Skip to content

Commit

Permalink
published
Browse files Browse the repository at this point in the history
  • Loading branch information
@ShakedYosef
ShakedYosef committed Jan 3, 2022
0 parents commit fd04f3c
Show file tree
Hide file tree
Showing 34 changed files with 1,794 additions and 0 deletions.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# terraform-aws-git-flow-ecs
.
11 changes: 11 additions & 0 deletions data.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
data "aws_caller_identity" "current" {}

data "aws_region" "current" {}

data "aws_ssm_parameter" "ado_password" {
name = "/app/ado_password"
}

data "aws_ssm_parameter" "ado_user" {
name = "/app/ado_user"
}
148 changes: 148 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,148 @@
locals {
image_uri = "${var.ecr_repo_url}:latest"
}

module "source" {
source = "./modules/source"
env_name = var.env_name
app_name = var.app_name
trigger_branch = var.trigger_branch
pipeline_type = var.pipeline_type
source_repository = var.source_repository
#file_path_regex = "^((?!terraform).)*$"
file_path_regex = "/service*/gm"
}

module "ci-code-pipeline" {
source = "./modules/ci-codepipeline"
env_name = var.env_name
app_name = var.app_name
pipeline_type = var.pipeline_type
source_repository = var.source_repository
s3_bucket = aws_s3_bucket.codepipeline_bucket.bucket
build_codebuild_projects = [module.build[0].attributes.name]
post_codebuild_projects = [module.post.attributes.name]
code_deploy_applications = [module.code-deploy.attributes.name]
depends_on = [
aws_s3_bucket.codepipeline_bucket,
module.build,
module.code-deploy,
module.post
]
count = var.pipeline_type == "ci" ? 1 : 0
}


module "cd-code-pipeline" {
source = "./modules/cd-codepipeline"
env_name = var.env_name
app_name = var.app_name
pipeline_type = var.pipeline_type
source_repository = var.source_repository
pre_codebuild_projects = [module.pre.attributes.name]
post_codebuild_projects = [module.post.attributes.name]
s3_bucket = aws_s3_bucket.codepipeline_bucket.bucket
code_deploy_applications = [module.code-deploy.attributes.name]
depends_on = [
aws_s3_bucket.codepipeline_bucket,
module.code-deploy
]
count = var.pipeline_type == "cd" ? 1 : 0
}

module "build" {
source = "./modules/build"
env_name = var.env_name
codebuild_name = "build-${var.app_name}"
source_repository = var.source_repository
s3_bucket = aws_s3_bucket.codepipeline_bucket.bucket
privileged_mode = true
environment_variables_parameter_store = var.environment_variables_parameter_store
environment_variables = merge(var.environment_variables, { APPSPEC = templatefile("${path.module}/templates/appspec.json.tpl", { yoyo = "yo" }) }) //TODO: try to replace with file
buildspec_file = templatefile("buildspec.yml.tpl",
{ IMAGE_URI = local.image_uri,
DOCKERFILE_PATH = var.dockerfile_path,
ECR_REPO_URL = var.ecr_repo_url,
ECR_REPO_NAME = var.ecr_repo_name,
TASK_DEF_NAME = var.task_def_name,
ADO_USER = data.aws_ssm_parameter.ado_user.value,
ADO_PASSWORD = data.aws_ssm_parameter.ado_password.value })

depends_on = [
aws_s3_bucket.codepipeline_bucket,
]
count = var.pipeline_type == "ci" ? 1 : 0
}


module "code-deploy" {
source = "./modules/codedeploy"
env_name = var.env_name
pipeline_type = var.pipeline_type
s3_bucket = aws_s3_bucket.codepipeline_bucket.bucket
ecs_service_name = var.ecs_service_name
ecs_cluster_name = var.ecs_cluster_name
alb_listener_arn = var.alb_listener_arn
alb_tg_blue_name = var.alb_tg_blue_name
alb_tg_green_name = var.alb_tg_green_name
ecs_iam_roles_arns = var.ecs_iam_roles_arns

depends_on = [
aws_s3_bucket.codepipeline_bucket
]
}

module "pre" {
source = "./modules/pre"
env_name = var.env_name
codebuild_name = "pre-${var.app_name}"
source_repository = var.source_repository
s3_bucket = aws_s3_bucket.codepipeline_bucket.bucket
privileged_mode = true
environment_variables_parameter_store = var.environment_variables_parameter_store
environment_variables = merge(var.environment_variables, { APPSPEC = templatefile("${path.module}/templates/appspec.json.tpl", { yoyo = "yo" }) }) //TODO: try to replace with file
buildspec_file = templatefile("${path.module}/templates/pre_buildspec.yml.tpl",
{ ENV = var.env_name,
ECR_REPO_URL = var.ecr_repo_url,
ECR_REPO_NAME = var.ecr_repo_name,
TASK_DEF_NAME = var.task_def_name
})

depends_on = [
aws_s3_bucket.codepipeline_bucket,
]
}

module "post" {
source = "./modules/post"
env_name = var.env_name
codebuild_name = "post-${var.app_name}"
source_repository = var.source_repository
s3_bucket = aws_s3_bucket.codepipeline_bucket.bucket
privileged_mode = true
environment_variables_parameter_store = var.environment_variables_parameter_store
buildspec_file = templatefile("${path.module}/templates/post_buildspec.yml.tpl",
{ NEXT_ENV = var.next_env,
ECR_REPO_URL = var.ecr_repo_url,
ECR_REPO_NAME = var.ecr_repo_name,
ENV_NAME = var.env_name,
APP_NAME = var.app_name,
UPDATE_BITBUCKET = templatefile("${path.module}/templates/update_bitbucket.sh.tpl", { APP_NAME = var.app_name })
})

depends_on = [
aws_s3_bucket.codepipeline_bucket,
]
}


resource "aws_s3_bucket" "codepipeline_bucket" {
bucket = "s3-codepipeline-${var.app_name}-${var.env_name}"
acl = "private"
force_destroy = true
tags = tomap({
UseWithCodeDeploy = true
created_by = "terraform"
})
}

44 changes: 44 additions & 0 deletions modules/build/data.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
data "aws_s3_bucket" "codepipeline_bucket" {
bucket = var.s3_bucket
}

data "aws_iam_policy_document" "codebuild_assume_role_policy" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["codebuild.amazonaws.com"]
}
}
}

data "aws_iam_policy_document" "codebuild_role_policy" {
statement {
actions = [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketVersioning",
"s3:PutObjectAcl",
"s3:PutObject"
]
resources = [
"${data.aws_s3_bucket.codepipeline_bucket.arn}",
"${data.aws_s3_bucket.codepipeline_bucket.arn}/*"
]
}
statement {
actions = [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ecr:*",
"ssm:*",
"ecs:DescribeTaskDefinition",
"cloudformation:*",
"s3:*",
"apigateway:*",
"lambda:*"
]
resources = ["*"]
}
}
83 changes: 83 additions & 0 deletions modules/build/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
locals{
codebuild_name = "codebuild-${var.codebuild_name}-${var.env_name}"
}


resource "aws_codebuild_project" "codebuild" {
name = "${local.codebuild_name}"
description = "Build spec for ${local.codebuild_name}"
build_timeout = "120"
service_role = aws_iam_role.codebuild_role.arn

artifacts {
packaging = "NONE"
override_artifact_name = false
type = "CODEPIPELINE"
}

environment {
compute_type = "BUILD_GENERAL1_SMALL"
image = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
type = "LINUX_CONTAINER"
image_pull_credentials_type = "CODEBUILD"

dynamic "environment_variable" {
for_each = var.environment_variables

content {
name = environment_variable.key
value = environment_variable.value
}

}
dynamic "environment_variable" {
for_each = var.environment_variables_parameter_store

content {
name = environment_variable.key
value = environment_variable.value
type = "PARAMETER_STORE"
}

}

privileged_mode = var.privileged_mode
}

logs_config {
cloudwatch_logs {
group_name = "/${local.codebuild_name}/log-group"
stream_name = "/${local.codebuild_name}/stream"
}
}

source {
type = "CODEPIPELINE"
#location = var.source_repository_url
# git_clone_depth = 1
buildspec = var.buildspec_file

# git_submodules_config {
# fetch_submodules = false
# }
}

source_version = var.source_branch

tags = tomap({
Name="codebuild-${local.codebuild_name}",
environment=var.env_name,
created_by="terraform"
})
}

resource "aws_iam_role" "codebuild_role" {
name = "role-${local.codebuild_name}"
assume_role_policy = data.aws_iam_policy_document.codebuild_assume_role_policy.json
}

resource "aws_iam_role_policy" "cloudWatch_policy" {
name = "policy-${local.codebuild_name}"
role = aws_iam_role.codebuild_role.id
policy = data.aws_iam_policy_document.codebuild_role_policy.json
}
3 changes: 3 additions & 0 deletions modules/build/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
output "attributes" {
value = { for key, value in aws_codebuild_project.codebuild : key => value }
}
48 changes: 48 additions & 0 deletions modules/build/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
variable "env_name" {
type = string
}

variable "codebuild_name" {
type = string

}
variable "s3_bucket" {
type = string
}

variable "source_repository" {
type = string
}

variable "source_repository_url" {
default = "https://bitbucket.org/tolunaengineering/chorus.git"
type = string
}

variable "source_branch" {
type = string
default = "master"
}

variable "buildspec_file" {
type = string
}

variable "environment_variables" {
default = {}
type = map(string)
}

variable "environment_variables_parameter_store" {
type = map(string)
default = {
"ADO_USER" = "/app/ado_user"
"ADO_PASSWORD" = "/app/ado_password"
}
}

variable "privileged_mode" {
type = bool
default = true
description = "set to true if building a docker"
}
Loading

0 comments on commit fd04f3c

Please sign in to comment.