Commit 0aca72a0 authored by David Diederich's avatar David Diederich
Browse files

Merge branch 'aws-devops' into 'master'

AWS ci/cd for Storage/Legal/Delivery services

See merge request osdu/platform/ci-cd-pipelines!18
parents a6321afb fb823bf5
include:
- template: Container-Scanning.gitlab-ci.yml
.aws_variables:
variables:
ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY
INTEGRATION_TEST_DIR: $AWS_TEST_SUBDIR
SERVICE_NAME: $AWS_SERVICE
BUILD_DIR: $AWS_BUILD_SUBDIR
ENVIRONMENT: $AWS_ENVIRONMENT
APPLICATION_NAME: os-$AWS_SERVICE
LOCAL_IMAGE_TAG: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
AWS_IMAGE_TAG_BASE: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/os-$AWS_SERVICE
S3_DATA_BUCKET: $AWS_S3_DATA_BUCKET
SNS_TOPIC_NAME: $AWS_SNS_TOPIC_NAME
LEGALTAG_BASE_URL: $AWS_LEGALTAG_BASE_URL
SNS_TOPIC_NAME: $AWS_SNS_TOPIC_NAME
OTHER_RELEVANT_DATA_COUNTRIES: $AWS_OTHER_RELEVANT_DATA_COUNTRIES
LEGAL_TAG : $AWS_LEGAL_TAG
TENANT_NAME : $AWS_TENANT_NAME
STORAGE_URL: $AWS_STORAGE_URL
DOMAIN: $AWS_TESTING_DOMAIN
LEGAL_URL: $AWS_LEGAL_URL
AWS_COGNITO_CLIENT_ID: $AWS_COGNITO_CLIENT_ID
AWS_COGNITO_AUTH_FLOW: $AWS_COGNITO_AUTH_FLOW
AWS_COGNITO_AUTH_PARAMS_PASSWORD: $AWS_COGNITO_AUTH_PARAMS_PASSWORD
AWS_COGNITO_AUTH_PARAMS_USER: $AWS_COGNITO_AUTH_PARAMS_USER
AWS_COGNITO_AUTH_PARAMS_USER_NO_ACCESS: $AWS_COGNITO_AUTH_PARAMS_USER_NO_ACCESS
AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID
AWS_REGION: $AWS_REGION
DEPLOY_ENV: $AWS_DEPLOY_ENV
CACHE_CLUSTER_GROUP_ENDPOINT: $AWS_CACHE_CLUSTER_GROUP_ENDPOINT
CACHE_CLUSTER_GROUP_PORT: $AWS_CACHE_CLUSTER_GROUP_PORT
CACHE_CLUSTER_LEGALTAG_ENDPOINT: $AWS_CACHE_CLUSTER_LEGALTAG_ENDPOINT
CACHE_CLUSTER_LEGALTAG_PORT: $AWS_CACHE_CLUSTER_LEGALTAG_PORT
CACHE_CLUSTER_SCHEMA_ENDPOINT: $AWS_CACHE_CLUSTER_SCHEMA_ENDPOINT
CACHE_CLUSTER_SCHEMA_PORT: $AWS_CACHE_CLUSTER_SCHEMA_PORT
APPLICATION_PORT: $AWS_APPLICATION_PORT
HOST_URL: $AWS_LEGAL_URL
MY_TENANT: $AWS_TENANT_NAME
AWS_S3_ENDPOINT: $AWS_S3_ENDPOINT
AWS_S3_REGION: $AWS_REGION
LOG_LEVEL: INFO
SKIP_HTTP_TESTS: $AWS_SKIP_HTTP_TESTS
S3_LEGAL_CONFIG_BUCKET: $AWS_S3_LEGAL_CONFIG_BUCKET
LEGAL_QUEUE: $AWS_LEGAL_QUEUE
TABLE_PREFIX: $AWS_TABLE_PREFIX
DYNAMO_DB_REGION: $AWS_DYNAMO_DB_REGION
DYNAMO_DB_ENDPOINT: $AWS_DYNAMO_DB_ENDPOINT
DELIVERY_INT_TEST_BUCKET_NAME: $AWS_DELIVERY_INT_TEST_BUCKET_NAME
DEFAULT_DATA_PARTITION_ID_TENANT1: $AWS_DEFAULT_DATA_PARTITION_ID_TENANT1
DEFAULT_DATA_PARTITION_ID_TENANT2: $AWS_DEFAULT_DATA_PARTITION_ID_TENANT2
SEARCH_HOST: $AWS_SEARCH_HOST
STORAGE_HOST: $AWS_STORAGE_HOST
LEGAL_HOST: $AWS_LEGAL_HOST
DELIVERY_HOST: $AWS_DELIVERY_HOST
ENTITLEMENTS_DOMAIN: $AWS_ENTITLEMENTS_DOMAIN
.aws:
tags: ['docker-runner']
image: divido2/aws-maven:v1.0
environment:
name: AWS
only:
variables:
- $AWS_ACCESS_KEY_ID && $AWS_SECRET_ACCESS_KEY && $AWS_ACCOUNT_ID && $AWS_ENVIRONMENT && $AWS_APPLICATION_NAME && $AWS_REGION && $AWS_BUILD_SUBDIR
extends:
- .aws_variables
before_script:
- mkdir -p ~/.aws
- |
cat > ~/.aws/credentials <<EOF
[default]
aws_access_key_id = $AWS_ACCESS_KEY_ID
aws_secret_access_key = $AWS_SECRET_ACCESS_KEY
aws_access_key_id = $ACCESS_KEY_ID
aws_secret_access_key = $SECRET_ACCESS_KEY
EOF
aws-containerize:
extends: .aws
extends:
- .aws
- .aws_variables
stage: containerize
needs: ['compile-and-unit-test']
variables:
LOCAL_IMAGE_TAG: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
AWS_IMAGE_TAG_BASE: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$AWS_ENVIRONMENT-$AWS_APPLICATION_NAME-repository
script:
- AWS_VERSION=$(cd $AWS_BUILD_SUBDIR && mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
- docker build --build-arg JAR_VERSION=$AWS_VERSION -f $AWS_BUILD_SUBDIR/Dockerfile -t $LOCAL_IMAGE_TAG .
- docker build -f $BUILD_DIR/Dockerfile -t $LOCAL_IMAGE_TAG .
# Push to the local container registry
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker push $LOCAL_IMAGE_TAG
# Push to Amazon's container registry
- $(aws ecr get-login --no-include-email --region $AWS_REGION)
- docker tag $LOCAL_IMAGE_TAG $AWS_IMAGE_TAG_BASE:$CI_COMMIT_SHA
- docker tag $LOCAL_IMAGE_TAG $AWS_IMAGE_TAG_BASE:latest
- docker push $AWS_IMAGE_TAG_BASE:$CI_COMMIT_SHA
- docker push $AWS_IMAGE_TAG_BASE:latest
only:
variables:
- $AWS == 'true'
aws-update-ecs:
extends: .aws
extends:
- .aws
- .aws_variables
stage: deploy
needs: ['aws-containerize']
script:
- ECS_CLUSTER_NAME=$(aws cloudformation list-exports --query "Exports[?Name=='$AWS_ENVIRONMENT-$AWS_APPLICATION_NAME-EcsClusterName'].[Value]" --output text --region $AWS_REGION)
- ECS_SERVICE_NAME=$(aws cloudformation list-exports --query "Exports[?Name=='$AWS_ENVIRONMENT-$AWS_APPLICATION_NAME-EcsServiceName'].[Value]" --output text --region $AWS_REGION)
- aws ecs update-service --cluster $ECS_CLUSTER_NAME --service $ECS_SERVICE_NAME --region $AWS_REGION --force-new-deployment
- ECS_SERVICE_NAME=$(aws ssm get-parameter --name ecs-$SERVICE_NAME --query Parameter.Value --output text --region $AWS_REGION)
- aws ecs update-service --cluster gitlab-core-cluster --service $ECS_SERVICE_NAME --region $AWS_REGION --force-new-deployment
only:
variables:
- $AWS == 'true'
aws-test:
extends: .aws
extends:
- .aws
- .aws_variables
stage: integration
needs: ['aws-update-ecs']
script:
- echo "Placeholder job, need to add AWS integration test script here"
- /bin/false
# --------------------------------------------------------------------------------
container_scanning:
stage: scan
needs: ['aws-containerize']
environment:
name: AWS
- ls -ltr
- cd $INTEGRATION_TEST_DIR
- mvn test -Dorg.slf4j.simpleLogger.defaultLogLevel=info
only:
variables:
- $AWS_ACCESS_KEY_ID && $AWS_SECRET_ACCESS_KEY && $AWS_ACCOUNT_ID && $AWS_ENVIRONMENT && $AWS_APPLICATION_NAME && $AWS_REGION && $AWS_BUILD_SUBDIR
tags: ['docker-dind-runner']
variables:
DOCKERFILE_PATH: $AWS_BUILD_SUBDIR/Dockerfile
CI_APPLICATION_REPOSITORY: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$AWS_ENVIRONMENT-$AWS_APPLICATION_NAME-repository
- $AWS == 'true'
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment