carlin 0.19.15 → 0.20.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,35 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
|
5
5
|
|
|
6
|
+
## [0.20.1](https://github.com/ttoss/carlin/compare/v0.20.0...v0.20.1) (2022-02-01)
|
|
7
|
+
|
|
8
|
+
### Bug Fixes
|
|
9
|
+
|
|
10
|
+
- update actions iam ([4ff073f](https://github.com/ttoss/carlin/commit/4ff073f6067ca20994c9af892d0c4aa62c2c2b90))
|
|
11
|
+
- update actions iam ([b5dd158](https://github.com/ttoss/carlin/commit/b5dd158ec992720e33b1c98baff495962a9e3481))
|
|
12
|
+
|
|
13
|
+
# [0.20.0](https://github.com/ttoss/carlin/compare/v0.19.17...v0.20.0) (2022-02-01)
|
|
14
|
+
|
|
15
|
+
### Bug Fixes
|
|
16
|
+
|
|
17
|
+
- update cloudfront protocol ([13678cd](https://github.com/ttoss/carlin/commit/13678cd3551924aa47d72ec322ea3d8c0e0502bc))
|
|
18
|
+
|
|
19
|
+
### Features
|
|
20
|
+
|
|
21
|
+
- add tags to ecs report ([d0bf69d](https://github.com/ttoss/carlin/commit/d0bf69d82a737053a539356d8ba7afba966dacc3))
|
|
22
|
+
|
|
23
|
+
## [0.19.17](https://github.com/ttoss/carlin/compare/v0.19.16...v0.19.17) (2022-01-24)
|
|
24
|
+
|
|
25
|
+
### Bug Fixes
|
|
26
|
+
|
|
27
|
+
- pipelines commands ([1c01d40](https://github.com/ttoss/carlin/commit/1c01d4077ae6fc9fc1ab6a565c0d08b50a575664))
|
|
28
|
+
|
|
29
|
+
## [0.19.16](https://github.com/ttoss/carlin/compare/v0.19.15...v0.19.16) (2022-01-04)
|
|
30
|
+
|
|
31
|
+
### Bug Fixes
|
|
32
|
+
|
|
33
|
+
- add set -e to cicd pipelines ([95ba9a7](https://github.com/ttoss/carlin/commit/95ba9a7317e02a8e60b579a6f50132ef7629c1f8))
|
|
34
|
+
|
|
6
35
|
## [0.19.15](https://github.com/ttoss/carlin/compare/v0.19.14...v0.19.15) (2021-12-23)
|
|
7
36
|
|
|
8
37
|
### Bug Fixes
|
|
@@ -98,8 +98,6 @@ const getRepositoryImageBuilder = () => ({
|
|
|
98
98
|
'RUN yarn install',
|
|
99
99
|
// Used in case of yarn.lock is modified.
|
|
100
100
|
'RUN git checkout -- yarn.lock',
|
|
101
|
-
// set -e stops the execution of a script if a command or pipeline has an error.
|
|
102
|
-
'RUN set -e',
|
|
103
101
|
].join('\n'),
|
|
104
102
|
},
|
|
105
103
|
},
|
|
@@ -313,7 +311,8 @@ const getCicdTemplate = ({ pipelines = [], cpu = config_2.ECS_TASK_DEFAULT_CPU,
|
|
|
313
311
|
],
|
|
314
312
|
},
|
|
315
313
|
};
|
|
316
|
-
resources[exports.REPOSITORY_IMAGE_CODE_BUILD_PROJECT_LOGICAL_ID] =
|
|
314
|
+
resources[exports.REPOSITORY_IMAGE_CODE_BUILD_PROJECT_LOGICAL_ID] =
|
|
315
|
+
exports.getRepositoryImageBuilder();
|
|
317
316
|
})();
|
|
318
317
|
const createApiResources = () => {
|
|
319
318
|
resources[exports.API_LOGICAL_ID] = {
|
|
@@ -378,6 +377,11 @@ const getCicdTemplate = ({ pipelines = [], cpu = config_2.ECS_TASK_DEFAULT_CPU,
|
|
|
378
377
|
},
|
|
379
378
|
],
|
|
380
379
|
},
|
|
380
|
+
{
|
|
381
|
+
Effect: 'Allow',
|
|
382
|
+
Action: ['ecs:DescribeTasks'],
|
|
383
|
+
Resource: '*',
|
|
384
|
+
},
|
|
381
385
|
{
|
|
382
386
|
Effect: 'Allow',
|
|
383
387
|
Action: ['ecs:RunTask'],
|
|
@@ -519,27 +523,28 @@ const getCicdTemplate = ({ pipelines = [], cpu = config_2.ECS_TASK_DEFAULT_CPU,
|
|
|
519
523
|
/**
|
|
520
524
|
* Used to start the container.
|
|
521
525
|
*/
|
|
522
|
-
resources[exports.REPOSITORY_TASKS_ECS_TASK_DEFINITION_EXECUTION_ROLE_LOGICAL_ID] =
|
|
523
|
-
|
|
524
|
-
|
|
525
|
-
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
|
|
530
|
-
|
|
531
|
-
|
|
526
|
+
resources[exports.REPOSITORY_TASKS_ECS_TASK_DEFINITION_EXECUTION_ROLE_LOGICAL_ID] =
|
|
527
|
+
{
|
|
528
|
+
Type: 'AWS::IAM::Role',
|
|
529
|
+
Properties: {
|
|
530
|
+
AssumeRolePolicyDocument: {
|
|
531
|
+
Version: '2012-10-17',
|
|
532
|
+
Statement: [
|
|
533
|
+
{
|
|
534
|
+
Effect: 'Allow',
|
|
535
|
+
Principal: {
|
|
536
|
+
Service: 'ecs-tasks.amazonaws.com',
|
|
537
|
+
},
|
|
538
|
+
Action: 'sts:AssumeRole',
|
|
532
539
|
},
|
|
533
|
-
|
|
534
|
-
|
|
540
|
+
],
|
|
541
|
+
},
|
|
542
|
+
ManagedPolicyArns: [
|
|
543
|
+
'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy',
|
|
535
544
|
],
|
|
545
|
+
Path: utils_1.getIamPath(),
|
|
536
546
|
},
|
|
537
|
-
|
|
538
|
-
'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy',
|
|
539
|
-
],
|
|
540
|
-
Path: utils_1.getIamPath(),
|
|
541
|
-
},
|
|
542
|
-
};
|
|
547
|
+
};
|
|
543
548
|
/**
|
|
544
549
|
* Used inside de container execution.
|
|
545
550
|
*/
|
|
@@ -1,13 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.ecsTaskReportHandler = exports.getEcsTaskLogsUrl = void 0;
|
|
3
|
+
exports.ecsTaskReportHandler = exports.getEcsTaskTags = exports.getEcsTaskLogsUrl = void 0;
|
|
4
4
|
const webhook_1 = require("@slack/webhook");
|
|
5
|
+
const aws_sdk_1 = require("aws-sdk");
|
|
5
6
|
const putApprovalResultManualTask_1 = require("./putApprovalResultManualTask");
|
|
6
|
-
const
|
|
7
|
-
|
|
8
|
-
!process.env.ECS_TASK_LOGS_LOG_GROUP) {
|
|
9
|
-
return undefined;
|
|
10
|
-
}
|
|
7
|
+
const ecs = new aws_sdk_1.ECS({ apiVersion: '2014-11-13' });
|
|
8
|
+
const getEcsTaskId = ({ ecsTaskArn }) => {
|
|
11
9
|
/**
|
|
12
10
|
* Arn has the following format:
|
|
13
11
|
* arn:aws:ecs:us-east-1:483684946879:task/CarlinCicdCarlinMonorepo-RepositoryTasksECSCluster-1J6saGT91hCr/6fcc78682de442ae89a0b7339ac7d981
|
|
@@ -15,6 +13,24 @@ const getEcsTaskLogsUrl = ({ ecsTaskArn }) => {
|
|
|
15
13
|
* We want the "6fcc78682de442ae89a0b7339ac7d981" part.
|
|
16
14
|
*/
|
|
17
15
|
const ecsTaskId = ecsTaskArn.split('/')[2];
|
|
16
|
+
return ecsTaskId;
|
|
17
|
+
};
|
|
18
|
+
const getEcsTaskCluster = ({ ecsTaskArn }) => {
|
|
19
|
+
/**
|
|
20
|
+
* Arn has the following format:
|
|
21
|
+
* arn:aws:ecs:us-east-1:483684946879:task/CarlinCicdCarlinMonorepo-RepositoryTasksECSCluster-1J6saGT91hCr/6fcc78682de442ae89a0b7339ac7d981
|
|
22
|
+
*
|
|
23
|
+
* We want the "CarlinCicdCarlinMonorepo-RepositoryTasksECSCluster-1J6saGT91hCr" part.
|
|
24
|
+
*/
|
|
25
|
+
const ecsTaskCluster = ecsTaskArn.split('/')[1];
|
|
26
|
+
return ecsTaskCluster;
|
|
27
|
+
};
|
|
28
|
+
const getEcsTaskLogsUrl = ({ ecsTaskArn }) => {
|
|
29
|
+
if (!process.env.ECS_TASK_CONTAINER_NAME ||
|
|
30
|
+
!process.env.ECS_TASK_LOGS_LOG_GROUP) {
|
|
31
|
+
return undefined;
|
|
32
|
+
}
|
|
33
|
+
const ecsTaskId = getEcsTaskId({ ecsTaskArn });
|
|
18
34
|
const ecsTaskLogsUrl = new URL([
|
|
19
35
|
/**
|
|
20
36
|
* https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-runtime
|
|
@@ -30,6 +46,19 @@ const getEcsTaskLogsUrl = ({ ecsTaskArn }) => {
|
|
|
30
46
|
return ecsTaskLogsUrl.href;
|
|
31
47
|
};
|
|
32
48
|
exports.getEcsTaskLogsUrl = getEcsTaskLogsUrl;
|
|
49
|
+
const getEcsTaskTags = async ({ ecsTaskArn, }) => {
|
|
50
|
+
const cluster = getEcsTaskCluster({ ecsTaskArn });
|
|
51
|
+
const taskId = getEcsTaskId({ ecsTaskArn });
|
|
52
|
+
const { tasks } = await ecs
|
|
53
|
+
.describeTasks({ cluster, include: ['TAGS'], tasks: [taskId] })
|
|
54
|
+
.promise();
|
|
55
|
+
const task = tasks === null || tasks === void 0 ? void 0 : tasks[0];
|
|
56
|
+
if (!task) {
|
|
57
|
+
return undefined;
|
|
58
|
+
}
|
|
59
|
+
return task.tags;
|
|
60
|
+
};
|
|
61
|
+
exports.getEcsTaskTags = getEcsTaskTags;
|
|
33
62
|
/**
|
|
34
63
|
* This method is invoked when an ECS task is executed and the success or
|
|
35
64
|
* failure commands calls `carlin cicd-ecs-task-report --status=<status>`.
|
|
@@ -47,6 +76,7 @@ const ecsTaskReportHandler = async ({ ecsTaskArn, status, pipelineName, }) => {
|
|
|
47
76
|
});
|
|
48
77
|
}
|
|
49
78
|
};
|
|
79
|
+
const ecsTaskTags = ecsTaskArn && (await exports.getEcsTaskTags({ ecsTaskArn }));
|
|
50
80
|
const handleStackNotification = async () => {
|
|
51
81
|
/**
|
|
52
82
|
* Do not send a notification if the task was main pipeline with tag.
|
|
@@ -79,6 +109,7 @@ const ecsTaskReportHandler = async ({ ecsTaskArn, status, pipelineName, }) => {
|
|
|
79
109
|
text: `\`\`\`${JSON.stringify({
|
|
80
110
|
status,
|
|
81
111
|
pipelineName,
|
|
112
|
+
ecsTaskTags,
|
|
82
113
|
}, null, 2)}\`\`\``,
|
|
83
114
|
},
|
|
84
115
|
},
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.getTagCommands = exports.getMainCommands = exports.getClosedPrCommands = exports.getPrCommands = exports.pipelines = void 0;
|
|
3
|
+
exports.getTagCommands = exports.getMainCommands = exports.getClosedPrCommands = exports.getPrCommands = exports.getCommandFileDir = exports.pipelines = void 0;
|
|
4
4
|
exports.pipelines = ['pr', 'main', 'tag'];
|
|
5
|
-
const
|
|
5
|
+
const getCommandFileDir = (pipeline) => `./cicd/commands/${pipeline}`;
|
|
6
|
+
exports.getCommandFileDir = getCommandFileDir;
|
|
6
7
|
const getPrCommands = ({ branch }) => [
|
|
8
|
+
'set -e',
|
|
7
9
|
'git status',
|
|
8
10
|
'git fetch',
|
|
9
11
|
/**
|
|
@@ -15,7 +17,7 @@ const getPrCommands = ({ branch }) => [
|
|
|
15
17
|
'git rev-parse HEAD',
|
|
16
18
|
'git status',
|
|
17
19
|
'yarn',
|
|
18
|
-
|
|
20
|
+
`sh -e ${exports.getCommandFileDir('pr')}`,
|
|
19
21
|
];
|
|
20
22
|
exports.getPrCommands = getPrCommands;
|
|
21
23
|
const getClosedPrCommands = ({ branch }) => [
|
|
@@ -27,10 +29,11 @@ const getClosedPrCommands = ({ branch }) => [
|
|
|
27
29
|
'git pull origin main',
|
|
28
30
|
'git rev-parse HEAD',
|
|
29
31
|
`export CARLIN_BRANCH=${branch}`,
|
|
30
|
-
|
|
32
|
+
`sh ${exports.getCommandFileDir('closed-pr')} || true`,
|
|
31
33
|
];
|
|
32
34
|
exports.getClosedPrCommands = getClosedPrCommands;
|
|
33
35
|
const getMainCommands = () => [
|
|
36
|
+
'set -e',
|
|
34
37
|
`export CARLIN_ENVIRONMENT=Staging`,
|
|
35
38
|
'git status',
|
|
36
39
|
'git fetch',
|
|
@@ -41,16 +44,17 @@ const getMainCommands = () => [
|
|
|
41
44
|
*/
|
|
42
45
|
'if git describe --exact-match; then echo "Tag found" && carlin cicd-ecs-task-report --status=MainTagFound && exit 0; fi',
|
|
43
46
|
'yarn',
|
|
44
|
-
|
|
47
|
+
`sh -e ${exports.getCommandFileDir('main')}`,
|
|
45
48
|
];
|
|
46
49
|
exports.getMainCommands = getMainCommands;
|
|
47
50
|
const getTagCommands = ({ tag }) => [
|
|
51
|
+
'set -e',
|
|
48
52
|
`export CARLIN_ENVIRONMENT=Production`,
|
|
49
53
|
'git status',
|
|
50
54
|
'git fetch --tags',
|
|
51
55
|
`git checkout tags/${tag} -b ${tag}-branch`,
|
|
52
56
|
'git rev-parse HEAD',
|
|
53
57
|
'yarn',
|
|
54
|
-
|
|
58
|
+
`sh -e ${exports.getCommandFileDir('tag')}`,
|
|
55
59
|
];
|
|
56
60
|
exports.getTagCommands = getTagCommands;
|
|
@@ -777,6 +777,12 @@ const getCloudFrontTemplate = ({ acm, aliases, cloudfront, gtmId, csp, spa, host
|
|
|
777
777
|
},
|
|
778
778
|
};
|
|
779
779
|
if (acm) {
|
|
780
|
+
const acmRegex = /^arn:aws:acm:[-a-z0-9]+:\d{12}:certificate\/[-a-z0-9]+$/;
|
|
781
|
+
const acmCertificateArn = acmRegex.test(acm)
|
|
782
|
+
? acm
|
|
783
|
+
: {
|
|
784
|
+
'Fn::ImportValue': acm,
|
|
785
|
+
};
|
|
780
786
|
/**
|
|
781
787
|
* Add ACM to CloudFront template.
|
|
782
788
|
*/
|
|
@@ -785,11 +791,11 @@ const getCloudFrontTemplate = ({ acm, aliases, cloudfront, gtmId, csp, spa, host
|
|
|
785
791
|
.DistributionConfig,
|
|
786
792
|
Aliases: aliases || { Ref: 'AWS::NoValue' },
|
|
787
793
|
ViewerCertificate: {
|
|
788
|
-
AcmCertificateArn:
|
|
789
|
-
|
|
790
|
-
|
|
791
|
-
|
|
792
|
-
|
|
794
|
+
AcmCertificateArn: acmCertificateArn,
|
|
795
|
+
/**
|
|
796
|
+
* AWS CloudFront recommendation.
|
|
797
|
+
*/
|
|
798
|
+
MinimumProtocolVersion: 'TLSv1.2_2021',
|
|
793
799
|
SslSupportMethod: 'sni-only',
|
|
794
800
|
},
|
|
795
801
|
};
|