@@ -33,27 +33,30 @@ Parameters:
3333 AllowedValues : [development, production]
3434
3535Conditions :
36- TargetsMainBranch : !Equals [!Ref GitHubBranch, main]
37- DeployForDevelopment : !Equals [!Ref EnvironmentType, development]
38- DeployForProduction : !Equals [!Ref EnvironmentType, production]
36+ TargetsMainBranch : !Equals [ !Ref GitHubBranch, main ]
37+ DeployForDevelopment : !Equals [!Ref EnvironmentType, development ]
38+ DeployForProduction : !Equals [!Ref EnvironmentType, production ]
39+
3940
4041Resources :
42+
4143 # The Elastic Container Registry Repository will store our built docker
4244 # images, for example, the load-test docker image.
4345 EcrRepository :
4446 Type : AWS::ECR::Repository
45- Properties :
47+ Properties :
4648 RepositoryName : !Sub javabuilder-${GitHubBranch}
4749 RepositoryPolicyText :
4850 Version : " 2012-10-17"
49- Statement :
50- - Sid : AllowDeveloperPushPull
51+ Statement :
52+ -
53+ Sid : AllowDeveloperPushPull
5154 Effect : Allow
52- Principal :
53- AWS :
55+ Principal :
56+ AWS :
5457 - !ImportValue JavabuilderCodeBuildRoleArn
5558 - !Sub " arn:aws:iam::${AWS::AccountId}:role/admin/Developer"
56- Action :
59+ Action :
5760 - " ecr:GetDownloadUrlForLayer"
5861 - " ecr:BatchGetImage"
5962 - " ecr:BatchCheckLayerAvailability"
@@ -63,7 +66,7 @@ Resources:
6366 - " ecr:CompleteLayerUpload"
6467
6568 EncryptionKey :
66- Type : " AWS::KMS::Key"
69+ Type : ' AWS::KMS::Key'
6770 Properties :
6871 Description : encryption key for javabuilder cicd artifacts
6972 EnableKeyRotation : true
@@ -73,39 +76,39 @@ Resources:
7376 - Sid : Ensure root user access
7477 Effect : Allow
7578 Principal :
76- AWS : !Sub " arn:aws:iam::${AWS::AccountId}:root"
77- Action : " kms:*"
78- Resource : " * "
79+ AWS : !Sub ' arn:aws:iam::${AWS::AccountId}:root'
80+ Action : ' kms:*'
81+ Resource : ' * '
7982 - Sid : Allow administration of the key
8083 Effect : Allow
8184 Principal :
8285 AWS : !Sub arn:aws:iam::${AWS::AccountId}:role/admin/Developer
8386 Action :
84- - " kms:Create*"
85- - " kms:Describe*"
86- - " kms:Enable*"
87- - " kms:List*"
88- - " kms:Put*"
89- - " kms:Update*"
90- - " kms:Revoke*"
91- - " kms:Disable*"
92- - " kms:Get*"
93- - " kms:Delete*"
94- - " kms:ScheduleKeyDeletion"
95- - " kms:CancelKeyDeletion"
96- Resource : " * "
87+ - ' kms:Create*'
88+ - ' kms:Describe*'
89+ - ' kms:Enable*'
90+ - ' kms:List*'
91+ - ' kms:Put*'
92+ - ' kms:Update*'
93+ - ' kms:Revoke*'
94+ - ' kms:Disable*'
95+ - ' kms:Get*'
96+ - ' kms:Delete*'
97+ - ' kms:ScheduleKeyDeletion'
98+ - ' kms:CancelKeyDeletion'
99+ Resource : ' * '
97100 - Sid : Allow use of the key
98101 Effect : Allow
99102 Principal :
100103 AWS : !ImportValue JavabuilderCodeBuildRoleArn
101104 Action :
102- - " kms:DescribeKey"
103- - " kms:Encrypt"
104- - " kms:Decrypt"
105- - " kms:ReEncrypt*"
106- - " kms:GenerateDataKey"
107- - " kms:GenerateDataKeyWithoutPlaintext"
108- Resource : " * "
105+ - ' kms:DescribeKey'
106+ - ' kms:Encrypt'
107+ - ' kms:Decrypt'
108+ - ' kms:ReEncrypt*'
109+ - ' kms:GenerateDataKey'
110+ - ' kms:GenerateDataKeyWithoutPlaintext'
111+ Resource : ' * '
109112
110113 # The CodeBuild Project is triggered by pull requests targeting $GitHubBranch
111114 # It will perform any steps defined in the pr-buildspec.yml file.
@@ -146,7 +149,7 @@ Resources:
146149 Type : BASE_REF
147150 - Pattern : PULL_REQUEST_CREATED,PULL_REQUEST_UPDATED,PULL_REQUEST_REOPENED
148151 Type : EVENT
149-
152+
150153 # The CodeBuild Project is used in the CodePipeline pipeline to prepare for a release.
151154 # It will perform any steps defined in the referenced buildspec.yml file.
152155 LoadTestBuildProject :
@@ -169,7 +172,7 @@ Resources:
169172 BuildSpec : cicd/3-app/load-test/load-test.buildspec.yml
170173 Artifacts :
171174 Type : CODEPIPELINE
172-
175+
173176 # The CodeBuild Project is used in the CodePipeline pipeline to prepare for a release.
174177 # It will perform any steps defined in the referenced buildspec.yml file.
175178 AppBuildProject :
@@ -212,7 +215,7 @@ Resources:
212215 # Grant the Javabuilder CodeBuild Role additional permissions for resources in
213216 # this template. This allows us to avoid granting permission to * resources.
214217 JavabuilderRolePolicy :
215- Type : " AWS::IAM::Policy"
218+ Type : ' AWS::IAM::Policy'
216219 Properties :
217220 PolicyName : !Sub "${AWS::StackName}-codebuild-policy"
218221 PolicyDocument :
@@ -239,17 +242,17 @@ Resources:
239242
240243 Pipeline :
241244 Type : AWS::CodePipeline::Pipeline
242- Properties :
245+ Properties :
243246 Name : !Ref AWS::StackName
244247 RoleArn : !ImportValue JavabuilderCodeBuildRoleArn
245248 RestartExecutionOnUpdate : true
246- ArtifactStore :
247- Type : S3
249+ ArtifactStore :
250+ Type : S3
248251 Location : !ImportValue JavabuilderCodeBuildArtifactBucket
249252 EncryptionKey :
250253 Id : !Ref EncryptionKey
251254 Type : KMS
252- Stages :
255+ Stages :
253256 - Name : Source
254257 Actions :
255258 - Name : Source
@@ -297,10 +300,10 @@ Resources:
297300 - Name : Deploy_To_Development
298301 Actions :
299302 - Name : app-deploy
300- ActionTypeId :
301- Category : Deploy
302- Owner : AWS
303- Version : 1
303+ ActionTypeId :
304+ Category : Deploy
305+ Owner : AWS
306+ Version : 1
304307 Provider : CloudFormation
305308 InputArtifacts :
306309 - Name : appBuildResults
@@ -310,10 +313,10 @@ Resources:
310313 TemplatePath : appBuildResults::packaged-app-template.yml
311314 TemplateConfiguration : appBuildResults::cicd/3-app/javabuilder/dev.config.json
312315 ParameterOverrides : !Join
313- - " "
314- - - '{ "SubdomainName" : " '
315- - !Sub " javabuilder-dev-${GitHubBranch}"
316- - ' " }'
316+ - ' '
317+ - - '{ "SubdomainName" : " '
318+ - !Sub " javabuilder-dev-${GitHubBranch}"
319+ - ' " }'
317320 Capabilities : CAPABILITY_AUTO_EXPAND
318321 RoleArn : !Sub arn:aws:iam::${AWS::AccountId}:role/admin/CloudFormationService
319322 - !Ref AWS::NoValue
@@ -323,32 +326,23 @@ Resources:
323326 - Name : Deploy_To_Test
324327 Actions :
325328 - Name : app-deploy
326- ActionTypeId :
327- Category : Deploy
328- Owner : AWS
329- Version : 1
329+ ActionTypeId :
330+ Category : Deploy
331+ Owner : AWS
332+ Version : 1
330333 Provider : CloudFormation
331334 InputArtifacts :
332335 - Name : appBuildResults
333336 Configuration :
334- StackName :
335- !If [
336- TargetsMainBranch,
337- " javabuilder-test" ,
338- !Sub "javabuilder-${GitHubBranch}-test",
339- ]
337+ StackName : !If [TargetsMainBranch, "javabuilder-test", !Sub "javabuilder-${GitHubBranch}-test"]
340338 ActionMode : CREATE_UPDATE
341339 TemplatePath : appBuildResults::packaged-app-template.yml
342340 TemplateConfiguration : appBuildResults::cicd/3-app/javabuilder/test.config.json
343341 ParameterOverrides : !Join
344- - " "
345- - - '{ "SubdomainName" : " '
346- - !If [
347- TargetsMainBranch,
348- " javabuilder-test",
349- !Sub "javabuilder-${GitHubBranch}-test",
350- ]
351- - ' " }'
342+ - ' '
343+ - - '{ "SubdomainName" : " '
344+ - !If [ TargetsMainBranch, 'javabuilder-test', !Sub 'javabuilder-${GitHubBranch}-test' ]
345+ - '" }'
352346 Capabilities : CAPABILITY_AUTO_EXPAND
353347 RoleArn : !Sub arn:aws:iam::${AWS::AccountId}:role/admin/CloudFormationService
354348 - !Ref AWS::NoValue
@@ -370,12 +364,7 @@ Resources:
370364 EnvironmentVariables : !Sub
371365 - ' [{"name":"APP_SUBDOMAIN","value":"${SUBDOMAIN}","type":"PLAINTEXT"},{"name":"APP_BASE_DOMAIN","value":"${BASE_DOMAIN}","type":"PLAINTEXT"}]'
372366 - BASE_DOMAIN : code.org
373- SUBDOMAIN :
374- !If [
375- TargetsMainBranch,
376- " javabuilder-test" ,
377- !Sub "javabuilder-${GitHubBranch}-test",
378- ]
367+ SUBDOMAIN : !If [TargetsMainBranch, "javabuilder-test", !Sub "javabuilder-${GitHubBranch}-test"]
379368 OutputArtifacts :
380369 - Name : integrationTestResultsPOC
381370 - !Ref AWS::NoValue
@@ -385,32 +374,23 @@ Resources:
385374 - Name : Deploy_To_Production
386375 Actions :
387376 - Name : app-deploy
388- ActionTypeId :
389- Category : Deploy
390- Owner : AWS
391- Version : 1
377+ ActionTypeId :
378+ Category : Deploy
379+ Owner : AWS
380+ Version : 1
392381 Provider : CloudFormation
393382 InputArtifacts :
394383 - Name : appBuildResults
395384 # The value of `Configuration` must be an object with String (or simple type) properties
396385 Configuration :
397- StackName :
398- !If [
399- TargetsMainBranch,
400- " javabuilder" ,
401- !Sub "javabuilder-${GitHubBranch}",
402- ]
386+ StackName : !If [TargetsMainBranch, "javabuilder", !Sub "javabuilder-${GitHubBranch}"]
403387 ActionMode : CREATE_UPDATE
404388 TemplatePath : appBuildResults::packaged-app-template.yml
405389 TemplateConfiguration : appBuildResults::cicd/3-app/javabuilder/production.config.json
406390 ParameterOverrides : !Join
407- - " "
391+ - ' '
408392 - - '{ "SubdomainName" : " '
409- - !If [
410- TargetsMainBranch,
411- " javabuilder",
412- !Sub "javabuilder-${GitHubBranch}",
413- ]
393+ - !If [ TargetsMainBranch, 'javabuilder', !Sub 'javabuilder-${GitHubBranch}' ]
414394 - '" }'
415395 Capabilities : CAPABILITY_AUTO_EXPAND
416396 RoleArn : !Sub arn:aws:iam::${AWS::AccountId}:role/admin/CloudFormationService
@@ -463,16 +443,11 @@ Resources:
463443 EnvironmentVariables : !Sub
464444 - ' [{"name":"APP_SUBDOMAIN","value":"${SUBDOMAIN}","type":"PLAINTEXT"},{"name":"APP_BASE_DOMAIN","value":"${BASE_DOMAIN}","type":"PLAINTEXT"}]'
465445 - BASE_DOMAIN : code.org
466- SUBDOMAIN :
467- !If [
468- TargetsMainBranch,
469- " javabuilder" ,
470- !Sub "javabuilder-${GitHubBranch}",
471- ]
446+ SUBDOMAIN : !If [TargetsMainBranch, "javabuilder", !Sub "javabuilder-${GitHubBranch}"]
472447 OutputArtifacts :
473448 - Name : smokeTestResults
474449 - !Ref AWS::NoValue
475-
450+
476451 # Send pipeline events to an SNS topic.
477452 # Note:
478453 # Integration with Slack via AWS ChatBot is configured manually via AWS
@@ -484,7 +459,7 @@ Resources:
484459 Name : !Sub ${AWS::StackName}-pipeline
485460 DetailType : FULL
486461 Resource : !Sub "arn:${AWS::Partition}:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline}"
487- EventTypeIds :
462+ EventTypeIds :
488463 # Pipeline events
489464 - codepipeline-pipeline-pipeline-execution-failed
490465 - codepipeline-pipeline-pipeline-execution-succeeded
@@ -507,8 +482,8 @@ Resources:
507482 - codepipeline-pipeline-manual-approval-needed
508483 - codepipeline-pipeline-manual-approval-failed
509484 - codepipeline-pipeline-manual-approval-succeeded
510- Targets :
511- - TargetType : SNS
485+ Targets :
486+ - TargetType : SNS
512487 TargetAddress : !Ref PipelineNotificationTopic
513488
514489 PipelineNotificationTopic :
@@ -517,16 +492,16 @@ Resources:
517492 # This policy is necessary for CodePipeline to be allowed to publish to the Topic.
518493 PipelineNotificationTopicPolicy :
519494 Type : AWS::SNS::TopicPolicy
520- Properties :
495+ Properties :
521496 Topics :
522497 - !Ref PipelineNotificationTopic
523498 PolicyDocument :
524- Version : " 2012-10-17"
499+ Version : ' 2012-10-17'
525500 Statement :
526- - Sid : AWSCodeStarNotifications_publish
527- Effect : Allow
528- Principal :
529- Service :
530- - codestar-notifications.amazonaws.com
531- Action : SNS:Publish
532- Resource : !Ref PipelineNotificationTopic
501+ - Sid : AWSCodeStarNotifications_publish
502+ Effect : Allow
503+ Principal :
504+ Service :
505+ - codestar-notifications.amazonaws.com
506+ Action : SNS:Publish
507+ Resource : !Ref PipelineNotificationTopic
0 commit comments