-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeploy.sh
executable file
·162 lines (151 loc) · 3.87 KB
/
deploy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
#!/bin/bash
set -e
[ -n "${TRAVIS_BRANCH}" ] && BRANCH="${TRAVIS_BRANCH}"
case "${BRANCH}" in
production)
DOMAIN="devops.capetown"
;;
staging)
DOMAIN="staging.devops.capetown"
;;
*)
echo No matching branch name, not deploying
exit 0
esac
REGION="${AWS_DEFAULT_REGION}"
DIR="$(cd `dirname "$0"` && pwd)"
echo Create the S3 bucket
aws s3 ls "s3://${DOMAIN}" &> /dev/null || \
(aws s3 mb "s3://${DOMAIN}" && sleep 5)
echo Set the bucket policy
! read -r -d '' S3_POLICY <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::${DOMAIN}/*"
}
]
}
EOF
aws s3api put-bucket-policy --bucket "${DOMAIN}" --policy "${S3_POLICY}"
echo Configure static website
aws s3 website "s3://${DOMAIN}" --index-document index.html --error-document 404.html
echo Sync files
aws s3 sync --delete "${DIR}/_site/" "s3://${DOMAIN}/"
echo Create CloudFront distribution
! read -r -d '' CLOUDFRONT_CONFIG <<EOF
{
"Aliases": {
"Quantity": 1,
"Items": ["${DOMAIN}"]
},
"CacheBehaviors": {
"Quantity": 0
},
"CallerReference": "${DOMAIN}",
"Comment": "DevOps Cape Town website (${BRANCH})",
"CustomErrorResponses": {
"Quantity": 0
},
"DefaultCacheBehavior": {
"AllowedMethods": {
"Quantity": 2,
"Items": ["GET", "HEAD"],
"CachedMethods": {
"Quantity": 2,
"Items": ["GET", "HEAD"]
}
},
"Compress": true,
"DefaultTTL": 60,
"ForwardedValues": {
"QueryString": true,
"Cookies": {
"Forward": "all",
"WhitelistedNames": {
"Quantity": 0
}
},
"Headers": {
"Quantity": 0
}
},
"MaxTTL": 60,
"MinTTL": 0,
"SmoothStreaming": false,
"TargetOriginId": "${DOMAIN}.s3-website-${REGION}.amazonaws.com",
"TrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "redirect-to-https"
},
"DefaultRootObject": "index.html",
"Enabled": true,
"Logging": {
"Enabled": true,
"IncludeCookies": true,
"Bucket": "devopscapetown-cloudfront.s3.amazonaws.com",
"Prefix": "${DOMAIN}"
},
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "${DOMAIN}.s3-website-${REGION}.amazonaws.com",
"DomainName": "${DOMAIN}.s3-website-${REGION}.amazonaws.com",
"OriginPath": "",
"CustomHeaders": {
"Quantity": 0
},
"CustomOriginConfig": {
"HTTPPort": 80,
"HTTPSPort": 443,
"OriginProtocolPolicy": "http-only",
"OriginSslProtocols": {
"Quantity": 3,
"Items": ["TLSv1", "TLSv1.1", "TLSv1.2"]
}
}
}
]
},
"PriceClass": "PriceClass_All",
"ViewerCertificate": {
"ACMCertificateArn": "${AWS_CERTIFICATE_ARN}",
"CertificateSource": "acm",
"MinimumProtocolVersion": "TLSv1",
"SSLSupportMethod": "sni-only"
},
"WebACLId": ""
}
EOF
aws configure set preview.cloudfront true
[ -z "$(aws cloudfront list-distributions | jq -r ".DistributionList.Items[] | select(.Aliases.Items[] == \"${DOMAIN}\")")" ] && \
aws cloudfront create-distribution --distribution-config "${CLOUDFRONT_CONFIG}"
echo Create DNS record
! read -r -d '' ROUTE53_CHANGES <<EOF
{
"Changes": [
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "${DOMAIN}",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z2FDTNDATAQYW2",
"DNSName": "$(aws cloudfront list-distributions | jq -r ".DistributionList.Items[] | select(.Aliases.Items[] == \"${DOMAIN}\") | .DomainName")",
"EvaluateTargetHealth": false
}
}
}
]
}
EOF
aws route53 change-resource-record-sets --hosted-zone-id "${AWS_HOSTED_ZONE_ID}" --change-batch "${ROUTE53_CHANGES}"
# vim: set ts=2 sts=2 sw=2 et: