Skip to content

Commit

Permalink
Merge branch 'develop' into QPPA-9684-snyk-issue
Browse files Browse the repository at this point in the history
  • Loading branch information
chetanmunegowda authored Nov 7, 2024
2 parents 886a861 + 3b9af9f commit 07aa63e
Show file tree
Hide file tree
Showing 5 changed files with 246 additions and 5 deletions.
3 changes: 0 additions & 3 deletions .github/workflows/ecr-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,6 @@ on:
push:
branches:
- ecr-deploy
- develop
- release/*
- master

env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
Expand Down
128 changes: 128 additions & 0 deletions buildspec/build_deploy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
version: 0.2

env:
variables:
SLACK_COLOR: "good"
BUILD_STATUS: "completed successfully"
SLACK_CHANNEL: "p-qppsf-deploys"
CODEBUILD_ICON: "https://upload.wikimedia.org/wikipedia/commons/9/93/Amazon_Web_Services_Logo.svg"
AWS_DEFAULT_REGION: "us-east-1"
TEXT_VALUE: ""

parameter-store:
SLACK_URL: "/slack/p-qppsf-deploys"
DOCKERHUB_TOKEN: "/global/dockerhub_token"
DOCKERHUB_USER: "/global/dockerhub_user"
AWS_ACCOUNT : "/global/aws_account"
REPO_PAT: "/global/scoring_api_repo_pat"
BRANCH_STATUS_URL: "/global/ct_branch_status_url"
PART_FILE: "/qppar-sf/conversion-tool/CPC_PLUS_FILE_NAME"
PART_FILE_BUCKET: "/qppar-sf/$ENV/conversion-tool/CPC_PLUS_BUCKET_NAME"
OUTPUT_PART_FILE: "/qppar-sf/$ENV/conversion-tool/CPC_PLUS_VALIDATION_FILE"

phases:
install:
runtime-versions:
python: 3.8
commands:
- |
CURL_PAYLOAD=$( jq -n \
--arg state "pending" \
--arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/${ENV}-conversion-tool;stream=${CODEBUILD_LOG_PATH}" \
--arg description "The build job has started." \
--arg context "CodeBuild Status" \
'{state: $state, target_url: $target_url, description: $description, context: $context}' )
echo "$CURL_PAYLOAD"
curl \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${REPO_PAT}" \
"${BRANCH_STATUS_URL}/${CODEBUILD_RESOLVED_SOURCE_VERSION}" \
-d "${CURL_PAYLOAD}"
- docker --version
- aws --version
- jq --version
- pip install ecs-deploy
- pwd
- ls -la

pre_build:
commands:
- echo ${CODEBUILD_SRC_DIR}
- ECS_ENV="${ENV}"
- |
if [ "$ENV" = "prod" || "$ENV" = "devpre" ]; then
CLUSTER_NAME="qppa-${ENV}-api-ecs"
else
CLUSTER_NAME="${ENV}-api-ecs"
fi
- echo "${CLUSTER_NAME}"
- SERVICE_NAME="${ENV}-conversion-tool"
- BRANCH=$(echo "${CODEBUILD_SOURCE_VERSION}")
- echo ${CODEBUILD_RESOLVED_SOURCE_VERSION}
- echo "${BRANCH}"
- COMMIT_SHORT_SHA=$(echo "${CODEBUILD_RESOLVED_SOURCE_VERSION}" | cut -c1-7)
- echo "${COMMIT_SHORT_SHA}"
- TAG_BUILD="${ENV}-conversion-tool:${BRANCH}-${COMMIT_SHORT_SHA}"
- TAG_GIT="${AWS_ACCOUNT}.dkr.ecr.us-east-1.amazonaws.com/${SERVICE_NAME}:${BRANCH}-${COMMIT_SHORT_SHA}"
- TAG_LATEST="${AWS_ACCOUNT}.dkr.ecr.us-east-1.amazonaws.com/${SERVICE_NAME}:latest"
- echo Getting Certificates for ${ENV}
- chmod +x ./qppsfct-copy-certs.sh
- ./qppsfct-copy-certs.sh $ENV $AWS_DEFAULT_REGION
- pip install openpyxl
- echo "Updating participation file"
- chmod +x ./upload-part-file.sh
- ./upload-part-file.sh $PART_FILE_BUCKET $PART_FILE $OUTPUT_PART_FILE $AWS_DEFAULT_REGION
- echo "Logging in to Amazon ECR..."
- echo $DOCKERHUB_TOKEN | docker login --username $DOCKERHUB_USER --password-stdin
- aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin ${AWS_ACCOUNT}.dkr.ecr.us-east-1.amazonaws.com
- TEXT_VALUE="Deploying QPP conversion tool service branch ${BRANCH} to ${ECS_ENV}-conversion-tool..."
- curl -X POST --fail --data-urlencode "payload={\"text\":\"Deployment Status\",\"channel\":\"${SLACK_CHANNEL}\",\"username\":\"CodeBuild\",\"icon_url\":\"${CODEBUILD_ICON}\",\"attachments\":[{\"title\":\"${TEXT_VALUE}\",\"color\":\"${SLACK_COLOR}\"}]}" ${SLACK_URL}

build:
commands:
- echo "Deploying..."
- echo "Build started on `date`..."
- echo "Building the Docker image for conversion tool..."
- docker build -t $TAG_LATEST -t $TAG_GIT .;
- echo "Pushing the Docker image to AWS ECR..."
- docker push $TAG_LATEST;
- docker push $TAG_GIT;
- echo "Branch is ${ENV}, Deploying to ${ENV}-conversion-tool service..."
- ecs deploy $CLUSTER_NAME $SERVICE_NAME -t $BRANCH-$COMMIT_SHORT_SHA --no-deregister --region us-east-1 --timeout 900 --task $SERVICE_NAME;
- aws ecs wait services-stable --cluster $CLUSTER_NAME --services $SERVICE_NAME --region us-east-1;
- echo "Branch is ${ENV}, Deployment to ${ENV}-conversion-tool service completed..."

post_build:
commands:
# Check the build status and set the slack message to reflect pass or fail status
- echo "Code build exit number (1 is success) = $CODEBUILD_BUILD_SUCCEEDING"
- if [ $CODEBUILD_BUILD_SUCCEEDING = 0 ]; then SLACK_COLOR="danger" && BUILD_STATUS="FAILED"; fi
- TEXT_VALUE="Deployment of branch ${BRANCH} to QPP Conversion Tool service in $ENV-conversion-tool $BUILD_STATUS"
- curl -X POST --fail --data-urlencode "payload={\"text\":\"Deployment Status\",\"channel\":\"${SLACK_CHANNEL}\",\"username\":\"CodeBuild\",\"icon_url\":\"${CODEBUILD_ICON}\",\"attachments\":[{\"title\":\"${TEXT_VALUE}\",\"color\":\"${SLACK_COLOR}\"}]}" ${SLACK_URL}
- |
if [ "${CODEBUILD_BUILD_SUCCEEDING}" = 1 ]; then
STATE="success"
DESCRIPTION="The build succeeded!"
else
STATE="failure"
DESCRIPTION="The build failed. Click Details for the logs."
fi
CURL_PAYLOAD=$( jq -n \
--arg state "$STATE" \
--arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/${ENV}-conversion-tool;stream=${CODEBUILD_LOG_PATH}" \
--arg description "$DESCRIPTION" \
--arg context "CodeBuild Status" \
'{state: $state, target_url: $target_url, description: $description, context: $context}' )
echo "$CURL_PAYLOAD"
curl \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${REPO_PAT}" \
"${BRANCH_STATUS_URL}/${CODEBUILD_RESOLVED_SOURCE_VERSION}" \
-d "${CURL_PAYLOAD}"
74 changes: 74 additions & 0 deletions buildspec/pr_build.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
### Future purpose pr file
version: 0.2

env:
variables:
ENV: "local"
NODE_ENV: "development"

parameter-store:
DOCKERHUB_TOKEN: "/global/dockerhub_token"
DOCKERHUB_USER: "/global/dockerhub_user"
SCORING_REPO_PAT: "/global/scoring_api_repo_pat"

phases:
install:
commands:
- |
CURL_PAYLOAD=$( jq -n \
--arg state "pending" \
--arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/scoring-api-pr;stream=${CODEBUILD_LOG_PATH}" \
--arg description "The build job has started." \
--arg context "CodeBuild Status" \
'{state: $state, target_url: $target_url, description: $description, context: $context}' )
echo "$CURL_PAYLOAD"
curl \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${SCORING_REPO_PAT}" \
${BRANCH_STATUSES_URL} \
-d "${CURL_PAYLOAD}"
- node -v
- npm -v
- docker --version
- aws --version
- jq --version

build:
commands:
- echo $DOCKERHUB_TOKEN | docker login --username $DOCKERHUB_USER --password-stdin
- echo "Building the Docker image and running tests..."
- docker build --no-cache -t $TAG_BUILD --target build .
- docker run --rm --env-file example.env $TAG_BUILD npm run lint
- docker run --rm --env-file example.env $TAG_BUILD npm run test:cov

post_build:
commands:
# Check the build status and set the slack message to reflect pass or fail status
- echo "Code build exit number (1 is success, 0 is failed) = $CODEBUILD_BUILD_SUCCEEDING"
- |
if [ "${CODEBUILD_BUILD_SUCCEEDING}" = 1 ]; then
STATE="success"
DESCRIPTION="The build succeeded!"
else
STATE="failure"
DESCRIPTION="The build failed. Click Details for the logs."
fi
CURL_PAYLOAD=$( jq -n \
--arg state "$STATE" \
--arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/scoring-api-pr;stream=${CODEBUILD_LOG_PATH}" \
--arg description "$DESCRIPTION" \
--arg context "CodeBuild Status" \
'{state: $state, target_url: $target_url, description: $description, context: $context}' )
echo "$CURL_PAYLOAD"
curl \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${SCORING_REPO_PAT}" \
${BRANCH_STATUSES_URL} \
-d "${CURL_PAYLOAD}"
42 changes: 42 additions & 0 deletions buildspec/readme
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@

variable :
These environment variables can also be defined in example.env file which is in root directory (custom environent variables).

parameter-store :
Used to retrive (sensitive) custom environment variabe stored in EC2 system manager parameter store (To store sensitive values we use system manager-parameter store).

Phases :
Required sequence. represents the commands codebuild runs during each phase of build. different phases of build steps defined below.

install :
install phase only for installing packages in the build environment. example we can install code testing framework such as mocha.

runtime-versions phase :
runtime-versions phase specifying run time version of the build.

commands phase:
Contains a sequence of scalars, where each scalar represents a single command that CodeBuild runs during installation. CodeBuild runs each command, one at a time, in the order listed, from beginning to end.

pre_build phase :
Represents the commands, if any, that CodeBuild runs before the build. For example, you might use this phase to sign in to Amazon ECR, or you might install npm dependencies.

pre_build/commands :
Required sequence if pre_build is specified. Contains a sequence of scalars, where each scalar represents a single command that CodeBuild runs before the build. CodeBuild runs each command, one at a time, in the order listed, from beginning to end.

build phase :
Represents the commands, if any, that CodeBuild runs during the build.

build/commands :
Represents the commands

post_build :
Represents the commands, if any, that CodeBuild runs after the build. example: slack notification

post_build/commands :
Represents the commands

artifacsts :
location for build output artifacts


#ecs deploy $CLUSTER_NAME $SERVICE_NAME --newrelic-apikey ${NR_API_KEY} --newrelic-appid ${APP_ID} -t $BRANCH-$COMMIT_SHORT_SHA --newrelic-revision 1.0.0
4 changes: 2 additions & 2 deletions qppsfct-copy-certs.sh
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,10 @@ export ENV_CERT=${ENV_CERT}
export AWS_REGION=${AWS_REGION}

#Export Passphrase for Environment
export SSL_PASS=$(aws ssm get-parameters --name /qppar-sf/${ENV_CERT}/conversion_tool/SSL_SECRET --with-decryption --query "Parameters[0].Value" | tr -d '"')
export SSL_PASS=$(aws ssm get-parameters --name /qppar-sf/${ENV_CERT}/conversion-tool/SSL_SECRET --with-decryption --query "Parameters[0].Value" | tr -d '"')

#Export Certificate ARN for Environment
export CERT_ARN=$(aws ssm get-parameters --name /qppar-sf/${ENV_CERT}/conversion_tool/CERT_ARN --with-decryption --query "Parameters[0].Value" | tr -d '"')
export CERT_ARN=$(aws ssm get-parameters --name /qppar-sf/${ENV_CERT}/conversion-tool/CERT_ARN --with-decryption --query "Parameters[0].Value" | tr -d '"')

cd ./${CERT_CP_PATH}

Expand Down

0 comments on commit 07aa63e

Please sign in to comment.