Merge pull request #2 from code-dot-org/build-docker

iterate on pr buildspec

Author: cat5inthecradle

Dockerfile

@@ -1,5 +1,7 @@
 FROM python:3.11-slim
 
+RUN pip install Flask
+
 WORKDIR /app
 COPY requirements.txt .
 

cicd/1-setup/cicd-dependencies.template.yml

@@ -72,6 +72,14 @@ Resources:
                 Action: codestar-connections:UseConnection
                 Resource:
                   - !Sub arn:aws:codestar-connections:us-east-1:${AWS::AccountId}:connection/*
+        - PolicyName: CodeBuildSecretsAccess
+          PolicyDocument:
+            Statement:
+              - Effect: Allow
+                Action:
+                  - "secretsmanager:GetSecretValue"
+                Resource:
+                  - !Sub arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:cicd/*
 
 Outputs:
   AiProxyCodeBuildArtifactBucket:

cicd/1-setup/deploy-cicd-dependencies.sh

@@ -19,6 +19,7 @@ read -r -p "Would you like to deploy this template to AWS account $ACCOUNT? [y/N
 if [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]
 then
   echo Updating cloudformation stack...
+  echo "Follow along at https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks?filteringText=aiproxy-cicd-deps&filteringStatus=active&viewNested=true&hideStacks=false"
   aws cloudformation deploy \
     --stack-name aiproxy-cicd-deps \
     --template-file ${TEMPLATE_FILE} \

cicd/3-app/aiproxy/buildspec.yml

@@ -1,25 +1,68 @@
 version: 0.2
+
+env:
+  secrets-manager:
+    DOCKER_HUB_USERNAME: cicd/docker-hub/username
+    DOCKER_HUB_PAT: cicd/docker-hub/pat
+
 phases:
   install:
     runtime-versions:
       python: 3.11
     commands:
       - pip install cfn-lint
+  
+  pre_build:
+    commands:
+      - echo Logging in to Docker Hub...
+      - echo $DOCKER_HUB_PAT | docker login -u $DOCKER_HUB_USERNAME --password-stdin
+  
   build:
-    # This should be moved to a shell script if it gets more complicated.
+    # This will build and push the docker image to ECR and package the
+    # Cloudformation template to be passed as an Artifact to future pipeline
+    # steps. It will also run unit tests and linting.
     commands:
       - set -e
       - BRANCH_NAME=${CODEBUILD_WEBHOOK_HEAD_REF#"refs/heads/"}
 
-      - echo "This is where I would run python tests, if I had any tests"
+      - cd $CODEBUILD_SRC_DIR
+
+      - echo "Validating Cloudformation Templates..."
+      - cfn-lint cicd/1-setup/*.template.yml
+      - cfn-lint cicd/2-cicd/*.template.yml
+      - cfn-lint cicd/3-app/aiproxy/template.yml
 
+      - echo "Building Docker Image..."
+      - IMAGE_NAME=aiproxy
+      - IMAGE_TAG=$(git rev-parse --short HEAD)
+      - docker build -t ${IMAGE_NAME}:${IMAGE_TAG} .
+
+      - echo "Running Unit Tests..."
+      - echo "This is where I would run my unit tests"
+
+      - echo "Pushing Docker Image to ECR..."
+      - ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+      - AWS_REGION=$(aws configure get region)
+      - ECR_REGISTRY="${ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com"
+      - ECR_REPO_NAME="aiproxy-${BRANCH_NAME}"
+      - FULL_IMAGE_NAME="${ECR_REGISTRY}/${ECR_REPO_NAME}:${IMAGE_TAG}"
+      - aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${ECR_REGISTRY}
+      - docker tag ${IMAGE_NAME}:${IMAGE_TAG} ${FULL_IMAGE_NAME}
+      - docker push ${FULL_IMAGE_NAME}
+
+      - echo "Linting cloudformation..."
       - cd $CODEBUILD_SRC_DIR
       - cp cicd/3-app/aiproxy/template.yml ./template.yml
       - cfn-lint template.yml
       - cat template.yml
 
+      - echo "Creating environment config..."
       - cicd/3-app/aiproxy/config/create-environment-config.sh
 
+      - echo "Packaging Cloudformation Template..."
       - aws cloudformation package --template-file template.yml --s3-bucket $ARTIFACT_STORE --s3-prefix package --output-template-file packaged-app-template.yml
+
+      - echo "Running ls command..."
+      - ls
 artifacts:
   files: '**/*'

cicd/3-app/aiproxy/integration-test-buildspec.yml

@@ -10,4 +10,4 @@ phases:
     commands:
       - set -e
 
-      - echo "This is where I would run my integration tests, if I had any tests"
+      - echo "This is where I would run my tests against the Test environment, if I had any tests"

cicd/3-app/aiproxy/pr-buildspec.yml

@@ -1,27 +1,45 @@
 version: 0.2
+
+env:
+  secrets-manager:
+    DOCKER_HUB_USERNAME: cicd/docker-hub/username
+    DOCKER_HUB_PAT: cicd/docker-hub/pat
+
 phases:
   install:
     runtime-versions:
       python: 3.11
     commands:
       - pip install cfn-lint
 
+  pre_build:
+    commands:
+      - echo Logging in to Docker Hub...
+      - echo $DOCKER_HUB_PAT | docker login -u $DOCKER_HUB_USERNAME --password-stdin
+
+  
   build:
     # This should be moved to a shell script if it gets more complicated.
     commands:
       - set -e
+
       - BRANCH_NAME=${CODEBUILD_WEBHOOK_HEAD_REF#"refs/heads/"}
       - ARTIFACT_PATH=branch/$BRANCH_NAME/$CODEBUILD_BUILD_NUMBER
 
+      - cd $CODEBUILD_SRC_DIR
+
+      - echo "Validating Cloudformation Templates..."
       - cfn-lint cicd/1-setup/*.template.yml
       - cfn-lint cicd/2-cicd/*.template.yml
+      - cfn-lint cicd/3-app/aiproxy/template.yml
 
-      - echo "This is where I would test my python code, if I had any tests"
+      - echo "Building Docker Image..."
+      - IMAGE_NAME=aiproxy
+      - IMAGE_TAG=$(git rev-parse --short HEAD)
+      - docker build -t ${IMAGE_NAME}:${IMAGE_TAG} .
 
-      - cd $CODEBUILD_SRC_DIR
-      - cp cicd/3-app/aiproxy/template.yml ./template.yml
-      - cfn-lint template.yml
-      
-      - aws cloudformation package --template-file template.yml --output-template-file cloudformation-output.yml --s3-bucket $ARTIFACT_STORE --s3-prefix "$ARTIFACT_PATH/cloudformation-package"
-      - aws s3 cp cloudformation-output.yml "s3://${ARTIFACT_STORE}/${ARTIFACT_PATH}/"
-      - echo "Artifacts uploaded to S3, view them at https://console.aws.amazon.com/s3/buckets/${ARTIFACT_STORE}?region=us-east-1&prefix=${ARTIFACT_PATH}/"
+      - echo "Running Unit Tests..."
+      - docker run --rm ${IMAGE_NAME}:${IMAGE_TAG} python -m unittest test_app.py
+
+      - echo "Pushing Docker Image to ECR..."
+      - echo "This is where I would push the docker image to ECR, when I get around to it"

src/test_app.py

@@ -0,0 +1,15 @@
+import unittest
+from app import app
+
+class TestApp(unittest.TestCase):
+
+    def setUp(self):
+        self.app = app.test_client()
+
+    def test_process(self):
+        response = self.app.get('/process')
+        self.assertEqual(response.data.decode(), 'hello world')
+        self.assertEqual(response.status_code, 200)
+
+if __name__ == '__main__':
+    unittest.main()

test.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+docker build -t aiproxy:local .
+docker run --rm aiproxy:local python -m unittest test_app.py