From 105d15d487caab5e57ca98664d87750d4b10c9ed Mon Sep 17 00:00:00 2001 From: Michal Kleszcz Date: Thu, 19 Sep 2024 14:31:57 +0200 Subject: [PATCH] feat: #661 Change the deployment to S3 sync --- .github/workflows/actions/deploy/action.yml | 6 +-- .github/workflows/deploy-prod.yml | 3 +- .github/workflows/deploy-qa.yml | 6 ++- .../src/stacks/ci/ciEntrypoint.ts | 18 +++++-- .../infra-shared/src/stacks/ci/ciPipeline.ts | 1 - .../infra/infra-shared/src/stacks/ci/stack.ts | 15 +----- .../global/resources/globalCodeCommit.ts | 54 ------------------- .../src/stacks/global/resources/index.ts | 9 ++-- 8 files changed, 29 insertions(+), 83 deletions(-) delete mode 100644 packages/infra/infra-shared/src/stacks/global/resources/globalCodeCommit.ts diff --git a/.github/workflows/actions/deploy/action.yml b/.github/workflows/actions/deploy/action.yml index e6a093164..b447cbdd3 100644 --- a/.github/workflows/actions/deploy/action.yml +++ b/.github/workflows/actions/deploy/action.yml @@ -26,10 +26,10 @@ runs: shell: bash run: | artifact_name="${{ inputs.environment-name }}-entrypoint.zip" - zip -r $artifact_name . + zip -r -q $artifact_name . - name: Send artifact to S3 shell: bash run: | - artifact_name="${{ inputs.environment-name }}-entrypoint.zip" - aws s3 cp $artifact_name "s3://${{ inputs.artifacts-s3-bucket }}/${artifact_name}" + artifact_name="${{ inputs.environment-name }}-entrypoint" + aws s3 cp "${artifact_name}.zip" "s3://${{ inputs.artifacts-s3-bucket }}/${artifact_name}" diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index 70e35752d..3b0943b3e 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -18,5 +18,4 @@ jobs: - uses: ./.github/workflows/actions/deploy with: environment-name: 'prod' - trigger-url: '${{ vars.SB_DEPLOY_TRIGGER_URL }}' - trigger-secret: '${{ secrets.SB_DEPLOY_TRIGGER_SECRET }}' + artifacts-s3-bucket: '${{ secrets.SB_CI_ARTIFACTS_BUCKET }}' diff --git a/.github/workflows/deploy-qa.yml b/.github/workflows/deploy-qa.yml index 5cd5a03a6..f5b510fad 100644 --- a/.github/workflows/deploy-qa.yml +++ b/.github/workflows/deploy-qa.yml @@ -19,5 +19,9 @@ jobs: - uses: ./.github/workflows/actions/deploy with: - environment-name: 'qa' + environment-name: 'saas-qa' artifacts-s3-bucket: '${{ secrets.SB_CI_ARTIFACTS_BUCKET }}' + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} diff --git a/packages/infra/infra-shared/src/stacks/ci/ciEntrypoint.ts b/packages/infra/infra-shared/src/stacks/ci/ciEntrypoint.ts index fe8454ee0..be437a359 100644 --- a/packages/infra/infra-shared/src/stacks/ci/ciEntrypoint.ts +++ b/packages/infra/infra-shared/src/stacks/ci/ciEntrypoint.ts @@ -1,15 +1,14 @@ import { Construct } from 'constructs'; import * as s3 from 'aws-cdk-lib/aws-s3'; -import * as codecommit from 'aws-cdk-lib/aws-codecommit'; import * as codebuild from 'aws-cdk-lib/aws-codebuild'; import { BuildEnvironmentVariableType } from 'aws-cdk-lib/aws-codebuild'; import * as cloudtrail from 'aws-cdk-lib/aws-cloudtrail'; import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager'; +import * as iam from 'aws-cdk-lib/aws-iam'; import { EnvConstructProps, EnvironmentSettings } from '@sb/infra-core'; +import { GlobalResources } from '../global/resources'; -export interface CiEntrypointProps extends EnvConstructProps { - codeRepository: codecommit.IRepository; -} +export interface CiEntrypointProps extends EnvConstructProps {} export class CiEntrypoint extends Construct { public artifactsBucket: s3.Bucket; @@ -23,6 +22,14 @@ export class CiEntrypoint extends Construct { return `${envSettings.projectEnvName}-entrypoint`; } + private retrieveExternalCIUser() { + return iam.User.fromUserName( + this, + 'ExternalCiUser', + GlobalResources.getExternalCIUserName(), + ); + } + constructor(scope: Construct, id: string, props: CiEntrypointProps) { super(scope, id); @@ -30,6 +37,9 @@ export class CiEntrypoint extends Construct { versioned: true, }); + const externalCiUser = this.retrieveExternalCIUser(); + this.artifactsBucket.grantWrite(externalCiUser); + const trail = new cloudtrail.Trail(this, 'CloudTrail'); trail.addS3EventSelector( [ diff --git a/packages/infra/infra-shared/src/stacks/ci/ciPipeline.ts b/packages/infra/infra-shared/src/stacks/ci/ciPipeline.ts index 5d6e14654..280685971 100644 --- a/packages/infra/infra-shared/src/stacks/ci/ciPipeline.ts +++ b/packages/infra/infra-shared/src/stacks/ci/ciPipeline.ts @@ -19,7 +19,6 @@ import { DocsCiConfig } from './ciDocs'; export interface CiPipelineProps extends EnvConstructProps { entrypointArtifactBucket: Bucket; backendRepository: ecr.IRepository; - codeRepository: cc.IRepository; } export class CiPipeline extends Construct { diff --git a/packages/infra/infra-shared/src/stacks/ci/stack.ts b/packages/infra/infra-shared/src/stacks/ci/stack.ts index 88fb17603..16b581b50 100644 --- a/packages/infra/infra-shared/src/stacks/ci/stack.ts +++ b/packages/infra/infra-shared/src/stacks/ci/stack.ts @@ -1,10 +1,8 @@ import { App, Stack, StackProps } from 'aws-cdk-lib'; import * as ecr from 'aws-cdk-lib/aws-ecr'; -import * as codecommit from 'aws-cdk-lib/aws-codecommit'; import { EnvConstructProps } from '@sb/infra-core'; import { GlobalECR } from '../global/resources/globalECR'; -import { GlobalCodeCommit } from '../global/resources/globalCodeCommit'; import { CiPipeline } from './ciPipeline'; import { CiEntrypoint } from './ciEntrypoint'; @@ -15,34 +13,23 @@ export class EnvCiStack extends Stack { super(scope, id, props); const backendRepository = this.retrieveBackendECRRepository(props); - const codeRepository = this.retrieveCodeRepository(props); const entrypoint = new CiEntrypoint(this, 'Entrypoint', { envSettings: props.envSettings, - codeRepository, }); new CiPipeline(this, 'PipelineConfig', { envSettings: props.envSettings, - codeRepository, backendRepository, entrypointArtifactBucket: entrypoint.artifactsBucket, }); } - private retrieveCodeRepository(props: EnvCiStackProps) { - return codecommit.Repository.fromRepositoryName( - this, - 'CodeRepository', - GlobalCodeCommit.getCodeRepositoryName(props.envSettings) - ); - } - private retrieveBackendECRRepository(props: EnvCiStackProps) { return ecr.Repository.fromRepositoryName( this, 'ECRBackendRepository', - GlobalECR.getBackendRepositoryName(props.envSettings) + GlobalECR.getBackendRepositoryName(props.envSettings), ); } } diff --git a/packages/infra/infra-shared/src/stacks/global/resources/globalCodeCommit.ts b/packages/infra/infra-shared/src/stacks/global/resources/globalCodeCommit.ts deleted file mode 100644 index bba4a311f..000000000 --- a/packages/infra/infra-shared/src/stacks/global/resources/globalCodeCommit.ts +++ /dev/null @@ -1,54 +0,0 @@ -import { Construct } from 'constructs'; -import { CfnOutput } from 'aws-cdk-lib'; -import * as codecommit from 'aws-cdk-lib/aws-codecommit'; -import * as iam from 'aws-cdk-lib/aws-iam'; -import { - EnvConstructProps, - EnvironmentSettings, -} from '@sb/infra-core'; - -export class GlobalCodeCommit extends Construct { - repository: codecommit.Repository; - - static getCodeRepositoryName(envSettings: EnvironmentSettings) { - return `${envSettings.projectName}-code`; - } - - static getCodeRepoUserNameOutputExportName(envSettings: EnvironmentSettings) { - return `${envSettings.projectName}-codeRepoUserName`; - } - - static getCodeRepoCloneUrlHttpOutputExportName( - envSettings: EnvironmentSettings - ) { - return `${envSettings.projectName}-codeRepoCloneUrlHttp`; - } - - constructor(scope: Construct, id: string, props: EnvConstructProps) { - super(scope, id); - - this.repository = new codecommit.Repository(this, 'CodeRepo', { - repositoryName: GlobalCodeCommit.getCodeRepositoryName(props.envSettings), - description: `${props.envSettings.projectName} code mirror repository used to source CodePipeline`, - }); - - const user = new iam.User(this, 'CodeRepoUser', { - userName: `${props.envSettings.projectName}-code`, - }); - this.repository.grantPullPush(user); - - new CfnOutput(this, 'CodeRepoUserName', { - exportName: GlobalCodeCommit.getCodeRepoUserNameOutputExportName( - props.envSettings - ), - value: user.userName, - }); - - new CfnOutput(this, 'CodeRepoCloneUrlHttp', { - exportName: GlobalCodeCommit.getCodeRepoCloneUrlHttpOutputExportName( - props.envSettings - ), - value: this.repository.repositoryCloneUrlHttp, - }); - } -} diff --git a/packages/infra/infra-shared/src/stacks/global/resources/index.ts b/packages/infra/infra-shared/src/stacks/global/resources/index.ts index 0f542a30b..5d254349c 100644 --- a/packages/infra/infra-shared/src/stacks/global/resources/index.ts +++ b/packages/infra/infra-shared/src/stacks/global/resources/index.ts @@ -3,12 +3,10 @@ import * as iam from 'aws-cdk-lib/aws-iam'; import { EnvConstructProps } from '@sb/infra-core'; import { GlobalECR } from './globalECR'; -import { GlobalCodeCommit } from './globalCodeCommit'; import { GlobalBuildSecrets } from './globalBuildSecrets'; export class GlobalResources extends Construct { ecr: GlobalECR; - codeCommit: GlobalCodeCommit; buildSecrets: GlobalBuildSecrets; externalCiUser: iam.User; @@ -16,10 +14,13 @@ export class GlobalResources extends Construct { super(scope, id); this.ecr = new GlobalECR(this, 'ECRGlobal', props); - this.codeCommit = new GlobalCodeCommit(this, 'CodeCommit', props); this.buildSecrets = new GlobalBuildSecrets(this, 'GlobalBuildSecrets'); this.externalCiUser = new iam.User(this, 'ExternalCiUser', { - userName: 'external-ci', + userName: GlobalResources.getExternalCIUserName(), }); } + + static getExternalCIUserName() { + return 'external-ci'; + } }