-
Notifications
You must be signed in to change notification settings - Fork 1
/
.gitlab-ci.yml
145 lines (130 loc) · 5.73 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
variables:
SAM_TEMPLATE: template.yaml
PIPELINE_USER_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
PIPELINE_USER_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
TESTING_STACK_NAME: sam-app
TESTING_REGION: us-west-2
TESTING_PIPELINE_EXECUTION_ROLE: arn:aws:iam::191762412092:role/aws-sam-cli-managed-stage1-p-PipelineExecutionRole-1KNUTFS1X3Z05
TESTING_CLOUDFORMATION_EXECUTION_ROLE: arn:aws:iam::191762412092:role/aws-sam-cli-managed-stage-CloudFormationExecutionR-U3PR084JZPMA
TESTING_ARTIFACTS_BUCKET: aws-sam-cli-managed-stage1-pipeli-artifactsbucket-xiwz97am33h2
TESTING_IMAGE_REPOSITORY: 191762412092.dkr.ecr.us-west-2.amazonaws.com/aws-sam-cli-managed-stage1-pipeline-resources-imagerepository-mcyvqzl6ojpu
PROD_STACK_NAME: sam-app
PROD_REGION: us-east-1
PROD_PIPELINE_EXECUTION_ROLE: arn:aws:iam::013714286599:role/aws-sam-cli-managed-stage2-p-PipelineExecutionRole-1CR173XTEO779
PROD_CLOUDFORMATION_EXECUTION_ROLE: arn:aws:iam::013714286599:role/aws-sam-cli-managed-stage-CloudFormationExecutionR-SPBX3XDHXDS1
PROD_ARTIFACTS_BUCKET: aws-sam-cli-managed-stage2-pipeli-artifactsbucket-1vvmo2x06lf2u
PROD_IMAGE_REPOSITORY: 013714286599.dkr.ecr.us-east-1.amazonaws.com/aws-sam-cli-managed-stage2-pipeline-resources-imagerepository-h1ymdq95r3dc
# By default, when using docker:dind, Docker uses the vfs storage
# driver which copies the file system on every run.
# This is a disk-intensive operation which can be avoided if a different driver is used.
# For example overlay2
DOCKER_DRIVER: overlay2
# Create the certificates inside this directory for both the server
# and client. The certificates used by the client will be created in
# /certs/client so we only need to share this directory with the
# volume mount in `config.toml`.
DOCKER_TLS_CERTDIR: "/certs"
# Should always specify a specific version of the image. If using a tag like docker:stable,
# there will be no control over which version is used. Unpredictable behavior can result.
image: docker:19.03.15
services:
- docker:19.03.15-dind
before_script:
- apk add --update python3 py-pip python3-dev build-base
- pip install awscli aws-sam-cli
stages:
- unit-test
- build
- testing
- prod
# uncomment and modify the following step for running the unit-tests
#
#unit-test:
# stage: unit-test
# only:
# - main
# - /^feature-.*$/
# script: |
# This stage is triggered only for feature branches (feature*),
# which will build the stack and deploy to a stack named with branch name.
build-and-deploy-feature:
stage: build
only:
- /^feature-.*$/
script:
- . assume-role.sh ${TESTING_PIPELINE_EXECUTION_ROLE} feature-deployment
- sam build --template ${SAM_TEMPLATE} --use-container
- sam deploy --stack-name $(echo ${CI_COMMIT_REF_NAME} | tr -cd '[a-zA-Z0-9-]')
--capabilities CAPABILITY_IAM
--region ${TESTING_REGION}
--s3-bucket ${TESTING_ARTIFACTS_BUCKET}
--image-repository ${TESTING_IMAGE_REPOSITORY}
--no-fail-on-empty-changeset
--role-arn ${TESTING_CLOUDFORMATION_EXECUTION_ROLE}
# This stage is triggered for main branch you set in the question,
# which will build the stack, package the application, upload the
# applications artifacts to Amazon S3 and output the SAM template file.
build-and-package:
stage: build
only:
- main
script:
- sam build --template ${SAM_TEMPLATE} --use-container
- . assume-role.sh ${TESTING_PIPELINE_EXECUTION_ROLE} testing-stage-packaging
- sam package --s3-bucket ${TESTING_ARTIFACTS_BUCKET}
--image-repository ${TESTING_IMAGE_REPOSITORY}
--region ${TESTING_REGION}
--output-template-file packaged-testing.yaml
- . assume-role.sh ${PROD_PIPELINE_EXECUTION_ROLE} prod-stage-packaging
- sam package --s3-bucket ${PROD_ARTIFACTS_BUCKET}
--image-repository ${PROD_IMAGE_REPOSITORY}
--region ${PROD_REGION}
--output-template-file packaged-prod.yaml
artifacts:
paths:
- packaged-testing.yaml
- packaged-prod.yaml
# This stage is triggered for main branch you set in the question,
# which will deploy the testing stage SAM application using
# the templated file generated.
deploy-testing:
stage: testing
only:
- main
script:
- . assume-role.sh ${TESTING_PIPELINE_EXECUTION_ROLE} testing-deployment
- sam deploy --stack-name ${TESTING_STACK_NAME}
--template packaged-testing.yaml
--capabilities CAPABILITY_IAM
--region ${TESTING_REGION}
--s3-bucket ${TESTING_ARTIFACTS_BUCKET}
--image-repository ${TESTING_IMAGE_REPOSITORY}
--no-fail-on-empty-changeset
--role-arn ${TESTING_CLOUDFORMATION_EXECUTION_ROLE}
# Uncomment and modify the following stage for integration tests
#
#integration-test:
# stage: testing
# only:
# - main
# script: |
# #trigger the integration tests here
# This stage is triggered for main branch you set in the question,
# which will deploy the prod stage SAM application using
# the templated file generated.
deploy-prod:
stage: prod
# uncomment this to have a manual approval step before deployment to production
# when: manual
only:
- main
script:
- . assume-role.sh ${PROD_PIPELINE_EXECUTION_ROLE} prod-deployment
- sam deploy --stack-name ${PROD_STACK_NAME}
--template packaged-prod.yaml
--capabilities CAPABILITY_IAM
--region ${PROD_REGION}
--s3-bucket ${PROD_ARTIFACTS_BUCKET}
--image-repository ${PROD_IMAGE_REPOSITORY}
--no-fail-on-empty-changeset
--role-arn ${PROD_CLOUDFORMATION_EXECUTION_ROLE}