:
- Effect: Allow Type: AWS::SSM::Parameter
Principal: Properties:
Service: codebuild.amazonaws.com Name: /microservices/codepipeline_service_role
Action: sts:AssumeRole Type: String
Policies: Value: !Ref CodePipelineServiceRole
- PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
- Resource: "*"
Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
- ecr:GetAuthorizationToken
- Resource: !Sub arn:aws:s3:::${ArtifactBucket}/*
Effect: Allow
Action:
- s3:GetObject
- s3:PutObject
- s3:GetObjectVersion
- Resource: "*"
Effect: Allow
Action:
- ecr:GetDownloadUrlForLayer
- ecr:BatchGetImage
- ecr:BatchCheckLayerAvailability
- ecr:PutImage
- ecr:InitiateLayerUpload
- ecr:UploadLayerPart
- ecr:CompleteLayerUpload
Outputs: Outputs:
PipelineUrl: PipelineUrl:
Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline} Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline}
ArtifactBucket:
Description: The bucket to store pipeline artifacts
Value: !Ref ArtifactBucket
Export:
Name: !Sub ${EnvironmentName}:ArtifactBucket

166
deployments/pipeline-service.yml
View File

@ -23,6 +23,12 @@ Parameters:
Type: String Type: String
Description: A commit message that triggers the build process Description: A commit message that triggers the build process
Default: \[BuildAll\] Default: \[BuildAll\]
ArtifactBucket:
Type: AWS::SSM::Parameter::Value<String>
Default: /microservices/artifact_bucket
CodePipelineServiceRole:
Type: AWS::SSM::Parameter::Value<String>
Default: /microservices/codepipeline_service_role
Resources: Resources:
@ -34,14 +40,6 @@ Resources:
Properties: Properties:
RepositoryName: !Sub ${EnvironmentName}/${ServiceName} RepositoryName: !Sub ${EnvironmentName}/${ServiceName}
#-----------------------------------------------------------------------------#
# Artifact Bucket
#-----------------------------------------------------------------------------#
ArtifactBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub microservices-services-${AWS::AccountId}
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
# CodeBuild Project # CodeBuild Project
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
@ -135,7 +133,7 @@ Resources:
Pipeline: Pipeline:
Type: AWS::CodePipeline::Pipeline Type: AWS::CodePipeline::Pipeline
Properties: Properties:
RoleArn: !GetAtt CodePipelineServiceRole.Arn RoleArn: !Ref CodePipelineServiceRole
ArtifactStore: ArtifactStore:
Type: S3 Type: S3
Location: !Ref ArtifactBucket Location: !Ref ArtifactBucket
@ -146,8 +144,9 @@ Resources:
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
- Name: Source - Name: Source
Actions: Actions:
- Name: Source
Namespace: SourceVariables - Name: Image
Namespace: ImageVariables
ActionTypeId: ActionTypeId:
Category: Source Category: Source
Owner: AWS Owner: AWS
@ -157,7 +156,7 @@ Resources:
RepositoryName: !Ref ServerRepository RepositoryName: !Ref ServerRepository
ImageTag: latest ImageTag: latest
OutputArtifacts: OutputArtifacts:
- Name: SourceImage - Name: Image
RunOrder: 1 RunOrder: 1
- Name: Code - Name: Code
@ -173,7 +172,7 @@ Resources:
OAuthToken: !Ref GitHubToken OAuthToken: !Ref GitHubToken
PollForSourceChanges: false PollForSourceChanges: false
OutputArtifacts: OutputArtifacts:
- Name: SourceCode - Name: Code
RunOrder: 1 RunOrder: 1
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
@ -186,122 +185,37 @@ Resources:
Category: Deploy Category: Deploy
Owner: AWS Owner: AWS
Version: 1 Version: 1
Provider: CloudFormation Provider: ECS
Configuration: Configuration:
ActionMode: CREATE_UPDATE ClusterName:
RoleArn: !GetAtt CloudFormationDeployRole.Arn Fn::ImportValue: !Sub ${EnvironmentName}:ClusterName
StackName: !Sub ${EnvironmentName}-ServerService ServiceName: !Ref ServiceName
TemplatePath: !Sub SourceCode::deployments/services-${DeploymentType}/server.yml FileName: imageDetail.json
Capabilities: CAPABILITY_IAM
ParameterOverrides: !Sub |
{
"EnvironmentName": "${EnvironmentName}",
"ImageUrl": "${ServerRepository.RepositoryUri}@#{SourceVariables.ImageDigest}"
}
InputArtifacts: InputArtifacts:
- Name: SourceImage - Name: Image
- Name: SourceCode
#-----------------------------------------------------------------------------# # - Name: Deploy
# Role for CodePipeline service # Actions:
#-----------------------------------------------------------------------------# # - Name: Deploy
CodePipelineServiceRole: # ActionTypeId:
Type: AWS::IAM::Role # Category: Deploy
Properties: # Owner: AWS
Path: / # Version: 1
AssumeRolePolicyDocument: # Provider: CloudFormation
Version: 2012-10-17 # Configuration:
Statement: # ActionMode: CREATE_UPDATE
- Effect: Allow # RoleArn: !GetAtt CloudFormationDeployRole.Arn
Principal: # StackName: !Sub ${EnvironmentName}-ServerService
Service: codepipeline.amazonaws.com # TemplatePath: !Sub Code::deployments/services-${DeploymentType}/server.yml
Action: sts:AssumeRole # Capabilities: CAPABILITY_IAM
Policies: # ParameterOverrides: !Sub |
- PolicyName: root # {
PolicyDocument: # "EnvironmentName": "${EnvironmentName}",
Version: 2012-10-17 # "ImageUrl": "${ServerRepository.RepositoryUri}@#{ImageVariables.ImageDigest}"
Statement: # }
# Allow codepipeline to put artifacts in the S3 bucket # InputArtifacts:
# as well as get artifacts back out of it. # - Name: Image
- Resource: # - Name: Code
- !Sub arn:aws:s3:::${ArtifactBucket}/*
Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
- s3:GetObjectVersion
- s3:GetBucketVersioning
# Allow codepipeline to build code builds
- Resource: "*"
Effect: Allow
Action:
- codebuild:StartBuild
- codebuild:BatchGetBuilds
- iam:PassRole
# Allow codepipeline to deploy cloudformation stacks
- Effect: Allow
Action:
- cloudformation:CreateChangeSet
- cloudformation:CreateStack
- cloudformation:CreateUploadBucket
- cloudformation:DeleteStack
- cloudformation:Describe*
- cloudformation:List*
- cloudformation:UpdateStack
- cloudformation:ValidateTemplate
- cloudformation:ExecuteChangeSet
Resource: "*"
# Allow codepipeline to get images from ECR
- Effect: Allow
Action:
- ecr:GetAuthorizationToken
- ecr:BatchCheckLayerAvailability
- ecr:GetDownloadUrlForLayer
- ecr:GetRepositoryPolicy
- ecr:DescribeRepositories
- ecr:ListImages
- ecr:DescribeImages
- ecr:BatchGetImage
- ecr:GetLifecyclePolicy
- ecr:GetLifecyclePolicyPreview
- ecr:ListTagsForResource
- ecr:DescribeImageScanFindings
Resource: "*"
# This role is passed by CodePipeline to CloudFormation to use
# when setting up resources in the pipeline
CloudFormationDeployRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: cloudformation.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: deploy-stack
PolicyDocument:
Statement:
- Effect: Allow
Action:
- "iam:*"
- "ec2:*"
- "ecs:*"
- "elasticloadbalancing:*"
- "autoscaling:*"
- "elasticache:*"
- "logs:*"
- "application-autoscaling:*"
- "cloudwatch:*"
- "route53:*"
- "rds:*"
- "mq:*"
# - "secretsmanager:*"
- "ssm:*"
Resource: "*"
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
# Role for CodeBuild service # Role for CodeBuild service

2
deployments/services-fargate/cache.yml
View File

@ -64,7 +64,7 @@ Resources:
Cpu: !Ref 'ContainerCpu' Cpu: !Ref 'ContainerCpu'
Memory: !Ref 'ContainerMemory' Memory: !Ref 'ContainerMemory'
# Image: !Sub ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/microservices/${ServiceName}:latest # Image: !Sub ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/microservices/${ServiceName}:latest
Image: !Ref ImageUrl # Image: !Ref ImageUrl
LogConfiguration: LogConfiguration:
LogDriver: 'awslogs' LogDriver: 'awslogs'
Options: Options:

2
deployments/services-fargate/database.yml
View File

@ -64,7 +64,7 @@ Resources:
Cpu: !Ref 'ContainerCpu' Cpu: !Ref 'ContainerCpu'
Memory: !Ref 'ContainerMemory' Memory: !Ref 'ContainerMemory'
# Image: !Sub ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/microservices/${ServiceName}:latest # Image: !Sub ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/microservices/${ServiceName}:latest
Image: !Ref ImageUrl # Image: !Ref ImageUrl
LogConfiguration: LogConfiguration:
LogDriver: 'awslogs' LogDriver: 'awslogs'
Options: Options:

2
deployments/services-fargate/server.yml
View File

@ -80,7 +80,7 @@ Resources:
Cpu: !Ref 'ContainerCpu' Cpu: !Ref 'ContainerCpu'
Memory: !Ref 'ContainerMemory' Memory: !Ref 'ContainerMemory'
# Image: !Sub ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/microservices/${ServiceName}:latest # Image: !Sub ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/microservices/${ServiceName}:latest
Image: !Ref ImageUrl # Image: !Ref ImageUrl
PortMappings: PortMappings:
- ContainerPort: !Ref 'ContainerPort' - ContainerPort: !Ref 'ContainerPort'
LogConfiguration: LogConfiguration: