carlin 1.19.11 → 1.19.13

package/dist/deploy/cicd/command.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deployCicdCommand = void 0;
+const tslib_1 = require("tslib");
+const config_1 = require("../../config");
+const utils_1 = require("../../utils");
+const deployCicd_1 = require("./deployCicd");
+const command_options_1 = require("./command.options");
+const readSSHKey_1 = require("./readSSHKey");
+const npmlog_1 = tslib_1.__importDefault(require("npmlog"));
+const logPrefix = 'deploy-cicd';
+exports.deployCicdCommand = {
+    command: 'cicd',
+    describe: 'Deploy CICD.',
+    builder: (yargs) => yargs.options((0, utils_1.addGroupToOptions)(command_options_1.options, 'Deploy CICD Options')),
+    handler: ({ destroy, ...rest }) => {
+        if (destroy) {
+            npmlog_1.default.info(logPrefix, `${config_1.NAME} doesn't destroy CICD stack.`);
+        }
+        else {
+            (0, deployCicd_1.deployCicd)({
+                ...rest,
+                sshKey: (0, readSSHKey_1.readSSHKey)(rest['ssh-key']),
+            });
+        }
+    },
+};

package/dist/deploy/cicd/command.options.js

@@ -0,0 +1,71 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getCicdConfig = exports.options = void 0;
+const tslib_1 = require("tslib");
+const change_case_1 = require("change-case");
+const pipelines_1 = require("./pipelines");
+const yargs_1 = tslib_1.__importDefault(require("yargs"));
+exports.options = {
+    cpu: {
+        type: 'string',
+    },
+    memory: {
+        type: 'string',
+    },
+    pipelines: {
+        choices: pipelines_1.pipelines,
+        coerce: (values) => values.map((value) => (0, change_case_1.camelCase)(value)),
+        default: [],
+        description: 'Pipelines that will be implemented with the CICD stack.',
+        type: 'array',
+    },
+    'update-repository': {
+        alias: ['ur'],
+        description: 'Determine if the repository image will be updated.',
+        default: true,
+        type: 'boolean',
+    },
+    'ssh-key': {
+        demandOption: true,
+        type: 'string',
+    },
+    'ssh-url': {
+        demandOption: true,
+        type: 'string',
+    },
+    'slack-webhook-url': {
+        type: 'string',
+    },
+    /**
+     * This option has the format:
+     *
+     * ```ts
+     * Array<{
+     *  name: string,
+     *  value: string,
+     * }>
+     * ```
+     */
+    'task-environment': {
+        alias: ['te'],
+        default: [],
+        describe: 'A list of environment variables that will be passed to the ECS container task.',
+        type: 'array',
+    },
+};
+const getCicdConfig = () => {
+    const { parsed } = yargs_1.default.config();
+    if (!parsed) {
+        return false;
+    }
+    const { argv } = parsed;
+    const config = Object.keys(exports.options).reduce((acc, key) => {
+        const value = argv[key];
+        if (value) {
+            acc[key] = value;
+        }
+        return acc;
+    }, {});
+    return config;
+};
+exports.getCicdConfig = getCicdConfig;

package/dist/deploy/cicd/config.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CICD_FOLDER_NAME = exports.PIPELINE_ECS_TASK_EXECUTION_MANUAL_APPROVAL_ACTION_NAME = exports.PIPELINE_ECS_TASK_EXECUTION_STAGE_NAME = exports.ECS_TASK_DEFAULT_MEMORY = exports.ECS_TASK_DEFAULT_CPU = void 0;
+exports.ECS_TASK_DEFAULT_CPU = '2048';
+exports.ECS_TASK_DEFAULT_MEMORY = '4096';
+exports.PIPELINE_ECS_TASK_EXECUTION_STAGE_NAME = `PipelineRunECSTasksStage`;
+exports.PIPELINE_ECS_TASK_EXECUTION_MANUAL_APPROVAL_ACTION_NAME = `PipelineRunECSTasksApproval`;
+exports.CICD_FOLDER_NAME = '.cicd';

package/dist/deploy/cicd/deployCicd.js

@@ -0,0 +1,93 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deployCicd = exports.getLambdaInput = void 0;
+const tslib_1 = require("tslib");
+const fs = tslib_1.__importStar(require("fs"));
+const path = tslib_1.__importStar(require("path"));
+const cicd_template_1 = require("./cicd.template");
+const cloudFormation_core_1 = require("../cloudFormation.core");
+const deployLambdaCode_1 = require("../lambda/deployLambdaCode");
+const getCicdStackName_1 = require("./getCicdStackName");
+const utils_1 = require("../utils");
+const utils_2 = require("../../utils");
+const npmlog_1 = tslib_1.__importDefault(require("npmlog"));
+const logPrefix = 'cicd';
+const getLambdaInput = (extension) => path.resolve(__dirname, `lambdas/index.${extension}`);
+exports.getLambdaInput = getLambdaInput;
+const deployCicdLambdas = async ({ stackName }) => {
+    const lambdaInput = (() => {
+        /**
+         * This case happens when carlin command is executed when the package is
+         * built.
+         */
+        if (fs.existsSync((0, exports.getLambdaInput)('js'))) {
+            return (0, exports.getLambdaInput)('js');
+        }
+        /**
+         * The package isn't built.
+         */
+        if (fs.existsSync((0, exports.getLambdaInput)('ts'))) {
+            return (0, exports.getLambdaInput)('ts');
+        }
+        throw new Error('Cannot read CICD lambdas file.');
+    })();
+    const s3 = await (0, deployLambdaCode_1.deployLambdaCode)({
+        lambdaInput,
+        lambdaExternals: [],
+        /**
+         * Needs stackName to define the S3 key.
+         */
+        stackName,
+    });
+    if (!s3 || !s3.bucket) {
+        throw new Error('Cannot retrieve bucket in which Lambda code was deployed.');
+    }
+    return s3;
+};
+const waitRepositoryImageUpdate = async ({ stackName, }) => {
+    npmlog_1.default.info(logPrefix, 'Starting repository image update...');
+    const { OutputValue: projectName } = await (0, cloudFormation_core_1.getStackOutput)({
+        stackName,
+        outputKey: cicd_template_1.REPOSITORY_IMAGE_CODE_BUILD_PROJECT_LOGICAL_ID,
+    });
+    if (!projectName) {
+        throw new Error(`Cannot retrieve repository image CodeBuild project name.`);
+    }
+    const build = await (0, utils_2.startCodeBuildBuild)({ projectName });
+    if (build.id) {
+        await (0, utils_2.waitCodeBuildFinish)({ buildId: build.id, name: stackName });
+    }
+};
+const deployCicd = async ({ cpu, memory, pipelines, updateRepository, slackWebhookUrl, sshKey, sshUrl, taskEnvironment, }) => {
+    try {
+        const { stackName } = await (0, utils_1.handleDeployInitialization)({
+            logPrefix,
+            stackName: (0, getCicdStackName_1.getCicdStackName)(),
+        });
+        await (0, cloudFormation_core_1.deploy)({
+            template: (0, cicd_template_1.getCicdTemplate)({
+                cpu,
+                memory,
+                pipelines,
+                s3: await deployCicdLambdas({ stackName }),
+                slackWebhookUrl,
+                taskEnvironment,
+            }),
+            params: {
+                StackName: stackName,
+                Parameters: [
+                    { ParameterKey: 'SSHUrl', ParameterValue: sshUrl },
+                    { ParameterKey: 'SSHKey', ParameterValue: sshKey },
+                ],
+            },
+            terminationProtection: true,
+        });
+        if (updateRepository) {
+            await waitRepositoryImageUpdate({ stackName });
+        }
+    }
+    catch (error) {
+        (0, utils_1.handleDeployError)({ error, logPrefix });
+    }
+};
+exports.deployCicd = deployCicd;

package/dist/deploy/cicd/ecsTaskReportCommand.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ecsTaskReportCommand = void 0;
+const tslib_1 = require("tslib");
+const aws_sdk_1 = tslib_1.__importDefault(require("aws-sdk"));
+const npmlog_1 = tslib_1.__importDefault(require("npmlog"));
+const logPrefix = 'cicd-ecs-task-report';
+/**
+ * This method create the payload to send to Lambda ECS task report handler.
+ *
+ * @param param.status execution status.
+ */
+const sendEcsTaskReport = async ({ status }) => {
+    if (!process.env.ECS_TASK_REPORT_HANDLER_NAME) {
+        npmlog_1.default.info(logPrefix, 'ECS_TASK_REPORT_HANDLER_NAME not defined.');
+        return;
+    }
+    const lambda = new aws_sdk_1.default.Lambda();
+    const payload = { status };
+    if (process.env.ECS_TASK_ARN) {
+        payload.ecsTaskArn = process.env.ECS_TASK_ARN;
+    }
+    if (process.env.PIPELINE_NAME) {
+        payload.pipelineName = process.env.PIPELINE_NAME;
+    }
+    await lambda
+        .invokeAsync({
+        FunctionName: process.env.ECS_TASK_REPORT_HANDLER_NAME,
+        InvokeArgs: JSON.stringify(payload),
+    })
+        .promise();
+    npmlog_1.default.info(logPrefix, 'Report sent.');
+};
+const options = {
+    status: {
+        choices: ['Approved', 'Rejected', 'MainTagFound'],
+        demandOption: true,
+        type: 'string',
+    },
+};
+/**
+ * Used to send report to ECS Task Report Handler Lambda.
+ */
+exports.ecsTaskReportCommand = {
+    command: 'cicd-ecs-task-report',
+    describe: false,
+    builder: (yargs) => yargs.options(options),
+    handler: async (args) => {
+        return sendEcsTaskReport(args);
+    },
+};

package/dist/deploy/cicd/getCicdStackName.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getCicdStackName = void 0;
+const change_case_1 = require("change-case");
+const config_1 = require("../../config");
+const getProjectName_1 = require("../../utils/getProjectName");
+const getCicdStackName = () => {
+    const project = (0, getProjectName_1.getProjectName)();
+    return (0, change_case_1.pascalCase)([config_1.NAME, 'Cicd', project].join(' '));
+};
+exports.getCicdStackName = getCicdStackName;

package/dist/deploy/cicd/getTriggerPipelineObjectKey.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getTriggerPipelinesObjectKey = void 0;
+/**
+ * The file with this key inside the source S3 key of main and tag pipelines
+ * will trigger those pipelines.
+ */
+const getTriggerPipelinesObjectKey = ({ prefix, pipeline, }) => {
+    return `${prefix}/${pipeline}.zip`;
+};
+exports.getTriggerPipelinesObjectKey = getTriggerPipelinesObjectKey;

package/dist/deploy/cicd/lambdas/cicdApiV1.handler.js

@@ -0,0 +1,124 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cicdApiV1Handler = void 0;
+const aws_sdk_1 = require("aws-sdk");
+const executeTasks_1 = require("./executeTasks");
+const getProcessEnvVariable_1 = require("./getProcessEnvVariable");
+const codebuild = new aws_sdk_1.CodeBuild({ apiVersion: '2016-10-06' });
+/**
+ * The CI/CD REST API is responsible to update the image of the repository and
+ * running tasks inside a container using [ECS Fargate](https://aws.amazon.com/fargate/).
+ * The API URL has the format of an [AWS API Gateway](https://aws.amazon.com/api-gateway/) URL:
+ *
+ * ```sh
+ * https://<api-id>.execute-api.<region>.amazonaws.com/v1
+ * ```
+ *
+ * It can be found on the "Outputs" tab if you access the CI/CD stack details
+ * from AWS Console or by the output `ApiV1Endpoint` that is printed after the
+ * stack creation.
+ *
+ * Such API has the `/cicd` endpoint, that is consumed by a POST method. This
+ * endpoint has two actions, defined by the `action` property, passed inside
+ * the body of the POST method.
+ *
+ * - **updateRepository**
+ *
+ *   This action update the repository image on AWS ECR. This command is useful
+ *   to you update your _node_modules_ folder or your [Yarn cache](https://classic.yarnpkg.com/en/docs/cli/cache/).
+ *
+ *   Body interface:
+ *
+ *   ```ts
+ *   {
+ *     action: "updateRepository";
+ *   }
+ *   ```
+ *
+ * - **executeTask**
+ *
+ *   This action create an execution of your repository image using [ECS Fargate](https://aws.amazon.com/fargate/).
+ *   The commands that will be executed is passed by the `commands` property,
+ *   which receives an array of commands. You can also provide the following
+ *   properties:
+ *
+ *   - `cpu`: CPU value reserved for the task.
+ *   - `memory`: memory value reserved for the task.
+ *   - `taskEnvironment`: list of environment variables that can be accessed
+ *     on task execution.
+ *
+ *   Body interface:
+ *
+ *   ```ts
+ *   {
+ *      action: "executeTask";
+ *      commands: string[];
+ *      cpu?: string;
+ *      memory?: string;
+ *      taskEnvironment?: Array<{ name: string; value: string }>;
+ *   }
+ *   ```
+ *
+ *   Example:
+ *
+ *   ```json
+ *   {
+ *      "action": "executeTask",
+ *      "commands": [
+ *        "git status",
+ *        "git pull origin main",
+ *        "yarn",
+ *        "yarn test"
+ *      ],
+ *      "cpu": "1024",
+ *      "memory": "2048",
+ *      "taskEnvironment": [
+ *        {
+ *           "name": "CI",
+ *           "value": "true"
+ *        }
+ *      ]
+ *   }
+ *   ```
+ *
+ */
+const cicdApiV1Handler = async (event) => {
+    try {
+        const body = JSON.parse(event.body || JSON.stringify({}));
+        let response;
+        if (body.action === 'updateRepository') {
+            response = await codebuild
+                .startBuild({
+                projectName: (0, getProcessEnvVariable_1.getProcessEnvVariable)('PROCESS_ENV_REPOSITORY_IMAGE_CODE_BUILD_PROJECT_NAME'),
+            })
+                .promise();
+        }
+        if (body.action === 'executeTask') {
+            const { commands = [], cpu, memory, taskEnvironment = [] } = body;
+            if (commands.length === 0) {
+                throw new Error('Commands were not provided.');
+            }
+            response = await (0, executeTasks_1.executeTasks)({ commands, cpu, memory, taskEnvironment });
+        }
+        if (response) {
+            return {
+                statusCode: 200,
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify(response),
+            };
+        }
+        return {
+            statusCode: 403,
+            body: 'Execute access forbidden',
+        };
+    }
+    catch (error) {
+        return {
+            statusCode: 400,
+            body: error.message,
+        };
+    }
+};
+exports.cicdApiV1Handler = cicdApiV1Handler;

package/dist/deploy/cicd/lambdas/ecsTaskReport.handler.js

@@ -0,0 +1,126 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ecsTaskReportHandler = exports.getEcsTaskTags = exports.getEcsTaskLogsUrl = void 0;
+const aws_sdk_1 = require("aws-sdk");
+const webhook_1 = require("@slack/webhook");
+const putApprovalResultManualTask_1 = require("./putApprovalResultManualTask");
+const ecs = new aws_sdk_1.ECS({ apiVersion: '2014-11-13' });
+const getEcsTaskId = ({ ecsTaskArn }) => {
+    /**
+     * Arn has the following format:
+     * arn:aws:ecs:us-east-1:483684946879:task/CarlinCicdCarlinMonorepo-RepositoryTasksECSCluster-1J6saGT91hCr/6fcc78682de442ae89a0b7339ac7d981
+     *
+     * We want the "6fcc78682de442ae89a0b7339ac7d981" part.
+     */
+    const ecsTaskId = ecsTaskArn.split('/')[2];
+    return ecsTaskId;
+};
+const getEcsTaskCluster = ({ ecsTaskArn }) => {
+    /**
+     * Arn has the following format:
+     * arn:aws:ecs:us-east-1:483684946879:task/CarlinCicdCarlinMonorepo-RepositoryTasksECSCluster-1J6saGT91hCr/6fcc78682de442ae89a0b7339ac7d981
+     *
+     * We want the "CarlinCicdCarlinMonorepo-RepositoryTasksECSCluster-1J6saGT91hCr" part.
+     */
+    const ecsTaskCluster = ecsTaskArn.split('/')[1];
+    return ecsTaskCluster;
+};
+const getEcsTaskLogsUrl = ({ ecsTaskArn }) => {
+    if (!process.env.ECS_TASK_CONTAINER_NAME ||
+        !process.env.ECS_TASK_LOGS_LOG_GROUP) {
+        return undefined;
+    }
+    const ecsTaskId = getEcsTaskId({ ecsTaskArn });
+    const ecsTaskLogsUrl = new URL([
+        /**
+         * https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-runtime
+         */
+        `https://console.aws.amazon.com/cloudwatch/home?region=${process.env.AWS_REGION}#logsV2:log-groups`,
+        'log-group',
+        process.env.ECS_TASK_LOGS_LOG_GROUP,
+        'log-events',
+        `ecs/${process.env.ECS_TASK_CONTAINER_NAME}/${ecsTaskId}`.replace(/\//g, '%252F'),
+    ]
+        .join('/')
+        .replace(/"/g, ''));
+    return ecsTaskLogsUrl.href;
+};
+exports.getEcsTaskLogsUrl = getEcsTaskLogsUrl;
+const getEcsTaskTags = async ({ ecsTaskArn, }) => {
+    try {
+        const cluster = getEcsTaskCluster({ ecsTaskArn });
+        const { tasks } = await ecs
+            .describeTasks({ cluster, include: ['TAGS'], tasks: [ecsTaskArn] })
+            .promise();
+        const task = tasks === null || tasks === void 0 ? void 0 : tasks[0];
+        if (!task) {
+            return undefined;
+        }
+        return task.tags;
+    }
+    catch (error) {
+        return undefined;
+    }
+};
+exports.getEcsTaskTags = getEcsTaskTags;
+/**
+ * This method is invoked when an ECS task is executed and the success or
+ * failure commands calls `carlin cicd-ecs-task-report --status=<status>`.
+ */
+const ecsTaskReportHandler = async ({ ecsTaskArn, status, pipelineName, }) => {
+    const logs = ecsTaskArn && (0, exports.getEcsTaskLogsUrl)({ ecsTaskArn });
+    const handleApprovalResult = async () => {
+        if (pipelineName) {
+            await (0, putApprovalResultManualTask_1.putApprovalResultManualTask)({
+                pipelineName,
+                result: {
+                    status: status === 'MainTagFound' ? 'Approved' : status,
+                    summary: JSON.stringify({ status, logs }),
+                },
+            });
+        }
+    };
+    const ecsTaskTags = ecsTaskArn && (await (0, exports.getEcsTaskTags)({ ecsTaskArn }));
+    const handleStackNotification = async () => {
+        /**
+         * Do not send a notification if the task was main pipeline with tag.
+         */
+        if (status === 'MainTagFound') {
+            return;
+        }
+        const url = process.env.SLACK_WEBHOOK_URL;
+        if (!url) {
+            return;
+        }
+        const webhook = new webhook_1.IncomingWebhook(url);
+        /**
+         * Block Kit Builder: https://app.slack.com/block-kit-builder/TJ79J0ZU3#%7B%22blocks%22:%5B%5D%7D
+         * Formatting: https://api.slack.com/reference/surfaces/formatting
+         */
+        await webhook.send({
+            blocks: [
+                {
+                    type: 'section',
+                    text: {
+                        type: 'mrkdwn',
+                        text: `<${logs}|Logs>`,
+                    },
+                },
+                {
+                    type: 'section',
+                    text: {
+                        type: 'mrkdwn',
+                        text: `\`\`\`${JSON.stringify({
+                            status,
+                            pipelineName,
+                            ecsTaskTags,
+                        }, null, 2)}\`\`\``,
+                    },
+                },
+            ],
+        });
+    };
+    await Promise.all([handleApprovalResult(), handleStackNotification()]);
+    return { statusCode: 200, body: 'ok' };
+};
+exports.ecsTaskReportHandler = ecsTaskReportHandler;

package/dist/deploy/cicd/lambdas/executeTasks.js

@@ -0,0 +1,67 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.executeTasks = void 0;
+const aws_sdk_1 = require("aws-sdk");
+const shConditionalCommands_1 = require("./shConditionalCommands");
+const getProcessEnvVariable_1 = require("./getProcessEnvVariable");
+const ecs = new aws_sdk_1.ECS({ apiVersion: '2014-11-13', maxRetries: 3 });
+const executeTasks = async ({ commands = [], cpu, memory, taskEnvironment = [], tags = [], }) => {
+    const command = (0, shConditionalCommands_1.compileCommands)([
+        /**
+         * https://stackoverflow.com/questions/2853803/how-to-echo-shell-commands-as-they-are-executed/2853811
+         */
+        'set -x',
+        /**
+         * https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint-v3.html
+         */
+        `export ECS_TASK_ARN=$(curl -X GET "\${ECS_CONTAINER_METADATA_URI}/task" | jq ".TaskARN")`,
+        ...commands,
+    ]);
+    const response = await ecs
+        .runTask({
+        taskDefinition: (0, getProcessEnvVariable_1.getProcessEnvVariable)('ECS_TASK_DEFINITION'),
+        cluster: (0, getProcessEnvVariable_1.getProcessEnvVariable)('ECS_CLUSTER_ARN'),
+        count: 1,
+        launchType: 'FARGATE',
+        networkConfiguration: {
+            awsvpcConfiguration: {
+                subnets: [
+                    (0, getProcessEnvVariable_1.getProcessEnvVariable)('VPC_PUBLIC_SUBNET_0'),
+                    (0, getProcessEnvVariable_1.getProcessEnvVariable)('VPC_PUBLIC_SUBNET_1'),
+                    (0, getProcessEnvVariable_1.getProcessEnvVariable)('VPC_PUBLIC_SUBNET_2'),
+                ],
+                assignPublicIp: 'ENABLED',
+                securityGroups: [(0, getProcessEnvVariable_1.getProcessEnvVariable)('VPC_SECURITY_GROUP')],
+            },
+        },
+        overrides: {
+            containerOverrides: [
+                {
+                    command: ['sh', '-cv', command],
+                    name: (0, getProcessEnvVariable_1.getProcessEnvVariable)('ECS_CONTAINER_NAME'),
+                    environment: [
+                        {
+                            name: 'CI',
+                            value: 'true',
+                        },
+                        {
+                            name: 'ECS_ENABLE_CONTAINER_METADATA',
+                            value: 'true',
+                        },
+                        {
+                            name: 'ECS_TASK_REPORT_HANDLER_NAME',
+                            value: (0, getProcessEnvVariable_1.getProcessEnvVariable)('ECS_TASK_REPORT_HANDLER_NAME'),
+                        },
+                        ...taskEnvironment,
+                    ],
+                },
+            ],
+            cpu,
+            memory,
+        },
+        tags,
+    })
+        .promise();
+    return response;
+};
+exports.executeTasks = executeTasks;

package/dist/deploy/cicd/lambdas/getProcessEnvVariable.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getProcessEnvVariable = void 0;
+const getProcessEnvVariable = (env) => {
+    if (process.env[env]) {
+        return process.env[env];
+    }
+    throw new Error(`process.env.${env} is not defined.`);
+};
+exports.getProcessEnvVariable = getProcessEnvVariable;