From aa0cf3409ac9eca21b39125215c1c780e924a948 Mon Sep 17 00:00:00 2001 From: Saurabh Shrihar Date: Fri, 19 Apr 2024 16:28:58 +0400 Subject: [PATCH] Fix to work with public pipelines repo reusable workflow --- .github/taskdefinition_template/Pipfile | 7 - .github/taskdefinition_template/Pipfile.lock | 76 -------- .../example_parameters.yaml | 22 --- .../taskdef_creator.py | 167 ------------------ .../taskdef_template.json | 147 --------------- .github/workflows/build_and_deploy.yml | 126 ++++--------- .github/workflows/npm-release.yml | 1 - 7 files changed, 34 insertions(+), 512 deletions(-) delete mode 100644 .github/taskdefinition_template/Pipfile delete mode 100644 .github/taskdefinition_template/Pipfile.lock delete mode 100644 .github/taskdefinition_template/example_parameters.yaml delete mode 100644 .github/taskdefinition_template/taskdef_creator.py delete mode 100644 .github/taskdefinition_template/taskdef_template.json diff --git a/.github/taskdefinition_template/Pipfile b/.github/taskdefinition_template/Pipfile deleted file mode 100644 index c5754f7..0000000 --- a/.github/taskdefinition_template/Pipfile +++ /dev/null @@ -1,7 +0,0 @@ -[[source]] -name = "pypi" -url = "https://pypi.org/simple" -verify_ssl = true - -[packages] -pyyaml = "6.0.1" \ No newline at end of file diff --git a/.github/taskdefinition_template/Pipfile.lock b/.github/taskdefinition_template/Pipfile.lock deleted file mode 100644 index 8f83fa2..0000000 --- a/.github/taskdefinition_template/Pipfile.lock +++ /dev/null @@ -1,76 +0,0 @@ -{ - "_meta": { - "hash": { - "sha256": "50b136775148391a355082540f8cf183843fd6305f19e0c822e1741ed4d6a6c8" - }, - "pipfile-spec": 6, - "requires": {}, - "sources": [ - { - "name": "pypi", - "url": "https://pypi.org/simple", - "verify_ssl": true - } - ] - }, - "default": { - "pyyaml": { - "hashes": [ - "sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5", - "sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc", - "sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df", - "sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741", - "sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206", - "sha256:18aeb1bf9a78867dc38b259769503436b7c72f7a1f1f4c93ff9a17de54319b27", - "sha256:1d4c7e777c441b20e32f52bd377e0c409713e8bb1386e1099c2415f26e479595", - "sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62", - "sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98", - "sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696", - "sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290", - "sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9", - "sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d", - "sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6", - "sha256:4fb147e7a67ef577a588a0e2c17b6db51dda102c71de36f8549b6816a96e1867", - "sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47", - "sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486", - "sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6", - "sha256:596106435fa6ad000c2991a98fa58eeb8656ef2325d7e158344fb33864ed87e3", - "sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007", - "sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938", - "sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0", - "sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c", - "sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735", - "sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d", - "sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28", - "sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4", - "sha256:9046c58c4395dff28dd494285c82ba00b546adfc7ef001486fbf0324bc174fba", - "sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8", - "sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5", - "sha256:afd7e57eddb1a54f0f1a974bc4391af8bcce0b444685d936840f125cf046d5bd", - "sha256:b1275ad35a5d18c62a7220633c913e1b42d44b46ee12554e5fd39c70a243d6a3", - "sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0", - "sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515", - "sha256:baa90d3f661d43131ca170712d903e6295d1f7a0f595074f151c0aed377c9b9c", - "sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c", - "sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924", - "sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34", - "sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43", - "sha256:c8098ddcc2a85b61647b2590f825f3db38891662cfc2fc776415143f599bb859", - "sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673", - "sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54", - "sha256:d858aa552c999bc8a8d57426ed01e40bef403cd8ccdd0fc5f6f04a00414cac2a", - "sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b", - "sha256:f003ed9ad21d6a4713f0a9b5a7a0a79e08dd0f221aff4525a2be4c346ee60aab", - "sha256:f22ac1c3cac4dbc50079e965eba2c1058622631e526bd9afd45fedd49ba781fa", - "sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c", - "sha256:fca0e3a251908a499833aa292323f32437106001d436eca0e6e7833256674585", - "sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d", - "sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f" - ], - "index": "pypi", - "markers": "python_version >= '3.6'", - "version": "==6.0.1" - } - }, - "develop": {} -} diff --git a/.github/taskdefinition_template/example_parameters.yaml b/.github/taskdefinition_template/example_parameters.yaml deleted file mode 100644 index 75d01e3..0000000 --- a/.github/taskdefinition_template/example_parameters.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -region: eu-west-1 -account_number: "070528468658" -hostport: 3000 -containerport: 3000 -app_name: appname -role: backend -environment: staging -iac: aws-test-applications-eu-west-1-apps-appname -team_name: dev-experience -memory: 1024 -cpu: 512 -env_vars: - - name: START_BLOCK - value: "0" - - name: NODE_ENV - value: "staging" -secret_vars: - - KAFKA_CONNECTION_URL - - MONGO_URL - - RPC_WS_ENDPOINT_URL_LIST - - SENTRY_DSN diff --git a/.github/taskdefinition_template/taskdef_creator.py b/.github/taskdefinition_template/taskdef_creator.py deleted file mode 100644 index 749f2fe..0000000 --- a/.github/taskdefinition_template/taskdef_creator.py +++ /dev/null @@ -1,167 +0,0 @@ -"""Generates taskefinition file for the github workflow to deploy -""" - -import argparse -import json -import os -import re -import yaml - - -class TaskdefCreator: - """Handles creation of taskdef file for ECS using template""" - - def __init__(self): - parser = argparse.ArgumentParser(description="Task definition creator") - parser.add_argument( - "parameters_file", - type=str, - help="Parameters yaml file with required values", - ) - parser.add_argument( - "taskdef_template", - type=str, - help="Template json file to be used", - default=".github/taskdefinition_template/taskdef_template.json", - ) - parser.add_argument( - "account_number", - type=str, - help="AWS account number to be used for deployment" - ) - self.args = parser.parse_args() - self.template_data = "" - self.taskdef_final_file = "" - - def _read_yaml_file(self): - """Reads yaml file into dictionary from user input""" - with open(self.args.parameters_file, "r") as file_object: - try: - data = yaml.safe_load(file_object) - return data - except yaml.YAMLError as error: - print(f"Error reading YAML file {self.args.parameters_file}: {error}") - return None - - def _read_template_file(self): - """Reads template file for data substitution""" - try: - with open(self.args.taskdef_template, "r") as file: - self.template_data = file.read() - except FileNotFoundError: - print(f"Error: File '{self.args.taskdef_template}' not found.") - except IOError as error: - print(f"Error reading file '{self.args.taskdef_template}': {error}") - except Exception as error: - print(f"An unexpected error occurred: {error}") - - def _substitute_env_vars(self, data_read: list): - """Substitutes value in self.template_data based on env names and values - - Args: - data_read (list): [{name: value}...] of environment variables for app - """ - env_values = "" - env_template = """{ - "name": "name_sub", - "value": "value_sub" - }, - """ - for env_data in data_read: - name = env_data.get("name") - value = env_data.get("value") - env_values += env_template.replace("name_sub", name).replace( - "value_sub", value - ) - env_values = env_values.strip().rstrip(",") - self.template_data = self.template_data.replace("$env_vars", env_values) - - def _substitute_secret_vars(self, data_read: list): - """Substitutes value in self.template_data based on secret names - - Args: - data_read (list): [{name: value}...] of environment variables for app - """ - secret_str = "" - secret_template = """{ - "valueFrom": "arn:aws:ssm:$region:$account_number:parameter/$app_name/$secret_name", - "name": "$secret_name" - },""" - for secret in data_read: - secret_str += secret_template.replace("$secret_name", secret) - secret_str = secret_str.strip().rstrip(",") - self.template_data = self.template_data.replace("$secret_vars", secret_str) - - def _subtitute_data(self, user_data: dict, sub: str): - """Subtitutes data in self.template_data based on user specified data - - Args: - user_data (dict): Data read from user defined yaml file - sub (str): Element to be searched for and substituted - """ - data_read = str(user_data.get(sub, "")).strip() - self.template_data = self.template_data.replace(f"${sub}", data_read) - if sub == "app_name": - self.taskdef_final_file = data_read - - def _print_secrets_to_create(self, json_data_str: str): - """Prints secrets to be created for systems manager parameter store - - Args: - json_data_str (str): File data for taskdef file - """ - for line in json_data_str.split("\n"): - if "valueFrom" in line: - secret = ( - line.split('"valueFrom": "arn:aws:ssm:', 1)[1].strip().rstrip('",') - ) - - print(f"Update SSM for secret: {secret}") - - def create_taskdef_file(self): - """Create a taskdef file based on the app name""" - directory = os.path.dirname(self.args.taskdef_template) - file_path = os.sep.join([directory, self.taskdef_final_file]) + ".json" - self.template_data = self.template_data.replace("\n", "") - self.template_data = re.sub(r"\s+", " ", self.template_data) - json_data_dict = json.loads(self.template_data) - json_data_str = json.dumps(json_data_dict, indent=2) - self._print_secrets_to_create(json_data_str) - with open(file_path, "w") as file_object: - json.dump(json_data_dict, file_object, ensure_ascii=False, indent=2) - print(f"Create file {file_path}") - - def substitute_values(self): - """Substitutes values taskdef template to generate a new file - Expected strings in template to be replaced for values are: - region, account_number, hostport, containerport, app_name, - role, environment, iac, team_name, memory, cpu, env_vars, secret_vars - """ - self._read_template_file() - user_data = self._read_yaml_file() - expected_sub = [ - "region", - "account_number", - "hostport", - "containerport", - "app_name", - "role", - "environment", - "iac", - "team_name", - "memory", - "cpu", - ] - if user_data is not None: - user_data["account_number"] = self.args.account_number - self._substitute_env_vars(user_data.get("env_vars", [])) - self._substitute_secret_vars(user_data.get("secret_vars", [])) - [user_data.pop(key) for key in ["env_vars", "secret_vars"] if key in user_data] - for sub in expected_sub: - self._subtitute_data(user_data, sub) - - -if __name__ == "__main__": - TASKDEF_CREATOR = TaskdefCreator() - TASKDEF_CREATOR.substitute_values() - TASKDEF_CREATOR.create_taskdef_file() diff --git a/.github/taskdefinition_template/taskdef_template.json b/.github/taskdefinition_template/taskdef_template.json deleted file mode 100644 index d55c424..0000000 --- a/.github/taskdefinition_template/taskdef_template.json +++ /dev/null @@ -1,147 +0,0 @@ -{ - "requiresCompatibilities": [ - "FARGATE" - ], - "inferenceAccelerators": [], - "containerDefinitions": [ - { - "dnsSearchDomains": null, - "environmentFiles": [], - "logConfiguration": { - "logDriver": "awsfirelens", - "options": { - "Name": "datadog", - "Host": "http-intake.logs.datadoghq.com", - "dd_service": "$app_name", - "dd_source": "nodejs", - "TLS": "on", - "provider": "ecs" - }, - "secretOptions": [ - { - "name": "apiKey", - "valueFrom": "arn:aws:ssm:$region:$account_number:parameter/DATADOG_APIKEY" - } - ] - }, - "entryPoint": null, - "portMappings": [ - { - "hostPort": $hostport, - "protocol": "tcp", - "containerPort": $containerport - } - ], - "command": null, - "linuxParameters": null, - "cpu": 0, - "environment": [ - $env_vars - ], - "resourceRequirements": null, - "ulimits": null, - "dnsServers": null, - "mountPoints": null, - "workingDirectory": null, - "secrets": [ - $secret_vars - ], - "dockerSecurityOptions": null, - "memory": null, - "memoryReservation": null, - "volumesFrom": null, - "stopTimeout": null, - "image": "nginx:latest", - "startTimeout": null, - "firelensConfiguration": null, - "dependsOn": null, - "disableNetworking": null, - "interactive": null, - "healthCheck": null, - "essential": true, - "links": null, - "hostname": null, - "extraHosts": null, - "pseudoTerminal": null, - "user": null, - "readonlyRootFilesystem": null, - "dockerLabels": null, - "systemControls": null, - "privileged": null, - "name": "$app_name", - "repositoryCredentials": { - "credentialsParameter": "" - } - }, - { - "essential": true, - "image": "amazon/aws-for-fluent-bit:stable", - "name": "log_router", - "firelensConfiguration": { - "type": "fluentbit", - "options": { - "enable-ecs-log-metadata": "true" - } - }, - "environment": null, - "secrets": null, - "memoryReservation": 50, - "resourceRequirements": null, - "portMappings": [], - "environmentFiles": [], - "mountPoints": null, - "volumesFrom": null, - "hostname": null, - "user": null, - "workingDirectory": null, - "extraHosts": null, - "logConfiguration": null, - "ulimits": null, - "dockerLabels": null, - "dependsOn": null, - "repositoryCredentials": { - "credentialsParameter": "" - } - } - ], - "volumes": [], - "networkMode": "awsvpc", - "memory": "$memory", - "cpu": "$cpu", - "executionRoleArn": "arn:aws:iam::$account_number:role/$app_name-TaskRole", - "family": "$app_name-taskdefinition", - "taskRoleArn": "arn:aws:iam::$account_number:role/$app_name-TaskRole", - "runtimePlatform": { - "operatingSystemFamily": "LINUX" - }, - "tags": [ - { - "key": "Role", - "value": "$role" - }, - { - "key": "Environment", - "value": "$environment" - }, - { - "key": "Service", - "value": "$app_name.polygon.technology" - }, - { - "key": "Host", - "value": "AWS" - }, - { - "key": "IAC", - "value": "$iac" - }, - { - "key": "Team", - "value": "$team_name" - }, - { - "key": "Name", - "value": "$app_name-taskdefinition" - } - ] -} \ No newline at end of file diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index 1bf1694..0f81828 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -5,99 +5,41 @@ on: required: false type: string default: "dev" - core_app_name: + core_app: + required: false type: string + description: "Core app name" default: "static" jobs: - deploy_workflow: - name: Deploy ${{ inputs.core_app_name }}-${{ inputs.environment }} - permissions: - id-token: write - contents: write - environment: ${{ inputs.environment }} - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Determine account number - id: get_account_number - run: | - case "${{ inputs.environment }}" in - "dev") - echo "ACCOUNT_NUMBER=${{ secrets.DEV_ACCOUNT_NUMBER }}" >> $GITHUB_OUTPUT - ;; - "staging") - echo "ACCOUNT_NUMBER=${{ secrets.STAGING_ACCOUNT_NUMBER }}" >> $GITHUB_OUTPUT - ;; - "prod") - echo "ACCOUNT_NUMBER=${{ secrets.PROD_ACCOUNT_NUMBER }}" >> $GITHUB_OUTPUT - ;; - *) - echo "Error: Unknown environment!" - exit 1 - ;; - esac - - - name: Determine APP name - id: get_app_name - run: | - if [[ "${{ inputs.environment }}" == "prod" ]]; then - echo "APP_NAME=${{ inputs.core_app_name }}" >> $GITHUB_ENV - else - echo "APP_NAME=${{ inputs.core_app_name }}-${{ inputs.environment }}" >> $GITHUB_ENV - fi - - - name: Create taskdef file dynamically using parameters passed - run: | - export PIPENV_PIPFILE=.github/taskdefinition_template/Pipfile - python -m pip install --upgrade pip && \ - pip install pipenv && \ - pipenv install && \ - pipenv run python ".github/taskdefinition_template/taskdef_creator.py" \ - .github/taskdef/${{ inputs.environment }}-taskdef.yaml \ - ".github/taskdefinition_template/taskdef_template.json" \ - ${{ steps.get_account_number.outputs.ACCOUNT_NUMBER }} - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v3 - with: - aws-region: eu-west-1 - role-to-assume: arn:aws:iam::${{ steps.get_account_number.outputs.ACCOUNT_NUMBER }}:role/${{ env.APP_NAME }}-GithubActionsRole - role-session-name: GithubActionsSession - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 - - - name: Build, tag, and push image to Amazon ECR - id: build-image - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - IMAGE_TAG: ${{ github.sha }} - ECR_REPOSITORY: "${{ env.APP_NAME }}-ecr" - run: | - docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . - docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT - - - name: Extract directory path - run: | - echo "TASKDEF_FILE=.github/taskdefinition_template/${{ env.APP_NAME }}.json" >> $GITHUB_ENV - - - name: Fill in the new image ID in the Amazon ECS task definition - id: task-def - uses: aws-actions/amazon-ecs-render-task-definition@v1 - with: - task-definition: "${{ env.TASKDEF_FILE }}" - container-name: "${{ env.APP_NAME }}" - image: ${{ steps.build-image.outputs.image }} - - - name: Deploy Amazon ECS task definition - uses: aws-actions/amazon-ecs-deploy-task-definition@v1 - with: - task-definition: ${{ steps.task-def.outputs.task-definition }} - service: "${{ env.APP_NAME }}-ecs-service" - cluster: "frontend-${{ inputs.environment }}-ecs-cluster" - wait-for-service-stability: true + set-env-variable: + runs-on: ubuntu-latest + outputs: + ACCOUNT_NUMBER: ${{ steps.set-env-var.outputs.ACCOUNT_NUMBER }} + APP_NAME: ${{ steps.set-env-var.outputs.APP_NAME }} + steps: + - name: Set Environment Variable + id: set-env-var + run: | + if [ "${{ inputs.environment }}" == "dev" ]; then + echo "ACCOUNT_NUMBER=058264511034" >> $GITHUB_OUTPUT + echo "APP_NAME=${{ inputs.core_app }}-dev" >> $GITHUB_OUTPUT + elif [ "${{ inputs.environment }}" == "staging" ]; then + echo "ACCOUNT_NUMBER=070528468658" >> $GITHUB_OUTPUT + echo "APP_NAME=${{ inputs.core_app }}-staging" >> $GITHUB_OUTPUT + elif [ "${{ inputs.environment }}" == "prod" ]; then + echo "ACCOUNT_NUMBER=042947190491" >> $GITHUB_OUTPUT + echo "APP_NAME=${{ inputs.core_app }}" >> $GITHUB_OUTPUT + fi + + deploy: + uses: 0xPolygon/pipelines/.github/workflows/ecs_deploy_docker_taskdef.yaml@main + needs: set-env-variable + with: + app_name: ${{ needs.set-env-variable.outputs.APP_NAME }} + taskdef_file_vars: .github/taskdef/${{ inputs.environment }}-taskdef.yaml + aws_region: eu-west-1 + environment: ${{ inputs.environment }} + cluster_name: frontend-${{ inputs.environment }}-ecs-cluster + account_number: "${{ needs.set-env-variable.outputs.ACCOUNT_NUMBER }}" + secrets: inherit diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml index 942c37a..04da72e 100644 --- a/.github/workflows/npm-release.yml +++ b/.github/workflows/npm-release.yml @@ -7,7 +7,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - # Setup .npmrc file to publish to npm - uses: actions/setup-node@v1 with: node-version: "12.x"