-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
AUT-3939 - sam deploy frontend to new authdevs via command line
- Loading branch information
Showing
5 changed files
with
224 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| version = 0.1 | ||
| [authdev1.deploy.parameters] | ||
| stack_name = "authdev1-frontend" | ||
| resolve_s3 = false | ||
| s3_bucket = "authdev1-frontend-pipeline-pipelinebucket-kit9bfu7ko2m" | ||
| region = "eu-west-2" | ||
| confirm_changeset = true | ||
| capabilities = "CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND" | ||
| parameter_overrides = "Environment=\"dev\" SubEnvironment=\"authdev1\" VpcStackName=\"authdev1-vpc\" CodeSigningConfigArn=\"arn:aws:lambda:eu-west-2:975050272416:code-signing-config:csc-08363373ee41af407\" DeploymentStrategy=\"CodeDeployDefault.ECSAllAtOnce\" PermissionsBoundary=\"arn:aws:iam::975050272416:policy/authdev1-frontend-pipeline-AppProgrammaticPermissionsBoundary-0208ecb7797f\" ServiceDownPageRegistry=\"058264536367.dkr.ecr.eu-west-2.amazonaws.com/service-down-page-image-repository-containerrepository-5mf9vzblyt5l\"" | ||
| image_repositories = [] | ||
|
|
||
| [authdev2.deploy.parameters] | ||
| stack_name = "authdev2-frontend" | ||
| resolve_s3 = false | ||
| s3_bucket = "authdev2-frontend-pipeline-pipelinebucket-ryomchxfe6bs" | ||
| region = "eu-west-2" | ||
| confirm_changeset = true | ||
| capabilities = "CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND" | ||
| parameter_overrides = "Environment=\"dev\" SubEnvironment=\"authdev2\" VpcStackName=\"authdev2-vpc\" CodeSigningConfigArn=\"arn:aws:lambda:eu-west-2:975050272416:code-signing-config:csc-0e7ece3a3ef748670\" DeploymentStrategy=\"None\" PermissionsBoundary=\"arn:aws:iam::975050272416:policy/authdev2-frontend-pipeline-AppProgrammaticPermissionsBoundary-064776019653\" ServiceDownPageRegistry=\"058264536367.dkr.ecr.eu-west-2.amazonaws.com/service-down-page-image-repository-containerrepository-5mf9vzblyt5l\"" | ||
| image_repositories = [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| [ | ||
| { | ||
| "Key": "System", | ||
| "Value": "Authentication" | ||
| }, | ||
| { | ||
| "Key": "Environment", | ||
| "Value": "dev" | ||
| }, | ||
| { | ||
| "Key": "Owner", | ||
| "Value": "[email protected]" | ||
| }, | ||
| { | ||
| "Key": "is-pipeline-deployment", | ||
| "Value": "False" | ||
| }, | ||
| { | ||
| "Key": "repository", | ||
| "Value": "govuk-one-login/authentication-frontend" | ||
| } | ||
| ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,170 @@ | ||
| #!/usr/bin/env bash | ||
| set -euo pipefail | ||
|
|
||
| [[ "${BASH_SOURCE[0]}" != "${0}" ]] || { | ||
| echo "Error: Script must be sourced, not executed" | ||
| exit 1 | ||
| } | ||
|
|
||
| function usage() { | ||
| cat <<USAGE | ||
| A script to deploy the GOV.UK Sign in Frontend to the dev environment. | ||
| Requires a GDS CLI, AWS CLI and jq installed and configured. | ||
| Usage: | ||
| $0 [-b|--build] [-d|--deploy] [--destroy] [-p|--prompt] | ||
| Options: | ||
| -b, --build run docker build and push new version (default) | ||
| -d, --deploy deploy the AWS SAM application (default) | ||
| --destroy delete the AWS SAM application and the artifacts created by sam deploy | ||
| -p, --prompt will prompt for view changelog before applying | ||
| If no options specified the default actions above will be carried out without prompting. | ||
| USAGE | ||
| } | ||
|
|
||
| BUILD=0 | ||
| CONFIRM_CHANGESET_OPTION="--no-confirm-changeset" | ||
| DEPLOY=0 | ||
| DELETE=0 | ||
|
|
||
| # If no options specified the default actions above will be carried out without prompting. | ||
| if [[ $# == 0 ]]; then | ||
| BUILD=1 | ||
| DEPLOY=1 | ||
| echo "Deploying to $DEPLOY_ENV with default options ($0 --build --deploy)" | ||
| fi | ||
|
|
||
| while [[ $# -gt 0 ]]; do | ||
| case "${1}" in | ||
| -b | --build) | ||
| BUILD=1 | ||
| ;; | ||
| -d | --deploy | -t | --terraform) | ||
| # -t|--terraform kept there for now, because old habits die hard | ||
| DEPLOY=1 | ||
| ;; | ||
| --destroy) | ||
| DELETE=1 | ||
| ;; | ||
| -p | --prompt) | ||
| CONFIRM_CHANGESET_OPTION="--confirm-changeset" | ||
| ;; | ||
| *) | ||
| usage | ||
| exit 1 | ||
| ;; | ||
| esac | ||
| shift | ||
| done | ||
|
|
||
| # ------------------------- | ||
| # deployment configurations | ||
| # ------------------------- | ||
| ECR_REGISTRY="975050272416.dkr.ecr.eu-west-2.amazonaws.com" | ||
| ECR_REPO_NAME="" | ||
| case $DEPLOY_ENV in | ||
| authdev1) ECR_REPO_NAME="authdev1-frontend-image-repository-containerrepository-k0a7zjnydazf" ;; | ||
| authdev2) ECR_REPO_NAME="authdev2-frontend-image-repository-containerrepository-lvjd0pm7fkxh" ;; | ||
| *) | ||
| echo "Unrecognized deploy env: $DEPLOY_ENV" | ||
| exit 1 | ||
| ;; | ||
| esac | ||
| DOCKER_BUILD_PATH="${DOCKER_BUILD_PATH:-.}" | ||
| DOCKERFILE="${DOCKERFILE:-sandpit.Dockerfile}" | ||
| DOCKER_PLATFORM="${DOCKER_PLATFORM:-linux/amd64}" | ||
| GITHUB_SHA="$(git rev-parse HEAD)" | ||
| PUSH_LATEST_TAG="${PUSH_LATEST_TAG:-false}" | ||
| TEMPLATE_FILE="${TEMPLATE_FILE:-cloudformation/deploy/template.yaml}" | ||
| TAGS_FILE="${TAGS_FILE:-scripts/dev_deploy_tags.json}" | ||
| SAMCONFIG_FILE=${SAMCONFIG_FILE:-scripts/dev_deploy_samconfig.toml} | ||
|
|
||
| # ----------------------- | ||
| # login to target account | ||
| # ----------------------- | ||
| export AWS_PROFILE="di-authentication-development-admin" | ||
|
|
||
| # shellcheck source=./scripts/export_aws_creds.sh | ||
| source "${DIR}/scripts/export_aws_creds.sh" | ||
|
|
||
| echo "Generating temporary ECR credentials..." | ||
| aws ecr get-login-password --region eu-west-2 | | ||
| docker login --username AWS --password-stdin "${ECR_REGISTRY}" | ||
|
|
||
| # --------------------- | ||
| # Build SAM application | ||
| # --------------------- | ||
| if [[ $BUILD == "1" ]]; then | ||
| echo "Building image" | ||
|
|
||
| PLATFORM_OPTION="--platform ${DOCKER_PLATFORM}" | ||
| TAG_OPTION="" | ||
| if [ "$PUSH_LATEST_TAG" == "true" ]; then | ||
| echo "Tagging option supplied $ECR_REGISTRY/$ECR_REPO_NAME:latest" | ||
| TAG_OPTION="--tag $ECR_REGISTRY/$ECR_REPO_NAME:latest" | ||
| fi | ||
|
|
||
| # shellcheck disable=SC2086 | ||
| docker build \ | ||
| --tag "$ECR_REGISTRY/$ECR_REPO_NAME:$GITHUB_SHA" \ | ||
| $TAG_OPTION \ | ||
| $PLATFORM_OPTION \ | ||
| --file "$DOCKER_BUILD_PATH"/"$DOCKERFILE" \ | ||
| "$DOCKER_BUILD_PATH" | ||
|
|
||
| docker push "$ECR_REGISTRY/$ECR_REPO_NAME:$GITHUB_SHA" | ||
| if [ "$PUSH_LATEST_TAG" == "true" ]; then | ||
| docker push "$ECR_REGISTRY/$ECR_REPO_NAME:latest" | ||
| fi | ||
| fi | ||
|
|
||
| # ---------------------- | ||
| # Deploy SAM application | ||
| # ---------------------- | ||
| if [[ $DEPLOY == "1" ]]; then | ||
| echo "Running sam build on template file" | ||
| sam build --template-file="$TEMPLATE_FILE" | ||
| mv .aws-sam/build/template.yaml cf-template.yaml | ||
|
|
||
| if grep -q "CONTAINER-IMAGE-PLACEHOLDER" cf-template.yaml; then | ||
| echo "Replacing \"CONTAINER-IMAGE-PLACEHOLDER\" with new ECR image ref" | ||
| sed -i.bak "s|CONTAINER-IMAGE-PLACEHOLDER|$ECR_REGISTRY/$ECR_REPO_NAME:$GITHUB_SHA|" cf-template.yaml | ||
| else | ||
| echo "WARNING!!! Image placeholder text \"CONTAINER-IMAGE-PLACEHOLDER\" not found - uploading template anyway" | ||
| fi | ||
|
|
||
| if grep -q "GIT-SHA-PLACEHOLDER" cf-template.yaml; then | ||
| echo "Replacing \"GIT-SHA-PLACEHOLDER\" with new ECR image tag" | ||
| sed -i.bak "s|GIT-SHA-PLACEHOLDER|$GITHUB_SHA|" cf-template.yaml | ||
| fi | ||
|
|
||
| echo "Deploying SAM application" | ||
| TAGS=$(jq '.[] | "\(.Key)=\(.Value)"' -r "$TAGS_FILE") | ||
|
|
||
| # shellcheck disable=SC2086 | ||
| sam deploy \ | ||
| --template-file cf-template.yaml \ | ||
| --config-env "$DEPLOY_ENV" \ | ||
| --config-file "$SAMCONFIG_FILE" \ | ||
| $CONFIRM_CHANGESET_OPTION \ | ||
| --tags $TAGS Product="GOV.UK Sign In" commitsha=${GITHUB_SHA} | ||
|
|
||
| # cleanup | ||
| rm cf-template.yaml* | ||
|
|
||
| echo "Deployment complete!" | ||
| fi | ||
|
|
||
| # ---------------------- | ||
| # Delete SAM application | ||
| # ---------------------- | ||
| if [[ $DELETE == "1" ]]; then | ||
| # this command always prompts, on purpose | ||
| sam delete \ | ||
| --config-env "$DEPLOY_ENV" \ | ||
| --config-file "$SAMCONFIG_FILE" | ||
|
|
||
| echo "Stack deleted!" | ||
| fi |