diff --git a/.evergreen.yml b/.evergreen.yml index 03046c341d..f1a494716f 100644 --- a/.evergreen.yml +++ b/.evergreen.yml @@ -33,6 +33,11 @@ post: # Functions # ####################################### functions: + assume-ec2-role: + command: ec2.assume_role + params: + role_arn: ${ASSUME_ROLE_ARN} + get-project: command: git.get_project type: setup @@ -126,12 +131,10 @@ functions: script: ./scripts/wait-for-evergreen.sh sym-link: - command: shell.exec + command: subprocess.exec params: working_dir: spruce - shell: bash - script: | - ln -s evergreen/graphql/schema sdlschema + command: ln -s evergreen/graphql/schema sdlschema run-logkeeper: command: shell.exec @@ -149,8 +152,9 @@ functions: command: s3.get type: setup params: - aws_key: ${aws_key} - aws_secret: ${aws_secret} + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} extract_to: spruce/logkeeper remote_file: _bucketdata.tar.gz bucket: parsley-test @@ -260,8 +264,9 @@ functions: - command: s3.put type: system params: - aws_key: ${aws_key} - aws_secret: ${aws_secret} + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} local_files_include_filter: ["spruce/cypress/screenshots/*"] remote_file: spruce/${task_id}/ bucket: mciuploads @@ -271,8 +276,9 @@ functions: - command: s3.put type: system params: - aws_key: ${aws_key} - aws_secret: ${aws_secret} + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} local_files_include_filter: ["spruce/cypress/videos/*"] remote_file: spruce/${task_id}/ bucket: mciuploads @@ -288,8 +294,9 @@ functions: command: s3.put type: system params: - aws_key: ${aws_key} - aws_secret: ${aws_secret} + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} local_file: "spruce/build/source_map.html" remote_file: spruce/${task_id}/source_map.html bucket: mciuploads @@ -301,8 +308,9 @@ functions: - command: s3.put type: system params: - aws_key: ${aws_key} - aws_secret: ${aws_secret} + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} local_files_include_filter: ["spruce/storybook-static/*.html"] remote_file: spruce/${task_id}/storybook/ bucket: mciuploads @@ -312,8 +320,9 @@ functions: - command: s3.put type: system params: - aws_key: ${aws_key} - aws_secret: ${aws_secret} + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} local_files_include_filter: [ "spruce/storybook-static/**/*.js$", @@ -327,8 +336,9 @@ functions: - command: s3.put type: system params: - aws_key: ${aws_key} - aws_secret: ${aws_secret} + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} local_files_include_filter: ["spruce/storybook-static/**/*.js.map"] remote_file: spruce/${task_id}/storybook/ bucket: mciuploads @@ -338,8 +348,9 @@ functions: - command: s3.put type: system params: - aws_key: ${aws_key} - aws_secret: ${aws_secret} + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} local_files_include_filter: ["spruce/storybook-static/**/*.css"] remote_file: spruce/${task_id}/storybook/ bucket: mciuploads @@ -349,8 +360,9 @@ functions: - command: s3.put type: system params: - aws_key: ${aws_key} - aws_secret: ${aws_secret} + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} local_files_include_filter: ["spruce/storybook-static/**/*.json"] remote_file: spruce/${task_id}/storybook/ bucket: mciuploads @@ -360,8 +372,9 @@ functions: - command: s3.put type: system params: - aws_key: ${aws_key} - aws_secret: ${aws_secret} + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} local_files_include_filter: - "spruce/storybook-static/**/*.woff" - "spruce/storybook-static/**/*.woff2" @@ -375,8 +388,9 @@ functions: command: s3.put type: system params: - aws_key: ${aws_key} - aws_secret: ${aws_secret} + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} local_files_include_filter: - "spruce/bin/codegen.diff" remote_file: spruce/${task_id}/codegen/ @@ -388,8 +402,9 @@ functions: command: s3.put type: system params: - aws_key: ${aws_key} - aws_secret: ${aws_secret} + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} local_files_include_filter: - "spruce/body.txt" remote_file: spruce/${task_id}/ @@ -401,42 +416,44 @@ functions: command: shell.exec params: working_dir: spruce + env: + REACT_APP_SENTRY_AUTH_TOKEN: ${REACT_APP_SENTRY_AUTH_TOKEN} + REACT_APP_SENTRY_DSN: ${REACT_APP_SENTRY_DSN} + REACT_APP_NEW_RELIC_ACCOUNT_ID: ${REACT_APP_NEW_RELIC_ACCOUNT_ID} + REACT_APP_NEW_RELIC_AGENT_ID: ${REACT_APP_NEW_RELIC_AGENT_ID} + REACT_APP_NEW_RELIC_APPLICATION_ID: ${REACT_APP_NEW_RELIC_APPLICATION_ID} + REACT_APP_NEW_RELIC_LICENSE_KEY: ${REACT_APP_NEW_RELIC_LICENSE_KEY} + REACT_APP_NEW_RELIC_TRUST_KEY: ${REACT_APP_NEW_RELIC_TRUST_KEY} + REACT_APP_DEPLOYS_EMAIL: ${REACT_APP_DEPLOYS_EMAIL} + REACT_APP_HONEYCOMB_BASE_URL: ${REACT_APP_HONEYCOMB_BASE_URL} + EVERGREEN_API_SERVER_HOST: ${evergreen_api_server_host} + EVERGREEN_UI_SERVER_HOST: ${evergreen_api_server_host} + EVERGREEN_API_KEY: ${evergreen_api_key} + EVERGREEN_USER: ${evergreen_user} script: | echo "Generating .env-cmdrc.json" - REACT_APP_SENTRY_AUTH_TOKEN=${REACT_APP_SENTRY_AUTH_TOKEN} \ - REACT_APP_SENTRY_DSN=${REACT_APP_SENTRY_DSN} \ - REACT_APP_NEW_RELIC_ACCOUNT_ID=${REACT_APP_NEW_RELIC_ACCOUNT_ID} \ - REACT_APP_NEW_RELIC_AGENT_ID=${REACT_APP_NEW_RELIC_AGENT_ID} \ - REACT_APP_NEW_RELIC_APPLICATION_ID=${REACT_APP_NEW_RELIC_APPLICATION_ID} \ - REACT_APP_NEW_RELIC_LICENSE_KEY=${REACT_APP_NEW_RELIC_LICENSE_KEY} \ - REACT_APP_NEW_RELIC_TRUST_KEY=${REACT_APP_NEW_RELIC_TRUST_KEY} \ - REACT_APP_DEPLOYS_EMAIL=${REACT_APP_DEPLOYS_EMAIL} \ - REACT_APP_HONEYCOMB_BASE_URL=${REACT_APP_HONEYCOMB_BASE_URL} \ node scripts/setup-credentials.js echo "populating evergreen.yml" - cat < .evergreen.yml - api_server_host: ${evergreen_api_server_host} - ui_server_host: ${evergreen_ui_server_host} - api_key: ${evergreen_api_key} - user: ${evergreen_user} - EOF - - echo "Done populating" + chmod +x ./scripts/create-evergreen-yml.sh + ./scripts/create-evergreen-yml.sh + echo "Done populating evergreen.yml" prod-deploy: command: shell.exec params: working_dir: spruce shell: bash + env: + BUCKET: ${bucket} + AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID} + AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY} + AWS_SESSION_TOKEN: ${AWS_SESSION_TOKEN} + EXECUTION: ${execution} + DEPLOYS_EMAIL: ${DEPLOYS_EMAIL} + AUTHOR_EMAIL: ${author_email} script: | ${PREPARE_SHELL} - BUCKET=${bucket} \ - AWS_ACCESS_KEY_ID=${aws_key} \ - AWS_SECRET_ACCESS_KEY=${aws_secret} \ - EXECUTION=${execution} \ - DEPLOYS_EMAIL=${DEPLOYS_EMAIL} \ - AUTHOR_EMAIL=${author_email} \ yarn deploy:prod ####################################### @@ -446,11 +463,13 @@ functions: tasks: - name: compile commands: + - func: assume-ec2-role - func: sym-link - func: yarn-build - name: storybook commands: + - func: assume-ec2-role - func: yarn-build-storybook - name: test @@ -473,6 +492,7 @@ tasks: - name: e2e_test commands: + - func: assume-ec2-role - func: setup-mongodb - func: run-make-background vars: @@ -487,11 +507,13 @@ tasks: - name: check_codegen commands: + - func: assume-ec2-role - func: sym-link - func: check-codegen - name: deploy_to_prod commands: + - func: assume-ec2-role - func: setup-credentials - func: sym-link - func: prod-deploy diff --git a/scripts/deploy/create-evergreen-yml.sh b/scripts/deploy/create-evergreen-yml.sh new file mode 100644 index 0000000000..ae3b1f62ef --- /dev/null +++ b/scripts/deploy/create-evergreen-yml.sh @@ -0,0 +1,6 @@ +cat < .evergreen.yml +api_server_host: $EVERGREEN_API_SERVER_HOST +ui_server_host: $EVERGREEN_UI_SERVER_HOST +api_key: $EVERGREEN_API_KEY +user: $EVERGREEN_USER +EOF