-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbuildspec-staging.yml
74 lines (73 loc) · 4.17 KB
/
buildspec-staging.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
version: 0.2
env:
parameter-store:
GITHUB_PERSONAL_ACCESS_TOKEN: /clouddefense/git_private_token
CLOUD_DEFENSE_API: /clouddefense/personal_api_key
CLOUD_DEFENSE_VERSION_DOWNLOAD_URL: /clouddefense/cli_release_version_url
phases:
pre_build:
commands:
- echo Docker information
- docker info
- echo Logging in to Amazon ECR...
- aws --version
- aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT
- REPOSITORY_URI=$ECR_REPOSITORY_URI
- echo $REPOSITORY_URI
- COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)
- IMAGE_TAG=staging_${COMMIT_HASH:=latest}
- GITHUB_BRANCH_NAME="${CODEBUILD_WEBHOOK_HEAD_REF#refs/heads/}"
- GITHUB_REPO_URL="https://${GITHUB_PERSONAL_ACCESS_TOKEN}@${CODEBUILD_SOURCE_REPO_URL#https://}"
- echo Install cloud defense cli
- curl -L -o /tmp/cd-latest-linux-x64.tar.gz $CLOUD_DEFENSE_VERSION_DOWNLOAD_URL
- sudo tar -C /usr/local/bin -xzf /tmp/cd-latest-linux-x64.tar.gz
- sudo cp /usr/local/bin/cd-latest-linux-x64 /usr/local/bin/cdefense
- chmod +x /usr/local/bin/cdefense
- echo end of pre_build phase
build:
commands:
- echo Build started on `date`
- echo $COMMIT_HASH
# - echo Start cloud defense vulnerability scan on codebase
# - |
# set +e # Disable immediate exit on error
# cdefense online --api-key=$CLOUD_DEFENSE_API --tag=$COMMIT_HASH --repository-url=$GITHUB_REPO_URL --branch-name=$GITHUB_BRANCH_NAME --type=GITHUB
# exit_code=$?
# set -e # Re-enable immediate exit on error
# if [ $exit_code -eq 1 ]; then
# echo "Ignore exit code 1"
# else
# exit $exit_code
# fi
- echo Building the Docker image...
- docker build --no-cache -t $REPOSITORY_URI:latest .
- docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG
post_build:
commands:
- echo Build completed on `date`
- echo Start Running tests
- docker run --rm -e DEBUG=True -e SECRET_KEY=secret_test_key $REPOSITORY_URI:latest python manage.py test
- echo Pushing the Docker images...
- echo docker image latest - $REPOSITORY_URI:latest
- echo docker image git tag - $REPOSITORY_URI:$IMAGE_TAG
- docker push $REPOSITORY_URI:$IMAGE_TAG
- echo Writing image definitions file...
- printf '[{"name":"$ECS_CONTAINER_NAME","imageUri":"%s"}]' $REPOSITORY_URI:$IMAGE_TAG > imagedefinitions.json
- echo Retrieve the ARNs of all task definitions for your family name FOR $ECS_TASK_DEFINITION_FAMILY...
- task_definition_arns=$(aws ecs list-task-definitions --family-prefix "$ECS_TASK_DEFINITION_FAMILY" --status ACTIVE --query 'taskDefinitionArns' --output json)
- echo Retrieve the latest task definition ARN...
- latest_arn=$(echo $(jq --raw-output '.[-1]' <<< $task_definition_arns))
- echo $latest_arn
- echo Describe the latest task definition and save the JSON to a file...
- aws ecs describe-task-definition --task-definition "$latest_arn" --query 'taskDefinition' --output json > previous-task-definition.json
- echo Below jq command to remove the warnings from github because the properties are not needed for the ECS deploy...
- jq 'del(.compatibilities, .taskDefinitionArn, .requiresAttributes, .revision, .status, .registeredAt, .registeredBy)' previous-task-definition.json > tmpfile && mv tmpfile previous-task-definition.json
- echo Modify the JSON to update the image...
- jq --arg image "$REPOSITORY_URI:$IMAGE_TAG" '.containerDefinitions[0].image = $image' previous-task-definition.json > task-definition.json
- echo Run aws ecs register task definition...
- TASK_DEFINITION_ARN=$(aws ecs register-task-definition --cli-input-json file://task-definition.json --query "taskDefinition.taskDefinitionArn" --output text)
- echo Registered new task definition - $TASK_DEFINITION_ARN
- echo Updating Staging ECS service
- aws ecs update-service --cluster $ECS_CLUSTER_NAME --service $ECS_SERVICE_NAME --task-definition $TASK_DEFINITION_ARN
artifacts:
files: imagedefinitions.json