migrate to GovCloud

.gitignore

@@ -6,8 +6,10 @@ env/
 results/
 Vagrantfile
 
-config/local.yml
-config/prod.yml
+config/*
+!config/example.yml
+!config/targets.json
+!config/test_targets.rb
 # legacy
 credentials.yml
 credentials.18F.yml

CONTRIBUTING.md

@@ -22,57 +22,36 @@ with this waiver of copyright interest.
 
 The Concourse.ci site provides solid information for [Getting Started](http://concourse.ci/getting-started.html) with Concourse. [The Fly CLI](http://concourse.ci/fly-cli.html) is your primary tool for working with the platform. Requires Concourse v0.74.0+.
 
-The ZAP pipeline is templatized, so it needs to be built before it can be uploaded. Make sure that you are checked out to the branch that you wish to deploy.
+It is recommended that you deploy [Compliance Viewer](https://github.com/18f/compliance-toolkit) first.
 
-### Local
+The ZAP pipeline is templatized, so it needs to be built before it can be uploaded. Make sure that you are checked out to the branch that you wish to deploy.
 
-The following assumes a Concourse target named `lite`. Run the following from this directory:
+### Configuration
 
-#### Setup
+This one-time setup will need to be done once per environment you want to deploy to. The configuration file should be named to match your Concourse target name in `fly`.
 
-1. Run:
+1. Create a service key.
 
-    ```shell
-    cp config/local.example.yml config/local.yml
+    ```sh
+    cf create-service-key <s3_service_instance_name> pipeline-creds
     ```
 
-1. Modify `config/local.yml`.
-
-#### To deploy
+1. Set up the configuration file.
 
-1. Ensure branch is pushed to GitHub.
-1. Point to branch in your `config/local.yml`.
-1. Run:
-
-    ```shell
-    rake local deploy
+    ```sh
+    cp config/example.yml config/<fly_target>.yml
     ```
 
-### Production
-
-#### One-time
+1. Fill in `<fly_target>.yml`.
 
-1. Run:
-
-    ```shell
-    cp config/prod.example.yml config/prod.yml
-    ```
-
-1. Modify `config/prod.yml`.
-1. Run:
-
-    ```shell
-    fly -t cloud login -c https://ci.cloud.gov
-    fly -t cloud sync
-    ```
+### Fly
 
-#### To deploy
+Run the following from this directory:
 
 1. Ensure branch is pushed to GitHub.
-1. Point to branch in your `config/prod.yml`.
-    * Make sure to re-deploy to point to `master` afterwards if you've changed it.
+1. Point to branch in your `config/<fly_target>.yml`.
 1. Run:
 
     ```shell
-    rake prod deploy
+    TARGET=<fly_target> rake deploy
     ```

README.md

@@ -30,8 +30,8 @@ The [`config/targets.json`](config/targets.json) is a list of the projects to be
 1. After the pull request is merged, ask someone in #cloud-gov-highbar to run
 
     ```bash
-    rake prod init_targets
-    rake prod deploy
+    TARGET=<fly_target> rake init_targets
+    TARGET=<fly_target> rake deploy
     ```
 
 ### Attributes

Rakefile

@@ -1,5 +1,6 @@
 require 'rake/testtask'
 require 'tempfile'
+require 'yaml'
 require_relative 'lib/pipeline_builder'
 require_relative 'lib/team_data_filterer'
 
@@ -21,21 +22,20 @@ def branch
 end
 
 def config_path
-  File.expand_path("../config/#{@config}.yml", __FILE__)
+  File.expand_path("../config/#{@target}.yml", __FILE__)
 end
 
-desc "Set the deployment target to be local."
-task :local do
-  @config = 'local'
-  @origin = 'http://192.168.100.4:8080'
-  @target = 'lite'
+def fly_data(target)
+  data = YAML.load_file(File.expand_path(File.join('~', '.flyrc')))
+  data['targets'][target]
 end
 
-desc "Set the deployment target to be ci.cloud.gov."
-task :prod do
-  @config = 'prod'
-  @origin = 'https://ci.cloud.gov'
-  @target = 'cloud'
+def origin(target)
+  fly_data(target)['api']
+end
+
+def concourse_team(target)
+  fly_data(target)['team']
 end
 
 desc "Build the ZAP pipeline."
@@ -47,10 +47,13 @@ task :build do
 end
 
 task :verify_target do
-  unless @config && @origin && @target
+  @target = ENV['TARGET']
+  unless @target
     task = Rake.application.top_level_tasks.last
-    error_and_quit("No target set. Usage:\n\n  rake <target> #{task}\n\n")
+    error_and_quit("No target set. Usage:\n\n  TARGET=<fly_target> rake #{task}\n\n")
   end
+
+  @origin = origin(@target)
 end
 
 desc "Updates the pipeline."
@@ -73,7 +76,8 @@ end
 
 desc "Open the pipeline in a browser."
 task open: :verify_target do
-  sh 'open', "#{@origin}/pipelines/zap"
+  team = concourse_team(@target)
+  sh 'open', "#{@origin}/teams/#{team}/"
 end
 
 desc "Build and update the pipeline on the given target."

config/prod.example.yml → config/example.yml

@@ -1,11 +1,8 @@
-# get the following AWS information from Compliance viewer:
-#
-#   cf target -o cf -s toolkit
-#   cf env compliance-viewer
-#
+# get the following AWS information from the service key
 aws-access-key:
 aws-secret-key:
 aws-bucket:
+region_name:
 
 # the branch to use for the scripts repo
 script-branch: master

lib/target_initializer.rb

@@ -29,7 +29,7 @@ def s3_client
     @s3_client ||= Aws::S3::Client.new(
       access_key_id: config['aws-access-key'],
       secret_access_key: config['aws-secret-key'],
-      region: 'us-east-1'
+      region: config['region-name']
     )
   end
 

pipeline.yml

@@ -52,20 +52,23 @@ resources:
     versioned_file: reports/<%= project['name'] %>.xml
     access_key_id: {{aws-access-key}}
     secret_access_key: {{aws-secret-key}}
+    region_name: {{region-name}}
 - name: s3-result-<%= project['name'] %>
   type: s3
   source:
     bucket: {{aws-bucket}}
     versioned_file: results/<%= project['name'] %>.json
     access_key_id: {{aws-access-key}}
     secret_access_key: {{aws-secret-key}}
+    region_name: {{region-name}}
 - name: s3-summary-<%= project['name'] %>
   type: s3
   source:
     bucket: {{aws-bucket}}
     versioned_file: summaries/<%= project['name'] %>.json
     access_key_id: {{aws-access-key}}
     secret_access_key: {{aws-secret-key}}
+    region_name: {{region-name}}
 <% end -%>
 
 jobs: