Skip to content

Commit

Permalink
[sdlf-cicd] github support as an alternative to codecommit
Browse files Browse the repository at this point in the history 
Replace CodeCommit entirely with GitHub - all SDLF repositories (components, main and team repositories)
can now be hosted on GitHub. This does *not* replace CodeBuild and CodePipeline, GitHub Actions are not used.

Creating repositories is done through CloudFormation third-party resource types:
https://github.com/aws-ia/cloudformation-github-resource-providers/tree/main/GitHub-Repositories-Repository

Currently SDLF is quite rigid in terms of setup for GitHub, in part due to limitations of the aforementioned resource types.
* Setup a CodeConnection to GitHub.
* Populate `/SDLF/GitHub/CodeConnection` in SSM Parameter Store with the ARN of the CodeConnection.
* Put the access token in `/SDLF/GitHub/AccessToken` in SSM Parameter Store as a secure string.
* Enable the third-party resource type `GitHub::Repositories::Repository` on CloudFormation Registry. Do not forget to configure it.
* Use `-f github` when deploying SDLF with `deploy.sh`.

Resource type configuration example:
```
{
    "GitHubAccess": {
        "AccessToken": "{{resolve:ssm-secure:/cfn/github/accesstoken:1}}"
    }
}
```
  • Loading branch information
@cnfait
cnfait committed Aug 5, 2024
1 parent d79ec8e commit 8880acf
Show file tree
Hide file tree
Showing 10 changed files with 503 additions and 115 deletions.
33 changes: 31 additions & 2 deletions deploy.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,7 @@ devops_account () {
then
GIT_PLATFORM=CodeCommit
GITLAB=false
GITHUB=false
GLUE_JOB_DEPLOYER=false
LAMBDA_LAYER_BUILDER=false
MONITORING=false
Expand All @@ -180,6 +181,12 @@ devops_account () {
GITLAB=true
echo "Optional feature: GitLab"
fi
if printf "%s\0" "${FEATURES[@]}" | grep -Fxqz -- "github"
then
GIT_PLATFORM=GitHub
GITHUB=true
echo "Optional feature: GitHub"
fi
if printf "%s\0" "${FEATURES[@]}" | grep -Fxqz -- "gluejobdeployer"
then
GLUE_JOB_DEPLOYER=true
Expand All @@ -204,6 +211,7 @@ devops_account () {
echo "-f not specified, set all features to false by default" >&2
GIT_PLATFORM=CodeCommit
GITLAB=false
GITHUB=false
GLUE_JOB_DEPLOYER=false
LAMBDA_LAYER_BUILDER=false
MONITORING=false
Expand All @@ -223,7 +231,6 @@ devops_account () {
--parameter-overrides \
pDomainAccounts="$DOMAIN_ACCOUNTS" \
pGitPlatform="$GIT_PLATFORM" \
pEnableGitlab="$GITLAB" \
pEnableGlueJobDeployer="$GLUE_JOB_DEPLOYER" \
pEnableLambdaLayerBuilder="$LAMBDA_LAYER_BUILDER" \
pEnableMonitoring="$MONITORING" \
Expand All @@ -235,7 +242,7 @@ devops_account () {
template_protection "$STACK_NAME" "$REGION" "$DEVOPS_AWS_PROFILE"

ARTIFACTS_BUCKET=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --name /SDLF/S3/DevOpsArtifactsBucket --query "Parameter.Value" --output text)
REPOSITORIES_TEMPLATE_FILE=$(test "$GITLAB" = true && echo "$DIRNAME"/sdlf-cicd/template-cicd-sdlf-repositories.gitlab.yaml || echo "$DIRNAME"/sdlf-cicd/template-cicd-sdlf-repositories.yaml)
REPOSITORIES_TEMPLATE_FILE="$DIRNAME/sdlf-cicd/template-cicd-sdlf-repositories.${GIT_PLATFORM,,}.yaml"
mkdir "$DIRNAME"/output
aws cloudformation package \
--s3-bucket "$ARTIFACTS_BUCKET" --s3-prefix template-cicd-sdlf-repositories \
Expand Down Expand Up @@ -287,6 +294,28 @@ devops_account () {
git push origin main:test
fi
popd || exit
elif "$GITHUB"
then
#GITHUB_ACCESSTOKEN=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --with-decryption --name /SDLF/GitHub/AccessToken --query "Parameter.Value" --output text)
GITHUB_REPOSITORY_URL="https://github.com/$REPOSITORY.git"

if [ "$REPOSITORY" = "sdlf-main" ]
then
mkdir sdlf-main
cp sdlf-cicd/README.md sdlf-main/
fi
pushd "$REPOSITORY" || exit
if [ ! -d .git ] # if .git exists, deploy.sh has likely been run before - do not try to push the base repositories
then
git init
git remote add origin "$GITHUB_REPOSITORY_URL" || exit 1
git add .
git commit -m "initial commit"
git push origin main || exit 1
git push origin main:dev
git push origin main:test
fi
popd || exit
else
latest_commit=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" codecommit get-branch --repository-name "$REPOSITORY" --branch-name main --query "branch.commitId" --output text)
aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" codecommit create-branch --repository-name "$REPOSITORY" --branch-name dev --commit-id "$latest_commit"
Expand Down
36 changes: 18 additions & 18 deletions sdlf-cicd/nested-stacks/template-cicd-modules-pipelines.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ Parameters:
pGitPlatform:
Description: Platform used to host git repositories
Type: String
AllowedValues: [CodeCommit, GitLab]
AllowedValues: [CodeCommit, GitLab, GitHub]

Mappings:
pCodeCommitBranch:
Expand All @@ -41,8 +41,8 @@ Mappings:
branch: main

Conditions:
CodeCommitNoGitLab: !Equals [!Ref pGitPlatform, "CodeCommit"]
GitLabNoCodeCommit: !Equals [!Ref pGitPlatform, "GitLab"]
GitPlatformCodeCommit: !Equals [!Ref pGitPlatform, "CodeCommit"]
GitPlatformNoCodeCommit: !Not [!Equals [!Ref pGitPlatform, "CodeCommit"]]

Resources:
rMainRepositoryCodePipelineRole:
Expand All @@ -60,10 +60,10 @@ Resources:
Policies:
- PolicyName: root
PolicyDocument:
Version: 2012-10-17
Version: "2012-10-17"
Statement:
- !If
- CodeCommitNoGitLab
- GitPlatformCodeCommit
- Effect: Allow
Action:
- codecommit:GetBranch
Expand All @@ -78,7 +78,7 @@ Resources:
- !Sub arn:${AWS::Partition}:codecommit:${AWS::Region}:${AWS::AccountId}:${pCicdRepository}
- !Ref "AWS::NoValue"
- !If
- GitLabNoCodeCommit
- GitPlatformNoCodeCommit
- Effect: Allow
Action:
- codeconnections:UseConnection
Expand All @@ -88,11 +88,11 @@ Resources:
Condition:
"ForAllValues:StringLikeIfExists":
"codeconnections:FullRepositoryId":
- !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pMainRepository}"
- !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pCicdRepository}"
- !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pMainRepository}"
- !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pCicdRepository}"
"codestar-connections:FullRepositoryId":
- !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pMainRepository}"
- !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pCicdRepository}"
- !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pMainRepository}"
- !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pCicdRepository}"
- !Ref "AWS::NoValue"
- Effect: Allow
Action:
Expand All @@ -112,7 +112,7 @@ Resources:
Resource: !Ref pKMSKey
- PolicyName: lambda-stages
PolicyDocument:
Version: 2012-10-17
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
Expand All @@ -135,7 +135,7 @@ Resources:
Stages:
- Name: Sources
Actions: !If
- CodeCommitNoGitLab
- GitPlatformCodeCommit
- - Name: SourceMain
ActionTypeId:
Category: Source
Expand Down Expand Up @@ -172,7 +172,7 @@ Resources:
- Name: SourceMainArtifact
Configuration:
ConnectionArn: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/CodeConnection}}"
FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pMainRepository}"
FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pMainRepository}"
BranchName: !FindInMap [pCodeCommitBranch, !Ref pEnvironment, branch]
OutputArtifactFormat: CODE_ZIP
RunOrder: 1
Expand All @@ -186,7 +186,7 @@ Resources:
- Name: SourceCicdArtifact
Configuration:
ConnectionArn: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/CodeConnection}}"
FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pCicdRepository}"
FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pCicdRepository}"
BranchName: !FindInMap [pCodeCommitBranch, !Ref pEnvironment, branch]
OutputArtifactFormat: CODE_ZIP
RunOrder: 1
Expand Down Expand Up @@ -261,10 +261,10 @@ Resources:

rMainRepositoryCodeCommitTriggerRole:
Type: AWS::IAM::Role
Condition: CodeCommitNoGitLab
Condition: GitPlatformCodeCommit
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Expand All @@ -274,7 +274,7 @@ Resources:
Policies:
- PolicyName: sdlf-cicd-events-trigger
PolicyDocument:
Version: 2012-10-17
Version: "2012-10-17"
Statement:
- Effect: Allow
Action: codepipeline:StartPipelineExecution
Expand All @@ -283,7 +283,7 @@ Resources:

rMainRepositoryCodePipelineTriggerRule:
Type: AWS::Events::Rule
Condition: CodeCommitNoGitLab
Condition: GitPlatformCodeCommit
Properties:
EventPattern:
source:
Expand Down
40 changes: 20 additions & 20 deletions sdlf-cicd/template-cicd-domain.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,8 +70,8 @@ Mappings:
branch: main

Conditions:
CodeCommitNoGitLab: !Equals [!Ref pGitPlatform, "CodeCommit"]
GitLabNoCodeCommit: !Equals [!Ref pGitPlatform, "GitLab"]
GitPlatformCodeCommit: !Equals [!Ref pGitPlatform, "CodeCommit"]
GitPlatformNoCodeCommit: !Not [!Equals [!Ref pGitPlatform, "CodeCommit"]]
EnableMonitoring: !Equals [!Ref pEnableMonitoring, true]

Resources:
Expand All @@ -94,7 +94,7 @@ Resources:
Version: "2012-10-17"
Statement:
- !If
- CodeCommitNoGitLab
- GitPlatformCodeCommit
- Effect: Allow
Action:
- codecommit:GetBranch
Expand All @@ -115,7 +115,7 @@ Resources:
- !Ref AWS::NoValue
- !Ref "AWS::NoValue"
- !If
- GitLabNoCodeCommit
- GitPlatformNoCodeCommit
- Effect: Allow
Action:
- codeconnections:UseConnection
Expand All @@ -125,22 +125,22 @@ Resources:
Condition:
"ForAllValues:StringLikeIfExists":
"codeconnections:FullRepositoryId":
- !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pCicdRepository}"
- !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pFoundationsRepository}"
- !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pTeamRepository}"
- !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pMainRepository}"
- !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pCicdRepository}"
- !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pFoundationsRepository}"
- !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pTeamRepository}"
- !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pMainRepository}"
- !If
- EnableMonitoring
- !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/{{resolve:ssm:/SDLF/${pGitPlatform}/Monitoring${pGitPlatform}}}"
- !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/{{resolve:ssm:/SDLF/${pGitPlatform}/Monitoring${pGitPlatform}}}"
- !Ref AWS::NoValue
"codestar-connections:FullRepositoryId":
- !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pCicdRepository}"
- !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pFoundationsRepository}"
- !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pTeamRepository}"
- !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pMainRepository}"
- !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pCicdRepository}"
- !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pFoundationsRepository}"
- !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pTeamRepository}"
- !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pMainRepository}"
- !If
- EnableMonitoring
- !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/{{resolve:ssm:/SDLF/${pGitPlatform}/Monitoring${pGitPlatform}}}"
- !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/{{resolve:ssm:/SDLF/${pGitPlatform}/Monitoring${pGitPlatform}}}"
- !Ref AWS::NoValue
- !Ref "AWS::NoValue"
- Effect: Allow
Expand Down Expand Up @@ -182,7 +182,7 @@ Resources:
Stages:
- Name: Sources
Actions: !If
- CodeCommitNoGitLab
- GitPlatformCodeCommit
- - Name: sdlf-main
ActionTypeId:
Category: Source
Expand Down Expand Up @@ -264,7 +264,7 @@ Resources:
- Name: TemplateSource
Configuration:
ConnectionArn: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/CodeConnection}}"
FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pMainRepository}"
FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pMainRepository}"
BranchName: !FindInMap [pCodeCommitBranch, !Ref pEnvironment, branch]
OutputArtifactFormat: CODE_ZIP
RunOrder: 1
Expand All @@ -278,7 +278,7 @@ Resources:
- Name: SourceCicdArtifact
Configuration:
ConnectionArn: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/CodeConnection}}"
FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pCicdRepository}"
FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pCicdRepository}"
BranchName: !FindInMap [pCodeCommitBranch, !Ref pEnvironment, branch]
OutputArtifactFormat: CODE_ZIP
RunOrder: 1
Expand All @@ -292,7 +292,7 @@ Resources:
- Name: SourceFoundationsArtifact
Configuration:
ConnectionArn: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/CodeConnection}}"
FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pFoundationsRepository}"
FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pFoundationsRepository}"
BranchName: !FindInMap [pCodeCommitBranch, !Ref pEnvironment, branch]
OutputArtifactFormat: CODE_ZIP
RunOrder: 1
Expand All @@ -306,7 +306,7 @@ Resources:
- Name: SourceTeamArtifact
Configuration:
ConnectionArn: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/CodeConnection}}"
FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pTeamRepository}"
FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/${pTeamRepository}"
BranchName: !FindInMap [pCodeCommitBranch, !Ref pEnvironment, branch]
OutputArtifactFormat: CODE_ZIP
RunOrder: 1
Expand All @@ -322,7 +322,7 @@ Resources:
- Name: SourceMonitoringArtifact
Configuration:
ConnectionArn: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/CodeConnection}}"
FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/{{resolve:ssm:/SDLF/${pGitPlatform}/Monitoring${pGitPlatform}}}"
FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/Group}}/{{resolve:ssm:/SDLF/${pGitPlatform}/Monitoring${pGitPlatform}}}"
BranchName: !FindInMap [pCodeCommitBranch, !Ref pEnvironment, branch]
OutputArtifactFormat: CODE_ZIP
RunOrder: 1
Expand Down
28 changes: 21 additions & 7 deletions sdlf-cicd/template-cicd-prerequisites.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,8 @@ Parameters:
pGitPlatform:
Description: Platform used to host git repositories
Type: String
AllowedValues: [CodeCommit, GitLab]
AllowedValues: [CodeCommit, GitLab, GitHub]
Default: CodeCommit
pEnableGitlab:
Description: Use GitLab instead of CodeCommit for SDLF repositories
Type: String
Default: false
pEnableGlueJobDeployer:
Description: Enable Glue Job Deployer optional feature
Type: String
Expand All @@ -41,19 +37,37 @@ Conditions:
GovCloudPartition: !Equals
- !Sub ${AWS::Partition}
- aws-us-gov
GitPlatformGitLab: !Equals [!Ref pGitPlatform, "GitLab"]
GitPlatformGitHub: !Equals [!Ref pGitPlatform, "GitHub"]

Resources:
######## OPTIONAL SDLF FEATURES #########
# when enabling Gitlab support, /SDLF/GitLab/Url and /SDLF/GitLab/AccessToken are required too (as secure strings)
# when enabling GitLab support, /SDLF/GitLab/Url, /SDLF/GitLab/Group (containing the group or user name) and /SDLF/GitLab/AccessToken are required too (as secure strings)
# then enable GitLab::Projects::Project third-party resource type in CloudFormation Registry
rGitlabFeatureSsm:
Type: AWS::SSM::Parameter
Properties:
Name: /SDLF/GitLab/Enabled
Type: String
Value: !Ref pEnableGitlab
Value: !If
- GitPlatformGitLab
- true
- false
Description: Create repositories on GitLab instead of CodeCommit

# when enabling GitHub support, /SDLF/GitHub/Group (containing the org or user name) and /SDLF/GitHub/AccessToken are required too (as secure strings)
# then enable GitHub::Repositories::Repository third-party resource type in CloudFormation Registry
rGithubFeatureSsm:
Type: AWS::SSM::Parameter
Properties:
Name: /SDLF/GitHub/Enabled
Type: String
Value: !If
- GitPlatformGitHub
- true
- false
Description: Create repositories on GitHub instead of CodeCommit

rGitPlatformSsm:
Type: AWS::SSM::Parameter
Properties:
Expand Down
Loading

0 comments on commit 8880acf

Please sign in to comment.