diff --git a/.github/workflows/ecr-publish.yml b/.github/workflows/ecr-publish.yml index b5d0b8db3..1df6c118f 100644 --- a/.github/workflows/ecr-publish.yml +++ b/.github/workflows/ecr-publish.yml @@ -4,9 +4,6 @@ on: push: branches: - ecr-deploy - - develop - - release/* - - master env: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/buildspec/build_deploy.yaml b/buildspec/build_deploy.yaml new file mode 100644 index 000000000..c21964c02 --- /dev/null +++ b/buildspec/build_deploy.yaml @@ -0,0 +1,128 @@ +version: 0.2 + +env: + variables: + SLACK_COLOR: "good" + BUILD_STATUS: "completed successfully" + SLACK_CHANNEL: "p-qppsf-deploys" + CODEBUILD_ICON: "https://upload.wikimedia.org/wikipedia/commons/9/93/Amazon_Web_Services_Logo.svg" + AWS_DEFAULT_REGION: "us-east-1" + TEXT_VALUE: "" + + parameter-store: + SLACK_URL: "/slack/p-qppsf-deploys" + DOCKERHUB_TOKEN: "/global/dockerhub_token" + DOCKERHUB_USER: "/global/dockerhub_user" + AWS_ACCOUNT : "/global/aws_account" + REPO_PAT: "/global/scoring_api_repo_pat" + BRANCH_STATUS_URL: "/global/ct_branch_status_url" + PART_FILE: "/qppar-sf/conversion-tool/CPC_PLUS_FILE_NAME" + PART_FILE_BUCKET: "/qppar-sf/$ENV/conversion-tool/CPC_PLUS_BUCKET_NAME" + OUTPUT_PART_FILE: "/qppar-sf/$ENV/conversion-tool/CPC_PLUS_VALIDATION_FILE" + +phases: + install: + runtime-versions: + python: 3.8 + commands: + - | + CURL_PAYLOAD=$( jq -n \ + --arg state "pending" \ + --arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/${ENV}-conversion-tool;stream=${CODEBUILD_LOG_PATH}" \ + --arg description "The build job has started." \ + --arg context "CodeBuild Status" \ + '{state: $state, target_url: $target_url, description: $description, context: $context}' ) + + echo "$CURL_PAYLOAD" + + curl \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${REPO_PAT}" \ + "${BRANCH_STATUS_URL}/${CODEBUILD_RESOLVED_SOURCE_VERSION}" \ + -d "${CURL_PAYLOAD}" + - docker --version + - aws --version + - jq --version + - pip install ecs-deploy + - pwd + - ls -la + + pre_build: + commands: + - echo ${CODEBUILD_SRC_DIR} + - ECS_ENV="${ENV}" + - | + if [ "$ENV" = "prod" || "$ENV" = "devpre" ]; then + CLUSTER_NAME="qppa-${ENV}-api-ecs" + else + CLUSTER_NAME="${ENV}-api-ecs" + fi + - echo "${CLUSTER_NAME}" + - SERVICE_NAME="${ENV}-conversion-tool" + - BRANCH=$(echo "${CODEBUILD_SOURCE_VERSION}") + - echo ${CODEBUILD_RESOLVED_SOURCE_VERSION} + - echo "${BRANCH}" + - COMMIT_SHORT_SHA=$(echo "${CODEBUILD_RESOLVED_SOURCE_VERSION}" | cut -c1-7) + - echo "${COMMIT_SHORT_SHA}" + - TAG_BUILD="${ENV}-conversion-tool:${BRANCH}-${COMMIT_SHORT_SHA}" + - TAG_GIT="${AWS_ACCOUNT}.dkr.ecr.us-east-1.amazonaws.com/${SERVICE_NAME}:${BRANCH}-${COMMIT_SHORT_SHA}" + - TAG_LATEST="${AWS_ACCOUNT}.dkr.ecr.us-east-1.amazonaws.com/${SERVICE_NAME}:latest" + - echo Getting Certificates for ${ENV} + - chmod +x ./qppsfct-copy-certs.sh + - ./qppsfct-copy-certs.sh $ENV $AWS_DEFAULT_REGION + - pip install openpyxl + - echo "Updating participation file" + - chmod +x ./upload-part-file.sh + - ./upload-part-file.sh $PART_FILE_BUCKET $PART_FILE $OUTPUT_PART_FILE $AWS_DEFAULT_REGION + - echo "Logging in to Amazon ECR..." + - echo $DOCKERHUB_TOKEN | docker login --username $DOCKERHUB_USER --password-stdin + - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin ${AWS_ACCOUNT}.dkr.ecr.us-east-1.amazonaws.com + - TEXT_VALUE="Deploying QPP conversion tool service branch ${BRANCH} to ${ECS_ENV}-conversion-tool..." + - curl -X POST --fail --data-urlencode "payload={\"text\":\"Deployment Status\",\"channel\":\"${SLACK_CHANNEL}\",\"username\":\"CodeBuild\",\"icon_url\":\"${CODEBUILD_ICON}\",\"attachments\":[{\"title\":\"${TEXT_VALUE}\",\"color\":\"${SLACK_COLOR}\"}]}" ${SLACK_URL} + + build: + commands: + - echo "Deploying..." + - echo "Build started on `date`..." + - echo "Building the Docker image for conversion tool..." + - docker build -t $TAG_LATEST -t $TAG_GIT .; + - echo "Pushing the Docker image to AWS ECR..." + - docker push $TAG_LATEST; + - docker push $TAG_GIT; + - echo "Branch is ${ENV}, Deploying to ${ENV}-conversion-tool service..." + - ecs deploy $CLUSTER_NAME $SERVICE_NAME -t $BRANCH-$COMMIT_SHORT_SHA --no-deregister --region us-east-1 --timeout 900 --task $SERVICE_NAME; + - aws ecs wait services-stable --cluster $CLUSTER_NAME --services $SERVICE_NAME --region us-east-1; + - echo "Branch is ${ENV}, Deployment to ${ENV}-conversion-tool service completed..." + + post_build: + commands: + # Check the build status and set the slack message to reflect pass or fail status + - echo "Code build exit number (1 is success) = $CODEBUILD_BUILD_SUCCEEDING" + - if [ $CODEBUILD_BUILD_SUCCEEDING = 0 ]; then SLACK_COLOR="danger" && BUILD_STATUS="FAILED"; fi + - TEXT_VALUE="Deployment of branch ${BRANCH} to QPP Conversion Tool service in $ENV-conversion-tool $BUILD_STATUS" + - curl -X POST --fail --data-urlencode "payload={\"text\":\"Deployment Status\",\"channel\":\"${SLACK_CHANNEL}\",\"username\":\"CodeBuild\",\"icon_url\":\"${CODEBUILD_ICON}\",\"attachments\":[{\"title\":\"${TEXT_VALUE}\",\"color\":\"${SLACK_COLOR}\"}]}" ${SLACK_URL} + - | + if [ "${CODEBUILD_BUILD_SUCCEEDING}" = 1 ]; then + STATE="success" + DESCRIPTION="The build succeeded!" + else + STATE="failure" + DESCRIPTION="The build failed. Click Details for the logs." + fi + + CURL_PAYLOAD=$( jq -n \ + --arg state "$STATE" \ + --arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/${ENV}-conversion-tool;stream=${CODEBUILD_LOG_PATH}" \ + --arg description "$DESCRIPTION" \ + --arg context "CodeBuild Status" \ + '{state: $state, target_url: $target_url, description: $description, context: $context}' ) + + echo "$CURL_PAYLOAD" + + curl \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${REPO_PAT}" \ + "${BRANCH_STATUS_URL}/${CODEBUILD_RESOLVED_SOURCE_VERSION}" \ + -d "${CURL_PAYLOAD}" \ No newline at end of file diff --git a/buildspec/pr_build.yaml b/buildspec/pr_build.yaml new file mode 100644 index 000000000..4685b96b1 --- /dev/null +++ b/buildspec/pr_build.yaml @@ -0,0 +1,74 @@ +### Future purpose pr file +version: 0.2 + +env: + variables: + ENV: "local" + NODE_ENV: "development" + + parameter-store: + DOCKERHUB_TOKEN: "/global/dockerhub_token" + DOCKERHUB_USER: "/global/dockerhub_user" + SCORING_REPO_PAT: "/global/scoring_api_repo_pat" + +phases: + install: + commands: + - | + CURL_PAYLOAD=$( jq -n \ + --arg state "pending" \ + --arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/scoring-api-pr;stream=${CODEBUILD_LOG_PATH}" \ + --arg description "The build job has started." \ + --arg context "CodeBuild Status" \ + '{state: $state, target_url: $target_url, description: $description, context: $context}' ) + + echo "$CURL_PAYLOAD" + + curl \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${SCORING_REPO_PAT}" \ + ${BRANCH_STATUSES_URL} \ + -d "${CURL_PAYLOAD}" + - node -v + - npm -v + - docker --version + - aws --version + - jq --version + + build: + commands: + - echo $DOCKERHUB_TOKEN | docker login --username $DOCKERHUB_USER --password-stdin + - echo "Building the Docker image and running tests..." + - docker build --no-cache -t $TAG_BUILD --target build . + - docker run --rm --env-file example.env $TAG_BUILD npm run lint + - docker run --rm --env-file example.env $TAG_BUILD npm run test:cov + + post_build: + commands: + # Check the build status and set the slack message to reflect pass or fail status + - echo "Code build exit number (1 is success, 0 is failed) = $CODEBUILD_BUILD_SUCCEEDING" + - | + if [ "${CODEBUILD_BUILD_SUCCEEDING}" = 1 ]; then + STATE="success" + DESCRIPTION="The build succeeded!" + else + STATE="failure" + DESCRIPTION="The build failed. Click Details for the logs." + fi + + CURL_PAYLOAD=$( jq -n \ + --arg state "$STATE" \ + --arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/scoring-api-pr;stream=${CODEBUILD_LOG_PATH}" \ + --arg description "$DESCRIPTION" \ + --arg context "CodeBuild Status" \ + '{state: $state, target_url: $target_url, description: $description, context: $context}' ) + + echo "$CURL_PAYLOAD" + + curl \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${SCORING_REPO_PAT}" \ + ${BRANCH_STATUSES_URL} \ + -d "${CURL_PAYLOAD}" diff --git a/buildspec/readme b/buildspec/readme new file mode 100644 index 000000000..0131194bb --- /dev/null +++ b/buildspec/readme @@ -0,0 +1,42 @@ + +variable : + These environment variables can also be defined in example.env file which is in root directory (custom environent variables). + +parameter-store : + Used to retrive (sensitive) custom environment variabe stored in EC2 system manager parameter store (To store sensitive values we use system manager-parameter store). + +Phases : + Required sequence. represents the commands codebuild runs during each phase of build. different phases of build steps defined below. + +install : + install phase only for installing packages in the build environment. example we can install code testing framework such as mocha. + +runtime-versions phase : + runtime-versions phase specifying run time version of the build. + +commands phase: + Contains a sequence of scalars, where each scalar represents a single command that CodeBuild runs during installation. CodeBuild runs each command, one at a time, in the order listed, from beginning to end. + +pre_build phase : + Represents the commands, if any, that CodeBuild runs before the build. For example, you might use this phase to sign in to Amazon ECR, or you might install npm dependencies. + +pre_build/commands : + Required sequence if pre_build is specified. Contains a sequence of scalars, where each scalar represents a single command that CodeBuild runs before the build. CodeBuild runs each command, one at a time, in the order listed, from beginning to end. + +build phase : + Represents the commands, if any, that CodeBuild runs during the build. + +build/commands : + Represents the commands + +post_build : + Represents the commands, if any, that CodeBuild runs after the build. example: slack notification + +post_build/commands : + Represents the commands + +artifacsts : + location for build output artifacts + + +#ecs deploy $CLUSTER_NAME $SERVICE_NAME --newrelic-apikey ${NR_API_KEY} --newrelic-appid ${APP_ID} -t $BRANCH-$COMMIT_SHORT_SHA --newrelic-revision 1.0.0 diff --git a/qppsfct-copy-certs.sh b/qppsfct-copy-certs.sh index 2e285e344..d8f20a644 100644 --- a/qppsfct-copy-certs.sh +++ b/qppsfct-copy-certs.sh @@ -9,10 +9,10 @@ export ENV_CERT=${ENV_CERT} export AWS_REGION=${AWS_REGION} #Export Passphrase for Environment -export SSL_PASS=$(aws ssm get-parameters --name /qppar-sf/${ENV_CERT}/conversion_tool/SSL_SECRET --with-decryption --query "Parameters[0].Value" | tr -d '"') +export SSL_PASS=$(aws ssm get-parameters --name /qppar-sf/${ENV_CERT}/conversion-tool/SSL_SECRET --with-decryption --query "Parameters[0].Value" | tr -d '"') #Export Certificate ARN for Environment -export CERT_ARN=$(aws ssm get-parameters --name /qppar-sf/${ENV_CERT}/conversion_tool/CERT_ARN --with-decryption --query "Parameters[0].Value" | tr -d '"') +export CERT_ARN=$(aws ssm get-parameters --name /qppar-sf/${ENV_CERT}/conversion-tool/CERT_ARN --with-decryption --query "Parameters[0].Value" | tr -d '"') cd ./${CERT_CP_PATH}