-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcicd.template.yml
169 lines (155 loc) · 5.16 KB
/
cicd.template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
Description: CICD pipeline for Dotnet Lambda Layer
Parameters:
GithubToken:
Type: String
NoEcho: true
Default: ""
Description: OAuth token for the Github organization. Needs read/write access to repos and repo hooks
GithubOwner:
Type: String
Description: Owner of the github repository to track
GithubRepo:
Type: String
Description: Name of the github repository to track
GithubBranch:
Type: String
Default: ""
Description: Name of the github branch to track
PipelineDefinitionBucket:
Type: String
Description: Bucket name where the pipeline definition is located
PipelineDefinitionKey:
Type: String
Description: Key name where the pipeline definition is located
Resources:
ArtifactStore:
Type: AWS::S3::Bucket
ArtifactStorePolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref ArtifactStore
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: s3:*Object
Resource:
- !Sub arn:aws:s3:::${ArtifactStore}
- !Sub arn:aws:s3:::${ArtifactStore}/*
Principal:
AWS:
- !Ref AWS::AccountId
- !ImportValue cfn-metadata:DevAgentRoleArn
- !ImportValue cfn-metadata:ProdAgentRoleArn
- Effect: Allow
Action: s3:GetObject
Resource:
- !Sub arn:aws:s3:::${ArtifactStore}/templates/*
Principal:
Service: serverlessrepo.amazonaws.com
BuildProject:
Type: AWS::CodeBuild::Project
Properties:
Name: !Sub ${AWS::StackName}-build
BadgeEnabled: true
ServiceRole: !ImportValue cfn-utilities:BuilderRoleArn
EncryptionKey: !ImportValue cfn-utilities:ArtifactKeyArn
Environment:
PrivilegedMode: true
Image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
ComputeType: BUILD_GENERAL1_SMALL
EnvironmentVariables:
- Name: ARTIFACT_STORE
Value: !Ref ArtifactStore
Type: LINUX_CONTAINER
Cache:
Type: LOCAL
Modes:
- LOCAL_DOCKER_LAYER_CACHE
Artifacts:
Type: S3
Location: !Ref ArtifactStore
Name: buildResults.zip
NamespaceType: BUILD_ID
Packaging: ZIP
Source:
Type: GITHUB
Location: !Sub https://github.com/${GithubOwner}/${GithubRepo}.git
ReportBuildStatus: true
DeployProject:
Type: AWS::CodeBuild::Project
Properties:
Name: !Sub ${AWS::StackName}-deploy
BadgeEnabled: true
ServiceRole: !ImportValue cfn-utilities:BuilderRoleArn
EncryptionKey: !ImportValue cfn-utilities:ArtifactKeyArn
Environment:
Image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
ComputeType: BUILD_GENERAL1_SMALL
EnvironmentVariables:
- Name: ARTIFACT_STORE
Value: !Ref ArtifactStore
- Name: ROLE_ARN
Value: !ImportValue cfn-metadata:OssServerlessPublisherRoleArn
Type: LINUX_CONTAINER
Cache:
Type: LOCAL
Modes:
- LOCAL_DOCKER_LAYER_CACHE
Artifacts:
Type: NO_ARTIFACTS
Source:
Type: GITHUB
Location: !Sub https://github.com/${GithubOwner}/${GithubRepo}.git
ReportBuildStatus: true
BuildSpec: deployspec.yml
SupersessionQueue:
Type: AWS::SQS::Queue
Properties:
ContentBasedDeduplication: true
FifoQueue: true
MessageRetentionPeriod: 1209600
SupersessionEventSourceMapping:
Type: AWS::Lambda::EventSourceMapping
Properties:
FunctionName: !ImportValue cfn-core:DeploymentSupersessionFunctionArn
EventSourceArn: !GetAtt SupersessionQueue.Arn
DeploymentQueue:
Type: AWS::SQS::Queue
Properties:
ContentBasedDeduplication: true
VisibilityTimeout: 3600
FifoQueue: true
MessageRetentionPeriod: 1209600
DeploymentEventSourceMapping:
Type: AWS::Lambda::EventSourceMapping
Properties:
FunctionName: !ImportValue cfn-core:StackDeploymentFunctionArn
EventSourceArn: !GetAtt DeploymentQueue.Arn
StateMachine:
Type: AWS::StepFunctions::StateMachine
Properties:
RoleArn: !ImportValue cfn-utilities:MasterRoleArn
StateMachineName: !Sub ${AWS::StackName}-pipeline
DefinitionS3Location:
Bucket: !Ref PipelineDefinitionBucket
Key: !Ref PipelineDefinitionKey
DefinitionSubstitutions:
GithubRepo: !Ref GithubRepo
GithubOwner: !Ref GithubOwner
ArtifactStore: !Ref ArtifactStore
BuildProject: !Ref BuildProject
DeployProject: !Ref DeployProject
DeploymentQueue: !Ref DeploymentQueue
SupersessionQueue: !Ref SupersessionQueue
OssRoleArn: !ImportValue cfn-metadata:OssAgentRoleArn
DevRoleArn: !ImportValue cfn-metadata:DevAgentRoleArn
ProdRoleArn: !ImportValue cfn-metadata:ProdAgentRoleArn
SharedRoleArn: !ImportValue cfn-utilities:MasterRoleArn
ApprovalNotificationFunction: !ImportValue cfn-core:ApprovalNotificationFunctionArn
Metadata:
cfn-lint:
config:
ignore_checks:
- E3002
- E3003