From 43af171309cdbf4df50a9afe2e86df89a16ea7eb Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Tue, 24 Oct 2023 17:13:25 +0100 Subject: [PATCH 01/19] updating cicd to arm64 --- cicd/build/build/buildspec.yml | 4 ++-- cicd/build/package/buildspec.yml | 5 +++-- cicd/cloudformation/developer.yaml | 24 ++++++++++++------------ 3 files changed, 17 insertions(+), 16 deletions(-) diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index 3dc0b4ac..a5261f36 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -18,7 +18,7 @@ phases: - go install honnef.co/go/tools/cmd/staticcheck@latest # Install Testify to use common assertions and mocks in tests - - go get -u github.com/stretchr/testify + - go install github.com/stretchr/testify # Install goreleaser - go install github.com/goreleaser/goreleaser@latest @@ -68,7 +68,7 @@ phases: # Check we've packaged something useful - - ./dist/ssosync_linux_amd64_v1/ssosync --version + - ./dist/ssosync_linux_arm64/ssosync --version artifacts: files: diff --git a/cicd/build/package/buildspec.yml b/cicd/build/package/buildspec.yml index 1d84ec55..8726bd84 100644 --- a/cicd/build/package/buildspec.yml +++ b/cicd/build/package/buildspec.yml @@ -14,10 +14,11 @@ phases: # Check that the files need to package exist - ls README.md - ls SAR.md - - ls dist/ssosync_linux_amd64_v1/ssosync + - ls dist/ssosync_linux_arm64/ssosync + - mv dist/ssosync_linux_arm64/ssosync bootstrap # Check that the executable works - - ./dist/ssosync_linux_amd64_v1/ssosync --version + - ./bootstrap --version build: commands: diff --git a/cicd/cloudformation/developer.yaml b/cicd/cloudformation/developer.yaml index 12decd86..2b046f42 100644 --- a/cicd/cloudformation/developer.yaml +++ b/cicd/cloudformation/developer.yaml @@ -335,8 +335,8 @@ Resources: BuildSpec: "cicd/build/gitvars/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/standard:7.0 - Type: LINUX_CONTAINER + Image: aws/codebuild/amazonlinux2-aarch64-standard:2.0 + Type: ARM_CONTAINER EnvironmentVariables: - Name: ARTIFACT_S3_BUCKET Value: !Sub ${ArtifactBucket} @@ -370,8 +370,8 @@ Resources: BuildSpec: "cicd/build/build/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/standard:7.0 - Type: LINUX_CONTAINER + Image: aws/codebuild/amazonlinux2-aarch64-standard:2.0 + Type: ARM_CONTAINER EnvironmentVariables: - Name: ARTIFACT_S3_BUCKET Value: !Sub ${ArtifactBucket} @@ -405,8 +405,8 @@ Resources: BuildSpec: "cicd/build/package/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/standard:7.0 - Type: LINUX_CONTAINER + Image: aws/codebuild/amazonlinux2-aarch64-standard:2.0 + Type: ARM_CONTAINER EnvironmentVariables: - Name: ARTIFACT_S3_BUCKET Value: !Sub ${ArtifactBucket} @@ -440,8 +440,8 @@ Resources: BuildSpec: "cicd/staging/build/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/standard:7.0 - Type: LINUX_CONTAINER + Image: aws/codebuild/amazonlinux2-aarch64-standard:2.0 + Type: ARM_CONTAINER EnvironmentVariables: - Name: ARTIFACT_S3_BUCKET Value: !Sub ${ArtifactBucket} @@ -473,8 +473,8 @@ Resources: BuildSpec: "tests/smoke/cli/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/standard:7.0 - Type: LINUX_CONTAINER + Image: aws/codebuild/amazonlinux2-aarch64-standard:2.0 + Type: ARM_CONTAINER Artifacts: Name: SSOSync Type: CODEPIPELINE @@ -501,8 +501,8 @@ Resources: BuildSpec: "tests/smoke/lambda/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/standard:7.0 - Type: LINUX_CONTAINER + Image: aws/codebuild/amazonlinux2-aarch64-standard:2.0 + Type: ARM_CONTAINER Artifacts: Name: SSOSync Type: CODEPIPELINE From 71ba54362a99592549c52597e3d31fa2c318438d Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Tue, 24 Oct 2023 17:20:44 +0100 Subject: [PATCH 02/19] Update buildspec.yml --- cicd/build/build/buildspec.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index a5261f36..95ed930b 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -3,7 +3,7 @@ version: 0.2 env: variables: GO111MODULE: "on" - git-credential-helper: yes + git-credential-helper: "yes" phases: install: @@ -21,7 +21,7 @@ phases: - go install github.com/stretchr/testify # Install goreleaser - - go install github.com/goreleaser/goreleaser@latest + - go get -u golang.org/x/lint/golint pre_build: commands: From dd0f19c013a5c6cb439a3f5af36b2f9a7a136733 Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Tue, 24 Oct 2023 17:27:17 +0100 Subject: [PATCH 03/19] Update buildspec.yml --- cicd/build/build/buildspec.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index 95ed930b..2156243a 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -11,9 +11,6 @@ phases: # Install go.lang - GoVersion=${GOLANG_20_VERSION} - # Install golint - - go install golang.org/x/lint/golint@latest - # Install staticcheck - go install honnef.co/go/tools/cmd/staticcheck@latest @@ -21,7 +18,7 @@ phases: - go install github.com/stretchr/testify # Install goreleaser - - go get -u golang.org/x/lint/golint + - go install github.com/goreleaser/goreleaser@latest pre_build: commands: From 0dc4087658d0d0a4f437db6d80da066b4cdf5d4c Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Tue, 24 Oct 2023 17:31:21 +0100 Subject: [PATCH 04/19] Update buildspec.yml --- cicd/build/build/buildspec.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index 2156243a..b3f81b70 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -11,14 +11,17 @@ phases: # Install go.lang - GoVersion=${GOLANG_20_VERSION} + # Install golint + - go get golang.org/x/lint/golint@latest + # Install staticcheck - - go install honnef.co/go/tools/cmd/staticcheck@latest + - go get honnef.co/go/tools/cmd/staticcheck@latest # Install Testify to use common assertions and mocks in tests - - go install github.com/stretchr/testify + - go get github.com/stretchr/testify # Install goreleaser - - go install github.com/goreleaser/goreleaser@latest + - go get github.com/goreleaser/goreleaser@latest pre_build: commands: From cb9d94b7d84413836921b178b390f5e455497df3 Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Tue, 24 Oct 2023 17:39:09 +0100 Subject: [PATCH 05/19] Update buildspec.yml --- cicd/build/build/buildspec.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index b3f81b70..f3c97a63 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -9,7 +9,9 @@ phases: install: commands: # Install go.lang - - GoVersion=${GOLANG_20_VERSION} + - 'goenv install 1.20' + - 'goenv local 1.20' + - 'go version' # Install golint - go get golang.org/x/lint/golint@latest From 21c941dd53cb5681b733040de1f141375ee924a1 Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Tue, 24 Oct 2023 17:41:01 +0100 Subject: [PATCH 06/19] Update buildspec.yml --- cicd/build/build/buildspec.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index f3c97a63..c0869ee9 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -4,15 +4,15 @@ env: variables: GO111MODULE: "on" git-credential-helper: "yes" + TARGET_GOENV_VERSION: "1.20.3" phases: install: - commands: - # Install go.lang - - 'goenv install 1.20' - - 'goenv local 1.20' - - 'go version' + runtime-versions: + golang: latest + on-failure: ABORT + commands: # Install golint - go get golang.org/x/lint/golint@latest From 338b61f5906d9ccb87c955812aad4795bdd331ac Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Tue, 24 Oct 2023 17:45:14 +0100 Subject: [PATCH 07/19] Update buildspec.yml --- cicd/build/build/buildspec.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index c0869ee9..7ee97078 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -4,12 +4,11 @@ env: variables: GO111MODULE: "on" git-credential-helper: "yes" - TARGET_GOENV_VERSION: "1.20.3" phases: install: runtime-versions: - golang: latest + golang: 1.20.3 on-failure: ABORT commands: From 7b87d0fa502851cbbab29563e192607e5cf354e2 Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Tue, 24 Oct 2023 20:29:53 +0100 Subject: [PATCH 08/19] update codebuild image and fix golang version. --- cicd/build/build/buildspec.yml | 2 +- cicd/cloudformation/developer.yaml | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index 7ee97078..2bdcce51 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -8,7 +8,7 @@ env: phases: install: runtime-versions: - golang: 1.20.3 + golang: 1.20 on-failure: ABORT commands: diff --git a/cicd/cloudformation/developer.yaml b/cicd/cloudformation/developer.yaml index 2b046f42..a682b55d 100644 --- a/cicd/cloudformation/developer.yaml +++ b/cicd/cloudformation/developer.yaml @@ -335,7 +335,7 @@ Resources: BuildSpec: "cicd/build/gitvars/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/amazonlinux2-aarch64-standard:2.0 + Image: aws/codebuild/amazonlinux2-aarch64-standard:3.0 Type: ARM_CONTAINER EnvironmentVariables: - Name: ARTIFACT_S3_BUCKET @@ -370,7 +370,7 @@ Resources: BuildSpec: "cicd/build/build/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/amazonlinux2-aarch64-standard:2.0 + Image: aws/codebuild/amazonlinux2-aarch64-standard:3.0 Type: ARM_CONTAINER EnvironmentVariables: - Name: ARTIFACT_S3_BUCKET @@ -405,7 +405,7 @@ Resources: BuildSpec: "cicd/build/package/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/amazonlinux2-aarch64-standard:2.0 + Image: aws/codebuild/amazonlinux2-aarch64-standard:3.0 Type: ARM_CONTAINER EnvironmentVariables: - Name: ARTIFACT_S3_BUCKET @@ -440,7 +440,7 @@ Resources: BuildSpec: "cicd/staging/build/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/amazonlinux2-aarch64-standard:2.0 + Image: aws/codebuild/amazonlinux2-aarch64-standard:3.0 Type: ARM_CONTAINER EnvironmentVariables: - Name: ARTIFACT_S3_BUCKET @@ -473,7 +473,7 @@ Resources: BuildSpec: "tests/smoke/cli/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/amazonlinux2-aarch64-standard:2.0 + Image: aws/codebuild/amazonlinux2-aarch64-standard:3.0 Type: ARM_CONTAINER Artifacts: Name: SSOSync @@ -501,7 +501,7 @@ Resources: BuildSpec: "tests/smoke/lambda/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/amazonlinux2-aarch64-standard:2.0 + Image: aws/codebuild/amazonlinux2-aarch64-standard:3.0 Type: ARM_CONTAINER Artifacts: Name: SSOSync From 64a25b241d65941b9fd213a690cd19e3a1293501 Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Wed, 25 Oct 2023 09:47:32 +0100 Subject: [PATCH 09/19] Switching back to amd64 images for codebuild --- cicd/build/build/buildspec.yml | 16 ++++++++++++---- cicd/build/package/buildspec.yml | 4 ++-- cicd/cloudformation/developer.yaml | 24 ++++++++++++------------ template.yaml | 2 +- 4 files changed, 27 insertions(+), 19 deletions(-) diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index 2bdcce51..cb18dccf 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -7,11 +7,19 @@ env: phases: install: - runtime-versions: - golang: 1.20 + + + runtime-versions: + golang: latest on-failure: ABORT commands: + # We want to target a very specific golang version which might already be available from the goenv repo. + - goenv install -l | grep ${TARGET_GOENV_VERSION} || cp ${CODEBUILD_SRC_DIR}/.goenv/${TARGET_GOENV_VERSION} ${HOME}/.goenv/plugins/go-build/share/go-build/${TARGET_GOENV_VERSION} + - goenv install -s ${TARGET_GOENV_VERSION} + - goenv global ${TARGET_GOENV_VERSION} + - go version + # Install golint - go get golang.org/x/lint/golint@latest @@ -65,11 +73,11 @@ phases: - patch .goreleaser.yml cicd/build/build/goreleaser.patch # Make main but only for the lambda (linux amd64) - - goreleaser build --snapshot --rm-dist --single-target + - goreleaser build --snapshot --rm-dist # Check we've packaged something useful - - ./dist/ssosync_linux_arm64/ssosync --version + - ./dist/ssosync_linux_amd64_v1/ssosync --version artifacts: files: diff --git a/cicd/build/package/buildspec.yml b/cicd/build/package/buildspec.yml index 8726bd84..5248af92 100644 --- a/cicd/build/package/buildspec.yml +++ b/cicd/build/package/buildspec.yml @@ -15,10 +15,10 @@ phases: - ls README.md - ls SAR.md - ls dist/ssosync_linux_arm64/ssosync - - mv dist/ssosync_linux_arm64/ssosync bootstrap + - ls dist/ssosync_linux_amd64_v1/ssosync # Check that the executable works - - ./bootstrap --version + - ./dist/ssosync_linux_amd64_v1/ssosync --version build: commands: diff --git a/cicd/cloudformation/developer.yaml b/cicd/cloudformation/developer.yaml index a682b55d..12decd86 100644 --- a/cicd/cloudformation/developer.yaml +++ b/cicd/cloudformation/developer.yaml @@ -335,8 +335,8 @@ Resources: BuildSpec: "cicd/build/gitvars/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/amazonlinux2-aarch64-standard:3.0 - Type: ARM_CONTAINER + Image: aws/codebuild/standard:7.0 + Type: LINUX_CONTAINER EnvironmentVariables: - Name: ARTIFACT_S3_BUCKET Value: !Sub ${ArtifactBucket} @@ -370,8 +370,8 @@ Resources: BuildSpec: "cicd/build/build/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/amazonlinux2-aarch64-standard:3.0 - Type: ARM_CONTAINER + Image: aws/codebuild/standard:7.0 + Type: LINUX_CONTAINER EnvironmentVariables: - Name: ARTIFACT_S3_BUCKET Value: !Sub ${ArtifactBucket} @@ -405,8 +405,8 @@ Resources: BuildSpec: "cicd/build/package/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/amazonlinux2-aarch64-standard:3.0 - Type: ARM_CONTAINER + Image: aws/codebuild/standard:7.0 + Type: LINUX_CONTAINER EnvironmentVariables: - Name: ARTIFACT_S3_BUCKET Value: !Sub ${ArtifactBucket} @@ -440,8 +440,8 @@ Resources: BuildSpec: "cicd/staging/build/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/amazonlinux2-aarch64-standard:3.0 - Type: ARM_CONTAINER + Image: aws/codebuild/standard:7.0 + Type: LINUX_CONTAINER EnvironmentVariables: - Name: ARTIFACT_S3_BUCKET Value: !Sub ${ArtifactBucket} @@ -473,8 +473,8 @@ Resources: BuildSpec: "tests/smoke/cli/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/amazonlinux2-aarch64-standard:3.0 - Type: ARM_CONTAINER + Image: aws/codebuild/standard:7.0 + Type: LINUX_CONTAINER Artifacts: Name: SSOSync Type: CODEPIPELINE @@ -501,8 +501,8 @@ Resources: BuildSpec: "tests/smoke/lambda/buildspec.yml" Environment: ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/amazonlinux2-aarch64-standard:3.0 - Type: ARM_CONTAINER + Image: aws/codebuild/standard:7.0 + Type: LINUX_CONTAINER Artifacts: Name: SSOSync Type: CODEPIPELINE diff --git a/template.yaml b/template.yaml index fe8b55e9..0c2666da 100644 --- a/template.yaml +++ b/template.yaml @@ -130,7 +130,7 @@ Resources: Type: AWS::Serverless::Function Properties: Runtime: provided.al2 - Handler: bootstrap + Handler: dist/ssosync_linux_arm64/ssosync Architectures: - arm64 Timeout: 300 From da30515cc7465d8b98e01b7758419588760f2862 Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Wed, 25 Oct 2023 10:46:16 +0100 Subject: [PATCH 10/19] Update buildspec.yml --- cicd/build/build/buildspec.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index cb18dccf..782caa8e 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -7,9 +7,7 @@ env: phases: install: - - - runtime-versions: + runtime-versions: golang: latest on-failure: ABORT From 323eaf633a4cc0cce4766c84e56586d448490d19 Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Wed, 25 Oct 2023 10:55:37 +0100 Subject: [PATCH 11/19] Update buildspec.yml --- cicd/build/build/buildspec.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index 782caa8e..6203778e 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -4,6 +4,7 @@ env: variables: GO111MODULE: "on" git-credential-helper: "yes" + TARGET_GOENV_VERSION: "1.20.3" phases: install: From b3a4c8cb172423f49e4dbf8597fdc10a6ba5a88f Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Wed, 25 Oct 2023 11:09:20 +0100 Subject: [PATCH 12/19] Update buildspec.yml --- cicd/build/build/buildspec.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index 6203778e..2368f801 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -3,7 +3,7 @@ version: 0.2 env: variables: GO111MODULE: "on" - git-credential-helper: "yes" + git-credential-helper: yes TARGET_GOENV_VERSION: "1.20.3" phases: @@ -20,16 +20,16 @@ phases: - go version # Install golint - - go get golang.org/x/lint/golint@latest + - go install golang.org/x/lint/golint@latest # Install staticcheck - - go get honnef.co/go/tools/cmd/staticcheck@latest + - go install honnef.co/go/tools/cmd/staticcheck@latest # Install Testify to use common assertions and mocks in tests - - go get github.com/stretchr/testify + - go get -u github.com/stretchr/testify # Install goreleaser - - go get github.com/goreleaser/goreleaser@latest + - go install github.com/goreleaser/goreleaser@latest pre_build: commands: From 627c24ce915a2e68ece023601093782b3fb0d75f Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Wed, 25 Oct 2023 11:49:56 +0100 Subject: [PATCH 13/19] Updates to CICD for arm64 --- cicd/build/build/buildspec.yml | 74 +++++++++++++++++++++++++++++++ cicd/build/build/goreleaser.patch | 23 +++++++--- cicd/build/package/release.patch | 30 ++++++++----- cicd/build/package/staging.patch | 39 ++++++++-------- 4 files changed, 133 insertions(+), 33 deletions(-) diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index 2368f801..50e39724 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -1,6 +1,80 @@ version: 0.2 env: + variables: + GO111MODULE: "on" + git-credential-helper: yes + +phases: + install: + commands: + # Install go.lang + - GoVersion=${GOLANG_20_VERSION} + + # Install golint + - go install golang.org/x/lint/golint@latest + + # Install staticcheck + - go install honnef.co/go/tools/cmd/staticcheck@latest + + # Install Testify to use common assertions and mocks in tests + - go get -u github.com/stretchr/testify + + # Install goreleaser + - go install github.com/goreleaser/goreleaser@latest + + pre_build: + commands: + # Print all environment variables (handy for AWS CodeBuild logs) + - env + + # Fetch all dependencies + # - go env -w GOPROXY=direct + - go get ./... + + # Run staticcheck + - staticcheck ./... + + # Ensure code passes all lint tests + #- golint -set_exit_status ./... + + # Check the Go code for common problems with 'go vet' + - go vet ./... + + # Run all tests included with our application + - go test ./... + + build: + commands: + # Make clean + - rm -f main packaged.yaml + + # Make go-build + - go build -o ${APP_NAME} main.go + + # Does it exist? + - ls ${APP_NAME} + + # Does it run? + - ./${APP_NAME} --version + + post_build: + commands: + # Tweak the .goreleaser.yml so it uses the vairables from .Env + - patch .goreleaser.yml cicd/build/build/goreleaser.patch + + # Make main + - goreleaser build --snapshot --rm-dist + + + # Check we've packaged something useful + - ./dist/ssosync_linux_amd64_v1/ssosync --version + +artifacts: + files: + - ${APP_NAME} + - dist/**/* + variables: GO111MODULE: "on" git-credential-helper: yes diff --git a/cicd/build/build/goreleaser.patch b/cicd/build/build/goreleaser.patch index 95cda888..c2309183 100644 --- a/cicd/build/build/goreleaser.patch +++ b/cicd/build/build/goreleaser.patch @@ -1,8 +1,21 @@ ---- .goreleaser.yml 2022-06-15 08:38:24.000000000 +0100 -+++ .goreleaser-codebuild.yml 2022-06-21 12:33:43.000000000 +0100 -@@ -22,7 +22,7 @@ - - goos: windows - goarch: 386 +--- .goreleaser.yml.default 2023-10-25 11:30:58 ++++ .goreleaser.yml 2023-10-25 11:32:18 +@@ -9,20 +9,11 @@ + - CGO_ENABLED=0 + goos: + - linux +- - darwin +- - windows + goarch: +- - 386 + - amd64 +- - arm + - arm64 +- ignore: +- - goos: darwin +- goarch: 386 +- - goos: windows +- goarch: 386 ldflags: - - -s -w -X github.com/awslabs/ssosync/cmd.version={{.Version}} -X github.com/awslabs/ssosync/cmd.commit={{.Commit}} -X github.com/awslabs/ssosync/cmd.date={{.Date}} -X github.com/awslabs/ssosync/cmd.builtBy=goreleaser + - -s -w -X github.com/awslabs/ssosync/cmd.version={{.Env.GitTag}} -X github.com/awslabs/ssosync/cmd.commit={{.Env.GitCommit}} -X github.com/awslabs/ssosync/cmd.date={{.Date}} -X github.com/awslabs/ssosync/cmd.builtBy=goreleaser -X github.com/awslabs/ssosync/cmd.goversion={{.Env.GoVersion}} diff --git a/cicd/build/package/release.patch b/cicd/build/package/release.patch index 71e955a0..da29372c 100644 --- a/cicd/build/package/release.patch +++ b/cicd/build/package/release.patch @@ -1,5 +1,5 @@ ---- template.yaml 2022-11-29 16:56:21.000000000 +0000 -+++ release.yaml 2022-11-29 17:11:58.000000000 +0000 +--- template.yaml 2023-10-25 09:44:33 ++++ release.yaml 2023-10-25 11:45:45 @@ -27,7 +27,7 @@ - IncludeGroups @@ -9,29 +9,30 @@ Description: Helping you populate AWS SSO directly with your Google Apps users. Author: Sebastian Doell SpdxLicenseId: Apache-2.0 -@@ -107,7 +107,7 @@ - Ignore these Google Workspace users +@@ -111,7 +111,7 @@ + Default: 'none' IncludeGroups: Type: String - Description: | + Description: | Include only these Google Workspace groups. (Only applicable for SyncMethod user_groups) + Default: '*' SyncMethod: - Type: String -@@ -116,9 +116,9 @@ +@@ -121,10 +121,10 @@ AllowedValues: - groups - users_groups -- -- -- + + + +- +- +- Resources: SSOSyncFunction: -@@ -156,8 +156,6 @@ + Type: AWS::Serverless::Function +@@ -163,8 +163,6 @@ - !Ref AWSSCIMAccessTokenSecret - !Ref AWSRegionSecret - !Ref AWSIdentityStoreIDSecret @@ -40,3 +41,12 @@ - Sid: IdentityStoreAccesPolicy Effect: Allow Action: +@@ -187,8 +185,6 @@ + Properties: + Enabled: true + Schedule: !Ref ScheduleExpression +- Metadata: +- BuildMethod: makefile + + AWSGoogleCredentialsSecret: + Type: "AWS::SecretsManager::Secret" diff --git a/cicd/build/package/staging.patch b/cicd/build/package/staging.patch index a0b477ec..81ec11a9 100644 --- a/cicd/build/package/staging.patch +++ b/cicd/build/package/staging.patch @@ -1,5 +1,5 @@ ---- template.yaml 2022-11-29 16:56:21.000000000 +0000 -+++ staging.yaml 2022-11-29 17:10:47.000000000 +0000 +--- template.yaml 2023-10-25 09:44:33 ++++ staging.yaml 2023-10-25 11:46:12 @@ -27,7 +27,7 @@ - IncludeGroups @@ -9,35 +9,35 @@ Description: Helping you populate AWS SSO directly with your Google Apps users. Author: Sebastian Doell SpdxLicenseId: Apache-2.0 -@@ -107,7 +107,7 @@ - Ignore these Google Workspace users +@@ -111,7 +111,7 @@ + Default: 'none' IncludeGroups: Type: String - Description: | + Description: | Include only these Google Workspace groups. (Only applicable for SyncMethod user_groups) + Default: '*' SyncMethod: - Type: String -@@ -116,14 +116,15 @@ +@@ -121,14 +121,15 @@ AllowedValues: - groups - users_groups -- -- -- + + + +- +- +- Resources: SSOSyncFunction: Type: AWS::Serverless::Function Properties: + FunctionName: SSOSyncFunction - Runtime: go1.x - Handler: dist/ssosync_linux_amd64_v1/ssosync - Timeout: 300 -@@ -156,8 +157,6 @@ + Runtime: provided.al2 + Handler: dist/ssosync_linux_arm64/ssosync + Architectures: +@@ -163,8 +164,6 @@ - !Ref AWSSCIMAccessTokenSecret - !Ref AWSRegionSecret - !Ref AWSIdentityStoreIDSecret @@ -46,8 +46,8 @@ - Sid: IdentityStoreAccesPolicy Effect: Allow Action: -@@ -172,13 +171,13 @@ - - "identitystore:DeleteGroupMembership" +@@ -180,16 +179,14 @@ + - "identitystore:DeleteGroup" Resource: - "*" - Events: @@ -57,17 +57,20 @@ - Properties: - Enabled: true - Schedule: !Ref ScheduleExpression -+ +- Metadata: +- BuildMethod: makefile + + - Sid: CodePipelinePolicy + Effect: Allow + Action: + - codepipeline:PutJobSuccessResult + - codepipeline:PutJobFailureResult + Resource: "*" - ++ AWSGoogleCredentialsSecret: Type: "AWS::SecretsManager::Secret" -@@ -215,3 +214,10 @@ + Properties: +@@ -225,3 +222,10 @@ Properties: Name: SSOSyncIdentityStoreID SecretString: !Ref IdentityStoreID From 0542ed49f91232daa977dc858ebb4b702f0f2f43 Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Wed, 25 Oct 2023 12:30:09 +0100 Subject: [PATCH 14/19] Update buildspec.yml --- cicd/staging/build/buildspec.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/cicd/staging/build/buildspec.yml b/cicd/staging/build/buildspec.yml index 8e9815de..0a61c6d9 100644 --- a/cicd/staging/build/buildspec.yml +++ b/cicd/staging/build/buildspec.yml @@ -48,6 +48,7 @@ phases: # Copy in the stack and params templates - mkdir deploy - cp cicd/staging/build/stack.yml ./deploy/ + - cp cicd/staging/build/params.json ./deploy/ # Update params with the values for this run for the management - | From fce63c48043fea4e2216bed81861f9d3cc7cb37c Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Wed, 25 Oct 2023 14:25:32 +0100 Subject: [PATCH 15/19] updates for the developer pipeline --- cicd/cloudformation/developer.yaml | 2 +- cicd/staging/build/buildspec.yml | 13 ++++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/cicd/cloudformation/developer.yaml b/cicd/cloudformation/developer.yaml index 12decd86..fadc10f6 100644 --- a/cicd/cloudformation/developer.yaml +++ b/cicd/cloudformation/developer.yaml @@ -260,7 +260,7 @@ Resources: Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND StackName: SmokeTest RoleArn: !GetAtt [CloudFormationDeployerRole, Arn] - TemplateConfiguration: !Sub 'Tests::deploy/params.json' + TemplateConfiguration: !Sub 'Tests::deploy/developer.json' TemplatePath: !Sub 'Tests::deploy/stack.yml' InputArtifacts: - Name: Tests diff --git a/cicd/staging/build/buildspec.yml b/cicd/staging/build/buildspec.yml index 0a61c6d9..600afef8 100644 --- a/cicd/staging/build/buildspec.yml +++ b/cicd/staging/build/buildspec.yml @@ -40,7 +40,7 @@ phases: post_build: commands: # Copy in the executable - - cp ${CODEBUILD_SRC_DIR_Built}/dist/ssosync_linux_amd64_v1/ssosync ./ + - cp ${CODEBUILD_SRC_DIR_Built}/dist/ssosync_linux_arm64/ssosync ./ # Copy in the tests - cp -r cicd/tests ./ @@ -48,9 +48,16 @@ phases: # Copy in the stack and params templates - mkdir deploy - cp cicd/staging/build/stack.yml ./deploy/ - - cp cicd/staging/build/params.json ./deploy/ - # Update params with the values for this run for the management + # Update params with the values for this run for a developer account + - | + jq -n \ + --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GroupMatch\": \"name:Man*\"}" \ + --argjson StackPolicy "{\"Statement\":[{\"Effect\": \"Allow\", \"NotAction\": \"Update:Delete\", \"Principal\": \"*\", \"Resource\": \"*\"}]}" \ + '$ARGS.named' > ./deploy/developer.json + - cat ./deploy/developer.json + + # Update params with the values for this run for the management account - | jq -n \ --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GroupMatch\": \"name:Man*\"}" \ From 038c4d85f123c96ff9b1c51518f56f5000eb4979 Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Wed, 25 Oct 2023 15:26:48 +0100 Subject: [PATCH 16/19] Adjust for testing --- cicd/build/build/buildspec.yml | 83 +------------------------------- cicd/staging/build/buildspec.yml | 2 +- 2 files changed, 2 insertions(+), 83 deletions(-) diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index 50e39724..e7600eac 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -64,7 +64,7 @@ phases: - patch .goreleaser.yml cicd/build/build/goreleaser.patch # Make main - - goreleaser build --snapshot --rm-dist + - goreleaser build --snapshot --clean # Check we've packaged something useful @@ -75,84 +75,3 @@ artifacts: - ${APP_NAME} - dist/**/* - variables: - GO111MODULE: "on" - git-credential-helper: yes - TARGET_GOENV_VERSION: "1.20.3" - -phases: - install: - runtime-versions: - golang: latest - on-failure: ABORT - - commands: - # We want to target a very specific golang version which might already be available from the goenv repo. - - goenv install -l | grep ${TARGET_GOENV_VERSION} || cp ${CODEBUILD_SRC_DIR}/.goenv/${TARGET_GOENV_VERSION} ${HOME}/.goenv/plugins/go-build/share/go-build/${TARGET_GOENV_VERSION} - - goenv install -s ${TARGET_GOENV_VERSION} - - goenv global ${TARGET_GOENV_VERSION} - - go version - - # Install golint - - go install golang.org/x/lint/golint@latest - - # Install staticcheck - - go install honnef.co/go/tools/cmd/staticcheck@latest - - # Install Testify to use common assertions and mocks in tests - - go get -u github.com/stretchr/testify - - # Install goreleaser - - go install github.com/goreleaser/goreleaser@latest - - pre_build: - commands: - # Print all environment variables (handy for AWS CodeBuild logs) - - env - - # Fetch all dependencies - # - go env -w GOPROXY=direct - - go get ./... - - # Run staticcheck - - staticcheck ./... - - # Ensure code passes all lint tests - #- golint -set_exit_status ./... - - # Check the Go code for common problems with 'go vet' - - go vet ./... - - # Run all tests included with our application - - go test ./... - - build: - commands: - # Make clean - - rm -f main packaged.yaml - - # Make go-build - - go build -o ${APP_NAME} main.go - - # Does it exist? - - ls ${APP_NAME} - - # Does it run? - - ./${APP_NAME} --version - - post_build: - commands: - # Tweak the .goreleaser.yml so it uses the vairables from .Env - - patch .goreleaser.yml cicd/build/build/goreleaser.patch - - # Make main but only for the lambda (linux amd64) - - goreleaser build --snapshot --rm-dist - - - # Check we've packaged something useful - - ./dist/ssosync_linux_amd64_v1/ssosync --version - -artifacts: - files: - - ${APP_NAME} - - dist/**/* diff --git a/cicd/staging/build/buildspec.yml b/cicd/staging/build/buildspec.yml index 600afef8..4ba5052b 100644 --- a/cicd/staging/build/buildspec.yml +++ b/cicd/staging/build/buildspec.yml @@ -52,7 +52,7 @@ phases: # Update params with the values for this run for a developer account - | jq -n \ - --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GroupMatch\": \"name:Man*\"}" \ + --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GroupMatch\": \"name:AWS*\"}" \ --argjson StackPolicy "{\"Statement\":[{\"Effect\": \"Allow\", \"NotAction\": \"Update:Delete\", \"Principal\": \"*\", \"Resource\": \"*\"}]}" \ '$ARGS.named' > ./deploy/developer.json - cat ./deploy/developer.json From 95c1fec3b59c77de3c829fb25f0d3ea7d47b813a Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Wed, 25 Oct 2023 16:05:18 +0100 Subject: [PATCH 17/19] Switching to bootstrap --- .gitignore | 1 + Makefile | 4 ---- cicd/build/package/buildspec.yml | 1 + cicd/build/package/release.patch | 11 +++++++++-- cicd/build/package/staging.patch | 9 ++++++--- 5 files changed, 17 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index bab55fd4..5264af69 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,4 @@ ssosync # Noise from os/editors .DS_Store *.swp +*/.DS_Store diff --git a/Makefile b/Makefile index 7ccd9b80..ab7b3c96 100644 --- a/Makefile +++ b/Makefile @@ -16,10 +16,6 @@ test: go-build: go build -o $(APP_NAME) main.go -build-SSOSyncFunction: - GOOS=linux GOARCH=arm64 go build -o bootstrap main.go - cp ./bootstrap $(ARTIFACTS_DIR)/. - .PHONY: clean clean: rm -f $(OUTPUT) $(PACKAGED_TEMPLATE) diff --git a/cicd/build/package/buildspec.yml b/cicd/build/package/buildspec.yml index 5248af92..15bd40ed 100644 --- a/cicd/build/package/buildspec.yml +++ b/cicd/build/package/buildspec.yml @@ -19,6 +19,7 @@ phases: # Check that the executable works - ./dist/ssosync_linux_amd64_v1/ssosync --version + - mv dist/ssosync_linux_arm64/ssosync bootstrap build: commands: diff --git a/cicd/build/package/release.patch b/cicd/build/package/release.patch index da29372c..cdf2d115 100644 --- a/cicd/build/package/release.patch +++ b/cicd/build/package/release.patch @@ -1,5 +1,5 @@ --- template.yaml 2023-10-25 09:44:33 -+++ release.yaml 2023-10-25 11:45:45 ++++ release.yaml 2023-10-25 16:02:21 @@ -27,7 +27,7 @@ - IncludeGroups @@ -18,7 +18,7 @@ Include only these Google Workspace groups. (Only applicable for SyncMethod user_groups) Default: '*' SyncMethod: -@@ -121,10 +121,10 @@ +@@ -121,16 +121,16 @@ AllowedValues: - groups - users_groups @@ -32,6 +32,13 @@ Resources: SSOSyncFunction: Type: AWS::Serverless::Function + Properties: + Runtime: provided.al2 +- Handler: dist/ssosync_linux_arm64/ssosync ++ Handler: bootstrap + Architectures: + - arm64 + Timeout: 300 @@ -163,8 +163,6 @@ - !Ref AWSSCIMAccessTokenSecret - !Ref AWSRegionSecret diff --git a/cicd/build/package/staging.patch b/cicd/build/package/staging.patch index 81ec11a9..fd94a84f 100644 --- a/cicd/build/package/staging.patch +++ b/cicd/build/package/staging.patch @@ -1,5 +1,5 @@ --- template.yaml 2023-10-25 09:44:33 -+++ staging.yaml 2023-10-25 11:46:12 ++++ staging.yaml 2023-10-25 16:02:07 @@ -27,7 +27,7 @@ - IncludeGroups @@ -18,7 +18,7 @@ Include only these Google Workspace groups. (Only applicable for SyncMethod user_groups) Default: '*' SyncMethod: -@@ -121,14 +121,15 @@ +@@ -121,16 +121,17 @@ AllowedValues: - groups - users_groups @@ -35,8 +35,11 @@ Properties: + FunctionName: SSOSyncFunction Runtime: provided.al2 - Handler: dist/ssosync_linux_arm64/ssosync +- Handler: dist/ssosync_linux_arm64/ssosync ++ Handler: bootstrap Architectures: + - arm64 + Timeout: 300 @@ -163,8 +164,6 @@ - !Ref AWSSCIMAccessTokenSecret - !Ref AWSRegionSecret From 09acff4c6300b3ddd73b66442c1662a6876c4c8a Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Wed, 25 Oct 2023 16:21:56 +0100 Subject: [PATCH 18/19] Update buildspec.yml --- cicd/staging/build/buildspec.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cicd/staging/build/buildspec.yml b/cicd/staging/build/buildspec.yml index 4ba5052b..f06836e8 100644 --- a/cicd/staging/build/buildspec.yml +++ b/cicd/staging/build/buildspec.yml @@ -40,7 +40,7 @@ phases: post_build: commands: # Copy in the executable - - cp ${CODEBUILD_SRC_DIR_Built}/dist/ssosync_linux_arm64/ssosync ./ + - cp ${CODEBUILD_SRC_DIR_Built}/dist/ssosync_linux_amd64_v1/ssosync ./ # Copy in the tests - cp -r cicd/tests ./ From c1d41c0d12a9f0d461f46b858a4db1e49b9a8434 Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Wed, 25 Oct 2023 18:24:20 +0100 Subject: [PATCH 19/19] Update Makefile --- Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Makefile b/Makefile index ab7b3c96..f2011d14 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,10 @@ go-build: clean: rm -f $(OUTPUT) $(PACKAGED_TEMPLATE) +build-SSOSyncFunction: + GOOS=linux GOARCH=arm64 go build -o bootstrap main.go + cp ./bootstrap $(ARTIFACTS_DIR)/. + .PHONY: install install: go get ./...