From 1aa0bab1eb24fcc6e41c254b21acb3c7edc4bf0d Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Fri, 19 Aug 2022 12:00:45 -0700 Subject: [PATCH 01/16] feat: added session token to terraform --- src/commands/update-service.yml | 18 +++++++++--- src/commands/update-task-definition.yml | 12 ++++++++ src/jobs/deploy-service-update.yml | 12 ++++++++ src/jobs/update-task-definition.yml | 14 +++++++++- src/scripts/get-prev-task.sh | 3 +- src/scripts/update_container_defs.py | 37 +++++++++++++++++++++++-- 6 files changed, 87 insertions(+), 9 deletions(-) diff --git a/src/commands/update-service.yml b/src/commands/update-service.yml index 98d46452..188a5e50 100644 --- a/src/commands/update-service.yml +++ b/src/commands/update-service.yml @@ -71,10 +71,8 @@ parameters: default: '' container-secret-updates: description: > - Use this to update or set the values of secrets variables that will be - defined for the containers. - (Existing secrets variables not included in this parameter will not be - removed) + Use this to update or set the values of secret variables that will be defined for the containers. + (Existing secrets variables not included in this parameter will not beremoved) Expected format: container=,name=,valueFrom=,container=...,name=...,valueFrom=..., @@ -82,6 +80,17 @@ parameters: Values should not contain commas. type: string default: '' + container-docker-label-updates: + description: > + Use this to update or set the values of docker label variables that will be defined for the containers. + (Existing secrets variables not included in this parameter will not be removed) + + Expected format: + container=,=,=,container=...,=...,=..., + + Values should not contain commas. + type: string + default: '' force-new-deployment: description: | Whether to force a new deployment of the service. @@ -185,6 +194,7 @@ steps: container-image-name-updates: << parameters.container-image-name-updates >> container-env-var-updates: << parameters.container-env-var-updates >> container-secret-updates: << parameters.container-secret-updates >> + container-docker-label-updates: << parameters.container-docker-label-updates >> profile-name: << parameters.profile-name >> - when: condition: << parameters.skip-task-definition-registration >> diff --git a/src/commands/update-task-definition.yml b/src/commands/update-task-definition.yml index cdb12a95..6f2fe0dd 100644 --- a/src/commands/update-task-definition.yml +++ b/src/commands/update-task-definition.yml @@ -45,6 +45,17 @@ parameters: Values should not contain commas. type: string default: '' + container-docker-label-updates: + description: > + Use this to update or set the values of docker label variables that will be defined for the containers. + (Existing secrets variables not included in this parameter will not be removed) + + Expected format: + container=,=,=,container=...,=...,=..., + + Values should not contain commas. + type: string + default: '' profile-name: description: AWS profile name to be configured. type: string @@ -66,6 +77,7 @@ steps: ECS_PARAM_PROFILE_NAME: <> ECS_PARAM_PREVIOUS_REVISION_NUMBER: <> ECS_PARAM_CONTAINER_SECRET_UPDATES: <> + ECS_PARAM_CONTAINER_DOCKER_LABEL_UPDATES: << parameters.container-docker-label-updates >> - run: name: Register new task definition command: <> diff --git a/src/jobs/deploy-service-update.yml b/src/jobs/deploy-service-update.yml index fc820ab7..b65e01b2 100644 --- a/src/jobs/deploy-service-update.yml +++ b/src/jobs/deploy-service-update.yml @@ -126,6 +126,17 @@ parameters: Values should not contain commas. type: string default: '' + container-docker-label-updates: + description: > + Use this to update or set the values of docker label variables that will be defined for the containers. + (Existing secrets variables not included in this parameter will not be removed) + + Expected format: + container=,=,=,container=...,=...,=..., + + Values should not contain commas. + type: string + default: '' force-new-deployment: description: | Whether to force a new deployment of the service. @@ -242,6 +253,7 @@ steps: container-image-name-updates: << parameters.container-image-name-updates >> container-env-var-updates: << parameters.container-env-var-updates >> container-secret-updates: << parameters.container-secret-updates >> + container-docker-label-updates: << parameters.container-docker-label-updates >> force-new-deployment: << parameters.force-new-deployment >> verify-revision-is-deployed: << parameters.verify-revision-is-deployed >> max-poll-attempts: << parameters.max-poll-attempts >> diff --git a/src/jobs/update-task-definition.yml b/src/jobs/update-task-definition.yml index 4c4ff111..5a1b1375 100644 --- a/src/jobs/update-task-definition.yml +++ b/src/jobs/update-task-definition.yml @@ -78,6 +78,17 @@ parameters: Values should not contain commas. type: string default: '' + container-docker-label-updates: + description: > + Use this to update or set the values of docker label variables that will be defined for the containers. + (Existing secrets variables not included in this parameter will not be removed) + + Expected format: + container=,=,=,container=...,=...,=..., + + Values should not contain commas. + type: string + default: '' deploy-scheduled-task: description: > Set this parameter to true to deploy updated task definition to a scheduled task rule. @@ -96,8 +107,9 @@ steps: family: << parameters.family >> container-image-name-updates: << parameters.container-image-name-updates >> container-env-var-updates: << parameters.container-env-var-updates >> - profile-name: << parameters.profile-name >> container-secret-updates: << parameters.container-secret-updates >> + container-docker-label-updates: << parameters.container-docker-label-updates >> + profile-name: << parameters.profile-name >> - when: condition: <> steps: diff --git a/src/scripts/get-prev-task.sh b/src/scripts/get-prev-task.sh index 0437ae93..169100f3 100644 --- a/src/scripts/get-prev-task.sh +++ b/src/scripts/get-prev-task.sh @@ -6,6 +6,7 @@ ECS_PARAM_CONTAINER_IMAGE_NAME_UPDATES=$(eval echo "$ECS_PARAM_CONTAINER_IMAGE_N ECS_PARAM_CONTAINER_ENV_VAR_UPDATES=$(eval echo "$ECS_PARAM_CONTAINER_ENV_VAR_UPDATES") ECS_PARAM_PROFILE_NAME=$(eval echo "$ECS_PARAM_PROFILE_NAME") ECS_PARAM_CONTAINER_SECRET_UPDATES=$(eval echo "$ECS_PARAM_CONTAINER_SECRET_UPDATES") +ECS_PARAM_CONTAINER_DOCKER_LABEL_UPDATES=$(eval echo "$ECS_PARAM_CONTAINER_DOCKER_LABEL_UPDATES") if [ -n "${ECS_PARAM_PROFILE_NAME}" ]; then set -- "$@" --profile "${ECS_PARAM_PROFILE_NAME}" @@ -29,7 +30,7 @@ cat <<< "$ECS_SCRIPT_UPDATE_CONTAINER_DEFS" > "$UPDATE_CONTAINER_DEFS_SCRIPT_FIL # Prepare container definitions -CONTAINER_DEFS=$(python "$UPDATE_CONTAINER_DEFS_SCRIPT_FILE" "$PREVIOUS_TASK_DEFINITION" "$ECS_PARAM_CONTAINER_IMAGE_NAME_UPDATES" "$ECS_PARAM_CONTAINER_ENV_VAR_UPDATES" "$ECS_PARAM_CONTAINER_SECRET_UPDATES") +CONTAINER_DEFS=$(python "$UPDATE_CONTAINER_DEFS_SCRIPT_FILE" "$PREVIOUS_TASK_DEFINITION" "$ECS_PARAM_CONTAINER_IMAGE_NAME_UPDATES" "$ECS_PARAM_CONTAINER_ENV_VAR_UPDATES" "$ECS_PARAM_CONTAINER_SECRET_UPDATES" "$ECS_PARAM_CONTAINER_DOCKER_LABEL_UPDATES") # Escape single quotes from environment variables for BASH_ENV diff --git a/src/scripts/update_container_defs.py b/src/scripts/update_container_defs.py index 2810c547..f33ae4cf 100644 --- a/src/scripts/update_container_defs.py +++ b/src/scripts/update_container_defs.py @@ -2,10 +2,9 @@ import sys import json - # shellcheck disable=SC1036 # Hold-over from previous iteration. def run(previous_task_definition, container_image_name_updates, - container_env_var_updates, container_secret_updates): + container_env_var_updates, container_secret_updates, container_docker_label_updates): try: definition = json.loads(previous_task_definition) container_definitions = definition['taskDefinition']['containerDefinitions'] @@ -61,6 +60,38 @@ def run(previous_task_definition, container_image_name_updates, except: raise Exception('Environment variable update parameter could not be processed; please check parameter value: ' + container_env_var_updates) + # Expected format: container=...,string=...,string=...,container=...,string=...,string= + + try: + docker_label_kv_pairs = container_docker_label_updates.split(',') + for index, kv_pair in enumerate(docker_label_kv_pairs): + kv = kv_pair.split('=') + key = kv[0].strip() + + if key == 'container': + container_name = kv[1].strip() + docker_label_kv = docker_label_kv_pairs[index+1].split('=') + docker_label_key = docker_label_kv[0].strip() + docker_label_value = docker_label_kv[1].strip() + container_entry = container_map.get(container_name) + if container_entry is None: + raise ValueError('The container ' + container_name + ' is not defined in the existing task definition') + container_index = container_entry['index'] + docker_label_entry = container_entry['environment_map'].get(docker_label_key) + if docker_label_entry is None: + # The existing container definition does not contain environment variables + if container_definitions[container_index].get('dockerLabels') is None: + container_definitions[container_index]['dockerLabels'] = {} + # This env var does not exist in the existing container definition + container_definitions[container_index]['dockerLabels'][docker_label_key] = docker_label_value + else: + docker_label_index = docker_label_entry['index'] + container_definitions[container_index]['dockerLabels'][docker_label_index][docker_label_key] = docker_label_value + except ValueError as value_error: + raise value_error + except: + raise Exception('Docker label update parameter could not be processed; please check parameter value: ' + container_docker_label_updates) + # Expected format: container=...,name=...,valueFrom=...,container=...,name=...,valueFrom=... try: @@ -143,7 +174,7 @@ def run(previous_task_definition, container_image_name_updates, if __name__ == '__main__': try: - print(run(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])) + print(run(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4], sys.argv[5])) except Exception as e: sys.stderr.write(str(e) + "\n") exit(1) From bb3894c3cc20197f67a3b8b003e078362aeb5ee2 Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Fri, 19 Aug 2022 13:41:33 -0700 Subject: [PATCH 02/16] chore: updated terraform and python versions --- .circleci/test-deploy.yml | 533 +++++++++++++++++++------------------- 1 file changed, 268 insertions(+), 265 deletions(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index ce0afaf3..57e85ffe 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -11,7 +11,7 @@ filters: &filters jobs: pytest: docker: - - image: cimg/python:3.7.9 + - image: cimg/python:3.10.4 steps: - checkout - restore_cache: @@ -118,7 +118,7 @@ jobs: parameters: terraform-image: type: string - default: hashicorp/terraform:1.1.9 + default: hashicorp/terraform:3.1.0 aws-resource-name-prefix: type: string terraform-config-dir: @@ -134,6 +134,7 @@ jobs: circleci step halt fi - checkout + - run: name: terraform init command: | @@ -359,194 +360,194 @@ workflows: test-deploy: jobs: # Make sure to include "filters: *filters" in every test job you want to run as part of your deployment. - - integration-test-ecs-cli-install: - version: "v1.9.0" - matrix: - parameters: - executor: [linux, mac] - filters: *filters + # - integration-test-ecs-cli-install: + # version: "v1.9.0" + # matrix: + # parameters: + # executor: [linux, mac] + # filters: *filters ################# # Fargate ################# - - build-test-app: - name: fargate_build-test-app - docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" - docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}:${CIRCLE_SHA1}" - context: [CPE_ORBS_AWS] - filters: *filters - - set-up-test-env: - name: fargate_set-up-test-env - filters: *filters - requires: - - fargate_build-test-app - aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_FARGATE} - terraform-config-dir: "tests/terraform_setup/fargate" - context: [CPE_ORBS_AWS] - - test-service-update: - name: fargate_test-update-service-command - filters: *filters - requires: - - fargate_set-up-test-env - aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_FARGATE} - family-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" - service-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" - docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" - docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}:${CIRCLE_SHA1}" - context: [CPE_ORBS_AWS] - - aws-ecs/deploy-service-update: - name: fargate_test-update-service-job - docker-image-for-job: cimg/python:3.10.4 - filters: *filters - requires: - - fargate_test-update-service-command - aws-access-key-id: AWS_ACCESS_KEY_ID - aws-region: AWS_DEFAULT_REGION - profile-name: "ECS_TEST_PROFILE" - family: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" - cluster: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-cluster" - container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service,name=VERSION_INFO,value="${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service,name=BUILD_DATE,value=$(date)' - # test the force-new-deployment flag - force-new-deployment: true - verify-revision-is-deployed: true - max-poll-attempts: 40 - poll-interval: 10 - context: [CPE_ORBS_AWS] - post-steps: - - test-deployment: - service-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" - cluster: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-cluster" - - aws-ecs/deploy-service-update: - name: fargate_test-update-service-skip-registration - docker-image-for-job: cimg/python:3.10.4 - filters: *filters - requires: - - fargate_test-update-service-job - aws-access-key-id: AWS_ACCESS_KEY_ID - aws-region: AWS_DEFAULT_REGION - profile-name: "ECS_TEST_PROFILE" - family: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" - cluster: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-cluster" - # test skipping registration of a new task definition - skip-task-definition-registration: true - # test the enable-circuit-breaker flag - enable-circuit-breaker: true - verify-revision-is-deployed: true - max-poll-attempts: 40 - poll-interval: 10 - context: [CPE_ORBS_AWS] - - tear-down-test-env: - name: fargate_tear-down-test-env - filters: *filters - requires: - - fargate_test-update-service-skip-registration - - test-fargatespot - aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_FARGATE} - terraform-config-dir: "tests/terraform_setup/fargate" - context: [CPE_ORBS_AWS] + # - build-test-app: + # name: fargate_build-test-app + # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" + # docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}:${CIRCLE_SHA1}" + # context: [CPE_ORBS_AWS] + # filters: *filters + # - set-up-test-env: + # name: fargate_set-up-test-env + # filters: *filters + # requires: + # - fargate_build-test-app + # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_FARGATE} + # terraform-config-dir: "tests/terraform_setup/fargate" + # context: [CPE_ORBS_AWS] + # - test-service-update: + # name: fargate_test-update-service-command + # filters: *filters + # requires: + # - fargate_set-up-test-env + # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_FARGATE} + # family-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" + # service-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" + # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" + # docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}:${CIRCLE_SHA1}" + # context: [CPE_ORBS_AWS] + # - aws-ecs/deploy-service-update: + # name: fargate_test-update-service-job + # docker-image-for-job: cimg/python:3.10.4 + # filters: *filters + # requires: + # - fargate_test-update-service-command + # aws-access-key-id: AWS_ACCESS_KEY_ID + # aws-region: AWS_DEFAULT_REGION + # profile-name: "ECS_TEST_PROFILE" + # family: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" + # cluster: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-cluster" + # container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service,name=VERSION_INFO,value="${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service,name=BUILD_DATE,value=$(date)' + # # test the force-new-deployment flag + # force-new-deployment: true + # verify-revision-is-deployed: true + # max-poll-attempts: 40 + # poll-interval: 10 + # context: [CPE_ORBS_AWS] + # post-steps: + # - test-deployment: + # service-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" + # cluster: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-cluster" + # - aws-ecs/deploy-service-update: + # name: fargate_test-update-service-skip-registration + # docker-image-for-job: cimg/python:3.10.4 + # filters: *filters + # requires: + # - fargate_test-update-service-job + # aws-access-key-id: AWS_ACCESS_KEY_ID + # aws-region: AWS_DEFAULT_REGION + # profile-name: "ECS_TEST_PROFILE" + # family: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" + # cluster: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-cluster" + # # test skipping registration of a new task definition + # skip-task-definition-registration: true + # # test the enable-circuit-breaker flag + # enable-circuit-breaker: true + # verify-revision-is-deployed: true + # max-poll-attempts: 40 + # poll-interval: 10 + # context: [CPE_ORBS_AWS] + # - tear-down-test-env: + # name: fargate_tear-down-test-env + # filters: *filters + # requires: + # - fargate_test-update-service-skip-registration + # - test-fargatespot + # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_FARGATE} + # terraform-config-dir: "tests/terraform_setup/fargate" + # context: [CPE_ORBS_AWS] ################# # EC2 ################# - - build-test-app: - name: ec2_build-test-app - docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" - docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}:${CIRCLE_SHA1}" - context: [CPE_ORBS_AWS] - filters: *filters - - set-up-test-env: - name: ec2_set-up-test-env - filters: *filters - requires: - - ec2_build-test-app - aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_EC2} - terraform-config-dir: "tests/terraform_setup/ec2" - context: [CPE_ORBS_AWS] - - set-up-run-task-test: - name: ec2_set-up-run-task-test - filters: *filters - requires: - - ec2_set-up-test-env - family-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-sleep360" - context: [CPE_ORBS_AWS] - - aws-ecs/run-task: - name: ec2_run-task-test - filters: *filters - requires: - - ec2_set-up-run-task-test - cluster: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster" - aws-region: AWS_DEFAULT_REGION - task-definition: "${AWS_RESOURCE_NAME_PREFIX_EC2}-sleep360" - launch-type: "EC2" - awsvpc: false - run-task-output: "run-task-output.json" - overrides: '{"containerOverrides":[{"name": "${INTERPOLATION_TEST}", "memory": 512}]}' - context: [CPE_ORBS_AWS] - - tear-down-run-task-test: - name: ec2_tear-down-run-task-test - filters: *filters - requires: - - ec2_run-task-test - family-name: ${AWS_RESOURCE_NAME_PREFIX_EC2}-sleep360 - context: [CPE_ORBS_AWS] + # - build-test-app: + # name: ec2_build-test-app + # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" + # docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}:${CIRCLE_SHA1}" + # context: [CPE_ORBS_AWS] + # filters: *filters + # - set-up-test-env: + # name: ec2_set-up-test-env + # filters: *filters + # requires: + # - ec2_build-test-app + # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_EC2} + # terraform-config-dir: "tests/terraform_setup/ec2" + # context: [CPE_ORBS_AWS] + # - set-up-run-task-test: + # name: ec2_set-up-run-task-test + # filters: *filters + # requires: + # - ec2_set-up-test-env + # family-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-sleep360" + # context: [CPE_ORBS_AWS] + # - aws-ecs/run-task: + # name: ec2_run-task-test + # filters: *filters + # requires: + # - ec2_set-up-run-task-test + # cluster: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster" + # aws-region: AWS_DEFAULT_REGION + # task-definition: "${AWS_RESOURCE_NAME_PREFIX_EC2}-sleep360" + # launch-type: "EC2" + # awsvpc: false + # run-task-output: "run-task-output.json" + # overrides: '{"containerOverrides":[{"name": "${INTERPOLATION_TEST}", "memory": 512}]}' + # context: [CPE_ORBS_AWS] + # - tear-down-run-task-test: + # name: ec2_tear-down-run-task-test + # filters: *filters + # requires: + # - ec2_run-task-test + # family-name: ${AWS_RESOURCE_NAME_PREFIX_EC2}-sleep360 + # context: [CPE_ORBS_AWS] - - test-service-update: - name: ec2_test-update-service-command - filters: *filters - requires: - - ec2_set-up-test-env - aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_EC2} - family-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-family" - service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service" - docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" - docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}:${CIRCLE_SHA1}" - context: [CPE_ORBS_AWS] - - test-task-definition-update: - name: ec2_test-task-definition-update - family-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-family" - context: [CPE_ORBS_AWS] - filters: *filters - requires: - - ec2_test-update-service-command - - aws-ecs/deploy-service-update: - name: ec2_test-update-service-job - docker-image-for-job: cimg/python:3.10.4 - context: [CPE_ORBS_AWS] - filters: *filters - requires: - - ec2_test-task-definition-update - aws-access-key-id: AWS_ACCESS_KEY_ID - aws-region: AWS_DEFAULT_REGION - family: "${AWS_RESOURCE_NAME_PREFIX_EC2}-family" - service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service" - cluster: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster" - container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_EC2}-service,name=VERSION_INFO,value="Asterisk * expansion test ${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_EC2}-service,name=BUILD_DATE,value=$(date)' - verify-revision-is-deployed: true - fail-on-verification-timeout: false - post-steps: - - test-deployment: - service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service" - cluster: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster" - test-asterisk-expansion: true + # - test-service-update: + # name: ec2_test-update-service-command + # filters: *filters + # requires: + # - ec2_set-up-test-env + # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_EC2} + # family-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-family" + # service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service" + # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" + # docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}:${CIRCLE_SHA1}" + # context: [CPE_ORBS_AWS] + # - test-task-definition-update: + # name: ec2_test-task-definition-update + # family-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-family" + # context: [CPE_ORBS_AWS] + # filters: *filters + # requires: + # - ec2_test-update-service-command + # - aws-ecs/deploy-service-update: + # name: ec2_test-update-service-job + # docker-image-for-job: cimg/python:3.10.4 + # context: [CPE_ORBS_AWS] + # filters: *filters + # requires: + # - ec2_test-task-definition-update + # aws-access-key-id: AWS_ACCESS_KEY_ID + # aws-region: AWS_DEFAULT_REGION + # family: "${AWS_RESOURCE_NAME_PREFIX_EC2}-family" + # service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service" + # cluster: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster" + # container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_EC2}-service,name=VERSION_INFO,value="Asterisk * expansion test ${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_EC2}-service,name=BUILD_DATE,value=$(date)' + # verify-revision-is-deployed: true + # fail-on-verification-timeout: false + # post-steps: + # - test-deployment: + # service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service" + # cluster: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster" + # test-asterisk-expansion: true - - tear-down-test-env: - name: ec2_tear-down-test-env - filters: *filters - requires: - - ec2_test-update-service-job - - ec2_tear-down-run-task-test - aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_EC2} - terraform-config-dir: "tests/terraform_setup/ec2" - context: [CPE_ORBS_AWS] + # - tear-down-test-env: + # name: ec2_tear-down-test-env + # filters: *filters + # requires: + # - ec2_test-update-service-job + # - ec2_tear-down-run-task-test + # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_EC2} + # terraform-config-dir: "tests/terraform_setup/ec2" + # context: [CPE_ORBS_AWS] # ################# # # FargateSpot # ################# - - test-fargatespot: - context: [CPE_ORBS_AWS] - filters: *filters - requires: - - fargate_set-up-test-env + # - test-fargatespot: + # context: [CPE_ORBS_AWS] + # filters: *filters + # requires: + # - fargate_set-up-test-env ################# # CodeDeploy @@ -566,103 +567,105 @@ workflows: aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE} terraform-config-dir: "tests/terraform_setup/fargate_codedeploy" context: [CPE_ORBS_AWS] - - test-service-update: - name: codedeploy_fargate_test-update-service-command - filters: *filters - requires: - - codedeploy_fargate_set-up-test-env - aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE} - family-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" - docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}:${CIRCLE_SHA1}" - skip-service-update: true - context: [CPE_ORBS_AWS] - - aws-ecs/deploy-service-update: - name: codedeploy_fargate_test-update-service-job - docker-image-for-job: cimg/python:3.10.4 - filters: *filters - requires: - - codedeploy_fargate_test-update-service-command - aws-access-key-id: AWS_ACCESS_KEY_ID - aws-region: AWS_DEFAULT_REGION - family: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" - container-image-name-updates: "container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,image-and-tag=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}:${CIRCLE_SHA1}" - container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=VERSION_INFO,value="${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=BUILD_DATE,value=$(date)' - deployment-controller: "CODE_DEPLOY" - codedeploy-application-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeployapp" - codedeploy-deployment-group-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeploygroup" - codedeploy-load-balanced-container-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - codedeploy-load-balanced-container-port: 8080 - codedeploy-capacity-provider-name: "FARGATE" - codedeploy-capacity-provider-base: "1" - codedeploy-capacity-provider-weight: "2" - verify-revision-is-deployed: false - context: [CPE_ORBS_AWS] - post-steps: - - wait-for-codedeploy-deployment: - application-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeployapp" - deployment-group-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeploygroup" - - test-deployment: - service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" - delete-load-balancer: false - - aws-ecs/deploy-service-update: - name: codedeploy_fargate_test-update-and-wait-service-job - docker-image-for-job: cimg/python:3.10.4 - context: [CPE_ORBS_AWS] - filters: *filters - requires: - - codedeploy_fargate_test-update-service-job - aws-access-key-id: AWS_ACCESS_KEY_ID - aws-region: AWS_DEFAULT_REGION - family: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" - container-image-name-updates: "container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,image-and-tag=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}:${CIRCLE_SHA1}" - container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=VERSION_INFO,value="${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=BUILD_DATE,value=$(date)' - deployment-controller: "CODE_DEPLOY" - codedeploy-application-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeployapp" - codedeploy-deployment-group-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeploygroup" - codedeploy-load-balanced-container-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - codedeploy-load-balanced-container-port: 8080 - verify-revision-is-deployed: true - verification-timeout: "12m" - post-steps: - - test-deployment: - service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" - delete-load-balancer: true - - delete-service: - service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" + # - test-service-update: + # name: codedeploy_fargate_test-update-service-command + # filters: *filters + # requires: + # - codedeploy_fargate_set-up-test-env + # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE} + # family-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + # service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" + # docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}:${CIRCLE_SHA1}" + # skip-service-update: true + # context: [CPE_ORBS_AWS] + # - aws-ecs/deploy-service-update: + # name: codedeploy_fargate_test-update-service-job + # docker-image-for-job: cimg/python:3.10.4 + # filters: *filters + # requires: + # - codedeploy_fargate_test-update-service-command + # aws-access-key-id: AWS_ACCESS_KEY_ID + # aws-region: AWS_DEFAULT_REGION + # family: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + # cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" + # container-image-name-updates: "container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,image-and-tag=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}:${CIRCLE_SHA1}" + # container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=VERSION_INFO,value="${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=BUILD_DATE,value=$(date)' + # deployment-controller: "CODE_DEPLOY" + # codedeploy-application-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeployapp" + # codedeploy-deployment-group-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeploygroup" + # codedeploy-load-balanced-container-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + # codedeploy-load-balanced-container-port: 8080 + # codedeploy-capacity-provider-name: "FARGATE" + # codedeploy-capacity-provider-base: "1" + # codedeploy-capacity-provider-weight: "2" + # verify-revision-is-deployed: false + # context: [CPE_ORBS_AWS] + # post-steps: + # - wait-for-codedeploy-deployment: + # application-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeployapp" + # deployment-group-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeploygroup" + # - test-deployment: + # service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + # cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" + # delete-load-balancer: false + # - aws-ecs/deploy-service-update: + # name: codedeploy_fargate_test-update-and-wait-service-job + # docker-image-for-job: cimg/python:3.10.4 + # context: [CPE_ORBS_AWS] + # filters: *filters + # requires: + # - codedeploy_fargate_test-update-service-job + # aws-access-key-id: AWS_ACCESS_KEY_ID + # aws-region: AWS_DEFAULT_REGION + # family: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + # cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" + # container-image-name-updates: "container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,image-and-tag=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}:${CIRCLE_SHA1}" + # container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=VERSION_INFO,value="${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=BUILD_DATE,value=$(date)' + # deployment-controller: "CODE_DEPLOY" + # codedeploy-application-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeployapp" + # codedeploy-deployment-group-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeploygroup" + # codedeploy-load-balanced-container-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + # codedeploy-load-balanced-container-port: 8080 + # verify-revision-is-deployed: true + # verification-timeout: "12m" + # post-steps: + # - test-deployment: + # service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + # cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" + # delete-load-balancer: true + # - delete-service: + # service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + # cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" - tear-down-test-env: name: codedeploy_fargate_tear-down-test-env requires: - - codedeploy_fargate_test-update-and-wait-service-job + - codedeploy_fargate_set-up-test-env + # requires: + # - codedeploy_fargate_test-update-and-wait-service-job terraform-image: "hashicorp/terraform:1.1.9" aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE} terraform-config-dir: "tests/terraform_setup/fargate_codedeploy" context: [CPE_ORBS_AWS] filters: *filters - - orb-tools/pack: - filters: *filters - - orb-tools/publish: - orb-name: circleci/aws-ecs - vcs-type: << pipeline.project.type >> - pub-type: production - requires: - - orb-tools/pack - - ec2_tear-down-test-env - - fargate_tear-down-test-env - - codedeploy_fargate_tear-down-test-env - - integration-test-ecs-cli-install - context: orb-publisher - filters: - branches: - ignore: /.*/ - tags: - only: /^v[0-9]+\.[0-9]+\.[0-9]+$/ + # - orb-tools/pack: + # filters: *filters + # - orb-tools/publish: + # orb-name: circleci/aws-ecs + # vcs-type: << pipeline.project.type >> + # pub-type: production + # requires: + # - orb-tools/pack + # - ec2_tear-down-test-env + # - fargate_tear-down-test-env + # - codedeploy_fargate_tear-down-test-env + # - integration-test-ecs-cli-install + # context: orb-publisher + # filters: + # branches: + # ignore: /.*/ + # tags: + # only: /^v[0-9]+\.[0-9]+\.[0-9]+$/ commands: wait-for-codedeploy-deployment: description: "Wait for the CodeDeploy deployment to be successful" From 564d4f54bd9c5a1aacbf0304fe564457460ac369 Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Mon, 22 Aug 2022 14:43:58 -0700 Subject: [PATCH 03/16] feat: added when conditional to install aws cli --- .circleci/test-deploy.yml | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 57e85ffe..12e574ac 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -2,7 +2,7 @@ version: 2.1 orbs: aws-ecs: circleci/aws-ecs@dev:<> orb-tools: circleci/orb-tools@11.1 - aws-cli: circleci/aws-cli@3.1 + aws-cli: circleci/aws-cli@dev:alpha jq: circleci/jq@2.2 filters: &filters @@ -118,11 +118,27 @@ jobs: parameters: terraform-image: type: string - default: hashicorp/terraform:3.1.0 + default: "hashicorp/terraform:1.1.9" aws-resource-name-prefix: type: string terraform-config-dir: type: string + profile-name: + type: string + default: 'default' + role-arn: + type: string + default: '' + role-session-name: + type: string + default: '${CIRCLE_JOB}' + aws-access-key-id: + type: env_var_name + default: AWS_ACCESS_KEY_ID + aws-secret-access-key: + type: env_var_name + default: AWS_SECRET_ACCESS_KEY + docker: - image: << parameters.terraform-image >> steps: @@ -134,7 +150,15 @@ jobs: circleci step halt fi - checkout - + - when: + condition: << parameters.role-arn >> + steps: + - aws-cli/setup: + profile-name: << parameters.profile-name >> + role-arn: << parameters.role-arn >> + aws-secret-access-key: << parameters.aws-secret-access-key >> + aws-access-key-id: << parameters.aws-access-key-id >> + role-session-name: << parameters.role-session-name >> - run: name: terraform init command: | @@ -566,7 +590,9 @@ workflows: terraform-image: "hashicorp/terraform:1.1.9" aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE} terraform-config-dir: "tests/terraform_setup/fargate_codedeploy" - context: [CPE_ORBS_AWS] + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECR_OIDC_TEST" + # role-session-name: # - test-service-update: # name: codedeploy_fargate_test-update-service-command # filters: *filters From 8e028236fc2ddfe0dbd8301d2e6426a58e3940d9 Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Fri, 26 Aug 2022 12:05:38 -0700 Subject: [PATCH 04/16] fix: added new role-arn --- .circleci/test-deploy.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 12e574ac..92249776 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -2,7 +2,7 @@ version: 2.1 orbs: aws-ecs: circleci/aws-ecs@dev:<> orb-tools: circleci/orb-tools@11.1 - aws-cli: circleci/aws-cli@dev:alpha + aws-cli: circleci/aws-cli@3.1 jq: circleci/jq@2.2 filters: &filters @@ -156,8 +156,6 @@ jobs: - aws-cli/setup: profile-name: << parameters.profile-name >> role-arn: << parameters.role-arn >> - aws-secret-access-key: << parameters.aws-secret-access-key >> - aws-access-key-id: << parameters.aws-access-key-id >> role-session-name: << parameters.role-session-name >> - run: name: terraform init @@ -591,7 +589,7 @@ workflows: aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE} terraform-config-dir: "tests/terraform_setup/fargate_codedeploy" context: [CPE-OIDC] - role-arn: "arn:aws:iam::122211685980:role/CPE_ECR_OIDC_TEST" + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" # role-session-name: # - test-service-update: # name: codedeploy_fargate_test-update-service-command From 8f751f4f1ae0bdcdcc0a0025c50a1204c48e7d69 Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Fri, 26 Aug 2022 14:23:11 -0700 Subject: [PATCH 05/16] feat: added oidc tokens to terraform --- tests/terraform_setup/fargate_codedeploy/terraform.tf | 1 + tests/terraform_setup/fargate_codedeploy/variables.tf | 1 + 2 files changed, 2 insertions(+) diff --git a/tests/terraform_setup/fargate_codedeploy/terraform.tf b/tests/terraform_setup/fargate_codedeploy/terraform.tf index 369231f7..08d7132f 100644 --- a/tests/terraform_setup/fargate_codedeploy/terraform.tf +++ b/tests/terraform_setup/fargate_codedeploy/terraform.tf @@ -16,6 +16,7 @@ terraform { provider "aws" { access_key = var.aws_access_key secret_key = var.aws_secret_key + token = var.aws_session_token region = var.aws_region } diff --git a/tests/terraform_setup/fargate_codedeploy/variables.tf b/tests/terraform_setup/fargate_codedeploy/variables.tf index 9edc0989..0cabe726 100644 --- a/tests/terraform_setup/fargate_codedeploy/variables.tf +++ b/tests/terraform_setup/fargate_codedeploy/variables.tf @@ -1,6 +1,7 @@ variable "aws_access_key" {} variable "aws_secret_key" {} variable "aws_account_id" {} +variable "aws_session_token" {} variable "aws_region" { description = "AWS region e.g. us-east-1 (Please specify a region supported by the Fargate launch type)" } From 83716236dfaa6244150d30dca8337372f24e6e73 Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Fri, 26 Aug 2022 15:13:05 -0700 Subject: [PATCH 06/16] fix: add -var flag to terraform command --- .circleci/test-deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 92249776..853f9312 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -170,6 +170,7 @@ jobs: -input=false \ -var "aws_access_key=${AWS_ACCESS_KEY_ID}" \ -var "aws_secret_key=${AWS_SECRET_ACCESS_KEY}" \ + -var "aws_session_token=${AWS_SESSION_TOKEN}" \ -var "aws_region=${AWS_DEFAULT_REGION}" \ -var "aws_account_id=${AWS_ACCOUNT_ID}" \ -var "aws_resource_prefix=<< parameters.aws-resource-name-prefix >>" \ From 9c066fb9442321b109d1c8f05b7fc8db8dddbb1d Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Mon, 29 Aug 2022 10:59:51 -0700 Subject: [PATCH 07/16] chore: updated context --- .circleci/test-deploy.yml | 226 ++++++++++++++++------------- src/jobs/deploy-service-update.yml | 38 ++++- 2 files changed, 157 insertions(+), 107 deletions(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 853f9312..ccdfe189 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -59,7 +59,7 @@ jobs: --cluster "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-cluster" \ --capacity-providers FARGATE FARGATE_SPOT \ --default-capacity-provider-strategy capacityProvider=FARGATE,weight=1 \ - --region ${AWS_DEFAULT_REGION} + --region ${AWS_REGION} - run: name: Register task definition command: | @@ -78,7 +78,7 @@ jobs: security-group-ids: $SECURITY_GROUP_IDS_FETCHED build-test-app: docker: - - image: cimg/go:1.18.1 + - image: cimg/go:1.19 parameters: docker-image-namespace: description: "The namespace in which the built Docker image will be published" @@ -129,9 +129,6 @@ jobs: role-arn: type: string default: '' - role-session-name: - type: string - default: '${CIRCLE_JOB}' aws-access-key-id: type: env_var_name default: AWS_ACCESS_KEY_ID @@ -156,7 +153,6 @@ jobs: - aws-cli/setup: profile-name: << parameters.profile-name >> role-arn: << parameters.role-arn >> - role-session-name: << parameters.role-session-name >> - run: name: terraform init command: | @@ -171,7 +167,7 @@ jobs: -var "aws_access_key=${AWS_ACCESS_KEY_ID}" \ -var "aws_secret_key=${AWS_SECRET_ACCESS_KEY}" \ -var "aws_session_token=${AWS_SESSION_TOKEN}" \ - -var "aws_region=${AWS_DEFAULT_REGION}" \ + -var "aws_region=${AWS_REGION}" \ -var "aws_account_id=${AWS_ACCOUNT_ID}" \ -var "aws_resource_prefix=<< parameters.aws-resource-name-prefix >>" \ -out tfplan @@ -207,14 +203,17 @@ jobs: description: "The profile name to use for AWS credentials" type: string default: "default" + role-arn: + type: string + default: '' steps: - checkout - setup_remote_docker - attach_workspace: at: workspace - aws-cli/setup: - aws-access-key-id: AWS_ACCESS_KEY_ID - aws-region: AWS_DEFAULT_REGION + profile-name: << parameters.profile-name >> + role-arn: << parameters.role-arn >> - run: name: Load image command: | @@ -225,15 +224,18 @@ jobs: echo 'export ECR_REPOSITORY_NAME="<< parameters.aws-resource-name-prefix >>"' >> $BASH_ENV echo 'export ECS_CLUSTER_NAME="<< parameters.aws-resource-name-prefix >>-cluster"' >> $BASH_ENV echo 'export ECS_SERVICE_NAME="<< parameters.aws-resource-name-prefix >>-service"' >> $BASH_ENV - echo 'export FULL_IMAGE_NAME="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${ECR_REPOSITORY_NAME}:${CIRCLE_SHA1}"' >> $BASH_ENV + echo 'export FULL_IMAGE_NAME="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${ECR_REPOSITORY_NAME}:${CIRCLE_SHA1}"' >> $BASH_ENV - run: name: Push image command: | - aws ecr get-login-password --region $AWS_DEFAULT_REGION --profile "<>" | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com + aws ecr get-login-password --region $AWS_REGION --profile "<>" | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com docker push $FULL_IMAGE_NAME - unless: condition: << parameters.skip-service-update >> steps: + - aws-cli/setup: + profile-name: << parameters.profile-name >> + role-arn: << parameters.role-arn >> - aws-ecs/update-service: family: "<< parameters.family-name >>" service-name: "<< parameters.service-name >>" @@ -257,7 +259,7 @@ jobs: - checkout - aws-cli/setup: aws-access-key-id: AWS_ACCESS_KEY_ID - aws-region: AWS_DEFAULT_REGION + aws-region: AWS_REGION - run: name: Get existing task definition command: | @@ -282,7 +284,7 @@ jobs: - checkout - aws-cli/setup: aws-access-key-id: AWS_ACCESS_KEY_ID - aws-region: AWS_DEFAULT_REGION + aws-region: AWS_REGION - run: name: Register task definition command: | @@ -301,7 +303,7 @@ jobs: - checkout - aws-cli/setup: aws-access-key-id: AWS_ACCESS_KEY_ID - aws-region: AWS_DEFAULT_REGION + aws-region: AWS_REGION - run: name: Deregister task definition command: | @@ -317,6 +319,18 @@ jobs: type: string terraform-config-dir: type: string + aws-access-key-id: + type: env_var_name + default: AWS_ACCESS_KEY_ID + aws-secret-access-key: + type: env_var_name + default: AWS_SECRET_ACCESS_KEY + profile-name: + type: string + default: 'default' + role-arn: + type: string + default: '' docker: - image: << parameters.terraform-image >> steps: @@ -328,6 +342,12 @@ jobs: circleci step halt fi - checkout + - when: + condition: << parameters.role-arn >> + steps: + - aws-cli/setup: + profile-name: << parameters.profile-name >> + role-arn: << parameters.role-arn >> - run: name: terraform init command: | @@ -341,17 +361,18 @@ jobs: if [ "$(terraform destroy -input=false -auto-approve \ -var "aws_access_key=${AWS_ACCESS_KEY_ID}" \ -var "aws_secret_key=${AWS_SECRET_ACCESS_KEY}" \ + -var "aws_session_token=${AWS_SESSION_TOKEN}" \ -var "aws_region=${AWS_DEFAULT_REGION}" \ -var "aws_account_id=${AWS_ACCOUNT_ID}" \ -var "aws_resource_prefix=<< parameters.aws-resource-name-prefix >>" > /dev/null; echo $?)" -ne 0 ]; then - echo "retrying terraform destroy" + echo "Retrying terraform destroy" terraform destroy \ -input=false \ -auto-approve \ -var "aws_access_key=${AWS_ACCESS_KEY_ID}" \ - -var "aws_secret_key=${AWS_SECRET_ACCESS_KEY}" \ + -var "aws_secret_key=${AWS_SECRET_ACCESS_KEY}" \ -var "aws_region=${AWS_DEFAULT_REGION}" \ -var "aws_account_id=${AWS_ACCOUNT_ID}" \ -var "aws_resource_prefix=<< parameters.aws-resource-name-prefix >>" @@ -394,7 +415,7 @@ workflows: ################# # - build-test-app: # name: fargate_build-test-app - # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" + # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" # docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}:${CIRCLE_SHA1}" # context: [CPE_ORBS_AWS] # filters: *filters @@ -414,7 +435,7 @@ workflows: # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_FARGATE} # family-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" # service-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" - # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" + # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" # docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}:${CIRCLE_SHA1}" # context: [CPE_ORBS_AWS] # - aws-ecs/deploy-service-update: @@ -424,7 +445,7 @@ workflows: # requires: # - fargate_test-update-service-command # aws-access-key-id: AWS_ACCESS_KEY_ID - # aws-region: AWS_DEFAULT_REGION + # aws-region: AWS_REGION # profile-name: "ECS_TEST_PROFILE" # family: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" # cluster: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-cluster" @@ -446,7 +467,7 @@ workflows: # requires: # - fargate_test-update-service-job # aws-access-key-id: AWS_ACCESS_KEY_ID - # aws-region: AWS_DEFAULT_REGION + # aws-region: AWS_REGION # profile-name: "ECS_TEST_PROFILE" # family: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" # cluster: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-cluster" @@ -473,7 +494,7 @@ workflows: ################# # - build-test-app: # name: ec2_build-test-app - # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" + # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" # docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}:${CIRCLE_SHA1}" # context: [CPE_ORBS_AWS] # filters: *filters @@ -498,7 +519,7 @@ workflows: # requires: # - ec2_set-up-run-task-test # cluster: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster" - # aws-region: AWS_DEFAULT_REGION + # aws-region: AWS_REGION # task-definition: "${AWS_RESOURCE_NAME_PREFIX_EC2}-sleep360" # launch-type: "EC2" # awsvpc: false @@ -521,7 +542,7 @@ workflows: # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_EC2} # family-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-family" # service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service" - # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" + # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" # docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}:${CIRCLE_SHA1}" # context: [CPE_ORBS_AWS] # - test-task-definition-update: @@ -539,7 +560,7 @@ workflows: # requires: # - ec2_test-task-definition-update # aws-access-key-id: AWS_ACCESS_KEY_ID - # aws-region: AWS_DEFAULT_REGION + # aws-region: AWS_REGION # family: "${AWS_RESOURCE_NAME_PREFIX_EC2}-family" # service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service" # cluster: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster" @@ -577,9 +598,9 @@ workflows: ################# - build-test-app: name: codedeploy_fargate_build-test-app - docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" + docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}:${CIRCLE_SHA1}" - context: [CPE_ORBS_AWS] + context: [CPE-OIDC] filters: *filters - set-up-test-env: name: codedeploy_fargate_set-up-test-env @@ -590,88 +611,91 @@ workflows: aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE} terraform-config-dir: "tests/terraform_setup/fargate_codedeploy" context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + - test-service-update: + name: codedeploy_fargate_test-update-service-command + filters: *filters + requires: + - codedeploy_fargate_set-up-test-env + aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE} + family-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" + docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}:${CIRCLE_SHA1}" role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" - # role-session-name: - # - test-service-update: - # name: codedeploy_fargate_test-update-service-command - # filters: *filters - # requires: - # - codedeploy_fargate_set-up-test-env - # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE} - # family-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - # service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com" - # docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}:${CIRCLE_SHA1}" - # skip-service-update: true - # context: [CPE_ORBS_AWS] - # - aws-ecs/deploy-service-update: - # name: codedeploy_fargate_test-update-service-job - # docker-image-for-job: cimg/python:3.10.4 - # filters: *filters - # requires: - # - codedeploy_fargate_test-update-service-command - # aws-access-key-id: AWS_ACCESS_KEY_ID - # aws-region: AWS_DEFAULT_REGION - # family: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - # cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" - # container-image-name-updates: "container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,image-and-tag=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}:${CIRCLE_SHA1}" - # container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=VERSION_INFO,value="${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=BUILD_DATE,value=$(date)' - # deployment-controller: "CODE_DEPLOY" - # codedeploy-application-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeployapp" - # codedeploy-deployment-group-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeploygroup" - # codedeploy-load-balanced-container-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - # codedeploy-load-balanced-container-port: 8080 - # codedeploy-capacity-provider-name: "FARGATE" - # codedeploy-capacity-provider-base: "1" - # codedeploy-capacity-provider-weight: "2" - # verify-revision-is-deployed: false - # context: [CPE_ORBS_AWS] - # post-steps: - # - wait-for-codedeploy-deployment: - # application-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeployapp" - # deployment-group-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeploygroup" - # - test-deployment: - # service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - # cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" - # delete-load-balancer: false - # - aws-ecs/deploy-service-update: - # name: codedeploy_fargate_test-update-and-wait-service-job - # docker-image-for-job: cimg/python:3.10.4 - # context: [CPE_ORBS_AWS] - # filters: *filters - # requires: - # - codedeploy_fargate_test-update-service-job - # aws-access-key-id: AWS_ACCESS_KEY_ID - # aws-region: AWS_DEFAULT_REGION - # family: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - # cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" - # container-image-name-updates: "container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,image-and-tag=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}:${CIRCLE_SHA1}" - # container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=VERSION_INFO,value="${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=BUILD_DATE,value=$(date)' - # deployment-controller: "CODE_DEPLOY" - # codedeploy-application-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeployapp" - # codedeploy-deployment-group-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeploygroup" - # codedeploy-load-balanced-container-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - # codedeploy-load-balanced-container-port: 8080 - # verify-revision-is-deployed: true - # verification-timeout: "12m" - # post-steps: - # - test-deployment: - # service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - # cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" - # delete-load-balancer: true - # - delete-service: - # service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" - # cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" + skip-service-update: true + context: [CPE-OIDC] + - aws-ecs/deploy-service-update: + name: codedeploy_fargate_test-update-service-job + docker-image-for-job: cimg/python:3.10.4 + filters: *filters + requires: + - codedeploy_fargate_test-update-service-command + # aws-access-key-id: AWS_ACCESS_KEY_ID + aws-region: AWS_REGION + family: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" + container-image-name-updates: "container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,image-and-tag=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}:${CIRCLE_SHA1}" + container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=VERSION_INFO,value="${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=BUILD_DATE,value=$(date)' + deployment-controller: "CODE_DEPLOY" + codedeploy-application-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeployapp" + codedeploy-deployment-group-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeploygroup" + codedeploy-load-balanced-container-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + codedeploy-load-balanced-container-port: 8080 + codedeploy-capacity-provider-name: "FARGATE" + codedeploy-capacity-provider-base: "1" + codedeploy-capacity-provider-weight: "2" + verify-revision-is-deployed: false + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + post-steps: + - wait-for-codedeploy-deployment: + application-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeployapp" + deployment-group-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeploygroup" + - test-deployment: + service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" + delete-load-balancer: false + - aws-ecs/deploy-service-update: + name: codedeploy_fargate_test-update-and-wait-service-job + docker-image-for-job: cimg/python:3.10.4 + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + filters: *filters + requires: + - codedeploy_fargate_test-update-service-job + aws-region: AWS_REGION + family: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" + container-image-name-updates: "container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,image-and-tag=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}:${CIRCLE_SHA1}" + container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=VERSION_INFO,value="${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service,name=BUILD_DATE,value=$(date)' + deployment-controller: "CODE_DEPLOY" + codedeploy-application-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeployapp" + codedeploy-deployment-group-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-codedeploygroup" + codedeploy-load-balanced-container-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + codedeploy-load-balanced-container-port: 8080 + verify-revision-is-deployed: true + verification-timeout: "12m" + post-steps: + - test-deployment: + service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" + delete-load-balancer: true + - delete-service: + service-name: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" + cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" - tear-down-test-env: name: codedeploy_fargate_tear-down-test-env - requires: - - codedeploy_fargate_set-up-test-env # requires: - # - codedeploy_fargate_test-update-and-wait-service-job + # - codedeploy_fargate_set-up-test-env + requires: + - codedeploy_fargate_test-update-and-wait-service-job terraform-image: "hashicorp/terraform:1.1.9" aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE} terraform-config-dir: "tests/terraform_setup/fargate_codedeploy" - context: [CPE_ORBS_AWS] + # context: [CPE_ORBS_AWS] + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" filters: *filters # - orb-tools/pack: # filters: *filters diff --git a/src/jobs/deploy-service-update.yml b/src/jobs/deploy-service-update.yml index b65e01b2..7033e84a 100644 --- a/src/jobs/deploy-service-update.yml +++ b/src/jobs/deploy-service-update.yml @@ -21,11 +21,25 @@ parameters: aws-region: description: AWS region to operate in. Set this to the name of the environment variable you will use to hold this value, i.e. AWS_DEFAULT_REGION. type: env_var_name - default: AWS_DEFAULT_REGION + default: AWS_REGION profile-name: description: AWS profile name to be configured. type: string default: '' + role-arn: + description: | + The Amazon Resource Name (ARN) of the role that the caller is assuming. + Role ARN must be configured for web identity. + type: string + default: "" + role-session-name: + description: An identifier for the assumed role session + type: string + default: ${CIRCLE_JOB} + session-duration: + description: The duration of the session in seconds + type: string + default: "3600" family: description: Name of the task definition's family. type: string @@ -235,11 +249,23 @@ parameters: default: '' steps: - - aws-cli/setup: - aws-access-key-id: << parameters.aws-access-key-id >> - aws-secret-access-key: << parameters.aws-secret-access-key >> - aws-region: << parameters.aws-region >> - profile-name: << parameters.profile-name >> + - when: + condition: <> + steps: + - aws-cli/setup: + role-arn: <> + profile-name: <> + session-duration: <> + aws-region: <> + role-session-name: <> + - unless: + condition: <> + steps: + - aws-cli/setup: + aws-access-key-id: << parameters.aws-access-key-id >> + aws-secret-access-key: << parameters.aws-secret-access-key >> + aws-region: << parameters.aws-region >> + profile-name: << parameters.profile-name >> - update-service: family: << parameters.family >> cluster: << parameters.cluster >> From 0e39281a323b6e9cd1108e925fec2b6467835cc2 Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Tue, 30 Aug 2022 12:29:11 -0700 Subject: [PATCH 08/16] feat: enabled oidc for all tests --- .circleci/test-deploy.yml | 368 ++++++++++++++++++++------------------ 1 file changed, 189 insertions(+), 179 deletions(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index ccdfe189..fff06085 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -404,194 +404,208 @@ workflows: test-deploy: jobs: # Make sure to include "filters: *filters" in every test job you want to run as part of your deployment. - # - integration-test-ecs-cli-install: - # version: "v1.9.0" - # matrix: - # parameters: - # executor: [linux, mac] - # filters: *filters + - integration-test-ecs-cli-install: + version: "v1.9.0" + matrix: + parameters: + executor: [linux, mac] + filters: *filters ################# # Fargate ################# - # - build-test-app: - # name: fargate_build-test-app - # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" - # docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}:${CIRCLE_SHA1}" - # context: [CPE_ORBS_AWS] - # filters: *filters - # - set-up-test-env: - # name: fargate_set-up-test-env - # filters: *filters - # requires: - # - fargate_build-test-app - # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_FARGATE} - # terraform-config-dir: "tests/terraform_setup/fargate" - # context: [CPE_ORBS_AWS] - # - test-service-update: - # name: fargate_test-update-service-command - # filters: *filters - # requires: - # - fargate_set-up-test-env - # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_FARGATE} - # family-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" - # service-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" - # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" - # docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}:${CIRCLE_SHA1}" - # context: [CPE_ORBS_AWS] - # - aws-ecs/deploy-service-update: - # name: fargate_test-update-service-job - # docker-image-for-job: cimg/python:3.10.4 - # filters: *filters - # requires: - # - fargate_test-update-service-command - # aws-access-key-id: AWS_ACCESS_KEY_ID - # aws-region: AWS_REGION - # profile-name: "ECS_TEST_PROFILE" - # family: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" - # cluster: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-cluster" - # container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service,name=VERSION_INFO,value="${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service,name=BUILD_DATE,value=$(date)' - # # test the force-new-deployment flag - # force-new-deployment: true - # verify-revision-is-deployed: true - # max-poll-attempts: 40 - # poll-interval: 10 - # context: [CPE_ORBS_AWS] - # post-steps: - # - test-deployment: - # service-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" - # cluster: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-cluster" - # - aws-ecs/deploy-service-update: - # name: fargate_test-update-service-skip-registration - # docker-image-for-job: cimg/python:3.10.4 - # filters: *filters - # requires: - # - fargate_test-update-service-job - # aws-access-key-id: AWS_ACCESS_KEY_ID - # aws-region: AWS_REGION - # profile-name: "ECS_TEST_PROFILE" - # family: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" - # cluster: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-cluster" - # # test skipping registration of a new task definition - # skip-task-definition-registration: true - # # test the enable-circuit-breaker flag - # enable-circuit-breaker: true - # verify-revision-is-deployed: true - # max-poll-attempts: 40 - # poll-interval: 10 - # context: [CPE_ORBS_AWS] - # - tear-down-test-env: - # name: fargate_tear-down-test-env - # filters: *filters - # requires: - # - fargate_test-update-service-skip-registration - # - test-fargatespot - # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_FARGATE} - # terraform-config-dir: "tests/terraform_setup/fargate" - # context: [CPE_ORBS_AWS] + - build-test-app: + name: fargate_build-test-app + docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" + docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}:${CIRCLE_SHA1}" + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + filters: *filters + - set-up-test-env: + name: fargate_set-up-test-env + filters: *filters + requires: + - fargate_build-test-app + aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_FARGATE} + terraform-config-dir: "tests/terraform_setup/fargate" + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + - test-service-update: + name: fargate_test-update-service-command + filters: *filters + requires: + - fargate_set-up-test-env + aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_FARGATE} + family-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" + service-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" + docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" + docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}:${CIRCLE_SHA1}" + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + - aws-ecs/deploy-service-update: + name: fargate_test-update-service-job + docker-image-for-job: cimg/python:3.10.4 + filters: *filters + requires: + - fargate_test-update-service-command + aws-access-key-id: AWS_ACCESS_KEY_ID + aws-region: AWS_REGION + profile-name: "ECS_TEST_PROFILE" + family: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" + cluster: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-cluster" + container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service,name=VERSION_INFO,value="${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service,name=BUILD_DATE,value=$(date)' + # test the force-new-deployment flag + force-new-deployment: true + verify-revision-is-deployed: true + max-poll-attempts: 40 + poll-interval: 10 + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + post-steps: + - test-deployment: + service-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" + cluster: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-cluster" + - aws-ecs/deploy-service-update: + name: fargate_test-update-service-skip-registration + docker-image-for-job: cimg/python:3.10.4 + filters: *filters + requires: + - fargate_test-update-service-job + aws-access-key-id: AWS_ACCESS_KEY_ID + aws-region: AWS_REGION + profile-name: "ECS_TEST_PROFILE" + family: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-service" + cluster: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}-cluster" + # test skipping registration of a new task definition + skip-task-definition-registration: true + # test the enable-circuit-breaker flag + enable-circuit-breaker: true + verify-revision-is-deployed: true + max-poll-attempts: 40 + poll-interval: 10 + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + - tear-down-test-env: + name: fargate_tear-down-test-env + filters: *filters + requires: + - fargate_test-update-service-skip-registration + - test-fargatespot + aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_FARGATE} + terraform-config-dir: "tests/terraform_setup/fargate" + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" ################# # EC2 ################# - # - build-test-app: - # name: ec2_build-test-app - # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" - # docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}:${CIRCLE_SHA1}" - # context: [CPE_ORBS_AWS] - # filters: *filters - # - set-up-test-env: - # name: ec2_set-up-test-env - # filters: *filters - # requires: - # - ec2_build-test-app - # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_EC2} - # terraform-config-dir: "tests/terraform_setup/ec2" - # context: [CPE_ORBS_AWS] - # - set-up-run-task-test: - # name: ec2_set-up-run-task-test - # filters: *filters - # requires: - # - ec2_set-up-test-env - # family-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-sleep360" - # context: [CPE_ORBS_AWS] - # - aws-ecs/run-task: - # name: ec2_run-task-test - # filters: *filters - # requires: - # - ec2_set-up-run-task-test - # cluster: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster" - # aws-region: AWS_REGION - # task-definition: "${AWS_RESOURCE_NAME_PREFIX_EC2}-sleep360" - # launch-type: "EC2" - # awsvpc: false - # run-task-output: "run-task-output.json" - # overrides: '{"containerOverrides":[{"name": "${INTERPOLATION_TEST}", "memory": 512}]}' - # context: [CPE_ORBS_AWS] - # - tear-down-run-task-test: - # name: ec2_tear-down-run-task-test - # filters: *filters - # requires: - # - ec2_run-task-test - # family-name: ${AWS_RESOURCE_NAME_PREFIX_EC2}-sleep360 - # context: [CPE_ORBS_AWS] - - # - test-service-update: - # name: ec2_test-update-service-command - # filters: *filters - # requires: - # - ec2_set-up-test-env - # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_EC2} - # family-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-family" - # service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service" - # docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" - # docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}:${CIRCLE_SHA1}" - # context: [CPE_ORBS_AWS] - # - test-task-definition-update: - # name: ec2_test-task-definition-update - # family-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-family" - # context: [CPE_ORBS_AWS] - # filters: *filters - # requires: - # - ec2_test-update-service-command - # - aws-ecs/deploy-service-update: - # name: ec2_test-update-service-job - # docker-image-for-job: cimg/python:3.10.4 - # context: [CPE_ORBS_AWS] - # filters: *filters - # requires: - # - ec2_test-task-definition-update - # aws-access-key-id: AWS_ACCESS_KEY_ID - # aws-region: AWS_REGION - # family: "${AWS_RESOURCE_NAME_PREFIX_EC2}-family" - # service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service" - # cluster: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster" - # container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_EC2}-service,name=VERSION_INFO,value="Asterisk * expansion test ${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_EC2}-service,name=BUILD_DATE,value=$(date)' - # verify-revision-is-deployed: true - # fail-on-verification-timeout: false - # post-steps: - # - test-deployment: - # service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service" - # cluster: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster" - # test-asterisk-expansion: true + - build-test-app: + name: ec2_build-test-app + docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" + docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}:${CIRCLE_SHA1}" + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + filters: *filters + - set-up-test-env: + name: ec2_set-up-test-env + filters: *filters + requires: + - ec2_build-test-app + aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_EC2} + terraform-config-dir: "tests/terraform_setup/ec2" + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + - set-up-run-task-test: + name: ec2_set-up-run-task-test + filters: *filters + requires: + - ec2_set-up-test-env + family-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-sleep360" + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + - aws-ecs/run-task: + name: ec2_run-task-test + filters: *filters + requires: + - ec2_set-up-run-task-test + cluster: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster" + aws-region: AWS_REGION + task-definition: "${AWS_RESOURCE_NAME_PREFIX_EC2}-sleep360" + launch-type: "EC2" + awsvpc: false + run-task-output: "run-task-output.json" + overrides: '{"containerOverrides":[{"name": "${INTERPOLATION_TEST}", "memory": 512}]}' + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + - tear-down-run-task-test: + name: ec2_tear-down-run-task-test + filters: *filters + requires: + - ec2_run-task-test + family-name: ${AWS_RESOURCE_NAME_PREFIX_EC2}-sleep360 + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + - test-service-update: + name: ec2_test-update-service-command + filters: *filters + requires: + - ec2_set-up-test-env + aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_EC2} + family-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-family" + service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service" + docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" + docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}:${CIRCLE_SHA1}" + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + - test-task-definition-update: + name: ec2_test-task-definition-update + family-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-family" + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + filters: *filters + requires: + - ec2_test-update-service-command + - aws-ecs/deploy-service-update: + name: ec2_test-update-service-job + docker-image-for-job: cimg/python:3.10.4 + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" + filters: *filters + requires: + - ec2_test-task-definition-update + aws-access-key-id: AWS_ACCESS_KEY_ID + aws-region: AWS_REGION + family: "${AWS_RESOURCE_NAME_PREFIX_EC2}-family" + service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service" + cluster: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster" + container-env-var-updates: 'container=${AWS_RESOURCE_NAME_PREFIX_EC2}-service,name=VERSION_INFO,value="Asterisk * expansion test ${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}",container=${AWS_RESOURCE_NAME_PREFIX_EC2}-service,name=BUILD_DATE,value=$(date)' + verify-revision-is-deployed: true + fail-on-verification-timeout: false + post-steps: + - test-deployment: + service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service" + cluster: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster" + test-asterisk-expansion: true - # - tear-down-test-env: - # name: ec2_tear-down-test-env - # filters: *filters - # requires: - # - ec2_test-update-service-job - # - ec2_tear-down-run-task-test - # aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_EC2} - # terraform-config-dir: "tests/terraform_setup/ec2" - # context: [CPE_ORBS_AWS] + - tear-down-test-env: + name: ec2_tear-down-test-env + filters: *filters + requires: + - ec2_test-update-service-job + - ec2_tear-down-run-task-test + aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_EC2} + terraform-config-dir: "tests/terraform_setup/ec2" + context: [CPE-OIDC] + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" # ################# # # FargateSpot # ################# - # - test-fargatespot: - # context: [CPE_ORBS_AWS] - # filters: *filters - # requires: - # - fargate_set-up-test-env + - test-fargatespot: + context: [CPE-OIDC] + filters: *filters + requires: + - fargate_set-up-test-env ################# # CodeDeploy @@ -631,7 +645,6 @@ workflows: filters: *filters requires: - codedeploy_fargate_test-update-service-command - # aws-access-key-id: AWS_ACCESS_KEY_ID aws-region: AWS_REGION family: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-service" cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" @@ -686,14 +699,11 @@ workflows: cluster: "${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE}-cluster" - tear-down-test-env: name: codedeploy_fargate_tear-down-test-env - # requires: - # - codedeploy_fargate_set-up-test-env requires: - codedeploy_fargate_test-update-and-wait-service-job terraform-image: "hashicorp/terraform:1.1.9" aws-resource-name-prefix: ${AWS_RESOURCE_NAME_PREFIX_CODEDEPLOY_FARGATE} terraform-config-dir: "tests/terraform_setup/fargate_codedeploy" - # context: [CPE_ORBS_AWS] context: [CPE-OIDC] role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" filters: *filters From 6055f516e2f74357fa570afdf236f2f257e1d0eb Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Tue, 30 Aug 2022 12:42:49 -0700 Subject: [PATCH 09/16] fix: removed unnecessary comments --- .circleci/test-deploy.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index fff06085..2bb6f47c 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -418,7 +418,6 @@ workflows: docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_FARGATE}:${CIRCLE_SHA1}" context: [CPE-OIDC] - role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" filters: *filters - set-up-test-env: name: fargate_set-up-test-env @@ -503,7 +502,6 @@ workflows: docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" docker-image-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}:${CIRCLE_SHA1}" context: [CPE-OIDC] - role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" filters: *filters - set-up-test-env: name: ec2_set-up-test-env From 50c319d510e5bc7607ad8bcac4de1feb89b32066 Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Tue, 30 Aug 2022 12:58:31 -0700 Subject: [PATCH 10/16] fix: added role-arn parameters to test jobs --- .circleci/test-deploy.yml | 39 +++++++++++++++++++++++++++++++++++---- 1 file changed, 35 insertions(+), 4 deletions(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 2bb6f47c..eca8c9f3 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -36,8 +36,17 @@ jobs: test-fargatespot: docker: - image: cimg/base:stable + parameters: + profile-name: + type: string + default: 'default' + role-arn: + type: string + default: '' steps: - - aws-cli/setup + - aws-cli/setup: + profile-name: << parameters.profile-name >> + role-arn: << parameters.role-arn >> - jq/install - run: name: Get cluster info @@ -255,10 +264,17 @@ jobs: family-name: description: "Family name" type: string + profile-name: + type: string + default: 'default' + role-arn: + type: string + default: '' steps: - checkout - aws-cli/setup: - aws-access-key-id: AWS_ACCESS_KEY_ID + profile-name: << parameters.profile-name >> + role-arn: << parameters.role-arn >> aws-region: AWS_REGION - run: name: Get existing task definition @@ -280,10 +296,18 @@ jobs: family-name: description: "Family name" type: string + profile-name: + description: "The profile name to use for AWS credentials" + type: string + default: "default" + role-arn: + type: string + default: '' steps: - checkout - aws-cli/setup: - aws-access-key-id: AWS_ACCESS_KEY_ID + role-arn: << parameters.role-arn >> + profile-name: << parameters.profile-name >> aws-region: AWS_REGION - run: name: Register task definition @@ -299,10 +323,17 @@ jobs: family-name: description: "Family name" type: string + profile-name: + type: string + default: 'default' + role-arn: + type: string + default: '' steps: - checkout - aws-cli/setup: - aws-access-key-id: AWS_ACCESS_KEY_ID + profile-name: << parameters.profile-name >> + role-arn: << parameters.role-arn >> aws-region: AWS_REGION - run: name: Deregister task definition From 3f54a597cfa9a2d633e7b68db4fd96aa8b7f1848 Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Tue, 30 Aug 2022 13:03:36 -0700 Subject: [PATCH 11/16] fix: added necessary oidc parameters to jobs --- src/jobs/run-task.yml | 38 ++++++++++++++++--- src/jobs/update-task-definition-from-json.yml | 38 ++++++++++++++++--- src/jobs/update-task-definition.yml | 38 ++++++++++++++++--- 3 files changed, 96 insertions(+), 18 deletions(-) diff --git a/src/jobs/run-task.yml b/src/jobs/run-task.yml index 3a87c9ec..395f43ac 100755 --- a/src/jobs/run-task.yml +++ b/src/jobs/run-task.yml @@ -21,11 +21,25 @@ parameters: aws-region: description: AWS region to operate in. Set this to the name of the environment variable you will use to hold this value, i.e. AWS_DEFAULT_REGION. type: env_var_name - default: AWS_DEFAULT_REGION + default: AWS_REGION profile-name: description: AWS profile name to be configured. type: string default: '' + role-arn: + description: | + The Amazon Resource Name (ARN) of the role that the caller is assuming. + Role ARN must be configured for web identity. + type: string + default: "" + role-session-name: + description: An identifier for the assumed role session + type: string + default: ${CIRCLE_JOB} + session-duration: + description: The duration of the session in seconds + type: string + default: "3600" cluster: description: The name or ARN of the cluster on which to run the task. type: string @@ -155,11 +169,23 @@ parameters: type: string default: '' steps: - - aws-cli/setup: - aws-access-key-id: << parameters.aws-access-key-id >> - aws-secret-access-key: << parameters.aws-secret-access-key >> - aws-region: << parameters.aws-region >> - profile-name: << parameters.profile-name >> + - when: + condition: <> + steps: + - aws-cli/setup: + role-arn: <> + profile-name: <> + session-duration: <> + aws-region: <> + role-session-name: <> + - unless: + condition: <> + steps: + - aws-cli/setup: + aws-access-key-id: << parameters.aws-access-key-id >> + aws-secret-access-key: << parameters.aws-secret-access-key >> + aws-region: << parameters.aws-region >> + profile-name: << parameters.profile-name >> - run-task: cluster: << parameters.cluster >> task-definition: << parameters.task-definition >> diff --git a/src/jobs/update-task-definition-from-json.yml b/src/jobs/update-task-definition-from-json.yml index db418c29..44e93c8f 100644 --- a/src/jobs/update-task-definition-from-json.yml +++ b/src/jobs/update-task-definition-from-json.yml @@ -20,7 +20,21 @@ parameters: aws-region: description: AWS region to operate in. Set this to the name of the environment variable you will use to hold this value, i.e. AWS_DEFAULT_REGION. type: env_var_name - default: AWS_DEFAULT_REGION + default: AWS_REGION + role-arn: + description: | + The Amazon Resource Name (ARN) of the role that the caller is assuming. + Role ARN must be configured for web identity. + type: string + default: "" + role-session-name: + description: An identifier for the assumed role session + type: string + default: ${CIRCLE_JOB} + session-duration: + description: The duration of the session in seconds + type: string + default: "3600" profile-name: description: AWS profile name to be configured. type: string @@ -38,11 +52,23 @@ parameters: description: The name of the scheduled task's rule to update. Must be a valid ECS Rule. type: string steps: - - aws-cli/setup: - aws-access-key-id: << parameters.aws-access-key-id >> - aws-secret-access-key: << parameters.aws-secret-access-key >> - aws-region: << parameters.aws-region >> - profile-name: << parameters.profile-name >> + - when: + condition: <> + steps: + - aws-cli/setup: + role-arn: <> + profile-name: <> + session-duration: <> + aws-region: <> + role-session-name: <> + - unless: + condition: <> + steps: + - aws-cli/setup: + aws-access-key-id: << parameters.aws-access-key-id >> + aws-secret-access-key: << parameters.aws-secret-access-key >> + aws-region: << parameters.aws-region >> + profile-name: << parameters.profile-name >> - update-task-definition-from-json: task-definition-json: << parameters.task-definition-json >> profile-name: << parameters.profile-name >> diff --git a/src/jobs/update-task-definition.yml b/src/jobs/update-task-definition.yml index 5a1b1375..90dd0123 100644 --- a/src/jobs/update-task-definition.yml +++ b/src/jobs/update-task-definition.yml @@ -21,7 +21,21 @@ parameters: aws-region: description: AWS region to operate in. Set this to the name of the environment variable you will use to hold this value, i.e. AWS_DEFAULT_REGION. type: env_var_name - default: AWS_DEFAULT_REGION + default: AWS_REGION + role-arn: + description: | + The Amazon Resource Name (ARN) of the role that the caller is assuming. + Role ARN must be configured for web identity. + type: string + default: "" + role-session-name: + description: An identifier for the assumed role session + type: string + default: ${CIRCLE_JOB} + session-duration: + description: The duration of the session in seconds + type: string + default: "3600" profile-name: description: AWS profile name to be configured. type: string @@ -98,11 +112,23 @@ parameters: description: The name of the scheduled task's rule to update. Must be a valid ECS Rule. type: string steps: - - aws-cli/setup: - aws-access-key-id: << parameters.aws-access-key-id >> - aws-secret-access-key: << parameters.aws-secret-access-key >> - aws-region: << parameters.aws-region >> - profile-name: << parameters.profile-name >> + - when: + condition: <> + steps: + - aws-cli/setup: + role-arn: <> + profile-name: <> + session-duration: <> + aws-region: <> + role-session-name: <> + - unless: + condition: <> + steps: + - aws-cli/setup: + aws-access-key-id: << parameters.aws-access-key-id >> + aws-secret-access-key: << parameters.aws-secret-access-key >> + aws-region: << parameters.aws-region >> + profile-name: << parameters.profile-name >> - update-task-definition: family: << parameters.family >> container-image-name-updates: << parameters.container-image-name-updates >> From 28c6e719622a52ea4620acd329064ecd7fe67227 Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Tue, 30 Aug 2022 13:05:21 -0700 Subject: [PATCH 12/16] fix: addressed linting errors --- src/jobs/update-task-definition-from-json.yml | 2 +- src/jobs/update-task-definition.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/jobs/update-task-definition-from-json.yml b/src/jobs/update-task-definition-from-json.yml index 44e93c8f..a53e103c 100644 --- a/src/jobs/update-task-definition-from-json.yml +++ b/src/jobs/update-task-definition-from-json.yml @@ -34,7 +34,7 @@ parameters: session-duration: description: The duration of the session in seconds type: string - default: "3600" + default: "3600" profile-name: description: AWS profile name to be configured. type: string diff --git a/src/jobs/update-task-definition.yml b/src/jobs/update-task-definition.yml index 90dd0123..ebc517a4 100644 --- a/src/jobs/update-task-definition.yml +++ b/src/jobs/update-task-definition.yml @@ -35,7 +35,7 @@ parameters: session-duration: description: The duration of the session in seconds type: string - default: "3600" + default: "3600" profile-name: description: AWS profile name to be configured. type: string From 7556cab5390a88f014e5a2433bcbc78fb5a2f463 Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Tue, 30 Aug 2022 13:12:38 -0700 Subject: [PATCH 13/16] fix: added session token variables to terraform --- .circleci/test-deploy.yml | 65 +++++++++++----------- tests/terraform_setup/ec2/terraform.tf | 1 + tests/terraform_setup/ec2/variables.tf | 3 +- tests/terraform_setup/fargate/terraform.tf | 1 + tests/terraform_setup/fargate/variables.tf | 3 +- 5 files changed, 37 insertions(+), 36 deletions(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index eca8c9f3..4e5c323a 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -42,7 +42,7 @@ jobs: default: 'default' role-arn: type: string - default: '' + default: '' steps: - aws-cli/setup: profile-name: << parameters.profile-name >> @@ -397,13 +397,10 @@ jobs: -var "aws_account_id=${AWS_ACCOUNT_ID}" \ -var "aws_resource_prefix=<< parameters.aws-resource-name-prefix >>" > /dev/null; echo $?)" -ne 0 ]; then - echo "Retrying terraform destroy" - terraform destroy \ - -input=false \ - -auto-approve \ + terraform destroy -input=false -auto-approve \ -var "aws_access_key=${AWS_ACCESS_KEY_ID}" \ - -var "aws_secret_key=${AWS_SECRET_ACCESS_KEY}" \ + -var "aws_secret_key=${AWS_SECRET_ACCESS_KEY}" \ -var "aws_region=${AWS_DEFAULT_REGION}" \ -var "aws_account_id=${AWS_ACCOUNT_ID}" \ -var "aws_resource_prefix=<< parameters.aws-resource-name-prefix >>" @@ -441,9 +438,9 @@ workflows: parameters: executor: [linux, mac] filters: *filters - ################# - # Fargate - ################# + # ################# + # # Fargate + # ################# - build-test-app: name: fargate_build-test-app docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" @@ -525,9 +522,9 @@ workflows: context: [CPE-OIDC] role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" - ################# - # EC2 - ################# + # ################# + # # EC2 + # ################# - build-test-app: name: ec2_build-test-app docker-image-namespace: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" @@ -614,7 +611,6 @@ workflows: service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service" cluster: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster" test-asterisk-expansion: true - - tear-down-test-env: name: ec2_tear-down-test-env filters: *filters @@ -626,13 +622,14 @@ workflows: context: [CPE-OIDC] role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" - # ################# - # # FargateSpot - # ################# + ################# + # FargateSpot + ################# - test-fargatespot: context: [CPE-OIDC] filters: *filters + role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" requires: - fargate_set-up-test-env @@ -736,24 +733,24 @@ workflows: context: [CPE-OIDC] role-arn: "arn:aws:iam::122211685980:role/CPE_ECS_OIDC_TEST" filters: *filters - # - orb-tools/pack: - # filters: *filters - # - orb-tools/publish: - # orb-name: circleci/aws-ecs - # vcs-type: << pipeline.project.type >> - # pub-type: production - # requires: - # - orb-tools/pack - # - ec2_tear-down-test-env - # - fargate_tear-down-test-env - # - codedeploy_fargate_tear-down-test-env - # - integration-test-ecs-cli-install - # context: orb-publisher - # filters: - # branches: - # ignore: /.*/ - # tags: - # only: /^v[0-9]+\.[0-9]+\.[0-9]+$/ + - orb-tools/pack: + filters: *filters + - orb-tools/publish: + orb-name: circleci/aws-ecs + vcs-type: << pipeline.project.type >> + pub-type: production + requires: + - orb-tools/pack + - ec2_tear-down-test-env + - fargate_tear-down-test-env + - codedeploy_fargate_tear-down-test-env + - integration-test-ecs-cli-install + context: orb-publisher + filters: + branches: + ignore: /.*/ + tags: + only: /^v[0-9]+\.[0-9]+\.[0-9]+$/ commands: wait-for-codedeploy-deployment: description: "Wait for the CodeDeploy deployment to be successful" diff --git a/tests/terraform_setup/ec2/terraform.tf b/tests/terraform_setup/ec2/terraform.tf index 38bceae4..b35d60ac 100644 --- a/tests/terraform_setup/ec2/terraform.tf +++ b/tests/terraform_setup/ec2/terraform.tf @@ -16,6 +16,7 @@ terraform { provider "aws" { access_key = var.aws_access_key secret_key = var.aws_secret_key + token = var.aws_session_token region = var.aws_region } diff --git a/tests/terraform_setup/ec2/variables.tf b/tests/terraform_setup/ec2/variables.tf index ac4bb689..cfc8a18f 100644 --- a/tests/terraform_setup/ec2/variables.tf +++ b/tests/terraform_setup/ec2/variables.tf @@ -1,9 +1,10 @@ variable "aws_access_key" {} variable "aws_secret_key" {} variable "aws_account_id" {} +variable "aws_session_token" {} variable "aws_region" { description = "AWS region e.g. us-east-1" } variable "aws_resource_prefix" { description = "Prefix to be used in the naming of the created AWS resources e.g. ecs-ec2" -} \ No newline at end of file +} diff --git a/tests/terraform_setup/fargate/terraform.tf b/tests/terraform_setup/fargate/terraform.tf index 0235fef9..d18e082f 100644 --- a/tests/terraform_setup/fargate/terraform.tf +++ b/tests/terraform_setup/fargate/terraform.tf @@ -16,6 +16,7 @@ terraform { provider "aws" { access_key = var.aws_access_key secret_key = var.aws_secret_key + token = var.aws_session_token region = var.aws_region } diff --git a/tests/terraform_setup/fargate/variables.tf b/tests/terraform_setup/fargate/variables.tf index ee712217..df711d0e 100644 --- a/tests/terraform_setup/fargate/variables.tf +++ b/tests/terraform_setup/fargate/variables.tf @@ -1,9 +1,10 @@ variable "aws_access_key" {} variable "aws_secret_key" {} variable "aws_account_id" {} +variable "aws_session_token" {} variable "aws_region" { description = "AWS region e.g. us-east-1 (Please specify a region supported by the Fargate launch type)" } variable "aws_resource_prefix" { description = "Prefix to be used in the naming of the created AWS resources e.g. ecs-fargate" -} \ No newline at end of file +} From 8c28d4478f5eccb57e688951d0ee36e82c28a80b Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Wed, 31 Aug 2022 00:20:59 -0700 Subject: [PATCH 14/16] docs: updated README and usage examples --- README.MD | 41 ++++--------------- src/examples/deploy-ecs-scheduled-task.yml | 29 +++++++++++++ src/examples/deploy-service-update.yml | 6 +-- src/examples/run-task-ec2.yml | 4 +- src/examples/run-task-fargate-spot.yml | 4 +- src/examples/run-task-fargate.yml | 4 +- src/examples/update-service.yml | 19 +++++---- .../update-task-definition-from-json.yml | 21 ++++++---- src/examples/verify-revision-deplopyment.yml | 19 +++++---- 9 files changed, 81 insertions(+), 66 deletions(-) create mode 100644 src/examples/deploy-ecs-scheduled-task.yml diff --git a/README.MD b/README.MD index e1a0617a..001aec62 100644 --- a/README.MD +++ b/README.MD @@ -1,52 +1,25 @@ -# AWS ECS Orb for CircleCI +# AWS ECS Orb -[![CircleCI Build Status](https://circleci.com/gh/CircleCI-Public/aws-ecs-orb.svg?style=shield "CircleCI Build Status")](https://circleci.com/gh/CircleCI-Public/aws-ecs-orb) [![CircleCI Orb Version](https://img.shields.io/badge/endpoint.svg?url=https://badges.circleci.io/orb/circleci/aws-ecs)](https://circleci.com/orbs/registry/orb/circleci/aws-ecs) [![GitHub License](https://img.shields.io/badge/license-MIT-lightgrey.svg)](https://raw.githubusercontent.com/CircleCI-Public/aws-ecs-orb/master/LICENSE) [![CircleCI Community](https://img.shields.io/badge/community-CircleCI%20Discuss-343434.svg)](https://discuss.circleci.com/c/ecosystem/orbs) +[![CircleCI Build Status](https://circleci.com/gh/CircleCI-Public/aws-ecs-orb.svg?style=shield "CircleCI Build Status")](https://circleci.com/gh/CircleCI-Public/aws-ecs-orb) [![CircleCI Orb Version](https://img.shields.io/badge/endpoint.svg?url=https://badges.circleci.io/orb/circleci/aws-ecs)](https://circleci.com/orbs/registry/orb/circleci/aws-ecs) [![GitHub License](https://img.shields.io/badge/license-MIT-blue.svg)](https://raw.githubusercontent.com/CircleCI-Public/aws-ecs-orb/master/LICENSE) [![CircleCI Community](https://img.shields.io/badge/community-CircleCI%20Discuss-343434.svg)](https://discuss.circleci.com/c/ecosystem/orbs) A CircleCI Orb to simplify deployments to Amazon Elastic Container Service (ECS). Supports EC2 and Fargate launch type deployments. -## Features - -This orb allows convenient updating of ECS services when only the Docker -image name/tag and/or environment variables in a service's container definitions need to be updated. -A sample project that demonstrates using the orb is available on this GitHub repository branch: https://github.com/CircleCI-Public/circleci-demo-aws-ecs-ecr - ## Resources [CircleCI Orb Registry Page](https://circleci.com/orbs/registry/orb/circleci/aws-ecs) - The official registry page of this orb for all versions, executors, commands, and jobs described. -[CircleCI Orb Docs](https://circleci.com/docs/2.0/orb-intro/#section=configuration) - Docs for using and creating CircleCI Orbs. - -## Usage - -See the [orb registry listing](https://circleci.com/orbs/registry/orb/circleci/aws-ecs) for usage guidelines. -## Requirements -- `python` should be available in `PATH`. Supported versions are Python 2 version 2.7.1 and above and Python 3 version 3.4.9 and above. -- The `aws` CLI should be available in `PATH`. Otherwise, `pip` is required to be available as the job will then attempt to install `aws` via `pip`. The default profile of `aws` will be used. -- `bash` to be present in `/bin/bash`. Otherwise, `/bin/sh` will be used, but the orb has not been tested for compatibility with other shells. - -## How to Contribute +[CircleCI Orb Docs](https://circleci.com/docs/2.0/orb-intro/#section=configuration) - Docs for using and creating CircleCI Orbs. -We welcome [issues](https://github.com/CircleCI-Public/aws-ecs-orb/issues) to and [pull requests](https://github.com/CircleCI-Public/aws-ecs-orb/pulls) against this repository! +### Examples -For internal contributors, please view the development docs: [here](https://github.com/CircleCI-Public/aws-ecs-orb/tree/master/dev-docs) +Please visit the [orb registry listing](https://circleci.com/orbs/registry/orb/circleci/aws-ecs) for usage examples and guidelines. -### How to Publish -* Create and push a branch with your new features. -* When ready to publish a new production version, create a Pull Request from fore _feature branch_ to `master`. -* The title of the pull request must contain a special semver tag: `[semver:]` where `` is replaced by one of the following values. -| Increment | Description| -| ----------| -----------| -| major | Issue a 1.0.0 incremented release| -| minor | Issue a x.1.0 incremented release| -| patch | Issue a x.x.1 incremented release| -| skip | Do not issue a release| -Example: `[semver:major]` +### How to Contribute -* Squash and merge. Ensure the semver tag is preserved and entered as a part of the commit message. -* On merge, after manual approval, the orb will automatically be published to the Orb Registry. +We welcome [issues](https://github.com/CircleCI-Public/aws-ecs-orb/issues) to and [pull requests](https://github.com/CircleCI-Public/aws-ecs-orb/pulls) against this repository! For further questions/comments about this or other orbs, visit the Orb Category of [CircleCI Discuss](https://discuss.circleci.com/c/orbs). diff --git a/src/examples/deploy-ecs-scheduled-task.yml b/src/examples/deploy-ecs-scheduled-task.yml new file mode 100644 index 00000000..78f5691b --- /dev/null +++ b/src/examples/deploy-ecs-scheduled-task.yml @@ -0,0 +1,29 @@ +description: | + Use the AWS CLI and this orb to deploy an ECS Scheduled Task Rule after updating a task definition. + The update-task-definition or update-task-definition-from-json command must be run first. +usage: + version: 2.1 + orbs: + aws-cli: circleci/aws-cli@3.1 + aws-ecs: circleci/aws-ecs@3.2 + jobs: + deploy-scheduled-task: + docker: + - image: cimg/python:3.10 + steps: + - aws-cli/setup: + # This example uses CircleCI's OpenID Connect Token to generate temporary AWS keys + role-arn: "arn:aws:iam::123456789012:role/OIDC_ARN" + aws-region: AWS_REGION + profile-name: "OIDC-PROFILE" + session-duration: 3600 + role-session-name: "example-session-name" + - aws-ecs/update-task-definition-from-json: + task-definition-json: my-app-definition.json + - aws-ecs/deploy-ecs-scheduled-task: + rule-name: "example-rule" + workflows: + deploy: + jobs: + - deploy-scheduled-task: + context: [CircleCI_OIDC_Token] diff --git a/src/examples/deploy-service-update.yml b/src/examples/deploy-service-update.yml index 7af08c66..1c08d27f 100644 --- a/src/examples/deploy-service-update.yml +++ b/src/examples/deploy-service-update.yml @@ -2,13 +2,13 @@ description: Update an ECS service. usage: version: 2.1 orbs: - aws-ecr: circleci/aws-ecr@6.15 - aws-ecs: circleci/aws-ecs@2.0.0 + aws-ecr: circleci/aws-ecr@8.1 + aws-ecs: circleci/aws-ecs@3.2 workflows: build-and-deploy: jobs: - aws-ecr/build-and-push-image: - account-url: AWS_ECR_ACCOUNT_URL + registry-id: AWS_ECR_REGISTRY_ID repo: '${MY_APP_PREFIX}' region: AWS_REGION tag: '${CIRCLE_SHA1}' diff --git a/src/examples/run-task-ec2.yml b/src/examples/run-task-ec2.yml index 97112aff..f7b49885 100644 --- a/src/examples/run-task-ec2.yml +++ b/src/examples/run-task-ec2.yml @@ -2,11 +2,11 @@ description: Start the run of an ECS task on EC2. usage: version: 2.1 orbs: - aws-ecs: circleci/aws-ecs@2.0 + aws-ecs: circleci/aws-ecs@3.2 jobs: run-task: docker: - - image: cimg/python:3.9.1 + - image: cimg/python:3.10 steps: - aws-ecs/run-task: cluster: cluster1 diff --git a/src/examples/run-task-fargate-spot.yml b/src/examples/run-task-fargate-spot.yml index bf059e33..4c48a498 100644 --- a/src/examples/run-task-fargate-spot.yml +++ b/src/examples/run-task-fargate-spot.yml @@ -5,11 +5,11 @@ description: > usage: version: 2.1 orbs: - aws-ecs: circleci/aws-ecs@2.0 + aws-ecs: circleci/aws-ecs@3.2 jobs: run-task: docker: - - image: cimg/python:3.9.1 + - image: cimg/python:3.10 steps: - aws-ecs/run-task: cluster: $CLUSTER_NAME diff --git a/src/examples/run-task-fargate.yml b/src/examples/run-task-fargate.yml index 451db5d2..d8628026 100644 --- a/src/examples/run-task-fargate.yml +++ b/src/examples/run-task-fargate.yml @@ -2,11 +2,11 @@ description: Start the run of an ECS task on Fargate. usage: version: 2.1 orbs: - aws-ecs: circleci/aws-ecs@2.0 + aws-ecs: circleci/aws-ecs@3.2 jobs: run-task: docker: - - image: cimg/python:3.9.1 + - image: cimg/python:3.10 steps: - aws-ecs/run-task: cluster: cluster1 diff --git a/src/examples/update-service.yml b/src/examples/update-service.yml index 05a124f9..5577c2c9 100644 --- a/src/examples/update-service.yml +++ b/src/examples/update-service.yml @@ -4,18 +4,20 @@ description: | usage: version: 2.1 orbs: - aws-cli: circleci/aws-cli@1.3 - aws-ecs: circleci/aws-ecs@2.0 + aws-cli: circleci/aws-cli@3.1 + aws-ecs: circleci/aws-ecs@3.2 jobs: update-tag: docker: - - image: cimg/python:3.9.1 + - image: cimg/python:3.10 steps: - aws-cli/setup: - # If these values have not been modified from their default, they do not need to be included. - aws-access-key-id: AWS_SECRET_ACCESS_KEY - aws-secret-access-key: AWS_DEFAULT_REGION - aws-region: AWS_DEFAULT_REGION + # This example uses CircleCI's OpenID Connect Token to generate temporary AWS keys + role-arn: "arn:aws:iam::123456789012:role/OIDC_ARN" + aws-region: AWS_REGION + profile-name: "OIDC-PROFILE" + session-duration: 3600 + role-session-name: "example-session-name" - aws-ecs/update-service: family: '${MY_APP_PREFIX}-service' cluster: '${MY_APP_PREFIX}-cluster' @@ -23,4 +25,5 @@ usage: workflows: deploy: jobs: - - update-tag + - update-tag: + context: [CircleCI_OIDC_Token] diff --git a/src/examples/update-task-definition-from-json.yml b/src/examples/update-task-definition-from-json.yml index d91a3098..68a531f6 100644 --- a/src/examples/update-task-definition-from-json.yml +++ b/src/examples/update-task-definition-from-json.yml @@ -2,17 +2,24 @@ description: Use the AWS CLI and this orb to create a new ECS task definition ba usage: version: 2.1 orbs: - aws-cli: circleci/aws-cli@1.3 - aws-ecs: circleci/aws-ecs@2.0 + aws-cli: circleci/aws-cli@3.1 + aws-ecs: circleci/aws-ecs@3.2 jobs: update-tag: docker: - - image: cimg/python:3.9.1 + - image: cimg/python:3.10 steps: - aws-cli/setup: - # If these values have not been modified from their default, they do not need to be included. - aws-access-key-id: AWS_SECRET_ACCESS_KEY - aws-secret-access-key: AWS_DEFAULT_REGION - aws-region: AWS_DEFAULT_REGION + # This example uses CircleCI's OpenID Connect Token to generate temporary AWS keys + role-arn: "arn:aws:iam::123456789012:role/OIDC_ARN" + aws-region: AWS_REGION + profile-name: "OIDC-PROFILE" + session-duration: 3600 + role-session-name: "example-session-name" - aws-ecs/update-task-definition-from-json: task-definition-json: my-app-definition.json + workflows: + deploy: + jobs: + - update-tag: + context: [CircleCI_OIDC_Token] diff --git a/src/examples/verify-revision-deplopyment.yml b/src/examples/verify-revision-deplopyment.yml index 4df54911..572b1fa2 100644 --- a/src/examples/verify-revision-deplopyment.yml +++ b/src/examples/verify-revision-deplopyment.yml @@ -2,18 +2,20 @@ description: Verify the deployment of an ECS revision. usage: version: 2.1 orbs: - aws-cli: circleci/aws-cli@1.3 - aws-ecs: circleci/aws-ecs@2.0 + aws-cli: circleci/aws-cli@3.1 + aws-ecs: circleci/aws-ecs@3.2 jobs: verify-deployment: docker: - - image: cimg/python:3.9.1 + - image: cimg/python:3.10 steps: - aws-cli/setup: - # If they are included, they configure the "default" profile, which is specified below. - aws-access-key-id: AWS_SECRET_ACCESS_KEY - aws-secret-access-key: AWS_DEFAULT_REGION - aws-region: AWS_DEFAULT_REGION + # This example uses CircleCI's OpenID Connect Token to generate temporary AWS keys + role-arn: "arn:aws:iam::123456789012:role/OIDC_ARN" + aws-region: AWS_REGION + profile-name: "OIDC-PROFILE" + session-duration: 3600 + role-session-name: "example-session-name" - run: name: Get last task definition command: > @@ -31,4 +33,5 @@ usage: workflows: test-workflow: jobs: - - verify-deployment + - verify-deployment: + context: [CircleCI_OIDC_Token] From 9c42dd5ef897c1c86089e860cdd0c0e89c8ceb4c Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Wed, 31 Aug 2022 16:17:01 -0700 Subject: [PATCH 15/16] chore: fixed spelling errors --- src/commands/update-service.yml | 2 +- src/jobs/deploy-service-update.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/commands/update-service.yml b/src/commands/update-service.yml index 188a5e50..bed2c4f7 100644 --- a/src/commands/update-service.yml +++ b/src/commands/update-service.yml @@ -72,7 +72,7 @@ parameters: container-secret-updates: description: > Use this to update or set the values of secret variables that will be defined for the containers. - (Existing secrets variables not included in this parameter will not beremoved) + (Existing secrets variables not included in this parameter will not be removed) Expected format: container=,name=,valueFrom=,container=...,name=...,valueFrom=..., diff --git a/src/jobs/deploy-service-update.yml b/src/jobs/deploy-service-update.yml index 7033e84a..d8ab8ed7 100644 --- a/src/jobs/deploy-service-update.yml +++ b/src/jobs/deploy-service-update.yml @@ -33,7 +33,7 @@ parameters: type: string default: "" role-session-name: - description: An identifier for the assumed role session + description: An identifier for the assumed role session. Environment varaibles will be evaluated. type: string default: ${CIRCLE_JOB} session-duration: From 53ce5e91f95d36c95698d36a605ab5697ed17c26 Mon Sep 17 00:00:00 2001 From: Brian Vu Date: Wed, 31 Aug 2022 16:31:59 -0700 Subject: [PATCH 16/16] fix: fixed linting errors --- src/jobs/deploy-service-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/jobs/deploy-service-update.yml b/src/jobs/deploy-service-update.yml index d8ab8ed7..98b4132a 100644 --- a/src/jobs/deploy-service-update.yml +++ b/src/jobs/deploy-service-update.yml @@ -33,7 +33,7 @@ parameters: type: string default: "" role-session-name: - description: An identifier for the assumed role session. Environment varaibles will be evaluated. + description: An identifier for the assumed role session. Environment varaibles will be evaluated. type: string default: ${CIRCLE_JOB} session-duration: