|
| 1 | +#!/bin/bash -xe |
| 2 | + |
| 3 | +# Create/Update a Javabuilder CloudFormation stack. |
| 4 | + |
| 5 | +TEMPLATE_BUCKET=${TEMPLATE_BUCKET?Required} |
| 6 | +SUB_DOMAIN=${SUB_DOMAIN?Required} |
| 7 | + |
| 8 | +get_hosted_zone() { |
| 9 | + aws route53 list-hosted-zones-by-name \ |
| 10 | + --dns-name "$1" \ |
| 11 | + --max-items 1 \ |
| 12 | + --query HostedZones[0].Id \ |
| 13 | + --output text \ |
| 14 | + | sed 's|/hostedzone/||' |
| 15 | +} |
| 16 | + |
| 17 | +# Default to dev-code.org domain name. |
| 18 | +BASE_DOMAIN=${BASE_DOMAIN-'dev-code.org'} |
| 19 | +# Default to lookup the hosted zone by name. |
| 20 | +BASE_DOMAIN_HOSTED_ZONE_ID=${BASE_DOMAIN_HOSTED_ZONE_ID-$(get_hosted_zone "${BASE_DOMAIN}")} |
| 21 | + |
| 22 | +# Use sub domain name as the CloudFormation Stack name. |
| 23 | +STACK=${SUB_DOMAIN} |
| 24 | + |
| 25 | +PROVISIONED_CONCURRENT_EXECUTIONS=${PROVISIONED_CONCURRENT_EXECUTIONS-'1'} |
| 26 | +RESERVED_CONCURRENT_EXECUTIONS=${RESERVED_CONCURRENT_EXECUTIONS-'3'} |
| 27 | + |
| 28 | +# If alerts should be silenced on this instance. Dev instances will always be silenced. |
| 29 | +SILENCE_ALERTS=${SILENCE_ALERTS-'false'} |
| 30 | + |
| 31 | +# Default per-user limits to prevent javabuilder abuse. |
| 32 | +LIMIT_PER_HOUR=${LIMIT_PER_HOUR-'50'} |
| 33 | +LIMIT_PER_DAY=${LIMIT_PER_DAY-'150'} |
| 34 | +# Default per-classroom hourly limit |
| 35 | +TEACHER_LIMIT_PER_HOUR=${TEACHER_LIMIT_PER_HOUR-'5000'} |
| 36 | + |
| 37 | +erb -T - cicd/3-app/javabuilder/template.yml.erb > template.yml |
| 38 | +TEMPLATE=template.yml |
| 39 | +OUTPUT_TEMPLATE=$(mktemp) |
| 40 | + |
| 41 | +# Build each Lambda (that needs to be compiled or has external package dependencies) so it can be uploaded to AWS Lambda. |
| 42 | +./javabuilder-authorizer/build.sh |
| 43 | +./org-code-javabuilder/build.sh |
| 44 | + |
| 45 | +aws cloudformation package \ |
| 46 | + --template-file ${TEMPLATE} \ |
| 47 | + --s3-bucket ${TEMPLATE_BUCKET} \ |
| 48 | + --output-template-file ${OUTPUT_TEMPLATE} |
| 49 | + |
| 50 | +# 'Developer' role requires a specific service role for all CloudFormation operations. |
| 51 | +if [[ $(aws sts get-caller-identity --query Arn --output text) =~ "assumed-role/Developer/" ]]; then |
| 52 | + # Append the role-arn option to the positional parameters $@ passed to cloudformation deploy. |
| 53 | + set -- "$@" --role-arn "arn:aws:iam::$(aws sts get-caller-identity --query Account --output text):role/admin/CloudFormationService" |
| 54 | +fi |
| 55 | + |
| 56 | +aws cloudformation deploy \ |
| 57 | + --s3-bucket ${TEMPLATE_BUCKET} \ |
| 58 | + --template-file ${OUTPUT_TEMPLATE} \ |
| 59 | + --parameter-overrides SubDomainName=$SUB_DOMAIN BaseDomainName=$BASE_DOMAIN BaseDomainNameHostedZonedID=$BASE_DOMAIN_HOSTED_ZONE_ID \ |
| 60 | + ProvisionedConcurrentExecutions=$PROVISIONED_CONCURRENT_EXECUTIONS ReservedConcurrentExecutions=$RESERVED_CONCURRENT_EXECUTIONS \ |
| 61 | + LimitPerHour=$LIMIT_PER_HOUR LimitPerDay=$LIMIT_PER_DAY TeacherLimitPerHour=$TEACHER_LIMIT_PER_HOUR SilenceAlerts=$SILENCE_ALERTS \ |
| 62 | + --stack-name ${STACK} \ |
| 63 | + "$@" |
0 commit comments