From 080e7e34498f9faf07bc527b391fb476fd6c141a Mon Sep 17 00:00:00 2001 From: Christopher Butler Date: Mon, 13 Jun 2022 17:07:58 -0400 Subject: [PATCH 1/2] Configure Automated Deploys Why these changes are being introduced: The changes here update the automated deploy process for the Lambda function using GitHub Actions. It also updates the Makefile for the local developer for easily deploying test builds in Dev1 (and provides a framework for emergency builds/deploys in Stage-Workloads). How this addresses that need: * Update Makefile with Terraform outputs from mitlib-tf-workloads-ecr * Update dev-build.yml caller workflow with Terraform outputs from mitlib-tf-workloads-ecr * Update stage-build.yml caller workflow with Terraform outputs from miblib-tf-workloads-ecr * Create prod-promote.yml caller workflow with Terraform outputs from mitlib-tf-workloads-ecr Side effects of this change: This repo is now fully configured for GHA-based automated deploys to AWS. Relevant ticket(s): * https://mitlibraries.atlassian.net/browse/ENSY-79 --- .github/workflows/dev-build.yml | 6 ++--- .github/workflows/prod-promote.yml | 19 +++++++++++++ .github/workflows/stage-build.yml | 2 +- Makefile | 43 ++++++++++++++---------------- 4 files changed, 43 insertions(+), 27 deletions(-) create mode 100644 .github/workflows/prod-promote.yml diff --git a/.github/workflows/dev-build.yml b/.github/workflows/dev-build.yml index ab7d4ef..c02245f 100644 --- a/.github/workflows/dev-build.yml +++ b/.github/workflows/dev-build.yml @@ -1,5 +1,5 @@ ### This is the Terraform-generated dev-build.yml workflow for the alma-webhook-lambdas-dev app repository ### -name: dev Build and Deploy lambda Container +name: Dev Build and Deploy lambda Container on: workflow_dispatch: pull_request: @@ -10,8 +10,8 @@ on: jobs: deploy: - name: dev Deploy lambda Container - uses: mitlibraries/.github/.github/workflows/lambda-shared-deploy-dev.yml@container-flows + name: Dev Deploy lambda Container + uses: mitlibraries/.github/.github/workflows/lambda-shared-deploy-dev.yml@main secrets: inherit with: AWS_REGION: "us-east-1" diff --git a/.github/workflows/prod-promote.yml b/.github/workflows/prod-promote.yml new file mode 100644 index 0000000..6737ff9 --- /dev/null +++ b/.github/workflows/prod-promote.yml @@ -0,0 +1,19 @@ +### This is the Terraform-generated prod-promote.yml workflow for the alma-webhook-lambdas-prod app repository ### +name: Prod Promote Lambda Container +on: + workflow_dispatch: + release: + types: [published] + +jobs: + deploy: + name: Prod Promote Lambda Container + uses: mitlibraries/.github/.github/workflows/lambda-shared-promote-prod.yml@main + secrets: inherit + with: + AWS_REGION: "us-east-1" + GHA_ROLE_STAGE: alma-webhook-lambdas-gha-stage + GHA_ROLE_PROD: alma-webhook-lambdas-gha-prod + ECR: "alma-webhook-lambdas-prod" + FUNCTION: "alma-webhook-lambdas-prod" + \ No newline at end of file diff --git a/.github/workflows/stage-build.yml b/.github/workflows/stage-build.yml index cbca5a8..c0e83a0 100644 --- a/.github/workflows/stage-build.yml +++ b/.github/workflows/stage-build.yml @@ -11,7 +11,7 @@ on: jobs: deploy: name: Stage Deploy Lambda Container - uses: mitlibraries/.github/.github/workflows/lambda-shared-deploy-stage.yml@container-flows + uses: mitlibraries/.github/.github/workflows/lambda-shared-deploy-stage.yml@main secrets: inherit with: AWS_REGION: "us-east-1" diff --git a/Makefile b/Makefile index 187092f..d100995 100644 --- a/Makefile +++ b/Makefile @@ -1,16 +1,12 @@ ### This is the Terraform-generated header for the timdex-pipeline-lambads Makefile ### SHELL=/bin/bash DATETIME:=$(shell date -u +%Y%m%dT%H%M%SZ) -### This is the Terraform-generated header for alma-webhook-lambdas-dev + +### This is the Terraform-generated header for alma-webhook-lambdas-dev ### ECR_NAME_DEV:=alma-webhook-lambdas-dev ECR_URL_DEV:=222053980223.dkr.ecr.us-east-1.amazonaws.com/alma-webhook-lambdas-dev FUNCTION_DEV:=alma-webhook-lambdas-dev ### End of Terraform-generated header ### -### This is the Terraform-generated Makefile header for alma-webhook-lambdas-stage -ECR_NAME_STAGE:=alma-webhook-lambdas-stage -ECR_URL_STAGE:=840055183494.dkr.ecr.us-east-1.amazonaws.com/alma-webhook-lambdas-stage -FUNCTION_STAGE:=alma-webhook-lambdas-stage -### End of Terraform-generated header ### help: ## Print this message @awk 'BEGIN { FS = ":.*##"; print "Usage: make \n\nTargets:" } \ @@ -51,23 +47,6 @@ isort: mypy: pipenv run mypy lambdas -### Developer Deploy Commands ### -dist-dev: ## Build docker container (intended for developer-based manual build) - docker build --platform linux/amd64 \ - -t $(ECR_URL_DEV):latest \ - -t $(ECR_URL_DEV):`git describe --always` \ - -t $(ECR_NAME_DEV):latest . - -publish-dev: dist-dev ## Build, tag and push (intended for developer-based manual publish) - docker login -u AWS -p $$(aws ecr get-login-password --region us-east-1) $(ECR_URL_DEV) - docker push $(ECR_URL_DEV):latest - docker push $(ECR_URL_DEV):`git describe --always` - -update-lambda-dev: ## Updates the lambda with whatever is the most recent image in the ecr (intended for developer-based manual update) - aws lambda update-function-code \ - --function-name $(FUNCTION_DEV) \ - --image-uri $(ECR_URL_DEV):latest - ## Terraform-generated Makefile developer Deploy Commands ### dist-stage: ## Build docker container (intended for developer-based manual build) docker build --platform linux/amd64 \ @@ -84,3 +63,21 @@ update-lambda-stage: ## Updates the lambda with whatever is the most recent imag aws lambda update-function-code \ --function-name $(FUNCTION_STAGE) \ --image-uri $(ECR_URL_STAGE):latest + +### Terraform-generated manual shortcuts for deploying to Stage ### +### This requires that ECR_NAME_STAGE, ECR_URL_STAGE, and FUNCTION_STAGE environment variables are +### set locally by the developer and that the developer has authenticated to the correct AWS Account. +### The values for the environment variables can be found in the stage_build.yml caller workflow. +dist-stage: ## Only use in an emergency + docker build --platform linux/amd64 \ + -t $(ECR_URL_STAGE):latest \ + -t $(ECR_URL_STAGE):`git describe --always` \ + -t $(ECR_NAME_STAGE):latest . + +publish-stage: ## Only use in an emergency + docker login -u AWS -p $$(aws ecr get-login-password --region us-east-1) $(ECR_URL_STAGE) + docker push $(ECR_URL_STAGE):latest + docker push $(ECR_URL_STAGE):`git describe --always` + +update-lambda-stage: ## Updates the lambda with whatever is the most recent image in the ecr (intended for developer-based manual update) + aws lambda update-function-code --function-name $(FUNCTION_STAGE) --image-uri $(ECR_URL_STAGE):latest From 0d9441d91a3929b72035449b482186b30b6703e8 Mon Sep 17 00:00:00 2001 From: Christopher Butler Date: Tue, 14 Jun 2022 09:59:22 -0400 Subject: [PATCH 2/2] Fix Makefile I had an incorrect copy/paste from the Terraform outputs into the Makefile (I copied the "stage" commands twice). This fixes that. --- Makefile | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index d100995..557274c 100644 --- a/Makefile +++ b/Makefile @@ -47,22 +47,20 @@ isort: mypy: pipenv run mypy lambdas -## Terraform-generated Makefile developer Deploy Commands ### -dist-stage: ## Build docker container (intended for developer-based manual build) +### Terraform-generated Developer Deploy Commands for Dev environment ### +dist-dev: ## Build docker container (intended for developer-based manual build) docker build --platform linux/amd64 \ - -t $(ECR_URL_STAGE):latest \ - -t $(ECR_URL_STAGE):`git describe --always` \ - -t $(ECR_NAME_STAGE):latest . + -t $(ECR_URL_DEV):latest \ + -t $(ECR_URL_DEV):`git describe --always` \ + -t $(ECR_NAME_DEV):latest . -publish-stage: dist-stage ## Build, tag and push (intended for developer-based manual publish) - docker login -u AWS -p $$(aws ecr get-login-password --region us-east-1) $(ECR_URL_STAGE) - docker push $(ECR_URL_STAGE):latest - docker push $(ECR_URL_STAGE):`git describe --always` +publish-dev: dist-dev ## Build, tag and push (intended for developer-based manual publish) + docker login -u AWS -p $$(aws ecr get-login-password --region us-east-1) $(ECR_URL_DEV) + docker push $(ECR_URL_DEV):latest + docker push $(ECR_URL_DEV):`git describe --always` -update-lambda-stage: ## Updates the lambda with whatever is the most recent image in the ecr (intended for developer-based manual update) - aws lambda update-function-code \ - --function-name $(FUNCTION_STAGE) \ - --image-uri $(ECR_URL_STAGE):latest +update-lambda-dev: ## Updates the lambda with whatever is the most recent image in the ecr (intended for developer-based manual update) + aws lambda update-function-code --function-name $(FUNCTION_DEV) --image-uri $(ECR_URL_DEV):latest ### Terraform-generated manual shortcuts for deploying to Stage ### ### This requires that ECR_NAME_STAGE, ECR_URL_STAGE, and FUNCTION_STAGE environment variables are