Merge pull request #1471 from CMSgov/QPPA-9661-buildspec-updates

Qppa 9661 buildspec updates

.github/workflows/ecr-publish.yml

@@ -4,9 +4,6 @@ on:
   push:
     branches:
       - ecr-deploy
-      - develop
-      - release/*
-      - master
 
 env:
   SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}

buildspec/build_deploy.yaml

@@ -0,0 +1,128 @@
+version: 0.2
+
+env:
+  variables:
+    SLACK_COLOR: "good"
+    BUILD_STATUS: "completed successfully"
+    SLACK_CHANNEL: "p-qppsf-deploys"
+    CODEBUILD_ICON: "https://upload.wikimedia.org/wikipedia/commons/9/93/Amazon_Web_Services_Logo.svg"
+    AWS_DEFAULT_REGION: "us-east-1"
+    TEXT_VALUE: ""
+
+  parameter-store:
+    SLACK_URL: "/slack/p-qppsf-deploys"
+    DOCKERHUB_TOKEN: "/global/dockerhub_token"
+    DOCKERHUB_USER: "/global/dockerhub_user"
+    AWS_ACCOUNT : "/global/aws_account"
+    REPO_PAT: "/global/scoring_api_repo_pat"
+    BRANCH_STATUS_URL: "/global/ct_branch_status_url"
+    PART_FILE: "/qppar-sf/conversion-tool/CPC_PLUS_FILE_NAME"   
+    PART_FILE_BUCKET: "/qppar-sf/$ENV/conversion-tool/CPC_PLUS_BUCKET_NAME"
+    OUTPUT_PART_FILE: "/qppar-sf/$ENV/conversion-tool/CPC_PLUS_VALIDATION_FILE"
+
+phases:
+  install:
+    runtime-versions:
+      python: 3.8
+    commands:
+      - |
+          CURL_PAYLOAD=$( jq -n \
+            --arg state "pending" \
+            --arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/${ENV}-conversion-tool;stream=${CODEBUILD_LOG_PATH}" \
+            --arg description "The build job has started." \
+            --arg context "CodeBuild Status" \
+            '{state: $state, target_url: $target_url, description: $description, context: $context}' )
+
+          echo "$CURL_PAYLOAD"
+
+          curl \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${REPO_PAT}" \
+            "${BRANCH_STATUS_URL}/${CODEBUILD_RESOLVED_SOURCE_VERSION}" \
+            -d "${CURL_PAYLOAD}"
+      - docker --version
+      - aws --version
+      - jq --version
+      - pip install ecs-deploy
+      - pwd
+      - ls -la
+
+  pre_build:
+    commands:
+      - echo ${CODEBUILD_SRC_DIR}
+      - ECS_ENV="${ENV}"
+      - |
+        if [ "$ENV" = "prod" || "$ENV" = "devpre" ]; then
+          CLUSTER_NAME="qppa-${ENV}-api-ecs"
+        else
+          CLUSTER_NAME="${ENV}-api-ecs"
+        fi
+      - echo "${CLUSTER_NAME}"
+      - SERVICE_NAME="${ENV}-conversion-tool"
+      - BRANCH=$(echo "${CODEBUILD_SOURCE_VERSION}")
+      - echo ${CODEBUILD_RESOLVED_SOURCE_VERSION}
+      - echo "${BRANCH}"
+      - COMMIT_SHORT_SHA=$(echo "${CODEBUILD_RESOLVED_SOURCE_VERSION}" | cut -c1-7)
+      - echo "${COMMIT_SHORT_SHA}"
+      - TAG_BUILD="${ENV}-conversion-tool:${BRANCH}-${COMMIT_SHORT_SHA}"
+      - TAG_GIT="${AWS_ACCOUNT}.dkr.ecr.us-east-1.amazonaws.com/${SERVICE_NAME}:${BRANCH}-${COMMIT_SHORT_SHA}"
+      - TAG_LATEST="${AWS_ACCOUNT}.dkr.ecr.us-east-1.amazonaws.com/${SERVICE_NAME}:latest"
+      - echo Getting Certificates for ${ENV}
+      - chmod +x ./qppsfct-copy-certs.sh
+      - ./qppsfct-copy-certs.sh $ENV $AWS_DEFAULT_REGION
+      - pip install openpyxl
+      - echo "Updating participation file"
+      - chmod +x ./upload-part-file.sh
+      - ./upload-part-file.sh $PART_FILE_BUCKET $PART_FILE $OUTPUT_PART_FILE $AWS_DEFAULT_REGION
+      - echo "Logging in to Amazon ECR..."
+      - echo $DOCKERHUB_TOKEN | docker login --username $DOCKERHUB_USER --password-stdin
+      - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin ${AWS_ACCOUNT}.dkr.ecr.us-east-1.amazonaws.com
+      - TEXT_VALUE="Deploying QPP conversion tool service branch ${BRANCH} to ${ECS_ENV}-conversion-tool..."
+      - curl -X POST --fail --data-urlencode "payload={\"text\":\"Deployment Status\",\"channel\":\"${SLACK_CHANNEL}\",\"username\":\"CodeBuild\",\"icon_url\":\"${CODEBUILD_ICON}\",\"attachments\":[{\"title\":\"${TEXT_VALUE}\",\"color\":\"${SLACK_COLOR}\"}]}" ${SLACK_URL}
+
+  build:
+    commands:
+      - echo "Deploying..."
+      - echo "Build started on `date`..."
+      - echo "Building the Docker image for conversion tool..."
+      - docker build -t $TAG_LATEST -t $TAG_GIT .;
+      - echo "Pushing the Docker image to AWS ECR..."
+      - docker push $TAG_LATEST;
+      - docker push $TAG_GIT;
+      - echo "Branch is ${ENV}, Deploying to ${ENV}-conversion-tool service..."
+      - ecs deploy $CLUSTER_NAME $SERVICE_NAME -t $BRANCH-$COMMIT_SHORT_SHA --no-deregister --region us-east-1 --timeout 900 --task $SERVICE_NAME;
+      - aws ecs wait services-stable --cluster $CLUSTER_NAME --services $SERVICE_NAME --region us-east-1;
+      - echo "Branch is ${ENV}, Deployment to ${ENV}-conversion-tool service completed..."  
+
+  post_build:
+    commands:
+      # Check the build status and set the slack message to reflect pass or fail status
+      - echo "Code build exit number (1 is success) = $CODEBUILD_BUILD_SUCCEEDING"
+      - if [ $CODEBUILD_BUILD_SUCCEEDING = 0 ]; then SLACK_COLOR="danger" && BUILD_STATUS="FAILED"; fi
+      - TEXT_VALUE="Deployment of branch ${BRANCH} to QPP Conversion Tool service in $ENV-conversion-tool $BUILD_STATUS"
+      - curl -X POST --fail --data-urlencode "payload={\"text\":\"Deployment Status\",\"channel\":\"${SLACK_CHANNEL}\",\"username\":\"CodeBuild\",\"icon_url\":\"${CODEBUILD_ICON}\",\"attachments\":[{\"title\":\"${TEXT_VALUE}\",\"color\":\"${SLACK_COLOR}\"}]}" ${SLACK_URL}
+      - |
+          if [ "${CODEBUILD_BUILD_SUCCEEDING}" = 1 ]; then
+            STATE="success"
+            DESCRIPTION="The build succeeded!"
+          else
+            STATE="failure"
+            DESCRIPTION="The build failed. Click Details for the logs."
+          fi
+
+          CURL_PAYLOAD=$( jq -n \
+            --arg state "$STATE" \
+            --arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/${ENV}-conversion-tool;stream=${CODEBUILD_LOG_PATH}" \
+            --arg description "$DESCRIPTION" \
+            --arg context "CodeBuild Status" \
+            '{state: $state, target_url: $target_url, description: $description, context: $context}' )
+
+          echo "$CURL_PAYLOAD"
+
+          curl \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${REPO_PAT}" \
+            "${BRANCH_STATUS_URL}/${CODEBUILD_RESOLVED_SOURCE_VERSION}" \
+            -d "${CURL_PAYLOAD}"

buildspec/pr_build.yaml

@@ -0,0 +1,74 @@
+### Future purpose pr file
+version: 0.2
+
+env:
+  variables:
+        ENV: "local"
+        NODE_ENV: "development"
+
+  parameter-store:
+    DOCKERHUB_TOKEN: "/global/dockerhub_token"
+    DOCKERHUB_USER: "/global/dockerhub_user"
+    SCORING_REPO_PAT: "/global/scoring_api_repo_pat"
+
+phases:
+  install:
+    commands:
+      - |
+          CURL_PAYLOAD=$( jq -n \
+            --arg state "pending" \
+            --arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/scoring-api-pr;stream=${CODEBUILD_LOG_PATH}" \
+            --arg description "The build job has started." \
+            --arg context "CodeBuild Status" \
+            '{state: $state, target_url: $target_url, description: $description, context: $context}' )
+
+          echo "$CURL_PAYLOAD"
+
+          curl \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${SCORING_REPO_PAT}" \
+            ${BRANCH_STATUSES_URL} \
+            -d "${CURL_PAYLOAD}"
+      - node -v
+      - npm -v
+      - docker --version
+      - aws --version
+      - jq --version
+
+  build:
+    commands:
+      - echo $DOCKERHUB_TOKEN | docker login --username $DOCKERHUB_USER --password-stdin
+      - echo "Building the Docker image and running tests..."
+      - docker build --no-cache -t $TAG_BUILD --target build .
+      - docker run --rm --env-file example.env $TAG_BUILD npm run lint
+      - docker run --rm --env-file example.env $TAG_BUILD npm run test:cov
+
+  post_build:
+    commands:
+      # Check the build status and set the slack message to reflect pass or fail status
+      - echo "Code build exit number (1 is success, 0 is failed) = $CODEBUILD_BUILD_SUCCEEDING"
+      - |
+          if [ "${CODEBUILD_BUILD_SUCCEEDING}" = 1 ]; then
+            STATE="success"
+            DESCRIPTION="The build succeeded!"
+          else
+            STATE="failure"
+            DESCRIPTION="The build failed. Click Details for the logs."
+          fi
+
+          CURL_PAYLOAD=$( jq -n \
+            --arg state "$STATE" \
+            --arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/scoring-api-pr;stream=${CODEBUILD_LOG_PATH}" \
+            --arg description "$DESCRIPTION" \
+            --arg context "CodeBuild Status" \
+            '{state: $state, target_url: $target_url, description: $description, context: $context}' )
+
+          echo "$CURL_PAYLOAD"
+
+          curl \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${SCORING_REPO_PAT}" \
+            ${BRANCH_STATUSES_URL} \
+            -d "${CURL_PAYLOAD}"

buildspec/readme

@@ -0,0 +1,42 @@
+
+variable :
+  These environment variables can also be defined in example.env file which is in root directory (custom environent variables).
+
+parameter-store :
+  Used to retrive (sensitive) custom environment variabe stored in EC2 system manager parameter store (To store sensitive values we use system manager-parameter store).
+
+Phases :
+  Required sequence. represents the commands codebuild runs during each phase of build. different phases of build steps defined below.
+
+install :
+  install phase only for installing packages in the build environment.  example we can install code testing framework such as mocha.
+
+runtime-versions phase :
+  runtime-versions phase specifying run time version of the build.
+
+commands phase:
+  Contains a sequence of scalars, where each scalar represents a single command that CodeBuild runs during installation. CodeBuild runs each command, one at a time, in the order listed, from beginning to end.
+
+pre_build phase :
+  Represents the commands, if any, that CodeBuild runs before the build. For example, you might use this phase to sign in to Amazon ECR, or you might install npm dependencies.
+
+pre_build/commands :
+  Required sequence if pre_build is specified. Contains a sequence of scalars, where each scalar represents a single command that CodeBuild runs before the build. CodeBuild runs each command, one at a time, in the order listed, from beginning to end.
+
+build phase :
+  Represents the commands, if any, that CodeBuild runs during the build.
+
+build/commands :
+  Represents the commands
+
+post_build :
+  Represents the commands, if any, that CodeBuild runs after the build. example: slack notification
+
+post_build/commands :
+  Represents the commands
+
+artifacsts :
+  location for build output artifacts
+
+
+#ecs deploy $CLUSTER_NAME $SERVICE_NAME --newrelic-apikey ${NR_API_KEY} --newrelic-appid ${APP_ID} -t $BRANCH-$COMMIT_SHORT_SHA --newrelic-revision 1.0.0

qppsfct-copy-certs.sh

@@ -9,10 +9,10 @@ export ENV_CERT=${ENV_CERT}
 export AWS_REGION=${AWS_REGION}
 
 #Export Passphrase for Environment
-export SSL_PASS=$(aws ssm get-parameters --name /qppar-sf/${ENV_CERT}/conversion_tool/SSL_SECRET --with-decryption --query "Parameters[0].Value" | tr -d '"')
+export SSL_PASS=$(aws ssm get-parameters --name /qppar-sf/${ENV_CERT}/conversion-tool/SSL_SECRET --with-decryption --query "Parameters[0].Value" | tr -d '"')
 
 #Export Certificate ARN for Environment
-export CERT_ARN=$(aws ssm get-parameters --name /qppar-sf/${ENV_CERT}/conversion_tool/CERT_ARN --with-decryption --query "Parameters[0].Value" | tr -d '"')
+export CERT_ARN=$(aws ssm get-parameters --name /qppar-sf/${ENV_CERT}/conversion-tool/CERT_ARN --with-decryption --query "Parameters[0].Value" | tr -d '"')
 
 cd ./${CERT_CP_PATH}