carlin 1.31.11 → 1.31.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (74) hide show
  1. package/dist/index.js +4477 -4
  2. package/package.json +10 -10
  3. package/dist/cli.js +0 -246
  4. package/dist/config.js +0 -11
  5. package/dist/deploy/addDefaults.cloudformation.js +0 -151
  6. package/dist/deploy/baseStack/command.js +0 -9
  7. package/dist/deploy/baseStack/config.js +0 -30
  8. package/dist/deploy/baseStack/deployBaseStack.js +0 -62
  9. package/dist/deploy/baseStack/getBaseStackResource.js +0 -27
  10. package/dist/deploy/baseStack/getBucketTemplate.js +0 -46
  11. package/dist/deploy/baseStack/getLambdaImageBuilderTemplate.js +0 -188
  12. package/dist/deploy/baseStack/getLambdaLayerBuilderTemplate.js +0 -142
  13. package/dist/deploy/baseStack/getVpcTemplate.js +0 -169
  14. package/dist/deploy/cicd/cicd.template.js +0 -938
  15. package/dist/deploy/cicd/command.js +0 -31
  16. package/dist/deploy/cicd/command.options.js +0 -79
  17. package/dist/deploy/cicd/config.js +0 -8
  18. package/dist/deploy/cicd/deployCicd.js +0 -121
  19. package/dist/deploy/cicd/ecsTaskReportCommand.js +0 -55
  20. package/dist/deploy/cicd/getCicdStackName.js +0 -11
  21. package/dist/deploy/cicd/getTriggerPipelineObjectKey.js +0 -11
  22. package/dist/deploy/cicd/lambdas/cicdApiV1.handler.js +0 -124
  23. package/dist/deploy/cicd/lambdas/ecsTaskReport.handler.js +0 -126
  24. package/dist/deploy/cicd/lambdas/executeTasks.js +0 -67
  25. package/dist/deploy/cicd/lambdas/getProcessEnvVariable.js +0 -10
  26. package/dist/deploy/cicd/lambdas/githubWebhooksApiV1.handler.js +0 -148
  27. package/dist/deploy/cicd/lambdas/imageUpdaterSchedule.handler.js +0 -44
  28. package/dist/deploy/cicd/lambdas/index.js +0 -13
  29. package/dist/deploy/cicd/lambdas/pipelines.handler.js +0 -160
  30. package/dist/deploy/cicd/lambdas/putApprovalResultManualTask.js +0 -51
  31. package/dist/deploy/cicd/lambdas/shConditionalCommands.js +0 -30
  32. package/dist/deploy/cicd/pipelines.js +0 -86
  33. package/dist/deploy/cicd/readSSHKey.js +0 -34
  34. package/dist/deploy/cloudformation.core.js +0 -379
  35. package/dist/deploy/cloudformation.js +0 -189
  36. package/dist/deploy/command.js +0 -205
  37. package/dist/deploy/lambda/buildLambdaSingleFile.js +0 -67
  38. package/dist/deploy/lambda/deployLambdaCode.js +0 -43
  39. package/dist/deploy/lambda/deployLambdaLayers.js +0 -36
  40. package/dist/deploy/lambda/uploadCodeToECR.js +0 -53
  41. package/dist/deploy/lambda/uploadCodeToS3.js +0 -33
  42. package/dist/deploy/lambdaLayer/command.js +0 -50
  43. package/dist/deploy/lambdaLayer/deployLambdaLayer.js +0 -139
  44. package/dist/deploy/lambdaLayer/getPackageLambdaLayerStackName.js +0 -21
  45. package/dist/deploy/readDockerfile.js +0 -40
  46. package/dist/deploy/s3.js +0 -210
  47. package/dist/deploy/stackName.js +0 -85
  48. package/dist/deploy/staticApp/command.js +0 -86
  49. package/dist/deploy/staticApp/deployStaticApp.js +0 -65
  50. package/dist/deploy/staticApp/findDefaultBuildFolder.js +0 -44
  51. package/dist/deploy/staticApp/getStaticAppBucket.js +0 -19
  52. package/dist/deploy/staticApp/invalidateCloudFront.js +0 -44
  53. package/dist/deploy/staticApp/removeOldVersions.js +0 -56
  54. package/dist/deploy/staticApp/staticApp.template.js +0 -371
  55. package/dist/deploy/staticApp/uploadBuiltAppToS3.js +0 -28
  56. package/dist/deploy/utils.js +0 -31
  57. package/dist/deploy/vercel/command.js +0 -31
  58. package/dist/deploy/vercel/deployVercel.js +0 -59
  59. package/dist/generateEnv/generateEnv.js +0 -64
  60. package/dist/generateEnv/generateEnvCommand.js +0 -29
  61. package/dist/utils/addGroupToOptions.js +0 -11
  62. package/dist/utils/cloudFormationTemplate.js +0 -142
  63. package/dist/utils/codeBuild.js +0 -52
  64. package/dist/utils/environmentVariables.js +0 -16
  65. package/dist/utils/exec.js +0 -26
  66. package/dist/utils/formatCode.js +0 -34
  67. package/dist/utils/getAwsAccountId.js +0 -10
  68. package/dist/utils/getCurrentBranch.js +0 -35
  69. package/dist/utils/getEnvironment.js +0 -8
  70. package/dist/utils/getIamPath.js +0 -6
  71. package/dist/utils/getProjectName.js +0 -35
  72. package/dist/utils/index.js +0 -31
  73. package/dist/utils/packageJson.js +0 -32
  74. package/dist/utils/spawn.js +0 -34
package/dist/deploy/cicd/cicd.template.js DELETED
@@ -1,938 +0,0 @@
1
- "use strict";
2
- var __importDefault = (this && this.__importDefault) || function (mod) {
3
- return (mod && mod.__esModule) ? mod : { "default": mod };
4
- };
5
- Object.defineProperty(exports, "__esModule", { value: true });
6
- exports.getCicdTemplate = exports.getRepositoryImageBuilder = exports.IMAGE_UPDATER_SCHEDULE_SERVERLESS_FUNCTION_LOGICAL_ID = exports.PIPELINES_HANDLER_LAMBDA_FUNCTION_LOGICAL_ID = exports.PIPELINES_TAG_LOGICAL_ID = exports.PIPELINES_MAIN_LOGICAL_ID = exports.PIPELINES_ROLE_LOGICAL_ID = exports.PIPELINES_ARTIFACT_STORE_S3_BUCKET_LOGICAL_ID = exports.REPOSITORY_TASKS_ECS_TASK_DEFINITION_TASK_ROLE_LOGICAL_ID = exports.REPOSITORY_TASKS_ECS_TASK_DEFINITION_EXECUTION_ROLE_LOGICAL_ID = exports.REPOSITORY_TASKS_ECS_CLUSTER_LOGS_LOG_GROUP_LOGICAL_ID = exports.REPOSITORY_TASKS_ECS_CLUSTER_LOGICAL_ID = exports.REPOSITORY_IMAGE_CODE_BUILD_PROJECT_LOGICAL_ID = exports.REPOSITORY_ECS_TASK_DEFINITION_LOGICAL_ID = exports.REPOSITORY_ECS_TASK_CONTAINER_NAME = exports.PROCESS_ENV_REPOSITORY_IMAGE_CODE_BUILD_PROJECT_NAME = exports.ECS_TASK_REPORT_HANDLER_LAMBDA_FUNCTION_LOGICAL_ID = exports.FUNCTION_IAM_ROLE_LOGICAL_ID = exports.ECR_REPOSITORY_LOGICAL_ID = exports.CODE_BUILD_PROJECT_SERVICE_ROLE_LOGICAL_ID = exports.CODE_BUILD_PROJECT_LOGS_LOGICAL_ID = exports.API_LOGICAL_ID = void 0;
7
- const config_1 = require("../baseStack/config");
8
- const command_options_1 = require("./command.options");
9
- const utils_1 = require("../../utils");
10
- const config_2 = require("./config");
11
- const config_3 = require("../../config");
12
- const getTriggerPipelineObjectKey_1 = require("./getTriggerPipelineObjectKey");
13
- const change_case_1 = require("change-case");
14
- const js_yaml_1 = __importDefault(require("js-yaml"));
15
- exports.API_LOGICAL_ID = 'ApiV1ServerlessApi';
16
- exports.CODE_BUILD_PROJECT_LOGS_LOGICAL_ID = 'RepositoryImageCodeBuildProjectLogsLogGroup';
17
- exports.CODE_BUILD_PROJECT_SERVICE_ROLE_LOGICAL_ID = 'RepositoryImageCodeBuildProjectIAMRole';
18
- exports.ECR_REPOSITORY_LOGICAL_ID = 'RepositoryECRRepository';
19
- exports.FUNCTION_IAM_ROLE_LOGICAL_ID = 'ApiV1ServerlessFunctionIAMRole';
20
- exports.ECS_TASK_REPORT_HANDLER_LAMBDA_FUNCTION_LOGICAL_ID = 'EcsTaskReportHandler';
21
- exports.PROCESS_ENV_REPOSITORY_IMAGE_CODE_BUILD_PROJECT_NAME = 'REPOSITORY_IMAGE_CODE_BUILD_PROJECT_NAME';
22
- exports.REPOSITORY_ECS_TASK_CONTAINER_NAME = 'RepositoryECSTaskContainerName';
23
- exports.REPOSITORY_ECS_TASK_DEFINITION_LOGICAL_ID = 'RepositoryECSTaskDefinition';
24
- exports.REPOSITORY_IMAGE_CODE_BUILD_PROJECT_LOGICAL_ID = 'RepositoryImageCodeBuildProject';
25
- exports.REPOSITORY_TASKS_ECS_CLUSTER_LOGICAL_ID = 'RepositoryTasksECSCluster';
26
- exports.REPOSITORY_TASKS_ECS_CLUSTER_LOGS_LOG_GROUP_LOGICAL_ID = 'RepositoryTasksECSClusterLogsLogGroup';
27
- exports.REPOSITORY_TASKS_ECS_TASK_DEFINITION_EXECUTION_ROLE_LOGICAL_ID = 'RepositoryTasksECSTaskDefinitionExecutionRoleIAMRole';
28
- exports.REPOSITORY_TASKS_ECS_TASK_DEFINITION_TASK_ROLE_LOGICAL_ID = 'RepositoryTasksECSTaskDefinitionTaskRoleIAMRole';
29
- exports.PIPELINES_ARTIFACT_STORE_S3_BUCKET_LOGICAL_ID = 'PipelinesArtifactStoreS3Bucket';
30
- exports.PIPELINES_ROLE_LOGICAL_ID = 'PipelinesMainIAMRole';
31
- exports.PIPELINES_MAIN_LOGICAL_ID = 'PipelinesMainCodePipeline';
32
- exports.PIPELINES_TAG_LOGICAL_ID = 'PipelinesTagCodePipeline';
33
- exports.PIPELINES_HANDLER_LAMBDA_FUNCTION_LOGICAL_ID = 'PipelinesHandlerLambdaFunction';
34
- exports.IMAGE_UPDATER_SCHEDULE_SERVERLESS_FUNCTION_LOGICAL_ID = 'ImageUpdaterScheduleServerlessFunction';
35
- /**
36
- * An [AWS CodeBuild](https://aws.amazon.com/codebuild/) project is created
37
- * to build (create and update) repository images. It uses a
38
- * [BUILD\_GENERAL1\_SMALL environment compute type](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html)
39
- * with Linux as operational system to build the image.
40
- */
41
- const getRepositoryImageBuilder = () => {
42
- /**
43
- * Get only the number of NODE_RUNTIME. For example, if NODE_RUNTIME is
44
- * `nodejs14.x`, then `nodeRuntimeNumber` will be `14`.
45
- */
46
- const nodeRuntimeNumber = config_3.NODE_RUNTIME.replace('nodejs', '').replace('.x', '');
47
- return {
48
- Type: 'AWS::CodeBuild::Project',
49
- Properties: {
50
- Artifacts: {
51
- Type: 'NO_ARTIFACTS',
52
- },
53
- Cache: {
54
- Location: 'LOCAL',
55
- Modes: ['LOCAL_DOCKER_LAYER_CACHE'],
56
- Type: 'LOCAL',
57
- },
58
- Description: 'Create repository image.',
59
- Environment: {
60
- ComputeType: 'BUILD_GENERAL1_SMALL',
61
- EnvironmentVariables: [
62
- {
63
- Name: 'AWS_ACCOUNT_ID',
64
- Value: { Ref: 'AWS::AccountId' },
65
- },
66
- {
67
- Name: 'AWS_REGION',
68
- Value: { Ref: 'AWS::Region' },
69
- },
70
- {
71
- Name: 'DOCKERFILE',
72
- Value: {
73
- 'Fn::Sub': [
74
- 'FROM public.ecr.aws/ubuntu/ubuntu:20.04_stable',
75
- // https://stackoverflow.com/a/59693182/8786986
76
- 'ENV DEBIAN_FRONTEND noninteractive',
77
- // Make sure apt is up to date
78
- 'RUN apt-get update --fix-missing',
79
- 'RUN apt-get install -y curl',
80
- 'RUN apt-get install -y git',
81
- 'RUN apt-get install -y jq',
82
- // Install Node.js
83
- `RUN curl -fsSL https://deb.nodesource.com/setup_${nodeRuntimeNumber}.x | bash -`,
84
- 'RUN apt-get install -y nodejs',
85
- // Clean cache
86
- 'RUN apt-get clean',
87
- // Install Yarn
88
- 'RUN npm install -g yarn',
89
- // Install carlin CLI
90
- 'RUN yarn global add carlin',
91
- // Configure git
92
- 'RUN git config --global user.name carlin',
93
- 'RUN git config --global user.email carlin@ttoss.dev',
94
- 'RUN mkdir /root/.ssh/',
95
- 'COPY ./id_rsa /root/.ssh/id_rsa',
96
- 'RUN chmod 600 /root/.ssh/id_rsa',
97
- // Make sure your domain is accepted
98
- 'RUN touch /root/.ssh/known_hosts',
99
- 'RUN ssh-keyscan github.com >> /root/.ssh/known_hosts',
100
- // Copy repository
101
- 'COPY . /home',
102
- // Go to repository directory
103
- 'WORKDIR /home/repository',
104
- // Set Yarn cache
105
- 'RUN mkdir -p /home/yarn-cache',
106
- 'RUN yarn config set cache-folder /home/yarn-cache',
107
- 'RUN yarn install',
108
- // Used in case of yarn.lock is modified.
109
- 'RUN git checkout -- yarn.lock',
110
- ].join('\n'),
111
- },
112
- },
113
- {
114
- Name: 'IMAGE_TAG',
115
- Value: 'latest',
116
- },
117
- {
118
- Name: 'REPOSITORY_ECR_REPOSITORY',
119
- Value: { Ref: exports.ECR_REPOSITORY_LOGICAL_ID },
120
- },
121
- {
122
- Name: 'SSH_KEY',
123
- Value: { Ref: 'SSHKey' },
124
- },
125
- {
126
- Name: 'SSH_URL',
127
- Value: { Ref: 'SSHUrl' },
128
- },
129
- ],
130
- Image: 'aws/codebuild/standard:3.0',
131
- ImagePullCredentialsType: 'CODEBUILD',
132
- /**
133
- * Enables running the Docker daemon inside a Docker container. Set to
134
- * true only if the build project is used to build Docker images.
135
- * Otherwise, a build that attempts to interact with the Docker daemon
136
- * fails. The default setting is false."
137
- * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-environment.html#cfn-codebuild-project-environment-privilegedmode
138
- */
139
- PrivilegedMode: true,
140
- Type: 'LINUX_CONTAINER',
141
- },
142
- LogsConfig: {
143
- CloudWatchLogs: {
144
- Status: 'ENABLED',
145
- GroupName: { Ref: exports.CODE_BUILD_PROJECT_LOGS_LOGICAL_ID },
146
- },
147
- },
148
- ServiceRole: {
149
- 'Fn::GetAtt': [exports.CODE_BUILD_PROJECT_SERVICE_ROLE_LOGICAL_ID, 'Arn'],
150
- },
151
- Source: {
152
- BuildSpec: js_yaml_1.default.dump({
153
- version: '0.2',
154
- phases: {
155
- install: {
156
- commands: [
157
- 'echo install started on `date`',
158
- `echo "$SSH_KEY" > ~/.ssh/id_rsa`,
159
- 'chmod 600 ~/.ssh/id_rsa',
160
- 'rm -rf repository',
161
- 'git clone $SSH_URL repository',
162
- 'cd repository',
163
- 'ls',
164
- ],
165
- },
166
- pre_build: {
167
- commands: ['echo pre_build started on `date`'],
168
- },
169
- build: {
170
- commands: [
171
- 'echo build started on `date`',
172
- '$(aws ecr get-login --no-include-email --region $AWS_REGION)',
173
- 'echo Building the repository image...',
174
- 'cd ../',
175
- 'cp ~/.ssh/id_rsa .',
176
- 'echo "$DOCKERFILE" > Dockerfile',
177
- 'cat Dockerfile',
178
- 'docker build -t $REPOSITORY_ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile .',
179
- 'docker tag $REPOSITORY_ECR_REPOSITORY:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$REPOSITORY_ECR_REPOSITORY:$IMAGE_TAG',
180
- 'echo Pushing the repository image...',
181
- 'docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$REPOSITORY_ECR_REPOSITORY:$IMAGE_TAG',
182
- ],
183
- },
184
- post_build: {
185
- commands: ['echo post_build completed on `date`'],
186
- },
187
- },
188
- }),
189
- Type: 'NO_SOURCE',
190
- },
191
- TimeoutInMinutes: 15,
192
- },
193
- };
194
- };
195
- exports.getRepositoryImageBuilder = getRepositoryImageBuilder;
196
- /**
197
- * This variable is used inside GitHub webhooks to identify the object key
198
- * prefix of the file that triggers the pipelines.
199
- */
200
- const triggerPipelinesObjectKeyPrefix = [
201
- 'cicd',
202
- 'pipelines',
203
- 'triggers',
204
- (0, utils_1.getProjectName)(),
205
- ].join('/');
206
- const getCicdTemplate = ({ pipelines = [], cpu = config_2.ECS_TASK_DEFAULT_CPU, memory = config_2.ECS_TASK_DEFAULT_MEMORY, s3, slackWebhookUrl, taskEnvironment = [], }) => {
207
- const resources = {};
208
- const executeEcsTaskVariables = {
209
- ECS_CLUSTER_ARN: {
210
- 'Fn::GetAtt': [exports.REPOSITORY_TASKS_ECS_CLUSTER_LOGICAL_ID, 'Arn'],
211
- },
212
- ECS_CONTAINER_NAME: exports.REPOSITORY_ECS_TASK_CONTAINER_NAME,
213
- ECS_TASK_DEFINITION: {
214
- Ref: exports.REPOSITORY_ECS_TASK_DEFINITION_LOGICAL_ID,
215
- },
216
- VPC_SECURITY_GROUP: {
217
- 'Fn::ImportValue': config_1.BASE_STACK_VPC_DEFAULT_SECURITY_GROUP_EXPORTED_NAME,
218
- },
219
- VPC_PUBLIC_SUBNET_0: {
220
- 'Fn::ImportValue': config_1.BASE_STACK_VPC_PUBLIC_SUBNET_0_EXPORTED_NAME,
221
- },
222
- VPC_PUBLIC_SUBNET_1: {
223
- 'Fn::ImportValue': config_1.BASE_STACK_VPC_PUBLIC_SUBNET_1_EXPORTED_NAME,
224
- },
225
- VPC_PUBLIC_SUBNET_2: {
226
- 'Fn::ImportValue': config_1.BASE_STACK_VPC_PUBLIC_SUBNET_2_EXPORTED_NAME,
227
- },
228
- ECS_TASK_REPORT_HANDLER_NAME: {
229
- Ref: exports.ECS_TASK_REPORT_HANDLER_LAMBDA_FUNCTION_LOGICAL_ID,
230
- },
231
- };
232
- /**
233
- * The algorithm will clone the repository and will create a Docker image
234
- * to be used to perform your commands. [Yarn cache](https://classic.yarnpkg.com/en/docs/cli/cache/)
235
- * will also be saved together with the code to reduce packages installation
236
- * time. The created image will be pushed to [Amazon Elastic Container Registry](https://aws.amazon.com/ecr/).
237
- * with a defined expiration rule is also defined. The registry only keeps
238
- * the latest image.
239
- */
240
- const getEcrRepositoryResource = () => {
241
- return {
242
- Type: 'AWS::ECR::Repository',
243
- Properties: {
244
- LifecyclePolicy: {
245
- LifecyclePolicyText: JSON.stringify({
246
- rules: [
247
- {
248
- rulePriority: 1,
249
- description: 'Only keep the latest image',
250
- selection: {
251
- tagStatus: 'any',
252
- countType: 'imageCountMoreThan',
253
- countNumber: 1,
254
- },
255
- action: {
256
- type: 'expire',
257
- },
258
- },
259
- ],
260
- }, null, 2),
261
- },
262
- },
263
- };
264
- };
265
- resources[exports.ECR_REPOSITORY_LOGICAL_ID] = getEcrRepositoryResource();
266
- const commonFunctionProperties = {
267
- CodeUri: {
268
- Bucket: s3.bucket,
269
- Key: s3.key,
270
- Version: s3.versionId,
271
- },
272
- Role: {
273
- 'Fn::GetAtt': [exports.FUNCTION_IAM_ROLE_LOGICAL_ID, 'Arn'],
274
- },
275
- Runtime: config_3.NODE_RUNTIME,
276
- Timeout: 60,
277
- };
278
- /**
279
- * CodeBuild
280
- */
281
- (() => {
282
- resources[exports.CODE_BUILD_PROJECT_LOGS_LOGICAL_ID] = {
283
- Type: 'AWS::Logs::LogGroup',
284
- DeletionPolicy: 'Delete',
285
- Properties: {},
286
- };
287
- resources[exports.CODE_BUILD_PROJECT_SERVICE_ROLE_LOGICAL_ID] = {
288
- Type: 'AWS::IAM::Role',
289
- Properties: {
290
- AssumeRolePolicyDocument: {
291
- Version: '2012-10-17',
292
- Statement: [
293
- {
294
- Effect: 'Allow',
295
- Principal: {
296
- Service: 'codebuild.amazonaws.com',
297
- },
298
- Action: 'sts:AssumeRole',
299
- },
300
- ],
301
- },
302
- Path: (0, utils_1.getIamPath)(),
303
- Policies: [
304
- {
305
- PolicyName: `${exports.CODE_BUILD_PROJECT_SERVICE_ROLE_LOGICAL_ID}Policy`,
306
- PolicyDocument: {
307
- Version: '2012-10-17',
308
- Statement: [
309
- {
310
- Effect: 'Allow',
311
- Action: ['logs:CreateLogStream', 'logs:PutLogEvents'],
312
- Resource: '*',
313
- },
314
- {
315
- Effect: 'Allow',
316
- Action: ['ecr:GetAuthorizationToken'],
317
- Resource: '*',
318
- },
319
- {
320
- Effect: 'Allow',
321
- Action: [
322
- 'ecr:BatchCheckLayerAvailability',
323
- 'ecr:CompleteLayerUpload',
324
- 'ecr:InitiateLayerUpload',
325
- 'ecr:PutImage',
326
- 'ecr:UploadLayerPart',
327
- ],
328
- Resource: {
329
- 'Fn::GetAtt': [exports.ECR_REPOSITORY_LOGICAL_ID, 'Arn'],
330
- },
331
- },
332
- ],
333
- },
334
- },
335
- ],
336
- },
337
- };
338
- resources[exports.REPOSITORY_IMAGE_CODE_BUILD_PROJECT_LOGICAL_ID] =
339
- (0, exports.getRepositoryImageBuilder)();
340
- const cicdConfig = {
341
- ...(0, command_options_1.getCicdConfig)(),
342
- 'ssh-key': '/root/.ssh/id_rsa',
343
- environment: (0, utils_1.getEnvironment)(),
344
- };
345
- resources[exports.IMAGE_UPDATER_SCHEDULE_SERVERLESS_FUNCTION_LOGICAL_ID] = {
346
- Type: 'AWS::Serverless::Function',
347
- Properties: {
348
- ...commonFunctionProperties,
349
- Events: {
350
- Schedule: {
351
- Type: 'Schedule',
352
- Properties: {
353
- Schedule: 'rate(7 days)',
354
- },
355
- },
356
- },
357
- Environment: {
358
- Variables: {
359
- [exports.PROCESS_ENV_REPOSITORY_IMAGE_CODE_BUILD_PROJECT_NAME]: {
360
- Ref: exports.REPOSITORY_IMAGE_CODE_BUILD_PROJECT_LOGICAL_ID,
361
- },
362
- CICD_CONFIG: JSON.stringify(cicdConfig),
363
- ...executeEcsTaskVariables,
364
- },
365
- },
366
- Handler: 'index.imageUpdaterScheduleHandler',
367
- },
368
- };
369
- })();
370
- const createApiResources = () => {
371
- resources[exports.API_LOGICAL_ID] = {
372
- Type: 'AWS::Serverless::Api',
373
- Properties: {
374
- Auth: {
375
- ApiKeyRequired: false,
376
- },
377
- StageName: 'v1',
378
- },
379
- };
380
- resources[exports.FUNCTION_IAM_ROLE_LOGICAL_ID] = {
381
- Type: 'AWS::IAM::Role',
382
- Properties: {
383
- AssumeRolePolicyDocument: {
384
- Version: '2012-10-17',
385
- Statement: [
386
- {
387
- Effect: 'Allow',
388
- Principal: {
389
- Service: 'lambda.amazonaws.com',
390
- },
391
- Action: ['sts:AssumeRole'],
392
- },
393
- ],
394
- },
395
- ManagedPolicyArns: [
396
- 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole',
397
- ],
398
- Path: (0, utils_1.getIamPath)(),
399
- Policies: [
400
- {
401
- PolicyName: `${exports.FUNCTION_IAM_ROLE_LOGICAL_ID}Policy`,
402
- PolicyDocument: {
403
- Version: '2012-10-17',
404
- Statement: [
405
- {
406
- Effect: 'Allow',
407
- Action: ['codebuild:StartBuild'],
408
- Resource: {
409
- 'Fn::GetAtt': [
410
- exports.REPOSITORY_IMAGE_CODE_BUILD_PROJECT_LOGICAL_ID,
411
- 'Arn',
412
- ],
413
- },
414
- },
415
- {
416
- Effect: 'Allow',
417
- Action: ['iam:PassRole'],
418
- Resource: [
419
- {
420
- 'Fn::GetAtt': [
421
- exports.REPOSITORY_TASKS_ECS_TASK_DEFINITION_EXECUTION_ROLE_LOGICAL_ID,
422
- 'Arn',
423
- ],
424
- },
425
- {
426
- 'Fn::GetAtt': [
427
- exports.REPOSITORY_TASKS_ECS_TASK_DEFINITION_TASK_ROLE_LOGICAL_ID,
428
- 'Arn',
429
- ],
430
- },
431
- ],
432
- },
433
- {
434
- Effect: 'Allow',
435
- Action: ['ecs:DescribeTasks'],
436
- Resource: '*',
437
- },
438
- {
439
- Effect: 'Allow',
440
- Action: ['ecs:RunTask'],
441
- Resource: [
442
- {
443
- Ref: exports.REPOSITORY_ECS_TASK_DEFINITION_LOGICAL_ID,
444
- },
445
- ],
446
- },
447
- {
448
- Action: [
449
- 'codepipeline:PutApprovalResult',
450
- 'codepipeline:GetJobDetails',
451
- 'codepipeline:GetPipelineState',
452
- 'codepipeline:PutJobSuccessResult',
453
- 'codepipeline:PutJobFailureResult',
454
- ],
455
- Effect: 'Allow',
456
- Resource: '*',
457
- },
458
- {
459
- Action: 's3:*',
460
- Effect: 'Allow',
461
- Resource: {
462
- 'Fn::Sub': [
463
- `arn:aws:s3:::\${BucketName}/${triggerPipelinesObjectKeyPrefix}*`,
464
- {
465
- BucketName: {
466
- 'Fn::ImportValue': config_1.BASE_STACK_BUCKET_NAME_EXPORTED_NAME,
467
- },
468
- },
469
- ],
470
- },
471
- },
472
- ],
473
- },
474
- },
475
- ],
476
- },
477
- };
478
- /**
479
- * Called after ECS task execution success or failure.
480
- */
481
- resources[exports.ECS_TASK_REPORT_HANDLER_LAMBDA_FUNCTION_LOGICAL_ID] = {
482
- Type: 'AWS::Serverless::Function',
483
- Properties: {
484
- ...commonFunctionProperties,
485
- Environment: {
486
- Variables: {
487
- ECS_TASK_LOGS_LOG_GROUP: {
488
- Ref: exports.REPOSITORY_TASKS_ECS_CLUSTER_LOGS_LOG_GROUP_LOGICAL_ID,
489
- },
490
- ECS_TASK_CONTAINER_NAME: exports.REPOSITORY_ECS_TASK_CONTAINER_NAME,
491
- SLACK_WEBHOOK_URL: slackWebhookUrl,
492
- },
493
- },
494
- Handler: 'index.ecsTaskReportHandler',
495
- },
496
- };
497
- resources.CicdApiV1ServerlessFunction = {
498
- Type: 'AWS::Serverless::Function',
499
- Properties: {
500
- ...commonFunctionProperties,
501
- Events: {
502
- ApiEvent: {
503
- Type: 'Api',
504
- Properties: {
505
- Method: 'POST',
506
- Path: '/cicd',
507
- RestApiId: { Ref: exports.API_LOGICAL_ID },
508
- },
509
- },
510
- },
511
- Environment: {
512
- Variables: {
513
- [exports.PROCESS_ENV_REPOSITORY_IMAGE_CODE_BUILD_PROJECT_NAME]: {
514
- Ref: exports.REPOSITORY_IMAGE_CODE_BUILD_PROJECT_LOGICAL_ID,
515
- },
516
- ...executeEcsTaskVariables,
517
- },
518
- },
519
- Handler: 'index.cicdApiV1Handler',
520
- },
521
- };
522
- resources.GitHubWebhooksApiV1ServerlessFunction = {
523
- Type: 'AWS::Serverless::Function',
524
- Properties: {
525
- ...commonFunctionProperties,
526
- Events: {
527
- ApiEvent: {
528
- Type: 'Api',
529
- Properties: {
530
- Method: 'POST',
531
- Path: '/github/webhooks',
532
- RestApiId: { Ref: exports.API_LOGICAL_ID },
533
- },
534
- },
535
- },
536
- Environment: {
537
- Variables: {
538
- BASE_STACK_BUCKET_NAME: {
539
- 'Fn::ImportValue': config_1.BASE_STACK_BUCKET_NAME_EXPORTED_NAME,
540
- },
541
- TRIGGER_PIPELINES_OBJECT_KEY_PREFIX: triggerPipelinesObjectKeyPrefix,
542
- PIPELINES_JSON: JSON.stringify(pipelines),
543
- ...executeEcsTaskVariables,
544
- },
545
- },
546
- Handler: 'index.githubWebhooksApiV1Handler',
547
- },
548
- };
549
- };
550
- createApiResources();
551
- /**
552
- * ECS
553
- */
554
- (() => {
555
- resources[exports.REPOSITORY_TASKS_ECS_CLUSTER_LOGICAL_ID] = {
556
- Type: 'AWS::ECS::Cluster',
557
- Properties: {},
558
- };
559
- resources[exports.REPOSITORY_TASKS_ECS_CLUSTER_LOGS_LOG_GROUP_LOGICAL_ID] = {
560
- Type: 'AWS::Logs::LogGroup',
561
- DeletionPolicy: 'Delete',
562
- Properties: {},
563
- };
564
- /**
565
- * Used to start the container.
566
- */
567
- resources[exports.REPOSITORY_TASKS_ECS_TASK_DEFINITION_EXECUTION_ROLE_LOGICAL_ID] =
568
- {
569
- Type: 'AWS::IAM::Role',
570
- Properties: {
571
- AssumeRolePolicyDocument: {
572
- Version: '2012-10-17',
573
- Statement: [
574
- {
575
- Effect: 'Allow',
576
- Principal: {
577
- Service: 'ecs-tasks.amazonaws.com',
578
- },
579
- Action: 'sts:AssumeRole',
580
- },
581
- ],
582
- },
583
- ManagedPolicyArns: [
584
- 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy',
585
- ],
586
- Path: (0, utils_1.getIamPath)(),
587
- },
588
- };
589
- /**
590
- * Used inside de container execution.
591
- */
592
- resources[exports.REPOSITORY_TASKS_ECS_TASK_DEFINITION_TASK_ROLE_LOGICAL_ID] = {
593
- Type: 'AWS::IAM::Role',
594
- Properties: {
595
- AssumeRolePolicyDocument: {
596
- Version: '2012-10-17',
597
- Statement: [
598
- {
599
- Effect: 'Allow',
600
- Principal: {
601
- Service: 'ecs-tasks.amazonaws.com',
602
- },
603
- Action: 'sts:AssumeRole',
604
- },
605
- ],
606
- },
607
- ManagedPolicyArns: [
608
- 'arn:aws:iam::aws:policy/job-function/ViewOnlyAccess',
609
- ],
610
- Path: (0, utils_1.getIamPath)(),
611
- /**
612
- * TODO: improve the policies rules.
613
- */
614
- Policies: [
615
- {
616
- PolicyName: `${exports.REPOSITORY_TASKS_ECS_TASK_DEFINITION_TASK_ROLE_LOGICAL_ID}Policy`,
617
- PolicyDocument: {
618
- Version: '2012-10-17',
619
- Statement: [
620
- {
621
- Effect: 'Allow',
622
- Action: ['*'],
623
- Resource: '*',
624
- },
625
- ],
626
- },
627
- },
628
- ],
629
- },
630
- };
631
- resources[exports.REPOSITORY_ECS_TASK_DEFINITION_LOGICAL_ID] = {
632
- Type: 'AWS::ECS::TaskDefinition',
633
- Properties: {
634
- ContainerDefinitions: [
635
- {
636
- Environment: [
637
- {
638
- /**
639
- * https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-metadata.html#enable-metadata
640
- */
641
- Name: 'ECS_ENABLE_CONTAINER_METADATA',
642
- Value: 'true',
643
- },
644
- {
645
- Name: 'CI',
646
- Value: 'true',
647
- },
648
- ...taskEnvironment.map((te) => {
649
- return {
650
- Name: te.name,
651
- Value: te.value,
652
- };
653
- }),
654
- ],
655
- Image: {
656
- 'Fn::Sub': [
657
- // eslint-disable-next-line no-template-curly-in-string
658
- '${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${RepositoryECR}:latest',
659
- {
660
- RepositoryECR: { Ref: exports.ECR_REPOSITORY_LOGICAL_ID },
661
- },
662
- ],
663
- },
664
- LogConfiguration: {
665
- LogDriver: 'awslogs',
666
- Options: {
667
- 'awslogs-group': {
668
- Ref: exports.REPOSITORY_TASKS_ECS_CLUSTER_LOGS_LOG_GROUP_LOGICAL_ID,
669
- },
670
- 'awslogs-region': { Ref: 'AWS::Region' },
671
- 'awslogs-stream-prefix': 'ecs',
672
- },
673
- },
674
- Name: exports.REPOSITORY_ECS_TASK_CONTAINER_NAME,
675
- },
676
- ],
677
- Cpu: cpu,
678
- ExecutionRoleArn: {
679
- 'Fn::GetAtt': [
680
- exports.REPOSITORY_TASKS_ECS_TASK_DEFINITION_EXECUTION_ROLE_LOGICAL_ID,
681
- 'Arn',
682
- ],
683
- },
684
- Memory: memory,
685
- NetworkMode: 'awsvpc',
686
- RequiresCompatibilities: ['FARGATE'],
687
- TaskRoleArn: {
688
- 'Fn::GetAtt': [
689
- exports.REPOSITORY_TASKS_ECS_TASK_DEFINITION_TASK_ROLE_LOGICAL_ID,
690
- 'Arn',
691
- ],
692
- },
693
- },
694
- };
695
- })();
696
- /**
697
- * Pipelines
698
- */
699
- if (pipelines.includes('main') || pipelines.includes('tag')) {
700
- resources[exports.PIPELINES_ARTIFACT_STORE_S3_BUCKET_LOGICAL_ID] = {
701
- Type: 'AWS::S3::Bucket',
702
- Properties: {
703
- LifecycleConfiguration: {
704
- Rules: [
705
- {
706
- /**
707
- * We won't use the artifacts forever.
708
- */
709
- ExpirationInDays: 7,
710
- Status: 'Enabled',
711
- },
712
- ],
713
- },
714
- },
715
- };
716
- resources[exports.PIPELINES_HANDLER_LAMBDA_FUNCTION_LOGICAL_ID] = {
717
- Type: 'AWS::Lambda::Function',
718
- Properties: {
719
- Code: {
720
- S3Bucket: s3.bucket,
721
- S3Key: s3.key,
722
- S3ObjectVersion: s3.versionId,
723
- },
724
- Environment: {
725
- Variables: {
726
- ...executeEcsTaskVariables,
727
- },
728
- },
729
- Handler: 'index.pipelinesHandler',
730
- MemorySize: 128,
731
- Role: {
732
- 'Fn::GetAtt': [exports.FUNCTION_IAM_ROLE_LOGICAL_ID, 'Arn'],
733
- },
734
- Runtime: config_3.NODE_RUNTIME,
735
- Timeout: 60,
736
- },
737
- };
738
- resources[exports.PIPELINES_ROLE_LOGICAL_ID] = {
739
- Type: 'AWS::IAM::Role',
740
- Properties: {
741
- AssumeRolePolicyDocument: {
742
- Version: '2012-10-17',
743
- Statement: [
744
- {
745
- Effect: 'Allow',
746
- Principal: {
747
- Service: 'codepipeline.amazonaws.com',
748
- },
749
- Action: 'sts:AssumeRole',
750
- },
751
- ],
752
- },
753
- ManagedPolicyArns: [],
754
- Path: (0, utils_1.getIamPath)(),
755
- Policies: [
756
- {
757
- PolicyName: `${exports.PIPELINES_ROLE_LOGICAL_ID}Policy`,
758
- PolicyDocument: {
759
- Version: '2012-10-17',
760
- Statement: [
761
- {
762
- Effect: 'Allow',
763
- Action: 'lambda:InvokeFunction',
764
- Resource: [
765
- {
766
- 'Fn::GetAtt': [
767
- exports.PIPELINES_HANDLER_LAMBDA_FUNCTION_LOGICAL_ID,
768
- 'Arn',
769
- ],
770
- },
771
- ],
772
- },
773
- {
774
- Effect: 'Allow',
775
- Action: 's3:*',
776
- Resource: [
777
- {
778
- 'Fn::GetAtt': [
779
- exports.PIPELINES_ARTIFACT_STORE_S3_BUCKET_LOGICAL_ID,
780
- 'Arn',
781
- ],
782
- },
783
- {
784
- 'Fn::Sub': `arn:aws:s3:::\${${exports.PIPELINES_ARTIFACT_STORE_S3_BUCKET_LOGICAL_ID}}/*`,
785
- },
786
- ],
787
- },
788
- {
789
- Effect: 'Allow',
790
- Action: 's3:*',
791
- Resource: {
792
- 'Fn::Sub': [
793
- `arn:aws:s3:::\${BucketName}/${triggerPipelinesObjectKeyPrefix}*`,
794
- {
795
- BucketName: {
796
- 'Fn::ImportValue': config_1.BASE_STACK_BUCKET_NAME_EXPORTED_NAME,
797
- },
798
- },
799
- ],
800
- },
801
- },
802
- {
803
- Effect: 'Allow',
804
- Action: ['s3:Get*', 's3:List*'],
805
- Resource: {
806
- 'Fn::Sub': [
807
- `arn:aws:s3:::\${BucketName}`,
808
- {
809
- BucketName: {
810
- 'Fn::ImportValue': config_1.BASE_STACK_BUCKET_NAME_EXPORTED_NAME,
811
- },
812
- },
813
- ],
814
- },
815
- },
816
- ],
817
- },
818
- },
819
- ],
820
- },
821
- };
822
- const getCodePipelinePipeline = (pipeline) => {
823
- const pipelinePascalCase = (0, change_case_1.pascalCase)(pipeline);
824
- const pipelineS3SourceOutputName = `Pipeline${pipelinePascalCase}S3SourceOutput`;
825
- return {
826
- Type: 'AWS::CodePipeline::Pipeline',
827
- Properties: {
828
- ArtifactStore: {
829
- Location: { Ref: exports.PIPELINES_ARTIFACT_STORE_S3_BUCKET_LOGICAL_ID },
830
- Type: 'S3',
831
- },
832
- RestartExecutionOnUpdate: false,
833
- RoleArn: {
834
- 'Fn::GetAtt': [exports.PIPELINES_ROLE_LOGICAL_ID, 'Arn'],
835
- },
836
- Stages: [
837
- {
838
- Actions: [
839
- {
840
- ActionTypeId: {
841
- Category: 'Source',
842
- Owner: 'AWS',
843
- Provider: 'S3',
844
- Version: 1,
845
- },
846
- Configuration: {
847
- S3Bucket: {
848
- 'Fn::ImportValue': config_1.BASE_STACK_BUCKET_NAME_EXPORTED_NAME,
849
- },
850
- S3ObjectKey: (0, getTriggerPipelineObjectKey_1.getTriggerPipelinesObjectKey)({
851
- prefix: triggerPipelinesObjectKeyPrefix,
852
- pipeline,
853
- }),
854
- },
855
- Name: `Pipeline${pipelinePascalCase}S3SourceAction`,
856
- OutputArtifacts: [
857
- {
858
- Name: pipelineS3SourceOutputName,
859
- },
860
- ],
861
- },
862
- ],
863
- Name: `Pipeline${pipelinePascalCase}S3SourceStage`,
864
- },
865
- {
866
- Actions: [
867
- {
868
- ActionTypeId: {
869
- Category: 'Invoke',
870
- Owner: 'AWS',
871
- Provider: 'Lambda',
872
- Version: 1,
873
- },
874
- Configuration: {
875
- FunctionName: {
876
- Ref: exports.PIPELINES_HANDLER_LAMBDA_FUNCTION_LOGICAL_ID,
877
- },
878
- UserParameters: (() => {
879
- return pipeline;
880
- })(),
881
- },
882
- InputArtifacts: [
883
- {
884
- Name: pipelineS3SourceOutputName,
885
- },
886
- ],
887
- Name: `Pipeline${pipelinePascalCase}RunECSTasksAction`,
888
- },
889
- {
890
- ActionTypeId: {
891
- Category: 'Approval',
892
- Owner: 'AWS',
893
- Provider: 'Manual',
894
- Version: 1,
895
- },
896
- Name: config_2.PIPELINE_ECS_TASK_EXECUTION_MANUAL_APPROVAL_ACTION_NAME,
897
- },
898
- ],
899
- Name: config_2.PIPELINE_ECS_TASK_EXECUTION_STAGE_NAME,
900
- },
901
- ],
902
- },
903
- };
904
- };
905
- if (pipelines.includes('main')) {
906
- resources[exports.PIPELINES_MAIN_LOGICAL_ID] = getCodePipelinePipeline('main');
907
- }
908
- if (pipelines.includes('tag')) {
909
- resources[exports.PIPELINES_TAG_LOGICAL_ID] = getCodePipelinePipeline('tag');
910
- }
911
- }
912
- return {
913
- AWSTemplateFormatVersion: '2010-09-09',
914
- Transform: 'AWS::Serverless-2016-10-31',
915
- Resources: resources,
916
- Parameters: {
917
- SSHKey: {
918
- NoEcho: true,
919
- Type: 'String',
920
- },
921
- SSHUrl: {
922
- Type: 'String',
923
- },
924
- },
925
- Outputs: {
926
- [exports.REPOSITORY_IMAGE_CODE_BUILD_PROJECT_LOGICAL_ID]: {
927
- Value: { Ref: exports.REPOSITORY_IMAGE_CODE_BUILD_PROJECT_LOGICAL_ID },
928
- },
929
- ApiV1Endpoint: {
930
- Description: 'CICD API v1 stage endpoint.',
931
- Value: {
932
- 'Fn::Sub': `https://\${${exports.API_LOGICAL_ID}}.execute-api.\${AWS::Region}.amazonaws.com/v1/`,
933
- },
934
- },
935
- },
936
- };
937
- };
938
- exports.getCicdTemplate = getCicdTemplate;