def create_build_project(self, role, source_bucket):
build_project = _cb.Project(
self, 'CodeBuildProject',
project_name='DEMO-BUILD',
source=_cb.Source.s3(
bucket=source_bucket,
path='archive.zip'
),
environment=_cb.BuildEnvironment(
build_image=_cb.LinuxBuildImage.STANDARD_3_0,
privileged=True
),
environment_variables={
'IMAGE_REPO_NAME': _cb.BuildEnvironmentVariable(value='demo-repository'),
'AWS_DEFAULT_REGION': _cb.BuildEnvironmentVariable(value=os.environ.get('REGION')),
'AWS_ACCOUNT_ID': _cb.BuildEnvironmentVariable(value=os.environ.get('ACCOUNT_ID')),
'CONTAINER_NAME': _cb.BuildEnvironmentVariable(value='DEMO-CONTAINER'),
},
build_spec=_cb.BuildSpec.from_source_filename(filename='etc/cicd/buildspec.yml'),
artifacts=_cb.Artifacts.s3(
bucket=source_bucket,
name='artifact-codebuild.zip',
package_zip=True,
include_build_id=False
),
role=role
)
return build_project
def get_build_env_vars(self, ecr_repo):
return {
"REPOSITORY_URI":
codebuild.BuildEnvironmentVariable(value=ecr_repo.repository_uri),
"DOCKERHUB_USERNAME":
codebuild.BuildEnvironmentVariable(
value="/springboot-multiarch/dockerhub/username",
type=codebuild.BuildEnvironmentVariableType.PARAMETER_STORE),
"DOCKERHUB_PASSWORD":
codebuild.BuildEnvironmentVariable(
value="/springboot-multiarch/dockerhub/password ",
type=codebuild.BuildEnvironmentVariableType.PARAMETER_STORE),
"REDIS_HOST":
codebuild.BuildEnvironmentVariable(
value=self.redis.attr_redis_endpoint_address),
"REDIS_PORT":
codebuild.BuildEnvironmentVariable(
value=self.redis.attr_redis_endpoint_port),
"RDS_SECRET":
codebuild.BuildEnvironmentVariable(
value=self.rds_cluster.secret.secret_name),
"RDS_HOST":
codebuild.BuildEnvironmentVariable(
value=self.rds_cluster.cluster_endpoint.hostname),
"RDS_PORT":
codebuild.BuildEnvironmentVariable(
value=self.rds_cluster.cluster_endpoint.port),
"EKS_NAME":
codebuild.BuildEnvironmentVariable(value=self.eks.cluster_name),
"EKS_ROLE":
codebuild.BuildEnvironmentVariable(
value=self.eks.kubectl_role.role_arn),
}
def __init__(
self,
scope: core.Construct,
id: str,
repo: str,
artifacts_bucket: str,
owner: str = 'SeedCompany',
create_bucket:
bool = False, # if true and bucket_name exists, then the artifact bucket will be created
**kwargs
) -> None:
super().__init__(scope, id, **kwargs)
if create_bucket:
artifactStore = s3.Bucket(self,
artifacts_bucket,
bucket_name=artifacts_bucket)
else:
artifactStore = s3.Bucket.from_bucket_name(self, artifacts_bucket,
artifacts_bucket)
artifacts = codebuild.Artifacts.s3(
bucket=artifactStore,
name=repo,
include_build_id=True,
package_zip=False,
)
#GitHub credentials are entered into CodeBuild manually
# $ aws codebuild import-source-credentials --server-type GITHUB --auth-type PERSONAL_ACCESS_TOKEN --token <token_value>
gitRepo = codebuild.Source.git_hub(owner=owner,
repo=repo,
webhook=True)
retetoRepo = ecr.Repository.from_repository_name(
self, 'RetetoRepo', 'reteto')
buildEnv = codebuild.BuildEnvironment(
build_image=codebuild.LinuxBuildImage.from_ecr_repository(
retetoRepo),
compute_type=codebuild.ComputeType.SMALL,
privileged=True)
project = codebuild.Project(
self,
'%sBuild' % repo.capitalize(),
project_name='%sBuild' % repo.capitalize(),
environment=buildEnv,
environment_variables={
"AWS_ACCOUNT_ID":
codebuild.BuildEnvironmentVariable(value=self.account),
"REPO":
codebuild.BuildEnvironmentVariable(value=repo)
},
source=gitRepo,
artifacts=artifacts,
badge=True,
# see reference.buildspec.yml for a standard buildspec
build_spec=codebuild.BuildSpec.from_object({}))
def __init__(self, scope: core.App, id: str, props, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
required_props = [
'github_source', 'config_source_bucket', 'device_farm_project_name'
]
for prop in required_props:
if prop not in props:
raise RuntimeError(f"Parameter {prop} is required.")
config_source_bucket = props['config_source_bucket']
device_farm_project_name = props['device_farm_project_name']
codebuild_project_name_prefix = props['codebuild_project_name_prefix']
github_source = props['github_source']
owner = github_source['owner']
repo = github_source['repo']
base_branch = github_source['base_branch']
df_project = DeviceFarmProject(self,
id,
project_name=device_farm_project_name)
df_pool = DeviceFarmDevicePool(
self,
f"{id}DevicePool",
project_arn=core.Token.as_string(df_project.project_arn),
device_pool_name="SingleDeviceIntegTestDevicePool")
PullRequestBuilder(
self,
"UnitTestRunner",
project_name=f"{codebuild_project_name_prefix}-UnitTest",
github_owner=owner,
github_repo=repo,
base_branch=base_branch,
buildspec_path="scripts/pr-builder-buildspec.yml")
integtest_project = PullRequestBuilder(
self,
"IntegrationTestrunner",
project_name=f"{codebuild_project_name_prefix}-IntegrationTest",
github_owner=owner,
github_repo=repo,
base_branch=base_branch,
buildspec_path="scripts/devicefarm-test-runner-buildspec.yml",
environment_variables={
'DEVICEFARM_PROJECT_ARN':
aws_codebuild.BuildEnvironmentVariable(
value=df_project.get_arn()),
'DEVICEFARM_POOL_ARN':
aws_codebuild.BuildEnvironmentVariable(
value=df_pool.device_pool_arn),
'CONFIG_SOURCE_BUCKET':
aws_codebuild.BuildEnvironmentVariable(
value=config_source_bucket)
})
self._add_codebuild_project_runner_permissions(integtest_project.role)
self._add_devicefarm_test_runner_permissions_to_role(
integtest_project.role)
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
prj_name = self.node.try_get_context("project_name")
env_name = self.node.try_get_context("env")
account_id = core.Aws.ACCOUNT_ID
PROJECT_NUMBER = 2
# To Store Frontend App
frontend_bucket = s3.Bucket(self, "frontend",
access_control=s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL,
bucket_name=account_id + '-' + env_name + '-frontend',
public_read_access=True,
removal_policy=core.RemovalPolicy.DESTROY,
website_index_document='index.html'
)
bucket_name = frontend_bucket.bucket_name
github_token = core.SecretValue.secrets_manager("dev/github-token", json_field='github-from-marsApp')
cb.GitHubSourceCredentials(self, "CodeBuildGitHubCreds",
access_token=github_token
)
git_hub_source = cb.Source.git_hub(
owner="manrodri",
repo="30miniProjects",
webhook=True,
webhook_filters=[
cb.FilterGroup.in_event_of(cb.EventAction.PUSH).and_branch_is(
"master").and_file_path_is('js30Projects/')
]
)
codebuild_project = cb.Project(
self,
"cb-frontend",
source=git_hub_source,
environment=cb.BuildEnvironment(
build_image=cb.LinuxBuildImage.STANDARD_3_0,
environment_variables={
'WEB_BUCKET_NAME': cb.BuildEnvironmentVariable(value=bucket_name),
'PROJECT_NUMBER': cb.BuildEnvironmentVariable(value=str(PROJECT_NUMBER))
}
),
)
allow_object_actions = iam.PolicyStatement(resources=[f"arn:aws:s3:::{bucket_name}/*"],
actions=["s3:*"])
allow_bucket_actions = iam.PolicyStatement(
resources=[f"arn:aws:s3:::{bucket_name}"],
actions=['s3:*'],
)
codebuild_project.add_to_role_policy(allow_object_actions)
codebuild_project.add_to_role_policy(allow_bucket_actions)
def _create_train_step(self):
stage = self.pipeline.add_stage(stage_name=f"{self.name_prefix}-stage")
role = iam.Role(
self,
"Role",
assumed_by=iam.ServicePrincipal("codebuild.amazonaws.com"),
description="Role for CodeBuild",
role_name=f"{self.name_prefix}-codebuild-role",
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name(
"AmazonEC2ContainerRegistryFullAccess"),
iam.ManagedPolicy.from_aws_managed_policy_name(
"AWSStepFunctionsFullAccess"),
iam.ManagedPolicy.from_aws_managed_policy_name(
"service-role/AWSLambdaVPCAccessExecutionRole"),
iam.ManagedPolicy.from_aws_managed_policy_name(
"SecretsManagerReadWrite"),
],
)
policy = iam.Policy(self, "PassRolePolicy")
policy.document.add_statements(
iam.PolicyStatement(
actions=["iam:PassRole"],
resources=[f"arn:aws:iam::{Stack.of(self).account}:role/*"]))
role.attach_inline_policy(policy)
build_spec = codebuild.BuildSpec.from_source_filename('buildspec.yml')
project = codebuild.PipelineProject(
self,
"TrainingStepProject",
build_spec=build_spec,
environment=codebuild.BuildEnvironment(
build_image=codebuild.LinuxBuildImage.STANDARD_5_0,
privileged=True),
role=role,
security_groups=[self.security_group],
subnet_selection=self.subnet_selection,
vpc=self.vpc)
action = codepipeline_actions.CodeBuildAction(
action_name=f"{self.name_prefix}-training-action",
project=project,
input=self.source_output,
environment_variables={
"EXEC_ID":
codebuild.BuildEnvironmentVariable(
value='#{codepipeline.PipelineExecutionId}'),
"SFN_WORKFLOW_NAME":
codebuild.BuildEnvironmentVariable(value=self.sfn_name)
},
variables_namespace="trainStep",
)
stage.add_action(action)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
sourceArtifact = codepipeline.Artifact()
cloudAssemblyArtifact = codepipeline.Artifact()
pipeline = pipelines.CdkPipeline(self, 'Pipeline',
pipeline_name=self.node.try_get_context(
'repository_name') + "-{}-pipeline".format(STAGE),
cloud_assembly_artifact=cloudAssemblyArtifact,
source_action=actions.GitHubSourceAction(
action_name='GitHub',
output=sourceArtifact,
oauth_token=core.SecretValue.secrets_manager('github-token'),
owner=self.node.try_get_context(
'owner'),
repo=self.node.try_get_context(
'repository_name'),
branch=STAGE
),
synth_action=pipelines.SimpleSynthAction(
synth_command="cdk synth",
install_commands=[
"pip install --upgrade pip",
"npm i -g aws-cdk",
"pip install -r requirements.txt"
],
source_artifact=sourceArtifact,
cloud_assembly_artifact=cloudAssemblyArtifact,
environment={
'privileged': True
},
environment_variables={
'DEV_ACCOUNT_ID': codebuild.BuildEnvironmentVariable(value=os.environ['DEV_ACCOUNT_ID']),
'STG_ACCOUNT_ID': codebuild.BuildEnvironmentVariable(value=os.environ['STG_ACCOUNT_ID']),
'PROD_ACCOUNT_ID': codebuild.BuildEnvironmentVariable(value=os.environ['PROD_ACCOUNT_ID']),
'MANAGE_ACCOUNT_ID': codebuild.BuildEnvironmentVariable(value=os.environ['MANAGE_ACCOUNT_ID'])
}
)
)
dev = PipelineStage(
self,
self.node.try_get_context('service_name') + "-{}".format(STAGE),
env={
'region': "ap-northeast-1",
'account': os.environ['DEV_ACCOUNT_ID']
}
)
dev_stage = pipeline.add_application_stage(dev)
def __init__(self, scope: core.Construct, id: str,
source: codepipeline.Artifact,
pipeline: codepipeline.Pipeline, bucket: s3.Bucket,
role: iam.Role, frontend: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
branch = id.split('-')[-1]
# Code build for flask frontend
env = codebuild.BuildEnvironment(
build_image=codebuild.LinuxBuildImage.UBUNTU_14_04_DOCKER_18_09_0,
compute_type=codebuild.ComputeType.SMALL,
environment_variables={
'PROJECTNAME':
codebuild.BuildEnvironmentVariable(
value=os.environ['GITHUB_REPO']),
'GITHUBUSER':
codebuild.BuildEnvironmentVariable(
value=os.environ['GITHUB_OWNER']),
'SOURCEBRANCH':
codebuild.BuildEnvironmentVariable(value=branch),
'ARTIFACT_BUCKET':
codebuild.BuildEnvironmentVariable(value=bucket.bucket_arn),
'REPO_URI':
codebuild.BuildEnvironmentVariable(value=frontend),
},
privileged=True,
)
project = codebuild.PipelineProject(
self,
'Build_Frontend-' + branch,
description='Submit build jobs for {} as part of CI/CD pipeline'.
format(os.environ['GITHUB_REPO']),
environment=env,
build_spec=codebuild.BuildSpec.from_source_filename(
"buildspec.yml"),
role=role)
cb_actions = codepipeline_actions.CodeBuildAction(
action_name='CodeBuild-' + branch,
input=source,
project=project,
run_order=3)
pipeline.add_stage(stage_name='CodeBuild-' + branch,
actions=[cb_actions])
def __init__(self, scope: core.Construct, id: str, buildspec, **kwargs):
super().__init__(scope, id, **kwargs)
self.buildspec = buildspec
self.build_image = codebuild.LinuxBuildImage.STANDARD_2_0
self.project = codebuild.PipelineProject(
self,
"Project",
environment=codebuild.BuildEnvironment(
build_image=self.build_image, privileged=True),
build_spec=codebuild.BuildSpec.from_source_filename(
self.buildspec),
environment_variables={
'REPO_NAME':
codebuild.BuildEnvironmentVariable(
value=config['CODEPIPELINE']['GITHUB_REPO'])
},
)
# TODO: Don't need admin, let's make this least privilege
self.admin_policy = iam.Policy(
self,
"AdminPolicy",
roles=[self.project.role],
statements=[iam.PolicyStatement(
actions=['*'],
resources=['*'],
)])
def __init__(self, scope: core.Construct, id: str,
project_name:str,
build_image:assets.DockerImageAsset,
context:BuildContext,
build_role:iam.Role,
app_dir:str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self.github_master_source = b.Source.git_hub(
clone_depth=1,
owner='dr-natetorious',
repo='app-FinSurf',
webhook=False
)
param_name = '/app-finsurf/artifacts/bin/{}'.format(project_name)
output_path = 's3://{}/cicd/{}'.format(
context.buckets.artifacts_bucket.bucket_name,
project_name)
self.build_project = b.Project(self,'PythonProject',
project_name=project_name,
source= self.github_master_source,
environment= b.BuildEnvironment(
build_image= b.LinuxBuildImage.from_ecr_repository(
repository=build_image.repository,
tag=build_image.image_uri.split(':')[-1]),
environment_variables={
'APP_DIR':b.BuildEnvironmentVariable(value=app_dir),
'PARAM_NAME': b.BuildEnvironmentVariable(value=param_name),
'OUTPUT_PATH': b.BuildEnvironmentVariable(value=output_path),
},
compute_type=b.ComputeType.SMALL
),
role=build_role,
encryption_key= context.buckets.artifacts_key,
build_spec= b.BuildSpec.from_source_filename(filename='cicd/configs/buildspec-python-zip.yml'),
artifacts= b.Artifacts.s3(
name=project_name,
path="/artifacts",
bucket=context.buckets.artifacts_bucket,
encryption=True,
include_build_id=False,
package_zip=False)
)
def __init__(self, pipeline_data: PipelineData):
super().__init__(pipeline_data.scope,
pipeline_data.name,
env=pipeline_data.env)
self.source_artifact = cp.Artifact('Source')
self.cloud_assembly_artifact = cp.Artifact('CloudAs')
self.pipeline = CdkPipeline(
self,
"Pipeline",
self_mutating=True,
cross_account_keys=False,
cloud_assembly_artifact=self.cloud_assembly_artifact,
source_action=cpa.BitBucketSourceAction(
role=iam.LazyRole(
self,
'SourceRole',
assumed_by=iam.AccountPrincipal(self.account),
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name(
'AmazonS3FullAccess')
]),
action_name="Ship",
connection_arn=pipeline_data.github_connection_arn,
owner=pipeline_data.github_owner,
repo=pipeline_data.repo_name,
branch=pipeline_data.repo_branch,
output=self.source_artifact),
synth_action=SimpleSynthAction(
install_commands=pipeline_data.synth_install_commands,
environment=cb.BuildEnvironment(
environment_variables={
env_key: cb.BuildEnvironmentVariable(
value=pipeline_data.build_env[env_key])
for env_key in pipeline_data.build_env
},
build_image=cb.LinuxBuildImage.STANDARD_5_0,
compute_type=cb.ComputeType.SMALL,
privileged=True),
synth_command='cdk synth',
action_name='Synthesize',
cloud_assembly_artifact=self.cloud_assembly_artifact,
source_artifact=self.source_artifact))
pipeline = self.pipeline.node.try_find_child('Pipeline')
build_stage = pipeline.node.try_find_child('Build')
synth_action = build_stage.node.try_find_child('Synthesize')
build_proj = synth_action.node.try_find_child('CdkBuildProject')
cfn_build_project = build_proj.node.default_child
# Need Privileged mode for starting docker
cfn_build_project.add_property_override("Environment.PrivilegedMode",
"true")
# Updating from v4 by default in aws-cdk to v5
cfn_build_project.add_property_override("Environment.Image",
"aws/codebuild/standard:5.0")
# Only clone the last commit. Don't clone the history
cfn_build_project.add_property_override("Source.GitCloneDepth", 1)
self.pipeline.add_application_stage(pipeline_data.app_stage)
def create_build_stage(self, source_output, build_project):
build_stage=_cp.StageProps(
stage_name='Build',
actions=[
_cpa.CodeBuildAction(
action_name='Build',
input=source_output,
project=build_project,
run_order=1,
environment_variables={
'ENV': _cb.BuildEnvironmentVariable(value='develop'),
'FAMILY_NAME': _cb.BuildEnvironmentVariable(value='DEMO-TASK'),
},
outputs=[_cp.Artifact(artifact_name='BuildArtifact')],
)
]
)
return build_stage
def get_build_env_vars(self, ecr_repo):
return {
"REPOSITORY_URI":
codebuild.BuildEnvironmentVariable(value=ecr_repo.repository_uri),
"DOCKERHUB_USERNAME":
codebuild.BuildEnvironmentVariable(
value="/hello-bottlerocket/dockerhub/username",
type=codebuild.BuildEnvironmentVariableType.PARAMETER_STORE),
"DOCKERHUB_PASSWORD":
codebuild.BuildEnvironmentVariable(
value="/hello-bottlerocket/dockerhub/password",
type=codebuild.BuildEnvironmentVariableType.PARAMETER_STORE),
"EKS_NAME":
codebuild.BuildEnvironmentVariable(value=self.eks.cluster_name),
"EKS_ROLE":
codebuild.BuildEnvironmentVariable(
value=self.eks.kubectl_role.role_arn),
}
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Create ECR Repository
ghost_repo = ecr.Repository(
self, "GhostRepo",
repository_name="ghost"
)
# Create IAM Role For CodeBuild
ghost_build_role = iam.Role(
self, "GhostBuildRole",
assumed_by=iam.ServicePrincipal("codebuild.amazonaws.com"),
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name("EC2InstanceProfileForImageBuilderECRContainerBuilds")
]
)
# We only want to fire on the master branch and if there is a change in the dockerbuild folder
git_hub_source = codebuild.Source.git_hub(
owner="jasonumiker",
repo="k8s-plus-aws-gitops",
webhook=True,
webhook_filters=[
codebuild.FilterGroup.in_event_of(codebuild.EventAction.PUSH).and_branch_is("master").and_file_path_is("dockerbuild/*")
]
)
# Create CodeBuild
build_project = codebuild.Project(
self, "GhostBuildProject",
source=git_hub_source,
role=ghost_build_role,
build_spec=codebuild.BuildSpec.from_source_filename("dockerbuild/buildspec.yml"),
environment={
'privileged': True,
},
environment_variables={
'AWS_ACCOUNT_ID': codebuild.BuildEnvironmentVariable(value=self.account),
'IMAGE_REPO_NAME': codebuild.BuildEnvironmentVariable(value=ghost_repo.repository_name)
}
)
def __init__(self, app: core.App, id: str, props, **kwargs) -> None:
super().__init__(app, id, **kwargs)
bucket = aws_s3.Bucket(
self,
"SourceBucket",
bucket_name=f"flask-bucket-{core.Aws.ACCOUNT_ID}",
versioned=True,
removal_policy=core.RemovalPolicy.DESTROY)
# ECR repository for Docker images
ecr = aws_ecr.Repository(self,
"ECR",
repository_name="flask-repo",
removal_policy=core.RemovalPolicy.DESTROY)
ecr_build = aws_codebuild.PipelineProject(
self,
"ECRBuild",
project_name="ecr-image-build",
build_spec=aws_codebuild.BuildSpec.from_source_filename(
filename='codebuild/ecr/buildspec.yml'),
environment=aws_codebuild.BuildEnvironment(privileged=True, ),
# pass the ecr repo uri into the codebuild project so codebuild knows where to push
environment_variables={
'ecr':
aws_codebuild.BuildEnvironmentVariable(
value=ecr.repository_uri),
'tag':
aws_codebuild.BuildEnvironmentVariable(value='flask')
},
description='Pipeline for CodeBuild',
timeout=core.Duration.minutes(30),
)
ecr.grant_pull_push(ecr_build)
self.output_params = props.copy()
self.output_params['ecr'] = ecr.repository_uri
self.output_params['ecr_build'] = ecr_build
self.output_params['bucket'] = bucket
def create_project(self, target_function, stage):
project = codebuild.PipelineProject(
self,
self.create_id("Project", stage),
project_name=self.create_name(stage),
environment_variables={
"FUNCTION_NAME": codebuild.BuildEnvironmentVariable(
value=target_function.function_name,
type=codebuild.BuildEnvironmentVariableType.PLAINTEXT),
"STAGE": codebuild.BuildEnvironmentVariable(
value=stage,
type=codebuild.BuildEnvironmentVariableType.PLAINTEXT)
}
)
project.add_to_role_policy(
iam.PolicyStatement(
resources=[target_function.function_arn],
actions=['lambda:UpdateFunctionCode',
'lambda:UpdateFunctionConfiguration']
)
)
return project
def build_environment_variables(self):
base_environment = {
'REPOSITORY_URI':
aws_codebuild.BuildEnvironmentVariable(
value=self.ecr_repository.repository_uri),
'PIPELINE_NAME':
aws_codebuild.BuildEnvironmentVariable(
value=self.next_pipeline.pipeline_name),
'REGION':
aws_codebuild.BuildEnvironmentVariable(value=self.region)
}
build_environment = copy.deepcopy(self.build_environment)
build_environment.pop('REPOSITORY_URI', None)
build_environment.pop('PIPELINE_NAME', None)
build_environment.pop('REGION', None)
for key, value in build_environment.items():
if not isinstance(value, aws_codebuild.BuildEnvironmentVariable):
build_environment[
key] = aws_codebuild.BuildEnvironmentVariable(value=value)
return {**base_environment, **build_environment}
def buildenv(
environment_variables: dict
) -> typing.Dict[str, cb.BuildEnvironmentVariable]:
"""Facilitate Codebuild environmemt creation
Simply pass your dict to be turned a env variabltes
For values that starts with 'aws:sm:', the prefix will be striped off
and the Codebuild env variable type wil be set to SECRETS_MANAGER.
Args:
environment_variables (dict): key/value store to turn into Codebuild Env
Returns:
typing.Dict[cb.BuildEnvironmentVariable]: [description]
"""
envs = dict()
for env, value in environment_variables.items():
if isinstance(value, str) and value.startswith('aws:sm:'):
envs[env] = cb.BuildEnvironmentVariable(
value=value.replace('aws:sm:', ''),
type=cb.BuildEnvironmentVariableType.SECRETS_MANAGER)
else:
envs[env] = cb.BuildEnvironmentVariable(value=value)
return envs
def __init__(self, app: core.App, id: str, props, **kwargs) -> None:
super().__init__(app, id, **kwargs)
ecs_build = aws_codebuild.PipelineProject(self, "ECSBuild",
project_name="ecs-cluster-build",
build_spec=aws_codebuild.BuildSpec.from_source_filename(
filename='codebuild/ecs/buildspec.yml'),
environment=aws_codebuild.BuildEnvironment(
privileged=True,),
environment_variables={
'ecr': aws_codebuild.BuildEnvironmentVariable(
value=props['ecr'])
},
description='Pipeline for CodeBuild',
timeout=core.Duration.minutes(30),
)
self.output_params = props.copy()
self.output_params['ecs_build'] = ecs_build
def _create_build_and_assemble_action(
self,
input_artifact: aws_codepipeline.Artifact,
output_artifact: aws_codepipeline.Artifact,
pipeline_project: aws_codebuild.PipelineProject,
config_source_bucket: str = None):
if config_source_bucket is None:
return aws_codepipeline_actions.CodeBuildAction(
action_name='BuildAndAssemble',
input=input_artifact,
project=pipeline_project,
outputs=[output_artifact])
else:
return aws_codepipeline_actions.CodeBuildAction(
action_name='BuildAndAssemble',
input=input_artifact,
project=pipeline_project,
environment_variables={
'CONFIG_SOURCE_BUCKET':
aws_codebuild.BuildEnvironmentVariable(
value=config_source_bucket)
},
outputs=[output_artifact])
def _get_build_project(self):
ecr = aws_ecr.Repository(self,
"ECR",
repository_name="arronmoore-dev",
removal_policy=core.RemovalPolicy.DESTROY)
cb_docker_build = aws_codebuild.PipelineProject(
self,
"DockerBuild",
project_name=f"arronmoore-dev-docker-build",
build_spec=aws_codebuild.BuildSpec.from_source_filename(
filename='buildspec.yml'),
environment=aws_codebuild.BuildEnvironment(privileged=True, ),
# pass the ecr repo uri into the codebuild project so codebuild knows where to push
environment_variables={
'REPO_URI':
aws_codebuild.BuildEnvironmentVariable(
value=ecr.repository_uri)
},
description='Pipeline for CodeBuild',
timeout=core.Duration.minutes(60),
)
ecr.grant_pull_push(cb_docker_build)
return ecr, cb_docker_build
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
code = codecommit.Repository(
self, "CodeRepo", repository_name="iot-gg-cicd-workshop-repo")
prod_deploy_param_bucket = s3.Bucket(
self,
"ProdDeployBucket",
versioned=True,
)
prod_source_bucket = s3.Bucket(
self,
"ProdSourceBucket",
versioned=True,
)
ssm.StringParameter(
self,
"ProdSourceBucketParameter",
parameter_name="/iot-gg-cicd-workshop/s3/prod_source_bucket",
string_value=prod_source_bucket.bucket_name,
)
ssm.StringParameter(
self,
"ProdDeployBucketParameter",
parameter_name="/iot-gg-cicd-workshop/s3/prod_deploy_param_bucket",
string_value=prod_deploy_param_bucket.bucket_name,
)
cdk_build = codebuild.PipelineProject(
self,
"Build",
project_name="iot-gg-cicd-workshop-build",
build_spec=codebuild.BuildSpec.from_source_filename(
"buildspec.yml"),
environment_variables={
"AWS_DEFAULT_REGION":
codebuild.BuildEnvironmentVariable(value=kwargs['env'].region)
})
add_policies(cdk_build, [
"AWSCloudFormationFullAccess",
"AmazonSSMFullAccess",
"AmazonS3FullAccess",
"AWSLambdaFullAccess",
"IAMFullAccess",
])
cdk_deploy_canary = codebuild.PipelineProject(
self,
"Deploy",
project_name="iot-gg-cicd-workshop-deploy-canary",
build_spec=codebuild.BuildSpec.from_source_filename(
"deployspec.yml"),
environment_variables={
"AWS_DEFAULT_REGION":
codebuild.BuildEnvironmentVariable(value=kwargs['env'].region)
})
add_policies(cdk_deploy_canary, [
"AWSCloudFormationFullAccess", "AWSGreengrassFullAccess",
"AmazonSSMFullAccess", "ResourceGroupsandTagEditorReadOnlyAccess",
"AWSLambdaFullAccess", "AWSIoTFullAccess"
])
source_output = codepipeline.Artifact()
cdk_build_output = codepipeline.Artifact("CdkBuildOutput")
codepipeline.Pipeline(
self,
"Pipeline",
pipeline_name="iot-gg-cicd-workshop-pipeline-canary",
stages=[
codepipeline.StageProps(
stage_name="Source",
actions=[
codepipeline_actions.CodeCommitSourceAction(
action_name="CodeCommit_Source",
repository=code,
output=source_output)
]),
codepipeline.StageProps(
stage_name="Build_Package_Deploy_Lambda",
actions=[
codepipeline_actions.CodeBuildAction(
action_name="Build_Package_Deploy",
project=cdk_build,
input=source_output,
outputs=[cdk_build_output])
]),
codepipeline.StageProps(
stage_name="Deploy_GreenGrass_Canary",
actions=[
codepipeline_actions.CodeBuildAction(
action_name="Deploy_Canary",
project=cdk_deploy_canary,
input=cdk_build_output)
]),
])
cdk_deploy_prod = codebuild.PipelineProject(
self,
"DeployProd",
project_name="iot-gg-cicd-workshop-deploy-main",
build_spec=codebuild.BuildSpec.from_object(
dict(
version="0.2",
phases=dict(install=dict(commands=[
"apt-get install zip",
"PROD_SOURCE_BUCKET=$(aws ssm get-parameter --name '/iot-gg-cicd-workshop/s3/prod_source_bucket' --with-decryption --query 'Parameter.Value' --output text)",
"aws s3 cp s3://$PROD_SOURCE_BUCKET/prod_deploy.zip prod_deploy.zip",
"unzip -o prod_deploy.zip", "ls -la", "make clean init"
]),
build=dict(commands=[
"ls -la",
"make deploy-greengrass-prod",
])),
artifacts={
"base-directory": ".",
"files": ["**/*"]
},
environment=dict(
buildImage=codebuild.LinuxBuildImage.STANDARD_2_0))))
add_policies(cdk_deploy_prod, [
"AWSCloudFormationFullAccess", "AWSGreengrassFullAccess",
"AmazonSSMFullAccess", "ResourceGroupsandTagEditorReadOnlyAccess",
"AWSLambdaFullAccess"
])
prod_source_output = codepipeline.Artifact()
codepipeline.Pipeline(
self,
"PipelineProd",
pipeline_name="iot-gg-cicd-workshop-pipeline-main",
stages=[
codepipeline.StageProps(
stage_name="Source",
actions=[
codepipeline_actions.S3SourceAction(
action_name="S3_Source",
bucket=prod_deploy_param_bucket,
bucket_key="deploy_params.zip",
output=prod_source_output)
]),
codepipeline.StageProps(
stage_name="Deploy_GreenGrass_Prod",
actions=[
codepipeline_actions.CodeBuildAction(
action_name="Deploy_Prod",
project=cdk_deploy_prod,
input=prod_source_output)
]),
])
prod_source_bucket.grant_read_write(cdk_deploy_canary.role)
prod_source_bucket.grant_read(cdk_deploy_prod.role)
prod_deploy_param_bucket.grant_read_write(cdk_deploy_canary.role)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
notification_email = ssm.StringParameter.value_from_lookup(
self,
parameter_name='/serverless-pipeline/sns/notifications/primary-email'
)
github_user = ssm.StringParameter.value_from_lookup(
self,
parameter_name='/serverless-pipeline/codepipeline/github/user'
)
github_repo = ssm.StringParameter.value_from_lookup(
self,
parameter_name='/serverless-pipeline/codepipeline/github/repo'
)
github_token = core.SecretValue.secrets_manager(
'/serverless-pipeline/secrets/github/token',
json_field='github-token',
)
artifact_bucket = s3.Bucket(
self, 'BuildArtifactsBucket',
removal_policy=core.RemovalPolicy.RETAIN,
encryption=s3.BucketEncryption.KMS_MANAGED,
versioned=True,
)
build_project = build.PipelineProject(
self, 'BuildProject',
project_name='serveless-pipeline',
description='Build project for the serverless-pipeline',
environment=build.LinuxBuildImage.STANDARD_2_0,
environment_variables={
'BUILD_ARTIFACT_BUCKET': build.BuildEnvironmentVariable(value=artifact_bucket.bucket_name),
},
cache=build.Cache.bucket(artifact_bucket, prefix='codebuild-cache'),
build_spec=build.BuildSpec.from_object({
'version': '0.2',
'phases': {
'install': {
'runtime-versions': {
'nodejs': 10,
},
'commands': [
'echo "--------INSTALL PHASE--------"',
'pip3 install aws-sam-cli',
]
},
'pre_build': {
'commands': [
'echo "--------PREBUILD PHASE--------"',
'# Example shows installation of NPM dependencies for shared deps (layers) in a SAM App',
'# cd functions/dependencies/shared_deps_one/nodejs',
'# npm install && cd',
'# cd functions/dependencies/shared_deps_two/nodejs',
'# npm install && cd',
]
},
'build': {
'commands': [
'echo "--------BUILD PHASE--------"',
'echo "Starting SAM packaging `date` in `pwd`"',
'sam package --template-file template.yaml --s3-bucket $BUILD_ARTIFACT_BUCKET --output-template-file packaged.yaml',
]
},
'post_build': {
'commands': [
'echo "--------POST-BUILD PHASE--------"',
'echo "SAM packaging completed on `date`"',
]
}
},
'artifacts': {
'files': ['packaged.yaml'],
'discard-paths': 'yes',
},
'cache': {
'paths': ['/root/.cache/pip'],
}
})
)
serverless_pipeline = pipeline.Pipeline(
self, 'ServerlessPipeline',
artifact_bucket=artifact_bucket,
pipeline_name='serverless-pipeline',
restart_execution_on_update=True,
)
source_output = pipeline.Artifact()
build_output = pipeline.Artifact()
cfn_output = pipeline.Artifact()
# NOTE: This Stage/Action requires a manual OAuth handshake in the browser be complete before automated deployment can occur
# Create a new Pipeline in the console, manually authorize GitHub as a source, and then cancel the pipeline wizard.
serverless_pipeline.add_stage(stage_name='Source', actions=[
actions.GitHubSourceAction(
action_name='SourceCodeRepo',
owner=github_user,
oauth_token=github_token,
repo=github_repo,
branch='master',
output=source_output,
)
])
serverless_pipeline.add_stage(stage_name='Build', actions=[
actions.CodeBuildAction(
action_name='CodeBuildProject',
input=source_output,
outputs=[build_output],
project=build_project,
type=actions.CodeBuildActionType.BUILD,
)
])
serverless_pipeline.add_stage(stage_name='Staging', actions=[
actions.CloudFormationCreateReplaceChangeSetAction(
action_name='CreateChangeSet',
admin_permissions=True,
change_set_name='serverless-pipeline-changeset-Staging',
stack_name='ServerlessPipelineStaging',
template_path=pipeline.ArtifactPath(
build_output,
file_name='packaged.yaml'
),
capabilities=[cfn.CloudFormationCapabilities.ANONYMOUS_IAM],
run_order=1,
),
actions.CloudFormationExecuteChangeSetAction(
action_name='ExecuteChangeSet',
change_set_name='serverless-pipeline-changeset-Staging',
stack_name='ServerlessPipelineStaging',
output=cfn_output,
run_order=2,
),
])
serverless_pipeline.add_stage(stage_name='Production', actions=[
actions.CloudFormationCreateReplaceChangeSetAction(
action_name='CreateChangeSet',
admin_permissions=True,
change_set_name='serverless-pipeline-changeset-Production',
stack_name='ServerlessPipelineProduction',
template_path=pipeline.ArtifactPath(
build_output,
file_name='packaged.yaml'
),
capabilities=[cfn.CloudFormationCapabilities.ANONYMOUS_IAM],
run_order=1,
),
actions.ManualApprovalAction(
action_name='DeploymentApproval',
notify_emails=[notification_email],
run_order=2,
),
actions.CloudFormationExecuteChangeSetAction(
action_name='ExecuteChangeSet',
change_set_name='serverless-pipeline-changeset-Production',
stack_name='ServerlessPipelineProduction',
output=cfn_output,
run_order=3,
),
])
core.CfnOutput(
self, 'BuildArtifactsBucketOutput',
value=artifact_bucket.bucket_name,
description='Amazon S3 Bucket for Pipeline and Build artifacts',
)
core.CfnOutput(
self, 'CodeBuildProjectOutput',
value=build_project.project_arn,
description='CodeBuild Project name',
)
core.CfnOutput(
self, 'CodePipelineOutput',
value=serverless_pipeline.pipeline_arn,
description='AWS CodePipeline pipeline name',
)
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
# The code that defines your stack goes here
pipeline = codepipeline.Pipeline(
self, "Pipeline", artifact_bucket=s3.Bucket(self, "ArtifactBucket")
)
# Define the 'source' stage to be triggered by a webhook on the GitHub
# repo for the code. Don't be fooled by the name, it's just a codestar
# connection in the background. Bitbucket isn't involved.
source_output = codepipeline.Artifact("SourceOutput")
github_source = pipeline_actions.BitBucketSourceAction(
action_name="Github_Source",
connection_arn=core.SecretValue.secrets_manager(
secret_id="folksgl_github_connection_arn", json_field="arn"
).to_string(),
repo="sam-cicd-python-template",
owner="folksgl",
branch="main",
output=source_output,
)
pipeline.add_stage(stage_name="Source", actions=[github_source])
# Define the 'build' stage
build_project = codebuild.PipelineProject(
scope=self,
id="Build",
# Declare the pipeline artifact bucket name as an environment variable
# so the build can send the deployment package to it.
environment_variables={
"PACKAGE_BUCKET": codebuild.BuildEnvironmentVariable(
value=pipeline.artifact_bucket.bucket_name,
type=codebuild.BuildEnvironmentVariableType.PLAINTEXT,
)
},
environment=codebuild.BuildEnvironment(
build_image=codebuild.LinuxBuildImage.STANDARD_3_0
),
)
build_stage_output = codepipeline.Artifact("BuildStageOutput")
build_action = pipeline_actions.CodeBuildAction(
action_name="Build",
project=build_project,
input=source_output,
outputs=[build_stage_output],
)
pipeline.add_stage(stage_name="Build", actions=[build_action])
# Define the 'deploy' stage
stack_name = "gateway-service-python"
change_set_name = f"{stack_name}-changeset"
create_change_set = pipeline_actions.CloudFormationCreateReplaceChangeSetAction(
action_name="CreateChangeSet",
stack_name=stack_name,
change_set_name=change_set_name,
template_path=build_stage_output.at_path("packaged.yaml"),
admin_permissions=True,
run_order=1,
)
execute_change_set = pipeline_actions.CloudFormationExecuteChangeSetAction(
action_name="Deploy",
stack_name=stack_name,
change_set_name=change_set_name,
run_order=2,
)
pipeline.add_stage(
stage_name="DevDeployment", actions=[create_change_set, execute_change_set]
)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# ====================================
# ECR
# ====================================
ecr_repository = aws_ecr.Repository(
self,
id='ecr_repository',
repository_name='sample_repository',
removal_policy=core.RemovalPolicy.DESTROY)
# ====================================
# Build Docker Image
# ====================================
# codebuild project meant to run in pipeline
cb_docker_build = aws_codebuild.PipelineProject(
self,
"DockerBuild",
project_name='continuous-delivery',
# f"{props['namespace']}-Docker-Build",
build_spec=aws_codebuild.BuildSpec.from_source_filename(
filename='batch/docker_build_buildspec.yml'),
environment=aws_codebuild.BuildEnvironment(privileged=True, ),
# pass the ecr repo uri into the codebuild project so codebuild knows where to push
environment_variables={
'ecr':
aws_codebuild.BuildEnvironmentVariable(
value=ecr_repository.repository_uri),
'tag':
aws_codebuild.BuildEnvironmentVariable(value='sample-batch')
},
description='Pipeline for CodeBuild',
timeout=core.Duration.minutes(60),
)
# ====================================
# VPC
# ====================================
vpc = aws_ec2.Vpc(self,
id='vpc',
cidr='10.0.0.0/16',
max_azs=2,
nat_gateways=1,
vpn_gateway=False)
# ====================================
# ECS
# ====================================
# Create ecs cluester.
ecs_cluster = aws_ecs.Cluster(
self,
id='ecs_cluster',
cluster_name='sample_fargate_batch_cluster',
vpc=vpc)
# Create fargate task definition.
fargate_task_definition = aws_ecs.FargateTaskDefinition(
self,
id='fargate-task-definition',
cpu=256,
memory_limit_mib=512,
family='fargate-task-definition')
# Add container to task definition.
fargate_task_definition.add_container(
id='container',
image=aws_ecs.ContainerImage.from_ecr_repository(ecr_repository),
logging=aws_ecs.LogDriver.aws_logs(
stream_prefix='ecs',
log_group=aws_logs.LogGroup(
self,
id='log-group',
log_group_name='/ecs/fargate/fargate-batch')))
# Create cloud watch event rule.
rule = aws_events.Rule(
self,
id='rule',
rule_name='execute-task-rule',
description='Event rule to execute ecs task.',
schedule=aws_events.Schedule.cron(
day=None,
hour=None,
minute='*/5', # execute by every 5 minutes.
month=None,
week_day=None,
year=None))
rule.add_target(target=aws_events_targets.EcsTask(
cluster=ecs_cluster,
task_definition=fargate_task_definition,
task_count=1))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# The code that defines your stack goes here
base_api = _apigw.RestApi(self, 'PetclinicApiGatewayWithCors')
api_resource = base_api.root.add_resource('api')
self.add_cors_options(api_resource)
website_bucket = _s3.Bucket(self,
'PetclinicWebsite',
website_index_document='index.html',
public_read_access=True,
removal_policy=core.RemovalPolicy.DESTROY)
# Warm Lambda function Event rule
event_rule = _events.Rule(self,
'PetclinicLambdaWarmRule',
schedule=_events.Schedule.rate(
core.Duration.minutes(3)))
code = _commit.Repository(
self,
'ServerlessCode',
repository_name='spring-petclinic-static-resource')
build_project = _build.PipelineProject(
self,
'StaticWebBuild',
build_spec=_build.BuildSpec.from_object({
'version': 0.2,
'phases': {
'install': {
'runtime-versions': {
'java': 'openjdk8'
},
'commands': []
},
'build': {
'commands': [
'mv scripts/config.js scripts/config.js.origin',
'sed -e "s,http://localhost:8081/,$API_ENDPOINT,g" scripts/config.js.origin > scripts/config.js'
]
},
},
'artifacts': {
'files': '**/*'
},
}),
environment_variables={
'API_ENDPOINT':
_build.BuildEnvironmentVariable(value=base_api.url)
},
environment=_build.BuildEnvironment(
build_image=_build.LinuxBuildImage.STANDARD_2_0))
source_output = _pipeline.Artifact('SourceOutput')
build_output = _pipeline.Artifact('BuildOutput')
pipline = _pipeline.Pipeline(
self,
'ServerlessPipeline',
stages=[{
'stageName':
'Source',
'actions': [
_action.CodeCommitSourceAction(
action_name='CodeCommit_Source',
repository=code,
output=source_output)
]
}, {
'stageName':
'Build',
'actions': [
_action.CodeBuildAction(action_name='CodeBuild_Static',
project=build_project,
input=source_output,
outputs=[build_output])
]
}, {
'stageName':
'Deploy',
'actions': [
_action.S3DeployAction(action_name='Web_Static_Deploy',
input=build_output,
bucket=website_bucket)
]
}])
core.CfnOutput(self,
'RuleArn',
export_name='RuleArn',
value=event_rule.rule_arn)
core.CfnOutput(self,
'PetclinicApiGatewayWithCorsId',
export_name='PetclinicApiGatewayWithCorsId',
value=base_api.rest_api_id)
core.CfnOutput(self,
"PetclinicWebsiteUrl",
export_name="PetclinicWebsiteUrl",
value=website_bucket.bucket_website_url)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
eks_vpc = ec2.Vpc(self, "VPC", cidr="10.0.0.0/16")
self.node.apply_aspect(
core.Tag("kubernetes.io/cluster/cluster", "shared"))
eks_vpc.private_subnets[0].node.apply_aspect(
core.Tag("kubernetes.io/role/internal-elb", "1"))
eks_vpc.private_subnets[1].node.apply_aspect(
core.Tag("kubernetes.io/role/internal-elb", "1"))
eks_vpc.public_subnets[0].node.apply_aspect(
core.Tag("kubernetes.io/role/elb", "1"))
eks_vpc.public_subnets[1].node.apply_aspect(
core.Tag("kubernetes.io/role/elb", "1"))
# Create IAM Role For CodeBuild and Cloud9
codebuild_role = iam.Role(
self,
"BuildRole",
assumed_by=iam.CompositePrincipal(
iam.ServicePrincipal("codebuild.amazonaws.com"),
iam.ServicePrincipal("ec2.amazonaws.com")),
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name(
"AdministratorAccess")
])
instance_profile = iam.CfnInstanceProfile(
self, "InstanceProfile", roles=[codebuild_role.role_name])
# Create CodeBuild PipelineProject
build_project = codebuild.PipelineProject(
self,
"BuildProject",
role=codebuild_role,
build_spec=codebuild.BuildSpec.from_source_filename(
"buildspec.yml"))
# Create CodePipeline
pipeline = codepipeline.Pipeline(
self,
"Pipeline",
)
# Create Artifact
artifact = codepipeline.Artifact()
# S3 Source Bucket
source_bucket = s3.Bucket.from_bucket_attributes(
self,
"SourceBucket",
bucket_arn=core.Fn.join(
"",
["arn:aws:s3:::ee-assets-prod-",
core.Fn.ref("AWS::Region")]))
# Add Source Stage
pipeline.add_stage(
stage_name="Source",
actions=[
codepipeline_actions.S3SourceAction(
action_name="S3SourceRepo",
bucket=source_bucket,
bucket_key=
"modules/2cae1f20008d4fc5aaef294602649b98/v9/source.zip",
output=artifact,
trigger=codepipeline_actions.S3Trigger.NONE)
])
# Add CodeBuild Stage
pipeline.add_stage(
stage_name="Deploy",
actions=[
codepipeline_actions.CodeBuildAction(
action_name="CodeBuildProject",
project=build_project,
type=codepipeline_actions.CodeBuildActionType.BUILD,
input=artifact,
environment_variables={
'PublicSubnet1ID':
codebuild.BuildEnvironmentVariable(
value=eks_vpc.public_subnets[0].subnet_id),
'PublicSubnet2ID':
codebuild.BuildEnvironmentVariable(
value=eks_vpc.public_subnets[1].subnet_id),
'PrivateSubnet1ID':
codebuild.BuildEnvironmentVariable(
value=eks_vpc.private_subnets[0].subnet_id),
'PrivateSubnet2ID':
codebuild.BuildEnvironmentVariable(
value=eks_vpc.private_subnets[1].subnet_id),
'AWS_DEFAULT_REGION':
codebuild.BuildEnvironmentVariable(value=self.region),
'INSTANCEPROFILEID':
codebuild.BuildEnvironmentVariable(
value=instance_profile.ref),
'AWS_ACCOUNT_ID':
codebuild.BuildEnvironmentVariable(value=self.account)
})
])
cloud9_stack = cloudformation.CfnStack(
self,
"Cloud9Stack",
# template_url="https://aws-quickstart.s3.amazonaws.com/quickstart-cloud9-ide/templates/cloud9-ide-instance.yaml",
template_url=
"https://ee-assets-prod-us-east-1.s3.amazonaws.com/modules/2cae1f20008d4fc5aaef294602649b98/v9/cloud9-ide-instance.yaml",
parameters={
"C9InstanceType": "m5.large",
"C9Subnet": eks_vpc.public_subnets[0].subnet_id
})
pipeline.node.add_dependency(eks_vpc)
pipeline.node.add_dependency(cloud9_stack)
json_field=deployment_secret['json-fields']['github-oauth-token']),
trigger=codepipeline_actions.GitHubTrigger.WEBHOOK,
output=source_output,
)]),
codepipeline.StageProps(stage_name='Self-Update', actions=[
codepipeline_actions.CodeBuildAction(
action_name='Self_Deploy',
project=codebuild.PipelineProject(
stack, 'CodePipelineBuild',
build_spec=codebuild.BuildSpec.from_source_filename(
'codepipeline/pipelines-buildspec.yaml'),
role=code_build_role,
environment=codebuild.BuildEnvironment(
build_image=codebuild.LinuxBuildImage.STANDARD_4_0,
environment_variables={
'PROJECT_DIR': codebuild.BuildEnvironmentVariable(value='codepipeline'),
'STACK_FILE': codebuild.BuildEnvironmentVariable(value='release_pipeline.py')
}
)
),
input=source_output
)
]),
codepipeline.StageProps(stage_name='PyPi-Release', actions=[
codepipeline_actions.CodeBuildAction(
action_name='PyPi_Release',
project=codebuild.PipelineProject(
stack, 'PyPiReleaseBuild',
build_spec=codebuild.BuildSpec.from_source_filename(
'codepipeline/release-buildspec.yaml'),
role=code_build_role,
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
uri = self.account + '.dkr.ecr.' + self.region + '.amazonaws.com'
appl = 'colorteller'
buildspec = {
'version': '0.2',
'phases': {
'install': {
'commands': ['echo install step']
},
'pre_build': {
'commands': [
'echo logging in to AWS ECR...',
'$(aws ecr get-login --no-include-email --region %s)' %
self.region
]
},
'build': {
'commands': [
'echo building Docker image...',
'cd appmeshdemo/colorapp/%s' % appl,
'docker build -t %s:latest .' % appl,
'docker tag %s:latest %s/%s:latest' % (appl, uri, appl)
]
},
'post_build': {
'commands': [
'echo Docker image build complete!',
'echo push latest Docker images to ECR...',
'docker push %s/%s:latest' % (uri, appl)
]
}
}
}
buildenviron = codebuild.BuildEnvironment(
privileged=True,
build_image=codebuild.LinuxBuildImage.UBUNTU_14_04_DOCKER_18_09_0,
environment_variables={
'AWS_DEFAULT_REGION':
codebuild.BuildEnvironmentVariable(value=self.region),
'AWS_ACCOUNT_ID':
codebuild.BuildEnvironmentVariable(value=self.account),
'IMAGE_REPO_NAME':
codebuild.BuildEnvironmentVariable(value=appl),
'IMAGE_TAG':
codebuild.BuildEnvironmentVariable(value='latest')
})
proj = codebuild.Project(
self,
appl,
build_spec=codebuild.BuildSpec.from_object(buildspec),
environment=buildenviron)
call = custom.AwsSdkCall(service='CodeBuild',
action='startBuild',
parameters={'projectName': proj.project_name},
physical_resource_id='Custom%s' %
proj.project_name)
custom.AwsCustomResource(self,
'CustomCodeBuild',
on_create=call,
on_update=call)
def __init__(self, scope: core.Construct, id: str, vpc, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
name = "graviton2-aspnet-lab"
container_repository = ecr.Repository(scope=self,
id=f"{name}-container",
repository_name=f"{name}")
codecommit_repo = codecommit.Repository(
scope=self,
id=f"{name}-container-git",
repository_name=f"{name}",
description=f"Application code")
pipeline = codepipeline.Pipeline(scope=self,
id=f"{name}-container--pipeline",
pipeline_name=f"{name}")
source_output = codepipeline.Artifact()
docker_output_arm64 = codepipeline.Artifact("ARM64_BuildOutput")
buildspec_arm64 = codebuild.BuildSpec.from_source_filename(
"arm64-dotnet-buildspec.yml")
docker_build_arm64 = codebuild.PipelineProject(
scope=self,
id=f"DockerBuild_ARM64",
environment=dict(
build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_ARM,
privileged=True),
environment_variables={
'REPO_ECR':
codebuild.BuildEnvironmentVariable(
value=container_repository.repository_uri),
},
build_spec=buildspec_arm64)
container_repository.grant_pull_push(docker_build_arm64)
docker_build_arm64.add_to_role_policy(
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=[
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage"
],
resources=[
f"arn:{core.Stack.of(self).partition}:ecr:{core.Stack.of(self).region}:{core.Stack.of(self).account}:repository/*"
],
))
source_action = codepipeline_actions.CodeCommitSourceAction(
action_name="CodeCommit_Source",
repository=codecommit_repo,
output=source_output,
branch="master")
pipeline.add_stage(stage_name="Source", actions=[source_action])
pipeline.add_stage(stage_name="DockerBuild",
actions=[
codepipeline_actions.CodeBuildAction(
action_name=f"DockerBuild_ARM64",
project=docker_build_arm64,
input=source_output,
outputs=[docker_output_arm64])
])
# Outputs
core.CfnOutput(scope=self,
id="application_repository",
value=codecommit_repo.repository_clone_url_http)
