Merge branch 'main' into sanchit/add-unhealthy-containers-table

Author: sanchitmalhotra126

cicd/1-setup/deploy-cicd-dependencies.sh

@@ -21,6 +21,7 @@ then
     --stack-name javabuilder-cicd-deps \
     --template-file ${TEMPLATE_FILE} \
     --capabilities CAPABILITY_IAM \
+    --tags EnvType=infrastructure \
     "$@"
 
   echo Complete!

cicd/2-cicd/cicd.template.yml

@@ -26,16 +26,16 @@ Parameters:
     Type: String
     Description: The Resource Id component of the CodeStar connection ARN for the code-dot-org GitHub repository
     Default: 9e27ebd6-de25-495c-9a2d-b24077376de8
-  Mode:
+  EnvironmentType:
     Type: String
-    Description: Whether this should create a pipeline for an 'adhoc' deployment or 'standard' pipeline.
-    Default: standard
-    AllowedValues: [adhoc, standard]
+    Description: A 'production' cicd stack includes automated tests in the pipeline and deploys 'test' and 'production' environments. Whereas a 'development' type will only deploy a development environment.
+    Default: production
+    AllowedValues: [development, production]
 
 Conditions:
   TargetsMainBranch: !Equals [ !Ref GitHubBranch, main ]
-  DeployToAdhoc: !Equals [!Ref Mode, adhoc ]
-  DeployToTestAndProd: !Equals [!Ref Mode, standard ]
+  DeployForDevelopment: !Equals [!Ref EnvironmentType, development ]
+  DeployForProduction: !Equals [!Ref EnvironmentType, production ]
 
 
 Resources:
@@ -296,8 +296,8 @@ Resources:
                 - Name: appBuildResults
 
         - !If
-          - DeployToAdhoc
-          - Name: Deploy_To_Adhoc
+          - DeployForDevelopment
+          - Name: Deploy_To_Development
             Actions:
               - Name: app-deploy
                 ActionTypeId: 
@@ -308,21 +308,21 @@ Resources:
                 InputArtifacts:
                   - Name: appBuildResults
                 Configuration:
-                  StackName: !Sub "javabuilder-adhoc-${GitHubBranch}"
+                  StackName: !Sub "javabuilder-dev-${GitHubBranch}"
                   ActionMode: CREATE_UPDATE
                   TemplatePath: appBuildResults::packaged-app-template.yml
-                  TemplateConfiguration: appBuildResults::cicd/3-app/javabuilder/adhoc.config.json
+                  TemplateConfiguration: appBuildResults::cicd/3-app/javabuilder/dev.config.json
                   ParameterOverrides: !Join
                       - ''
                       - - '{ "SubDomainName": "'
-                        - !Sub "javabuilder-adhoc-${GitHubBranch}"
+                        - !Sub "javabuilder-dev-${GitHubBranch}"
                         - '" }'
                   Capabilities: CAPABILITY_AUTO_EXPAND
                   RoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/admin/CloudFormationService
           - !Ref AWS::NoValue
 
         - !If
-          - DeployToTestAndProd
+          - DeployForProduction
           - Name: Deploy_To_Test
             Actions:
               - Name: app-deploy
@@ -348,7 +348,7 @@ Resources:
           - !Ref AWS::NoValue
 
         - !If
-          - DeployToTestAndProd
+          - DeployForProduction
           - Name: Integration_Test
             Actions:
               - Name: integration-test
@@ -370,7 +370,7 @@ Resources:
           - !Ref AWS::NoValue
 
         - !If
-          - DeployToTestAndProd
+          - DeployForProduction
           - Name: Deploy_To_Production
             Actions:
               - Name: app-deploy
@@ -395,6 +395,28 @@ Resources:
                   Capabilities: CAPABILITY_AUTO_EXPAND
                   RoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/admin/CloudFormationService
           - !Ref AWS::NoValue
+
+        - !If
+          - DeployForProduction
+          - Name: Smoke_Test
+            Actions:
+              - Name: smoke-test
+                ActionTypeId:
+                  Category: Build
+                  Owner: AWS
+                  Provider: CodeBuild
+                  Version: 1
+                InputArtifacts:
+                  - Name: sourceCode
+                Configuration:
+                  ProjectName: !Ref IntegrationTestBuildProject
+                  EnvironmentVariables: !Sub
+                    - '[{"name":"APP_SUBDOMAIN","value":"${SUBDOMAIN}","type":"PLAINTEXT"},{"name":"APP_BASE_DOMAIN","value":"${BASE_DOMAIN}","type":"PLAINTEXT"}]'
+                    - BASE_DOMAIN: code.org
+                      SUBDOMAIN: !If [TargetsMainBranch, "javabuilder", !Sub "javabuilder-${GitHubBranch}"]
+                OutputArtifacts:
+                  - Name: smokeTestResults
+          - !Ref AWS::NoValue
 
   # Send pipeline events to an SNS topic.
   # Note:

cicd/2-cicd/deploy-cicd.sh

@@ -5,7 +5,7 @@ echo Deploying Javabuilder CICD Pipeline
 # Create/Update the Javabuilder build/deploy pipeline stack. This is manually created and maintained, but should not require elevated permissions.
 # Options include:
 # - TARGET_BRANCH: Defaults to `main`, passed as a Parameter for "cicd/2-cicd/cicd.template.yml"
-# - MODE: Can be 'standard' (default) or 'adhoc', passed as a Parameter for "cicd/2-cicd/cicd.template.yml"
+# - ENVIRONMENT_TYPE: Can be 'production' (default) or 'development', passed as a Parameter for "cicd/2-cicd/cicd.template.yml"
 # - GITHUB_BADGE_ENABLED: defaults to true, passed as a Parameter for "cicd/2-cicd/cicd.template.yml"
 
 # 'Developer' role requires a specific service role for all CloudFormation operations.
@@ -16,14 +16,22 @@ fi
 
 # Default to main branch, but support pipelines using other branches
 TARGET_BRANCH=${TARGET_BRANCH-'main'}
+
 if [ "$TARGET_BRANCH" == "main" ]
 then
   STACK_NAME="javabuilder-cicd"
 else
-  STACK_NAME="javabuilder-${TARGET_BRANCH}-cicd"
+  # only allow alphanumeric branch names that may contain an internal hyphen.
+  # to avoid complicated logic elsewhere, we're constraining it here.
+  if [[ "$TARGET_BRANCH" =~ ^[a-z0-9]([-a-z0-9]*[a-z0-9])$ ]]; then
+    STACK_NAME="javabuilder-${TARGET_BRANCH}-cicd"
+  else
+    echo "Invalid branch name '${TARGET_BRANCH}', branches must be alphanumeric and may contain hyphens."
+    exit
+  fi
 fi
 
-MODE=${MODE-'standard'}
+ENVIRONMENT_TYPE=${ENVIRONMENT_TYPE-'production'}
 GITHUB_BADGE_ENABLED=${GITHUB_BADGE_ENABLED-'true'}
 
 TEMPLATE_FILE=cicd/2-cicd/cicd.template.yml
@@ -42,8 +50,9 @@ then
   aws cloudformation deploy \
     --stack-name $STACK_NAME \
     --template-file $TEMPLATE_FILE \
-    --parameter-overrides GitHubBranch=$TARGET_BRANCH GitHubBadgeEnabled=$GITHUB_BADGE_ENABLED Mode=$MODE \
+    --parameter-overrides GitHubBranch=$TARGET_BRANCH GitHubBadgeEnabled=$GITHUB_BADGE_ENABLED EnvironmentType=$ENVIRONMENT_TYPE \
     --capabilities CAPABILITY_IAM \
+    --tags EnvType=${ENVIRONMENT_TYPE} \
     "$@"
 
   echo Complete!

cicd/3-app/deploy-load-test.sh

@@ -26,7 +26,7 @@ aws cloudformation deploy \
   --template-file $TEMPLATE_FILE \
   --parameter-overrides LoadTestImage=$LOAD_TEST_IMAGE \
   --capabilities CAPABILITY_IAM \
-  --tags javabuilder-mode=load-test \
+  --tags javabuilder-mode=load-test EnvType=load-test \
   "$@"
 
 echo Complete!

cicd/3-app/javabuilder/config/adhoc.config.json renamed to cicd/3-app/javabuilder/config/dev.config.json

@@ -7,5 +7,8 @@
     "LimitPerHour": "50",
     "LimitPerDay": "150",
     "SilenceAlerts": "true"
+  },
+  "Tags" : {
+    "EnvType" : "development"
   }
 }

cicd/3-app/javabuilder/config/production.config.json

@@ -7,5 +7,8 @@
     "LimitPerHour": "150",
     "LimitPerDay": "300",
     "SilenceAlerts": "false"
+  },
+  "Tags" : {
+    "EnvType" : "production"
   }
 }

cicd/3-app/javabuilder/config/test.config.json

@@ -2,10 +2,13 @@
   "Parameters": {
     "BaseDomainName": "code.org",
     "BaseDomainNameHostedZonedID": "Z2LCOI49SCXUGU",
-    "ProvisionedConcurrentExecutions": "1",
-    "ReservedConcurrentExecutions": "3",
-    "LimitPerHour": "15",
-    "LimitPerDay": "40",
+    "ProvisionedConcurrentExecutions": "5",
+    "ReservedConcurrentExecutions": "25",
+    "LimitPerHour": "50",
+    "LimitPerDay": "150",
     "SilenceAlerts": "false"
+  },
+  "Tags" : {
+    "EnvType" : "test"
   }
 }

cicd/3-app/javabuilder/template.yml.erb

@@ -645,25 +645,26 @@ Resources:
   HighUsageCompositeAlarm:
     Type: AWS::CloudWatch::CompositeAlarm
     DependsOn:
+      - ConsoleHighInvocationsAlarm
       - HighHttpRequestsAlarm
-      -  HighWebsocketConnectionsAlarm
-      -  NeighborhoodHighInvocationsAlarm
-      -  TheaterHighInvocationsAlarm
+      - HighWebsocketConnectionsAlarm
+      - NeighborhoodHighInvocationsAlarm
+      - TheaterHighInvocationsAlarm
     Properties:
         ActionsEnabled: true
         AlarmActions:
-            # TODO: after we have run at high usage for a while, consider re-enabling this alarm. Right now it is too noisy
-            # - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:javabuilder-high-usage"]
-            - !Ref AWS::NoValue
+          # TODO: after we have run at high usage for a while, consider re-enabling this alarm. Right now it is too noisy
+          # - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:javabuilder-high-usage"]
+          - !Ref AWS::NoValue
         AlarmDescription: Send message if abnormally high Javabuilder usage detected.
-            Monitors usage across the HTTP API, WebSocket API, and all Build and Run
-            Lambdas.
+          Monitors usage across the HTTP API, WebSocket API, and all Build and Run
+          Lambdas.
         AlarmName: !Sub "${SubDomainName}_high_usage_composite"
         AlarmRule: !Sub "ALARM(${SubDomainName}_console_high_invocations) OR
-            ALARM(${SubDomainName}_high_http_requests) OR
-            ALARM(${SubDomainName}_high_websocket_connections) OR
-            ALARM(${SubDomainName}_neighborhood_high_invocations) OR
-            ALARM(${SubDomainName}_theater_high_invocations)"
+          ALARM(${SubDomainName}_high_http_requests) OR
+          ALARM(${SubDomainName}_high_websocket_connections) OR
+          ALARM(${SubDomainName}_neighborhood_high_invocations) OR
+          ALARM(${SubDomainName}_theater_high_invocations)"
         InsufficientDataActions: []
         OKActions: []
 

cicd/README.md

@@ -20,7 +20,7 @@ We also keep some CodeBuild configuration here, as this code tends to be more co
 
 ### 2 - CI/CD
 
-In order to trigger the application resources to be updated upon changes to the source code, we need CI/CD resources. This is accomplished by a CloudFormation template that defines a stack of resources, primarily including a CodeBuild project and a CodePipeline pipeline which update the [App Stack](#3---app). These CI/CD resources only need to be deployed once per deployable branch, `main` in our case (we might choose to create adhoc environments by launching a new CI/CD stack targeting a different branch).
+In order to trigger the application resources to be updated upon changes to the source code, we need CI/CD resources. This is accomplished by a CloudFormation template that defines a stack of resources, primarily including a CodeBuild project and a CodePipeline pipeline which update the [App Stack](#3---app). These CI/CD resources only need to be deployed once per deployable branch, `main` in our case (we might choose to create development environments by launching a new CI/CD stack targeting a different branch).
 
 These resources are deployed manually when changes occur. We could make yet another CodePipeline resource in the [Setup](#1---setup) section, but not today.
 
@@ -47,19 +47,23 @@ Finally, all of the above need some Roles to exist in the AWS accounts before we
    2. Push a commit to `main`
    3. Press the "Release Change" button on the Pipeline overview page in the AWS Console.
 
-### Deploying a CI/CD pipeline for a different branch
+### Deploying an Development environment
 
-By setting the `TARGET_BRANCH` you can create a new CI/CD pipeline that watches for PR's and changes to the specified branch, deploying a Test and Production environment just like the standard pipeline.
+You can create an Development (aka 'adhoc') environment by setting the `ENVIRONMENT_TYPE` flag on the cicd deploy script. This will create a CI/CD pipeline that will watch for updates to your `TARGET_BRANCH`. The difference between a production and a development pipeline can be seen in "cicd.template.yml" by following where the `Conditions` are used. In short, an development pipeline creates a single environment using "dev.config.yml", while a production deployment will create a Test environment and a Prod environment using the relevent config files, running automated tests between them.
+
+Notes:
+
+* your branch name cannot contain the character `/`, as this causes issues in AWS. Note that resources will be deployed with the tags `{EnvType = development}`.
+* for now, these must deployed to the production AWS account. There is planned work to enable these to be deployed to the Dev AWS account.
 
 ```
-TARGET_BRANCH=mybranch cicd/2-cicd/deploy-cicd.sh
+TARGET_BRANCH=mybranch ENVIRONMENT_TYPE=development cicd/2-cicd/deploy-cicd.sh
 ```
 
-### Deploying an Adhoc environment
+### Deploying a full CI/CD pipeline for a different branch
 
-You can create an Adhoc environment by setting the `MODE` flag on the cicd deploy script. This will create a CI/CD pipeline that will watch for updates to your `TARGET_BRANCH`. The difference between a standard deployment and an adhoc pipeline can be seen in "cicd.template.yml" by following where the `Conditions` are used. In short, an adhoc creates an adhoc environment using "adhoc.config.yml", while a standard deployment will create a Test environment and a Prod environment using the relevent config files.
-Note: your branch name cannot contain the character `\`, as this causes issues in AWS.
+By setting the `TARGET_BRANCH` you can create a new CI/CD pipeline that watches for PR's and changes to the specified branch, deploying a Test and Production environment just like the standard pipeline. Note that resources will be deployed with the tags `{EnvType = production}` or `{EnvType = test}`.
 
 ```
-TARGET_BRANCH=mybranch MODE=adhoc cicd/2-cicd/deploy-cicd.sh
+TARGET_BRANCH=mybranch cicd/2-cicd/deploy-cicd.sh
 ```

deploy-beta.sh

@@ -60,4 +60,5 @@ aws cloudformation deploy \
     ProvisionedConcurrentExecutions=$PROVISIONED_CONCURRENT_EXECUTIONS ReservedConcurrentExecutions=$RESERVED_CONCURRENT_EXECUTIONS \
     LimitPerHour=$LIMIT_PER_HOUR LimitPerDay=$LIMIT_PER_DAY TeacherLimitPerHour=$TEACHER_LIMIT_PER_HOUR SilenceAlerts=$SILENCE_ALERTS \
   --stack-name ${STACK} \
+  --tags EnvType=beta \
   "$@"