diff --git a/.git-crypt/.gitattributes b/.git-crypt/.gitattributes deleted file mode 100644 index 665b10e8..00000000 --- a/.git-crypt/.gitattributes +++ /dev/null @@ -1,4 +0,0 @@ -# Do not edit this file. To specify the files to encrypt, create your own -# .gitattributes file in the directory where your files are. -* !filter !diff -*.gpg binary diff --git a/.git-crypt/keys/default/0/04ED20CFC7112DE4E6C4070CED0E3AA9A664E742.gpg b/.git-crypt/keys/default/0/04ED20CFC7112DE4E6C4070CED0E3AA9A664E742.gpg deleted file mode 100644 index 33fd86c8..00000000 Binary files a/.git-crypt/keys/default/0/04ED20CFC7112DE4E6C4070CED0E3AA9A664E742.gpg and /dev/null differ diff --git a/.git-crypt/keys/default/0/41D2606F66C3FF28874362B61A16916844CE9D82.gpg b/.git-crypt/keys/default/0/41D2606F66C3FF28874362B61A16916844CE9D82.gpg deleted file mode 100644 index 15900f75..00000000 Binary files a/.git-crypt/keys/default/0/41D2606F66C3FF28874362B61A16916844CE9D82.gpg and /dev/null differ diff --git a/.git-crypt/keys/default/0/B14145CFE7938B456B337E514F2AE1DED258B20E.gpg b/.git-crypt/keys/default/0/B14145CFE7938B456B337E514F2AE1DED258B20E.gpg deleted file mode 100644 index 6dab001c..00000000 Binary files a/.git-crypt/keys/default/0/B14145CFE7938B456B337E514F2AE1DED258B20E.gpg and /dev/null differ diff --git a/.git-crypt/keys/default/0/CF76184B551B037240C4D457AFD792BACA20583D.gpg b/.git-crypt/keys/default/0/CF76184B551B037240C4D457AFD792BACA20583D.gpg deleted file mode 100644 index 764c1830..00000000 Binary files a/.git-crypt/keys/default/0/CF76184B551B037240C4D457AFD792BACA20583D.gpg and /dev/null differ diff --git a/.gitattributes b/.gitattributes index 986e6e4e..52031de5 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1 @@ -config/secrets/** filter=git-crypt diff=git-crypt *.sol linguist-language=Solidity diff --git a/.github/workflows/deploy-demo.yaml b/.github/workflows/deploy-demo.yaml deleted file mode 100644 index 90cbe1d7..00000000 --- a/.github/workflows/deploy-demo.yaml +++ /dev/null @@ -1,35 +0,0 @@ -name: Demo Branch Backend Build and Deploy to GAE -on: - push: - branches: - - demo -jobs: - build: - runs-on: ubuntu-latest - strategy: - matrix: - node-version: [10.x] - steps: - - uses: actions/checkout@v1 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 - with: - node-version: ${{ matrix.node-version }} - - name: build backend - run: | - npm install - - uses: actions-hub/gcloud@master - name: copy environment variables - env: - PROJECT_ID: ${{secrets.APP_ENGINE_PROJECT_ID_DEV}} - APPLICATION_CREDENTIALS: ${{secrets.APP_ENGINE_CONFIG_DEV}} - CLI: gsutil - with: - args: cp gs://boson-variables-dev/demo/.env . - - uses: actions-hub/gcloud@master - name: deploy service - env: - PROJECT_ID: ${{secrets.APP_ENGINE_PROJECT_ID_DEV}} - APPLICATION_CREDENTIALS: ${{secrets.APP_ENGINE_CONFIG_DEV}} - with: - args: app deploy app-demo.yaml diff --git a/.github/workflows/deploy-develop.yaml b/.github/workflows/deploy-develop.yaml deleted file mode 100644 index 93ca18af..00000000 --- a/.github/workflows/deploy-develop.yaml +++ /dev/null @@ -1,35 +0,0 @@ -name: Develop Branch Backend Build and Deploy to GAE -on: - push: - branches: - - develop -jobs: - build: - runs-on: ubuntu-latest - strategy: - matrix: - node-version: [10.x] - steps: - - uses: actions/checkout@v1 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 - with: - node-version: ${{ matrix.node-version }} - - name: build backend - run: | - npm install - - uses: actions-hub/gcloud@master - name: copy environment variables - env: - PROJECT_ID: ${{secrets.APP_ENGINE_PROJECT_ID_DEV}} - APPLICATION_CREDENTIALS: ${{secrets.APP_ENGINE_CONFIG_DEV}} - CLI: gsutil - with: - args: cp gs://boson-variables-dev/.env . - - uses: actions-hub/gcloud@master - name: deploy service - env: - PROJECT_ID: ${{secrets.APP_ENGINE_PROJECT_ID_DEV}} - APPLICATION_CREDENTIALS: ${{secrets.APP_ENGINE_CONFIG_DEV}} - with: - args: app deploy diff --git a/.github/workflows/deploy-master.yaml b/.github/workflows/deploy-master.yaml deleted file mode 100644 index cdda7603..00000000 --- a/.github/workflows/deploy-master.yaml +++ /dev/null @@ -1,35 +0,0 @@ -name: Develop Branch Backend Build and Deploy to GCE -on: - push: - branches: - - master -jobs: - build: - runs-on: ubuntu-latest - strategy: - matrix: - node-version: [10.x] - steps: - - uses: actions/checkout@v1 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 - with: - node-version: ${{ matrix.node-version }} - - name: build backend - run: | - npm install - - uses: actions-hub/gcloud@master - name: copy environment variables - env: - PROJECT_ID: ${{secrets.APP_ENGINE_PROJECT_ID}} - APPLICATION_CREDENTIALS: ${{secrets.APP_ENGINE_CONFIG_PROD}} - CLI: gsutil - with: - args: cp gs://boson-variables-test/.env . - - uses: actions-hub/gcloud@master - name: deploy service - env: - PROJECT_ID: ${{secrets.APP_ENGINE_PROJECT_ID}} - APPLICATION_CREDENTIALS: ${{secrets.APP_ENGINE_CONFIG_PROD}} - with: - args: app deploy diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml new file mode 100644 index 00000000..3520b2a3 --- /dev/null +++ b/.github/workflows/main.yaml @@ -0,0 +1,137 @@ +name: Build and Deploy leptonite.io + +on: + push: + tags: + - 'v*' + pull_request: + branches: + - main + +jobs: + api: + name: API related tasks + runs-on: ubuntu-latest + env: + REGISTRY: 031036423983.dkr.ecr.eu-west-2.amazonaws.com + services: + mongodb: + image: mongo:4.4.8 + ports: + - 27017:27017 + env: + MONGO_INITDB_ROOT_USERNAME: admin + MONGO_INITDB_ROOT_PASSWORD: secret + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-node@v2 + with: + node-version: '12' + cache: 'npm' + - run: npm install + - run: npm run app:lint + - run: npm run app:format + - run: npm run tests:app:lint + - run: npm run tests:app:format + - run: npm run tests:app:unit:coverage + - run: npm run tests:app:persistence:coverage + - run: npm run tests:app:persistence + - run: npm run tests:app:component:coverage + - run: npm run tests:app:component + - run: npm run tests:coverage:badge + - name: Configure AWS credentials + if: ${{ github.event_name == 'push' }} + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: eu-west-2 + - name: Login to Amazon ECR + if: ${{ github.event_name == 'push' }} + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + - name: Export TAG value + if: ${{ github.event_name == 'push' }} + run: echo "TAG=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV + - name: Build and push + if: ${{ github.event_name == 'push' }} + run: | + docker build --tag $REGISTRY/bsn/reference-backend:$TAG . + docker push $REGISTRY /bsn/reference-backend:$TAG + + keepers: + name: Keepers related tasks + runs-on: ubuntu-latest + defaults: + run: + working-directory: "./external/keepers" + env: + REGISTRY: 031036423983.dkr.ecr.eu-west-2.amazonaws.com + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-node@v2 + with: + node-version: '12' + cache: 'npm' + - run: npm install + - name: Configure AWS credentials + if: ${{ github.event_name == 'push' }} + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: eu-west-2 + - name: Login to Amazon ECR + if: ${{ github.event_name == 'push' }} + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + - name: Export TAG value + if: ${{ github.event_name == 'push' }} + run: echo "TAG=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV + - name: Build and push + if: ${{ github.event_name == 'push' }} + run: | + docker build --tag $REGISTRY/bsn/keepers:$TAG . + docker push $REGISTRY /bsn/keepers:$TAG + + triggers: + name: Triggers related tasks + runs-on: ubuntu-latest + defaults: + run: + working-directory: "./terraform/functions" + steps: + - uses: actions/checkout@v2 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: eu-west-2 + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_wrapper: false + - name: Terraform Format + id: fmt + run: terraform fmt -check -recursive + - name: Terraform Init + id: init + run: terraform init -backend-config=$TF_BACKEND_BUCKET -backend-config=$TF_BACKEND_STATE_KEY -backend-config='region=eu-west-2' -backend-config='encrypt=true' + env: + TF_BACKEND_BUCKET: ${{ secrets.TF_BACKEND_BUCKET }} + TF_BACKEND_STATE_KEY: ${{ secrets.TF_BACKEND_STATE_KEY }} + - name: Terraform Validate + id: validate + run: terraform validate -no-color + - run: 'echo "$TFVARS" > terraform.tfvars' + shell: bash + env: + TFVARS: ${{ secrets.TFVARS }} + - name: Terraform Plan + id: plan + run: terraform plan -no-color + - name: Terraform Apply + if: ${{ github.event_name == 'push' }} + id: apply + run: terraform apply -auto-approve diff --git a/.gitignore b/.gitignore index 9432f1a4..9a2b04dd 100644 --- a/.gitignore +++ b/.gitignore @@ -29,3 +29,39 @@ node_modules # Personal Preferences .vscode + +### Terraform template +# Local .terraform directories +terraform/**/.terraform/** + +# .tfstate files +terraform/*.tfstate +terraform/*.tfstate.* + +# Crash log files +terraform/crash.log + +# Exclude all .tfvars files, which are likely to contain sentitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +# +terraform/*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +terraform/override.tf +terraform/override.tf.json +terraform/*_override.tf +terraform/*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +terraform/.terraformrc +terraform/terraform.rc \ No newline at end of file diff --git a/.ruby-version b/.ruby-version deleted file mode 100644 index fbafd6b6..00000000 --- a/.ruby-version +++ /dev/null @@ -1 +0,0 @@ -2.7.2 \ No newline at end of file diff --git a/image/Dockerfile b/Dockerfile similarity index 94% rename from image/Dockerfile rename to Dockerfile index 7c30762b..deaf505f 100644 --- a/image/Dockerfile +++ b/Dockerfile @@ -26,9 +26,5 @@ RUN cd /opt/reference-backend \ && npm install \ && cd - -# Add metadata -ADD VERSION /VERSION -ADD TAG /TAG - # Run docker-entrypoint.sh start script by default ENTRYPOINT ["/opt/reference-backend/bin/docker-entrypoint.sh"] diff --git a/Gemfile b/Gemfile deleted file mode 100644 index fa40e32d..00000000 --- a/Gemfile +++ /dev/null @@ -1,10 +0,0 @@ -source 'https://rubygems.org' - -gem 'rake', '~> 13.0' -gem 'rake_terraform', '~> 1.19' -gem 'rake_docker', '~> 2.13' -gem 'rake_fly', '~> 2.7' -gem 'rake_gpg', '~> 0.16' -gem 'git', '~> 1.8' -gem 'confidante', '~> 0.27' -gem 'shivers', '~> 0.5' diff --git a/Gemfile.lock b/Gemfile.lock deleted file mode 100644 index a7dfb8bf..00000000 --- a/Gemfile.lock +++ /dev/null @@ -1,157 +0,0 @@ -GEM - remote: https://rubygems.org/ - specs: - activesupport (6.1.3.2) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 1.6, < 2) - minitest (>= 5.1) - tzinfo (~> 2.0) - zeitwerk (~> 2.3) - aws-eventstream (1.1.1) - aws-partitions (1.465.0) - aws-sdk-core (3.114.0) - aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.239.0) - aws-sigv4 (~> 1.1) - jmespath (~> 1.0) - aws-sdk-ecr (1.42.0) - aws-sdk-core (~> 3, >= 3.112.0) - aws-sigv4 (~> 1.1) - aws-sigv4 (1.2.3) - aws-eventstream (~> 1, >= 1.0.2) - colored2 (3.1.2) - concourse.rb (0.4.0) - dry-schema (~> 0.5) - excon (~> 0.72) - semantic (~> 1.5) - concurrent-ruby (1.1.8) - confidante (0.27.0) - activesupport (>= 4) - hiera (~> 3.3, >= 3.3.1) - shikashi (~> 0.6) - docker-api (1.34.2) - excon (>= 0.47.0) - multi_json - dry-configurable (0.12.1) - concurrent-ruby (~> 1.0) - dry-core (~> 0.5, >= 0.5.0) - dry-container (0.7.2) - concurrent-ruby (~> 1.0) - dry-configurable (~> 0.1, >= 0.1.3) - dry-core (0.5.0) - concurrent-ruby (~> 1.0) - dry-equalizer (0.3.0) - dry-inflector (0.2.0) - dry-initializer (3.0.4) - dry-logic (1.2.0) - concurrent-ruby (~> 1.0) - dry-core (~> 0.5, >= 0.5) - dry-schema (0.6.0) - concurrent-ruby (~> 1.0) - dry-configurable (~> 0.8, >= 0.8.0) - dry-core (~> 0.4) - dry-equalizer (~> 0.2) - dry-initializer (~> 3.0) - dry-logic (~> 1.0) - dry-types (~> 1.0) - dry-types (1.5.1) - concurrent-ruby (~> 1.0) - dry-container (~> 0.3) - dry-core (~> 0.5, >= 0.5) - dry-inflector (~> 0.1, >= 0.1.2) - dry-logic (~> 1.0, >= 1.0.2) - evalhook (0.6.0) - partialruby (~> 0.3) - sexp_processor (~> 4.0) - excon (0.82.0) - getsource (0.2.2) - git (1.8.1) - rchardet (~> 1.8) - hamster (3.0.0) - concurrent-ruby (~> 1.0) - hiera (3.7.0) - i18n (1.8.10) - concurrent-ruby (~> 1.0) - immutable-struct (2.4.1) - jmespath (1.4.0) - lino (3.0.0) - hamster (~> 3.0) - open4 (~> 1.3) - minitar (0.9) - minitest (5.14.4) - multi_json (1.15.0) - open4 (1.3.4) - partialruby (0.3.0) - ruby2ruby (~> 2) - ruby_parser (~> 3) - rake (13.0.3) - rake_dependencies (2.11.0) - hamster (~> 3.0) - minitar (~> 0.9) - rake_factory (~> 0.23) - rubyzip (>= 1.3) - rake_docker (2.13.0) - aws-sdk-ecr (~> 1.2) - colored2 (~> 3.1) - docker-api (~> 1.34) - rake_factory (~> 0.23) - rake_factory (0.29.0) - activesupport (>= 4) - rake (~> 13.0) - rake_fly (2.7.0) - concourse.rb (>= 0.4) - rake_dependencies (~> 2, < 3) - rake_factory (>= 0.29, < 1) - ruby_fly (>= 0.35) - semantic (~> 1.6.1) - rake_gpg (0.16.0) - rake_factory (>= 0.23, < 1) - ruby_gpg2 (>= 0.6, < 1) - rake_terraform (1.19.0) - colored2 (~> 3.1) - rake_dependencies (~> 2.11) - rake_factory (~> 0.23) - ruby-terraform (~> 1.1) - rchardet (1.8.0) - ruby-terraform (1.2.0) - immutable-struct (~> 2.4) - lino (~> 3.0) - ruby2ruby (2.4.4) - ruby_parser (~> 3.1) - sexp_processor (~> 4.6) - ruby_fly (0.35.0) - lino (>= 1.5) - ruby_gpg2 (0.8.0) - lino (>= 1.5) - ruby_parser (3.16.0) - sexp_processor (~> 4.15, >= 4.15.1) - rubyzip (2.3.0) - semantic (1.6.1) - sexp_processor (4.15.3) - shikashi (0.6.0) - evalhook (>= 0.6.0) - getsource (>= 0.1.0) - shivers (0.5.0) - semantic (~> 1.6) - tzinfo (2.0.4) - concurrent-ruby (~> 1.0) - zeitwerk (2.4.2) - -PLATFORMS - arm64-darwin-20 - x86_64-darwin-19 - x86_64-darwin-20 - x86_64-linux - -DEPENDENCIES - confidante (~> 0.27) - git (~> 1.8) - rake (~> 13.0) - rake_docker (~> 2.13) - rake_fly (~> 2.7) - rake_gpg (~> 0.16) - rake_terraform (~> 1.19) - shivers (~> 0.5) - -BUNDLED WITH - 2.2.18 diff --git a/Rakefile b/Rakefile deleted file mode 100644 index d0c002de..00000000 --- a/Rakefile +++ /dev/null @@ -1,812 +0,0 @@ -require 'git' -require 'confidante' -require 'rake_terraform' -require 'ruby_terraform/output' -require 'rake_docker' -require 'rake_fly' -require 'rake_gpg' -require 'rake_factory/kernel_extensions' -require 'shivers' - -configuration = Confidante.configuration -version = Shivers::Version.from_file('build/version') - -Docker.options = { - read_timeout: 300 -} - -RakeFly.define_installation_tasks(version: '6.7.2') -RakeTerraform.define_installation_tasks( - path: File.join(Dir.pwd, 'vendor', 'terraform'), - version: '0.15.4') - -task :default => [ - :build_fix, - :test -] - -task :build => [ - :"app:lint", - :"app:format", - :"tests:app:lint", - :"tests:app:format" -] - -task :build_fix => [ - :"app:lint_fix", - :"app:format_fix", - :"tests:app:lint_fix", - :"tests:app:format_fix" -] - -namespace :keys do - namespace :app do - namespace :passphrase do - task :generate do - File.open('config/secrets/app/gpg.passphrase', 'w') do |f| - f.write(SecureRandom.base64(36)) - end - end - end - - namespace :gpg do - RakeGPG.define_generate_key_task( - output_directory: 'config/secrets/app', - name_prefix: 'gpg', - armor: false, - owner_name: 'Leptonite Maintainers', - owner_email: 'maintainers@leptonite.io', - owner_comment: 'Service key' - ) do |t| - t.passphrase = - File.read('config/secrets/app/gpg.passphrase') - end - end - - task generate: %w[passphrase:generate gpg:generate] - end -end - -task :test, [:deployment_type, :deployment_label] do |_, args| - [ - :'tests:app:unit', - :'tests:app:persistence', - :'tests:app:component' - ].each do |task_name| - Rake::Task[task_name].invoke(*args) - end -end - -namespace :secrets do - desc 'Check if secrets are readable' - task :check do - if File.exist?('config/secrets') - puts 'Checking if secrets are accessible.' - unless File.read('config/secrets/.unlocked').strip == "true" - raise RuntimeError, Paint['Cannot access secrets.', :red] - end - puts 'Secrets accessible. Continuing.' - end - end - - desc 'Unlock secrets' - task :unlock do - if File.exist?('config/secrets') - puts 'Unlocking secrets.' - sh('git crypt unlock') - end - end -end - -namespace :app do - namespace :dependencies do - desc "Install all app dependencies" - task :install do - sh('npm', 'install') - end - end - - desc "Lint all app sources" - task :lint => [:'dependencies:install'] do - sh('npm', 'run', 'app:lint') - end - - desc "Lint & fix all app source" - task :lint_fix => [:'dependencies:install'] do - sh('npm', 'run', 'app:lint-fix') - end - - desc "Format all app sources" - task :format => [:'dependencies:install'] do - sh('npm', 'run', 'app:format') - end - - desc "Format & fix all app sources" - task :format_fix => [:'dependencies:install'] do - sh('npm', 'run', 'app:format-fix') - end - - desc "Run the app as a local process" - task :run => [:'dependencies:install', :'database:local:provision'] do - configuration = configuration - .for_scope( - deployment_type: 'local', - deployment_label: 'development', - role: 'local-app' - ) - - environment = configuration - .environment - .map { |k, v| [k.to_s, v] } - .to_h - - sh(environment, 'npm', 'run', 'start') - end -end - -namespace :functions do - namespace :dependencies do - desc "Install all functions dependencies" - task :install do - Dir.chdir('external/lambdas') do - sh('npm', 'install') - end - end - end - - desc "Lint all function sources" - task :lint => [:'dependencies:install'] do - Dir.chdir('external/lambdas') do - sh('npm', 'run', 'functions:lint') - end - end - - desc "Lint & fix all app source" - task :lint_fix => [:'dependencies:install'] do - Dir.chdir('external/lambdas') do - sh('npm', 'run', 'functions:lint-fix') - end - end - - desc "Format all app sources" - task :format => [:'dependencies:install'] do - Dir.chdir('external/lambdas') do - sh('npm', 'run', 'functions:format') - end - end - - desc "Format & fix all app sources" - task :format_fix => [:'dependencies:install'] do - Dir.chdir('external/lambdas') do - sh('npm', 'run', 'functions:format-fix') - end - end -end - -namespace :bootstrap do - RakeTerraform.define_command_tasks( - configuration_name: 'bootstrap infrastructure', - argument_names: [:deployment_type, :deployment_label]) do |t, args| - configuration = configuration - .for_scope(args.to_h.merge(role: 'bootstrap')) - - deployment_identifier = configuration.deployment_identifier - vars = configuration.vars - - t.source_directory = 'infra/bootstrap' - t.work_directory = 'build' - - t.state_file = - File.join( - Dir.pwd, "state/bootstrap/#{deployment_identifier}.tfstate") - t.vars = vars - end -end - -namespace :database do - namespace :test do - RakeDocker.define_container_tasks( - container_name: 'reference-backend-test-database') do |t| - configuration = configuration - .for_scope( - deployment_type: 'local', - deployment_label: 'testing') - - t.image = "mongo:#{configuration.database_version}" - t.ports = ["#{configuration.database_port}:27017"] - t.environment = [ - "MONGO_INITDB_ROOT_USERNAME=#{configuration.database_username}", - "MONGO_INITDB_ROOT_PASSWORD=#{configuration.database_password}", - ] - end - end - - namespace :local do - RakeDocker.define_container_tasks( - container_name: 'reference-backend-local-database') do |t| - configuration = configuration - .for_scope( - deployment_type: 'local', - deployment_label: 'development') - - t.image = "mongo:#{configuration.database_version}" - t.ports = ["#{configuration.database_port}:27017"] - t.environment = [ - "MONGO_INITDB_ROOT_USERNAME=#{configuration.database_username}", - "MONGO_INITDB_ROOT_PASSWORD=#{configuration.database_password}", - ] - end - end - - namespace :environment do - RakeTerraform.define_command_tasks( - configuration_name: 'database', - argument_names: [:deployment_type, :deployment_label]) do |t, args| - configuration = configuration - .for_scope(args.to_h.merge(role: 'database')) - - vars = configuration.vars - backend_config = configuration.backend_config - - t.source_directory = 'infra/database' - t.work_directory = 'build' - - t.vars = vars - t.backend_config = backend_config - end - end - - namespace :contextual do - task :ensure, [:deployment_type, :deployment_label] do |_, args| - args.with_defaults( - deployment_type: 'local', - deployment_label: 'testing') - - database_type = configuration - .for_scope(args.to_h) - .database_type - task_name = (database_type == 'deployed') ? - 'database:environment:provision' : - 'database:test:provision' - - Rake::Task[task_name].invoke(*args) - end - end -end - -namespace :tests do - namespace :app do - desc "Lint all tests" - task :lint => [:'app:dependencies:install'] do - sh('npm', 'run', 'tests:app:lint') - end - - desc "Lint & fix all tests" - task :lint_fix => [:'app:dependencies:install'] do - sh('npm', 'run', 'tests:app:lint-fix') - end - - desc "Format all test files" - task :format => [:'app:dependencies:install'] do - sh('npm', 'run', 'tests:app:format') - end - - desc "Format & fix all test files" - task :format_fix => [:'app:dependencies:install'] do - sh('npm', 'run', 'tests:app:format-fix') - end - - desc "Run all unit tests" - task :unit => [:'app:dependencies:install'] do - script_name = ENV["INCLUDE_COVERAGE"] == 'true' ? - 'tests:app:unit:coverage' : - 'tests:app:unit' - sh('npm', 'run', script_name) - end - - desc "Run all integration tests" - task :integration => [:'app:dependencies:install'] do - configuration = configuration - .for_scope( - deployment_type: 'local', - deployment_label: 'testing', - role: 'integration-tests' - ) - - environment = configuration - .environment - .map { |k, v| [k.to_s, v] } - .to_h - - sh(environment, 'npm', 'run', 'tests:app:integration') - end - - desc "Run all persistence tests" - task :persistence, - [:deployment_type, :deployment_label] => - [:'app:dependencies:install'] do |_, args| - args.with_defaults( - deployment_type: 'local', - deployment_label: 'testing') - - Rake::Task['database:contextual:ensure'].invoke(*args) - - script_name = ENV["INCLUDE_COVERAGE"] == 'true' ? - 'tests:app:persistence:coverage' : - 'tests:app:persistence' - sh(database_overrides_for(configuration, args), - 'npm', 'run', script_name) - end - - desc "Run all component tests" - task :component, - [:deployment_type, :deployment_label] => - [:'app:dependencies:install'] do |_, args| - args.with_defaults( - deployment_type: 'local', - deployment_label: 'testing') - - Rake::Task['database:contextual:ensure'].invoke(*args) - - script_name = ENV["INCLUDE_COVERAGE"] == 'true' ? - 'tests:app:component:coverage' : - 'tests:app:component' - sh(database_overrides_for(configuration, args), - 'npm', 'run', script_name) - end - - namespace :coverage do - desc "Run coverage badge creation" - task :badge => [:'app:dependencies:install'] do |_, args| - sh('npm', 'run', 'tests:coverage:badge') - end - end - end -end - -namespace :lambda do - RakeTerraform.define_command_tasks( - configuration_name: 'reference backend keepers lambda', - argument_names: %i[deployment_type deployment_label] - ) do |t, args| - configuration = - configuration.for_scope(args.to_h.merge(role: 'functions')) - - t.source_directory = 'infra/functions' - t.work_directory = 'build' - - t.backend_config = configuration.backend_config - t.vars = configuration.vars - end -end - -namespace :keepers_image_repository do - RakeTerraform.define_command_tasks( - configuration_name: 'keepers image repository', - argument_names: %i[deployment_type deployment_label] - ) do |t, args| - configuration = - configuration.for_scope(args.to_h.merge(role: 'keepers-image-repository')) - - t.source_directory = 'infra/keepers-image-repository' - t.work_directory = 'build' - - t.backend_config = configuration.backend_config - t.vars = configuration.vars - end -end - -namespace :image_repository do - RakeTerraform.define_command_tasks( - configuration_name: 'reference backend image repository', - argument_names: %i[deployment_type deployment_label] - ) do |t, args| - configuration = - configuration.for_scope(args.to_h.merge(role: 'image-repository')) - - t.source_directory = 'infra/image-repository' - t.work_directory = 'build' - - t.backend_config = configuration.backend_config - t.vars = configuration.vars - end -end - -namespace :image do - RakeDocker.define_image_tasks( - image_name: 'reference-backend', - argument_names: %i[deployment_type deployment_label] - ) do |t, args| - configuration = - configuration.for_scope(args.to_h.merge(role: 'image-repository')) - - t.work_directory = 'build/images' - - t.copy_spec = [ - 'image/Dockerfile', - 'image/docker-entrypoint.sh', - 'src/', - 'app.js', - 'package.json', - 'package-lock.json' - ] - t.create_spec = [ - { content: version.to_s, to: 'VERSION' }, - { content: version.to_docker_tag, to: 'TAG' } - ] - - t.repository_name = configuration.image_repository_name - t.repository_url = dynamic do - JSON.parse( - RubyTerraform::Output.for( - name: 'repository_url', - source_directory: 'infra/image-repository', - work_directory: 'build', - backend_config: configuration.backend_config - ) - ) - end - - t.credentials = dynamic do - RakeDocker::Authentication::ECR.new do |c| - c.region = configuration.region - c.registry_id = - JSON.parse( - RubyTerraform::Output.for( - name: 'registry_id', - source_directory: 'infra/image-repository', - work_directory: 'build', - backend_config: configuration.backend_config - ) - ) - end.call - end - - t.tags = [version.to_docker_tag, 'latest'] - end -end - -namespace :image_keepers do - RakeDocker.define_image_tasks( - image_name: 'keepers', - argument_names: %i[deployment_type deployment_label] - ) do |t, args| - configuration = - configuration.for_scope(args.to_h.merge(role: 'keepers-image-repository')) - - t.work_directory = 'build/images' - - t.copy_spec = [ - 'image-keepers/Dockerfile', - 'image-keepers/docker-entrypoint.sh', - 'external/keepers/src/', - 'external/keepers/package.json', - 'external/keepers/package-lock.json' - ] - t.create_spec = [ - { content: version.to_s, to: 'VERSION' }, - { content: version.to_docker_tag, to: 'TAG' } - ] - - t.repository_name = configuration.keepers_image_repository_name - t.repository_url = dynamic do - JSON.parse( - RubyTerraform::Output.for( - name: 'repository_url', - source_directory: 'infra/keepers-image-repository', - work_directory: 'build', - backend_config: configuration.backend_config - ) - ) - end - - t.credentials = dynamic do - RakeDocker::Authentication::ECR.new do |c| - c.region = configuration.region - c.registry_id = - JSON.parse( - RubyTerraform::Output.for( - name: 'registry_id', - source_directory: 'infra/keepers-image-repository', - work_directory: 'build', - backend_config: configuration.backend_config - ) - ) - end.call - end - - t.tags = [version.to_docker_tag, 'latest'] - end -end - -namespace :image_storage_bucket do - RakeTerraform.define_command_tasks( - configuration_name: 'reference backend image storage bucket', - argument_names: %i[deployment_type deployment_label] - ) do |t, args| - configuration = - configuration.for_scope(args.to_h.merge(role: 'image-storage-bucket')) - - t.source_directory = 'infra/image-storage-bucket' - t.work_directory = 'build' - - t.backend_config = configuration.backend_config - t.vars = configuration.vars - end -end - -namespace :service do - RakeTerraform.define_command_tasks( - configuration_name: 'reference backend', - argument_names: %i[deployment_type deployment_label] - ) do |t, args| - version_configuration = { version_number: version.to_docker_tag } - service_configuration = - configuration - .for_overrides(version_configuration) - .for_scope(args.to_h.merge(role: 'service')) - - t.source_directory = 'infra/service' - t.work_directory = 'build' - - t.backend_config = service_configuration.backend_config - t.vars = service_configuration.vars - end -end - -namespace :service_keepers do - RakeTerraform.define_command_tasks( - configuration_name: 'keepers', - argument_names: %i[deployment_type deployment_label] - ) do |t, args| - version_configuration = { version_number: version.to_docker_tag } - service_configuration = - configuration - .for_overrides(version_configuration) - .for_scope(args.to_h.merge(role: 'keepers-service')) - - t.source_directory = 'infra/keepers-service' - t.work_directory = 'build' - - t.backend_config = service_configuration.backend_config - t.vars = service_configuration.vars - end -end - -namespace :ci do - RakeFly.define_authentication_tasks( - namespace: :authentication, - argument_names: [ - :ci_deployment_type, - :ci_deployment_label - ]) do |t, args| - configuration = configuration - .for_scope(args.to_h) - - t.target = configuration.concourse_team - t.concourse_url = configuration.concourse_url - t.team = configuration.concourse_team - t.username = configuration.concourse_username - t.password = configuration.concourse_password - - t.home_directory = 'build/fly' - end - - namespace :pipeline do - RakeFly.define_pipeline_tasks( - namespace: :develop, - argument_names: [ - :ci_deployment_type, - :ci_deployment_label - ] - ) do |t, args| - configuration = configuration - .for_scope(args.to_h.merge(role: 'develop-pipeline')) - ci_deployment_type = configuration.ci_deployment_identifier - - t.target = configuration.concourse_team - t.team = configuration.concourse_team - t.pipeline = "reference-backend-develop" - - t.config = 'pipelines/develop/pipeline.yaml' - - t.vars = configuration.vars - t.var_files = [ - 'config/secrets/pipeline/constants.yaml', - "config/secrets/pipeline/#{ci_deployment_type}.yaml" - ] - - t.non_interactive = true - t.home_directory = 'build/fly' - end - - RakeFly.define_pipeline_tasks( - namespace: :demo, - argument_names: [ - :ci_deployment_type, - :ci_deployment_label - ] - ) do |t, args| - configuration = configuration - .for_scope(args.to_h.merge(role: 'demo-pipeline')) - ci_deployment_type = configuration.ci_deployment_identifier - - t.target = configuration.concourse_team - t.team = configuration.concourse_team - t.pipeline = "reference-backend-demo" - - t.config = 'pipelines/demo/pipeline.yaml' - - t.vars = configuration.vars - t.var_files = [ - 'config/secrets/pipeline/constants.yaml', - "config/secrets/pipeline/#{ci_deployment_type}.yaml" - ] - - t.non_interactive = true - t.home_directory = 'build/fly' - end - - RakeFly.define_pipeline_tasks( - namespace: :production, - argument_names: [ - :ci_deployment_type, - :ci_deployment_label - ] - ) do |t, args| - configuration = configuration - .for_scope(args.to_h.merge(role: 'tag-pipeline')) - ci_deployment_type = configuration.ci_deployment_identifier - - t.target = configuration.concourse_team - t.team = configuration.concourse_team - t.pipeline = "reference-backend-production" - - t.config = 'pipelines/tag/pipeline.yaml' - - t.vars = configuration.vars - t.var_files = [ - 'config/secrets/pipeline/constants.yaml', - "config/secrets/pipeline/#{ci_deployment_type}.yaml" - ] - - t.non_interactive = true - t.home_directory = 'build/fly' - end - - RakeFly.define_pipeline_tasks( - namespace: :builder, - argument_names: [ - :ci_deployment_type, - :ci_deployment_label] - ) do |t, args| - configuration = configuration - .for_scope(args.to_h.merge(role: 'builder-pipeline')) - ci_deployment_type = configuration.ci_deployment_identifier - - t.target = configuration.concourse_team - t.team = configuration.concourse_team - t.pipeline = "reference-backend-builder" - - t.config = 'pipelines/builder/pipeline.yaml' - - t.vars = configuration.vars - t.var_files = [ - 'config/secrets/pipeline/constants.yaml', - "config/secrets/pipeline/#{ci_deployment_type}.yaml" - ] - - t.non_interactive = true - t.home_directory = 'build/fly' - end - - namespace :pr do - RakeFly.define_pipeline_tasks( - argument_names: [ - :ci_deployment_type, - :ci_deployment_label, - :branch - ] - ) do |t, args| - branch = args.branch || pr_metadata_branch - - configuration = configuration - .for_scope(args.to_h.merge(role: 'pr-pipeline')) - .for_overrides(source_repository_branch: branch) - - ci_deployment_type = configuration.ci_deployment_identifier - - t.target = configuration.concourse_team - t.team = configuration.concourse_team - t.pipeline = "reference-backend-pr-#{to_pipeline_name(branch)}" - - t.config = 'pipelines/pr/pipeline.yaml' - - t.vars = configuration.vars - t.var_files = [ - 'config/secrets/pipeline/constants.yaml', - "config/secrets/pipeline/#{ci_deployment_type}.yaml" - ] - - t.non_interactive = true - t.home_directory = 'build/fly' - end - - task :handle, [ - :ci_deployment_type, - :ci_deployment_label, - :branch, - :state - ] do |_, args| - branch = args.branch || pr_metadata_branch - state = args.state || pr_metadata_state - - if state == "OPEN" - Rake::Task[:"ci:pipeline:pr:push"].invoke( - args.ci_deployment_type, - args.ci_deployment_label, - branch) - else - Rake::Task[:"ci:pipeline:pr:destroy"].invoke( - args.ci_deployment_type, - args.ci_deployment_label, - branch) - end - end - end - end - - namespace :pipelines do - desc "Push all pipelines" - task :push, [:ci_deployment_type, :ci_deployment_label] do |_, args| - Rake::Task[:"ci:pipeline:develop:push"].invoke(*args) - Rake::Task[:"ci:pipeline:demo:push"].invoke(*args) - Rake::Task[:"ci:pipeline:builder:push"].invoke(*args) - end - end -end - -def pr_metadata_value(key) - File.exist?(".git/resource/#{key}") ? - File.read(".git/resource/#{key}") : - nil -end - -def pr_metadata_branch - pr_metadata_value("head_name") -end - -def pr_metadata_state - pr_metadata_value("state") -end - -def current_branch - Git.open(File.dirname(__FILE__)).current_branch -end - -def to_db_name(string) - string.gsub(/[^a-zA-Z0-9_-]/, "") -end - -def to_pipeline_name(string) - string.gsub(/[^a-zA-Z0-9_-]/, "_") -end - -def database_overrides_for(configuration, args) - configuration = configuration - .for_scope(args.to_h.merge(role: 'database')) - - (configuration.database_type == 'deployed') ? - { - "DB_CONNECTION_STRING" => - RubyTerraform::Output.for( - name: 'connection_string', - source_directory: 'infra/database', - work_directory: 'build', - backend_config: configuration.backend_config), - "DB_USERNAME" => configuration.database_username, - "DB_PASSWORD" => configuration.database_password, - "DB_NAME" => to_db_name(current_branch) - } : - {} -end diff --git a/config/ci/rdm-management-default.yaml b/config/ci/rdm-management-default.yaml deleted file mode 100644 index f9e09032..00000000 --- a/config/ci/rdm-management-default.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -ci_account_id: "%{hiera('rdm_management_account_id')}" - -ci_deployment_identifier: "%{ci_deployment_type}-%{ci_deployment_label}" - -ci_storage_bucket_name: "bsn-%{hiera('component')}-%{hiera('ci_deployment_identifier')}" -ci_storage_bucket_region: "%{hiera('region')}" -ci_storage_bucket_encryption: "AES256" - -concourse_url: "https://ci-server.rdm-management.redeemeum.io" -concourse_team: "bosonprotocol" - -image_repository_base_url: "%{hiera('rdm_management_account_id')}.dkr.ecr.%{hiera('region')}.amazonaws.com" - -node_builder_image_repository_name: "rdm/node-12-builder" -node_builder_image_repository_url: "%{hiera('image_repository_base_url')}/%{hiera('node_builder_image_repository_name')}" - -app_image_repository_name: "%{hiera('image_repository_name')}" -app_image_repository_url: "%{hiera('image_repository_base_url')}/%{hiera('app_image_repository_name')}" -keepers_image_repository_url: "%{hiera('image_repository_base_url')}/%{hiera('keepers_image_repository_name')}" diff --git a/config/defaults.yaml b/config/defaults.yaml deleted file mode 100644 index 7e09c4fa..00000000 --- a/config/defaults.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# General -region: "eu-west-2" - -component: "reference-backend" -deployment_identifier: "%{deployment_type}-%{deployment_label}" - -source_repository_name: "bosonprotocol/reference-backend" -source_repository_url: "git@github.com:%{hiera('source_repository_name')}.git" -source_repository_branch: "develop" - -image_repository_name: "bsn/reference-backend" -keepers_image_repository_name: "bsn/keepers" - -storage_bucket_name: "bsn-%{hiera('component')}-%{hiera('deployment_identifier')}" -storage_bucket_encryption: "AES256" - -secrets_bucket_name: "%{hiera('storage_bucket_name')}" - -image_storage_bucket_name: "bsn-%{hiera('component')}-%{hiera('deployment_identifier')}-image-storage" -image_storage_user_name: "bsn-%{hiera('component')}-%{hiera('deployment_identifier')}-image-storage-user" -image_storage_user_public_gpg_key_path: "%{cwd}/config/secrets/app/gpg.public" - -admin_role_name: "cross-account-admin-role" - -rdm_management_account_id: "031036423983" - -bsn_parent_account_id: "915981965568" -bsn_development_potassium_account_id: "384010198059" -bsn_production_lutetium_account_id: "371854298993" - -bsn_parent_account_admin_role: "arn:aws:iam::%{hiera('bsn_parent_account_id')}:role/%{hiera('admin_role_name')}" diff --git a/config/deployments/bsn-demo-mendelevium.yaml b/config/deployments/bsn-demo-mendelevium.yaml deleted file mode 100644 index df643a26..00000000 --- a/config/deployments/bsn-demo-mendelevium.yaml +++ /dev/null @@ -1,73 +0,0 @@ ---- -# General -storage_bucket_allowed_account_ids: - - "%{hiera('bsn_development_potassium_account_id')}" - -database_version: "4.4" -database_instance_size_name: "M10" -database_allow_cidrs: - - "10.0.0.0/8" - -database_name: "api" -database_username: "%{hiera('database_service_user_username')}" -database_password: "%{hiera('database_service_user_password')}" - -database_type: "deployed" - -image_upload_storage_engine: "AWS" - -voucher_kernel_address: "0x6ae1FCe8b0BcEe14d498C043D64b6a4a19c0E4A8" -token_contact_address: "0x66c02B4C0f1b8205B090AEB0266577557167AF47" -boson_router_contact_address: "0xe2AfF6a81Aa47149AAd39a0c320B5895E6f266D0" -cashier_address: "0xa49925E6064CeB7E0777BD9E864a71518Cd141A8" - -# State -domain_state_bucket_name: "bsn-aws-application-account-bsn-development-potassium" -domain_state_key: "common/deployment-state/default.tfstate" -domain_state_bucket_region: "%{hiera('region')}" -domain_state_bucket_is_encrypted: "true" - -network_state_bucket_name: "bsn-application-network-bsn-development-palladium" -network_state_key: "network/deployment-state/default.tfstate" -network_state_bucket_region: "%{hiera('region')}" -network_state_bucket_is_encrypted: "true" - -cluster_state_bucket_name: "bsn-application-cluster-bsn-demo-selenium" -cluster_state_key: "cluster/deployment-state/default.tfstate" -cluster_state_bucket_region: "%{hiera('region')}" -cluster_state_bucket_is_encrypted: "true" - -image_repository_state_bucket_name: "bsn-%{hiera('component')}-rdm-management-default" -image_repository_state_key: "image-repository/deployment-state/default.tfstate" -image_repository_state_bucket_region: "%{hiera('region')}" -image_repository_state_bucket_is_encrypted: "true" - -keepers_image_repository_state_bucket_name: "bsn-%{hiera('component')}-rdm-management-default" -keepers_image_repository_state_key: "keepers-image-repository/deployment-state/default.tfstate" -keepers_image_repository_state_bucket_region: "%{hiera('region')}" -keepers_image_repository_state_bucket_is_encrypted: "true" - -image_storage_bucket_state_bucket_name: "%{hiera('storage_bucket_name')}" -image_storage_bucket_state_key: "image-storage-bucket/deployment-state/default.tfstate" -image_storage_bucket_state_bucket_region: "%{hiera('region')}" -image_storage_bucket_state_bucket_is_encrypted: "true" - -database_state_bucket_name: "%{hiera('storage_bucket_name')}" -database_state_key: "database/deployment-state/default.tfstate" -database_state_bucket_region: "%{hiera('region')}" -database_state_bucket_is_encrypted: "true" - -service_state_bucket_name: "%{hiera('storage_bucket_name')}" -service_state_key: "service/deployment-state/default.tfstate" -service_state_bucket_region: "%{hiera('region')}" -service_state_bucket_is_encrypted: "true" - -keepers_service_state_bucket_name: "%{hiera('storage_bucket_name')}" -keepers_service_state_key: "keepers-service/deployment-state/default.tfstate" -keepers_service_state_bucket_region: "%{hiera('region')}" -keepers_service_state_bucket_is_encrypted: "true" - -functions_state_bucket_name: "%{hiera('storage_bucket_name')}" -functions_state_key: "functions/deployment-state/default.tfstate" -functions_state_bucket_region: "%{hiera('region')}" -functions_state_bucket_is_encrypted: "true" diff --git a/config/deployments/bsn-development-plutonium.yaml b/config/deployments/bsn-development-plutonium.yaml deleted file mode 100644 index e4fe1967..00000000 --- a/config/deployments/bsn-development-plutonium.yaml +++ /dev/null @@ -1,73 +0,0 @@ ---- -# General -storage_bucket_allowed_account_ids: - - "%{hiera('bsn_development_potassium_account_id')}" - -database_version: "4.4" -database_instance_size_name: "M10" -database_allow_cidrs: - - "10.0.0.0/8" - -database_name: "api" -database_username: "%{hiera('database_service_user_username')}" -database_password: "%{hiera('database_service_user_password')}" - -database_type: "deployed" - -image_upload_storage_engine: "AWS" - -voucher_kernel_address: "0x469eF8b9F583920318Ce3dd095A0402A4b061bb0" -token_contact_address: "0xe8637906721051D860af222E6021826887d9e358" -boson_router_contact_address: "0xf7EEBa6c7a4eC07735b4AcaC8f8AF608f9Ecb8Cf" -cashier_address: "0x0ab0Fec353C6653F2eD05b5E5ceb4fB27c7d7902" - -# State -domain_state_bucket_name: "bsn-aws-application-account-bsn-development-potassium" -domain_state_key: "common/deployment-state/default.tfstate" -domain_state_bucket_region: "%{hiera('region')}" -domain_state_bucket_is_encrypted: "true" - -network_state_bucket_name: "bsn-application-network-bsn-development-palladium" -network_state_key: "network/deployment-state/default.tfstate" -network_state_bucket_region: "%{hiera('region')}" -network_state_bucket_is_encrypted: "true" - -cluster_state_bucket_name: "bsn-application-cluster-bsn-development-tennessine" -cluster_state_key: "cluster/deployment-state/default.tfstate" -cluster_state_bucket_region: "%{hiera('region')}" -cluster_state_bucket_is_encrypted: "true" - -image_repository_state_bucket_name: "bsn-%{hiera('component')}-rdm-management-default" -image_repository_state_key: "image-repository/deployment-state/default.tfstate" -image_repository_state_bucket_region: "%{hiera('region')}" -image_repository_state_bucket_is_encrypted: "true" - -keepers_image_repository_state_bucket_name: "bsn-%{hiera('component')}-rdm-management-default" -keepers_image_repository_state_key: "keepers-image-repository/deployment-state/default.tfstate" -keepers_image_repository_state_bucket_region: "%{hiera('region')}" -keepers_image_repository_state_bucket_is_encrypted: "true" - -image_storage_bucket_state_bucket_name: "%{hiera('storage_bucket_name')}" -image_storage_bucket_state_key: "image-storage-bucket/deployment-state/default.tfstate" -image_storage_bucket_state_bucket_region: "%{hiera('region')}" -image_storage_bucket_state_bucket_is_encrypted: "true" - -database_state_bucket_name: "%{hiera('storage_bucket_name')}" -database_state_key: "database/deployment-state/default.tfstate" -database_state_bucket_region: "%{hiera('region')}" -database_state_bucket_is_encrypted: "true" - -service_state_bucket_name: "%{hiera('storage_bucket_name')}" -service_state_key: "service/deployment-state/default.tfstate" -service_state_bucket_region: "%{hiera('region')}" -service_state_bucket_is_encrypted: "true" - -keepers_service_state_bucket_name: "%{hiera('storage_bucket_name')}" -keepers_service_state_key: "keepers-service/deployment-state/default.tfstate" -keepers_service_state_bucket_region: "%{hiera('region')}" -keepers_service_state_bucket_is_encrypted: "true" - -functions_state_bucket_name: "%{hiera('storage_bucket_name')}" -functions_state_key: "functions/deployment-state/default.tfstate" -functions_state_bucket_region: "%{hiera('region')}" -functions_state_bucket_is_encrypted: "true" diff --git a/config/deployments/bsn-production-oganesson.yaml b/config/deployments/bsn-production-oganesson.yaml deleted file mode 100644 index 9f81d75d..00000000 --- a/config/deployments/bsn-production-oganesson.yaml +++ /dev/null @@ -1,73 +0,0 @@ ---- -# General -storage_bucket_allowed_account_ids: - - "%{hiera('bsn_production_lutetium_account_id')}" - -database_version: "4.4" -database_instance_size_name: "M10" -database_allow_cidrs: - - "10.0.0.0/8" - -database_name: "api" -database_username: "%{hiera('database_service_user_username')}" -database_password: "%{hiera('database_service_user_password')}" - -database_type: "deployed" - -image_upload_storage_engine: "AWS" - -voucher_kernel_address: "0x72ed3a45303D5102B92b6F837162684673c40477" -token_contact_address: "0x94588Ba858c7F67B60a0a079FE2131c4C0351fB9" -boson_router_contact_address: "0x6D7f06CC2F2583A44226A9077Bea8C5f646B5095" -cashier_address: "0x5aF8E92541Ce126d2BfF69A03F301a7E16943A9c" - -# State -domain_state_bucket_name: "bsn-aws-application-account-bsn-production-lutetium" -domain_state_key: "common/deployment-state/default.tfstate" -domain_state_bucket_region: "%{hiera('region')}" -domain_state_bucket_is_encrypted: "true" - -network_state_bucket_name: "bsn-application-network-bsn-production-fluorine" -network_state_key: "network/deployment-state/default.tfstate" -network_state_bucket_region: "%{hiera('region')}" -network_state_bucket_is_encrypted: "true" - -cluster_state_bucket_name: "bsn-application-cluster-bsn-production-gold" -cluster_state_key: "cluster/deployment-state/default.tfstate" -cluster_state_bucket_region: "%{hiera('region')}" -cluster_state_bucket_is_encrypted: "true" - -image_repository_state_bucket_name: "bsn-%{hiera('component')}-rdm-management-default" -image_repository_state_key: "image-repository/deployment-state/default.tfstate" -image_repository_state_bucket_region: "%{hiera('region')}" -image_repository_state_bucket_is_encrypted: "true" - -keepers_image_repository_state_bucket_name: "bsn-%{hiera('component')}-rdm-management-default" -keepers_image_repository_state_key: "keepers-image-repository/deployment-state/default.tfstate" -keepers_image_repository_state_bucket_region: "%{hiera('region')}" -keepers_image_repository_state_bucket_is_encrypted: "true" - -image_storage_bucket_state_bucket_name: "%{hiera('storage_bucket_name')}" -image_storage_bucket_state_key: "image-storage-bucket/deployment-state/default.tfstate" -image_storage_bucket_state_bucket_region: "%{hiera('region')}" -image_storage_bucket_state_bucket_is_encrypted: "true" - -database_state_bucket_name: "%{hiera('storage_bucket_name')}" -database_state_key: "database/deployment-state/default.tfstate" -database_state_bucket_region: "%{hiera('region')}" -database_state_bucket_is_encrypted: "true" - -service_state_bucket_name: "%{hiera('storage_bucket_name')}" -service_state_key: "service/deployment-state/default.tfstate" -service_state_bucket_region: "%{hiera('region')}" -service_state_bucket_is_encrypted: "true" - -keepers_service_state_bucket_name: "%{hiera('storage_bucket_name')}" -keepers_service_state_key: "keepers-service/deployment-state/default.tfstate" -keepers_service_state_bucket_region: "%{hiera('region')}" -keepers_service_state_bucket_is_encrypted: "true" - -functions_state_bucket_name: "%{hiera('storage_bucket_name')}" -functions_state_key: "functions/deployment-state/default.tfstate" -functions_state_bucket_region: "%{hiera('region')}" -functions_state_bucket_is_encrypted: "true" diff --git a/config/deployments/local-development.yaml b/config/deployments/local-development.yaml deleted file mode 100644 index c4a85e3d..00000000 --- a/config/deployments/local-development.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# General -database_username: "admin" -database_password: "secret" -database_port: "27018" -database_version: "4.4" - -database_type: "local" - -app_port: "3001" - -token_secret: "e039b2caa4b26f6ec6c65388676389e917e0cd248aaf1222df0540b9bb60d160393e15620e5155cbe2abb97f1b3f96483f670a5788d17a2488077bbce696afcc" -gcloud_secret: "e9c21f96242935be36928c9acb44ef88b1153644994ba1" - -image_upload_storage_engine: "AWS" - -# State -image_storage_bucket_state_bucket_name: "bsn-%{hiera('component')}-rdm-management-default" -image_storage_bucket_state_key: "image-storage-bucket/deployment-state/%{hiera('deployment_identifier')}.tfstate" -image_storage_bucket_state_bucket_region: "%{hiera('region')}" -image_storage_bucket_state_bucket_is_encrypted: "true" diff --git a/config/deployments/local-testing.yaml b/config/deployments/local-testing.yaml deleted file mode 100644 index 8f5b31b2..00000000 --- a/config/deployments/local-testing.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# General -database_username: "admin" -database_password: "secret" -database_port: "27017" -database_version: "4.4" - -database_type: "local" - -# State -image_storage_bucket_state_bucket_name: "bsn-%{hiera('component')}-rdm-management-default" -image_storage_bucket_state_key: "image-storage-bucket/deployment-state/%{hiera('deployment_identifier')}.tfstate" -image_storage_bucket_state_bucket_region: "%{hiera('region')}" -image_storage_bucket_state_bucket_is_encrypted: "true" diff --git a/config/deployments/rdm-management-default.yaml b/config/deployments/rdm-management-default.yaml deleted file mode 100644 index 636ee0d8..00000000 --- a/config/deployments/rdm-management-default.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# General -storage_bucket_allowed_account_ids: - - "%{hiera('rdm_management_account_id')}" - - "%{hiera('bsn_development_potassium_account_id')}" - - "%{hiera('bsn_production_lutetium_account_id')}" - -development_tennessine_cluster_instance_role_arn: "arn:aws:iam::384010198059:role/terraform-20210413135553345900000003" -demo_selenium_cluster_instance_role_arn: "arn:aws:iam::384010198059:role/terraform-20210623150921670400000003" -production_gold_cluster_instance_role_arn: "arn:aws:iam::371854298993:role/terraform-20210413135959680100000003" - -image_repository_allowed_role_arns: - - "%{hiera('development_tennessine_cluster_instance_role_arn')}" - - "%{hiera('demo_selenium_cluster_instance_role_arn')}" - - "%{hiera('production_gold_cluster_instance_role_arn')}" - -keepers_image_repository_allowed_role_arns: - - "%{hiera('development_tennessine_cluster_instance_role_arn')}" - - "%{hiera('demo_selenium_cluster_instance_role_arn')}" - - "%{hiera('production_gold_cluster_instance_role_arn')}" - -database_version: "4.4" -database_instance_size_name: "M10" -database_allow_cidrs: - - "10.0.0.0/8" - -database_username: "%{hiera('database_service_user_username')}" -database_password: "%{hiera('database_service_user_password')}" - -database_type: "deployed" - -image_upload_storage_engine: "AWS" - -# State -network_state_bucket_name: "rdm-tooling-network-rdm-management-default" -network_state_key: "network/deployment-state/default.tfstate" -network_state_bucket_region: "%{hiera('region')}" -network_state_bucket_is_encrypted: "true" - -database_state_bucket_name: "%{hiera('storage_bucket_name')}" -database_state_key: "database/deployment-state/default.tfstate" -database_state_bucket_region: "%{hiera('region')}" -database_state_bucket_is_encrypted: "true" - -image_repository_state_bucket_name: "%{hiera('storage_bucket_name')}" -image_repository_state_key: "image-repository/deployment-state/default.tfstate" -image_repository_state_bucket_region: "%{hiera('region')}" -image_repository_state_bucket_is_encrypted: "true" - -keepers_image_repository_state_bucket_name: "%{hiera('storage_bucket_name')}" -keepers_image_repository_state_key: "keepers-image-repository/deployment-state/default.tfstate" -keepers_image_repository_state_bucket_region: "%{hiera('region')}" -keepers_image_repository_state_bucket_is_encrypted: "true" - -image_storage_bucket_state_bucket_name: "%{hiera('storage_bucket_name')}" -image_storage_bucket_state_key: "image-storage-bucket/deployment-state/default.tfstate" -image_storage_bucket_state_bucket_region: "%{hiera('region')}" -image_storage_bucket_state_bucket_is_encrypted: "true" diff --git a/config/hiera.yaml b/config/hiera.yaml deleted file mode 100644 index 86af7c11..00000000 --- a/config/hiera.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -:backends: - - "overrides" - - "env" - - "yaml" -:logger: "noop" -:yaml: - :datadir: "config" -:hierarchy: - - "roles/%{role}" - - "deployments/%{deployment_type}-%{deployment_label}" - - "pipelines/defaults" - - "ci/%{ci_deployment_type}-%{ci_deployment_label}" - - "secrets/gcp/%{deployment_type}-%{deployment_label}" - - "secrets/app/%{deployment_type}-%{deployment_label}" - - "secrets/mongodbatlas/credentials" - - "secrets/database/%{deployment_type}-%{deployment_label}" - - "secrets/pipeline/%{ci_deployment_type}-%{ci_deployment_label}" - - "defaults" diff --git a/config/pipelines/defaults.yaml b/config/pipelines/defaults.yaml deleted file mode 100644 index 3eb81db6..00000000 --- a/config/pipelines/defaults.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -ci_provisioning_role_arn: "arn:aws:iam::%{hiera('rdm_management_account_id')}:role/cross-account-admin-role" -ci_deployment_type: "%{ci_deployment_type}" -ci_deployment_label: "%{ci_deployment_label}" - -development_plutonium_provisioning_role_arn: "arn:aws:iam::%{hiera('bsn_development_potassium_account_id')}:role/cross-account-admin-role" -development_plutonium_deployment_type: "bsn-development" -development_plutonium_deployment_label: "plutonium" - -demo_mendelevium_provisioning_role_arn: "arn:aws:iam::%{hiera('bsn_development_potassium_account_id')}:role/cross-account-admin-role" -demo_mendelevium_deployment_type: "bsn-demo" -demo_mendelevium_deployment_label: "mendelevium" - -production_oganesson_provisioning_role_arn: "arn:aws:iam::%{hiera('bsn_production_lutetium_account_id')}:role/cross-account-admin-role" -production_oganesson_deployment_type: "bsn-production" -production_oganesson_deployment_label: "oganesson" diff --git a/config/roles/bootstrap.yaml b/config/roles/bootstrap.yaml deleted file mode 100644 index 68a22522..00000000 --- a/config/roles/bootstrap.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -vars: - region: "%{hiera('region')}" - - deployment_type: "%{deployment_type}" - deployment_label: "%{deployment_label}" - deployment_identifier: "%{hiera('deployment_identifier')}" - - storage_bucket_name: "%{hiera('storage_bucket_name')}" - - allowed_account_ids: "%{hiera('storage_bucket_allowed_account_ids')}" diff --git a/config/roles/builder-pipeline.yaml b/config/roles/builder-pipeline.yaml deleted file mode 100644 index f7cb38c5..00000000 --- a/config/roles/builder-pipeline.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -vars: - source_repository_name: "%{hiera('source_repository_name')}" - source_repository_url: "%{hiera('source_repository_url')}" - source_repository_branch: "%{hiera('source_repository_branch')}" - - node_builder_image_repository_url: "%{hiera('node_builder_image_repository_url')}" - - ci_provisioning_role_arn: "%{hiera('ci_provisioning_role_arn')}" - ci_deployment_type: "%{hiera('ci_deployment_type')}" - ci_deployment_label: "%{hiera('ci_deployment_label')}" - - slack_success_channel: "#builds" - slack_success_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> _successful_! :clap:." - slack_error_channel: "#engineering" - slack_error_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> *errored*! :cry:." - slack_failure_channel: "#engineering" - slack_failure_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> *failed*! :cry:." - slack_abort_channel: "#engineering" - slack_abort_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> *aborted*! :warning:." \ No newline at end of file diff --git a/config/roles/database.yaml b/config/roles/database.yaml deleted file mode 100644 index bb7e2271..00000000 --- a/config/roles/database.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -vars: - region: "%{hiera('region')}" - - component: "%{hiera('component')}" - deployment_identifier: "%{hiera('deployment_identifier')}" - - mongodb_atlas_organization_id: "%{hiera('mongodb_atlas_organization_id')}" - mongodb_atlas_public_key: "%{hiera('mongodb_atlas_public_key')}" - mongodb_atlas_private_key: "%{hiera('mongodb_atlas_private_key')}" - - database_version: "%{hiera('database_version')}" - database_instance_size_name: "%{hiera('database_instance_size_name')}" - database_service_user_username: "%{hiera('database_service_user_username')}" - database_service_user_password: "%{hiera('database_service_user_password')}" - database_read_only_user_username: "%{hiera('database_read_only_user_username')}" - database_read_only_user_password: "%{hiera('database_read_only_user_password')}" - database_allow_cidrs: "%{hiera('database_allow_cidrs')}" - - network_state_bucket_name: "%{hiera('network_state_bucket_name')}" - network_state_key: "%{hiera('network_state_key')}" - network_state_bucket_region: "%{hiera('network_state_bucket_region')}" - network_state_bucket_is_encrypted: "%{hiera('network_state_bucket_is_encrypted')}" - -backend_config: - bucket: "%{hiera('database_state_bucket_name')}" - key: "%{hiera('database_state_key')}" - region: "%{hiera('database_state_bucket_region')}" - encrypt: "%{hiera('database_state_bucket_is_encrypted')}" diff --git a/config/roles/demo-pipeline.yaml b/config/roles/demo-pipeline.yaml deleted file mode 100644 index 7996eb63..00000000 --- a/config/roles/demo-pipeline.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -vars: - source_repository_url: "%{hiera('source_repository_url')}" - source_repository_branch: "%{hiera('source_repository_branch')}" - - app_image_repository_url: "%{hiera('app_image_repository_url')}" - keepers_image_repository_url: "%{hiera('keepers_image_repository_url')}" - node_builder_image_repository_url: "%{hiera('node_builder_image_repository_url')}" - - storage_bucket_name: "%{hiera('ci_storage_bucket_name')}" - storage_bucket_region: "%{hiera('ci_storage_bucket_region')}" - storage_bucket_encryption: "%{hiera('ci_storage_bucket_encryption')}" - - ci_provisioning_role_arn: "%{hiera('ci_provisioning_role_arn')}" - ci_deployment_type: "%{hiera('ci_deployment_type')}" - ci_deployment_label: "%{hiera('ci_deployment_label')}" - - demo_mendelevium_provisioning_role_arn: "%{hiera('demo_mendelevium_provisioning_role_arn')}" - demo_mendelevium_deployment_type: "%{hiera('demo_mendelevium_deployment_type')}" - demo_mendelevium_deployment_label: "%{hiera('demo_mendelevium_deployment_label')}" - - slack_success_channel: "#builds" - slack_success_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> _successful_! :clap:." - slack_error_channel: "#engineering" - slack_error_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> *errored*! :cry:." - slack_failure_channel: "#engineering" - slack_failure_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> *failed*! :cry:." - slack_abort_channel: "#engineering" - slack_abort_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> *aborted*! :warning:." diff --git a/config/roles/develop-pipeline.yaml b/config/roles/develop-pipeline.yaml deleted file mode 100644 index 3b73acd7..00000000 --- a/config/roles/develop-pipeline.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -vars: - source_repository_url: "%{hiera('source_repository_url')}" - source_repository_branch: "%{hiera('source_repository_branch')}" - - app_image_repository_url: "%{hiera('app_image_repository_url')}" - keepers_image_repository_url: "%{hiera('keepers_image_repository_url')}" - node_builder_image_repository_url: "%{hiera('node_builder_image_repository_url')}" - - storage_bucket_name: "%{hiera('ci_storage_bucket_name')}" - storage_bucket_region: "%{hiera('ci_storage_bucket_region')}" - storage_bucket_encryption: "%{hiera('ci_storage_bucket_encryption')}" - - ci_provisioning_role_arn: "%{hiera('ci_provisioning_role_arn')}" - ci_deployment_type: "%{hiera('ci_deployment_type')}" - ci_deployment_label: "%{hiera('ci_deployment_label')}" - - development_plutonium_provisioning_role_arn: "%{hiera('development_plutonium_provisioning_role_arn')}" - development_plutonium_deployment_type: "%{hiera('development_plutonium_deployment_type')}" - development_plutonium_deployment_label: "%{hiera('development_plutonium_deployment_label')}" - - slack_success_channel: "#builds" - slack_success_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> _successful_! :clap:." - slack_error_channel: "#engineering" - slack_error_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> *errored*! :cry:." - slack_failure_channel: "#engineering" - slack_failure_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> *failed*! :cry:." - slack_abort_channel: "#engineering" - slack_abort_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> *aborted*! :warning:." diff --git a/config/roles/functions.yaml b/config/roles/functions.yaml deleted file mode 100644 index 767a80b1..00000000 --- a/config/roles/functions.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -vars: - region: "%{hiera('region')}" - - component: "%{hiera('component')}" - deployment_identifier: "%{hiera('deployment_identifier')}" - - voucher_kernel_address: "%{hiera('voucher_kernel_address')}" - cashier_address: "%{hiera('cashier_address')}" - gcloud_keepers_secret: "%{hiera('gcloud_keepers_secret')}" - executor_secret: "%{hiera('executor_secret')}" - etherscan_apikey: "%{hiera('etherscan_apikey')}" - infura_apikey: "%{hiera('infura_apikey')}" - - service_state_bucket_region: "%{hiera('service_state_bucket_region')}" - service_state_bucket_name: "%{hiera('service_state_bucket_name')}" - service_state_bucket_is_encrypted: "%{hiera('service_state_bucket_is_encrypted')}" - service_state_key: "%{hiera('service_state_key')}" - -backend_config: - region: "%{hiera('functions_state_bucket_region')}" - bucket: "%{hiera('functions_state_bucket_name')}" - encrypt: "%{hiera('functions_state_bucket_is_encrypted')}" - key: "%{hiera('functions_state_key')}" diff --git a/config/roles/image-repository.yaml b/config/roles/image-repository.yaml deleted file mode 100644 index 4b05dc4a..00000000 --- a/config/roles/image-repository.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -vars: - region: "%{hiera('region')}" - - repository_name: "%{hiera('image_repository_name')}" - - allowed_role_arns: "%{hiera('image_repository_allowed_role_arns')}" - -backend_config: - bucket: "%{hiera('image_repository_state_bucket_name')}" - key: "%{hiera('image_repository_state_key')}" - region: "%{hiera('image_repository_state_bucket_region')}" - encrypt: "%{hiera('image_repository_state_bucket_is_encrypted')}" diff --git a/config/roles/image-storage-bucket.yaml b/config/roles/image-storage-bucket.yaml deleted file mode 100644 index dfd1570c..00000000 --- a/config/roles/image-storage-bucket.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -vars: - region: "%{hiera('region')}" - - deployment_type: "%{deployment_type}" - deployment_label: "%{deployment_label}" - deployment_identifier: "%{hiera('deployment_identifier')}" - - image_storage_bucket_name: "%{hiera('image_storage_bucket_name')}" - image_storage_user_name: "%{hiera('image_storage_user_name')}" - image_storage_user_public_gpg_key_path: "%{hiera('image_storage_user_public_gpg_key_path')}" - -backend_config: - bucket: "%{hiera('image_storage_bucket_state_bucket_name')}" - key: "%{hiera('image_storage_bucket_state_key')}" - region: "%{hiera('image_storage_bucket_state_bucket_region')}" - encrypt: "%{hiera('image_storage_bucket_state_bucket_is_encrypted')}" diff --git a/config/roles/integration-tests.yaml b/config/roles/integration-tests.yaml deleted file mode 100644 index 90a94ada..00000000 --- a/config/roles/integration-tests.yaml +++ /dev/null @@ -1,9 +0,0 @@ -environment: - AWS_IMAGE_UPLOAD_STORAGE_BUCKET_NAME: "%{hiera('image_storage_bucket_name')}" - AWS_REGION: "%{hiera('region')}" - AWS_ACCESS_KEY_ID: "%{hiera('aws_image_storage_user_access_key_id')}" - AWS_SECRET_ACCESS_KEY: "%{hiera('aws_image_storage_user_secret_access_key')}" - - GCP_IMAGE_UPLOAD_STORAGE_BUCKET_NAME: "%{hiera('gcp_image_upload_storage_bucket_name')}" - - GOOGLE_APPLICATION_CREDENTIALS: "%{hiera('google_application_credentials')}" diff --git a/config/roles/keepers-image-repository.yaml b/config/roles/keepers-image-repository.yaml deleted file mode 100644 index ef38598a..00000000 --- a/config/roles/keepers-image-repository.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -vars: - region: "%{hiera('region')}" - - repository_name: "%{hiera('keepers_image_repository_name')}" - - allowed_role_arns: "%{hiera('keepers_image_repository_allowed_role_arns')}" - -backend_config: - bucket: "%{hiera('keepers_image_repository_state_bucket_name')}" - key: "%{hiera('keepers_image_repository_state_key')}" - region: "%{hiera('keepers_image_repository_state_bucket_region')}" - encrypt: "%{hiera('keepers_image_repository_state_bucket_is_encrypted')}" diff --git a/config/roles/keepers-service.yaml b/config/roles/keepers-service.yaml deleted file mode 100644 index b22ab5e3..00000000 --- a/config/roles/keepers-service.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -vars: - region: "%{hiera('region')}" - component: "keepers" - deployment_identifier: "%{hiera('deployment_identifier')}" - - service_desired_count: 1 - - secrets_bucket_name: "%{hiera('secrets_bucket_name')}" - - version_number: "%{hiera('version_number')}" - - service_name: "keepers" - container_http_port: "3001" - - token_contact_address: "%{hiera('token_contact_address')}" - boson_router_contact_address: "%{hiera('boson_router_contact_address')}" - voucher_kernel_address: "%{hiera('voucher_kernel_address')}" - alchemy_url: "%{hiera('alchemy_url')}" - gcloud_keepers_secret: "%{hiera('gcloud_keepers_secret')}" - - network_state_bucket_region: "%{hiera('network_state_bucket_region')}" - network_state_bucket_name: "%{hiera('network_state_bucket_name')}" - network_state_bucket_is_encrypted: "%{hiera('network_state_bucket_is_encrypted')}" - network_state_key: "%{hiera('network_state_key')}" - - cluster_state_bucket_region: "%{hiera('cluster_state_bucket_region')}" - cluster_state_bucket_name: "%{hiera('cluster_state_bucket_name')}" - cluster_state_bucket_is_encrypted: "%{hiera('cluster_state_bucket_is_encrypted')}" - cluster_state_key: "%{hiera('cluster_state_key')}" - - image_repository_state_bucket_region: "%{hiera('keepers_image_repository_state_bucket_region')}" - image_repository_state_bucket_name: "%{hiera('keepers_image_repository_state_bucket_name')}" - image_repository_state_bucket_is_encrypted: "%{hiera('keepers_image_repository_state_bucket_is_encrypted')}" - image_repository_state_key: "%{hiera('keepers_image_repository_state_key')}" - - service_state_bucket_region: "%{hiera('service_state_bucket_region')}" - service_state_bucket_name: "%{hiera('service_state_bucket_name')}" - service_state_bucket_is_encrypted: "%{hiera('service_state_bucket_is_encrypted')}" - service_state_key: "%{hiera('service_state_key')}" - -backend_config: - region: "%{hiera('keepers_service_state_bucket_region')}" - bucket: "%{hiera('keepers_service_state_bucket_name')}" - encrypt: "%{hiera('keepers_service_state_bucket_is_encrypted')}" - key: "%{hiera('keepers_service_state_key')}" diff --git a/config/roles/local-app.yaml b/config/roles/local-app.yaml deleted file mode 100644 index ee8ffcda..00000000 --- a/config/roles/local-app.yaml +++ /dev/null @@ -1,18 +0,0 @@ -environment: - PORT: "%{hiera('app_port')}" - - DB_CONNECTION_STRING: "mongodb://localhost:%{hiera('database_port')}" - DB_NAME: "api" - DB_USERNAME: "%{hiera('database_username')}" - DB_PASSWORD: "%{hiera('database_password')}" - - TOKEN_SECRET: "%{hiera('token_secret')}" - GCLOUD_SECRET: "%{hiera('gcloud_secret')}" - - AWS_ACCESS_KEY_ID: "%{hiera('aws_image_storage_user_access_key_id')}" - AWS_SECRET_ACCESS_KEY: "%{hiera('aws_image_storage_user_secret_access_key')}" - - IMAGE_UPLOAD_STORAGE_ENGINE: "%{hiera('image_upload_storage_engine')}" - IMAGE_UPLOAD_STORAGE_BUCKET_NAME: "%{hiera('image_storage_bucket_name')}" - - GOOGLE_APPLICATION_CREDENTIALS: "%{hiera('google_application_credentials')}" diff --git a/config/roles/pr-pipeline.yaml b/config/roles/pr-pipeline.yaml deleted file mode 100644 index f7cb38c5..00000000 --- a/config/roles/pr-pipeline.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -vars: - source_repository_name: "%{hiera('source_repository_name')}" - source_repository_url: "%{hiera('source_repository_url')}" - source_repository_branch: "%{hiera('source_repository_branch')}" - - node_builder_image_repository_url: "%{hiera('node_builder_image_repository_url')}" - - ci_provisioning_role_arn: "%{hiera('ci_provisioning_role_arn')}" - ci_deployment_type: "%{hiera('ci_deployment_type')}" - ci_deployment_label: "%{hiera('ci_deployment_label')}" - - slack_success_channel: "#builds" - slack_success_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> _successful_! :clap:." - slack_error_channel: "#engineering" - slack_error_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> *errored*! :cry:." - slack_failure_channel: "#engineering" - slack_failure_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> *failed*! :cry:." - slack_abort_channel: "#engineering" - slack_abort_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> *aborted*! :warning:." \ No newline at end of file diff --git a/config/roles/service.yaml b/config/roles/service.yaml deleted file mode 100644 index 8748d710..00000000 --- a/config/roles/service.yaml +++ /dev/null @@ -1,59 +0,0 @@ ---- -vars: - region: "%{hiera('region')}" - component: "%{hiera('component')}" - deployment_identifier: "%{hiera('deployment_identifier')}" - - service_desired_count: 3 - - secrets_bucket_name: "%{hiera('secrets_bucket_name')}" - - version_number: "%{hiera('version_number')}" - - service_name: "reference-backend" - container_http_port: "3000" - host_http_port: "3000" - - token_secret: "%{hiera('token_secret')}" - gcloud_secret: "%{hiera('gcloud_secret')}" - - image_upload_storage_engine: "%{hiera('image_upload_storage_engine')}" - image_upload_storage_bucket_name: "%{hiera('image_storage_bucket_name')}" - - superadmin_username: "%{hiera('superadmin_username')}" - superadmin_password: "%{hiera('superadmin_password')}" - - database_username: "%{hiera('database_username')}" - database_password: "%{hiera('database_password')}" - database_name: "%{hiera('database_name')}" - - domain_state_bucket_region: "%{hiera('domain_state_bucket_region')}" - domain_state_bucket_name: "%{hiera('domain_state_bucket_name')}" - domain_state_bucket_is_encrypted: "%{hiera('domain_state_bucket_is_encrypted')}" - domain_state_key: "%{hiera('domain_state_key')}" - - network_state_bucket_region: "%{hiera('network_state_bucket_region')}" - network_state_bucket_name: "%{hiera('network_state_bucket_name')}" - network_state_bucket_is_encrypted: "%{hiera('network_state_bucket_is_encrypted')}" - network_state_key: "%{hiera('network_state_key')}" - - database_state_bucket_name: "%{hiera('database_state_bucket_name')}" - database_state_key: "%{hiera('database_state_key')}" - database_state_bucket_region: "%{hiera('database_state_bucket_region')}" - database_state_bucket_is_encrypted: "%{hiera('database_state_bucket_is_encrypted')}" - - cluster_state_bucket_region: "%{hiera('cluster_state_bucket_region')}" - cluster_state_bucket_name: "%{hiera('cluster_state_bucket_name')}" - cluster_state_bucket_is_encrypted: "%{hiera('cluster_state_bucket_is_encrypted')}" - cluster_state_key: "%{hiera('cluster_state_key')}" - - image_repository_state_bucket_region: "%{hiera('image_repository_state_bucket_region')}" - image_repository_state_bucket_name: "%{hiera('image_repository_state_bucket_name')}" - image_repository_state_bucket_is_encrypted: "%{hiera('image_repository_state_bucket_is_encrypted')}" - image_repository_state_key: "%{hiera('image_repository_state_key')}" - -backend_config: - region: "%{hiera('service_state_bucket_region')}" - bucket: "%{hiera('service_state_bucket_name')}" - encrypt: "%{hiera('service_state_bucket_is_encrypted')}" - key: "%{hiera('service_state_key')}" diff --git a/config/roles/tag-pipeline.yaml b/config/roles/tag-pipeline.yaml deleted file mode 100644 index 9b5a221c..00000000 --- a/config/roles/tag-pipeline.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -vars: - source_repository_url: "%{hiera('source_repository_url')}" - source_repository_branch: "%{hiera('source_repository_branch')}" - - app_image_repository_url: "%{hiera('app_image_repository_url')}" - keepers_image_repository_url: "%{hiera('keepers_image_repository_url')}" - node_builder_image_repository_url: "%{hiera('node_builder_image_repository_url')}" - - storage_bucket_name: "%{hiera('ci_storage_bucket_name')}" - storage_bucket_region: "%{hiera('ci_storage_bucket_region')}" - storage_bucket_encryption: "%{hiera('ci_storage_bucket_encryption')}" - - ci_provisioning_role_arn: "%{hiera('ci_provisioning_role_arn')}" - ci_deployment_type: "%{hiera('ci_deployment_type')}" - ci_deployment_label: "%{hiera('ci_deployment_label')}" - - production_oganesson_provisioning_role_arn: "%{hiera('production_oganesson_provisioning_role_arn')}" - production_oganesson_deployment_type: "%{hiera('production_oganesson_deployment_type')}" - production_oganesson_deployment_label: "%{hiera('production_oganesson_deployment_label')}" - - slack_success_channel: "#builds" - slack_success_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> _successful_! :clap:." - slack_error_channel: "#engineering" - slack_error_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> *errored*! :cry:." - slack_failure_channel: "#engineering" - slack_failure_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> *failed*! :cry:." - slack_abort_channel: "#engineering" - slack_abort_message: "<%{hiera('concourse_url')}/builds/$BUILD_ID|$BUILD_TEAM_NAME:$BUILD_PIPELINE_NAME:$BUILD_JOB_NAME [$BUILD_NAME]> *aborted*! :warning:." diff --git a/config/secrets/.unlocked b/config/secrets/.unlocked deleted file mode 100644 index 08384ac3..00000000 Binary files a/config/secrets/.unlocked and /dev/null differ diff --git a/config/secrets/app/bsn-demo-mendelevium.yaml b/config/secrets/app/bsn-demo-mendelevium.yaml deleted file mode 100644 index 3a61ab1b..00000000 Binary files a/config/secrets/app/bsn-demo-mendelevium.yaml and /dev/null differ diff --git a/config/secrets/app/bsn-development-plutonium.yaml b/config/secrets/app/bsn-development-plutonium.yaml deleted file mode 100644 index 35e25dd6..00000000 Binary files a/config/secrets/app/bsn-development-plutonium.yaml and /dev/null differ diff --git a/config/secrets/app/bsn-production-oganesson.yaml b/config/secrets/app/bsn-production-oganesson.yaml deleted file mode 100644 index 557dcde7..00000000 Binary files a/config/secrets/app/bsn-production-oganesson.yaml and /dev/null differ diff --git a/config/secrets/app/gpg.passphrase b/config/secrets/app/gpg.passphrase deleted file mode 100644 index 2a40252d..00000000 Binary files a/config/secrets/app/gpg.passphrase and /dev/null differ diff --git a/config/secrets/app/gpg.private b/config/secrets/app/gpg.private deleted file mode 100644 index 40f5c37a..00000000 Binary files a/config/secrets/app/gpg.private and /dev/null differ diff --git a/config/secrets/app/gpg.public b/config/secrets/app/gpg.public deleted file mode 100644 index 147ffc34..00000000 Binary files a/config/secrets/app/gpg.public and /dev/null differ diff --git a/config/secrets/app/local-development.yaml b/config/secrets/app/local-development.yaml deleted file mode 100644 index f0cbcbbf..00000000 Binary files a/config/secrets/app/local-development.yaml and /dev/null differ diff --git a/config/secrets/app/local-testing.yaml b/config/secrets/app/local-testing.yaml deleted file mode 100644 index 66d2375a..00000000 Binary files a/config/secrets/app/local-testing.yaml and /dev/null differ diff --git a/config/secrets/database/bsn-demo-mendelevium.yaml b/config/secrets/database/bsn-demo-mendelevium.yaml deleted file mode 100644 index 45db43bc..00000000 Binary files a/config/secrets/database/bsn-demo-mendelevium.yaml and /dev/null differ diff --git a/config/secrets/database/bsn-development-plutonium.yaml b/config/secrets/database/bsn-development-plutonium.yaml deleted file mode 100644 index 45db43bc..00000000 Binary files a/config/secrets/database/bsn-development-plutonium.yaml and /dev/null differ diff --git a/config/secrets/database/bsn-production-oganesson.yaml b/config/secrets/database/bsn-production-oganesson.yaml deleted file mode 100644 index eefcdd92..00000000 Binary files a/config/secrets/database/bsn-production-oganesson.yaml and /dev/null differ diff --git a/config/secrets/database/rdm-management-default.yaml b/config/secrets/database/rdm-management-default.yaml deleted file mode 100644 index 96337abd..00000000 Binary files a/config/secrets/database/rdm-management-default.yaml and /dev/null differ diff --git a/config/secrets/gcp/local-development.yaml b/config/secrets/gcp/local-development.yaml deleted file mode 100644 index 3c1405e8..00000000 Binary files a/config/secrets/gcp/local-development.yaml and /dev/null differ diff --git a/config/secrets/gcp/local-testing.yaml b/config/secrets/gcp/local-testing.yaml deleted file mode 100644 index 3c1405e8..00000000 Binary files a/config/secrets/gcp/local-testing.yaml and /dev/null differ diff --git a/config/secrets/gcp/test-bucket-credentials.json b/config/secrets/gcp/test-bucket-credentials.json deleted file mode 100644 index 0b6dd95a..00000000 Binary files a/config/secrets/gcp/test-bucket-credentials.json and /dev/null differ diff --git a/config/secrets/mongodbatlas/credentials.yaml b/config/secrets/mongodbatlas/credentials.yaml deleted file mode 100644 index b2c255f2..00000000 Binary files a/config/secrets/mongodbatlas/credentials.yaml and /dev/null differ diff --git a/config/secrets/pipeline/constants.yaml b/config/secrets/pipeline/constants.yaml deleted file mode 100644 index 894a40a2..00000000 Binary files a/config/secrets/pipeline/constants.yaml and /dev/null differ diff --git a/config/secrets/pipeline/rdm-management-default.yaml b/config/secrets/pipeline/rdm-management-default.yaml deleted file mode 100644 index 27e627c6..00000000 Binary files a/config/secrets/pipeline/rdm-management-default.yaml and /dev/null differ diff --git a/image/docker-entrypoint.sh b/docker-entrypoint.sh similarity index 100% rename from image/docker-entrypoint.sh rename to docker-entrypoint.sh diff --git a/image-keepers/Dockerfile b/external/keepers/Dockerfile similarity index 94% rename from image-keepers/Dockerfile rename to external/keepers/Dockerfile index 002d46eb..48b1d3f8 100644 --- a/image-keepers/Dockerfile +++ b/external/keepers/Dockerfile @@ -25,9 +25,5 @@ RUN cd /opt/keepers \ && npm install \ && cd - -# Add metadata -ADD VERSION /VERSION -ADD TAG /TAG - # Run docker-entrypoint.sh start script by default ENTRYPOINT ["/opt/keepers/bin/docker-entrypoint.sh"] diff --git a/image-keepers/docker-entrypoint.sh b/external/keepers/docker-entrypoint.sh similarity index 100% rename from image-keepers/docker-entrypoint.sh rename to external/keepers/docker-entrypoint.sh diff --git a/external/keepers/package-lock.json b/external/keepers/package-lock.json index 07b581b7..76e50d0f 100644 --- a/external/keepers/package-lock.json +++ b/external/keepers/package-lock.json @@ -5,379 +5,371 @@ "requires": true, "dependencies": { "@ethersproject/abi": { - "version": "5.0.10", - "resolved": "https://registry.npmjs.org/@ethersproject/abi/-/abi-5.0.10.tgz", - "integrity": "sha512-cfC3lGgotfxX3SMri4+CisOPwignoj/QGHW9J29spC4R4Qqcnk/SYuVkPFBMdLbvBp3f/pGiVqPNwont0TSXhg==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/abi/-/abi-5.4.0.tgz", + "integrity": "sha512-9gU2H+/yK1j2eVMdzm6xvHSnMxk8waIHQGYCZg5uvAyH0rsAzxkModzBSpbAkAuhKFEovC2S9hM4nPuLym8IZw==", "requires": { - "@ethersproject/address": "^5.0.9", - "@ethersproject/bignumber": "^5.0.13", - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/constants": "^5.0.8", - "@ethersproject/hash": "^5.0.10", - "@ethersproject/keccak256": "^5.0.7", - "@ethersproject/logger": "^5.0.8", - "@ethersproject/properties": "^5.0.7", - "@ethersproject/strings": "^5.0.8" + "@ethersproject/address": "^5.4.0", + "@ethersproject/bignumber": "^5.4.0", + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/constants": "^5.4.0", + "@ethersproject/hash": "^5.4.0", + "@ethersproject/keccak256": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "@ethersproject/properties": "^5.4.0", + "@ethersproject/strings": "^5.4.0" } }, "@ethersproject/abstract-provider": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/@ethersproject/abstract-provider/-/abstract-provider-5.0.8.tgz", - "integrity": "sha512-fqJXkewcGdi8LogKMgRyzc/Ls2js07yor7+g9KfPs09uPOcQLg7cc34JN+lk34HH9gg2HU0DIA5797ZR8znkfw==", + "version": "5.4.1", + "resolved": "https://registry.npmjs.org/@ethersproject/abstract-provider/-/abstract-provider-5.4.1.tgz", + "integrity": "sha512-3EedfKI3LVpjSKgAxoUaI+gB27frKsxzm+r21w9G60Ugk+3wVLQwhi1LsEJAKNV7WoZc8CIpNrATlL1QFABjtQ==", "requires": { - "@ethersproject/bignumber": "^5.0.13", - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/logger": "^5.0.8", - "@ethersproject/networks": "^5.0.7", - "@ethersproject/properties": "^5.0.7", - "@ethersproject/transactions": "^5.0.9", - "@ethersproject/web": "^5.0.12" + "@ethersproject/bignumber": "^5.4.0", + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "@ethersproject/networks": "^5.4.0", + "@ethersproject/properties": "^5.4.0", + "@ethersproject/transactions": "^5.4.0", + "@ethersproject/web": "^5.4.0" } }, "@ethersproject/abstract-signer": { - "version": "5.0.11", - "resolved": "https://registry.npmjs.org/@ethersproject/abstract-signer/-/abstract-signer-5.0.11.tgz", - "integrity": "sha512-RKOgPSEYafknA62SrD3OCK42AllHE4YBfKYXyQeM+sBP7Nq3X5FpzeoY4uzC43P4wIhmNoTHCKQuwnX7fBqb6Q==", + "version": "5.4.1", + "resolved": "https://registry.npmjs.org/@ethersproject/abstract-signer/-/abstract-signer-5.4.1.tgz", + "integrity": "sha512-SkkFL5HVq1k4/25dM+NWP9MILgohJCgGv5xT5AcRruGz4ILpfHeBtO/y6j+Z3UN/PAjDeb4P7E51Yh8wcGNLGA==", "requires": { - "@ethersproject/abstract-provider": "^5.0.8", - "@ethersproject/bignumber": "^5.0.13", - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/logger": "^5.0.8", - "@ethersproject/properties": "^5.0.7" + "@ethersproject/abstract-provider": "^5.4.0", + "@ethersproject/bignumber": "^5.4.0", + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "@ethersproject/properties": "^5.4.0" } }, "@ethersproject/address": { - "version": "5.0.9", - "resolved": "https://registry.npmjs.org/@ethersproject/address/-/address-5.0.9.tgz", - "integrity": "sha512-gKkmbZDMyGbVjr8nA5P0md1GgESqSGH7ILIrDidPdNXBl4adqbuA3OAuZx/O2oGpL6PtJ9BDa0kHheZ1ToHU3w==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/address/-/address-5.4.0.tgz", + "integrity": "sha512-SD0VgOEkcACEG/C6xavlU1Hy3m5DGSXW3CUHkaaEHbAPPsgi0coP5oNPsxau8eTlZOk/bpa/hKeCNoK5IzVI2Q==", "requires": { - "@ethersproject/bignumber": "^5.0.13", - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/keccak256": "^5.0.7", - "@ethersproject/logger": "^5.0.8", - "@ethersproject/rlp": "^5.0.7" + "@ethersproject/bignumber": "^5.4.0", + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/keccak256": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "@ethersproject/rlp": "^5.4.0" } }, "@ethersproject/base64": { - "version": "5.0.7", - "resolved": "https://registry.npmjs.org/@ethersproject/base64/-/base64-5.0.7.tgz", - "integrity": "sha512-S5oh5DVfCo06xwJXT8fQC68mvJfgScTl2AXvbYMsHNfIBTDb084Wx4iA9MNlEReOv6HulkS+gyrUM/j3514rSw==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/base64/-/base64-5.4.0.tgz", + "integrity": "sha512-CjQw6E17QDSSC5jiM9YpF7N1aSCHmYGMt9bWD8PWv6YPMxjsys2/Q8xLrROKI3IWJ7sFfZ8B3flKDTM5wlWuZQ==", "requires": { - "@ethersproject/bytes": "^5.0.9" + "@ethersproject/bytes": "^5.4.0" } }, "@ethersproject/basex": { - "version": "5.0.7", - "resolved": "https://registry.npmjs.org/@ethersproject/basex/-/basex-5.0.7.tgz", - "integrity": "sha512-OsXnRsujGmYD9LYyJlX+cVe5KfwgLUbUJrJMWdzRWogrygXd5HvGd7ygX1AYjlu1z8W/+t2FoQnczDR/H2iBjA==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/basex/-/basex-5.4.0.tgz", + "integrity": "sha512-J07+QCVJ7np2bcpxydFVf/CuYo9mZ7T73Pe7KQY4c1lRlrixMeblauMxHXD0MPwFmUHZIILDNViVkykFBZylbg==", "requires": { - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/properties": "^5.0.7" + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/properties": "^5.4.0" } }, "@ethersproject/bignumber": { - "version": "5.0.13", - "resolved": "https://registry.npmjs.org/@ethersproject/bignumber/-/bignumber-5.0.13.tgz", - "integrity": "sha512-b89bX5li6aK492yuPP5mPgRVgIxxBP7ksaBtKX5QQBsrZTpNOjf/MR4CjcUrAw8g+RQuD6kap9lPjFgY4U1/5A==", + "version": "5.4.1", + "resolved": "https://registry.npmjs.org/@ethersproject/bignumber/-/bignumber-5.4.1.tgz", + "integrity": "sha512-fJhdxqoQNuDOk6epfM7yD6J8Pol4NUCy1vkaGAkuujZm0+lNow//MKu1hLhRiYV4BsOHyBv5/lsTjF+7hWwhJg==", "requires": { - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/logger": "^5.0.8", - "bn.js": "^4.4.0" + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "bn.js": "^4.11.9" } }, "@ethersproject/bytes": { - "version": "5.0.9", - "resolved": "https://registry.npmjs.org/@ethersproject/bytes/-/bytes-5.0.9.tgz", - "integrity": "sha512-k+17ZViDtAugC0s7HM6rdsTWEdIYII4RPCDkPEuxKc6i40Bs+m6tjRAtCECX06wKZnrEoR9pjOJRXHJ/VLoOcA==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/bytes/-/bytes-5.4.0.tgz", + "integrity": "sha512-H60ceqgTHbhzOj4uRc/83SCN9d+BSUnOkrr2intevqdtEMO1JFVZ1XL84OEZV+QjV36OaZYxtnt4lGmxcGsPfA==", "requires": { - "@ethersproject/logger": "^5.0.8" + "@ethersproject/logger": "^5.4.0" } }, "@ethersproject/constants": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/@ethersproject/constants/-/constants-5.0.8.tgz", - "integrity": "sha512-sCc73pFBsl59eDfoQR5OCEZCRv5b0iywadunti6MQIr5lt3XpwxK1Iuzd8XSFO02N9jUifvuZRrt0cY0+NBgTg==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/constants/-/constants-5.4.0.tgz", + "integrity": "sha512-tzjn6S7sj9+DIIeKTJLjK9WGN2Tj0P++Z8ONEIlZjyoTkBuODN+0VfhAyYksKi43l1Sx9tX2VlFfzjfmr5Wl3Q==", "requires": { - "@ethersproject/bignumber": "^5.0.13" + "@ethersproject/bignumber": "^5.4.0" } }, "@ethersproject/contracts": { - "version": "5.0.9", - "resolved": "https://registry.npmjs.org/@ethersproject/contracts/-/contracts-5.0.9.tgz", - "integrity": "sha512-CCTxVeDh6sjdSEbjzONhtwPjECvaHE62oGkY8M7kP0CHmgLD2SEGel0HZib8e5oQKRKGly9AKcUFW4g3rQ0AQw==", - "requires": { - "@ethersproject/abi": "^5.0.10", - "@ethersproject/abstract-provider": "^5.0.8", - "@ethersproject/abstract-signer": "^5.0.10", - "@ethersproject/address": "^5.0.9", - "@ethersproject/bignumber": "^5.0.13", - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/constants": "^5.0.8", - "@ethersproject/logger": "^5.0.8", - "@ethersproject/properties": "^5.0.7" + "version": "5.4.1", + "resolved": "https://registry.npmjs.org/@ethersproject/contracts/-/contracts-5.4.1.tgz", + "integrity": "sha512-m+z2ZgPy4pyR15Je//dUaymRUZq5MtDajF6GwFbGAVmKz/RF+DNIPwF0k5qEcL3wPGVqUjFg2/krlCRVTU4T5w==", + "requires": { + "@ethersproject/abi": "^5.4.0", + "@ethersproject/abstract-provider": "^5.4.0", + "@ethersproject/abstract-signer": "^5.4.0", + "@ethersproject/address": "^5.4.0", + "@ethersproject/bignumber": "^5.4.0", + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/constants": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "@ethersproject/properties": "^5.4.0", + "@ethersproject/transactions": "^5.4.0" } }, "@ethersproject/hash": { - "version": "5.0.10", - "resolved": "https://registry.npmjs.org/@ethersproject/hash/-/hash-5.0.10.tgz", - "integrity": "sha512-Tf0bvs6YFhw28LuHnhlDWyr0xfcDxSXdwM4TcskeBbmXVSKLv3bJQEEEBFUcRX0fJuslR3gCVySEaSh7vuMx5w==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/hash/-/hash-5.4.0.tgz", + "integrity": "sha512-xymAM9tmikKgbktOCjW60Z5sdouiIIurkZUr9oW5NOex5uwxrbsYG09kb5bMcNjlVeJD3yPivTNzViIs1GCbqA==", "requires": { - "@ethersproject/abstract-signer": "^5.0.10", - "@ethersproject/address": "^5.0.9", - "@ethersproject/bignumber": "^5.0.13", - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/keccak256": "^5.0.7", - "@ethersproject/logger": "^5.0.8", - "@ethersproject/properties": "^5.0.7", - "@ethersproject/strings": "^5.0.8" + "@ethersproject/abstract-signer": "^5.4.0", + "@ethersproject/address": "^5.4.0", + "@ethersproject/bignumber": "^5.4.0", + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/keccak256": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "@ethersproject/properties": "^5.4.0", + "@ethersproject/strings": "^5.4.0" } }, "@ethersproject/hdnode": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/@ethersproject/hdnode/-/hdnode-5.0.8.tgz", - "integrity": "sha512-Mscpjd7BBjxYSWghaNMwV0xrBBkOoCq6YEPRm9MgE24CiBlzzbfEB5DGq6hiZqhQaxPkdCUtKKqZi3nt9hx43g==", - "requires": { - "@ethersproject/abstract-signer": "^5.0.10", - "@ethersproject/basex": "^5.0.7", - "@ethersproject/bignumber": "^5.0.13", - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/logger": "^5.0.8", - "@ethersproject/pbkdf2": "^5.0.7", - "@ethersproject/properties": "^5.0.7", - "@ethersproject/sha2": "^5.0.7", - "@ethersproject/signing-key": "^5.0.8", - "@ethersproject/strings": "^5.0.8", - "@ethersproject/transactions": "^5.0.9", - "@ethersproject/wordlists": "^5.0.8" + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/hdnode/-/hdnode-5.4.0.tgz", + "integrity": "sha512-pKxdS0KAaeVGfZPp1KOiDLB0jba11tG6OP1u11QnYfb7pXn6IZx0xceqWRr6ygke8+Kw74IpOoSi7/DwANhy8Q==", + "requires": { + "@ethersproject/abstract-signer": "^5.4.0", + "@ethersproject/basex": "^5.4.0", + "@ethersproject/bignumber": "^5.4.0", + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "@ethersproject/pbkdf2": "^5.4.0", + "@ethersproject/properties": "^5.4.0", + "@ethersproject/sha2": "^5.4.0", + "@ethersproject/signing-key": "^5.4.0", + "@ethersproject/strings": "^5.4.0", + "@ethersproject/transactions": "^5.4.0", + "@ethersproject/wordlists": "^5.4.0" } }, "@ethersproject/json-wallets": { - "version": "5.0.10", - "resolved": "https://registry.npmjs.org/@ethersproject/json-wallets/-/json-wallets-5.0.10.tgz", - "integrity": "sha512-Ux36u+d7Dm0M5AQ+mWuHdvfGPMN8K1aaLQgwzrsD4ELTWlwRuHuQbmn7/GqeOpbfaV6POLwdYcBk2TXjlGp/IQ==", - "requires": { - "@ethersproject/abstract-signer": "^5.0.10", - "@ethersproject/address": "^5.0.9", - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/hdnode": "^5.0.8", - "@ethersproject/keccak256": "^5.0.7", - "@ethersproject/logger": "^5.0.8", - "@ethersproject/pbkdf2": "^5.0.7", - "@ethersproject/properties": "^5.0.7", - "@ethersproject/random": "^5.0.7", - "@ethersproject/strings": "^5.0.8", - "@ethersproject/transactions": "^5.0.9", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/json-wallets/-/json-wallets-5.4.0.tgz", + "integrity": "sha512-igWcu3fx4aiczrzEHwG1xJZo9l1cFfQOWzTqwRw/xcvxTk58q4f9M7cjh51EKphMHvrJtcezJ1gf1q1AUOfEQQ==", + "requires": { + "@ethersproject/abstract-signer": "^5.4.0", + "@ethersproject/address": "^5.4.0", + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/hdnode": "^5.4.0", + "@ethersproject/keccak256": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "@ethersproject/pbkdf2": "^5.4.0", + "@ethersproject/properties": "^5.4.0", + "@ethersproject/random": "^5.4.0", + "@ethersproject/strings": "^5.4.0", + "@ethersproject/transactions": "^5.4.0", "aes-js": "3.0.0", "scrypt-js": "3.0.1" } }, "@ethersproject/keccak256": { - "version": "5.0.7", - "resolved": "https://registry.npmjs.org/@ethersproject/keccak256/-/keccak256-5.0.7.tgz", - "integrity": "sha512-zpUBmofWvx9PGfc7IICobgFQSgNmTOGTGLUxSYqZzY/T+b4y/2o5eqf/GGmD7qnTGzKQ42YlLNo+LeDP2qe55g==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/keccak256/-/keccak256-5.4.0.tgz", + "integrity": "sha512-FBI1plWet+dPUvAzPAeHzRKiPpETQzqSUWR1wXJGHVWi4i8bOSrpC3NwpkPjgeXG7MnugVc1B42VbfnQikyC/A==", "requires": { - "@ethersproject/bytes": "^5.0.9", + "@ethersproject/bytes": "^5.4.0", "js-sha3": "0.5.7" } }, "@ethersproject/logger": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/@ethersproject/logger/-/logger-5.0.8.tgz", - "integrity": "sha512-SkJCTaVTnaZ3/ieLF5pVftxGEFX56pTH+f2Slrpv7cU0TNpUZNib84QQdukd++sWUp/S7j5t5NW+WegbXd4U/A==" + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/logger/-/logger-5.4.0.tgz", + "integrity": "sha512-xYdWGGQ9P2cxBayt64d8LC8aPFJk6yWCawQi/4eJ4+oJdMMjEBMrIcIMZ9AxhwpPVmnBPrsB10PcXGmGAqgUEQ==" }, "@ethersproject/networks": { - "version": "5.0.7", - "resolved": "https://registry.npmjs.org/@ethersproject/networks/-/networks-5.0.7.tgz", - "integrity": "sha512-dI14QATndIcUgcCBL1c5vUr/YsI5cCHLN81rF7PU+yS7Xgp2/Rzbr9+YqpC6NBXHFUASjh6GpKqsVMpufAL0BQ==", + "version": "5.4.2", + "resolved": "https://registry.npmjs.org/@ethersproject/networks/-/networks-5.4.2.tgz", + "integrity": "sha512-eekOhvJyBnuibfJnhtK46b8HimBc5+4gqpvd1/H9LEl7Q7/qhsIhM81dI9Fcnjpk3jB1aTy6bj0hz3cifhNeYw==", "requires": { - "@ethersproject/logger": "^5.0.8" + "@ethersproject/logger": "^5.4.0" } }, "@ethersproject/pbkdf2": { - "version": "5.0.7", - "resolved": "https://registry.npmjs.org/@ethersproject/pbkdf2/-/pbkdf2-5.0.7.tgz", - "integrity": "sha512-0SNLNixPMqnosH6pyc4yPiUu/C9/Jbu+f6I8GJW9U2qNpMBddmRJviwseoha5Zw1V+Aw0Z/yvYyzIIE8yPXqLA==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/pbkdf2/-/pbkdf2-5.4.0.tgz", + "integrity": "sha512-x94aIv6tiA04g6BnazZSLoRXqyusawRyZWlUhKip2jvoLpzJuLb//KtMM6PEovE47pMbW+Qe1uw+68ameJjB7g==", "requires": { - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/sha2": "^5.0.7" + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/sha2": "^5.4.0" } }, "@ethersproject/properties": { - "version": "5.0.7", - "resolved": "https://registry.npmjs.org/@ethersproject/properties/-/properties-5.0.7.tgz", - "integrity": "sha512-812H1Rus2vjw0zbasfDI1GLNPDsoyX1pYqiCgaR1BuyKxUTbwcH1B+214l6VGe1v+F6iEVb7WjIwMjKhb4EUsg==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/properties/-/properties-5.4.0.tgz", + "integrity": "sha512-7jczalGVRAJ+XSRvNA6D5sAwT4gavLq3OXPuV/74o3Rd2wuzSL035IMpIMgei4CYyBdialJMrTqkOnzccLHn4A==", "requires": { - "@ethersproject/logger": "^5.0.8" + "@ethersproject/logger": "^5.4.0" } }, "@ethersproject/providers": { - "version": "5.0.19", - "resolved": "https://registry.npmjs.org/@ethersproject/providers/-/providers-5.0.19.tgz", - "integrity": "sha512-G+flo1jK1y/rvQy6b71+Nu7qOlkOKz+XqpgqFMZslkCzGuzQRmk9Qp7Ln4soK8RSyP1e5TCujaRf1H+EZahoaw==", - "requires": { - "@ethersproject/abstract-provider": "^5.0.8", - "@ethersproject/abstract-signer": "^5.0.10", - "@ethersproject/address": "^5.0.9", - "@ethersproject/basex": "^5.0.7", - "@ethersproject/bignumber": "^5.0.13", - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/constants": "^5.0.8", - "@ethersproject/hash": "^5.0.10", - "@ethersproject/logger": "^5.0.8", - "@ethersproject/networks": "^5.0.7", - "@ethersproject/properties": "^5.0.7", - "@ethersproject/random": "^5.0.7", - "@ethersproject/rlp": "^5.0.7", - "@ethersproject/sha2": "^5.0.7", - "@ethersproject/strings": "^5.0.8", - "@ethersproject/transactions": "^5.0.9", - "@ethersproject/web": "^5.0.12", + "version": "5.4.4", + "resolved": "https://registry.npmjs.org/@ethersproject/providers/-/providers-5.4.4.tgz", + "integrity": "sha512-mQevyXj2X2D3l8p/JGDYFZbODhZjW6On15DnCK4Xc9y6b+P0vqorQC/j46omWSm4cyo7BQ/rgfhXNYmvAfyZoQ==", + "requires": { + "@ethersproject/abstract-provider": "^5.4.0", + "@ethersproject/abstract-signer": "^5.4.0", + "@ethersproject/address": "^5.4.0", + "@ethersproject/basex": "^5.4.0", + "@ethersproject/bignumber": "^5.4.0", + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/constants": "^5.4.0", + "@ethersproject/hash": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "@ethersproject/networks": "^5.4.0", + "@ethersproject/properties": "^5.4.0", + "@ethersproject/random": "^5.4.0", + "@ethersproject/rlp": "^5.4.0", + "@ethersproject/sha2": "^5.4.0", + "@ethersproject/strings": "^5.4.0", + "@ethersproject/transactions": "^5.4.0", + "@ethersproject/web": "^5.4.0", "bech32": "1.1.4", - "ws": "7.2.3" + "ws": "7.4.6" } }, "@ethersproject/random": { - "version": "5.0.7", - "resolved": "https://registry.npmjs.org/@ethersproject/random/-/random-5.0.7.tgz", - "integrity": "sha512-PxSRWwN3s+FH9AWMZU6AcWJsNQ9KzqKV6NgdeKPtxahdDjCuXxTAuzTZNXNRK+qj+Il351UnweAGd+VuZcOAlQ==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/random/-/random-5.4.0.tgz", + "integrity": "sha512-pnpWNQlf0VAZDEOVp1rsYQosmv2o0ITS/PecNw+mS2/btF8eYdspkN0vIXrCMtkX09EAh9bdk8GoXmFXM1eAKw==", "requires": { - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/logger": "^5.0.8" + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/logger": "^5.4.0" } }, "@ethersproject/rlp": { - "version": "5.0.7", - "resolved": "https://registry.npmjs.org/@ethersproject/rlp/-/rlp-5.0.7.tgz", - "integrity": "sha512-ulUTVEuV7PT4jJTPpfhRHK57tkLEDEY9XSYJtrSNHOqdwMvH0z7BM2AKIMq4LVDlnu4YZASdKrkFGEIO712V9w==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/rlp/-/rlp-5.4.0.tgz", + "integrity": "sha512-0I7MZKfi+T5+G8atId9QaQKHRvvasM/kqLyAH4XxBCBchAooH2EX5rL9kYZWwcm3awYV+XC7VF6nLhfeQFKVPg==", "requires": { - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/logger": "^5.0.8" + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/logger": "^5.4.0" } }, "@ethersproject/sha2": { - "version": "5.0.7", - "resolved": "https://registry.npmjs.org/@ethersproject/sha2/-/sha2-5.0.7.tgz", - "integrity": "sha512-MbUqz68hhp5RsaZdqi1eg1rrtiqt5wmhRYqdA7MX8swBkzW2KiLgK+Oh25UcWhUhdi1ImU9qrV6if5j0cC7Bxg==", - "requires": { - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/logger": "^5.0.8", - "hash.js": "1.1.3" - }, - "dependencies": { - "hash.js": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/hash.js/-/hash.js-1.1.3.tgz", - "integrity": "sha512-/UETyP0W22QILqS+6HowevwhEFJ3MBJnwTf75Qob9Wz9t0DPuisL8kW8YZMK62dHAKE1c1p+gY1TtOLY+USEHA==", - "requires": { - "inherits": "^2.0.3", - "minimalistic-assert": "^1.0.0" - } - } + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/sha2/-/sha2-5.4.0.tgz", + "integrity": "sha512-siheo36r1WD7Cy+bDdE1BJ8y0bDtqXCOxRMzPa4bV1TGt/eTUUt03BHoJNB6reWJD8A30E/pdJ8WFkq+/uz4Gg==", + "requires": { + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "hash.js": "1.1.7" } }, "@ethersproject/signing-key": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/@ethersproject/signing-key/-/signing-key-5.0.8.tgz", - "integrity": "sha512-YKxQM45eDa6WAD+s3QZPdm1uW1MutzVuyoepdRRVmMJ8qkk7iOiIhUkZwqKLNxKzEJijt/82ycuOREc9WBNAKg==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/signing-key/-/signing-key-5.4.0.tgz", + "integrity": "sha512-q8POUeywx6AKg2/jX9qBYZIAmKSB4ubGXdQ88l40hmATj29JnG5pp331nAWwwxPn2Qao4JpWHNZsQN+bPiSW9A==", "requires": { - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/logger": "^5.0.8", - "@ethersproject/properties": "^5.0.7", - "elliptic": "6.5.3" + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "@ethersproject/properties": "^5.4.0", + "bn.js": "^4.11.9", + "elliptic": "6.5.4", + "hash.js": "1.1.7" } }, "@ethersproject/solidity": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/@ethersproject/solidity/-/solidity-5.0.8.tgz", - "integrity": "sha512-OJkyBq9KaoGsi8E8mYn6LX+vKyCURvxSp0yuGBcOqEFM3vkn9PsCiXsHdOXdNBvlHG5evJXwAYC2UR0TzgJeKA==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/solidity/-/solidity-5.4.0.tgz", + "integrity": "sha512-XFQTZ7wFSHOhHcV1DpcWj7VXECEiSrBuv7JErJvB9Uo+KfCdc3QtUZV+Vjh/AAaYgezUEKbCtE6Khjm44seevQ==", "requires": { - "@ethersproject/bignumber": "^5.0.13", - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/keccak256": "^5.0.7", - "@ethersproject/sha2": "^5.0.7", - "@ethersproject/strings": "^5.0.8" + "@ethersproject/bignumber": "^5.4.0", + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/keccak256": "^5.4.0", + "@ethersproject/sha2": "^5.4.0", + "@ethersproject/strings": "^5.4.0" } }, "@ethersproject/strings": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/@ethersproject/strings/-/strings-5.0.8.tgz", - "integrity": "sha512-5IsdXf8tMY8QuHl8vTLnk9ehXDDm6x9FB9S9Og5IA1GYhLe5ZewydXSjlJlsqU2t9HRbfv97OJZV/pX8DVA/Hw==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/strings/-/strings-5.4.0.tgz", + "integrity": "sha512-k/9DkH5UGDhv7aReXLluFG5ExurwtIpUfnDNhQA29w896Dw3i4uDTz01Quaptbks1Uj9kI8wo9tmW73wcIEaWA==", "requires": { - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/constants": "^5.0.8", - "@ethersproject/logger": "^5.0.8" + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/constants": "^5.4.0", + "@ethersproject/logger": "^5.4.0" } }, "@ethersproject/transactions": { - "version": "5.0.9", - "resolved": "https://registry.npmjs.org/@ethersproject/transactions/-/transactions-5.0.9.tgz", - "integrity": "sha512-0Fu1yhdFBkrbMjenEr+39tmDxuHmaw0pe9Jb18XuKoItj7Z3p7+UzdHLr2S/okvHDHYPbZE5gtANDdQ3ZL1nBA==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/transactions/-/transactions-5.4.0.tgz", + "integrity": "sha512-s3EjZZt7xa4BkLknJZ98QGoIza94rVjaEed0rzZ/jB9WrIuu/1+tjvYCWzVrystXtDswy7TPBeIepyXwSYa4WQ==", "requires": { - "@ethersproject/address": "^5.0.9", - "@ethersproject/bignumber": "^5.0.13", - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/constants": "^5.0.8", - "@ethersproject/keccak256": "^5.0.7", - "@ethersproject/logger": "^5.0.8", - "@ethersproject/properties": "^5.0.7", - "@ethersproject/rlp": "^5.0.7", - "@ethersproject/signing-key": "^5.0.8" + "@ethersproject/address": "^5.4.0", + "@ethersproject/bignumber": "^5.4.0", + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/constants": "^5.4.0", + "@ethersproject/keccak256": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "@ethersproject/properties": "^5.4.0", + "@ethersproject/rlp": "^5.4.0", + "@ethersproject/signing-key": "^5.4.0" } }, "@ethersproject/units": { - "version": "5.0.9", - "resolved": "https://registry.npmjs.org/@ethersproject/units/-/units-5.0.9.tgz", - "integrity": "sha512-4jIkcMVrJ3lCgXMO4M/2ww0/T/IN08vJTZld7FIAwa6aoBDTAy71+sby3sShl1SG3HEeKYbI3fBWauCUgPRUpQ==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/units/-/units-5.4.0.tgz", + "integrity": "sha512-Z88krX40KCp+JqPCP5oPv5p750g+uU6gopDYRTBGcDvOASh6qhiEYCRatuM/suC4S2XW9Zz90QI35MfSrTIaFg==", "requires": { - "@ethersproject/bignumber": "^5.0.13", - "@ethersproject/constants": "^5.0.8", - "@ethersproject/logger": "^5.0.8" + "@ethersproject/bignumber": "^5.4.0", + "@ethersproject/constants": "^5.4.0", + "@ethersproject/logger": "^5.4.0" } }, "@ethersproject/wallet": { - "version": "5.0.10", - "resolved": "https://registry.npmjs.org/@ethersproject/wallet/-/wallet-5.0.10.tgz", - "integrity": "sha512-5siYr38NhqZKH6DUr6u4PdhgOKur8Q6sw+JID2TitEUmW0tOl8f6rpxAe77tw6SJT60D2UcvgsyLtl32+Nl+ig==", - "requires": { - "@ethersproject/abstract-provider": "^5.0.8", - "@ethersproject/abstract-signer": "^5.0.10", - "@ethersproject/address": "^5.0.9", - "@ethersproject/bignumber": "^5.0.13", - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/hash": "^5.0.10", - "@ethersproject/hdnode": "^5.0.8", - "@ethersproject/json-wallets": "^5.0.10", - "@ethersproject/keccak256": "^5.0.7", - "@ethersproject/logger": "^5.0.8", - "@ethersproject/properties": "^5.0.7", - "@ethersproject/random": "^5.0.7", - "@ethersproject/signing-key": "^5.0.8", - "@ethersproject/transactions": "^5.0.9", - "@ethersproject/wordlists": "^5.0.8" + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/wallet/-/wallet-5.4.0.tgz", + "integrity": "sha512-wU29majLjM6AjCjpat21mPPviG+EpK7wY1+jzKD0fg3ui5fgedf2zEu1RDgpfIMsfn8fJHJuzM4zXZ2+hSHaSQ==", + "requires": { + "@ethersproject/abstract-provider": "^5.4.0", + "@ethersproject/abstract-signer": "^5.4.0", + "@ethersproject/address": "^5.4.0", + "@ethersproject/bignumber": "^5.4.0", + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/hash": "^5.4.0", + "@ethersproject/hdnode": "^5.4.0", + "@ethersproject/json-wallets": "^5.4.0", + "@ethersproject/keccak256": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "@ethersproject/properties": "^5.4.0", + "@ethersproject/random": "^5.4.0", + "@ethersproject/signing-key": "^5.4.0", + "@ethersproject/transactions": "^5.4.0", + "@ethersproject/wordlists": "^5.4.0" } }, "@ethersproject/web": { - "version": "5.0.12", - "resolved": "https://registry.npmjs.org/@ethersproject/web/-/web-5.0.12.tgz", - "integrity": "sha512-gVxS5iW0bgidZ76kr7LsTxj4uzN5XpCLzvZrLp8TP+4YgxHfCeetFyQkRPgBEAJdNrexdSBayvyJvzGvOq0O8g==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/web/-/web-5.4.0.tgz", + "integrity": "sha512-1bUusGmcoRLYgMn6c1BLk1tOKUIFuTg8j+6N8lYlbMpDesnle+i3pGSagGNvwjaiLo4Y5gBibwctpPRmjrh4Og==", "requires": { - "@ethersproject/base64": "^5.0.7", - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/logger": "^5.0.8", - "@ethersproject/properties": "^5.0.7", - "@ethersproject/strings": "^5.0.8" + "@ethersproject/base64": "^5.4.0", + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "@ethersproject/properties": "^5.4.0", + "@ethersproject/strings": "^5.4.0" } }, "@ethersproject/wordlists": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/@ethersproject/wordlists/-/wordlists-5.0.8.tgz", - "integrity": "sha512-px2mloc1wAcdTbzv0ZotTx+Uh/dfnDO22D9Rx8xr7+/PUwAhZQjoJ9t7Hn72nsaN83rWBXsLvFcIRZju4GIaEQ==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@ethersproject/wordlists/-/wordlists-5.4.0.tgz", + "integrity": "sha512-FemEkf6a+EBKEPxlzeVgUaVSodU7G0Na89jqKjmWMlDB0tomoU8RlEMgUvXyqtrg8N4cwpLh8nyRnm1Nay1isA==", "requires": { - "@ethersproject/bytes": "^5.0.9", - "@ethersproject/hash": "^5.0.10", - "@ethersproject/logger": "^5.0.8", - "@ethersproject/properties": "^5.0.7", - "@ethersproject/strings": "^5.0.8" + "@ethersproject/bytes": "^5.4.0", + "@ethersproject/hash": "^5.4.0", + "@ethersproject/logger": "^5.4.0", + "@ethersproject/properties": "^5.4.0", + "@ethersproject/strings": "^5.4.0" } }, "aes-js": { @@ -399,9 +391,9 @@ "integrity": "sha512-s0IrSOzLlbvX7yp4WBfPITzpAU8sqQcpsmwXDiKwrG4r491vwCO/XpejasRNl0piBMe/DvP4Tz0mIS/X1DPJBQ==" }, "bn.js": { - "version": "4.11.9", - "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.11.9.tgz", - "integrity": "sha512-E6QoYqCKZfgatHTdHzs1RRKP7ip4vvm+EyRUeE2RF0NblwVvb0p6jSVeNTOFxPn26QXN2o6SMfNxKp6kU8zQaw==" + "version": "4.12.0", + "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==" }, "brorand": { "version": "1.1.0", @@ -429,17 +421,17 @@ "integrity": "sha512-8sJ78ElpbDJBHNeBzUbUVLsqKdccaa/BXF1uPTw3GrvQTBgrQrtObr2mUrE38vzYd8cEv+m/JBfDLioYcfXoaw==" }, "elliptic": { - "version": "6.5.3", - "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.3.tgz", - "integrity": "sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==", + "version": "6.5.4", + "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.4.tgz", + "integrity": "sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==", "requires": { - "bn.js": "^4.4.0", - "brorand": "^1.0.1", + "bn.js": "^4.11.9", + "brorand": "^1.1.0", "hash.js": "^1.0.0", - "hmac-drbg": "^1.0.0", - "inherits": "^2.0.1", - "minimalistic-assert": "^1.0.0", - "minimalistic-crypto-utils": "^1.0.0" + "hmac-drbg": "^1.0.1", + "inherits": "^2.0.4", + "minimalistic-assert": "^1.0.1", + "minimalistic-crypto-utils": "^1.0.1" } }, "env-cmd": { @@ -452,39 +444,40 @@ } }, "ethers": { - "version": "5.0.4", - "resolved": "https://registry.npmjs.org/ethers/-/ethers-5.0.4.tgz", - "integrity": "sha512-/VzvmgsrBDOxGo+WIZD7kKXcEUFCrr53P40w5fk1EcGYidv+XVbtTWil5FMsijV6BVXTKqxwMv7hDvKLAObfNQ==", - "requires": { - "@ethersproject/abi": "^5.0.0", - "@ethersproject/abstract-provider": "^5.0.0", - "@ethersproject/abstract-signer": "^5.0.0", - "@ethersproject/address": "^5.0.0", - "@ethersproject/base64": "^5.0.0", - "@ethersproject/bignumber": "^5.0.0", - "@ethersproject/bytes": "^5.0.0", - "@ethersproject/constants": "^5.0.0", - "@ethersproject/contracts": "^5.0.0", - "@ethersproject/hash": "^5.0.0", - "@ethersproject/hdnode": "^5.0.0", - "@ethersproject/json-wallets": "^5.0.0", - "@ethersproject/keccak256": "^5.0.0", - "@ethersproject/logger": "^5.0.0", - "@ethersproject/networks": "^5.0.0", - "@ethersproject/pbkdf2": "^5.0.0", - "@ethersproject/properties": "^5.0.0", - "@ethersproject/providers": "^5.0.0", - "@ethersproject/random": "^5.0.0", - "@ethersproject/rlp": "^5.0.0", - "@ethersproject/sha2": "^5.0.0", - "@ethersproject/signing-key": "^5.0.0", - "@ethersproject/solidity": "^5.0.0", - "@ethersproject/strings": "^5.0.0", - "@ethersproject/transactions": "^5.0.0", - "@ethersproject/units": "^5.0.0", - "@ethersproject/wallet": "^5.0.0", - "@ethersproject/web": "^5.0.0", - "@ethersproject/wordlists": "^5.0.0" + "version": "5.4.5", + "resolved": "https://registry.npmjs.org/ethers/-/ethers-5.4.5.tgz", + "integrity": "sha512-PPZ6flOAj230sXEWf/r/It6ZZ5c7EOVWx+PU87Glkbg79OtT7pLE1WgL4MRdwx6iF7HzSOvUUI+8cAmcdzo12w==", + "requires": { + "@ethersproject/abi": "5.4.0", + "@ethersproject/abstract-provider": "5.4.1", + "@ethersproject/abstract-signer": "5.4.1", + "@ethersproject/address": "5.4.0", + "@ethersproject/base64": "5.4.0", + "@ethersproject/basex": "5.4.0", + "@ethersproject/bignumber": "5.4.1", + "@ethersproject/bytes": "5.4.0", + "@ethersproject/constants": "5.4.0", + "@ethersproject/contracts": "5.4.1", + "@ethersproject/hash": "5.4.0", + "@ethersproject/hdnode": "5.4.0", + "@ethersproject/json-wallets": "5.4.0", + "@ethersproject/keccak256": "5.4.0", + "@ethersproject/logger": "5.4.0", + "@ethersproject/networks": "5.4.2", + "@ethersproject/pbkdf2": "5.4.0", + "@ethersproject/properties": "5.4.0", + "@ethersproject/providers": "5.4.4", + "@ethersproject/random": "5.4.0", + "@ethersproject/rlp": "5.4.0", + "@ethersproject/sha2": "5.4.0", + "@ethersproject/signing-key": "5.4.0", + "@ethersproject/solidity": "5.4.0", + "@ethersproject/strings": "5.4.0", + "@ethersproject/transactions": "5.4.0", + "@ethersproject/units": "5.4.0", + "@ethersproject/wallet": "5.4.0", + "@ethersproject/web": "5.4.0", + "@ethersproject/wordlists": "5.4.0" } }, "follow-redirects": { @@ -568,9 +561,9 @@ } }, "ws": { - "version": "7.2.3", - "resolved": "https://registry.npmjs.org/ws/-/ws-7.2.3.tgz", - "integrity": "sha512-HTDl9G9hbkNDk98naoR/cHDws7+EyYMOdL1BmjsZXRUjf7d+MficC4B7HLUPlSiho0vg+CWKrGIt/VJBd1xunQ==" + "version": "7.4.6", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.6.tgz", + "integrity": "sha512-YmhHDO4MzaDLB+M9ym/mDA5z0naX8j7SIlT8f8z+I0VtzsRbekxEutHSme7NPS2qE8StCYQNUnfWdXta/Yu85A==" } } } diff --git a/external/keepers/package.json b/external/keepers/package.json index abcb1649..1b7fe72b 100644 --- a/external/keepers/package.json +++ b/external/keepers/package.json @@ -15,6 +15,6 @@ "axios": "^0.21.1", "dotenv": "^8.2.0", "env-cmd": "^10.1.0", - "ethers": "^5.0.4" + "ethers": "^5.4.5" } } diff --git a/external/lambdas/triggerExpirations/src/package.json b/external/lambdas/triggerExpirations/src/package.json index 86048ea7..f9231f9a 100644 --- a/external/lambdas/triggerExpirations/src/package.json +++ b/external/lambdas/triggerExpirations/src/package.json @@ -10,6 +10,6 @@ "@aws-sdk/node-http-handler": "^3.3.0", "aws-sdk": "^2.903.0", "axios": "^0.20.0", - "ethers": "^5.0.14" + "ethers": "^5.4.5" } } diff --git a/external/lambdas/triggerFinalizations/src/package.json b/external/lambdas/triggerFinalizations/src/package.json index f0cafe14..f9231f9a 100644 --- a/external/lambdas/triggerFinalizations/src/package.json +++ b/external/lambdas/triggerFinalizations/src/package.json @@ -3,13 +3,13 @@ "version": "1.0.0", "main": "index.js", "scripts": { - "test": "node -e \"(async () => console.log(await require('./index').handler({})))();\"" + "test": "node -e \"(async () => console.log(await require('./index').handler({})))();\"" }, "dependencies": { "@aws-sdk/client-s3": "^3.3.0", "@aws-sdk/node-http-handler": "^3.3.0", "aws-sdk": "^2.903.0", "axios": "^0.20.0", - "ethers": "^5.0.14" + "ethers": "^5.4.5" } } diff --git a/external/lambdas/triggerWithdrawals/src/package.json b/external/lambdas/triggerWithdrawals/src/package.json index 86048ea7..f9231f9a 100644 --- a/external/lambdas/triggerWithdrawals/src/package.json +++ b/external/lambdas/triggerWithdrawals/src/package.json @@ -10,6 +10,6 @@ "@aws-sdk/node-http-handler": "^3.3.0", "aws-sdk": "^2.903.0", "axios": "^0.20.0", - "ethers": "^5.0.14" + "ethers": "^5.4.5" } } diff --git a/go b/go deleted file mode 100755 index 35e5fbfd..00000000 --- a/go +++ /dev/null @@ -1,97 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$GO_DEBUG" ] && set -x -set -e - -project_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" - -verbose="no" -offline="no" -skip_checks="no" - -missing_dependency="no" - -[ -n "$GO_DEBUG" ] && verbose="yes" -[ -n "$GO_SKIP_CHECKS" ] && skip_checks="yes" -[ -n "$GO_OFFLINE" ] && offline="yes" - -function loose_version() { - local version="$1" - - IFS="." read -r -a version_parts <<<"$version" - - echo "${version_parts[0]}.${version_parts[1]}" -} - -ruby_full_version="$(cat "$project_dir"/.ruby-version)" -ruby_loose_version="$(loose_version "$ruby_full_version")" -node_full_version="$(cat "$project_dir"/.nvmrc)" -node_loose_version="$(loose_version "$node_full_version")" - -echo "Configuring NVM if present." -nvm_dirs=("$NVM_DIR" "$HOME/.nvm" "/usr/local/opt/nvm") -# shellcheck disable=SC2068 -for nvm_dir in ${nvm_dirs[@]}; do - nvm_script="${nvm_dir}/nvm.sh" - if [ -s "$nvm_script" ]; then - set +e - # shellcheck disable=SC1090 - source "$nvm_script" >/dev/null 2>&1 - nvm use "$node_loose_version" >/dev/null 2>&1 - set -e - break - fi -done - -if [[ "$skip_checks" == "no" ]]; then - echo "Checking for system dependencies." - if ! type ruby >/dev/null 2>&1 || ! ruby -v | grep -q "$ruby_loose_version"; then - echo "This codebase requires Ruby $ruby_loose_version." - missing_dependency="yes" - fi - - if ! type bundler >/dev/null 2>&1; then - echo "This codebase requires Bundler." - missing_dependency="yes" - fi - - if ! type node >/dev/null 2>&1 || ! node --version | grep -q "$node_loose_version"; then - echo "This codebase requires Node $node_loose_version" - missing_dependency="yes" - fi - - if ! type npm >/dev/null 2>&1; then - echo "This codebase requires NPM." - missing_dependency="yes" - fi - - if [[ "$missing_dependency" == "yes" ]]; then - echo "Please install missing dependencies to continue." - exit 1 - fi - - echo "All system dependencies present. Continuing." -fi - -if [[ "$offline" == "no" ]]; then - echo "Installing bundler." - if [[ "$verbose" == "yes" ]]; then - gem install --no-document bundler - else - gem install --no-document bundler >/dev/null - fi - - echo "Installing ruby dependencies." - if [[ "$verbose" == "yes" ]]; then - bundle install - else - bundle install >/dev/null - fi -fi - -echo "Starting rake." -if [[ "$verbose" == "yes" ]]; then - time bundle exec rake --verbose "$@" -else - time bundle exec rake "$@" -fi diff --git a/helm/.helmignore b/helm/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/helm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 00000000..83a6a103 --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: reference-backend +description: A Helm chart for deploying the Leptonite.io backend on Kubernetes +type: application +version: 0.1.0 +appVersion: "1.16.0" diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl new file mode 100644 index 00000000..733ad228 --- /dev/null +++ b/helm/templates/_helpers.tpl @@ -0,0 +1,71 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "reference-backend.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "reference-backend.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "reference-backend.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels for backend +*/}} +{{- define "reference-backend.labels" -}} +helm.sh/chart: {{ include "reference-backend.chart" . }} +{{ include "reference-backend.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels for backend +*/}} +{{- define "reference-backend.selectorLabels" -}} +app.kubernetes.io/name: {{ include "reference-backend.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Common labels for keepers +*/}} +{{- define "reference-backend-keepers.labels" -}} +helm.sh/chart: {{ include "reference-backend.chart" . }} +{{ include "reference-backend-keepers.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels for keepers +*/}} +{{- define "reference-backend-keepers.selectorLabels" -}} +app.kubernetes.io/name: {{ include "reference-backend.name" . }}-keepers +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml new file mode 100644 index 00000000..54ae2fc4 --- /dev/null +++ b/helm/templates/deployment.yaml @@ -0,0 +1,95 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "reference-backend.fullname" . }} + labels: + {{- include "reference-backend.labels" . | nindent 4 }} +spec: + {{- if not .Values.backend.autoscaling.enabled }} + replicas: {{ .Values.backend.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "reference-backend.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.keepers.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "reference-backend.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ .Values.backend.serviceAccount.name }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.backend.image.pullPolicy }} + ports: + - name: http + containerPort: 3000 + protocol: TCP + livenessProbe: + httpGet: + path: /health + port: http + readinessProbe: + httpGet: + path: /health + port: http + env: + - name: AWS_S3_BUCKET_REGION + value: {{ .Values.backend.envFileRegion }} + - name: AWS_S3_ENV_FILE_OBJECT_PATH + value: {{ .Values.backend.envFilePath }} + resources: + {{- toYaml .Values.backend.resources | nindent 12 }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "reference-backend.fullname" . }}-keepers + labels: + {{- include "reference-backend-keepers.labels" . | nindent 4 }} +spec: + {{- if not .Values.keepers.autoscaling.enabled }} + replicas: {{ .Values.keepers.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "reference-backend-keepers.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.keepers.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "reference-backend-keepers.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ .Values.keepers.serviceAccount.name }} + containers: + - name: {{ .Chart.Name }}-keepers + image: "{{ .Values.keepers.image.repository }}:{{ .Values.keepers.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.keepers.image.pullPolicy }} + ports: + - name: http + containerPort: 3000 + protocol: TCP + env: + - name: AWS_S3_BUCKET_REGION + value: {{ .Values.keepers.envFileRegion }} + - name: AWS_S3_ENV_FILE_OBJECT_PATH + value: {{ .Values.keepers.envFilePath }} + - name: API_URL + value: {{ .Values.keepers.apiUrl }} + resources: + {{- toYaml .Values.backend.resources | nindent 12 }} diff --git a/helm/templates/hpa.yaml b/helm/templates/hpa.yaml new file mode 100644 index 00000000..fa9c224b --- /dev/null +++ b/helm/templates/hpa.yaml @@ -0,0 +1,58 @@ +{{- if .Values.backend.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "reference-backend.fullname" . }} + labels: + {{- include "reference-backend.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "reference-backend.fullname" . }} + minReplicas: {{ .Values.backend.autoscaling.minReplicas }} + maxReplicas: {{ .Values.backend.autoscaling.maxReplicas }} + metrics: + {{- if .Values.backend.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.backend.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.backend.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.backend.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} +{{- if .Values.keepers.autoscaling.enabled }} +--- +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "reference-backend.fullname" . }}-keepers + labels: + {{- include "reference-backend-keepers.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "reference-backend.fullname" . }}-keepers + minReplicas: {{ .Values.keepers.autoscaling.minReplicas }} + maxReplicas: {{ .Values.keepers.autoscaling.maxReplicas }} + metrics: + {{- if .Values.keepers.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.keepers.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.keepers.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.keepers.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} + diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml new file mode 100644 index 00000000..0ebb163e --- /dev/null +++ b/helm/templates/ingress.yaml @@ -0,0 +1,42 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "reference-backend.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "reference-backend.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.tls.enabled }} + tls: + {{- range .Values.ingress.hosts }} + - hosts: + - {{ .host | quote }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ssl-redirect + port: + name: use-annotation + - path: / + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- end }} +{{- end }} diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml new file mode 100644 index 00000000..1d90f181 --- /dev/null +++ b/helm/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "reference-backend.fullname" . }} + labels: + {{- include "reference-backend.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "reference-backend.selectorLabels" . | nindent 4 }} diff --git a/helm/templates/serviceaccount.yaml b/helm/templates/serviceaccount.yaml new file mode 100644 index 00000000..44983c16 --- /dev/null +++ b/helm/templates/serviceaccount.yaml @@ -0,0 +1,25 @@ +{{- if .Values.backend.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.backend.serviceAccount.name }} + labels: + {{- include "reference-backend.labels" . | nindent 4 }} + {{- with .Values.backend.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- if .Values.keepers.serviceAccount.create }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.keepers.serviceAccount.name }} + labels: + {{- include "reference-backend-keepers.labels" . | nindent 4 }} + {{- with .Values.keepers.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/values.yaml b/helm/values.yaml new file mode 100644 index 00000000..4a808435 --- /dev/null +++ b/helm/values.yaml @@ -0,0 +1,84 @@ +# Default values for portal-backend. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +backend: + replicaCount: 1 + podAnnotations: {} + image: + repository: 031036423983.dkr.ecr.eu-west-2.amazonaws.com/bsn/reference-backend + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "latest" + resources: {} + # Example of resource limits below. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + envFilePath: dummy + envFileRegion: dummy + serviceAccount: + create: true + annotations: { } + name: "backend" +keepers: + replicaCount: 1 + podAnnotations: {} + image: + repository: 031036423983.dkr.ecr.eu-west-2.amazonaws.com/bsn/keepers + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "latest" + resources: {} + # Example of resource limits below. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + apiUrl: dummy + envFilePath: dummy + envFileRegion: dummy + serviceAccount: + create: true + annotations: {} + name: "keepers" +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +service: + type: NodePort + port: 3000 +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/backend-protocol: HTTP + alb.ingress.kubernetes.io/healthcheck-path: /health + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/load-balancer-attributes: routing.http2.enabled=true,idle_timeout.timeout_seconds=120 + hosts: + - host: chart-example.local + tls: + enabled: true + # - secretName: chart-example-tls + # hosts: + # - chart-example.local diff --git a/infra/bootstrap/bucket.tf b/infra/bootstrap/bucket.tf deleted file mode 100644 index 9bf230db..00000000 --- a/infra/bootstrap/bucket.tf +++ /dev/null @@ -1,23 +0,0 @@ -data "aws_caller_identity" "current" {} - -data "template_file" "bucket_policy_template" { - template = file("${path.module}/policies/storage-bucket-policy.json.tpl") - - vars = { - allowed_account_ids = jsonencode(coalescelist(var.allowed_account_ids, [data.aws_caller_identity.current.account_id])) - } -} - -module "storage_bucket" { - source = "infrablocks/encrypted-bucket/aws" - version = "2.0.0" - - bucket_name = var.storage_bucket_name - bucket_policy_template = data.template_file.bucket_policy_template.rendered - - tags = { - DeploymentType = var.deployment_type - DeploymentLabel = var.deployment_label - DeploymentIdentifier = var.deployment_identifier - } -} diff --git a/infra/bootstrap/outputs.tf b/infra/bootstrap/outputs.tf deleted file mode 100644 index d59f77a2..00000000 --- a/infra/bootstrap/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "storage_bucket_name" { - value = var.storage_bucket_name -} diff --git a/infra/bootstrap/policies/storage-bucket-policy.json.tpl b/infra/bootstrap/policies/storage-bucket-policy.json.tpl deleted file mode 100644 index f647a293..00000000 --- a/infra/bootstrap/policies/storage-bucket-policy.json.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - $${deny_unencrypted_object_upload_fragment}, - $${deny_unencrypted_inflight_operations_fragment}, - { - "Sid": "AllowCrossAccountAccess", - "Effect": "Allow", - "Action": [ - "s3:ListBucket", - "s3:GetObject" - ], - "Principal": { - "AWS": ${allowed_account_ids} - }, - "Resource": [ - "arn:aws:s3:::$${bucket_name}", - "arn:aws:s3:::$${bucket_name}/*" - ] - } - ] -} \ No newline at end of file diff --git a/infra/bootstrap/providers.tf b/infra/bootstrap/providers.tf deleted file mode 100644 index dc58d9a2..00000000 --- a/infra/bootstrap/providers.tf +++ /dev/null @@ -1,3 +0,0 @@ -provider "aws" { - region = var.region -} diff --git a/infra/bootstrap/terraform.tf b/infra/bootstrap/terraform.tf deleted file mode 100644 index b1d45698..00000000 --- a/infra/bootstrap/terraform.tf +++ /dev/null @@ -1,14 +0,0 @@ -terraform { - required_version = ">= 0.14" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.29" - } - template = { - source = "hashicorp/template" - version = "~> 2.2.0" - } - } -} \ No newline at end of file diff --git a/infra/bootstrap/variables.tf b/infra/bootstrap/variables.tf deleted file mode 100644 index 80dd25ff..00000000 --- a/infra/bootstrap/variables.tf +++ /dev/null @@ -1,12 +0,0 @@ -variable "region" {} - -variable "deployment_type" {} -variable "deployment_label" {} -variable "deployment_identifier" {} - -variable "storage_bucket_name" {} - -variable "allowed_account_ids" { - type = list(string) - default = [] -} diff --git a/infra/database/network.tf b/infra/database/network.tf deleted file mode 100644 index 04dc4a8d..00000000 --- a/infra/database/network.tf +++ /dev/null @@ -1,10 +0,0 @@ -data "terraform_remote_state" "network" { - backend = "s3" - - config = { - bucket = var.network_state_bucket_name - key = var.network_state_key - region = var.network_state_bucket_region - encrypt = var.network_state_bucket_is_encrypted - } -} diff --git a/infra/functions/modules/lambda/iam.tf b/infra/functions/modules/lambda/iam.tf deleted file mode 100644 index 748ea015..00000000 --- a/infra/functions/modules/lambda/iam.tf +++ /dev/null @@ -1,57 +0,0 @@ -data "aws_caller_identity" "current" { -} - -resource "aws_iam_role" "lambda_execution_role" { - assume_role_policy = var.lambda_assume_role != "" ? var.lambda_assume_role : jsonencode( - { - "Version": "2012-10-17", - "Statement": [ - { - Action: "sts:AssumeRole", - Principal: { - "Service": "lambda.amazonaws.com" - }, - Effect: "Allow" - } - ] - }) - tags = local.tags -} - -resource "aws_iam_role_policy" "lambda_execution_policy" { - role = aws_iam_role.lambda_execution_role.id - policy = var.lambda_execution_policy != "" ? var.lambda_execution_policy : jsonencode( - { - "Version": "2012-10-17", - "Statement": [ - { - Effect: "Allow", - Action: [ - "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface", - "ec2:DescribeSecurityGroups", - "ec2:AssignPrivateIpAddresses", - "ec2:UnassignPrivateIpAddresses", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - Resource: [ - "*" - ] - }, - { - Effect: "Allow", - Action: [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - Resource: [ - "arn:aws:logs:${var.region}:${var.account_id}:*" - ] - } - ] - }) -} - diff --git a/infra/functions/modules/lambda/security_group.tf b/infra/functions/modules/lambda/security_group.tf deleted file mode 100644 index 95dfd4e1..00000000 --- a/infra/functions/modules/lambda/security_group.tf +++ /dev/null @@ -1,20 +0,0 @@ -resource "aws_security_group" "sg_lambda" { - description = "${var.deployment_identifier}-lambda" - vpc_id = var.vpc_id - tags = local.tags - count = var.deploy_in_vpc == "yes" ? 1 : 0 - - ingress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = var.lambda_ingress_cidr_blocks - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = var.lambda_egress_cidr_blocks - } -} diff --git a/infra/functions/terraform.tf b/infra/functions/terraform.tf deleted file mode 100644 index a3531f9a..00000000 --- a/infra/functions/terraform.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - required_version = ">= 0.14" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.16" - } - template = { - source = "hashicorp/template" - version = "2.2.0" - } - } - - backend "s3" {} -} \ No newline at end of file diff --git a/infra/image-repository/outputs.tf b/infra/image-repository/outputs.tf deleted file mode 100644 index 843b50e6..00000000 --- a/infra/image-repository/outputs.tf +++ /dev/null @@ -1,6 +0,0 @@ -output "registry_id" { - value = module.image_repository.registry_id -} -output "repository_url" { - value = module.image_repository.repository_url -} diff --git a/infra/image-repository/provider.tf b/infra/image-repository/provider.tf deleted file mode 100644 index dc58d9a2..00000000 --- a/infra/image-repository/provider.tf +++ /dev/null @@ -1,3 +0,0 @@ -provider "aws" { - region = var.region -} diff --git a/infra/image-repository/repository.tf b/infra/image-repository/repository.tf deleted file mode 100644 index 2205a12a..00000000 --- a/infra/image-repository/repository.tf +++ /dev/null @@ -1,31 +0,0 @@ -module "image_repository" { - source = "infrablocks/ecr-repository/aws" - version = "2.0.0" - - repository_name = var.repository_name -} - -data "aws_caller_identity" "current" {} - -data "aws_iam_policy_document" "service" { - statement { - effect = "Allow" - - principals { - type = "AWS" - identifiers = var.allowed_role_arns - } - - actions = [ - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage", - "ecr:BatchCheckLayerAvailability" - ] - } -} - -resource "aws_ecr_repository_policy" "service" { - repository = var.repository_name - - policy = data.aws_iam_policy_document.service.json -} diff --git a/infra/image-repository/terraform.tf b/infra/image-repository/terraform.tf deleted file mode 100644 index d9eabeb5..00000000 --- a/infra/image-repository/terraform.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_version = ">= 0.14" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 3.16" - } - } - - backend "s3" {} -} diff --git a/infra/image-repository/variables.tf b/infra/image-repository/variables.tf deleted file mode 100644 index f248b15d..00000000 --- a/infra/image-repository/variables.tf +++ /dev/null @@ -1,8 +0,0 @@ -variable "region" {} - -variable "repository_name" {} - -variable "allowed_role_arns" { - type = list(string) - default = [] -} \ No newline at end of file diff --git a/infra/image-storage-bucket/bucket.tf b/infra/image-storage-bucket/bucket.tf deleted file mode 100644 index 9cbf9bd6..00000000 --- a/infra/image-storage-bucket/bucket.tf +++ /dev/null @@ -1,15 +0,0 @@ -data "aws_caller_identity" "current" {} - -module "storage_bucket" { - source = "infrablocks/encrypted-bucket/aws" - version = "2.0.0" - - acl = "public-read" - bucket_name = var.image_storage_bucket_name - - tags = { - DeploymentType = var.deployment_type - DeploymentLabel = var.deployment_label - DeploymentIdentifier = var.deployment_identifier - } -} diff --git a/infra/image-storage-bucket/iam.tf b/infra/image-storage-bucket/iam.tf deleted file mode 100644 index b9bfdd42..00000000 --- a/infra/image-storage-bucket/iam.tf +++ /dev/null @@ -1,40 +0,0 @@ -resource "aws_iam_user" "image_storage" { - name = substr(var.image_storage_user_name, 0, 64) - - tags = { - DeploymentType = var.deployment_type - DeploymentLabel = var.deployment_label - DeploymentIdentifier = var.deployment_identifier - } -} - -resource "aws_iam_access_key" "image_storage" { - user = aws_iam_user.image_storage.name - pgp_key = filebase64(var.image_storage_user_public_gpg_key_path) -} - -resource "aws_iam_user_policy" "image_storage" { - name = "${var.image_storage_user_name}-policy" - user = aws_iam_user.image_storage.name - - policy = < build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -./go "database:environment:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/demo/provision-database/task.yaml b/pipelines/demo/provision-database/task.yaml deleted file mode 100644 index a78e5f14..00000000 --- a/pipelines/demo/provision-database/task.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -platform: linux - -inputs: - - name: source -run: - dir: /source - path: ./pipelines/demo/provision-database/task.sh diff --git a/pipelines/demo/provision-functions/task.sh b/pipelines/demo/provision-functions/task.sh deleted file mode 100755 index 5c5b1e55..00000000 --- a/pipelines/demo/provision-functions/task.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -./go "lambda:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/demo/provision-functions/task.yaml b/pipelines/demo/provision-functions/task.yaml deleted file mode 100644 index 20dbe129..00000000 --- a/pipelines/demo/provision-functions/task.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -platform: linux - -inputs: - - name: source -run: - dir: /source - path: ./pipelines/demo/provision-functions/task.sh diff --git a/pipelines/demo/provision-image-repository/task.sh b/pipelines/demo/provision-image-repository/task.sh deleted file mode 100755 index b1be7856..00000000 --- a/pipelines/demo/provision-image-repository/task.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -./go "image_repository:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/demo/provision-image-repository/task.yaml b/pipelines/demo/provision-image-repository/task.yaml deleted file mode 100644 index 5988fa7c..00000000 --- a/pipelines/demo/provision-image-repository/task.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -platform: linux - -inputs: - - name: source -run: - dir: /source - path: ./pipelines/demo/provision-image-repository/task.sh diff --git a/pipelines/demo/provision-image-storage-bucket/task.sh b/pipelines/demo/provision-image-storage-bucket/task.sh deleted file mode 100755 index 7efb2732..00000000 --- a/pipelines/demo/provision-image-storage-bucket/task.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -./go "image_storage_bucket:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/demo/provision-image-storage-bucket/task.yaml b/pipelines/demo/provision-image-storage-bucket/task.yaml deleted file mode 100644 index 94702c62..00000000 --- a/pipelines/demo/provision-image-storage-bucket/task.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - - name: version -run: - dir: /source - path: ./pipelines/demo/provision-image-storage-bucket/task.sh diff --git a/pipelines/demo/provision-keepers-image-repository/task.sh b/pipelines/demo/provision-keepers-image-repository/task.sh deleted file mode 100755 index 7062624b..00000000 --- a/pipelines/demo/provision-keepers-image-repository/task.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -./go "keepers_image_repository:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/demo/provision-keepers-image-repository/task.yaml b/pipelines/demo/provision-keepers-image-repository/task.yaml deleted file mode 100644 index 7a04596f..00000000 --- a/pipelines/demo/provision-keepers-image-repository/task.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -platform: linux - -inputs: - - name: source -run: - dir: /source - path: ./pipelines/demo/provision-keepers-image-repository/task.sh diff --git a/pipelines/demo/provision-keepers-service/task.sh b/pipelines/demo/provision-keepers-service/task.sh deleted file mode 100755 index 275312a8..00000000 --- a/pipelines/demo/provision-keepers-service/task.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" -ROOT_DIR="$( cd "$PROJECT_DIR/.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -export AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -export AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -export AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export GIT_SHA="$(git rev-parse --short HEAD)" - -mkdir -p "$PROJECT_DIR/build" -cp "$ROOT_DIR/version/version" "$PROJECT_DIR/build/version" - -./go "service_keepers:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/demo/provision-keepers-service/task.yaml b/pipelines/demo/provision-keepers-service/task.yaml deleted file mode 100644 index 218c18e0..00000000 --- a/pipelines/demo/provision-keepers-service/task.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - - name: version -run: - dir: /source - path: ./pipelines/demo/provision-keepers-service/task.sh diff --git a/pipelines/demo/provision-service/task.sh b/pipelines/demo/provision-service/task.sh deleted file mode 100755 index c28428c4..00000000 --- a/pipelines/demo/provision-service/task.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" -ROOT_DIR="$( cd "$PROJECT_DIR/.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -export AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -export AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -export AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export GIT_SHA="$(git rev-parse --short HEAD)" - -mkdir -p "$PROJECT_DIR/build" -cp "$ROOT_DIR/version/version" "$PROJECT_DIR/build/version" - -./go "service:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/demo/provision-service/task.yaml b/pipelines/demo/provision-service/task.yaml deleted file mode 100644 index a75db42d..00000000 --- a/pipelines/demo/provision-service/task.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - - name: version -run: - dir: /source - path: ./pipelines/demo/provision-service/task.sh diff --git a/pipelines/demo/publish-image-keepers/task.sh b/pipelines/demo/publish-image-keepers/task.sh deleted file mode 100755 index d0ec6c8d..00000000 --- a/pipelines/demo/publish-image-keepers/task.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" -ROOT_DIR="$( cd "$PROJECT_DIR/.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -export GIT_SHA="$(git rev-parse --short HEAD)" - -cp "$ROOT_DIR/version/version" "$PROJECT_DIR/build/version" - -./go "image_keepers:prepare[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" - -cp -R "build/images/keepers"/* "$ROOT_DIR/image-build-directory/" diff --git a/pipelines/demo/publish-image-keepers/task.yaml b/pipelines/demo/publish-image-keepers/task.yaml deleted file mode 100644 index 6230325e..00000000 --- a/pipelines/demo/publish-image-keepers/task.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - - name: version -outputs: - - name: image-build-directory -run: - dir: /source - path: ./pipelines/demo/publish-image-keepers/task.sh diff --git a/pipelines/demo/publish-image/task.sh b/pipelines/demo/publish-image/task.sh deleted file mode 100755 index d4b246d7..00000000 --- a/pipelines/demo/publish-image/task.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" -ROOT_DIR="$( cd "$PROJECT_DIR/.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -export GIT_SHA="$(git rev-parse --short HEAD)" - -cp "$ROOT_DIR/version/version" "$PROJECT_DIR/build/version" - -./go "image:prepare[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" - -cp -R "build/images/reference-backend"/* "$ROOT_DIR/image-build-directory/" diff --git a/pipelines/demo/publish-image/task.yaml b/pipelines/demo/publish-image/task.yaml deleted file mode 100644 index 7eb822cc..00000000 --- a/pipelines/demo/publish-image/task.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - - name: version -outputs: - - name: image-build-directory -run: - dir: /source - path: ./pipelines/demo/publish-image/task.sh diff --git a/pipelines/develop/pipeline.yaml b/pipelines/develop/pipeline.yaml deleted file mode 100644 index be17bdf6..00000000 --- a/pipelines/develop/pipeline.yaml +++ /dev/null @@ -1,372 +0,0 @@ -resource_types: - - name: slack-notification - type: docker-image - source: - repository: cfcommunity/slack-notification-resource - tag: latest - -resources: - - name: source - type: git - source: - uri: ((source_repository_url)) - branch: ((source_repository_branch)) - private_key: ((git_ssh_key)) - - - name: updated-source - type: git - source: - uri: ((source_repository_url)) - branch: ((source_repository_branch)) - private_key: ((git_ssh_key)) - - - name: app-image - type: docker-image - source: - repository: ((app_image_repository_url)) - aws_access_key_id: ((aws_access_key_id)) - aws_secret_access_key: ((aws_secret_access_key)) - - - name: keepers-image - type: docker-image - source: - repository: ((keepers_image_repository_url)) - aws_access_key_id: ((aws_access_key_id)) - aws_secret_access_key: ((aws_secret_access_key)) - - - name: node-builder-image - type: docker-image - source: - repository: ((node_builder_image_repository_url)) - - - name: version - type: semver - source: - driver: s3 - initial_version: 0.1.0 - bucket: ((storage_bucket_name)) - key: reference-backend/metadata/develop/version - region_name: ((storage_bucket_region)) - server_side_encryption: ((storage_bucket_encryption)) - access_key_id: ((aws_access_key_id)) - secret_access_key: ((aws_secret_access_key)) - - - name: notify-success - type: slack-notification - source: - url: ((slack_builds_webhook_url)) - - - name: notify-failure - type: slack-notification - source: - url: ((slack_engineering_webhook_url)) - -groups: - - name: ci - jobs: - - build - - test - - provision-keepers-image-repository - - provision-image-repository - - publish-image - - publish-image-keepers - - name: development-plutonium - jobs: - - provision-development-plutonium-database - - provision-development-plutonium-image-storage-bucket - - provision-development-plutonium-service - - provision-development-plutonium-keepers-service - - provision-development-plutonium-functions - -jobs: - - name: build - serial: true - plan: - - in_parallel: - - get: source - trigger: true - - get: node-builder-image - - task: build - image: node-builder-image - file: source/pipelines/shared/build/task.yaml - - on_success: &on_success - put: notify-success - params: - text: ((slack_success_message)) - channel: ((slack_success_channel)) - - on_failure: &on_failure - put: notify-failure - params: - text: ((slack_failure_message)) - channel: ((slack_failure_channel)) - - on_error: &on_error - put: notify-failure - params: - text: ((slack_error_message)) - channel: ((slack_error_channel)) - - on_abort: &on_abort - put: notify-failure - params: - text: ((slack_abort_message)) - channel: ((slack_abort_channel)) - - - name: test - plan: - - in_parallel: - - get: source - trigger: true - passed: - - build - - get: updated-source - - get: node-builder-image - - task: test - image: node-builder-image - file: source/pipelines/shared/coverage/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((ci_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((ci_deployment_type)) - DEPLOYMENT_LABEL: ((ci_deployment_label)) - - put: updated-source - params: - repository: source - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: provision-keepers-image-repository - serial: true - plan: - - in_parallel: - - get: source - trigger: true - passed: - - test - - get: node-builder-image - - task: provision-keepers-image-repository - image: node-builder-image - file: source/pipelines/develop/provision-keepers-image-repository/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((ci_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((ci_deployment_type)) - DEPLOYMENT_LABEL: ((ci_deployment_label)) - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: provision-image-repository - serial: true - plan: - - in_parallel: - - get: source - trigger: true - passed: - - test - - get: node-builder-image - - task: provision-image-repository - image: node-builder-image - file: source/pipelines/develop/provision-image-repository/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((ci_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((ci_deployment_type)) - DEPLOYMENT_LABEL: ((ci_deployment_label)) - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: publish-image - plan: - - in_parallel: - - get: source - trigger: true - passed: - - provision-keepers-image-repository - - provision-image-repository - - put: version - params: - pre: rc - - get: node-builder-image - - task: publish-image - image: node-builder-image - file: source/pipelines/develop/publish-image/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((ci_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((ci_deployment_type)) - DEPLOYMENT_LABEL: ((ci_deployment_label)) - - put: app-image - params: - build: image-build-directory - cache: true - cache_tag: latest - tag: image-build-directory/TAG - tag_as_latest: true - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: publish-image-keepers - plan: - - in_parallel: - - get: source - trigger: true - passed: - - provision-keepers-image-repository - - provision-image-repository - - publish-image - - get: version - - get: node-builder-image - - task: publish-image-keepers - image: node-builder-image - file: source/pipelines/develop/publish-image-keepers/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((ci_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((ci_deployment_type)) - DEPLOYMENT_LABEL: ((ci_deployment_label)) - - put: keepers-image - params: - build: image-build-directory - cache: true - cache_tag: latest - tag: image-build-directory/TAG - tag_as_latest: true - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: provision-development-plutonium-database - serial: true - plan: - - in_parallel: - - get: source - trigger: true - passed: - - publish-image - - publish-image-keepers - - get: node-builder-image - - task: provision-database - image: node-builder-image - file: source/pipelines/develop/provision-database/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((development_plutonium_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((development_plutonium_deployment_type)) - DEPLOYMENT_LABEL: ((development_plutonium_deployment_label)) - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: provision-development-plutonium-image-storage-bucket - serial: true - plan: - - in_parallel: - - get: source - trigger: true - passed: - - provision-development-plutonium-database - - get: version - - get: node-builder-image - - task: provision-image-storage-bucket - image: node-builder-image - file: source/pipelines/develop/provision-image-storage-bucket/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((development_plutonium_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((development_plutonium_deployment_type)) - DEPLOYMENT_LABEL: ((development_plutonium_deployment_label)) - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: provision-development-plutonium-service - serial: true - plan: - - in_parallel: - - get: source - trigger: true - passed: - - provision-development-plutonium-image-storage-bucket - - get: version - - get: node-builder-image - - task: provision-service - image: node-builder-image - file: source/pipelines/develop/provision-service/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((development_plutonium_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((development_plutonium_deployment_type)) - DEPLOYMENT_LABEL: ((development_plutonium_deployment_label)) - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: provision-development-plutonium-keepers-service - serial: true - plan: - - in_parallel: - - get: source - trigger: true - passed: - - provision-development-plutonium-service - - get: version - - get: node-builder-image - - task: provision-keepers-service - image: node-builder-image - file: source/pipelines/develop/provision-keepers-service/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((development_plutonium_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((development_plutonium_deployment_type)) - DEPLOYMENT_LABEL: ((development_plutonium_deployment_label)) - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: provision-development-plutonium-functions - serial: true - plan: - - in_parallel: - - get: source - trigger: true - passed: - - provision-development-plutonium-keepers-service - - get: version - - get: node-builder-image - - task: provision-functions - image: node-builder-image - file: source/pipelines/develop/provision-functions/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((development_plutonium_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((development_plutonium_deployment_type)) - DEPLOYMENT_LABEL: ((development_plutonium_deployment_label)) - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort diff --git a/pipelines/develop/provision-database/task.sh b/pipelines/develop/provision-database/task.sh deleted file mode 100755 index a50db957..00000000 --- a/pipelines/develop/provision-database/task.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -./go "database:environment:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/develop/provision-database/task.yaml b/pipelines/develop/provision-database/task.yaml deleted file mode 100644 index f814aa1c..00000000 --- a/pipelines/develop/provision-database/task.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -platform: linux - -inputs: - - name: source -run: - dir: /source - path: ./pipelines/develop/provision-database/task.sh diff --git a/pipelines/develop/provision-functions/task.sh b/pipelines/develop/provision-functions/task.sh deleted file mode 100755 index 5c5b1e55..00000000 --- a/pipelines/develop/provision-functions/task.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -./go "lambda:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/develop/provision-functions/task.yaml b/pipelines/develop/provision-functions/task.yaml deleted file mode 100644 index ee2f7fbe..00000000 --- a/pipelines/develop/provision-functions/task.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -platform: linux - -inputs: - - name: source -run: - dir: /source - path: ./pipelines/develop/provision-functions/task.sh diff --git a/pipelines/develop/provision-image-repository/task.sh b/pipelines/develop/provision-image-repository/task.sh deleted file mode 100755 index b1be7856..00000000 --- a/pipelines/develop/provision-image-repository/task.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -./go "image_repository:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/develop/provision-image-repository/task.yaml b/pipelines/develop/provision-image-repository/task.yaml deleted file mode 100644 index c372b33b..00000000 --- a/pipelines/develop/provision-image-repository/task.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -platform: linux - -inputs: - - name: source -run: - dir: /source - path: ./pipelines/develop/provision-image-repository/task.sh diff --git a/pipelines/develop/provision-image-storage-bucket/task.sh b/pipelines/develop/provision-image-storage-bucket/task.sh deleted file mode 100755 index 7efb2732..00000000 --- a/pipelines/develop/provision-image-storage-bucket/task.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -./go "image_storage_bucket:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/develop/provision-image-storage-bucket/task.yaml b/pipelines/develop/provision-image-storage-bucket/task.yaml deleted file mode 100644 index 57a7feea..00000000 --- a/pipelines/develop/provision-image-storage-bucket/task.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - - name: version -run: - dir: /source - path: ./pipelines/develop/provision-image-storage-bucket/task.sh diff --git a/pipelines/develop/provision-keepers-image-repository/task.sh b/pipelines/develop/provision-keepers-image-repository/task.sh deleted file mode 100755 index 7062624b..00000000 --- a/pipelines/develop/provision-keepers-image-repository/task.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -./go "keepers_image_repository:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/develop/provision-keepers-image-repository/task.yaml b/pipelines/develop/provision-keepers-image-repository/task.yaml deleted file mode 100644 index 7f9321c3..00000000 --- a/pipelines/develop/provision-keepers-image-repository/task.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -platform: linux - -inputs: - - name: source -run: - dir: /source - path: ./pipelines/develop/provision-keepers-image-repository/task.sh diff --git a/pipelines/develop/provision-keepers-service/task.sh b/pipelines/develop/provision-keepers-service/task.sh deleted file mode 100755 index 275312a8..00000000 --- a/pipelines/develop/provision-keepers-service/task.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" -ROOT_DIR="$( cd "$PROJECT_DIR/.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -export AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -export AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -export AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export GIT_SHA="$(git rev-parse --short HEAD)" - -mkdir -p "$PROJECT_DIR/build" -cp "$ROOT_DIR/version/version" "$PROJECT_DIR/build/version" - -./go "service_keepers:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/develop/provision-keepers-service/task.yaml b/pipelines/develop/provision-keepers-service/task.yaml deleted file mode 100644 index aabda087..00000000 --- a/pipelines/develop/provision-keepers-service/task.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - - name: version -run: - dir: /source - path: ./pipelines/develop/provision-keepers-service/task.sh diff --git a/pipelines/develop/provision-service/task.sh b/pipelines/develop/provision-service/task.sh deleted file mode 100755 index c28428c4..00000000 --- a/pipelines/develop/provision-service/task.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" -ROOT_DIR="$( cd "$PROJECT_DIR/.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -export AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -export AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -export AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export GIT_SHA="$(git rev-parse --short HEAD)" - -mkdir -p "$PROJECT_DIR/build" -cp "$ROOT_DIR/version/version" "$PROJECT_DIR/build/version" - -./go "service:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/develop/provision-service/task.yaml b/pipelines/develop/provision-service/task.yaml deleted file mode 100644 index b7524e43..00000000 --- a/pipelines/develop/provision-service/task.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - - name: version -run: - dir: /source - path: ./pipelines/develop/provision-service/task.sh diff --git a/pipelines/develop/publish-image-keepers/task.sh b/pipelines/develop/publish-image-keepers/task.sh deleted file mode 100755 index d0ec6c8d..00000000 --- a/pipelines/develop/publish-image-keepers/task.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" -ROOT_DIR="$( cd "$PROJECT_DIR/.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -export GIT_SHA="$(git rev-parse --short HEAD)" - -cp "$ROOT_DIR/version/version" "$PROJECT_DIR/build/version" - -./go "image_keepers:prepare[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" - -cp -R "build/images/keepers"/* "$ROOT_DIR/image-build-directory/" diff --git a/pipelines/develop/publish-image-keepers/task.yaml b/pipelines/develop/publish-image-keepers/task.yaml deleted file mode 100644 index 10737029..00000000 --- a/pipelines/develop/publish-image-keepers/task.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - - name: version -outputs: - - name: image-build-directory -run: - dir: /source - path: ./pipelines/develop/publish-image-keepers/task.sh diff --git a/pipelines/develop/publish-image/task.sh b/pipelines/develop/publish-image/task.sh deleted file mode 100755 index d4b246d7..00000000 --- a/pipelines/develop/publish-image/task.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" -ROOT_DIR="$( cd "$PROJECT_DIR/.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -export GIT_SHA="$(git rev-parse --short HEAD)" - -cp "$ROOT_DIR/version/version" "$PROJECT_DIR/build/version" - -./go "image:prepare[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" - -cp -R "build/images/reference-backend"/* "$ROOT_DIR/image-build-directory/" diff --git a/pipelines/develop/publish-image/task.yaml b/pipelines/develop/publish-image/task.yaml deleted file mode 100644 index 4b7d876d..00000000 --- a/pipelines/develop/publish-image/task.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - - name: version -outputs: - - name: image-build-directory -run: - dir: /source - path: ./pipelines/develop/publish-image/task.sh diff --git a/pipelines/pr/pipeline.yaml b/pipelines/pr/pipeline.yaml deleted file mode 100644 index e8ebe46f..00000000 --- a/pipelines/pr/pipeline.yaml +++ /dev/null @@ -1,172 +0,0 @@ -resource_types: - - name: slack-notification - type: docker-image - source: - repository: cfcommunity/slack-notification-resource - tag: latest - - - name: github-status - type: docker-image - source: - repository: resource/github-status - -resources: - - name: source - type: git - source: - uri: ((source_repository_url)) - branch: ((source_repository_branch)) - private_key: ((git_ssh_key)) - - - name: status - type: github-status - source: - repo: ((source_repository_name)) - access_token: ((github_access_token)) - - - name: node-builder-image - type: docker-image - source: - repository: ((node_builder_image_repository_url)) - - - name: notify-success - type: slack-notification - source: - url: ((slack_builds_webhook_url)) - - - name: notify-failure - type: slack-notification - source: - url: ((slack_engineering_webhook_url)) - -jobs: - - name: build - serial: true - plan: - - in_parallel: - - get: source - trigger: true - - get: node-builder-image - - put: status - params: - path: source - state: pending - context: "CI Pipeline" - description: "Running build..." - - task: build - image: node-builder-image - file: source/pipelines/shared/build/task.yaml - - on_success: - put: notify-success - params: - text: ((slack_success_message)) - channel: ((slack_success_channel)) - - on_failure: - do: - - put: status - params: - path: source - state: failure - context: "CI Pipeline" - description: "Build failed." - - put: notify-failure - params: - text: ((slack_failure_message)) - channel: ((slack_failure_channel)) - - on_error: - do: - - put: status - params: - path: source - state: failure - context: "CI Pipeline" - description: "Build errored." - - put: notify-failure - params: - text: ((slack_error_message)) - channel: ((slack_error_channel)) - - on_abort: - do: - - put: status - params: - path: source - state: failure - context: "CI Pipeline" - description: "Build aborted." - - put: notify-failure - params: - text: ((slack_abort_message)) - channel: ((slack_abort_channel)) - - - name: test - plan: - - in_parallel: - - get: source - trigger: true - passed: - - build - - get: node-builder-image - - task: test - image: node-builder-image - file: source/pipelines/shared/test/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((ci_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((ci_deployment_type)) - DEPLOYMENT_LABEL: ((ci_deployment_label)) - - on_success: - do: - - put: status - params: - path: source - state: success - context: "CI Pipeline" - description: "Pipeline succeeded." - - put: notify-success - params: - text: ((slack_success_message)) - channel: ((slack_success_channel)) - - on_failure: - do: - - put: status - params: - path: source - state: failure - context: "CI Pipeline" - description: "Test failed." - - put: notify-failure - params: - text: ((slack_failure_message)) - channel: ((slack_failure_channel)) - - on_error: - do: - - put: status - params: - path: source - state: failure - context: "CI Pipeline" - description: "Test errored." - - put: notify-failure - params: - text: ((slack_error_message)) - channel: ((slack_error_channel)) - - on_abort: - do: - - put: status - params: - path: source - state: failure - context: "CI Pipeline" - description: "Test aborted." - - put: notify-failure - params: - text: ((slack_abort_message)) - channel: ((slack_abort_channel)) diff --git a/pipelines/shared/build/task.sh b/pipelines/shared/build/task.sh deleted file mode 100755 index 31589dde..00000000 --- a/pipelines/shared/build/task.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -./go build diff --git a/pipelines/shared/build/task.yaml b/pipelines/shared/build/task.yaml deleted file mode 100644 index fc3f0096..00000000 --- a/pipelines/shared/build/task.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - -run: - dir: /source - path: ./pipelines/shared/build/task.sh diff --git a/pipelines/shared/coverage/task.sh b/pipelines/shared/coverage/task.sh deleted file mode 100755 index 530bfde6..00000000 --- a/pipelines/shared/coverage/task.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "${PROVISIONING_ROLE_ARN}" \ - --role-session-name CI \ - > build/session - -export AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -export AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -export AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export INCLUDE_COVERAGE="true" - -./go "test[${DEPLOYMENT_TYPE},${DEPLOYMENT_LABEL}]" -./go "tests:app:coverage:badge" - -git config --global user.email "ci@redeemeum.com" -git config --global user.name "Redeemeum CI" -git add . -git diff --staged --quiet || git commit -m "Update coverage badge [ci skip]" diff --git a/pipelines/shared/coverage/task.yaml b/pipelines/shared/coverage/task.yaml deleted file mode 100644 index 984bfab8..00000000 --- a/pipelines/shared/coverage/task.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - -outputs: - - name: source - -run: - dir: /source - path: ./pipelines/shared/coverage/task.sh diff --git a/pipelines/shared/test/task.sh b/pipelines/shared/test/task.sh deleted file mode 100755 index 730af29f..00000000 --- a/pipelines/shared/test/task.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "${PROVISIONING_ROLE_ARN}" \ - --role-session-name CI \ - > build/session - -export AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -export AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -export AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -./go "test[${DEPLOYMENT_TYPE},${DEPLOYMENT_LABEL}]" diff --git a/pipelines/shared/test/task.yaml b/pipelines/shared/test/task.yaml deleted file mode 100644 index 10068508..00000000 --- a/pipelines/shared/test/task.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - -run: - dir: /source - path: ./pipelines/shared/test/task.sh diff --git a/pipelines/tag/pipeline.yaml b/pipelines/tag/pipeline.yaml deleted file mode 100644 index 6a7ade41..00000000 --- a/pipelines/tag/pipeline.yaml +++ /dev/null @@ -1,377 +0,0 @@ -resource_types: - - name: slack-notification - type: docker-image - source: - repository: cfcommunity/slack-notification-resource - tag: latest - - - name: git-tag - type: docker-image - source: - repository: sarquella/concourse-git-tag-resource - -resources: - - name: source - type: git-tag - source: - uri: ((source_repository_url)) - tag_filter: v* - private_key: ((git_ssh_key)) - - - name: updated-source - type: git-tag - source: - uri: ((source_repository_url)) - tag_filter: v* - private_key: ((git_ssh_key)) - - - name: app-image - type: docker-image - source: - repository: ((app_image_repository_url)) - aws_access_key_id: ((aws_access_key_id)) - aws_secret_access_key: ((aws_secret_access_key)) - - - name: keepers-image - type: docker-image - source: - repository: ((keepers_image_repository_url)) - aws_access_key_id: ((aws_access_key_id)) - aws_secret_access_key: ((aws_secret_access_key)) - - - name: node-builder-image - type: docker-image - source: - repository: ((node_builder_image_repository_url)) - - - name: version - type: semver - source: - driver: s3 - initial_version: 0.1.0 - bucket: ((storage_bucket_name)) - key: reference-backend/metadata/tag/version - region_name: ((storage_bucket_region)) - server_side_encryption: ((storage_bucket_encryption)) - access_key_id: ((aws_access_key_id)) - secret_access_key: ((aws_secret_access_key)) - - - name: notify-success - type: slack-notification - source: - url: ((slack_builds_webhook_url)) - - - name: notify-failure - type: slack-notification - source: - url: ((slack_engineering_webhook_url)) - -groups: - - name: ci - jobs: - - build - - test - - provision-keepers-image-repository - - provision-image-repository - - publish-image - - publish-image-keepers - - name: production-oganesson - jobs: - - provision-production-oganesson-database - - provision-production-oganesson-image-storage-bucket - - provision-production-oganesson-service - - provision-production-oganesson-keepers-service - - provision-production-oganesson-functions - -jobs: - - name: build - serial: true - plan: - - in_parallel: - - get: source - trigger: true - - get: node-builder-image - - task: build - image: node-builder-image - file: source/pipelines/shared/build/task.yaml - - on_success: &on_success - put: notify-success - params: - text: ((slack_success_message)) - channel: ((slack_success_channel)) - - on_failure: &on_failure - put: notify-failure - params: - text: ((slack_failure_message)) - channel: ((slack_failure_channel)) - - on_error: &on_error - put: notify-failure - params: - text: ((slack_error_message)) - channel: ((slack_error_channel)) - - on_abort: &on_abort - put: notify-failure - params: - text: ((slack_abort_message)) - channel: ((slack_abort_channel)) - - - name: test - plan: - - in_parallel: - - get: source - trigger: true - passed: - - build - - get: updated-source - - get: node-builder-image - - task: test - image: node-builder-image - file: source/pipelines/shared/coverage/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((ci_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((ci_deployment_type)) - DEPLOYMENT_LABEL: ((ci_deployment_label)) - - put: updated-source - params: - repository: source - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: provision-keepers-image-repository - serial: true - plan: - - in_parallel: - - get: source - trigger: true - passed: - - test - - get: node-builder-image - - task: provision-keepers-image-repository - image: node-builder-image - file: source/pipelines/tag/provision-keepers-image-repository/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((ci_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((ci_deployment_type)) - DEPLOYMENT_LABEL: ((ci_deployment_label)) - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: provision-image-repository - serial: true - plan: - - in_parallel: - - get: source - trigger: true - passed: - - test - - get: node-builder-image - - task: provision-image-repository - image: node-builder-image - file: source/pipelines/tag/provision-image-repository/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((ci_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((ci_deployment_type)) - DEPLOYMENT_LABEL: ((ci_deployment_label)) - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: publish-image - plan: - - in_parallel: - - get: source - trigger: true - passed: - - provision-keepers-image-repository - - provision-image-repository - - put: version - params: - pre: rc - - get: node-builder-image - - task: publish-image - image: node-builder-image - file: source/pipelines/tag/publish-image/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((ci_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((ci_deployment_type)) - DEPLOYMENT_LABEL: ((ci_deployment_label)) - - put: app-image - params: - build: image-build-directory - cache: true - cache_tag: latest - tag: image-build-directory/TAG - tag_as_latest: true - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: publish-image-keepers - plan: - - in_parallel: - - get: source - trigger: true - passed: - - provision-keepers-image-repository - - provision-image-repository - - publish-image - - get: version - - get: node-builder-image - - task: publish-image-keepers - image: node-builder-image - file: source/pipelines/tag/publish-image-keepers/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((ci_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((ci_deployment_type)) - DEPLOYMENT_LABEL: ((ci_deployment_label)) - - put: keepers-image - params: - build: image-build-directory - cache: true - cache_tag: latest - tag: image-build-directory/TAG - tag_as_latest: true - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: provision-production-oganesson-database - serial: true - plan: - - in_parallel: - - get: source - trigger: true - passed: - - publish-image - - publish-image-keepers - - get: node-builder-image - - task: provision-database - image: node-builder-image - file: source/pipelines/tag/provision-database/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((production_oganesson_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((production_oganesson_deployment_type)) - DEPLOYMENT_LABEL: ((production_oganesson_deployment_label)) - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: provision-production-oganesson-image-storage-bucket - serial: true - plan: - - in_parallel: - - get: source - trigger: true - passed: - - provision-production-oganesson-database - - get: version - - get: node-builder-image - - task: provision-image-storage-bucket - image: node-builder-image - file: source/pipelines/tag/provision-image-storage-bucket/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((production_oganesson_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((production_oganesson_deployment_type)) - DEPLOYMENT_LABEL: ((production_oganesson_deployment_label)) - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: provision-production-oganesson-service - serial: true - plan: - - in_parallel: - - get: source - trigger: true - passed: - - provision-production-oganesson-image-storage-bucket - - get: version - - get: node-builder-image - - task: provision-service - image: node-builder-image - file: source/pipelines/tag/provision-service/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((production_oganesson_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((production_oganesson_deployment_type)) - DEPLOYMENT_LABEL: ((production_oganesson_deployment_label)) - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: provision-production-oganesson-keepers-service - serial: true - plan: - - in_parallel: - - get: source - trigger: true - passed: - - provision-production-oganesson-service - - get: version - - get: node-builder-image - - task: provision-keepers-service - image: node-builder-image - file: source/pipelines/tag/provision-keepers-service/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((production_oganesson_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((production_oganesson_deployment_type)) - DEPLOYMENT_LABEL: ((production_oganesson_deployment_label)) - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort - - - name: provision-production-oganesson-functions - serial: true - plan: - - in_parallel: - - get: source - trigger: true - passed: - - provision-production-oganesson-keepers-service - - get: version - - get: node-builder-image - - task: provision-functions - image: node-builder-image - file: source/pipelines/tag/provision-functions/task.yaml - params: - GPG_KEY: ((gpg_key)) - PROVISIONING_ROLE_ARN: ((production_oganesson_provisioning_role_arn)) - DEPLOYMENT_TYPE: ((production_oganesson_deployment_type)) - DEPLOYMENT_LABEL: ((production_oganesson_deployment_label)) - - on_success: *on_success - on_failure: *on_failure - on_error: *on_error - on_abort: *on_abort diff --git a/pipelines/tag/provision-database/task.sh b/pipelines/tag/provision-database/task.sh deleted file mode 100755 index a50db957..00000000 --- a/pipelines/tag/provision-database/task.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -./go "database:environment:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/tag/provision-database/task.yaml b/pipelines/tag/provision-database/task.yaml deleted file mode 100644 index df7970a2..00000000 --- a/pipelines/tag/provision-database/task.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -platform: linux - -inputs: - - name: source -run: - dir: /source - path: ./pipelines/tag/provision-database/task.sh diff --git a/pipelines/tag/provision-functions/task.sh b/pipelines/tag/provision-functions/task.sh deleted file mode 100755 index 5c5b1e55..00000000 --- a/pipelines/tag/provision-functions/task.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -./go "lambda:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/tag/provision-functions/task.yaml b/pipelines/tag/provision-functions/task.yaml deleted file mode 100644 index c270a36e..00000000 --- a/pipelines/tag/provision-functions/task.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -platform: linux - -inputs: - - name: source -run: - dir: /source - path: ./pipelines/tag/provision-functions/task.sh diff --git a/pipelines/tag/provision-image-repository/task.sh b/pipelines/tag/provision-image-repository/task.sh deleted file mode 100755 index b1be7856..00000000 --- a/pipelines/tag/provision-image-repository/task.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -./go "image_repository:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/tag/provision-image-repository/task.yaml b/pipelines/tag/provision-image-repository/task.yaml deleted file mode 100644 index a17a4f2d..00000000 --- a/pipelines/tag/provision-image-repository/task.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -platform: linux - -inputs: - - name: source -run: - dir: /source - path: ./pipelines/tag/provision-image-repository/task.sh diff --git a/pipelines/tag/provision-image-storage-bucket/task.sh b/pipelines/tag/provision-image-storage-bucket/task.sh deleted file mode 100755 index 7efb2732..00000000 --- a/pipelines/tag/provision-image-storage-bucket/task.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -./go "image_storage_bucket:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/tag/provision-image-storage-bucket/task.yaml b/pipelines/tag/provision-image-storage-bucket/task.yaml deleted file mode 100644 index 479a1c64..00000000 --- a/pipelines/tag/provision-image-storage-bucket/task.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - - name: version -run: - dir: /source - path: ./pipelines/tag/provision-image-storage-bucket/task.sh diff --git a/pipelines/tag/provision-keepers-image-repository/task.sh b/pipelines/tag/provision-keepers-image-repository/task.sh deleted file mode 100755 index 7062624b..00000000 --- a/pipelines/tag/provision-keepers-image-repository/task.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -./go "keepers_image_repository:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/tag/provision-keepers-image-repository/task.yaml b/pipelines/tag/provision-keepers-image-repository/task.yaml deleted file mode 100644 index 24720810..00000000 --- a/pipelines/tag/provision-keepers-image-repository/task.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -platform: linux - -inputs: - - name: source -run: - dir: /source - path: ./pipelines/tag/provision-keepers-image-repository/task.sh diff --git a/pipelines/tag/provision-keepers-service/task.sh b/pipelines/tag/provision-keepers-service/task.sh deleted file mode 100755 index 275312a8..00000000 --- a/pipelines/tag/provision-keepers-service/task.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" -ROOT_DIR="$( cd "$PROJECT_DIR/.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -export AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -export AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -export AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export GIT_SHA="$(git rev-parse --short HEAD)" - -mkdir -p "$PROJECT_DIR/build" -cp "$ROOT_DIR/version/version" "$PROJECT_DIR/build/version" - -./go "service_keepers:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/tag/provision-keepers-service/task.yaml b/pipelines/tag/provision-keepers-service/task.yaml deleted file mode 100644 index 9778ebe9..00000000 --- a/pipelines/tag/provision-keepers-service/task.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - - name: version -run: - dir: /source - path: ./pipelines/tag/provision-keepers-service/task.sh diff --git a/pipelines/tag/provision-service/task.sh b/pipelines/tag/provision-service/task.sh deleted file mode 100755 index c28428c4..00000000 --- a/pipelines/tag/provision-service/task.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" -ROOT_DIR="$( cd "$PROJECT_DIR/.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -export AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -export AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -export AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export GIT_SHA="$(git rev-parse --short HEAD)" - -mkdir -p "$PROJECT_DIR/build" -cp "$ROOT_DIR/version/version" "$PROJECT_DIR/build/version" - -./go "service:provision[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" diff --git a/pipelines/tag/provision-service/task.yaml b/pipelines/tag/provision-service/task.yaml deleted file mode 100644 index e3af9674..00000000 --- a/pipelines/tag/provision-service/task.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - - name: version -run: - dir: /source - path: ./pipelines/tag/provision-service/task.sh diff --git a/pipelines/tag/publish-image-keepers/task.sh b/pipelines/tag/publish-image-keepers/task.sh deleted file mode 100755 index d0ec6c8d..00000000 --- a/pipelines/tag/publish-image-keepers/task.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" -ROOT_DIR="$( cd "$PROJECT_DIR/.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -export GIT_SHA="$(git rev-parse --short HEAD)" - -cp "$ROOT_DIR/version/version" "$PROJECT_DIR/build/version" - -./go "image_keepers:prepare[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" - -cp -R "build/images/keepers"/* "$ROOT_DIR/image-build-directory/" diff --git a/pipelines/tag/publish-image-keepers/task.yaml b/pipelines/tag/publish-image-keepers/task.yaml deleted file mode 100644 index 59ed9854..00000000 --- a/pipelines/tag/publish-image-keepers/task.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - - name: version -outputs: - - name: image-build-directory -run: - dir: /source - path: ./pipelines/tag/publish-image-keepers/task.sh diff --git a/pipelines/tag/publish-image/task.sh b/pipelines/tag/publish-image/task.sh deleted file mode 100755 index d4b246d7..00000000 --- a/pipelines/tag/publish-image/task.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash - -[ -n "$TRACE" ] && set -x -set -e -set -o pipefail - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PROJECT_DIR="$( cd "$SCRIPT_DIR/../../.." && pwd )" -ROOT_DIR="$( cd "$PROJECT_DIR/.." && pwd )" - -cd "$PROJECT_DIR" - -echo "$GPG_KEY" | gpg --import - -git crypt unlock - -mkdir build -aws sts assume-role \ - --role-arn "$PROVISIONING_ROLE_ARN" \ - --role-session-name CI \ - > build/session - -AWS_ACCESS_KEY_ID="$(jq -M -r .Credentials.AccessKeyId build/session)" -AWS_SECRET_ACCESS_KEY="$(jq -M -r .Credentials.SecretAccessKey build/session)" -AWS_SESSION_TOKEN="$(jq -M -r .Credentials.SessionToken build/session)" - -export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN - -export GIT_SHA="$(git rev-parse --short HEAD)" - -cp "$ROOT_DIR/version/version" "$PROJECT_DIR/build/version" - -./go "image:prepare[$DEPLOYMENT_TYPE,$DEPLOYMENT_LABEL]" - -cp -R "build/images/reference-backend"/* "$ROOT_DIR/image-build-directory/" diff --git a/pipelines/tag/publish-image/task.yaml b/pipelines/tag/publish-image/task.yaml deleted file mode 100644 index b94cc567..00000000 --- a/pipelines/tag/publish-image/task.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -platform: linux - -inputs: - - name: source - - name: version -outputs: - - name: image-build-directory -run: - dir: /source - path: ./pipelines/tag/publish-image/task.sh diff --git a/state/bootstrap/bsn-demo-mendelevium.tfstate b/state/bootstrap/bsn-demo-mendelevium.tfstate deleted file mode 100644 index c7b9b374..00000000 --- a/state/bootstrap/bsn-demo-mendelevium.tfstate +++ /dev/null @@ -1,225 +0,0 @@ -{ - "version": 4, - "terraform_version": "0.15.4", - "serial": 3, - "lineage": "71d2f718-2aae-99a5-8641-9eff0d019205", - "outputs": { - "storage_bucket_name": { - "value": "bsn-reference-backend-bsn-demo-mendelevium", - "type": "string" - } - }, - "resources": [ - { - "mode": "data", - "type": "aws_caller_identity", - "name": "current", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "account_id": "384010198059", - "arn": "arn:aws:sts::384010198059:assumed-role/cross-account-admin-role/1623963485930141000", - "id": "384010198059", - "user_id": "AROAVS2GKTQV324VKJXHT:1623963485930141000" - }, - "sensitive_attributes": [] - } - ] - }, - { - "mode": "data", - "type": "template_file", - "name": "bucket_policy_template", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "108b0de813847ff9ece227a115c380b8bc04f68c90cc1ca9a313eea04fe51647", - "rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n ${deny_unencrypted_object_upload_fragment},\n ${deny_unencrypted_inflight_operations_fragment},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"384010198059\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::${bucket_name}\",\n \"arn:aws:s3:::${bucket_name}/*\"\n ]\n }\n ]\n}", - "template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n $${deny_unencrypted_object_upload_fragment},\n $${deny_unencrypted_inflight_operations_fragment},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": ${allowed_account_ids}\n },\n \"Resource\": [\n \"arn:aws:s3:::$${bucket_name}\",\n \"arn:aws:s3:::$${bucket_name}/*\"\n ]\n }\n ]\n}", - "vars": { - "allowed_account_ids": "[\"384010198059\"]" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "aws_iam_policy_document", - "name": "encrypted_bucket_policy_document", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "589805729", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"\n ],\n \"Principal\": \"*\",\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": [\n \"AES256\"\n ]\n }\n }\n },\n {\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\n \"s3:*\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"\n ],\n \"Principal\": \"*\",\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": [\n \"false\"\n ]\n }\n }\n },\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium\",\n \"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"\n ],\n \"Principal\": {\n \"AWS\": [\n \"384010198059\"\n ]\n }\n }\n ]\n}", - "override_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"384010198059\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium\",\n \"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"\n ]\n }\n ]\n}", - "override_policy_documents": null, - "policy_id": null, - "source_json": null, - "source_policy_documents": null, - "statement": null, - "version": "2012-10-17" - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "template_file", - "name": "deny_unencrypted_inflight_operations_fragment", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "325e4d711bf55ce8ba435ac8b7c4502bad8c1f3d7d4d4b88da1138e9fc9912f6", - "rendered": "{\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "template": "{\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::${bucket_name}/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "vars": { - "bucket_name": "bsn-reference-backend-bsn-demo-mendelevium" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "template_file", - "name": "deny_unencrypted_object_uploads_fragment", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "b5645c4979a618ef68cf22030eafa93bd5469eea88c590f0232c68f348530d1d", - "rendered": "{\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "template": "{\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::${bucket_name}/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "vars": { - "bucket_name": "bsn-reference-backend-bsn-demo-mendelevium" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "template_file", - "name": "encrypted_bucket_policy", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "697d2a6ce17cbfb9c24186cebf53e57ec62026cf317cdeda47a76f410d53d1cf", - "rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"384010198059\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium\",\n \"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"\n ]\n }\n ]\n}", - "template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n ${deny_unencrypted_object_upload_fragment},\n ${deny_unencrypted_inflight_operations_fragment},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"384010198059\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::${bucket_name}\",\n \"arn:aws:s3:::${bucket_name}/*\"\n ]\n }\n ]\n}", - "vars": { - "bucket_name": "bsn-reference-backend-bsn-demo-mendelevium", - "deny_unencrypted_inflight_operations_fragment": "{\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "deny_unencrypted_object_upload_fragment": "{\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n}" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "managed", - "type": "aws_s3_bucket", - "name": "encrypted_bucket", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "acceleration_status": "", - "acl": "private", - "arn": "arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium", - "bucket": "bsn-reference-backend-bsn-demo-mendelevium", - "bucket_domain_name": "bsn-reference-backend-bsn-demo-mendelevium.s3.amazonaws.com", - "bucket_prefix": null, - "bucket_regional_domain_name": "bsn-reference-backend-bsn-demo-mendelevium.s3.eu-west-2.amazonaws.com", - "cors_rule": [], - "force_destroy": false, - "grant": [], - "hosted_zone_id": "Z3GKZC51ZF0DB4", - "id": "bsn-reference-backend-bsn-demo-mendelevium", - "lifecycle_rule": [], - "logging": [], - "object_lock_configuration": [], - "policy": null, - "region": "eu-west-2", - "replication_configuration": [], - "request_payer": "BucketOwner", - "server_side_encryption_configuration": [], - "tags": { - "DeploymentIdentifier": "bsn-demo-mendelevium", - "DeploymentLabel": "mendelevium", - "DeploymentType": "bsn-demo", - "Name": "bsn-reference-backend-bsn-demo-mendelevium" - }, - "tags_all": { - "DeploymentIdentifier": "bsn-demo-mendelevium", - "DeploymentLabel": "mendelevium", - "DeploymentType": "bsn-demo", - "Name": "bsn-reference-backend-bsn-demo-mendelevium" - }, - "versioning": [ - { - "enabled": true, - "mfa_delete": false - } - ], - "website": [], - "website_domain": null, - "website_endpoint": null - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "managed", - "type": "aws_s3_bucket_policy", - "name": "encrypted_bucket", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "bucket": "bsn-reference-backend-bsn-demo-mendelevium", - "id": "bsn-reference-backend-bsn-demo-mendelevium", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"\n ],\n \"Principal\": \"*\",\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": [\n \"AES256\"\n ]\n }\n }\n },\n {\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\n \"s3:*\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"\n ],\n \"Principal\": \"*\",\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": [\n \"false\"\n ]\n }\n }\n },\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium\",\n \"arn:aws:s3:::bsn-reference-backend-bsn-demo-mendelevium/*\"\n ],\n \"Principal\": {\n \"AWS\": [\n \"384010198059\"\n ]\n }\n }\n ]\n}" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "module.storage_bucket.aws_s3_bucket.encrypted_bucket", - "module.storage_bucket.data.aws_iam_policy_document.encrypted_bucket_policy_document" - ] - } - ] - } - ] -} diff --git a/state/bootstrap/bsn-development-plutonium.tfstate b/state/bootstrap/bsn-development-plutonium.tfstate deleted file mode 100644 index 3bdc7207..00000000 --- a/state/bootstrap/bsn-development-plutonium.tfstate +++ /dev/null @@ -1,201 +0,0 @@ -{ - "version": 4, - "terraform_version": "0.14.11", - "serial": 3, - "lineage": "3249ecf7-dd9f-920f-3dad-76cf395aff6b", - "outputs": { - "storage_bucket_name": { - "value": "bsn-reference-backend-bsn-development-plutonium", - "type": "string" - } - }, - "resources": [ - { - "mode": "data", - "type": "aws_caller_identity", - "name": "current", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "account_id": "384010198059", - "arn": "arn:aws:sts::384010198059:assumed-role/cross-account-admin-role/1620303543574032000", - "id": "384010198059", - "user_id": "AROAVS2GKTQV324VKJXHT:1620303543574032000" - }, - "sensitive_attributes": [] - } - ] - }, - { - "mode": "data", - "type": "template_file", - "name": "bucket_policy_template", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "108b0de813847ff9ece227a115c380b8bc04f68c90cc1ca9a313eea04fe51647", - "rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n ${deny_unencrypted_object_upload_fragment},\n ${deny_unencrypted_inflight_operations_fragment},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"384010198059\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::${bucket_name}\",\n \"arn:aws:s3:::${bucket_name}/*\"\n ]\n }\n ]\n}", - "template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n $${deny_unencrypted_object_upload_fragment},\n $${deny_unencrypted_inflight_operations_fragment},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": ${allowed_account_ids}\n },\n \"Resource\": [\n \"arn:aws:s3:::$${bucket_name}\",\n \"arn:aws:s3:::$${bucket_name}/*\"\n ]\n }\n ]\n}", - "vars": { - "allowed_account_ids": "[\"384010198059\"]" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "template_file", - "name": "deny_unencrypted_inflight_operations_fragment", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "8cb9e9fa0d3584552ab1b25b8ef81ee01f0a665f8321c1a92757a54f5500a80d", - "rendered": "{\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-development-plutonium/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "template": "{\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::${bucket_name}/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "vars": { - "bucket_name": "bsn-reference-backend-bsn-development-plutonium" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "template_file", - "name": "deny_unencrypted_object_uploads_fragment", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "c7b2f9fc56462a4778d0391e67bbeed96326f542bc78c08defd206a69591cc4c", - "rendered": "{\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-development-plutonium/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "template": "{\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::${bucket_name}/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "vars": { - "bucket_name": "bsn-reference-backend-bsn-development-plutonium" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "template_file", - "name": "encrypted_bucket_policy", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "524d2f95c4af6949803de8b52ad6bdc18ad07ecc0d96f3807feb3cc0805aa94a", - "rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-development-plutonium/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-development-plutonium/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"384010198059\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-development-plutonium\",\n \"arn:aws:s3:::bsn-reference-backend-bsn-development-plutonium/*\"\n ]\n }\n ]\n}", - "template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n ${deny_unencrypted_object_upload_fragment},\n ${deny_unencrypted_inflight_operations_fragment},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"384010198059\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::${bucket_name}\",\n \"arn:aws:s3:::${bucket_name}/*\"\n ]\n }\n ]\n}", - "vars": { - "bucket_name": "bsn-reference-backend-bsn-development-plutonium", - "deny_unencrypted_inflight_operations_fragment": "{\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-development-plutonium/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "deny_unencrypted_object_upload_fragment": "{\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-development-plutonium/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n}" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "managed", - "type": "aws_s3_bucket", - "name": "encrypted_bucket", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "acceleration_status": "", - "acl": "private", - "arn": "arn:aws:s3:::bsn-reference-backend-bsn-development-plutonium", - "bucket": "bsn-reference-backend-bsn-development-plutonium", - "bucket_domain_name": "bsn-reference-backend-bsn-development-plutonium.s3.amazonaws.com", - "bucket_prefix": null, - "bucket_regional_domain_name": "bsn-reference-backend-bsn-development-plutonium.s3.eu-west-2.amazonaws.com", - "cors_rule": [], - "force_destroy": false, - "grant": [], - "hosted_zone_id": "Z3GKZC51ZF0DB4", - "id": "bsn-reference-backend-bsn-development-plutonium", - "lifecycle_rule": [], - "logging": [], - "object_lock_configuration": [], - "policy": null, - "region": "eu-west-2", - "replication_configuration": [], - "request_payer": "BucketOwner", - "server_side_encryption_configuration": [], - "tags": { - "DeploymentIdentifier": "bsn-development-plutonium", - "DeploymentLabel": "plutonium", - "DeploymentType": "bsn-development", - "Name": "bsn-reference-backend-bsn-development-plutonium" - }, - "tags_all": { - "DeploymentIdentifier": "bsn-development-plutonium", - "DeploymentLabel": "plutonium", - "DeploymentType": "bsn-development", - "Name": "bsn-reference-backend-bsn-development-plutonium" - }, - "versioning": [ - { - "enabled": true, - "mfa_delete": false - } - ], - "website": [], - "website_domain": null, - "website_endpoint": null - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "managed", - "type": "aws_s3_bucket_policy", - "name": "encrypted_bucket", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "bucket": "bsn-reference-backend-bsn-development-plutonium", - "id": "bsn-reference-backend-bsn-development-plutonium", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-development-plutonium/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-development-plutonium/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"384010198059\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-development-plutonium\",\n \"arn:aws:s3:::bsn-reference-backend-bsn-development-plutonium/*\"\n ]\n }\n ]\n}" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "module.storage_bucket.aws_s3_bucket.encrypted_bucket", - "module.storage_bucket.data.template_file.encrypted_bucket_policy" - ] - } - ] - } - ] -} diff --git a/state/bootstrap/bsn-production-oganesson.tfstate b/state/bootstrap/bsn-production-oganesson.tfstate deleted file mode 100644 index 88f23da2..00000000 --- a/state/bootstrap/bsn-production-oganesson.tfstate +++ /dev/null @@ -1,225 +0,0 @@ -{ - "version": 4, - "terraform_version": "0.15.4", - "serial": 20, - "lineage": "39ebb09a-624a-613f-e210-afa6a2d7b055", - "outputs": { - "storage_bucket_name": { - "value": "bsn-reference-backend-bsn-production-oganesson", - "type": "string" - } - }, - "resources": [ - { - "mode": "data", - "type": "aws_caller_identity", - "name": "current", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "account_id": "371854298993", - "arn": "arn:aws:sts::371854298993:assumed-role/cross-account-admin-role/1626182315391485000", - "id": "371854298993", - "user_id": "AROAVNFB6J5YYTJHEDVMW:1626182315391485000" - }, - "sensitive_attributes": [] - } - ] - }, - { - "mode": "data", - "type": "template_file", - "name": "bucket_policy_template", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "8dbf8c224a07e1e86314a9d4ff9da447c0475cbb5d4541c5da5da854d13fcc90", - "rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n ${deny_unencrypted_object_upload_fragment},\n ${deny_unencrypted_inflight_operations_fragment},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"371854298993\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::${bucket_name}\",\n \"arn:aws:s3:::${bucket_name}/*\"\n ]\n }\n ]\n}", - "template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n $${deny_unencrypted_object_upload_fragment},\n $${deny_unencrypted_inflight_operations_fragment},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": ${allowed_account_ids}\n },\n \"Resource\": [\n \"arn:aws:s3:::$${bucket_name}\",\n \"arn:aws:s3:::$${bucket_name}/*\"\n ]\n }\n ]\n}", - "vars": { - "allowed_account_ids": "[\"371854298993\"]" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "aws_iam_policy_document", - "name": "encrypted_bucket_policy_document", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "660376941", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"\n ],\n \"Principal\": \"*\",\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": [\n \"AES256\"\n ]\n }\n }\n },\n {\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\n \"s3:*\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"\n ],\n \"Principal\": \"*\",\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": [\n \"false\"\n ]\n }\n }\n },\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson\",\n \"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"\n ],\n \"Principal\": {\n \"AWS\": [\n \"371854298993\"\n ]\n }\n }\n ]\n}", - "override_json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"371854298993\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson\",\n \"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"\n ]\n }\n ]\n}", - "override_policy_documents": null, - "policy_id": null, - "source_json": null, - "source_policy_documents": null, - "statement": null, - "version": "2012-10-17" - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "template_file", - "name": "deny_unencrypted_inflight_operations_fragment", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "d54313351417b65af622cd30548bcf485c6c998dbcc7a4e27cb38eda722d0b99", - "rendered": "{\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "template": "{\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::${bucket_name}/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "vars": { - "bucket_name": "bsn-reference-backend-bsn-production-oganesson" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "template_file", - "name": "deny_unencrypted_object_uploads_fragment", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "64b5682ec316d73f6bb9101337ea88e510bf74a9683abfa0d3f5fefa1280957f", - "rendered": "{\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "template": "{\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::${bucket_name}/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "vars": { - "bucket_name": "bsn-reference-backend-bsn-production-oganesson" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "template_file", - "name": "encrypted_bucket_policy", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "30977d174b013d8ca1f155126b4bae742b0e29a0290da7846517759f2bb8a38c", - "rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"371854298993\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson\",\n \"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"\n ]\n }\n ]\n}", - "template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n ${deny_unencrypted_object_upload_fragment},\n ${deny_unencrypted_inflight_operations_fragment},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"371854298993\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::${bucket_name}\",\n \"arn:aws:s3:::${bucket_name}/*\"\n ]\n }\n ]\n}", - "vars": { - "bucket_name": "bsn-reference-backend-bsn-production-oganesson", - "deny_unencrypted_inflight_operations_fragment": "{\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "deny_unencrypted_object_upload_fragment": "{\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n}" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "managed", - "type": "aws_s3_bucket", - "name": "encrypted_bucket", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "acceleration_status": "", - "acl": "private", - "arn": "arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson", - "bucket": "bsn-reference-backend-bsn-production-oganesson", - "bucket_domain_name": "bsn-reference-backend-bsn-production-oganesson.s3.amazonaws.com", - "bucket_prefix": null, - "bucket_regional_domain_name": "bsn-reference-backend-bsn-production-oganesson.s3.eu-west-2.amazonaws.com", - "cors_rule": [], - "force_destroy": false, - "grant": [], - "hosted_zone_id": "Z3GKZC51ZF0DB4", - "id": "bsn-reference-backend-bsn-production-oganesson", - "lifecycle_rule": [], - "logging": [], - "object_lock_configuration": [], - "policy": null, - "region": "eu-west-2", - "replication_configuration": [], - "request_payer": "BucketOwner", - "server_side_encryption_configuration": [], - "tags": { - "DeploymentIdentifier": "bsn-production-oganesson", - "DeploymentLabel": "oganesson", - "DeploymentType": "bsn-production", - "Name": "bsn-reference-backend-bsn-production-oganesson" - }, - "tags_all": { - "DeploymentIdentifier": "bsn-production-oganesson", - "DeploymentLabel": "oganesson", - "DeploymentType": "bsn-production", - "Name": "bsn-reference-backend-bsn-production-oganesson" - }, - "versioning": [ - { - "enabled": true, - "mfa_delete": false - } - ], - "website": [], - "website_domain": null, - "website_endpoint": null - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "managed", - "type": "aws_s3_bucket_policy", - "name": "encrypted_bucket", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "bucket": "bsn-reference-backend-bsn-production-oganesson", - "id": "bsn-reference-backend-bsn-production-oganesson", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"\n ],\n \"Principal\": \"*\",\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": [\n \"AES256\"\n ]\n }\n }\n },\n {\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\n \"s3:*\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"\n ],\n \"Principal\": \"*\",\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": [\n \"false\"\n ]\n }\n }\n },\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson\",\n \"arn:aws:s3:::bsn-reference-backend-bsn-production-oganesson/*\"\n ],\n \"Principal\": {\n \"AWS\": [\n \"371854298993\"\n ]\n }\n }\n ]\n}" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "module.storage_bucket.aws_s3_bucket.encrypted_bucket", - "module.storage_bucket.data.aws_iam_policy_document.encrypted_bucket_policy_document" - ] - } - ] - } - ] -} diff --git a/state/bootstrap/rdm-management-default.tfstate b/state/bootstrap/rdm-management-default.tfstate deleted file mode 100644 index 840a06de..00000000 --- a/state/bootstrap/rdm-management-default.tfstate +++ /dev/null @@ -1,195 +0,0 @@ -{ - "version": 4, - "terraform_version": "0.14.7", - "serial": 5, - "lineage": "7671df3c-17aa-8490-a234-ad856612da8c", - "outputs": { - "storage_bucket_name": { - "value": "bsn-reference-backend-rdm-management-default", - "type": "string" - } - }, - "resources": [ - { - "mode": "data", - "type": "aws_caller_identity", - "name": "current", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "account_id": "031036423983", - "arn": "arn:aws:sts::031036423983:assumed-role/cross-account-admin-role/1619028282270591000", - "id": "031036423983", - "user_id": "AROAQOOPKH4XR52AY76HB:1619028282270591000" - }, - "sensitive_attributes": [] - } - ] - }, - { - "mode": "data", - "type": "template_file", - "name": "bucket_policy_template", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "0cf2a8e56151f1b60471b1e015ebe47bfa2c3c7db2de6914db77220528529cd9", - "rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n ${deny_unencrypted_object_upload_fragment},\n ${deny_unencrypted_inflight_operations_fragment},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"031036423983\",\"384010198059\",\"371854298993\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::${bucket_name}\",\n \"arn:aws:s3:::${bucket_name}/*\"\n ]\n }\n ]\n}", - "template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n $${deny_unencrypted_object_upload_fragment},\n $${deny_unencrypted_inflight_operations_fragment},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": ${allowed_account_ids}\n },\n \"Resource\": [\n \"arn:aws:s3:::$${bucket_name}\",\n \"arn:aws:s3:::$${bucket_name}/*\"\n ]\n }\n ]\n}", - "vars": { - "allowed_account_ids": "[\"031036423983\",\"384010198059\",\"371854298993\"]" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "template_file", - "name": "deny_unencrypted_inflight_operations_fragment", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "8f2229740b3b878a3f86e19ee16c7626f034789cef39c0f395ea015fcc721b6d", - "rendered": "{\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "template": "{\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::${bucket_name}/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "vars": { - "bucket_name": "bsn-reference-backend-rdm-management-default" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "template_file", - "name": "deny_unencrypted_object_uploads_fragment", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "085690f69d273dd404916d305b4012f4c407909ceecee63b9fba08a7233fa594", - "rendered": "{\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "template": "{\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::${bucket_name}/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "vars": { - "bucket_name": "bsn-reference-backend-rdm-management-default" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "template_file", - "name": "encrypted_bucket_policy", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "3142c89cf1a1d0bbdf3dd04dc9a10667b21611e36bceb1a38ba7e5ecf412e679", - "rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"031036423983\",\"384010198059\",\"371854298993\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-rdm-management-default\",\n \"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"\n ]\n }\n ]\n}", - "template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n ${deny_unencrypted_object_upload_fragment},\n ${deny_unencrypted_inflight_operations_fragment},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"031036423983\",\"384010198059\",\"371854298993\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::${bucket_name}\",\n \"arn:aws:s3:::${bucket_name}/*\"\n ]\n }\n ]\n}", - "vars": { - "bucket_name": "bsn-reference-backend-rdm-management-default", - "deny_unencrypted_inflight_operations_fragment": "{\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "deny_unencrypted_object_upload_fragment": "{\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n}" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "managed", - "type": "aws_s3_bucket", - "name": "encrypted_bucket", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "acceleration_status": "", - "acl": "private", - "arn": "arn:aws:s3:::bsn-reference-backend-rdm-management-default", - "bucket": "bsn-reference-backend-rdm-management-default", - "bucket_domain_name": "bsn-reference-backend-rdm-management-default.s3.amazonaws.com", - "bucket_prefix": null, - "bucket_regional_domain_name": "bsn-reference-backend-rdm-management-default.s3.eu-west-2.amazonaws.com", - "cors_rule": [], - "force_destroy": false, - "grant": [], - "hosted_zone_id": "Z3GKZC51ZF0DB4", - "id": "bsn-reference-backend-rdm-management-default", - "lifecycle_rule": [], - "logging": [], - "object_lock_configuration": [], - "policy": null, - "region": "eu-west-2", - "replication_configuration": [], - "request_payer": "BucketOwner", - "server_side_encryption_configuration": [], - "tags": { - "DeploymentIdentifier": "rdm-management-default", - "DeploymentLabel": "default", - "DeploymentType": "rdm-management", - "Name": "bsn-reference-backend-rdm-management-default" - }, - "versioning": [ - { - "enabled": true, - "mfa_delete": false - } - ], - "website": [], - "website_domain": null, - "website_endpoint": null - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "managed", - "type": "aws_s3_bucket_policy", - "name": "encrypted_bucket", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "bucket": "bsn-reference-backend-rdm-management-default", - "id": "bsn-reference-backend-rdm-management-default", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"AllowCrossAccountAccess\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Principal\": {\n \"AWS\": [\"031036423983\",\"384010198059\",\"371854298993\"]\n },\n \"Resource\": [\n \"arn:aws:s3:::bsn-reference-backend-rdm-management-default\",\n \"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"\n ]\n }\n ]\n}" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "module.storage_bucket.aws_s3_bucket.encrypted_bucket", - "module.storage_bucket.data.template_file.encrypted_bucket_policy" - ] - } - ] - } - ] -} diff --git a/state/bootstrap/rdm-management-default.tfstate.backup b/state/bootstrap/rdm-management-default.tfstate.backup deleted file mode 100644 index ce8e042a..00000000 --- a/state/bootstrap/rdm-management-default.tfstate.backup +++ /dev/null @@ -1,156 +0,0 @@ -{ - "version": 4, - "terraform_version": "0.14.7", - "serial": 3, - "lineage": "7671df3c-17aa-8490-a234-ad856612da8c", - "outputs": { - "storage_bucket_name": { - "value": "bsn-reference-backend-rdm-management-default", - "type": "string" - } - }, - "resources": [ - { - "module": "module.storage_bucket", - "mode": "data", - "type": "template_file", - "name": "deny_unencrypted_inflight_operations_fragment", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "8f2229740b3b878a3f86e19ee16c7626f034789cef39c0f395ea015fcc721b6d", - "rendered": "{\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "template": "{\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::${bucket_name}/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "vars": { - "bucket_name": "bsn-reference-backend-rdm-management-default" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "template_file", - "name": "deny_unencrypted_object_uploads_fragment", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "085690f69d273dd404916d305b4012f4c407909ceecee63b9fba08a7233fa594", - "rendered": "{\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "template": "{\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::${bucket_name}/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "vars": { - "bucket_name": "bsn-reference-backend-rdm-management-default" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "data", - "type": "template_file", - "name": "encrypted_bucket_policy", - "provider": "provider[\"registry.terraform.io/hashicorp/template\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "filename": null, - "id": "b4957ff366d63181aee465dc916bc11afc77113830421a77121edf0b10c4c5e8", - "rendered": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}\n ]\n}", - "template": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n ${deny_unencrypted_object_upload_fragment},\n ${deny_unencrypted_inflight_operations_fragment}\n ]\n}", - "vars": { - "bucket_name": "bsn-reference-backend-rdm-management-default", - "deny_unencrypted_inflight_operations_fragment": "{\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}", - "deny_unencrypted_object_upload_fragment": "{\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n}" - } - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "managed", - "type": "aws_s3_bucket", - "name": "encrypted_bucket", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "acceleration_status": "", - "acl": "private", - "arn": "arn:aws:s3:::bsn-reference-backend-rdm-management-default", - "bucket": "bsn-reference-backend-rdm-management-default", - "bucket_domain_name": "bsn-reference-backend-rdm-management-default.s3.amazonaws.com", - "bucket_prefix": null, - "bucket_regional_domain_name": "bsn-reference-backend-rdm-management-default.s3.eu-west-2.amazonaws.com", - "cors_rule": [], - "force_destroy": false, - "grant": [], - "hosted_zone_id": "Z3GKZC51ZF0DB4", - "id": "bsn-reference-backend-rdm-management-default", - "lifecycle_rule": [], - "logging": [], - "object_lock_configuration": [], - "policy": null, - "region": "eu-west-2", - "replication_configuration": [], - "request_payer": "BucketOwner", - "server_side_encryption_configuration": [], - "tags": { - "DeploymentIdentifier": "rdm-management-default", - "DeploymentLabel": "default", - "DeploymentType": "rdm-management", - "Name": "bsn-reference-backend-rdm-management-default" - }, - "versioning": [ - { - "enabled": true, - "mfa_delete": false - } - ], - "website": [], - "website_domain": null, - "website_endpoint": null - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - } - ] - }, - { - "module": "module.storage_bucket", - "mode": "managed", - "type": "aws_s3_bucket_policy", - "name": "encrypted_bucket", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "bucket": "bsn-reference-backend-rdm-management-default", - "id": "bsn-reference-backend-rdm-management-default", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"DenyUnEncryptedObjectUploads\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:PutObject\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"StringNotEquals\": {\n \"s3:x-amz-server-side-encryption\": \"AES256\"\n }\n },\n\n \"Principal\": \"*\"\n},\n {\n \"Sid\": \"DenyUnEncryptedInflightOperations\",\n \"Effect\": \"Deny\",\n \"Action\": [\"s3:*\"],\n \"Resource\": [\"arn:aws:s3:::bsn-reference-backend-rdm-management-default/*\"],\n\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"false\"\n }\n },\n\n \"Principal\": \"*\"\n}\n ]\n}" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "module.storage_bucket.aws_s3_bucket.encrypted_bucket", - "module.storage_bucket.data.template_file.encrypted_bucket_policy" - ] - } - ] - } - ] -} diff --git a/terraform/database/.terraform.lock.hcl b/terraform/database/.terraform.lock.hcl new file mode 100644 index 00000000..f35e5a0e --- /dev/null +++ b/terraform/database/.terraform.lock.hcl @@ -0,0 +1,58 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "3.70.0" + constraints = "~> 3.29" + hashes = [ + "h1:E5IKHXzPGGSizZM5rHKzNCzpwQ7lWPXmmJnms82uzDk=", + "zh:0af710e528e21b930899f0ac295b0ceef8ad7b623dd8f38e92c8ec4bc7af0321", + "zh:4cabcd4519c0aae474d91ae67a8e3a4a8c39c3945c289a9cf7c1409f64409abe", + "zh:58da1a436facb4e4f95cd2870d211ed7bcb8cf721a4a61970aa8da191665f2aa", + "zh:6465339475c1cd3c16a5c8fee61304dcad2c4a27740687d29c6cdc90d2e6423d", + "zh:7a821ed053c355d70ebe33185590953fa5c364c1f3d66fe3f9b4aba3961646b1", + "zh:7c3656cc9cc1739dcb298e7930c9a76ccfce738d2070841d7e6c62fbdae74eef", + "zh:9d9da9e3c60a0c977e156da8590f36a219ae91994bb3df5a1208de2ab3ceeba7", + "zh:a3138817c86bf3e4dca7fd3a92e099cd1bf1d45ee7c7cc9e9773ba04fc3b315a", + "zh:a8603044e935dfb3cb9319a46d26276162c6aea75e02c4827232f9c6029a3182", + "zh:aef9482332bf43d0b73317f5909dec9e95b983c67b10d72e75eacc7c4f37d084", + "zh:fc3f3cad84f2eebe566dd0b65904c934093007323b9b85e73d9dd4535ceeb29d", + ] +} + +provider "registry.terraform.io/hashicorp/template" { + version = "2.2.0" + constraints = "~> 2.2.0" + hashes = [ + "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=", + "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386", + "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53", + "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603", + "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16", + "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776", + "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451", + "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae", + "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde", + "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d", + "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", + ] +} + +provider "registry.terraform.io/mongodb/mongodbatlas" { + version = "0.8.2" + constraints = "~> 0.8, 0.8.2" + hashes = [ + "h1:ry6CGqesidcJXaWDeLtqjVMxOZ5bqqLOvOtQhLDriSs=", + "zh:17705b49166fc296aef7300534a5c964ea8d4f6cb6616bcb8e7d3186cd1cae50", + "zh:39b8fdcf3262f7b2faffa41b0aed2ffdcf5ed47b985429c7bb764945f9873637", + "zh:3d4dbbb6be68dfea4f84172d0db9fc52dbda6025ed424ea249fb1317968b28ac", + "zh:525ae17dc4c2607c4ee596450fba58f5101635b05a93de2cdcb2e550b6c46abc", + "zh:71759a108c1499b9538ae4d54faaf66077adce90b031fc1051f484118418e6c7", + "zh:7a42549360c6cfb4a4f8986c9e59f8533750de964f31d4bea09e758da460b994", + "zh:8869872ea9bedb5a2b46637d62aaed8c886dce4579133a6f84043f540aa927cd", + "zh:aa3b2f8c64c9a28e96e1d23c0b21092fa0c21fbbe6d56b7f92a7d40e7d4696b7", + "zh:e7c85f9baeb2fb234721b2b4fba4a9620af7a5bc138f2d6c9682178b6b24ba72", + "zh:fa0c84bfea33a7726ed29574e58a9666cf8a9e5882b9aabd0f1899965a0c4b18", + "zh:fd9b995f95e58391d592cfce078f98b5657dd58452f5d049ebd1be562314ed36", + ] +} diff --git a/infra/database/cluster.tf b/terraform/database/cluster.tf similarity index 67% rename from infra/database/cluster.tf rename to terraform/database/cluster.tf index 9c2aec99..e73f9f67 100644 --- a/infra/database/cluster.tf +++ b/terraform/database/cluster.tf @@ -10,16 +10,16 @@ module "cluster" { mongo_db_major_version = var.database_version cloud_provider = { - name = "AWS" - region_name = replace(upper(var.region), "-", "_") + name = "AWS" + region_name = replace(upper(var.region), "-", "_") instance_size_name = var.database_instance_size_name - disk_iops = null - volume_type = null - backup_enabled = true + disk_iops = null + volume_type = null + backup_enabled = true auto_scaling = { compute = { - min_instance_size: null - max_instance_size: null + min_instance_size : null + max_instance_size : null } } } @@ -30,8 +30,8 @@ module "cluster" { password = var.database_service_user_password roles = [ { - role_name = "readWriteAnyDatabase" - database_name = "admin" + role_name = "readWriteAnyDatabase" + database_name = "admin" collection_name = null } ] @@ -42,8 +42,8 @@ module "cluster" { password = var.database_read_only_user_password roles = [ { - role_name = "readAnyDatabase" - database_name = "admin" + role_name = "readAnyDatabase" + database_name = "admin" collection_name = null } ] diff --git a/infra/database/endpoint.tf b/terraform/database/endpoint.tf similarity index 68% rename from infra/database/endpoint.tf rename to terraform/database/endpoint.tf index ed2bec9a..734111d5 100644 --- a/infra/database/endpoint.tf +++ b/terraform/database/endpoint.tf @@ -6,8 +6,8 @@ module "aws-private-endpoint" { deployment_identifier = var.deployment_identifier region = var.region - vpc_id = data.terraform_remote_state.network.outputs.vpc_id - subnet_ids = data.terraform_remote_state.network.outputs.private_subnet_ids + vpc_id = var.vpc_id + subnet_ids = var.private_subnet_ids project_id = module.project.project_id diff --git a/infra/database/outputs.tf b/terraform/database/outputs.tf similarity index 100% rename from infra/database/outputs.tf rename to terraform/database/outputs.tf diff --git a/infra/database/project.tf b/terraform/database/project.tf similarity index 83% rename from infra/database/project.tf rename to terraform/database/project.tf index f51a78d5..c98a3405 100644 --- a/infra/database/project.tf +++ b/terraform/database/project.tf @@ -2,7 +2,7 @@ module "project" { source = "infrablocks/project/mongodbatlas" version = "1.0.0" - component = var.component + component = var.component deployment_identifier = var.deployment_identifier organization_id = var.mongodb_atlas_organization_id diff --git a/infra/database/providers.tf b/terraform/database/providers.tf similarity index 72% rename from infra/database/providers.tf rename to terraform/database/providers.tf index 19d0a693..e2270d16 100644 --- a/infra/database/providers.tf +++ b/terraform/database/providers.tf @@ -3,6 +3,6 @@ provider "aws" { } provider "mongodbatlas" { - public_key = var.mongodb_atlas_public_key + public_key = var.mongodb_atlas_public_key private_key = var.mongodb_atlas_private_key } diff --git a/infra/database/terraform.tf b/terraform/database/terraform.tf similarity index 84% rename from infra/database/terraform.tf rename to terraform/database/terraform.tf index 8907a147..e239d3a8 100644 --- a/infra/database/terraform.tf +++ b/terraform/database/terraform.tf @@ -3,10 +3,10 @@ terraform { required_providers { mongodbatlas = { - source = "mongodb/mongodbatlas" + source = "mongodb/mongodbatlas" version = "0.8.2" } - aws = { + aws = { source = "hashicorp/aws" version = "~> 3.29" } diff --git a/infra/database/variables.tf b/terraform/database/variables.tf similarity index 76% rename from infra/database/variables.tf rename to terraform/database/variables.tf index 21901ef1..169b17f8 100644 --- a/infra/database/variables.tf +++ b/terraform/database/variables.tf @@ -17,7 +17,7 @@ variable "mongodb_atlas_organization_id" {} variable "mongodb_atlas_public_key" {} variable "mongodb_atlas_private_key" {} -variable "network_state_bucket_name" {} -variable "network_state_key" {} -variable "network_state_bucket_region" {} -variable "network_state_bucket_is_encrypted" {} +variable "vpc_id" {} +variable "private_subnet_ids" { + type = list(string) +} \ No newline at end of file diff --git a/terraform/functions/.terraform.lock.hcl b/terraform/functions/.terraform.lock.hcl new file mode 100644 index 00000000..63a0aaf0 --- /dev/null +++ b/terraform/functions/.terraform.lock.hcl @@ -0,0 +1,75 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/archive" { + version = "2.2.0" + hashes = [ + "h1:CIWi5G6ob7p2wWoThRQbOB8AbmFlCzp7Ka81hR3cVp0=", + "zh:06bd875932288f235c16e2237142b493c2c2b6aba0e82e8c85068332a8d2a29e", + "zh:0c681b481372afcaefddacc7ccdf1d3bb3a0c0d4678a526bc8b02d0c331479bc", + "zh:100fc5b3fc01ea463533d7bbfb01cb7113947a969a4ec12e27f5b2be49884d6c", + "zh:55c0d7ddddbd0a46d57c51fcfa9b91f14eed081a45101dbfc7fd9d2278aa1403", + "zh:73a5dd68379119167934c48afa1101b09abad2deb436cd5c446733e705869d6b", + "zh:841fc4ac6dc3479981330974d44ad2341deada8a5ff9e3b1b4510702dfbdbed9", + "zh:91be62c9b41edb137f7f835491183628d484e9d6efa82fcb75cfa538c92791c5", + "zh:acd5f442bd88d67eb948b18dc2ed421c6c3faee62d3a12200e442bfff0aa7d8b", + "zh:ad5720da5524641ad718a565694821be5f61f68f1c3c5d2cfa24426b8e774bef", + "zh:e63f12ea938520b3f83634fc29da28d92eed5cfbc5cc8ca08281a6a9c36cca65", + "zh:f6542918faa115df46474a36aabb4c3899650bea036b5f8a5e296be6f8f25767", + ] +} + +provider "registry.terraform.io/hashicorp/aws" { + version = "3.70.0" + constraints = "~> 3.16, ~> 3.33" + hashes = [ + "h1:E5IKHXzPGGSizZM5rHKzNCzpwQ7lWPXmmJnms82uzDk=", + "zh:0af710e528e21b930899f0ac295b0ceef8ad7b623dd8f38e92c8ec4bc7af0321", + "zh:4cabcd4519c0aae474d91ae67a8e3a4a8c39c3945c289a9cf7c1409f64409abe", + "zh:58da1a436facb4e4f95cd2870d211ed7bcb8cf721a4a61970aa8da191665f2aa", + "zh:6465339475c1cd3c16a5c8fee61304dcad2c4a27740687d29c6cdc90d2e6423d", + "zh:7a821ed053c355d70ebe33185590953fa5c364c1f3d66fe3f9b4aba3961646b1", + "zh:7c3656cc9cc1739dcb298e7930c9a76ccfce738d2070841d7e6c62fbdae74eef", + "zh:9d9da9e3c60a0c977e156da8590f36a219ae91994bb3df5a1208de2ab3ceeba7", + "zh:a3138817c86bf3e4dca7fd3a92e099cd1bf1d45ee7c7cc9e9773ba04fc3b315a", + "zh:a8603044e935dfb3cb9319a46d26276162c6aea75e02c4827232f9c6029a3182", + "zh:aef9482332bf43d0b73317f5909dec9e95b983c67b10d72e75eacc7c4f37d084", + "zh:fc3f3cad84f2eebe566dd0b65904c934093007323b9b85e73d9dd4535ceeb29d", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.1.0" + hashes = [ + "h1:vpC6bgUQoJ0znqIKVFevOdq+YQw42bRq0u+H3nto8nA=", + "zh:02a1675fd8de126a00460942aaae242e65ca3380b5bb192e8773ef3da9073fd2", + "zh:53e30545ff8926a8e30ad30648991ca8b93b6fa496272cd23b26763c8ee84515", + "zh:5f9200bf708913621d0f6514179d89700e9aa3097c77dac730e8ba6e5901d521", + "zh:9ebf4d9704faba06b3ec7242c773c0fbfe12d62db7d00356d4f55385fc69bfb2", + "zh:a6576c81adc70326e4e1c999c04ad9ca37113a6e925aefab4765e5a5198efa7e", + "zh:a8a42d13346347aff6c63a37cda9b2c6aa5cc384a55b2fe6d6adfa390e609c53", + "zh:c797744d08a5307d50210e0454f91ca4d1c7621c68740441cf4579390452321d", + "zh:cecb6a304046df34c11229f20a80b24b1603960b794d68361a67c5efe58e62b8", + "zh:e1371aa1e502000d9974cfaff5be4cfa02f47b17400005a16f14d2ef30dc2a70", + "zh:fc39cc1fe71234a0b0369d5c5c7f876c71b956d23d7d6f518289737a001ba69b", + "zh:fea4227271ebf7d9e2b61b89ce2328c7262acd9fd190e1fd6d15a591abfa848e", + ] +} + +provider "registry.terraform.io/hashicorp/template" { + version = "2.2.0" + constraints = "2.2.0" + hashes = [ + "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=", + "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386", + "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53", + "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603", + "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16", + "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776", + "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451", + "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae", + "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde", + "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d", + "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", + ] +} diff --git a/infra/functions/lambda.tf b/terraform/functions/lambda.tf similarity index 90% rename from infra/functions/lambda.tf rename to terraform/functions/lambda.tf index f38e8b85..76b6a410 100644 --- a/infra/functions/lambda.tf +++ b/terraform/functions/lambda.tf @@ -1,14 +1,4 @@ data "aws_caller_identity" "caller" {} -data "terraform_remote_state" "service" { - backend = "s3" - - config = { - bucket = var.service_state_bucket_name - key = var.service_state_key - region = var.service_state_bucket_region - encrypt = var.service_state_bucket_is_encrypted - } -} resource "aws_secretsmanager_secret" "keepers_secretsmanager_secret" { name = "keepersServiceSMSecrets-${var.deployment_identifier}" @@ -24,7 +14,7 @@ resource "aws_secretsmanager_secret_version" "keepers_secretsmanager_secret_vers etherscanapikey = var.etherscan_apikey infuraapikey = var.infura_apikey voucherkerneladdress = var.voucher_kernel_address - apiurl = "https://${data.terraform_remote_state.service.outputs.address}" + apiurl = var.api_url })) } @@ -86,16 +76,16 @@ data "aws_iam_policy_document" "execution_policy" { } module "expirations_lambda" { - source = "./modules/lambda" + source = "./modules/lambda" region = var.region account_id = data.aws_caller_identity.caller.account_id component = var.component deployment_identifier = var.deployment_identifier - lambda_runtime = "nodejs14.x" + lambda_runtime = "nodejs14.x" lambda_code_output_path = "${path.module}/.terraform/archive_files/triggerExpirations.zip" - lambda_code_source_dir = "${path.cwd}/external/lambdas/triggerExpirations/src" + lambda_code_source_dir = "${path.cwd}/external/lambdas/triggerExpirations/src" lambda_timeout = 900 lambda_memory_size = 128 @@ -138,16 +128,16 @@ resource "aws_lambda_permission" "expirations_lambda_permission" { } module "finalizations_lambda" { - source = "./modules/lambda" + source = "./modules/lambda" region = var.region account_id = data.aws_caller_identity.caller.account_id component = var.component deployment_identifier = var.deployment_identifier - lambda_runtime = "nodejs14.x" + lambda_runtime = "nodejs14.x" lambda_code_output_path = "${path.module}/.terraform/archive_files/triggerFinalizations.zip" - lambda_code_source_dir = "${path.cwd}/external/lambdas/triggerFinalizations/src" + lambda_code_source_dir = "${path.cwd}/external/lambdas/triggerFinalizations/src" lambda_timeout = 900 lambda_memory_size = 128 @@ -190,16 +180,16 @@ resource "aws_lambda_permission" "finalizations_lambda_permission" { } module "withdrawals_lambda" { - source = "./modules/lambda" + source = "./modules/lambda" region = var.region account_id = data.aws_caller_identity.caller.account_id component = var.component deployment_identifier = var.deployment_identifier - lambda_runtime = "nodejs14.x" + lambda_runtime = "nodejs14.x" lambda_code_output_path = "${path.module}/.terraform/archive_files/triggerWithdrawals.zip" - lambda_code_source_dir = "${path.cwd}/external/lambdas/triggerWithdrawals/src" + lambda_code_source_dir = "${path.cwd}/external/lambdas/triggerWithdrawals/src" lambda_timeout = 900 lambda_memory_size = 256 diff --git a/terraform/functions/modules/lambda/iam.tf b/terraform/functions/modules/lambda/iam.tf new file mode 100644 index 00000000..d6fef4ab --- /dev/null +++ b/terraform/functions/modules/lambda/iam.tf @@ -0,0 +1,57 @@ +data "aws_caller_identity" "current" { +} + +resource "aws_iam_role" "lambda_execution_role" { + assume_role_policy = var.lambda_assume_role != "" ? var.lambda_assume_role : jsonencode( + { + "Version" : "2012-10-17", + "Statement" : [ + { + Action : "sts:AssumeRole", + Principal : { + "Service" : "lambda.amazonaws.com" + }, + Effect : "Allow" + } + ] + }) + tags = local.tags +} + +resource "aws_iam_role_policy" "lambda_execution_policy" { + role = aws_iam_role.lambda_execution_role.id + policy = var.lambda_execution_policy != "" ? var.lambda_execution_policy : jsonencode( + { + "Version" : "2012-10-17", + "Statement" : [ + { + Effect : "Allow", + Action : [ + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + Resource : [ + "*" + ] + }, + { + Effect : "Allow", + Action : [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + Resource : [ + "arn:aws:logs:${var.region}:${var.account_id}:*" + ] + } + ] + }) +} + diff --git a/infra/functions/modules/lambda/lambda.tf b/terraform/functions/modules/lambda/lambda.tf similarity index 100% rename from infra/functions/modules/lambda/lambda.tf rename to terraform/functions/modules/lambda/lambda.tf diff --git a/infra/functions/modules/lambda/locals.tf b/terraform/functions/modules/lambda/locals.tf similarity index 74% rename from infra/functions/modules/lambda/locals.tf rename to terraform/functions/modules/lambda/locals.tf index 4c1a0f09..96c053ea 100644 --- a/infra/functions/modules/lambda/locals.tf +++ b/terraform/functions/modules/lambda/locals.tf @@ -1,6 +1,6 @@ locals { base_tags = { - "Component" = var.component, + "Component" = var.component, "DeploymentIdentifier" = var.deployment_identifier } diff --git a/infra/functions/modules/lambda/outputs.tf b/terraform/functions/modules/lambda/outputs.tf similarity index 95% rename from infra/functions/modules/lambda/outputs.tf rename to terraform/functions/modules/lambda/outputs.tf index 18f2d6fd..cdcdeb66 100644 --- a/infra/functions/modules/lambda/outputs.tf +++ b/terraform/functions/modules/lambda/outputs.tf @@ -41,5 +41,5 @@ output "iam_role_name" { value = aws_iam_role.lambda_execution_role.name } output "iam_role_policy_name" { - value = aws_iam_role_policy.lambda_execution_policy.name + value = aws_iam_role_policy.lambda_execution_policy.name } diff --git a/terraform/functions/modules/lambda/security_group.tf b/terraform/functions/modules/lambda/security_group.tf new file mode 100644 index 00000000..c9bb2855 --- /dev/null +++ b/terraform/functions/modules/lambda/security_group.tf @@ -0,0 +1,20 @@ +resource "aws_security_group" "sg_lambda" { + description = "${var.deployment_identifier}-lambda" + vpc_id = var.vpc_id + tags = local.tags + count = var.deploy_in_vpc == "yes" ? 1 : 0 + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = var.lambda_ingress_cidr_blocks + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = var.lambda_egress_cidr_blocks + } +} diff --git a/infra/functions/modules/lambda/terraform.tf b/terraform/functions/modules/lambda/terraform.tf similarity index 88% rename from infra/functions/modules/lambda/terraform.tf rename to terraform/functions/modules/lambda/terraform.tf index a7ab87fb..c7b0c196 100644 --- a/infra/functions/modules/lambda/terraform.tf +++ b/terraform/functions/modules/lambda/terraform.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 0.14" required_providers { - aws = { + aws = { source = "hashicorp/aws" version = "~> 3.33" } diff --git a/infra/functions/modules/lambda/variables.tf b/terraform/functions/modules/lambda/variables.tf similarity index 100% rename from infra/functions/modules/lambda/variables.tf rename to terraform/functions/modules/lambda/variables.tf diff --git a/infra/functions/outputs.tf b/terraform/functions/outputs.tf similarity index 100% rename from infra/functions/outputs.tf rename to terraform/functions/outputs.tf diff --git a/infra/functions/provider.tf b/terraform/functions/provider.tf similarity index 100% rename from infra/functions/provider.tf rename to terraform/functions/provider.tf diff --git a/infra/keepers-service/terraform.tf b/terraform/functions/terraform.tf similarity index 100% rename from infra/keepers-service/terraform.tf rename to terraform/functions/terraform.tf diff --git a/infra/functions/variables.tf b/terraform/functions/variables.tf similarity index 62% rename from infra/functions/variables.tf rename to terraform/functions/variables.tf index 2a4bbcfb..6d03dec0 100644 --- a/infra/functions/variables.tf +++ b/terraform/functions/variables.tf @@ -2,14 +2,10 @@ variable "region" {} variable "component" {} variable "deployment_identifier" {} +variable "api_url" {} variable "gcloud_keepers_secret" {} variable "cashier_address" {} variable "executor_secret" {} variable "etherscan_apikey" {} variable "infura_apikey" {} variable "voucher_kernel_address" {} - -variable "service_state_bucket_name" {} -variable "service_state_key" {} -variable "service_state_bucket_region" {} -variable "service_state_bucket_is_encrypted" {}