This repository has been archived by the owner on Nov 25, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cicd.template.yml
188 lines (172 loc) · 6.07 KB
/
cicd.template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
Description: CICD pipeline for Hello World
Parameters:
GithubToken:
Type: String
NoEcho: true
Default: ""
Description: OAuth token for the Github organization. Needs read/write access to repos and repo hooks
GithubOwner:
Type: String
Description: Owner of the github repository to track
GithubRepo:
Type: String
Description: Name of the github repository to track
GithubBranch:
Type: String
Default: ""
Description: Name of the github branch to track
PipelineDefinitionBucket:
Type: String
Description: Bucket name where the pipeline definition is located
PipelineDefinitionKey:
Type: String
Description: Key name where the pipeline definition is located
Resources:
DevDnsRecords:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneId: !ImportValue cfn-dns:HostedZoneId
RecordSets:
- Name: hello-world.dev.brigh.id
Type: A
AliasTarget:
HostedZoneId: !ImportValue cfn-gateway:LoadBalancerCanonicalHostedZoneId
DNSName: !ImportValue cfn-gateway:LoadBalancerDnsName
- Name: hello-world.dev.brigh.id
Type: AAAA
AliasTarget:
HostedZoneId: !ImportValue cfn-gateway:LoadBalancerCanonicalHostedZoneId
DNSName: !ImportValue cfn-gateway:LoadBalancerDnsName
ProdDnsRecords:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneId: !ImportValue cfn-dns:HostedZoneId
RecordSets:
- Name: hello-world.brigh.id
Type: A
AliasTarget:
HostedZoneId: !ImportValue cfn-gateway:LoadBalancerCanonicalHostedZoneId
DNSName: !ImportValue cfn-gateway:LoadBalancerDnsName
- Name: hello-world.brigh.id
Type: AAAA
AliasTarget:
HostedZoneId: !ImportValue cfn-gateway:LoadBalancerCanonicalHostedZoneId
DNSName: !ImportValue cfn-gateway:LoadBalancerDnsName
ArtifactStore:
Type: AWS::S3::Bucket
ArtifactStorePolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref ArtifactStore
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: s3:*Object
Resource:
- !Sub arn:aws:s3:::${ArtifactStore}
- !Sub arn:aws:s3:::${ArtifactStore}/*
Principal:
AWS:
- !Ref AWS::AccountId
- !ImportValue cfn-metadata:DevAgentRoleArn
- !ImportValue cfn-metadata:ProdAgentRoleArn
DockerRepo:
Type: AWS::ECR::Repository
Properties:
RepositoryPolicyText:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- ecr:GetAuthorizationToken
- ecr:GetDownloadUrlForLayer
- ecr:BatchGetImage
- ecr:BatchCheckLayerAvailability
- ecr:ListImages
Principal:
AWS:
- !Ref AWS::AccountId
- !ImportValue cfn-metadata:DevAccountId
- !ImportValue cfn-metadata:ProdAccountId
BuildProject:
Type: AWS::CodeBuild::Project
Properties:
Name: !Sub ${AWS::StackName}-build
BadgeEnabled: true
ServiceRole: !ImportValue cfn-utilities:BuilderRoleArn
EncryptionKey: !ImportValue cfn-utilities:ArtifactKeyArn
Environment:
PrivilegedMode: true
Image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
ComputeType: BUILD_GENERAL1_SMALL
EnvironmentVariables:
- Name: ARTIFACT_STORE
Value: !Ref ArtifactStore
- Name: REPOSITORY_URI
Value: !Sub ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${DockerRepo}
Type: LINUX_CONTAINER
Cache:
Type: LOCAL
Modes:
- LOCAL_DOCKER_LAYER_CACHE
Artifacts:
Type: S3
Location: !Ref ArtifactStore
Name: buildResults.zip
NamespaceType: BUILD_ID
Packaging: ZIP
Source:
Type: GITHUB
Location: !Sub https://github.com/${GithubOwner}/${GithubRepo}.git
ReportBuildStatus: true
BuildStatusConfig:
Context: !Sub AWS CodeBuild - shared (${AWS::StackName}-build)
TargetUrl: !Sub https://sso.brigh.id/start/shared?destination=https://console.aws.amazon.com/codesuite/codebuild/${AWS::AccountId}/projects/${AWS::StackName}-build/build/$CODEBUILD_BUILD_ID/?region=${AWS::Region}
SupersessionQueue:
Type: AWS::SQS::Queue
Properties:
ContentBasedDeduplication: true
FifoQueue: true
MessageRetentionPeriod: 1209600
SupersessionEventSourceMapping:
Type: AWS::Lambda::EventSourceMapping
Properties:
FunctionName: !ImportValue cfn-core:DeploymentSupersessionFunctionArn
EventSourceArn: !GetAtt SupersessionQueue.Arn
DeploymentQueue:
Type: AWS::SQS::Queue
Properties:
ContentBasedDeduplication: true
VisibilityTimeout: 3600
FifoQueue: true
MessageRetentionPeriod: 1209600
DeploymentEventSourceMapping:
Type: AWS::Lambda::EventSourceMapping
Properties:
FunctionName: !ImportValue cfn-core:StackDeploymentFunctionArn
EventSourceArn: !GetAtt DeploymentQueue.Arn
StateMachine:
Type: AWS::StepFunctions::StateMachine
Properties:
RoleArn: !ImportValue cfn-utilities:MasterRoleArn
StateMachineName: !Sub ${AWS::StackName}-pipeline
DefinitionS3Location:
Bucket: !Ref PipelineDefinitionBucket
Key: !Ref PipelineDefinitionKey
DefinitionSubstitutions:
GithubRepo: !Ref GithubRepo
GithubOwner: !Ref GithubOwner
ArtifactStore: !Ref ArtifactStore
BuildProject: !Ref BuildProject
DeploymentQueue: !Ref DeploymentQueue
SupersessionQueue: !Ref SupersessionQueue
DevRoleArn: !ImportValue cfn-metadata:DevAgentRoleArn
ProdRoleArn: !ImportValue cfn-metadata:ProdAgentRoleArn
ApprovalNotificationFunction: !ImportValue cfn-core:ApprovalNotificationFunctionArn
Metadata:
cfn-lint:
config:
ignore_checks:
- E3002
- E3003