Merge pull request #345 from code-dot-org/prod-cicd

Support adhocs and deploy to production environment.

Author: cat5inthecradle

beta-template.yml.erb

@@ -25,12 +25,18 @@ Parameters:
   CodeStarConnectionResourceId:
     Type: String
     Description: The Resource Id component of the CodeStar connection ARN for the code-dot-org GitHub repository
-    Default: 7df08bcf-9883-42e8-8f5e-d083419d4fe9
+    Default: 9e27ebd6-de25-495c-9a2d-b24077376de8
+  Mode:
+    Type: String
+    Description: Whether this should create a pipeline for an 'adhoc' deployment or 'standard' pipeline.
+    Default: standard
+    AllowedValues: [adhoc, standard]
 
 Conditions:
-  TargetsMainBranch: !Equals 
-    - !Ref GitHubBranch
-    - main
+  TargetsMainBranch: !Equals [ !Ref GitHubBranch, main ]
+  DeployToAdhoc: !Equals [!Ref Mode, adhoc ]
+  DeployToTestAndProd: !Equals [!Ref Mode, standard ]
+
 
 Resources:
 
@@ -211,7 +217,7 @@ Resources:
   JavabuilderRolePolicy:
     Type: 'AWS::IAM::Policy'
     Properties:
-      PolicyName: root
+      PolicyName: !Sub "${AWS::StackName}-codebuild-policy"
       PolicyDocument:
         Version: "2012-10-17"
         Statement:
@@ -261,7 +267,6 @@ Resources:
                 ConnectionArn: !Sub arn:aws:codestar-connections:us-east-1:${AWS::AccountId}:connection/${CodeStarConnectionResourceId}
                 FullRepositoryId: !Sub ${GitHubOwner}/${GitHubRepo}
                 BranchName: !Ref GitHubBranch
-                DetectChanges: true
 
         - Name: Build
           Actions:
@@ -290,42 +295,106 @@ Resources:
               OutputArtifacts:
                 - Name: appBuildResults
 
-        - Name: Deploy_To_Test
-          Actions:
-            - Name: app-deploy
-              ActionTypeId: 
-                Category: Deploy 
-                Owner: AWS 
-                Version: 1 
-                Provider: CloudFormation
-              InputArtifacts:
-                - Name: appBuildResults
-              Configuration:
-                StackName: !If [TargetsMainBranch, "javabuilder-test", !Sub "javabuilder-${GitHubBranch}-test"]
-                ActionMode: CREATE_UPDATE
-                TemplatePath: appBuildResults::packaged-app-template.yml
-                TemplateConfiguration: appBuildResults::cicd/3-app/javabuilder/test.config.json
-                Capabilities: CAPABILITY_AUTO_EXPAND
-                RoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/admin/CloudFormationService
+        - !If
+          - DeployToAdhoc
+          - Name: Deploy_To_Adhoc
+            Actions:
+              - Name: app-deploy
+                ActionTypeId: 
+                  Category: Deploy 
+                  Owner: AWS 
+                  Version: 1 
+                  Provider: CloudFormation
+                InputArtifacts:
+                  - Name: appBuildResults
+                Configuration:
+                  StackName: !Sub "javabuilder-adhoc-${GitHubBranch}"
+                  ActionMode: CREATE_UPDATE
+                  TemplatePath: appBuildResults::packaged-app-template.yml
+                  TemplateConfiguration: appBuildResults::cicd/3-app/javabuilder/adhoc.config.json
+                  ParameterOverrides: !Join
+                      - ''
+                      - - '{ "SubDomainName": "'
+                        - !Sub "javabuilder-adhoc-${GitHubBranch}"
+                        - '" }'
+                  Capabilities: CAPABILITY_AUTO_EXPAND
+                  RoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/admin/CloudFormationService
+          - !Ref AWS::NoValue
 
-        - Name: Integration_Test
-          Actions:
-            - Name: integration-test
-              ActionTypeId:
-                Category: Build
-                Owner: AWS
-                Provider: CodeBuild
-                Version: 1
-              InputArtifacts:
-                - Name: sourceCode
-              Configuration:
-                ProjectName: !Ref IntegrationTestBuildProject
-                EnvironmentVariables: !Sub
-                  - '[{"name":"APP_SUBDOMAIN","value":"${SUBDOMAIN}","type":"PLAINTEXT"},{"name":"APP_BASE_DOMAIN","value":"${BASE_DOMAIN}","type":"PLAINTEXT"}]'
-                  - BASE_DOMAIN: code.org
-                    SUBDOMAIN: !If [TargetsMainBranch, "javabuilder-test", !Sub "javabuilder-${GitHubBranch}-test"]
-              OutputArtifacts:
-                - Name: integrationTestResultsPOC
+        - !If
+          - DeployToTestAndProd
+          - Name: Deploy_To_Test
+            Actions:
+              - Name: app-deploy
+                ActionTypeId: 
+                  Category: Deploy 
+                  Owner: AWS 
+                  Version: 1 
+                  Provider: CloudFormation
+                InputArtifacts:
+                  - Name: appBuildResults
+                Configuration:
+                  StackName: !If [TargetsMainBranch, "javabuilder-test", !Sub "javabuilder-${GitHubBranch}-test"]
+                  ActionMode: CREATE_UPDATE
+                  TemplatePath: appBuildResults::packaged-app-template.yml
+                  TemplateConfiguration: appBuildResults::cicd/3-app/javabuilder/test.config.json
+                  ParameterOverrides: !Join
+                      - ''
+                      - - '{ "SubDomainName": "'
+                        - !If [ TargetsMainBranch, 'javabuilder-test', !Sub 'javabuilder-${GitHubBranch}-test' ]
+                        - '" }'
+                  Capabilities: CAPABILITY_AUTO_EXPAND
+                  RoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/admin/CloudFormationService
+          - !Ref AWS::NoValue
+
+        - !If
+          - DeployToTestAndProd
+          - Name: Integration_Test
+            Actions:
+              - Name: integration-test
+                ActionTypeId:
+                  Category: Build
+                  Owner: AWS
+                  Provider: CodeBuild
+                  Version: 1
+                InputArtifacts:
+                  - Name: sourceCode
+                Configuration:
+                  ProjectName: !Ref IntegrationTestBuildProject
+                  EnvironmentVariables: !Sub
+                    - '[{"name":"APP_SUBDOMAIN","value":"${SUBDOMAIN}","type":"PLAINTEXT"},{"name":"APP_BASE_DOMAIN","value":"${BASE_DOMAIN}","type":"PLAINTEXT"}]'
+                    - BASE_DOMAIN: code.org
+                      SUBDOMAIN: !If [TargetsMainBranch, "javabuilder-test", !Sub "javabuilder-${GitHubBranch}-test"]
+                OutputArtifacts:
+                  - Name: integrationTestResultsPOC
+          - !Ref AWS::NoValue
+
+        - !If
+          - DeployToTestAndProd
+          - Name: Deploy_To_Production
+            Actions:
+              - Name: app-deploy
+                ActionTypeId: 
+                  Category: Deploy 
+                  Owner: AWS 
+                  Version: 1 
+                  Provider: CloudFormation
+                InputArtifacts:
+                  - Name: appBuildResults
+                # The value of `Configuration` must be an object with String (or simple type) properties
+                Configuration:
+                  StackName: !If [TargetsMainBranch, "javabuilder", !Sub "javabuilder-${GitHubBranch}"]
+                  ActionMode: CREATE_UPDATE
+                  TemplatePath: appBuildResults::packaged-app-template.yml
+                  TemplateConfiguration: appBuildResults::cicd/3-app/javabuilder/production.config.json
+                  ParameterOverrides: !Join
+                    - ''
+                    - - '{ "SubDomainName": "'
+                      - !If [ TargetsMainBranch, 'javabuilder', !Sub 'javabuilder-${GitHubBranch}' ]
+                      - '" }'
+                  Capabilities: CAPABILITY_AUTO_EXPAND
+                  RoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/admin/CloudFormationService
+          - !Ref AWS::NoValue
 
   # Send pipeline events to an SNS topic.
   # Note: Integration with Slack via AWS ChatBot is configured manually via AWS Console.

cicd/2-cicd/cicd.template.yml

@@ -2,7 +2,11 @@
 
 echo Deploying Javabuilder CICD Pipeline
 
-# Create/Update the Javabuilder build/deploy pipeline stack. This is manually created and maintained, but should not require elevated permissions. 
+# Create/Update the Javabuilder build/deploy pipeline stack. This is manually created and maintained, but should not require elevated permissions.
+# Options include:
+# - TARGET_BRANCH: Defaults to `main`, passed as a Parameter for "cicd/2-cicd/cicd.template.yml"
+# - MODE: Can be 'standard' (default) or 'adhoc', passed as a Parameter for "cicd/2-cicd/cicd.template.yml"
+# - GITHUB_BADGE_ENABLED: defaults to true, passed as a Parameter for "cicd/2-cicd/cicd.template.yml"
 
 # 'Developer' role requires a specific service role for all CloudFormation operations.
 if [[ $(aws sts get-caller-identity --query Arn --output text) =~ "assumed-role/Developer/" ]]; then
@@ -14,11 +18,12 @@ fi
 TARGET_BRANCH=${TARGET_BRANCH-'main'}
 if [ "$TARGET_BRANCH" == "main" ]
 then
-  STACK_NAME=${STACK_NAME-'javabuilder-cicd'}
+  STACK_NAME="javabuilder-cicd"
 else
-  STACK_NAME=${STACK_NAME-"javabuilder-$TARGET_BRANCH-cicd"}
+  STACK_NAME=${"javabuilder-$TARGET_BRANCH-cicd"}
 fi
 
+MODE=${MODE-'standard'}
 GITHUB_BADGE_ENABLED=${GITHUB_BADGE_ENABLED-'true'}
 
 TEMPLATE_FILE=cicd/2-cicd/cicd.template.yml
@@ -37,7 +42,7 @@ then
   aws cloudformation deploy \
     --stack-name $STACK_NAME \
     --template-file $TEMPLATE_FILE \
-    --parameter-overrides GitHubBranch=$TARGET_BRANCH GitHubBadgeEnabled=$GITHUB_BADGE_ENABLED \
+    --parameter-overrides GitHubBranch=$TARGET_BRANCH GitHubBadgeEnabled=$GITHUB_BADGE_ENABLED Mode=$MODE \
     --capabilities CAPABILITY_IAM \
     "$@"
 

cicd/2-cicd/deploy-cicd.sh

@@ -1 +1,2 @@
-*.config.json
+# ignore files generated by 'create-environment-config.sh'
+./*.config.json

cicd/3-app/javabuilder/.gitignore

@@ -0,0 +1,11 @@
+{
+  "Parameters": {
+    "BaseDomainName": "code.org",
+    "BaseDomainNameHostedZonedID": "Z2LCOI49SCXUGU",
+    "ProvisionedConcurrentExecutions": "1",
+    "ReservedConcurrentExecutions": "3",
+    "LimitPerHour": "50",
+    "LimitPerDay": "150",
+    "SilenceAlerts": "true"
+  }
+}

cicd/3-app/javabuilder/config/adhoc.config.json

@@ -0,0 +1,11 @@
+{
+  "Parameters": {
+    "BaseDomainName": "code.org",
+    "BaseDomainNameHostedZonedID": "Z2LCOI49SCXUGU",
+    "ProvisionedConcurrentExecutions": "150",
+    "ReservedConcurrentExecutions": "1650",
+    "LimitPerHour": "150",
+    "LimitPerDay": "300",
+    "SilenceAlerts": "false"
+  }
+}

cicd/3-app/javabuilder/config/production.config.json

@@ -1,6 +1,5 @@
 {
   "Parameters": {
-    "SubDomainName": "javabuilder-test",
     "BaseDomainName": "code.org",
     "BaseDomainNameHostedZonedID": "Z2LCOI49SCXUGU",
     "ProvisionedConcurrentExecutions": "1",