af-cicd 0.1.4__tar.gz

af_cicd-0.1.4/PKG-INFO

@@ -0,0 +1,101 @@
+Metadata-Version: 2.4
+Name: af-cicd
+Version: 0.1.4
+Summary: shared cicd tooling
+License: MIT
+Author: hello
+Author-email: hello@allfly.io
+Requires-Python: >=3.13,<4.0
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
+Requires-Dist: boto3 (>=1.35.5,<2.0.0)
+Requires-Dist: inquirer (>=3.3.0,<4.0.0)
+Requires-Dist: slack-sdk (>=3.34.0,<4.0.0)
+Requires-Dist: typer[slim] (>=0.20.0,<0.21.0)
+Description-Content-Type: text/markdown
+
+# tools-cicd
+share cicd scripts
+
+# Running tool locally
+
+## Example:
+```shell
+AWS_PROFILE=dev-admin-terraform poetry run cicd --help
+```
+
+# Release Procedures
+- This project uses "trunk" based development off of `master`.
+- PRs are allowed but always folded back to `master`.
+- For now, releasing is manual, no automation.
+- **To release**:
+  - Ensure all your features are ready on `master`
+    - *You should not have any staged changes!*
+  - In a terminal run `make version v={major|minor|patch}`
+    - **Do not include a number! Poetry will auto-rev the value accordingly**
+  - That's it
+    - This will create a new tag in Git ready for use
+
+
+# Multi-Repository Release Coordination
+
+The `quest-v2` project includes a coordinated release script that allows you to trigger deployments across all related Quest v2 repositories simultaneously, rather than having to manually trigger each repository's release workflow individually.
+
+### Prerequisites
+
+1. **GitHub CLI**: Install the GitHub CLI tool
+   ```bash
+   # macOS
+   brew install gh
+   
+   # Ubuntu/Debian
+   sudo apt install gh
+   
+   # Windows
+   winget install GitHub.cli
+   ```
+
+2. **Authentication**: Authenticate with GitHub
+   ```bash
+   gh auth login
+   ```
+
+3. **Script Setup**: Navigate to the quest-v2 directory and make the script executable
+   ```bash
+   cd quest-v2
+   chmod +x release-all.sh
+   ```
+
+### Usage
+
+From the `quest-v2` directory, the script supports promoting from `develop` to `qa`:
+
+```bash
+# Promote to QA
+./release-all.sh
+
+# Show help and options
+./release-all.sh --help
+```
+
+### What it does
+
+The script will:
+1. Trigger the "Release" workflow on all three Quest v2 repositories:
+   - `allfly-quest-ui`
+   - `allfly-quest-core-api`
+   - `gds-api`
+2. Promote code from `develop` branch to `qa`
+3. Provide real-time status updates and links to monitor progress
+4. Display a summary of successful and failed releases
+
+### Monitoring
+
+After triggering the releases, you can monitor progress through:
+- The provided GitHub Actions URLs in the script output
+- GitHub's Actions tab in each repository
+- Your configured Slack notifications (if enabled)
+
+> **Note**: The script requires appropriate permissions to trigger workflows on all three Quest v2 repositories. Ensure your GitHub account has the necessary access rights.

af_cicd-0.1.4/README.md

@@ -0,0 +1,83 @@
+# tools-cicd
+share cicd scripts
+
+# Running tool locally
+
+## Example:
+```shell
+AWS_PROFILE=dev-admin-terraform poetry run cicd --help
+```
+
+# Release Procedures
+- This project uses "trunk" based development off of `master`.
+- PRs are allowed but always folded back to `master`.
+- For now, releasing is manual, no automation.
+- **To release**:
+  - Ensure all your features are ready on `master`
+    - *You should not have any staged changes!*
+  - In a terminal run `make version v={major|minor|patch}`
+    - **Do not include a number! Poetry will auto-rev the value accordingly**
+  - That's it
+    - This will create a new tag in Git ready for use
+
+
+# Multi-Repository Release Coordination
+
+The `quest-v2` project includes a coordinated release script that allows you to trigger deployments across all related Quest v2 repositories simultaneously, rather than having to manually trigger each repository's release workflow individually.
+
+### Prerequisites
+
+1. **GitHub CLI**: Install the GitHub CLI tool
+   ```bash
+   # macOS
+   brew install gh
+   
+   # Ubuntu/Debian
+   sudo apt install gh
+   
+   # Windows
+   winget install GitHub.cli
+   ```
+
+2. **Authentication**: Authenticate with GitHub
+   ```bash
+   gh auth login
+   ```
+
+3. **Script Setup**: Navigate to the quest-v2 directory and make the script executable
+   ```bash
+   cd quest-v2
+   chmod +x release-all.sh
+   ```
+
+### Usage
+
+From the `quest-v2` directory, the script supports promoting from `develop` to `qa`:
+
+```bash
+# Promote to QA
+./release-all.sh
+
+# Show help and options
+./release-all.sh --help
+```
+
+### What it does
+
+The script will:
+1. Trigger the "Release" workflow on all three Quest v2 repositories:
+   - `allfly-quest-ui`
+   - `allfly-quest-core-api`
+   - `gds-api`
+2. Promote code from `develop` branch to `qa`
+3. Provide real-time status updates and links to monitor progress
+4. Display a summary of successful and failed releases
+
+### Monitoring
+
+After triggering the releases, you can monitor progress through:
+- The provided GitHub Actions URLs in the script output
+- GitHub's Actions tab in each repository
+- Your configured Slack notifications (if enabled)
+
+> **Note**: The script requires appropriate permissions to trigger workflows on all three Quest v2 repositories. Ensure your GitHub account has the necessary access rights.

af_cicd-0.1.4/allfly/aws/core.py

@@ -0,0 +1,36 @@
+import os
+
+import boto3
+
+from allfly.utils import get_exit_code, run_shell_command, stdout
+
+
+class AWSCore:
+
+    @staticmethod
+    def get_current_user_region():
+        current_session = boto3.session.Session()
+        current_region = (
+            current_session.region_name if current_session.region_name else "us-east-1"
+        )
+        stdout(f"Current region: {current_region}")
+        return current_region
+
+    @staticmethod
+    def is_aws_profile_is_active(profile: str):
+        return get_exit_code(f'aws s3 ls --profile {profile}') == 0
+
+    @staticmethod
+    def setup_aws_creds(cicd: bool = False):
+        """
+        In CI/CD environments, there are no AWS profiles, so we don't need to set the AWS_PROFILE environment variable
+        """
+        aws_profile = os.environ.get('AWS_PROFILE', None)
+        stdout(f"AWS_PROFILE is set to: {aws_profile}")
+        if aws_profile and not cicd:
+            # If the AWS profile is not active, re-authenticate with AWS
+            if not AWSCore.is_aws_profile_is_active(aws_profile):
+                stdout(
+                    f'AWS profile {aws_profile} is not active. Re-authenticating with AWS...'
+                )
+                run_shell_command(f'aws sso login --profile {aws_profile}')

af_cicd-0.1.4/allfly/aws/ecr.py

@@ -0,0 +1,110 @@
+import boto3
+from botocore.client import BaseClient
+
+from allfly.utils import stdout, stderr
+
+
+class AwsEcr:
+    ecr: BaseClient
+
+    def __init__(self):
+        self.ecr = boto3.client("ecr")
+
+    @staticmethod
+    def build_ecr_image_url(app_name: str, image_tag: str, ecr_account_id: str) -> str:
+        return f"{ecr_account_id}.dkr.ecr.us-east-1.amazonaws.com/{app_name}:{image_tag}"
+
+    def promote_ecr_docker_tag(
+            self, app_name: str, ecr_account_id: str, source_branch_tag: str, target_branch_tag: str
+    ) -> str:
+        """
+        Re-tag an ECR image without having to pull and push.
+        Based on https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-retag.html
+
+        return the full image URL of the container to be used in the next environment
+        """
+        stdout("Re-tagging image...")
+
+        # First, we need to get all associated images for the source (from) environment
+        associated_version_tag = self.get_next_image_tag(
+            ecr_account_id=ecr_account_id,
+            app_name=app_name,
+            source_branch_tag=source_branch_tag
+        )
+
+        # Now, we need to get the imageManifest; unfortunately, another call
+        get_image_response = self.ecr.batch_get_image(
+            registryId=ecr_account_id,
+            repositoryName=app_name,
+            imageIds=[{"imageTag": associated_version_tag}],
+        )
+        images = get_image_response.get("images")
+        if not images:
+            raise Exception(
+                f"Failed to get image, could not find image with tag {source_branch_tag}"
+            )
+
+        image = images[0]
+        image_manifest = image.get("imageManifest")
+
+        # Now, we re-tag for AWS (to) environment
+        stdout(f"Re-tagging {associated_version_tag} now to {target_branch_tag}")
+        try:
+            self.ecr.put_image(
+                registryId=ecr_account_id,
+                repositoryName=app_name,
+                imageManifest=image_manifest,
+                imageTag=target_branch_tag,
+            )
+        except self.ecr.exceptions.ImageAlreadyExistsException as e:
+            stderr(f"Image tag already {target_branch_tag} exists with that manifest, that's okay.")
+
+        return self.build_ecr_image_url(
+            app_name=app_name,
+            image_tag=associated_version_tag,
+            ecr_account_id=ecr_account_id,
+        )
+
+    def get_next_image_tag(self,
+                           ecr_account_id: str,
+                           app_name: str,
+                           source_branch_tag: str):
+        """
+        the purpose of this function is to get the image tag that is associated with the previous environment
+
+         for example:  from develop to qa, one might see
+         found associated tag develop
+         found associated tag v.2025.01.13.212928.18
+
+         v.2025.01.13.212928.18 would be returned to promote to qa
+        """
+        describe_image_response = self.ecr.describe_images(
+            registryId=ecr_account_id,
+            repositoryName=app_name,
+            imageIds=[{"imageTag": source_branch_tag}],
+        )
+
+        # To do things right, we need to get the v. version associated with the previous environment so it's passed
+        # on to the next environment
+        stdout(f"looking for versioned image associated to tag {source_branch_tag}")
+        image_details = describe_image_response.get("imageDetails")
+        if not image_details:
+            raise Exception(
+                f"Failed to describe image for {source_branch_tag}; no images returned"
+            )
+
+        aws_image = image_details[0]
+
+        associated_version_tag = None
+        image_tags = aws_image.get("imageTags")
+        for tag in image_tags:
+            stdout(f"found associated tag {tag}")
+            if tag.startswith("v."):
+                associated_version_tag = tag
+
+        if not associated_version_tag:
+            raise Exception(
+                f"Could not find associated version tag for {source_branch_tag}! Something is wrong."
+            )
+
+        return associated_version_tag

af_cicd-0.1.4/allfly/aws/ecs.py

@@ -0,0 +1,80 @@
+from typing_extensions import deprecated
+
+import boto3
+from allfly.aws.ssm import AwsSSM
+from allfly.utils import run_shell_command, stdout, exit_with_error
+
+
+class AwsEcs:
+    ssm: AwsSSM
+
+    def __init__(self):
+        self.ssm = AwsSSM()
+
+    @deprecated("here are backup in case TF based deployments don't pan out")
+    def deploy_image_tag_to_ecs_app(self, app_name: str, tag: str):
+        service_id = self.ssm.get_ssm_param_value(f"/infra/services/{app_name}/ecs/cluster_id")
+        cluster_id = self.ssm.get_ssm_param_value(f"/infra/services/{app_name}/ecs/service_id")
+        stdout(f"Deploying to ecs {cluster_id} {service_id} {tag}")
+        run_shell_command(
+            f'ecs deploy {cluster_id} {service_id} --tag {tag}'
+        )
+
+    def run_pre_deploy_task(self, app_name: str, task_family: str, new_image_url: str) -> None:
+        """
+        Run a one-off ECS Fargate task before the main service deployment.
+
+        Runs the latest revision of task_family — the targeted terraform apply
+        in Phase 1 already registered a new revision with the correct image.
+        Clones network configuration from the running service so no extra
+        SSM params are needed.
+
+        Raises a hard exit if the task fails to start or exits non-zero.
+        """
+        cluster_id = self.ssm.get_ssm_param_value(f"/infra/services/{app_name}/ecs/cluster_id")
+        service_name = self.ssm.get_ssm_param_value(f"/infra/services/{app_name}/ecs/service_id")
+
+        client = boto3.client("ecs")
+
+        # Clone network config from the live service — keeps subnets/SGs consistent
+        services_response = client.describe_services(cluster=cluster_id, services=[service_name])
+        services = services_response.get("services", [])
+        if not services:
+            exit_with_error(f"Could not find ECS service '{service_name}' in cluster '{cluster_id}'")
+        network_config = services[0]["networkConfiguration"]
+
+        stdout(f"Running pre-deploy task '{task_family}' with image {new_image_url}")
+
+        run_response = client.run_task(
+            cluster=cluster_id,
+            taskDefinition=task_family,
+            launchType="FARGATE",
+            networkConfiguration=network_config,
+        )
+
+        failures = run_response.get("failures", [])
+        tasks = run_response.get("tasks", [])
+        if failures or not tasks:
+            exit_with_error(f"Failed to start pre-deploy task '{task_family}': {failures}")
+
+        task_arn = tasks[0]["taskArn"]
+        stdout(f"Pre-deploy task started: {task_arn} — waiting for completion...")
+
+        waiter = client.get_waiter("tasks_stopped")
+        waiter.wait(
+            cluster=cluster_id,
+            tasks=[task_arn],
+            WaiterConfig={"Delay": 10, "MaxAttempts": 60},  # up to 10 minutes
+        )
+
+        describe_response = client.describe_tasks(cluster=cluster_id, tasks=[task_arn])
+        container = describe_response["tasks"][0]["containers"][0]
+        exit_code = container.get("exitCode")
+
+        if exit_code != 0:
+            exit_with_error(
+                f"Pre-deploy task '{task_family}' failed with exit code {exit_code}. "
+                f"Halting deployment."
+            )
+
+        stdout(f"Pre-deploy task '{task_family}' completed successfully.")

af_cicd-0.1.4/allfly/aws/lambdas.py

@@ -0,0 +1,18 @@
+import boto3
+from botocore.client import BaseClient
+
+from allfly.utils import stdout
+
+
+class AwsLambda:
+    client: BaseClient
+
+    def __init__(self):
+        self.client = boto3.client('lambda')
+
+    def update_lambda_image_with_image_url(self, app_name: str, image_url: str):
+        stdout("Deploying Lambda function...")
+        self.client.update_function_code(
+            FunctionName=f"{app_name}", ImageUri=image_url, Publish=True
+        )
+        stdout("Lambda function deployed successfully.")

af_cicd-0.1.4/allfly/aws/ssm.py

@@ -0,0 +1,19 @@
+import boto3
+from botocore.client import BaseClient
+
+from allfly.utils import exit_with_error
+
+
+class AwsSSM:
+    client: BaseClient
+
+    def __init__(self):
+        self.client = boto3.client('ssm')
+
+    def get_ssm_param_value(self, param_name: str, is_encrypted=False) -> str | None:
+
+        try:
+            response = self.client.get_parameter(Name=param_name, WithDecryption=is_encrypted)
+            return response['Parameter']['Value']
+        except self.client.exceptions.ParameterNotFound:
+            exit_with_error(f"Could not find ssm param value {param_name}")