Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
harshit aggarwal
CI-CD Pipelines
Commits
71c2a485
Commit
71c2a485
authored
Jun 02, 2020
by
Srihari Prabaharan
Browse files
AWS ci/cd for Storage/Legal/Delivery services
parent
a6321afb
Changes
1
Hide whitespace changes
Inline
Side-by-side
cloud-providers/aws.yml
View file @
71c2a485
include
:
-
template
:
Container-Scanning.gitlab-ci.yml
.aws_variables
:
variables
:
ACCESS_KEY_ID
:
$AWS_ACCESS_KEY_ID
SECRET_ACCESS_KEY
:
$AWS_SECRET_ACCESS_KEY
INTEGRATION_TEST_DIR
:
$AWS_TEST_SUBDIR
SERVICE_NAME
:
$AWS_SERVICE
BUILD_DIR
:
$AWS_BUILD_SUBDIR
ENVIRONMENT
:
$AWS_ENVIRONMENT
APPLICATION_NAME
:
os-$AWS_SERVICE
LOCAL_IMAGE_TAG
:
$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
AWS_IMAGE_TAG_BASE
:
$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/os-$AWS_SERVICE
S3_DATA_BUCKET
:
$AWS_S3_DATA_BUCKET
SNS_TOPIC_NAME
:
$AWS_SNS_TOPIC_NAME
LEGALTAG_BASE_URL
:
$AWS_LEGALTAG_BASE_URL
SNS_TOPIC_NAME
:
$AWS_SNS_TOPIC_NAME
OTHER_RELEVANT_DATA_COUNTRIES
:
$AWS_OTHER_RELEVANT_DATA_COUNTRIES
LEGAL_TAG
:
$AWS_LEGAL_TAG
TENANT_NAME
:
$AWS_TENANT_NAME
STORAGE_URL
:
$AWS_STORAGE_URL
DOMAIN
:
$AWS_TESTING_DOMAIN
LEGAL_URL
:
$AWS_LEGAL_URL
AWS_COGNITO_CLIENT_ID
:
$AWS_COGNITO_CLIENT_ID
AWS_COGNITO_AUTH_FLOW
:
$AWS_COGNITO_AUTH_FLOW
AWS_COGNITO_AUTH_PARAMS_PASSWORD
:
$AWS_COGNITO_AUTH_PARAMS_PASSWORD
AWS_COGNITO_AUTH_PARAMS_USER
:
$AWS_COGNITO_AUTH_PARAMS_USER
AWS_COGNITO_AUTH_PARAMS_USER_NO_ACCESS
:
$AWS_COGNITO_AUTH_PARAMS_USER_NO_ACCESS
AWS_ACCOUNT_ID
:
$AWS_ACCOUNT_ID
AWS_REGION
:
$AWS_REGION
DEPLOY_ENV
:
$AWS_DEPLOY_ENV
CACHE_CLUSTER_GROUP_ENDPOINT
:
$AWS_CACHE_CLUSTER_GROUP_ENDPOINT
CACHE_CLUSTER_GROUP_PORT
:
$AWS_CACHE_CLUSTER_GROUP_PORT
CACHE_CLUSTER_LEGALTAG_ENDPOINT
:
$AWS_CACHE_CLUSTER_LEGALTAG_ENDPOINT
CACHE_CLUSTER_LEGALTAG_PORT
:
$AWS_CACHE_CLUSTER_LEGALTAG_PORT
CACHE_CLUSTER_SCHEMA_ENDPOINT
:
$AWS_CACHE_CLUSTER_SCHEMA_ENDPOINT
CACHE_CLUSTER_SCHEMA_PORT
:
$AWS_CACHE_CLUSTER_SCHEMA_PORT
APPLICATION_PORT
:
$AWS_APPLICATION_PORT
HOST_URL
:
$AWS_LEGAL_URL
MY_TENANT
:
$AWS_TENANT_NAME
AWS_S3_ENDPOINT
:
$AWS_S3_ENDPOINT
AWS_S3_REGION
:
$AWS_REGION
LOG_LEVEL
:
INFO
SKIP_HTTP_TESTS
:
$AWS_SKIP_HTTP_TESTS
S3_LEGAL_CONFIG_BUCKET
:
$AWS_S3_LEGAL_CONFIG_BUCKET
LEGAL_QUEUE
:
$AWS_LEGAL_QUEUE
TABLE_PREFIX
:
$AWS_TABLE_PREFIX
DYNAMO_DB_REGION
:
$AWS_DYNAMO_DB_REGION
DYNAMO_DB_ENDPOINT
:
$AWS_DYNAMO_DB_ENDPOINT
DELIVERY_INT_TEST_BUCKET_NAME
:
$AWS_DELIVERY_INT_TEST_BUCKET_NAME
DEFAULT_DATA_PARTITION_ID_TENANT1
:
$AWS_DEFAULT_DATA_PARTITION_ID_TENANT1
DEFAULT_DATA_PARTITION_ID_TENANT2
:
$AWS_DEFAULT_DATA_PARTITION_ID_TENANT2
SEARCH_HOST
:
$AWS_SEARCH_HOST
STORAGE_HOST
:
$AWS_STORAGE_HOST
LEGAL_HOST
:
$AWS_LEGAL_HOST
DELIVERY_HOST
:
$AWS_DELIVERY_HOST
ENTITLEMENTS_DOMAIN
:
$AWS_ENTITLEMENTS_DOMAIN
.aws
:
tags
:
[
'
docker-runner'
]
image
:
divido2/aws-maven:v1.0
environment
:
name
:
AWS
only
:
variables
:
-
$AWS_ACCESS_KEY_ID && $AWS_SECRET_ACCESS_KEY && $AWS_ACCOUNT_ID && $AWS_ENVIRONMENT && $AWS_APPLICATION_NAME && $AWS_REGION && $AWS_BUILD_SUBDIR
extends
:
-
.aws_variables
before_script
:
-
mkdir -p ~/.aws
-
|
cat > ~/.aws/credentials <<EOF
[default]
aws_access_key_id = $
AWS_
ACCESS_KEY_ID
aws_secret_access_key = $
AWS_
SECRET_ACCESS_KEY
aws_access_key_id = $ACCESS_KEY_ID
aws_secret_access_key = $SECRET_ACCESS_KEY
EOF
aws-containerize
:
extends
:
.aws
extends
:
-
.aws
-
.aws_variables
stage
:
containerize
needs
:
[
'
compile-and-unit-test'
]
variables
:
LOCAL_IMAGE_TAG
:
$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
AWS_IMAGE_TAG_BASE
:
$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$AWS_ENVIRONMENT-$AWS_APPLICATION_NAME-repository
script
:
-
AWS_VERSION=$(cd $AWS_BUILD_SUBDIR && mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
-
docker build --build-arg JAR_VERSION=$AWS_VERSION -f $AWS_BUILD_SUBDIR/Dockerfile -t $LOCAL_IMAGE_TAG .
-
AWS_VERSION=$(cd $BUILD_DIR && mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
-
docker build -f $BUILD_DIR/Dockerfile -t $LOCAL_IMAGE_TAG .
# Push to the local container registry
-
docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-
docker push $LOCAL_IMAGE_TAG
# Push to Amazon's container registry
-
$(aws ecr get-login --no-include-email --region $AWS_REGION)
-
docker tag $LOCAL_IMAGE_TAG $AWS_IMAGE_TAG_BASE:$CI_COMMIT_SHA
...
...
@@ -45,35 +91,23 @@ aws-containerize:
-
docker push $AWS_IMAGE_TAG_BASE:latest
aws-update-ecs
:
extends
:
.aws
extends
:
-
.aws
-
.aws_variables
stage
:
deploy
needs
:
[
'
aws-containerize'
]
script
:
-
ECS_CLUSTER_NAME=$(aws cloudformation list-exports --query "Exports[?Name=='$AWS_ENVIRONMENT-$AWS_APPLICATION_NAME-EcsClusterName'].[Value]" --output text --region $AWS_REGION)
-
ECS_SERVICE_NAME=$(aws cloudformation list-exports --query "Exports[?Name=='$AWS_ENVIRONMENT-$AWS_APPLICATION_NAME-EcsServiceName'].[Value]" --output text --region $AWS_REGION)
-
aws ecs update-service --cluster $ECS_CLUSTER_NAME --service $ECS_SERVICE_NAME --region $AWS_REGION --force-new-deployment
-
ECS_SERVICE_NAME=$(aws ssm get-parameter --name ecs-$SERVICE_NAME --query Parameter.Value --output text --region $AWS_REGION)
-
aws ecs update-service --cluster gitlab-core-cluster --service $ECS_SERVICE_NAME --region $AWS_REGION --force-new-deployment
aws-test
:
extends
:
.aws
extends
:
-
.aws
-
.aws_variables
stage
:
integration
needs
:
[
'
aws-update-ecs'
]
script
:
-
echo "Placeholder job, need to add AWS integration test script here"
-
/bin/false
# --------------------------------------------------------------------------------
container_scanning
:
stage
:
scan
needs
:
[
'
aws-containerize'
]
environment
:
name
:
AWS
only
:
variables
:
-
$AWS_ACCESS_KEY_ID && $AWS_SECRET_ACCESS_KEY && $AWS_ACCOUNT_ID && $AWS_ENVIRONMENT && $AWS_APPLICATION_NAME && $AWS_REGION && $AWS_BUILD_SUBDIR
tags
:
[
'
docker-dind-runner'
]
variables
:
DOCKERFILE_PATH
:
$AWS_BUILD_SUBDIR/Dockerfile
CI_APPLICATION_REPOSITORY
:
$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$AWS_ENVIRONMENT-$AWS_APPLICATION_NAME-repository
-
printenv
-
ls -ltr
-
cd $INTEGRATION_TEST_DIR
-
mvn test -Dorg.slf4j.simpleLogger.defaultLogLevel=info
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
