ci: Improve CI process (#69)

* chore: change bucket dir for ecs templates

* ci: release each template separetly

* docs: readme modifications

* chore: rename ecs directory

* fix: typo

* fix: trigger build

* fix: lint

Author: hayk99

.github/workflows/ci-master-apprunner.yaml

@@ -0,0 +1,32 @@
+name: CI - Master AppRunner
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'templates_apprunner/**'
+
+
+jobs:
+  build:
+    name: Build and Upload
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v3
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: eu-west-1
+
+    - name: Build and Upload AppRunner templates
+      run: make ci
+      working-directory: ./templates_apprunner
+      env:
+        S3_BUCKET: cf-templates-cloudvision-ci
+        S3_PREFIX: master

.github/workflows/ci-master.yaml renamed to .github/workflows/ci-master-ecs.yaml

@@ -1,9 +1,12 @@
-name: CI - Master
+name: CI - Master ECS
 
 on:
   push:
     branches:
-    - main
+      - main
+    paths:
+      - 'templates_ecs/**'
+
 
 jobs:
   build:
@@ -12,7 +15,7 @@ jobs:
 
     steps:
     - name: Check out code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Configure AWS credentials
       uses: aws-actions/configure-aws-credentials@v1
@@ -21,9 +24,9 @@ jobs:
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         aws-region: eu-west-1
 
-    - name: Build and Upload
+    - name: Build and Upload ECS templates
       run: make ci
-      working-directory: ./templates
+      working-directory: ./templates_ecs
       env:
         S3_BUCKET: cf-templates-cloudvision-ci
         S3_PREFIX: master

.github/workflows/ci-pull-request-apprunner.yaml

@@ -0,0 +1,48 @@
+name: CI - Pull Request AppRunner
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'templates_apprunner/**'
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v3
+
+    - name: cfn-lint
+      uses: scottbrenner/cfn-lint-action@v2
+
+    - name: Print the Cloud Formation Linter Version & run Linter
+      run: |
+        cfn-lint --version
+        cfn-lint -t templates_apprunner/**/*.yaml
+
+  build:
+    name: Build and Upload AppRunner templates
+    runs-on: ubuntu-latest
+    needs: [lint]
+
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v3
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: eu-west-1
+
+    - name: Build and Upload AppRunner Templates
+      run: make ci
+      working-directory: templates_apprunner
+      env:
+        S3_BUCKET: cf-templates-cloudvision-ci
+        S3_PREFIX: pr/${{ github.event.pull_request.head.ref }}

.github/workflows/ci-pull-request.yaml renamed to .github/workflows/ci-pull-request-ecs.yaml

@@ -1,9 +1,11 @@
-name: CI - Pull Request
+name: CI - Pull Request ECS
 
 on:
   pull_request:
     branches:
-    - main
+      - main
+    paths:
+      - 'templates_apprunner/**'
 
 jobs:
   lint:
@@ -12,24 +14,24 @@ jobs:
 
     steps:
     - name: Check out code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: cfn-lint
       uses: scottbrenner/cfn-lint-action@v2
 
     - name: Print the Cloud Formation Linter Version & run Linter
       run: |
         cfn-lint --version
-        cfn-lint -t templates/**/*.yaml
+        cfn-lint -t templates_ecs/**/*.yaml
 
   build:
-    name: Build and Upload
+    name: Build and Upload ECS templates
     runs-on: ubuntu-latest
     needs: [lint]
 
     steps:
     - name: Check out code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Configure AWS credentials
       uses: aws-actions/configure-aws-credentials@v1
@@ -40,7 +42,7 @@ jobs:
 
     - name: Build and Upload ECS Templates
       run: make ci
-      working-directory: templates_apprunner
+      working-directory: templates_ecs
       env:
         S3_BUCKET: cf-templates-cloudvision-ci
         S3_PREFIX: pr/${{ github.event.pull_request.head.ref }}

.github/workflows/release-apprunner.yaml

@@ -0,0 +1,66 @@
+name: Release AppRunner
+
+on:
+  push:
+    tags:
+      - v*
+    paths:
+      - 'templates_apprunner/**'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Setup Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: ^1.16
+
+    - name: Setup go-chglog
+      run: go get -u github.com/git-chglog/git-chglog/cmd/git-chglog
+
+    - name: Generate changelog
+      run: git-chglog -c .github/git-chglog/config.yml -o RELEASE_CHANGELOG.md $(git describe --tags $(git rev-list --tags --max-count=1))
+
+    - name: Create release
+      id: create_release
+      uses: actions/create-release@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        tag_name: ${{ github.ref }}
+        release_name: ${{ github.ref }}
+        draft: true
+        prerelease: false
+        body_path: RELEASE_CHANGELOG.md
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: eu-west-1
+
+    - name: Prepare
+      id: prep
+      run: |
+        echo ::set-output name=VERSION::$(echo "${{ github.ref }}" | sed -e 's/.*\/v\(.*\)/\1/')
+
+    - name: Build and Upload AppRunner Version
+      run: make ci
+      working-directory: ./templates_apprunner
+      env:
+        S3_BUCKET: cf-templates-cloudvision-ci
+        S3_PREFIX: ${{ steps.prep.outputs.VERSION }}
+
+    - name: Build and Upload AppRunner Latest
+      run: make ci
+      working-directory: ./templates_apprunner
+      env:
+        S3_BUCKET: cf-templates-cloudvision-ci
+        S3_PREFIX: latest

.github/workflows/release.yaml renamed to .github/workflows/release-ecs.yaml

@@ -1,16 +1,18 @@
-name: Release
+name: Release ECS
 
 on:
   push:
     tags:
       - v*
+    paths:
+      - 'templates_ecs/**'
 
 jobs:
   release:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
       with:
         fetch-depth: 0
 
@@ -49,16 +51,16 @@ jobs:
       run: |
         echo ::set-output name=VERSION::$(echo "${{ github.ref }}" | sed -e 's/.*\/v\(.*\)/\1/')
 
-    - name: Build and Upload Version
+    - name: Build and Upload ECS Version
       run: make ci
-      working-directory: ./templates
+      working-directory: ./templates_ecs
       env:
         S3_BUCKET: cf-templates-cloudvision-ci
         S3_PREFIX: ${{ steps.prep.outputs.VERSION }}
 
-    - name: Build and Upload Latest
+    - name: Build and Upload ECS Latest
       run: make ci
-      working-directory: ./templates
+      working-directory: ./templates_ecs
       env:
         S3_BUCKET: cf-templates-cloudvision-ci
         S3_PREFIX: latest

README.md

@@ -1,31 +1,35 @@
 # Sysdig CloudVision for AWS
 
 This repository contains the CloudFormation templates to deploy the Sysdig
-CloudVision suite in an AWS Account.
+CloudVision suite in an AWS Account using ECS or AppRunner.
 
-[Deploy latest version!](https://console.aws.amazon.com/cloudformation/home#/stacks/quickCreate?stackName=Sysdig-CloudVision&templateURL=https://cf-templates-cloudvision-ci.s3-eu-west-1.amazonaws.com/master/entry-point.yaml)
+**[Deploy ECS latest version!](https://console.aws.amazon.com/cloudformation/home#/stacks/quickCreate?stackName=Sysdig-CloudVision&templateURL=https://cf-templates-cloudvision-ci.s3-eu-west-1.amazonaws.com/ecs/latest/entry-point.yaml)**
 
+**[Deploy AppRunner latest version!](https://console.aws.amazon.com/cloudformation/home#/stacks/quickCreate?stackName=Sysdig-CloudVision&templateURL=https://cf-templates-cloudvision-ci.s3-eu-west-1.amazonaws.com/apprunner/latest/entry-point.yaml)**
 
 ## Contribute
 
 
 ### Release
 
-- Template is [uploaded on the CI release cycle](https://github.com/sysdiglabs/aws-cloudvision-templates/blob/main/.github/workflows/release.yaml#L63) to `cf-templates-cloudvision-ci` on Sysdig `draios-demo` account
+Templates are [uploaded on the CI release cycle](https://github.com/sysdiglabs/aws-cloudvision-templates/blob/main/.github/workflows/release.yaml#L63) to `cf-templates-cloudvision-ci` on Sysdig `draios-demo` account.
 
 Leading to the latest entry-point, which will be used on the Sysdig Secure > Getting Started > AWS Cloudformation
 <br/>`https://cf-templates-cloudvision-ci.s3-eu-west-1.amazonaws.com/master/entry-point.yaml`
 
 
 ### Pull Request
 
-When the PR is drafter a new template will be available for  testing at 
-<br/>`https://cf-templates-cloudvision-ci.s3-eu-west-1.amazonaws.com/pr/<PR_NAME>/entry-point.yaml`
+When the PR is drafted, a new template will be available for testing:  
+- For AppRunner
+<br/>`https://cf-templates-cloudvision-ci.s3-eu-west-1.amazonaws.com/apprunner/pr/<PR_NAME>/entry-point.yaml`
+- For ECS
+<br/>`https://cf-templates-cloudvision-ci.s3-eu-west-1.amazonaws.com/ecs/pr/<PR_NAME>/entry-point.yaml`
 
 
 ### Testing
 
-see [Makefile](./templates/Makefile)
+see [Makefile](templates_ecs/Makefile)
 
 - Validation
 

templates_apprunner/CloudConnector.yaml

@@ -15,9 +15,6 @@ Parameters:
   SysdigSecureAPITokenSsm:
     Type: AWS::SSM::Parameter::Name
     Description: "Name of the parameter in SSM containing the Sysdig Secure API Token"
-  S3ConfigBucket:
-    Type: String
-    Description: Name of a bucket (must exist) where the configuration YAML files will be stored
   VerifySSL:
     Type: String
     AllowedValues:
@@ -122,8 +119,7 @@ Resources:
                         - cloudtrail-sns-sqs:
                             queueURL: ${CloudTrailQueue}
                       scanners: ${Scanners}
-                    - S3ConfigBucket: !Ref S3ConfigBucket
-                      CloudTrailQueue: !Ref CloudTrailQueue
+                    - CloudTrailQueue: !Ref CloudTrailQueue
                       Scanners:
                         'Fn::If':
                           - DeployCloudScanning

templates_apprunner/Makefile

@@ -1,6 +1,7 @@
 # requires AWS_PROFILE
 # bucket will be created if it does not exist
 S3_PREFIX ?= "test"
+# using ireland to run App Runner
 S3_BUCKET ?= "s4c-cft-ireland"
 # We need the REGION or the TemplateURLs might be created for a different region, resulting in a deployment error
 S3_REGION = "eu-west-1" # ireland
@@ -13,7 +14,7 @@ validate:
 	aws cloudformation validate-template --template-body file://./SecureForCloudAppRunner.yaml
 
 lint:
-	cf-nlint *.yaml
+	cfn-lint *.yaml
 
 
 packaged-template.yaml: