Skip to content

Commit fc5d90d

Browse files
JohnPrestonJohnPreston
committed
Ready for 1st CICD test
1 parent 6fae92b commit fc5d90d

File tree

6 files changed

+320
-7
lines changed

6 files changed

+320
-7
lines changed

.cicd/build_images.yml

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
2+
version: 0.2
3+
env:
4+
shell: /bin/bash
5+
variables:
6+
USE_EPOCH: 1
7+
8+
phases:
9+
install:
10+
commands:
11+
- if [ -z ${AWS_ACCOUNT_ID+x} ]; then AWS_ACCOUNT_ID=$(aws sts get-caller-identity | jq -r .Account); fi
12+
- if ! [ -z ${VERSION+} ]; then echo "Missing required parameter VERSION" && exit 1; fi
13+
- REGISTRY_URI=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION:-$AWS_DEFAULT_REGION}.amazonaws.com/
14+
- aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin ${REGISTRY_URI}
15+
- COMMIT_HASH=${CODEBUILD_RESOLVED_SOURCE_VERSION::7}
16+
- EPOCH=`date +'%Y%m%d'`
17+
- SUFFIX=${COMMIT_HASH:=$EPOCH}
18+
- if [ $USE_EPOCH -eq 1 ]; then SUFFIX=$EPOCH; fi
19+
- |
20+
if ! [ -z "${CODEBUILD_WEBHOOK_TRIGGER+x}" ]; then
21+
echo TRIGGER is $CODEBUILD_WEBHOOK_TRIGGER
22+
PRE=`echo $CODEBUILD_WEBHOOK_TRIGGER|cut -d '/' -f 1`;
23+
echo PRE is $PRE
24+
echo SUFFIX is $SUFFIX
25+
if [ "${PRE}" == "tag" ]; then SUFFIX=`echo $CODEBUILD_WEBHOOK_TRIGGER|cut -d '/' -f 2`; TAG_RELEASE=1 ; fi
26+
fi
27+
- echo SUFFIX ends up being $SUFFIX
28+
29+
build:
30+
commands:
31+
- TAG=${SUFFIX}
32+
- docker build -t ecs-files-composer:${TAG}${ARCH:+-$ARCH} ${ARCH:+--build-arg ARCH="-${ARCH}"} -f Dockerfile .
33+
- docker tag ecs-files-composer:${TAG}${ARCH:+-$ARCH} ${REGISTRY_URI}ecs-files-composer:${TAG}${ARCH:+-$ARCH}
34+
- docker push ${REGISTRY_URI}ecs-files-composer:${TAG}${ARCH:+-$ARCH}
35+
36+
finally:
37+
- rm -rfv ~/.docker

.cicd/buildspec.yml

Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
2+
version: 0.2
3+
env:
4+
shell: /bin/bash
5+
variables:
6+
USE_EPOCH: 0
7+
PUBLIC_REGISTRY: public.ecr.aws/ews-network
8+
DOCKER_CLI_EXPERIMENTAL: enabled
9+
10+
batch:
11+
fast-fail: false
12+
build-graph:
13+
14+
- identifier: amd64_py38
15+
env:
16+
compute-type: BUILD_GENERAL1_LARGE
17+
privileged-mode: true
18+
variables:
19+
VERSION: 3.8
20+
ARCH: amd64
21+
buildspec: build_images.yml
22+
23+
- identifier: arm64v8_py38
24+
env:
25+
type: ARM_CONTAINER
26+
image: aws/codebuild/amazonlinux2-aarch64-standard:2.0
27+
compute-type: BUILD_GENERAL1_LARGE
28+
privileged-mode: true
29+
variables:
30+
ARCH: arm64v8
31+
VERSION: 3.8
32+
buildspec: build_images.yml
33+
34+
- identifier: manifest
35+
env:
36+
compute-type: BUILD_GENERAL1_LARGE
37+
privileged-mode: true
38+
depend-on:
39+
- amd64_py37
40+
- arm64v8_py37
41+
- amd64_py38
42+
- arm64v8_py38
43+
44+
phases:
45+
install:
46+
commands:
47+
- if [ -z ${AWS_ACCOUNT_ID+x} ]; then AWS_ACCOUNT_ID=$(aws sts get-caller-identity | jq -r .Account); fi
48+
- REGISTRY_URI=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION:-$AWS_DEFAULT_REGION}.amazonaws.com/
49+
- aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin ${REGISTRY_URI}
50+
- aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${PUBLIC_REGISTRY}
51+
- if ! [ -z ${CODEBUILD_RESOLVED_SOURCE_VERSION+x} ]; then COMMIT_HASH=${CODEBUILD_RESOLVED_SOURCE_VERSION::7}; fi
52+
- EPOCH=`date +'%Y%m%d'`
53+
- VERSION=${COMMIT_HASH:=$EPOCH}
54+
- if [ $USE_EPOCH -eq 1 ]; then VERSION=$EPOCH; fi
55+
- |
56+
if ! [ -z "${CODEBUILD_WEBHOOK_TRIGGER+x}" ]; then
57+
echo TRIGGER is $CODEBUILD_WEBHOOK_TRIGGER
58+
PRE=`echo $CODEBUILD_WEBHOOK_TRIGGER|cut -d '/' -f 1`;
59+
echo PRE is $PRE
60+
echo VERSION is $VERSION
61+
if [ "${PRE}" == "tag" ]; then VERSION=`echo $CODEBUILD_WEBHOOK_TRIGGER|cut -d '/' -f 2`; TAG_RELEASE=1 ; fi
62+
fi
63+
- echo VERSION ends up being $VERSION
64+
65+
build:
66+
commands:
67+
- |
68+
for ARCH in "amd64" "arm64v8"; do
69+
ARCH_TAG=${VERSION}-${ARCH}
70+
71+
echo Publish from ${REGISTRY_URI}python:${ARCH_TAG}$ to ${PUBLIC_REGISTRY}/ecs-files-composer:${ARCH_TAG}$
72+
docker pull ${REGISTRY_URI}python:${ARCH_TAG}
73+
docker tag ${REGISTRY_URI}python:${ARCH_TAG} ${PUBLIC_REGISTRY}/ecs-files-composer:${ARCH_TAG}
74+
docker push ${PUBLIC_REGISTRY}/ecs-files-composer:${ARCH_TAG}
75+
done
76+
- |
77+
docker manifest create ${PUBLIC_REGISTRY}/ecs-files-composer:${VERSION} \
78+
--amend ${PUBLIC_REGISTRY}/ecs-files-composer:${VERSION}.${VERSION}-amd64 \
79+
--amend ${PUBLIC_REGISTRY}/ecs-files-composer:${VERSION}.${VERSION}-arm64v8
80+
- docker manifest push ${PUBLIC_REGISTRY}/ecs-files-composer:${VERSION}
81+
82+
finally:
83+
- rm -rfv ~/.docker

.cicd/codebuild_release.yml

Lines changed: 193 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,193 @@
1+
---
2+
Description: >-
3+
Pipeline to release Lambda layers publicly when new release is created
4+
5+
Metadata:
6+
Author: https://github.com/johnpreston
7+
8+
Parameters:
9+
RepositoryOrganization:
10+
Type: String
11+
Default: compose-x
12+
13+
RepositoryProvider:
14+
Type: String
15+
AllowedValues:
16+
- GitHub
17+
- CodeCommit
18+
Default: GitHub
19+
RepositoryName:
20+
Type: String
21+
22+
BuildLogsRetentionDays:
23+
Type: Number
24+
AllowedValues: [1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653]
25+
Default: 14
26+
27+
ReferenceBranchName:
28+
Type: String
29+
Default: main
30+
31+
DockerBuildspecFile:
32+
Type: String
33+
Default: .cicd/buildspec.yml
34+
35+
36+
Mappings:
37+
RepoUrlPrefixes:
38+
GitHub:
39+
Prefix: https://github.com/
40+
41+
Conditions:
42+
UseGitHub: !Equals [ !Ref RepositoryProvider, 'GitHub']
43+
UseCodeCommit: !Equals [ !Ref RepositoryProvider, 'CodeCommit']
44+
45+
Resources:
46+
BuildLogsGroup:
47+
Type: AWS::Logs::LogGroup
48+
Properties:
49+
LogGroupName: !Sub 'codebuild/pr-builds/${RepositoryName}'
50+
RetentionInDays: !Ref BuildLogsRetentionDays
51+
CodeBuildRole:
52+
Type: AWS::IAM::Role
53+
Properties:
54+
AssumeRolePolicyDocument:
55+
Version: '2012-10-17'
56+
Statement:
57+
- Action:
58+
- sts:AssumeRole
59+
Effect: Allow
60+
Principal:
61+
Service:
62+
- !Sub 'codebuild.${AWS::URLSuffix}'
63+
Policies:
64+
- PolicyName: ContentAccess
65+
PolicyDocument:
66+
Version: '2012-10-17'
67+
Statement:
68+
- Sid: CloudWatchLogs
69+
Effect: Allow
70+
Action:
71+
- logs:CreateLogStream
72+
- logs:PutLogEvents
73+
Resource:
74+
- !Sub '${BuildLogsGroup.Arn}'
75+
- Sid: CodeBuildReportsAccess
76+
Effect: Allow
77+
Resource:
78+
- !Sub 'arn:${AWS::Partition}:codebuild:${AWS::Region}:${AWS::AccountId}:report-group/*'
79+
Action:
80+
- codebuild:UpdateReportGroup
81+
- codebuild:CreateReportGroup
82+
- codebuild:CreateReport
83+
- codebuild:UpdateReport
84+
- codebuild:BatchPut*
85+
- Sid: CodeBuildBatch
86+
Effect: Allow
87+
Resource:
88+
- !Sub 'arn:${AWS::Partition}:codebuild:${AWS::Region}:${AWS::AccountId}:*'
89+
Action:
90+
- codebuild:StartBuild
91+
- codebuild:RetryBuild
92+
- Sid: ECRAuthAndGetFromAny
93+
Effect: Allow
94+
Resource:
95+
- "*"
96+
Action:
97+
- "ecr:GetAuthorizationToken"
98+
- "ecr:BatchGetImage"
99+
- "ecr:BatchCheckLayerAvailability"
100+
- "ecr:GetDownloadUrlForLayer"
101+
- Sid: ECRPublishToAnyPrivateRepo
102+
Effect: Allow
103+
Resource:
104+
- !Sub "arn:${AWS::Partition}:ecr:${AWS::Region}:${AWS::AccountId}:repository/*"
105+
Action:
106+
- "ecr:InitiateLayerUpload"
107+
- "ecr:UploadLayerPart"
108+
- "ecr:CompleteLayerUpload"
109+
- "ecr:PutImage"
110+
111+
- Sid: PublicEcrAuth
112+
Effect: Allow
113+
Resource:
114+
- "*"
115+
Action: [
116+
"ecr-public:GetAuthorizationToken",
117+
"sts:GetServiceBearerToken",
118+
"ecr-public:BatchCheckLayerAvailability",
119+
"ecr-public:GetRepositoryPolicy",
120+
"ecr-public:DescribeRepositories",
121+
"ecr-public:DescribeRegistries",
122+
"ecr-public:DescribeImages",
123+
"ecr-public:DescribeImageTags",
124+
"ecr-public:GetRepositoryCatalogData",
125+
"ecr-public:GetRegistryCatalogData",
126+
]
127+
128+
- Sid: PublicEcrPublish
129+
Effect: Allow
130+
Resource:
131+
- !Sub "arn:${AWS::Partition}:ecr-public::${AWS::AccountId}:repository/*"
132+
Action: [
133+
"ecr-public:InitiateLayerUpload",
134+
"ecr-public:UploadLayerPart",
135+
"ecr-public:CompleteLayerUpload",
136+
"ecr-public:PutImage"
137+
]
138+
139+
DockerImagesBuild:
140+
Type: AWS::CodeBuild::Project
141+
Properties:
142+
ServiceRole: !GetAtt 'CodeBuildRole.Arn'
143+
Description: !Sub 'Publishes new docker images on updates'
144+
LogsConfig:
145+
CloudWatchLogs:
146+
GroupName: !Ref BuildLogsGroup
147+
Status: ENABLED
148+
StreamName: docker-builds
149+
BadgeEnabled: True
150+
Artifacts:
151+
Type: NO_ARTIFACTS
152+
BuildBatchConfig:
153+
CombineArtifacts: False
154+
Restrictions:
155+
ComputeTypesAllowed:
156+
- BUILD_GENERAL1_SMALL
157+
- BUILD_GENERAL1_MEDIUM
158+
- BUILD_GENERAL1_LARGE
159+
MaximumBuildsAllowed: 10
160+
ServiceRole: !GetAtt 'CodeBuildRole.Arn'
161+
TimeoutInMins: 60
162+
Environment:
163+
ComputeType: BUILD_GENERAL1_SMALL
164+
Image: aws/codebuild/standard:5.0
165+
Type: LINUX_CONTAINER
166+
Source:
167+
Type: GITHUB
168+
ReportBuildStatus: True
169+
Location: !If
170+
- UseGitHub
171+
- !Sub 'https://github.com/${RepositoryOrganization}/${RepositoryName}'
172+
- !Sub 'https://codecommit.${AWS::Region}.${AWS::URLSuffix}'
173+
InsecureSsl: False
174+
BuildSpec: !Ref DockerBuildspecFile
175+
Triggers:
176+
Webhook: True
177+
BuildType: BUILD_BATCH
178+
FilterGroups:
179+
- - Type: EVENT
180+
Pattern: "PULL_REQUEST_MERGED"
181+
ExcludeMatchedPattern: False
182+
- Type: HEAD_REF
183+
Pattern: '^refs/heads/.*$'
184+
ExcludeMatchedPattern: False
185+
- Type: BASE_REF
186+
Pattern: !Sub '^refs/heads/${ReferenceBranchName}$'
187+
ExcludeMatchedPattern: False
188+
- - Type: EVENT
189+
Pattern: "PUSH"
190+
ExcludeMatchedPattern: False
191+
- Type: HEAD_REF
192+
Pattern: !Sub '^refs/tags/v.*$'
193+
ExcludeMatchedPattern: False

docs/conf.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -125,8 +125,8 @@
125125
"color_primary": "blue",
126126
"color_accent": "light-blue",
127127
# Set the repo location to get a badge with stats
128-
"repo_url": "https://github.com/compose-x/ecs_files_composer/",
129-
"repo_name": "compose-x/ecs_files_composer",
128+
"repo_url": "https://github.com/compose-x/ecs-fles-composer/",
129+
"repo_name": "compose-x/ecs-fles-composer",
130130
"repo_type": "github",
131131
# Visible levels of the global TOC; -1 means unlimited
132132
"globaltoc_depth": 2,

docs/installation.rst

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -32,13 +32,13 @@ You can either clone the public repository:
3232

3333
.. code-block:: console
3434
35-
$ git clone git://github.com/compose-x/ecs_files_composer
35+
$ git clone git://github.com/compose-x/ecs-fles-composer
3636
3737
Or download the `tarball`_:
3838

3939
.. code-block:: console
4040
41-
$ curl -OJL https://github.com/compose-x/ecs_files_composer/tarball/master
41+
$ curl -OJL https://github.com/compose-x/ecs-fles-composer/tarball/master
4242
4343
Once you have a copy of the source, you can install it with:
4444

@@ -47,5 +47,5 @@ Once you have a copy of the source, you can install it with:
4747
$ python setup.py install
4848
4949
50-
.. _Github repo: https://github.com/compose-x/ecs_files_composer
51-
.. _tarball: https://github.com/compose-x/ecs_files_composer/tarball/master
50+
.. _Github repo: https://github.com/compose-x/ecs-fles-composer
51+
.. _tarball: https://github.com/compose-x/ecs-fles-composer/tarball/master

setup.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@
7575
setup_requires=setup_requirements,
7676
test_suite="tests",
7777
tests_require=test_requirements,
78-
url="https://github.com/compose-x/ecs_files_composer",
78+
url="https://github.com/compose-x/ecs-files-composer",
7979
version="0.0.1",
8080
zip_safe=False,
8181
license="MPL-2.0",

0 commit comments

Comments
 (0)