def __init__(self, scope: core.Construct, id: str,
landing_zone: ILandingZone, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self.pipeline = pipe.Pipeline(self,
'Pipeline',
pipeline_name='{}-Rtsp-Connector'.format(
landing_zone.zone_name))
github_init_artifact = pipe.Artifact(
artifact_name='github-init-artifact')
self.pipeline.add_stage(
stage_name='Build-Commit',
actions=[
actions.GitHubSourceAction(
action_name='Init-from-GitHub',
owner='dr-natetorious',
repo='aws-homenet',
# Note: The secret must be:
# 1. formated non-json using the literal value from github.com/settings/tokens
# e.g., 1837422b*****26d31c
# 2. referencing a token that includes scopes notifications, repo, workflow
oauth_token=core.SecretValue.secrets_manager(
'GithubAccessToken'),
output=github_init_artifact)
])
self.build_stage = self.pipeline.add_stage(stage_name='Build')
def CdkDeploySimplePipeline(self, name: str, repo, branch: str, src: str,
output):
cdk_deploy = self.CdkDeployProject(f"{name}-CDKDeploy", stage=branch)
cdk_deploy.role.add_to_policy(
iam.PolicyStatement(effect=iam.Effect.ALLOW,
resources=["*"],
actions=["CloudFormation:*", "ec2:*", "s3:*"]))
return codepipeline.Pipeline(
self,
name,
stages=[
codepipeline.StageProps(
stage_name="Source",
actions=[
codepipeline_actions.CodeCommitSourceAction(
action_name="CodeCommit_Source",
repository=repo,
branch=branch,
output=src)
]),
codepipeline.StageProps(
stage_name="Deploy",
actions=[
codepipeline_actions.CodeBuildAction(
action_name="CdkDeploy",
project=cdk_deploy,
input=src,
outputs=[output])
]),
])
def __init__(self,
scope: core.Construct,
id: str,
*,
repo_name: str = None,
bucket,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
github_secret_personal_site = sm.Secret(self, 'github_secret_personal_site', description=f'{__name__} secret for github', \
secret_name='github_secret_personal_site')
personal_site_pipeline = codepipeline.Pipeline(
self, "Pipeline", pipeline_name="personal_site_github")
source_output = codepipeline.Artifact()
source_action = codepipeline_actions.GitHubSourceAction(
action_name="GitHub_Source",
owner=repo_name.split('/')[0],
repo=repo_name.split('/')[1],
oauth_token=core.SecretValue.secrets_manager(
"github_secret_personal_site"),
output=source_output,
branch="master")
deploy_action = codepipeline_actions.S3DeployAction(
action_name="S3Deploy", bucket=bucket, input=source_output)
#Add the stages defined above to the pipeline
personal_site_pipeline.add_stage(stage_name="Source",
actions=[source_action])
personal_site_pipeline.add_stage(stage_name="Deploy",
actions=[deploy_action])
def __init__(self, scope: core.Construct, id: str,
repo: codecommit.Repository, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
#---------- CodePipeline ----------#
artifactBucket = s3.Bucket(self,
'PipelineBucket',
bucket_name="bucket-name")
pipeline = codepipeline.Pipeline(
self,
"CodePipeline",
artifact_bucket=s3.Bucket.from_bucket_attributes(
self, 'ImportedBucket', bucket_name="bucket-name"))
source_output = codepipeline.Artifact()
source_action = codepipeline_actions.CodeCommitSourceAction(
action_name="Source", repository=repo, output=source_output)
pipeline.add_stage(stage_name="Source", actions=[source_action])
#---------- Deploy ----------#
deploy_application = codedeploy.ServerApplication(
self, "CodeDeployApplication", application_name="application-name")
deployment_group = codedeploy.ServerDeploymentGroup(
self,
"DeploymentGroup",
application=deploy_application,
)
deploy_action = codepipeline_actions.CodeDeployServerDeployAction(
action_name="deploy",
input=source_output,
deployment_group=deployment_group)
pipeline.add_stage(stage_name="Deploy", actions=[deploy_action])
def __init__(self, scope: core.Stack, id: str, **kwargs):
super().__init__(scope, id, **kwargs)
# create a pipeline
self.pipeline = codepipeline.Pipeline(self,
"Pipeline",
pipeline_name='API_Gateway')
# add a source stage
self.source_stage = self.pipeline.add_stage(stage_name="Source")
self.source_artifact = codepipeline.Artifact()
# codebuild projects
self.codebuild_validate = CodeBuildProjects(
self, "CodebuildValidate", buildspec='buildspec-diff.yml')
self.codebuild_deploy = CodeBuildProjects(self,
"CodebuildDeploy",
buildspec='buildspec.yml')
# add source action
self.source_stage.add_action(
codepipeline_actions.GitHubSourceAction(
oauth_token=core.SecretValue.secrets_manager(
secret_id='prod/github_oauth_token',
json_field='github_oauth_token'),
output=self.source_artifact,
owner=config['CODEPIPELINE']['GITHUB_OWNER'],
repo=config['CODEPIPELINE']['GITHUB_REPO'],
branch=config['CODEPIPELINE']['GITHUB_BRANCH'],
action_name='Pull_Source',
run_order=1,
))
# add validate stage
self.validate_stage = self.pipeline.add_stage(stage_name='Validate')
# add validate codebuild action
self.validate_stage.add_action(
codepipeline_actions.CodeBuildAction(
input=self.source_artifact,
project=self.codebuild_validate.project,
action_name='Validate_Changes'))
# add approval stage
self.approval_stage = self.pipeline.add_stage(stage_name='Approval')
# simple approval stage to continue build after manual validation complete
self.approval_stage.add_action(
codepipeline_actions.ManualApprovalAction(action_name='Approval'))
# add deploy stage
self.deploy_stage = self.pipeline.add_stage(stage_name='Deploy')
# add deploy codebuild action
self.deploy_stage.add_action(
codepipeline_actions.CodeBuildAction(
input=self.source_artifact,
project=self.codebuild_deploy.project,
action_name='Deploy_Changes'))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
blue_env = self.node.try_get_context("blue_env")
green_env = self.node.try_get_context("green_env")
app_name = self.node.try_get_context("app_name")
bucket = s3.Bucket(
self,
'BlueGreenBucket',
# The default removal policy is RETAIN, which means that cdk
# destroy will not attempt to delete the new bucket, and it will
# remain in your account until manually deleted. By setting the
# policy to DESTROY, cdk destroy will attempt to delete the bucket,
# but will error if the bucket is not empty.
removal_policy=core.RemovalPolicy.DESTROY
# NOT recommended for production code
)
handler = lmbda.Function(self,
'BlueGreenLambda',
runtime=lmbda.Runtime.PYTHON_3_6,
code=lmbda.Code.asset('resources'),
handler='blue_green.lambda_handler',
environment={'BUCKET': bucket.bucket_name})
bucket.grant_read_write(handler)
repo = cc.Repository(
self,
'Repository',
repository_name='MyRepositoryName',
)
pipeline = cp.Pipeline(self, 'MyFirstPipeline')
source_stage = pipeline.add_stage(stage_name='Source')
source_artifact = cp.Artifact('Source')
source_action = cpactions.CodeCommitSourceAction(
action_name='CodeCommit', repository=repo, output=source_artifact)
source_stage.add_action(source_action)
deploy_stage = pipeline.add_stage(stage_name='Deploy')
lambda_action = cpactions.LambdaInvokeAction(
action_name='InvokeAction',
lambda_=handler,
user_parameters={
'blueEnvironment': blue_env,
'greenEnvironment': green_env,
'application': app_name
},
inputs=[source_artifact])
deploy_stage.add_action(lambda_action)
def create_pipeline(self, pipeline_id, pipeline_name, artifact_bucket, pipeline_role):
test_pipeline = pipeline.Pipeline(
self,
id=pipeline_id,
pipeline_name=pipeline_name,
artifact_bucket=artifact_bucket,
role=pipeline_role
)
return test_pipeline
def __init__(self, scope: core.Stack, id: str, **kwargs):
super().__init__(scope, id, **kwargs)
# create an iam role to be assumed later by codebuild
self.role = iam.Role(
self,
"CodeBuildRole",
assumed_by=iam.CompositePrincipal(
iam.ServicePrincipal('codebuild.amazonaws.com'),
iam.ServicePrincipal('ec2.amazonaws.com')))
# TODO: Don't need admin, let's make this least privilege
self.role.add_to_policy(
iam.PolicyStatement(
actions=['*'],
resources=['*'],
))
# create a pipeline
self.pipeline = codepipeline.Pipeline(self,
"Pipeline",
pipeline_name='EKS')
# add a source stage
self.source_stage = self.pipeline.add_stage(stage_name="Source")
self.source_artifact = codepipeline.Artifact()
# codebuild projects
self.codebuild_deploy = CodeBuildProjects(self,
"CodebuildDeploy",
buildspec='buildspec.yml',
codepipelinerole=self.role)
# add source action
self.source_stage.add_action(
codepipeline_actions.GitHubSourceAction(
oauth_token=core.SecretValue.secrets_manager(
secret_id='prod/github_oauth_token',
json_field='github_oauth_token'),
output=self.source_artifact,
owner=config['CODEPIPELINE']['GITHUB_OWNER'],
repo=config['CODEPIPELINE']['GITHUB_REPO'],
action_name='Pull_Source',
run_order=1,
))
# add deploy stage
self.deploy_stage = self.pipeline.add_stage(stage_name='Deploy')
# add deploy codebuild action
self.deploy_stage.add_action(
codepipeline_actions.CodeBuildAction(
input=self.source_artifact,
project=self.codebuild_deploy.project,
action_name='Deploy_EKS_Cluster'))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Pipeline to connect to sample repo
# Pull code and build a docker image
pipeline = codepipeline.Pipeline(
self,
id="pipeline",
pipeline_name="demo_pipeline",
restart_execution_on_update=True,
)
def __init__(self, scope: core.Stack, id: str, **kwargs):
super().__init__(scope, id, **kwargs)
# create a pipeline
self.pipeline = codepipeline.Pipeline(self,
"Pipeline",
pipeline_name='Service_API')
# add a source stage
self.source_stage = self.pipeline.add_stage(stage_name="Source")
self.source_artifact = codepipeline.Artifact()
# codebuild projects
self.codebuild_deploy_swagger = CodeBuildProjects(
self, "CodebuildSwagger", buildspec='buildspec-swagger.yml')
self.codebuild_deploy_ecr = CodeBuildProjects(
self, "CodebuildDocker", buildspec='buildspec-docker.yml')
# add source action
self.source_stage.add_action(
codepipeline_actions.GitHubSourceAction(
oauth_token=core.SecretValue.secrets_manager(
secret_id='prod/github_oauth_token',
json_field='github_oauth_token'),
output=self.source_artifact,
owner=config['CODEPIPELINE']['GITHUB_OWNER'],
repo=config['CODEPIPELINE']['GITHUB_REPO'],
branch=config['CODEPIPELINE']['GITHUB_BRANCH'],
action_name='Pull_Source',
run_order=1,
))
# add build/test stage
self.deploy_stage = self.pipeline.add_stage(
stage_name='Test_and_Build')
# add build/test codebuild action
self.deploy_stage.add_action(
codepipeline_actions.CodeBuildAction(
input=self.source_artifact,
project=self.codebuild_deploy_ecr.project,
action_name='Test_and_Build'))
# add deploy stage
self.deploy_stage = self.pipeline.add_stage(
stage_name='API_Deployment')
# add deploy codebuild action
self.deploy_stage.add_action(
codepipeline_actions.CodeBuildAction(
input=self.source_artifact,
project=self.codebuild_deploy_swagger.project,
action_name='API_Deployment'))
def _create_pipeline(self) -> Resource:
"""
Create CodePipeline for training.
"""
self.pipeline = codepipeline.Pipeline(self, "Pipeline")
self._create_source()
self._create_train_step()
self._create_stepfunctions_step()
self._create_set_experiment_info_env_step()
self._create_manual_approve_step()
self._create_post_process_step()
def __init__(self, app: core.App, id: str, props, **kwargs) -> None:
super().__init__(app, id, **kwargs)
# define the s3 artifact
source_output = aws_codepipeline.Artifact(artifact_name='source')
# define the pipeline
pipeline = aws_codepipeline.Pipeline(
self,
"Pipeline",
pipeline_name=f"{props['namespace']}",
artifact_bucket=props['bucket'],
stages=[
aws_codepipeline.StageProps(
stage_name='Source',
actions=[
aws_codepipeline_actions.S3SourceAction(
bucket=props['bucket'],
bucket_key='source.zip',
action_name='S3Source',
run_order=1,
output=source_output,
trigger=aws_codepipeline_actions.S3Trigger.POLL),
]),
aws_codepipeline.StageProps(
stage_name='Build',
actions=[
aws_codepipeline_actions.CodeBuildAction(
action_name='DockerBuildImages',
input=source_output,
project=props['cb_docker_build'],
run_order=1,
)
])
])
# give pipelinerole read write to the bucket
props['bucket'].grant_read_write(pipeline.role)
#pipeline param to get the
pipeline_param = aws_ssm.StringParameter(
self,
"PPipeline",
parameter_name=f"{props['namespace']}-pipeline",
string_value=pipeline.pipeline_name,
description='IoT playground pipeline bucket')
# cfn output
core.CfnOutput(self,
"PipelineOut",
description="Pipeline",
value=pipeline.pipeline_name)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Create IAM Role For CodeBuild
codebuild_role = iam.Role(
self,
"BuildRole",
assumed_by=iam.ServicePrincipal("codebuild.amazonaws.com"),
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name(
"AdministratorAccess")
])
# Create CodeBuild PipelineProject
build_project = codebuild.PipelineProject(
self,
"BuildProject",
role=codebuild_role,
build_spec=codebuild.BuildSpec.from_source_filename(
"aws-app-resources/buildspec.yml"))
# Create CodePipeline
pipeline = codepipeline.Pipeline(self, "Pipeline")
# Create Artifact
artifact = codepipeline.Artifact()
# Add Source Stage
pipeline.add_stage(
stage_name="Source",
actions=[
codepipeline_actions.GitHubSourceAction(
action_name="SourceCodeRepo",
owner="jasonumiker",
repo="k8s-plus-aws-gitops",
output=artifact,
oauth_token=core.SecretValue.secrets_manager(
'github-token'))
])
# Add CodeBuild Stage
pipeline.add_stage(
stage_name="Deploy",
actions=[
codepipeline_actions.CodeBuildAction(
action_name="CodeBuildProject",
project=build_project,
type=codepipeline_actions.CodeBuildActionType.BUILD,
input=artifact)
])
def __init__(self,
scope: core.Construct,
id: str,
code_commit_repo: str,
default_branch: str = 'mainline',
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
code = codecommit.Repository.from_repository_name(
self, "codecommitrepo", code_commit_repo)
# Cloudformation permission for project builds
# right now setting admin permission on policy
# modify this to load custom policy per pipeline from policy statement document
# iam_cfn_admin_json = Policies.get_iam_cfn_admin_access_policy()
policy_statement = iam.PolicyStatement()
policy_statement.add_actions("*")
policy_statement.add_resources("*")
policy_statement.effect = iam.Effect.ALLOW
serverless_build = codebuild.PipelineProject(self, "buildpipeline")
# add cfn iam statements to build project
serverless_build.add_to_role_policy(policy_statement)
build_output = codepipeline.Artifact("BuildOutput")
codepipeline.Pipeline(
self,
"imageBuilderDeploymentPipeline",
pipeline_name="ImageBuilderDeploymentPipeline",
stages=[
codepipeline.StageProps(
stage_name="Source",
actions=[
codepipeline_actions.CodeCommitSourceAction(
action_name="SourceCode",
branch=default_branch,
repository=code,
output=build_output)
]),
codepipeline.StageProps(
stage_name="Deploy",
actions=[
codepipeline_actions.CodeBuildAction(
action_name="CodeDeploy",
project=serverless_build,
input=build_output)
])
])
def __init__(self, scope: core.Construct, id: str, bucket: s3.Bucket, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
branch = id.split('-')[-1]
self.pipeline = codepipeline.Pipeline(
self, 'wiki-Pipeline-'+branch,
pipeline_name='wiki-Pipeline-'+branch,
artifact_bucket=bucket
)
self.pipeline.add_to_role_policy(
iam.PolicyStatement(
actions=["s3:GetObject", "s3:GetObjectVersion", "s3:GetBucketVersioning", "s3:PutObject"],
resources=[
"arn:aws:s3:::{}".format(os.environ['S3_BUCKET_NAME']),
"arn:aws:s3:::{}/*".format(os.environ['S3_BUCKET_NAME'])
]
)
)
self.pipeline.add_to_role_policy(
iam.PolicyStatement(
actions=[
"cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStacks",
"cloudformation:UpdateStack", "cloudformation:CreateChangeSet", "cloudformation:DeleteChangeSet",
"cloudformation:DescribeChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:SetStackPolicy",
"cloudformation:ValidateTemplate", "iam:PassRole"
],
resources=['*']
)
)
self.pipeline.add_to_role_policy(
iam.PolicyStatement(
actions=["codebuild:BatchGetBuilds", "codebuild:StartBuild"],
resources=['*']
)
)
self.pipeline.add_to_role_policy(
iam.PolicyStatement(
actions=[
"lambda:GetPolicy", "lambda:ListEventSourceMappings", "lambda:ListFunctions", "lambda:InvokeFunction",
"lambda:GetEventSourceMapping", "lambda:GetFunction", "lambda:ListAliases", "lambda:GetAlias", "lambda:ListTags",
"lambda:ListVersionsByFunction", "lambda:GetAccountSettings", "lambda:GetFunctionConfiguration"
],
resources=['*']
)
)
def setup_api_pipeline(self):
"""Setup the build pipeline for API.
Using codepipeline to create a Pipeline with 3 steps
* Source: CodeCommitSourceAction
* Build: CodeBuildActioin
* Deploy: EcsDeployAction: deploy to ECS service
Returns
-------
aws_codepipeline.Pipeline
"""
source_output = cp.Artifact()
build_output = cp.Artifact(self.config.build_output)
return cp.Pipeline(
self,
'ApiPipeline',
pipeline_name=self.config.api.pipeline,
stages=[
cp.StageProps(stage_name='Source',
actions=[
cp_actions.CodeCommitSourceAction(
action_name='Source',
repository=self.api_source,
branch='master',
output=source_output,
)
]),
cp.StageProps(stage_name='Build',
actions=[
cp_actions.CodeBuildAction(
action_name='Build',
project=self.api_build_project,
input=source_output,
outputs=[build_output])
]),
cp.StageProps(
stage_name='Deploy',
actions=[
cp_actions.EcsDeployAction(
action_name='Deploy',
service=self.service.service,
input=build_output,
# image_file=build_output.at_path('imagedefinitions.json')
)
])
])
def setup_web_pipeline(self):
"""Setup the build pipeline.
Using codepipeline to create a Web Pipeline with 3 stages:
* Source: CodeCommitSourceAction
* Build : CodeBuildActioin
* Deploy: S3DeployAction
Returns
-------
aws_codepipeline.Pipeline
"""
source_output = cp.Artifact()
build_output = cp.Artifact(self.config.web.build_output)
return cp.Pipeline(
self,
'WebPipeline',
pipeline_name=self.config.web.pipeline,
stages=[
cp.StageProps(stage_name='Source',
actions=[
cp_actions.CodeCommitSourceAction(
action_name='Source',
repository=self.web_source,
branch='master',
output=source_output,
)
]),
cp.StageProps(stage_name='Build',
actions=[
cp_actions.CodeBuildAction(
action_name='Build',
project=self.web_build_project,
input=source_output,
outputs=[build_output])
]),
cp.StageProps(
stage_name='Deploy',
actions=[
cp_actions.S3DeployAction(
action_name='Deploy',
bucket=self.web_bucket,
input=build_output,
access_control=s3.BucketAccessControl.PUBLIC_READ)
])
])
def _create_pipeline(self) -> codepipeline.Pipeline:
"""
Define and apply the specifications on how
the deployment process will go.
"""
source_output = codepipeline.Artifact()
build_output = codepipeline.Artifact()
return codepipeline.Pipeline(
self,
'Pipeline',
stages=[
self._create_source_stage('Source', source_output),
self._create_image_build_stage('Build', source_output,
build_output),
self._create_deploy_stage('Deploy', build_output)
])
def __init__(self, scope: core.Construct, id: str, asg, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
#Set up CodeDeploy
codedeploy_application = codedeploy.ServerApplication(
self, "CodeDeployApp", application_name="JangoMartLoyaltyApp")
deploymentgroup = codedeploy.ServerDeploymentGroup(
self,
"CodeDeployDeploymentGroup",
application=codedeploy_application,
auto_scaling_groups=[asg],
deployment_group_name="JangoMartASG",
#role="CodeDeployServiceRole", # <-- syntax error here
deployment_config=codedeploy.ServerDeploymentConfig.ALL_AT_ONCE)
#Create the pipeline
pipeline = codepipeline.Pipeline(
self,
"CodePipeline",
pipeline_name="JangoMartPipeline",
#role="CodePipeline-Service-Role" # <-- syntax error here
)
source_output = codepipeline.Artifact()
#Set up Source stage
source_action = codepipeline_actions.GitHubSourceAction(
action_name="GitHub_Source",
owner="brianfdevore",
repo="jangomart-cl",
oauth_token=core.SecretValue.secrets_manager("my-github-token"),
#oauth_token=secretsmanager.Secret.from_secret_attributes(self, "ImportedSecret", secret_arn="arn:aws:secretsmanager:us-east-1:446451421466:secret:GitHub_JangoMart_Repo_Access_Token-t3S4dj"),
output=source_output,
branch="master",
trigger=codepipeline_actions.GitHubTrigger.POLL)
#Set up Deploy stage
deploy_action = codepipeline_actions.CodeDeployServerDeployAction(
action_name="CodeDeploy",
input=source_output,
deployment_group=deploymentgroup)
#Add the stages defined above to the pipeline
pipeline.add_stage(stage_name="Source", actions=[source_action])
pipeline.add_stage(stage_name="Deploy", actions=[deploy_action])
def generate_pipeline(scope, bucket, role, codebuild_project,
beanstalk_application, beanstalk_environment,
codestar_connection):
pipeline = codepipeline.Pipeline(
scope=scope,
id="JVSANTOSCodePipelineTier1",
artifact_bucket=bucket,
pipeline_name="jvsantos-pipeline-tier1",
role=role,
stages=generate_pipeline_stages(
codebuild_project=codebuild_project,
role=role,
beanstalk_application=beanstalk_application,
beanstalk_environment=beanstalk_environment,
codestar_connection=codestar_connection))
# pipeline.
return pipeline
def __init__(self, app: core.App, id: str, props, repo_name: str=None, **kwargs) -> None:
super().__init__(app, id, **kwargs)
source_output = aws_codepipeline.Artifact(artifact_name='source')
code = aws_codecommit.Repository.from_repository_name(self, "ImportedRepo",
repo_name)
codepipeline = aws_codepipeline.Pipeline(self, "CodePipeline",
pipeline_name="flask-pipeline",
artifact_bucket=props['bucket'],
stages=[
aws_codepipeline.StageProps(
stage_name='Source',
actions=[
aws_codepipeline_actions.CodeCommitSourceAction(
action_name="CodeCommit",
repository=code,
output=source_output,
run_order=1,
),
]
),
aws_codepipeline.StageProps(
stage_name='Build',
actions=[
aws_codepipeline_actions.CodeBuildAction(
action_name='DockerBuildImages',
input=source_output,
project=props['ecr_build'],
run_order=1,
)
]
),
aws_codepipeline.StageProps(
stage_name='Build2',
actions=[
aws_codepipeline_actions.CodeBuildAction(
action_name='ECSBuild',
input=source_output,
project=props['ecs_build'],
run_order=1,
)
]
)
]
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
for stage in ["prd", "dev"] :
target_function = self.create_function(stage)
project = self.create_project(target_function, stage)
source_output = codepipeline.Artifact(self.create_name(stage));
branch = "master" if stage == "prd" else "develop"
codepipeline.Pipeline(self, self.create_id("Pipeline", stage),
pipeline_name=self.create_name(stage),
stages=[
codepipeline.StageProps(
stage_name="Source",
actions=[self.create_source_action(branch, source_output)]),
codepipeline.StageProps(
stage_name="Build",
actions=[self.create_build_action(project, source_output)])
])
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
try:
with open('../.secrets/github_token.txt') as f:
github_token = f.read()
except FileNotFoundError:
print(
"Create ../.secrets/github_token.txt and put the token which you create in the github interface into it."
)
source_output = aws_codepipeline.Artifact(artifact_name='source')
ecr, cb_docker_build = self._get_build_project()
pipeline = aws_codepipeline.Pipeline(
self,
"Pipeline",
pipeline_name="cdk-pipeline",
stages=[
aws_codepipeline.StageProps(
stage_name='Source',
actions=[
aws_codepipeline_actions.GitHubSourceAction(
output=source_output,
action_name="Source",
oauth_token=core.SecretValue(github_token),
owner='arron1993',
repo="arronmoore.com",
branch="develop")
]),
aws_codepipeline.StageProps(
stage_name='Build',
actions=[
aws_codepipeline_actions.CodeBuildAction(
action_name='DockerBuildImages',
input=source_output,
project=cb_docker_build,
run_order=1,
)
])
])
def __init__(self,
scope,
id,
github_config: dict,
project_config: dict = dict()):
super().__init__(scope, id)
self.bucket = s3.Bucket(self,
'bucket',
removal_policy=core.RemovalPolicy.RETAIN,
encryption=s3.BucketEncryption.KMS_MANAGED,
versioned=True)
self.pipe = cp.Pipeline(self,
'pipe',
cross_account_keys=True,
pipeline_name=id + '-pipe')
self._source(**github_config)
self._project(**project_config)
self._build(self.artifacts['sources'][0],
self.artifacts['build_extras'])
def setup_cicd(scope: core.Construct, id: str, pipelines: Pipelines) -> None:
for pipeline_def in pipelines:
pipeline = aws_codepipeline.Pipeline(
scope,
generate_logical_id(pipeline_def["name"]),
pipeline_name=pipeline_def["name"],
restart_execution_on_update=True,
)
for stage_def in pipeline_def["stages"]:
stage = pipeline.add_stage(stage_name=stage_def["name"])
for action_def in stage_def["actions"]:
action_id = generate_logical_id(pipeline_def["name"],
stage_def["name"],
action_def["name"])
action = create_action(scope, action_id, action_def)
stage.add_action(action)
provide_access_to_artifacts(scope,
pipeline_def=pipeline_def,
artifact_bucket=pipeline.artifact_bucket)
def create_codepipeline(self, build_project, source_bucket, artifact_bucket):
# アーティファクト取得
source_output=_cp.Artifact(artifact_name='SourceArtifact')
source_build_output=_cp.Artifact(artifact_name='BuildArtifact')
# コードパイプライン作成
pipeline=_cp.Pipeline(
self, 'Pipeline',
pipeline_name='DEMO-PIPELINE',
artifact_bucket=artifact_bucket,
stages=[
# Source
create_source_stage(self, source_output, source_bucket),
# Build
create_build_stage(self, source_output, build_project),
# # Approval
# create_approval_stage(self),
# Deploy
create_deploy_stage(self, source_build_output),
]
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
pipeline = codepipeline.Pipeline(
self, "CodePipeline",
pipeline_name="CDKPipelineTest"
)
token = core.SecretValue.secrets_manager("arn:aws:secretsmanager:ap-northeast-1:821383200340:secret:GitHubKey-LPPj2Z")
sourceoutput = codepipeline.Artifact()
sourceaction = actions.GitHubSourceAction(
oauth_token=token,
output=sourceoutput,
owner="haimila",
branch="master",
repo="cfpipeline",
action_name="SourceAction"
)
iam_capabilities = core.CfnCapabilities.NAMED_IAM
templatepath = codepipeline.ArtifactPath(sourceoutput, "cfpipeline.yml")
deployaction = actions.CloudFormationCreateUpdateStackAction(
admin_permissions=True,
stack_name="CdkPipelineStack",
template_path=templatepath,
replace_on_failure=True,
action_name="DeployAction",
capabilities=[iam_capabilities]
)
sourcestage = pipeline.add_stage(
stage_name="Source",
actions=[sourceaction]
)
pipeline.add_stage(
stage_name="Deploy",
actions=[deployaction],
placement={"just_after": sourcestage}
)
def __init__(self, scope: core.Construct, id: str, frontendBucket,
**kwargs):
super().__init__(scope, id, **kwargs)
prj_name = self.node.try_get_context('project_name')
env_name = self.node.try_get_context('env')
webhosting_buket = s3.Bucket.from_bucket_name(
self, 'webhostingbucket-id', bucket_name=frontendBucket)
cdn_id = ssm.StringParameter.from_string_parameter_name(
self, 'cdn_id', string_parameter_name=f'/{env_name}/cdn-id')
source_repo = ccm.Repository.from_repository_name(
self, 'repository-id', repository_name='cdk_app_frontend')
artifact_bucket = s3.Bucket(
self,
'artifactbucket',
encryption=s3.BucketEncryption.S3_MANAGED,
access_control=s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL)
pipeline = cp.Pipeline(
self,
'frontend-pipeline',
pipeline_name=f'{prj_name}-{env_name}-frontend-pipeline',
artifact_bucket=artifact_bucket,
restart_execution_on_update=False)
source_output = cp.Artifact(artifact_name='source')
build_output = cp.Artifact(artifact_name='build')
pipeline.add_stage(stage_name='Source',
actions=[
cp_actions.CodeCommitSourceAction(
action_name='CodeCommitSource',
repository=source_repo,
branch='master',
output=source_output)
])
def _create_pipeline(
self, build_pipeline_name: str,
github_source: aws_codepipeline_actions.GitHubSourceAction,
codebuild_project: aws_codebuild.PipelineProject,
config_file_source_bucket_name: str, df_project: DeviceFarmProject,
device_farm_pool_arn: str):
artifact_bucket = self._create_artifact_bucket(
f"pipeline-assets-{build_pipeline_name.lower()}-{self.account}")
self.code_build_project = self._create_codebuild_project(
"AmplifyAndroidCodeBuildProject")
amplify_android_build_output = aws_codepipeline.Artifact(
"AmplifyAndroidBuildOutput")
pipeline = aws_codepipeline.Pipeline(
self,
f"{build_pipeline_name}Pipeline",
pipeline_name=build_pipeline_name,
artifact_bucket=artifact_bucket,
stages=[
aws_codepipeline.StageProps(stage_name="Source",
actions=[github_source]),
aws_codepipeline.StageProps(
stage_name="Build",
actions=[
self._create_build_and_assemble_action(
input_artifact=github_source.action_properties.
outputs[0],
output_artifact=amplify_android_build_output,
pipeline_project=codebuild_project,
config_source_bucket=config_file_source_bucket_name
)
])
])
self._add_devicefarm_test_runner_permissions_to_role(pipeline.role)
self._add_devicefarm_test_stage(pipeline, df_project.get_project_id(),
device_farm_pool_arn)
return pipeline
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
code = codecommit.Repository(
self, "CodeRepo", repository_name="iot-gg-cicd-workshop-repo")
prod_deploy_param_bucket = s3.Bucket(
self,
"ProdDeployBucket",
versioned=True,
)
prod_source_bucket = s3.Bucket(
self,
"ProdSourceBucket",
versioned=True,
)
ssm.StringParameter(
self,
"ProdSourceBucketParameter",
parameter_name="/iot-gg-cicd-workshop/s3/prod_source_bucket",
string_value=prod_source_bucket.bucket_name,
)
ssm.StringParameter(
self,
"ProdDeployBucketParameter",
parameter_name="/iot-gg-cicd-workshop/s3/prod_deploy_param_bucket",
string_value=prod_deploy_param_bucket.bucket_name,
)
cdk_build = codebuild.PipelineProject(
self,
"Build",
project_name="iot-gg-cicd-workshop-build",
build_spec=codebuild.BuildSpec.from_source_filename(
"buildspec.yml"),
environment_variables={
"AWS_DEFAULT_REGION":
codebuild.BuildEnvironmentVariable(value=kwargs['env'].region)
})
add_policies(cdk_build, [
"AWSCloudFormationFullAccess",
"AmazonSSMFullAccess",
"AmazonS3FullAccess",
"AWSLambdaFullAccess",
"IAMFullAccess",
])
cdk_deploy_canary = codebuild.PipelineProject(
self,
"Deploy",
project_name="iot-gg-cicd-workshop-deploy-canary",
build_spec=codebuild.BuildSpec.from_source_filename(
"deployspec.yml"),
environment_variables={
"AWS_DEFAULT_REGION":
codebuild.BuildEnvironmentVariable(value=kwargs['env'].region)
})
add_policies(cdk_deploy_canary, [
"AWSCloudFormationFullAccess", "AWSGreengrassFullAccess",
"AmazonSSMFullAccess", "ResourceGroupsandTagEditorReadOnlyAccess",
"AWSLambdaFullAccess", "AWSIoTFullAccess"
])
source_output = codepipeline.Artifact()
cdk_build_output = codepipeline.Artifact("CdkBuildOutput")
codepipeline.Pipeline(
self,
"Pipeline",
pipeline_name="iot-gg-cicd-workshop-pipeline-canary",
stages=[
codepipeline.StageProps(
stage_name="Source",
actions=[
codepipeline_actions.CodeCommitSourceAction(
action_name="CodeCommit_Source",
repository=code,
output=source_output)
]),
codepipeline.StageProps(
stage_name="Build_Package_Deploy_Lambda",
actions=[
codepipeline_actions.CodeBuildAction(
action_name="Build_Package_Deploy",
project=cdk_build,
input=source_output,
outputs=[cdk_build_output])
]),
codepipeline.StageProps(
stage_name="Deploy_GreenGrass_Canary",
actions=[
codepipeline_actions.CodeBuildAction(
action_name="Deploy_Canary",
project=cdk_deploy_canary,
input=cdk_build_output)
]),
])
cdk_deploy_prod = codebuild.PipelineProject(
self,
"DeployProd",
project_name="iot-gg-cicd-workshop-deploy-main",
build_spec=codebuild.BuildSpec.from_object(
dict(
version="0.2",
phases=dict(install=dict(commands=[
"apt-get install zip",
"PROD_SOURCE_BUCKET=$(aws ssm get-parameter --name '/iot-gg-cicd-workshop/s3/prod_source_bucket' --with-decryption --query 'Parameter.Value' --output text)",
"aws s3 cp s3://$PROD_SOURCE_BUCKET/prod_deploy.zip prod_deploy.zip",
"unzip -o prod_deploy.zip", "ls -la", "make clean init"
]),
build=dict(commands=[
"ls -la",
"make deploy-greengrass-prod",
])),
artifacts={
"base-directory": ".",
"files": ["**/*"]
},
environment=dict(
buildImage=codebuild.LinuxBuildImage.STANDARD_2_0))))
add_policies(cdk_deploy_prod, [
"AWSCloudFormationFullAccess", "AWSGreengrassFullAccess",
"AmazonSSMFullAccess", "ResourceGroupsandTagEditorReadOnlyAccess",
"AWSLambdaFullAccess"
])
prod_source_output = codepipeline.Artifact()
codepipeline.Pipeline(
self,
"PipelineProd",
pipeline_name="iot-gg-cicd-workshop-pipeline-main",
stages=[
codepipeline.StageProps(
stage_name="Source",
actions=[
codepipeline_actions.S3SourceAction(
action_name="S3_Source",
bucket=prod_deploy_param_bucket,
bucket_key="deploy_params.zip",
output=prod_source_output)
]),
codepipeline.StageProps(
stage_name="Deploy_GreenGrass_Prod",
actions=[
codepipeline_actions.CodeBuildAction(
action_name="Deploy_Prod",
project=cdk_deploy_prod,
input=prod_source_output)
]),
])
prod_source_bucket.grant_read_write(cdk_deploy_canary.role)
prod_source_bucket.grant_read(cdk_deploy_prod.role)
prod_deploy_param_bucket.grant_read_write(cdk_deploy_canary.role)
