Skip to content

Commit 9f501a9

Browse files
ebeastlakeebeastlake
committed
add cicd config for javabuilder demo env
1 parent 9f9fc53 commit 9f501a9

File tree

2 files changed

+152
-82
lines changed

2 files changed

+152
-82
lines changed

cicd/2-cicd/cicd.template.yml

Lines changed: 137 additions & 82 deletions
Original file line numberDiff line numberDiff line change
@@ -33,30 +33,27 @@ Parameters:
3333
AllowedValues: [development, production]
3434

3535
Conditions:
36-
TargetsMainBranch: !Equals [ !Ref GitHubBranch, main ]
37-
DeployForDevelopment: !Equals [!Ref EnvironmentType, development ]
38-
DeployForProduction: !Equals [!Ref EnvironmentType, production ]
39-
36+
TargetsMainBranch: !Equals [!Ref GitHubBranch, main]
37+
DeployForDevelopment: !Equals [!Ref EnvironmentType, development]
38+
DeployForProduction: !Equals [!Ref EnvironmentType, production]
4039

4140
Resources:
42-
4341
# The Elastic Container Registry Repository will store our built docker
4442
# images, for example, the load-test docker image.
4543
EcrRepository:
4644
Type: AWS::ECR::Repository
47-
Properties:
45+
Properties:
4846
RepositoryName: !Sub javabuilder-${GitHubBranch}
4947
RepositoryPolicyText:
5048
Version: "2012-10-17"
51-
Statement:
52-
-
53-
Sid: AllowDeveloperPushPull
49+
Statement:
50+
- Sid: AllowDeveloperPushPull
5451
Effect: Allow
55-
Principal:
56-
AWS:
52+
Principal:
53+
AWS:
5754
- !ImportValue JavabuilderCodeBuildRoleArn
5855
- !Sub "arn:aws:iam::${AWS::AccountId}:role/admin/Developer"
59-
Action:
56+
Action:
6057
- "ecr:GetDownloadUrlForLayer"
6158
- "ecr:BatchGetImage"
6259
- "ecr:BatchCheckLayerAvailability"
@@ -66,7 +63,7 @@ Resources:
6663
- "ecr:CompleteLayerUpload"
6764

6865
EncryptionKey:
69-
Type: 'AWS::KMS::Key'
66+
Type: "AWS::KMS::Key"
7067
Properties:
7168
Description: encryption key for javabuilder cicd artifacts
7269
EnableKeyRotation: true
@@ -76,39 +73,39 @@ Resources:
7673
- Sid: Ensure root user access
7774
Effect: Allow
7875
Principal:
79-
AWS: !Sub 'arn:aws:iam::${AWS::AccountId}:root'
80-
Action: 'kms:*'
81-
Resource: '*'
76+
AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root"
77+
Action: "kms:*"
78+
Resource: "*"
8279
- Sid: Allow administration of the key
8380
Effect: Allow
8481
Principal:
8582
AWS: !Sub arn:aws:iam::${AWS::AccountId}:role/admin/Developer
8683
Action:
87-
- 'kms:Create*'
88-
- 'kms:Describe*'
89-
- 'kms:Enable*'
90-
- 'kms:List*'
91-
- 'kms:Put*'
92-
- 'kms:Update*'
93-
- 'kms:Revoke*'
94-
- 'kms:Disable*'
95-
- 'kms:Get*'
96-
- 'kms:Delete*'
97-
- 'kms:ScheduleKeyDeletion'
98-
- 'kms:CancelKeyDeletion'
99-
Resource: '*'
84+
- "kms:Create*"
85+
- "kms:Describe*"
86+
- "kms:Enable*"
87+
- "kms:List*"
88+
- "kms:Put*"
89+
- "kms:Update*"
90+
- "kms:Revoke*"
91+
- "kms:Disable*"
92+
- "kms:Get*"
93+
- "kms:Delete*"
94+
- "kms:ScheduleKeyDeletion"
95+
- "kms:CancelKeyDeletion"
96+
Resource: "*"
10097
- Sid: Allow use of the key
10198
Effect: Allow
10299
Principal:
103100
AWS: !ImportValue JavabuilderCodeBuildRoleArn
104101
Action:
105-
- 'kms:DescribeKey'
106-
- 'kms:Encrypt'
107-
- 'kms:Decrypt'
108-
- 'kms:ReEncrypt*'
109-
- 'kms:GenerateDataKey'
110-
- 'kms:GenerateDataKeyWithoutPlaintext'
111-
Resource: '*'
102+
- "kms:DescribeKey"
103+
- "kms:Encrypt"
104+
- "kms:Decrypt"
105+
- "kms:ReEncrypt*"
106+
- "kms:GenerateDataKey"
107+
- "kms:GenerateDataKeyWithoutPlaintext"
108+
Resource: "*"
112109

113110
# The CodeBuild Project is triggered by pull requests targeting $GitHubBranch
114111
# It will perform any steps defined in the pr-buildspec.yml file.
@@ -149,7 +146,7 @@ Resources:
149146
Type: BASE_REF
150147
- Pattern: PULL_REQUEST_CREATED,PULL_REQUEST_UPDATED,PULL_REQUEST_REOPENED
151148
Type: EVENT
152-
149+
153150
# The CodeBuild Project is used in the CodePipeline pipeline to prepare for a release.
154151
# It will perform any steps defined in the referenced buildspec.yml file.
155152
LoadTestBuildProject:
@@ -172,7 +169,7 @@ Resources:
172169
BuildSpec: cicd/3-app/load-test/load-test.buildspec.yml
173170
Artifacts:
174171
Type: CODEPIPELINE
175-
172+
176173
# The CodeBuild Project is used in the CodePipeline pipeline to prepare for a release.
177174
# It will perform any steps defined in the referenced buildspec.yml file.
178175
AppBuildProject:
@@ -215,7 +212,7 @@ Resources:
215212
# Grant the Javabuilder CodeBuild Role additional permissions for resources in
216213
# this template. This allows us to avoid granting permission to * resources.
217214
JavabuilderRolePolicy:
218-
Type: 'AWS::IAM::Policy'
215+
Type: "AWS::IAM::Policy"
219216
Properties:
220217
PolicyName: !Sub "${AWS::StackName}-codebuild-policy"
221218
PolicyDocument:
@@ -242,17 +239,17 @@ Resources:
242239

243240
Pipeline:
244241
Type: AWS::CodePipeline::Pipeline
245-
Properties:
242+
Properties:
246243
Name: !Ref AWS::StackName
247244
RoleArn: !ImportValue JavabuilderCodeBuildRoleArn
248245
RestartExecutionOnUpdate: true
249-
ArtifactStore:
250-
Type: S3
246+
ArtifactStore:
247+
Type: S3
251248
Location: !ImportValue JavabuilderCodeBuildArtifactBucket
252249
EncryptionKey:
253250
Id: !Ref EncryptionKey
254251
Type: KMS
255-
Stages:
252+
Stages:
256253
- Name: Source
257254
Actions:
258255
- Name: Source
@@ -300,10 +297,10 @@ Resources:
300297
- Name: Deploy_To_Development
301298
Actions:
302299
- Name: app-deploy
303-
ActionTypeId:
304-
Category: Deploy
305-
Owner: AWS
306-
Version: 1
300+
ActionTypeId:
301+
Category: Deploy
302+
Owner: AWS
303+
Version: 1
307304
Provider: CloudFormation
308305
InputArtifacts:
309306
- Name: appBuildResults
@@ -313,10 +310,10 @@ Resources:
313310
TemplatePath: appBuildResults::packaged-app-template.yml
314311
TemplateConfiguration: appBuildResults::cicd/3-app/javabuilder/dev.config.json
315312
ParameterOverrides: !Join
316-
- ''
317-
- - '{ "SubdomainName": "'
318-
- !Sub "javabuilder-dev-${GitHubBranch}"
319-
- '" }'
313+
- ""
314+
- - '{ "SubdomainName": "'
315+
- !Sub "javabuilder-dev-${GitHubBranch}"
316+
- '" }'
320317
Capabilities: CAPABILITY_AUTO_EXPAND
321318
RoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/admin/CloudFormationService
322319
- !Ref AWS::NoValue
@@ -326,23 +323,32 @@ Resources:
326323
- Name: Deploy_To_Test
327324
Actions:
328325
- Name: app-deploy
329-
ActionTypeId:
330-
Category: Deploy
331-
Owner: AWS
332-
Version: 1
326+
ActionTypeId:
327+
Category: Deploy
328+
Owner: AWS
329+
Version: 1
333330
Provider: CloudFormation
334331
InputArtifacts:
335332
- Name: appBuildResults
336333
Configuration:
337-
StackName: !If [TargetsMainBranch, "javabuilder-test", !Sub "javabuilder-${GitHubBranch}-test"]
334+
StackName:
335+
!If [
336+
TargetsMainBranch,
337+
"javabuilder-test",
338+
!Sub "javabuilder-${GitHubBranch}-test",
339+
]
338340
ActionMode: CREATE_UPDATE
339341
TemplatePath: appBuildResults::packaged-app-template.yml
340342
TemplateConfiguration: appBuildResults::cicd/3-app/javabuilder/test.config.json
341343
ParameterOverrides: !Join
342-
- ''
343-
- - '{ "SubdomainName": "'
344-
- !If [ TargetsMainBranch, 'javabuilder-test', !Sub 'javabuilder-${GitHubBranch}-test' ]
345-
- '" }'
344+
- ""
345+
- - '{ "SubdomainName": "'
346+
- !If [
347+
TargetsMainBranch,
348+
"javabuilder-test",
349+
!Sub "javabuilder-${GitHubBranch}-test",
350+
]
351+
- '" }'
346352
Capabilities: CAPABILITY_AUTO_EXPAND
347353
RoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/admin/CloudFormationService
348354
- !Ref AWS::NoValue
@@ -364,7 +370,12 @@ Resources:
364370
EnvironmentVariables: !Sub
365371
- '[{"name":"APP_SUBDOMAIN","value":"${SUBDOMAIN}","type":"PLAINTEXT"},{"name":"APP_BASE_DOMAIN","value":"${BASE_DOMAIN}","type":"PLAINTEXT"}]'
366372
- BASE_DOMAIN: code.org
367-
SUBDOMAIN: !If [TargetsMainBranch, "javabuilder-test", !Sub "javabuilder-${GitHubBranch}-test"]
373+
SUBDOMAIN:
374+
!If [
375+
TargetsMainBranch,
376+
"javabuilder-test",
377+
!Sub "javabuilder-${GitHubBranch}-test",
378+
]
368379
OutputArtifacts:
369380
- Name: integrationTestResultsPOC
370381
- !Ref AWS::NoValue
@@ -374,23 +385,62 @@ Resources:
374385
- Name: Deploy_To_Production
375386
Actions:
376387
- Name: app-deploy
377-
ActionTypeId:
378-
Category: Deploy
379-
Owner: AWS
380-
Version: 1
388+
ActionTypeId:
389+
Category: Deploy
390+
Owner: AWS
391+
Version: 1
381392
Provider: CloudFormation
382393
InputArtifacts:
383394
- Name: appBuildResults
384395
# The value of `Configuration` must be an object with String (or simple type) properties
385396
Configuration:
386-
StackName: !If [TargetsMainBranch, "javabuilder", !Sub "javabuilder-${GitHubBranch}"]
397+
StackName:
398+
!If [
399+
TargetsMainBranch,
400+
"javabuilder",
401+
!Sub "javabuilder-${GitHubBranch}",
402+
]
387403
ActionMode: CREATE_UPDATE
388404
TemplatePath: appBuildResults::packaged-app-template.yml
389405
TemplateConfiguration: appBuildResults::cicd/3-app/javabuilder/production.config.json
390406
ParameterOverrides: !Join
391-
- ''
407+
- ""
392408
- - '{ "SubdomainName": "'
393-
- !If [ TargetsMainBranch, 'javabuilder', !Sub 'javabuilder-${GitHubBranch}' ]
409+
- !If [
410+
TargetsMainBranch,
411+
"javabuilder",
412+
!Sub "javabuilder-${GitHubBranch}",
413+
]
414+
- '" }'
415+
Capabilities: CAPABILITY_AUTO_EXPAND
416+
RoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/admin/CloudFormationService
417+
- Name: app-demo-deploy
418+
ActionTypeId:
419+
Category: Deploy
420+
Owner: AWS
421+
Version: 1
422+
Provider: CloudFormation
423+
InputArtifacts:
424+
- Name: appBuildResults
425+
# The value of `Configuration` must be an object with String (or simple type) properties
426+
Configuration:
427+
StackName:
428+
!If [
429+
TargetsMainBranch,
430+
"javabuilder-demo",
431+
!Sub "javabuilder-demo-${GitHubBranch}",
432+
]
433+
ActionMode: CREATE_UPDATE
434+
TemplatePath: appBuildResults::packaged-app-template.yml
435+
TemplateConfiguration: appBuildResults::cicd/3-app/javabuilder/production-demo.config.json
436+
ParameterOverrides: !Join
437+
- ""
438+
- - '{ "SubdomainName": "'
439+
- !If [
440+
TargetsMainBranch,
441+
"javabuilder-demo",
442+
!Sub "javabuilder-demo-${GitHubBranch}",
443+
]
394444
- '" }'
395445
Capabilities: CAPABILITY_AUTO_EXPAND
396446
RoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/admin/CloudFormationService
@@ -413,11 +463,16 @@ Resources:
413463
EnvironmentVariables: !Sub
414464
- '[{"name":"APP_SUBDOMAIN","value":"${SUBDOMAIN}","type":"PLAINTEXT"},{"name":"APP_BASE_DOMAIN","value":"${BASE_DOMAIN}","type":"PLAINTEXT"}]'
415465
- BASE_DOMAIN: code.org
416-
SUBDOMAIN: !If [TargetsMainBranch, "javabuilder", !Sub "javabuilder-${GitHubBranch}"]
466+
SUBDOMAIN:
467+
!If [
468+
TargetsMainBranch,
469+
"javabuilder",
470+
!Sub "javabuilder-${GitHubBranch}",
471+
]
417472
OutputArtifacts:
418473
- Name: smokeTestResults
419474
- !Ref AWS::NoValue
420-
475+
421476
# Send pipeline events to an SNS topic.
422477
# Note:
423478
# Integration with Slack via AWS ChatBot is configured manually via AWS
@@ -429,7 +484,7 @@ Resources:
429484
Name: !Sub ${AWS::StackName}-pipeline
430485
DetailType: FULL
431486
Resource: !Sub "arn:${AWS::Partition}:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline}"
432-
EventTypeIds:
487+
EventTypeIds:
433488
# Pipeline events
434489
- codepipeline-pipeline-pipeline-execution-failed
435490
- codepipeline-pipeline-pipeline-execution-succeeded
@@ -452,8 +507,8 @@ Resources:
452507
- codepipeline-pipeline-manual-approval-needed
453508
- codepipeline-pipeline-manual-approval-failed
454509
- codepipeline-pipeline-manual-approval-succeeded
455-
Targets:
456-
- TargetType: SNS
510+
Targets:
511+
- TargetType: SNS
457512
TargetAddress: !Ref PipelineNotificationTopic
458513

459514
PipelineNotificationTopic:
@@ -462,16 +517,16 @@ Resources:
462517
# This policy is necessary for CodePipeline to be allowed to publish to the Topic.
463518
PipelineNotificationTopicPolicy:
464519
Type: AWS::SNS::TopicPolicy
465-
Properties:
520+
Properties:
466521
Topics:
467522
- !Ref PipelineNotificationTopic
468523
PolicyDocument:
469-
Version: '2012-10-17'
524+
Version: "2012-10-17"
470525
Statement:
471-
- Sid: AWSCodeStarNotifications_publish
472-
Effect: Allow
473-
Principal:
474-
Service:
475-
- codestar-notifications.amazonaws.com
476-
Action: SNS:Publish
477-
Resource: !Ref PipelineNotificationTopic
526+
- Sid: AWSCodeStarNotifications_publish
527+
Effect: Allow
528+
Principal:
529+
Service:
530+
- codestar-notifications.amazonaws.com
531+
Action: SNS:Publish
532+
Resource: !Ref PipelineNotificationTopic

cicd/3-app/javabuilder/config/production-demo.config.json

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
{
2+
"Parameters": {
3+
"BaseDomainName": "code.org",
4+
"BaseDomainNameHostedZonedID": "Z2LCOI49SCXUGU",
5+
"ProvisionedConcurrentExecutions": "50",
6+
"ReservedConcurrentExecutions": "500",
7+
"LimitPerHour": "25",
8+
"LimitPerDay": "100",
9+
"SilenceAlerts": "false",
10+
"TeacherLimitPerHour": "5000"
11+
},
12+
"Tags": {
13+
"EnvType": "production"
14+
}
15+
}

0 commit comments

Comments
 (0)