From b899617cccda6c266204086bb458ec55ab993e10 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Mon, 13 May 2019 11:11:21 +1200 Subject: [PATCH 01/70] Update to use session token --- build.gradle | 6 +++++- client/build.gradle | 3 +++ service/build.gradle | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index f185bd5..e7b540c 100644 --- a/build.gradle +++ b/build.gradle @@ -1,7 +1,7 @@ plugins { id 'eclipse' id 'idea' - id "org.sonarqube" version "2.7" apply false + id "org.sonarqube" version "2.7.1" apply false id "com.github.spotbugs" version "1.6.9" apply false id "com.bnc.gradle.travis-ci-versioner" version "1.0.6" } @@ -9,6 +9,7 @@ plugins { ext { awsAccessKeyId = properties.containsKey('AWS_ACCESS_KEY_ID') ? AWS_ACCESS_KEY_ID : System.getenv('AWS_ACCESS_KEY_ID') awsSecretAccessKey = properties.containsKey('AWS_SECRET_ACCESS_KEY') ? AWS_SECRET_ACCESS_KEY : System.getenv('AWS_SECRET_ACCESS_KEY') + awsSessionToken = System.getenv('AWS_SESSION_TOKEN') } travisVersioner { @@ -36,6 +37,9 @@ allprojects { credentials(AwsCredentials) { accessKey "${awsAccessKeyId}" secretKey "${awsSecretAccessKey}" + if (awsSessionToken) { + sessionToken "${awsSessionToken}" + } } } } diff --git a/client/build.gradle b/client/build.gradle index 1dade95..867b68a 100644 --- a/client/build.gradle +++ b/client/build.gradle @@ -19,6 +19,9 @@ publishing { credentials(AwsCredentials) { accessKey "${awsAccessKeyId}" secretKey "${awsSecretAccessKey}" + if (awsSessionToken) { + sessionToken "${awsSessionToken}" + } } } } diff --git a/service/build.gradle b/service/build.gradle index c0d8a22..722bbca 100644 --- a/service/build.gradle +++ b/service/build.gradle @@ -1,7 +1,7 @@ plugins { id "org.springframework.boot" version "2.1.4.RELEASE" id "io.spring.dependency-management" version "1.0.7.RELEASE" - id "com.palantir.docker" version "0.22.0" + id "com.palantir.docker" version "0.22.1" id "com.gorylenko.gradle-git-properties" version "2.0.0" } From 641169d1522db16db878ba2099348d3d14955d82 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Tue, 14 May 2019 14:25:01 +1200 Subject: [PATCH 02/70] Add terraform files to create ecr repository --- .gitignore | 12 +++++ .../terraform/ecr/backend.tfvars.example | 7 +++ deployment/terraform/ecr/ecr.tf | 12 +++++ deployment/terraform/ecr/main.tf | 47 +++++++++++++++++++ .../terraform/ecr/master.tfvars.example | 3 ++ deployment/terraform/ecr/variables.tf | 25 ++++++++++ 6 files changed, 106 insertions(+) create mode 100644 deployment/terraform/ecr/backend.tfvars.example create mode 100644 deployment/terraform/ecr/ecr.tf create mode 100644 deployment/terraform/ecr/main.tf create mode 100644 deployment/terraform/ecr/master.tfvars.example create mode 100644 deployment/terraform/ecr/variables.tf diff --git a/.gitignore b/.gitignore index 286cf7d..df40719 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,15 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# .tfvars files +*.tfvars + +# Crash logs +crash.log # Created by https://www.gitignore.io/api/java,gradle,eclipse,netbeans,intellij diff --git a/deployment/terraform/ecr/backend.tfvars.example b/deployment/terraform/ecr/backend.tfvars.example new file mode 100644 index 0000000..40d20e6 --- /dev/null +++ b/deployment/terraform/ecr/backend.tfvars.example @@ -0,0 +1,7 @@ +bucket = "" +region = "" +dynamodb_table = "" +key = ", e.g bnc//ecr/" +kms_key_id = "" +profile = "" +role_arn = "" diff --git a/deployment/terraform/ecr/ecr.tf b/deployment/terraform/ecr/ecr.tf new file mode 100644 index 0000000..22caae8 --- /dev/null +++ b/deployment/terraform/ecr/ecr.tf @@ -0,0 +1,12 @@ +module "ecr" { + source = "git::https://github.com/bnc-projects/terraform-aws-ecr.git?ref=1.0.0" + allowed_read_principals = [ + "arn:aws:iam::${data.terraform_remote_state.techemy.bnc_dev_account_id}:root", + "arn:aws:iam::${data.terraform_remote_state.techemy.bnc_prod_account_id}:root" + ] + allowed_write_principals = [ + "${data.terraform_remote_state.bnc_ops.travis_ci_role_arn}" + ] + ecr_repo_name = "${var.service_name}" + tags = "${merge(local.common_tags, var.tags)}" +} diff --git a/deployment/terraform/ecr/main.tf b/deployment/terraform/ecr/main.tf new file mode 100644 index 0000000..5758eb9 --- /dev/null +++ b/deployment/terraform/ecr/main.tf @@ -0,0 +1,47 @@ +terraform { + backend "s3" { + encrypt = true + } +} + +locals { + common_tags = { + Owner = "bravenewcoin" + Team = "Market Data" + Environment = "production" + } +} + +provider "aws" { + region = "${var.aws_default_region}" + version = "~> 2.10.0" + profile = "${var.profile}" + + assume_role { + role_arn = "arn:aws:iam::${data.terraform_remote_state.techemy.bnc_ops_account_id}:role/BNCTerraform" + session_name = "terraform" + } +} + +data "terraform_remote_state" "techemy" { + backend = "s3" + config { + bucket = "terraform.techemy.co" + key = "techemy/master" + region = "${var.aws_default_region}" + profile = "${var.profile}" + role_arn = "${var.role_arn}" + } +} + +data "terraform_remote_state" "bnc_ops" { + backend = "s3" + config { + bucket = "terraform.techemy.co" + key = "bnc/ops" + region = "${var.aws_default_region}" + profile = "${var.profile}" + role_arn = "${var.role_arn}" + } +} + diff --git a/deployment/terraform/ecr/master.tfvars.example b/deployment/terraform/ecr/master.tfvars.example new file mode 100644 index 0000000..aaa2072 --- /dev/null +++ b/deployment/terraform/ecr/master.tfvars.example @@ -0,0 +1,3 @@ +profile = "" +role_arn = "" +service_name = "" diff --git a/deployment/terraform/ecr/variables.tf b/deployment/terraform/ecr/variables.tf new file mode 100644 index 0000000..72ba2bb --- /dev/null +++ b/deployment/terraform/ecr/variables.tf @@ -0,0 +1,25 @@ +variable "aws_default_region" { + type = "string" + default = "us-west-2" +} + +variable "profile" { + type = "string" + default = "default" +} + +variable "role_arn" { + type = "string" + description = "The role to assume to access the terraform remote state" +} + +variable "service_name" { + type = "string" + description = "The name of the service. This will be used for the ecr repository name" +} + +variable "tags" { + type = "map" + description = "A map of tags to add to all resources" + default = {} +} From 828b86142d0a219e65b6d7bf48a98d63e8aa9cd6 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Tue, 14 May 2019 15:10:12 +1200 Subject: [PATCH 03/70] Add Terraform ECR build config to TravisCI --- .travis.yml | 57 ++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 48 insertions(+), 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index 7255788..2674832 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,9 +4,7 @@ jdk: - openjdk-ea env: global: - - AWS_DEFAULT_REGION= - ECR_REPOSITORY_NAME= - # The following environment variables must be encrypted for successful deployment - AWS_ACCESS_KEY_ID= - AWS_SECRET_ACCESS_KEY= - DEV_AWS_ACCOUNT_ID= @@ -15,6 +13,19 @@ env: - PROD_AWS_ACCOUNT_ID= - PROD_AWS_ACCESS_KEY_ID= - PROD_AWS_SECRET_ACCESS_KEY= + - AWS_DEFAULT_REGION= + - KMS_KEY_ID= + - TF_IN_AUTOMATION=1 + - ROLE_ARN= + - SERVICE_NAME=spring-boot-java-base + - STATE_S3_BUCKET= + - STATE_DYNAMODB_TABLE= + - VERSION="0.11.13" + - secure: QFLxq6/aFRdQqLbR5NWDAPpnlzk5AQ3bRaYH+uegZaA5qMWvNNEoBjE5yvAJKiOe6jbqW7vqnmHFUSaMQS9gpL8O0r70rW5eswb8QUa+tSc+N2dluzCMp2+Fnj/xk8sAq+ieo5B5El296aLd+9gFK1xnjkORSZHGT+GIXxFZgqO/OCO9TETWuPtDaOkygZvPdBOLs2MItVrnBfWSUL5e6uhFn60G3+E3q3P44reesrcWyyv1x0QM91GsYm7pUVH5gW6K1vptArpW6+S5At1QtGgaLQj+6rY6ywqkOusSgFlYXrGrTGeeOiig8xKTKRQVX1myXWSVCUfiJcLp09rv2zfveQ9lmB42F+GgaocKv8FuIC8RDb4v3qdV3svFB0KpZfOHrdOW9cvTciMyIhzcF2UNui7pUkP5aMdruApAoSxzQP1nbl/lWcacHyoShibXSMw/GYgIGik2s8TY3B3J9secFkMoVgZD2qcmij2+hbTOmVnI3/ocnHdjRfe9Z8G7+P6NlMJ4AN25BglLMJaz4hvjzP3X50PUhPhorYtA9i9WB5cH9TWxnhemcerQjPsHFin2+gKLqEDrRZ+kPNkQiOXUKcfQNN80YaI0PTS4N38sMdluSAKWb6upwvWkmlZcOVZJdoa2s24lNyq2bCdzpmcfalFAZwKszHwKMrlmVgA= + - secure: tmIuWwh2CTYUrg1xPLjaNEQST8KKCsw/i6PhaEmamojeDdw+nEFSXm+Yyf3wBxSPI5sLC42lIb2dKia0vcF/V1oK8/V1D/b7VbdKU3LrBKYzqKbL3Y/R/LiirvGrdG/6C9Ai3ET0cUd+oqffCEi/CWRDY9xLdT6tYuMn829xLLZol2rA7ANDP+znGPqbhG9oXAwd5Xffkf5UGKaAtsghuC9eo+F+sKXAU+12ASqivk++D3oiIz/41wIWb6tFkuAsqKvFrbHysd6iTrZjKYTVhQ9aRcQCtPEhS+9FyYe71lhaHW8r5vb1+e+uh0dq2ye6aAPVZx0T1llHF5TvcbF6rYNuAqEbi5bYTr0iPQ3yUy8mH9RWfR0OpuiBNEqdfW1yuyDUm3IURB2CXrnpjgqcntMrizs5ukP9ltqLoAp8YfvtiM7bYrYPHVfyzVjrt1R8FeaNLZtQEk3VtSnO1CwZnD80rQ1YwkpN6jq9xd1mpNCIku96KjVMdJ/lwo1mNhUqDBO4+X5bDFG1j0zBPWvFc0FjQnttn6EJkx+c62VoEDFao1Yu4N7w8qfgxpNaA/j4xeEr8IRp27XvlZc9f8XYFNvmVtZK+GiPOKFnFCZ5BzJKdV97Ma1xRUQbARDG4aqoyZYBBoHuRRGaq/Gse/ZGIPoYS5etcRxAjEGOONP8rLw= + - secure: XoxbVPpLStp/Rh2Dbc1MC/pgZANIWSmXSgtA1mZMGCKh2FayvtkC4gSmaQy/P+HbCSrppdKrKqflUNG2T+ZU7K7rT0XB08onOSAhXjGRHtgZbKHWtWneZ5lQdKytbpxyoVG3CbenOTRStuC45EyO33wL0mDcyA3HFeosZefiOFp95FP8aQ52zj7q6blbId767GobGkjXVEKtv1m7Z3TyhDLvlMPgM3th+Dn2vo+uZSx3EvBtbTDjXW7TEI3wAo/vCLdyBrE+ARmkHv+kJjrnlEAh496qIs2NlEohDH/XqQb5GTcRhT4SC/SSeKS8qkybzXtdt7XtBO7XbGHGYAf5gWDVNjsnrHMz8u+edsHTtasrB+QJelYc8iTVjIH9KWAtV8ufD9c9Fk8KQLzpVr/88BF7VQTMBTjRQHOPeGAQnZMmYXiv3b9VL9HZBrnKS0vhuvJRIYtuT93aildK2VDGsvmDX/ofKBkZiQePU7Vq8LHvnGUQxkxo/b2WGfcnTt23X1R8FcKQgbrP9mA1HOlAA3nbVTGkZJzNoXbUtZt4sZR2WHtxNpQRsVaXrRPYATHu8UStfd138EaLeAPuM4EQYTKA/9cOf7pmxtOpypYsTmkIuzxLdFrw3aniagZFQ6SDbVakbPV1BOTr5K0jZKLeeFG516MUKLk+CrIwyALIEbY= + - secure: nkg6tw+1yVyky1PgDcMrj4HNgPTTQLYDbi+SHvyCxqsvcjcXsDMmh7kFHX4KiuaOIWcXKg9+lQ2buUy8qOwj1lPXbEO28ZYU41jZNM1Y4LXKOLe2d0Lz5r46LF/tJOok8XUerHdVUM/BxmXiFdSa8r2C2Or3khxf9Dqdu6nMvYmBP2s7g0ABZDNsqaQTj8iKA7XfgCiq9c9f0mDThQZ0fv79MPDGA6gL5EfkBhQ1DFd4MunJu9oxQ28fsl0vb/imOhMLTNvdcRVEz1tL/PJ5/MTcOgokmrhZ5IzTk1bbKOfaYw5s6GOGrDK0ZyQq8031P9sLj4c2HtY9W5ntT8x0utBYI390fHuYRwx2M9w9KhqikBxMPg9srd4kkG7vlJGJUf+9jS4pt/KP8TYzC9ryK/9ONz/Bys1LFN7lTHJqAZBR5cMpLLwuiXuIrDD/SL0yLWsnlMUAc0XU7CkPEnYvFBoaoX/MObO5Fy6rSXdDkaIrpWYD4AUXj8PEA/b9SafLxjmp68CtAqhQ+Kv0stAFDYbW3pW+edBKCQGtnzCeNWLK6F7hP6oqugHns8uaWdYx+vFyHrvYAAfb6ZWFnJ2umqHQbdDmgl/iwPlZsey1Z+1GUzPFnKv1B+L6VjsdPFpUlx9w7LNy9q0nxh1FTbRwlerYdGXs5ir3qjKo42wYJ/4= + - secure: rsQY9ftjfAY7q30Eu3eKJw+iOhFZNouV75HcXOiaMSJ0gqypQ3Lhv1vKSEQefV/EJIojEcxdJ8NRF3dyIrgKJvf0YezzSjzDleMRcP+AmmuQyeGqd5MYJ6kl8BRLerWWAuuc+bp2dLw/KCanXrDwh7bp2/V9pOTTdBfzBFG/nPrR40CLkI7AQaEccuHVb2ZphlzSf9VOzEYlBzilXuJvRkl+/GpyEE170O7jkOBImIT8OXnO1UXzzRUymZCZs3bYTu9nIknpLeVa0ba+VHla/dlSwFFJY+zs0v83lsQ+CErkMMikPQy7j5UlIKNF8X6Zubu0D0gOP0+PwWXsBbB5/E+YCyHNcox9mzuzsDkIdBO9tABE08Zhx/UVqU5KKnkIshMIxNFbMnXgA/rsd4NyT35onWIEoom13Nar/xJpIhnWSXTQhHzamjIjIA3Oj7et++Rt36sqZNqxkGQJqvV0fE6+khJ7Y8SCiaPJW91GUz9Xdx/8FW3QMT2UeI4MpX0VlIlkBZrhMO6v6gAp/zOib1jiuKCK1ZJTYkuYPLUwEzVx50+uRB7IxHT5mKeR8IfPktWxyYA/YRL0XHLkgaV7S4v49/3ReF3+KmPTHpmKnOq5VoEORAegcqcBFgATtddDTC4c1kuwjJzdka3qnBuWCWpm8jySzBQLilrNpKP+bW8= before_install: - pip install --user pip --upgrade - pip install --user awscli --upgrade @@ -29,15 +40,42 @@ cache: - "$HOME/.gradle/wrapper/" jobs: include: + - stage: init docker repository + if: env(TERRAFORM_AWS_ACCESS_KEY_ID) IS NOT blank AND env(TERRAFORM_AWS_SECRET_ACCESS_KEY) + IS NOT blank + env: + - secure: WlgRNrhZNfvu2gwVdoUoxM86nNV7Cb9hK7ZQ6gUgR2zuM7O13aR4yXCpJT1ok8XuGj0oTtfmoqcKoXhHa0KjBVmFMCHrslkxmNTb/4aLDDJz+v/tck80d/e9kH6c3hinD2rC9xhyK7rJ21ORil8fe4+aPv5wQnu2xVTvtUg/deo/STQLbP3dIfEDS71vDq+YdjrxtuCB2/3dFN5OR+xopO3uj6lyZXglNWdYbt+ZLyZA3z5chrCmWdBWdyUbIyO3Na2C7MUVDfYzflcja7ppkWqk6UwESPNiPqAGFxdFV867qUB6kkTBtdyIgkAQzLGP5HWAomF4FRqrWMKz8N1Op2rdgAwm/121ClW76SlO1qj4HJ49BkS5iCkjsnXvX/wWC9iSYtOdcBSQl2PHBWvHJBktvJF5AjTvBCXHrZ+BqlRjkLwuO4uByzFUv+boO2B7w0I81IrckyHF8eZrWzojivdF0/VNmB61dwp2Ld+12h2JgghFk7ZiH0WvBwZtp/H/7/6u2Qb6ctIusuOadogV/+FjERiA8sxAAmcPQ0l2XnsrcpV7CwHGC4eM9ooz5mpvwH6eFO0Sc+HuoUh913vZqfqTUrh3adRUVxArw3gh+QorynnN/RWZ4VUIcdxnUaXFhTG8PMxZSDxdIBnlMA6UK9Cm6D83N2t0bbzadktWzOg= + - secure: vBYFX0YlfvUhWm0W1sQxbt+Aq2Ab+OzJTSJwbncL+eSPZxO9oRnbQVug1O4nvz1UmjUxWzE3/Du4PPWK4eavw7bLZtGgMqXNTPiPvIS59cXZvRtF7LP9g122l4mTeveiPlowpBi7rl7cTaOPrO5LERv1ZhTCdClI0rW4qoTMjfaKhi2Mo8UtbFTXFy2HLnV+Vn8ETOUcqOoNdH1Q3kZk1lTL03dAtaMJ67I4EnTgCvw7AG7JtoqrplAIQ2etB+mO0zaVEdjLTQ15dlK6Ib+BrQ/s8hH2p9f2f8vxOVpwrKHljfApsZAr36VhSCl/Nnl7TbMHS9hzT+BfrL1fHXhfO0BWYHFRDIww2EEbGIPl4uBH8H9hJvJtXSLvWZWywv/5APmY/EF5YSoDPqqK75cWhLQAXaVaNSTTFU6We7UfyooXpPshZ5tTF9DHssPp6fAXYBZx9hwKtf3+ajmpV905aSFkYvfsrMYMhmK5rHRFsJGpLu99Chrb86FuPl1/K6ACNWiBUcfwd+rZLgrenI7PVUXHNvKvgJ/6Mn7+5cnC8YfyzeV8UajQRzSJOtle5RIg1nc4m5sy9oZ2gt8+hm4e1W56b8005rrEaVpaBhZKGXjujGZpvcXwXXo/bxsAttZFcBYWppSsDkn+Cy8NXPNdNz0HxGdFRnQuj/UJNO7pi58= + cache: false + before_install: + - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip + - unzip terraform_${VERSION}_linux_amd64.zip + - chmod +x terraform + install: + - cd deployment/terraform/ecr + - ./terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" + -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" + -backend-config="role_arn=${ROLE_ARN}" + script: + - ./terraform plan -input=false -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} + deploy: + - provider: script + script: ./terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} + -var service_name=${SERVICE_NAME} + skip_cleanup: true + on: + all_branches: true - stage: test after_success: - - ./gradlew sonarqube + - "./gradlew sonarqube" - stage: publish artifacts - if: env(AWS_ACCESS_KEY_ID) IS NOT blank AND env(AWS_SECRET_ACCESS_KEY) IS NOT blank + if: env(AWS_ACCESS_KEY_ID) IS NOT blank AND env(AWS_SECRET_ACCESS_KEY) IS NOT + blank jdk: openjdk11 - script: ./gradlew publish + script: "./gradlew publish" - stage: deploy to development - if: env(DEV_AWS_ACCOUNT_ID) IS NOT blank AND env(DEV_AWS_ACCESS_KEY_ID) IS NOT blank + if: env(DEV_AWS_ACCOUNT_ID) IS NOT blank AND env(DEV_AWS_ACCESS_KEY_ID) IS NOT + blank jdk: openjdk11 env: - CLUSTER_NAME= @@ -54,7 +92,8 @@ jobs: on: branch: master - stage: deploy to production - if: env(PROD_AWS_ACCOUNT_ID) IS NOT blank AND env(PROD_AWS_SECRET_ACCESS_KEY) IS NOT blank + if: env(PROD_AWS_ACCOUNT_ID) IS NOT blank AND env(PROD_AWS_SECRET_ACCESS_KEY) + IS NOT blank jdk: openjdk11 env: - CLUSTER_NAME= @@ -78,6 +117,6 @@ notifications: secure: S4Pg6XK5x3pfxldRNJVMuzLfPzKVsGdogr0u0r/pu5dpjJujoecsuDoPS8syej1hZRqJOxK36Ms+NDXRzHNK6w95X69kgwDjzoI3PoKmnqyBJIcgSueyNbm7KoQGgoKTOgEUHZ0A9JbcdH8ThBHUR8wltXctGd3kEp8KC3wSlXzDmLeFJPTqC8DMBmSC00nVL7LtXj4VdOwYZnERKErjjx5f+msOhCNbAXLr7p12O7ewHDhL1jaex4r4yzG8+oevDKYNgpHyd8BCsgsCnjiKewByiVB9q4GBjE6CN3c1VfKdWmPWwF4jgxsz8BqTjshM17msnRyXOaSsB6MG+gGMyNKwFVYEwlsAQyRl5i5IhvjIHVMZVcbon098CpNcpW/ZsWALVQSZUW8yBBVPfVs4gTI071R9hQvDWdHLEkApZpsD24tPwsXGdzupBceyqf3HZn9PDYnqMB+hDxSYmLoJRYqjdFxguUwZEYSRih0c+4npcCBO/QJ5m+4aoG2qJ7Zg10YPr3I/PU+kHKjMzvAME4iZ30CnW0gRskM7nVHZRVmR/vgweZDuo9GYXnOykUUur9S3OEhkEp6Ucmcnkv/DXRa5lU0gqpnfkcJv40UaqoxyypGn2U0dPHPCbYahvTu4QAAAkUU6RsJ3TlDhOg018lJVBBaLx+tXpTD+TpY7/XU= addons: sonarcloud: - organization: "bnc-projects" + organization: bnc-projects token: - secure: "Ehm9iNp6f5fBata+4mkkfwpUelmYZZAkmrakZ0jOsZn3Pw/e6+ZskxOWBdRZQxZbpsQ2QTxrunel4pNgjKpuj340OuDGQGb8it23VslTDuffpDguDkYVBe8RQER2TeJ5ZrcpYbTwNg0KUxwvvjSgbmwDogQkvXu6nxmGjcT+kcKMuVNBXSQrIPalKQNlq5Oga+IBfuqK0zhgRmsHq5LQVqjrn3dckXL7rtaqF7yXX8EIxaRXFzE36hjQlLB0b2OpT9ff6/Jx15kBgb0OYTwHOjhzg94UWljsW1u4Unl+B93drRV87HSmJN1kZZkzprixgvO+ERMaAwVsb3qqDb6qqhIS06uUZfmsV/lKOfoB2WEYA8KdS4oYUOuRULjrWBvhqA+dT/6QPHjSpgssVCfnuFsgw7vbyBuCZAifHmS0g9h/4+N40xYk4jw+L5jIDH72AdktD2o2qY+26lqw6XdxPPwKBrsBcElbYbfTdw/VMYlA9yoOFx5mlRUxhv0Jxt7u5ZD5FmE7H9XleTNnmO13dhcRfEZvUpEWa1Ccn5ueq/03kbXLIaZ6I0LM8ONK/qEqUmY12Ztf7QFs94HED54N62o+5fohbURsxVDE286VO1alUqgOVLOt7dd+X4JhDdu2ix4jHjPsan40eAy6e6FxFn4xsQF5BGPrFvDbCsvP6ok=" + secure: Ehm9iNp6f5fBata+4mkkfwpUelmYZZAkmrakZ0jOsZn3Pw/e6+ZskxOWBdRZQxZbpsQ2QTxrunel4pNgjKpuj340OuDGQGb8it23VslTDuffpDguDkYVBe8RQER2TeJ5ZrcpYbTwNg0KUxwvvjSgbmwDogQkvXu6nxmGjcT+kcKMuVNBXSQrIPalKQNlq5Oga+IBfuqK0zhgRmsHq5LQVqjrn3dckXL7rtaqF7yXX8EIxaRXFzE36hjQlLB0b2OpT9ff6/Jx15kBgb0OYTwHOjhzg94UWljsW1u4Unl+B93drRV87HSmJN1kZZkzprixgvO+ERMaAwVsb3qqDb6qqhIS06uUZfmsV/lKOfoB2WEYA8KdS4oYUOuRULjrWBvhqA+dT/6QPHjSpgssVCfnuFsgw7vbyBuCZAifHmS0g9h/4+N40xYk4jw+L5jIDH72AdktD2o2qY+26lqw6XdxPPwKBrsBcElbYbfTdw/VMYlA9yoOFx5mlRUxhv0Jxt7u5ZD5FmE7H9XleTNnmO13dhcRfEZvUpEWa1Ccn5ueq/03kbXLIaZ6I0LM8ONK/qEqUmY12Ztf7QFs94HED54N62o+5fohbURsxVDE286VO1alUqgOVLOt7dd+X4JhDdu2ix4jHjPsan40eAy6e6FxFn4xsQF5BGPrFvDbCsvP6ok= From 8e3226b22eecde55880c59b745e5142977ef4968 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Tue, 14 May 2019 15:11:33 +1200 Subject: [PATCH 04/70] Remove condition from init ecr stage --- .travis.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2674832..db077d5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -41,8 +41,6 @@ cache: jobs: include: - stage: init docker repository - if: env(TERRAFORM_AWS_ACCESS_KEY_ID) IS NOT blank AND env(TERRAFORM_AWS_SECRET_ACCESS_KEY) - IS NOT blank env: - secure: WlgRNrhZNfvu2gwVdoUoxM86nNV7Cb9hK7ZQ6gUgR2zuM7O13aR4yXCpJT1ok8XuGj0oTtfmoqcKoXhHa0KjBVmFMCHrslkxmNTb/4aLDDJz+v/tck80d/e9kH6c3hinD2rC9xhyK7rJ21ORil8fe4+aPv5wQnu2xVTvtUg/deo/STQLbP3dIfEDS71vDq+YdjrxtuCB2/3dFN5OR+xopO3uj6lyZXglNWdYbt+ZLyZA3z5chrCmWdBWdyUbIyO3Na2C7MUVDfYzflcja7ppkWqk6UwESPNiPqAGFxdFV867qUB6kkTBtdyIgkAQzLGP5HWAomF4FRqrWMKz8N1Op2rdgAwm/121ClW76SlO1qj4HJ49BkS5iCkjsnXvX/wWC9iSYtOdcBSQl2PHBWvHJBktvJF5AjTvBCXHrZ+BqlRjkLwuO4uByzFUv+boO2B7w0I81IrckyHF8eZrWzojivdF0/VNmB61dwp2Ld+12h2JgghFk7ZiH0WvBwZtp/H/7/6u2Qb6ctIusuOadogV/+FjERiA8sxAAmcPQ0l2XnsrcpV7CwHGC4eM9ooz5mpvwH6eFO0Sc+HuoUh913vZqfqTUrh3adRUVxArw3gh+QorynnN/RWZ4VUIcdxnUaXFhTG8PMxZSDxdIBnlMA6UK9Cm6D83N2t0bbzadktWzOg= - secure: vBYFX0YlfvUhWm0W1sQxbt+Aq2Ab+OzJTSJwbncL+eSPZxO9oRnbQVug1O4nvz1UmjUxWzE3/Du4PPWK4eavw7bLZtGgMqXNTPiPvIS59cXZvRtF7LP9g122l4mTeveiPlowpBi7rl7cTaOPrO5LERv1ZhTCdClI0rW4qoTMjfaKhi2Mo8UtbFTXFy2HLnV+Vn8ETOUcqOoNdH1Q3kZk1lTL03dAtaMJ67I4EnTgCvw7AG7JtoqrplAIQ2etB+mO0zaVEdjLTQ15dlK6Ib+BrQ/s8hH2p9f2f8vxOVpwrKHljfApsZAr36VhSCl/Nnl7TbMHS9hzT+BfrL1fHXhfO0BWYHFRDIww2EEbGIPl4uBH8H9hJvJtXSLvWZWywv/5APmY/EF5YSoDPqqK75cWhLQAXaVaNSTTFU6We7UfyooXpPshZ5tTF9DHssPp6fAXYBZx9hwKtf3+ajmpV905aSFkYvfsrMYMhmK5rHRFsJGpLu99Chrb86FuPl1/K6ACNWiBUcfwd+rZLgrenI7PVUXHNvKvgJ/6Mn7+5cnC8YfyzeV8UajQRzSJOtle5RIg1nc4m5sy9oZ2gt8+hm4e1W56b8005rrEaVpaBhZKGXjujGZpvcXwXXo/bxsAttZFcBYWppSsDkn+Cy8NXPNdNz0HxGdFRnQuj/UJNO7pi58= From 2d17cdb4e673333e351cfa5e5f0c5bb1ef278a10 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Tue, 14 May 2019 15:16:59 +1200 Subject: [PATCH 05/70] Provide stage ordering to Travis-CI --- .travis.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.travis.yml b/.travis.yml index db077d5..aade67a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -38,6 +38,12 @@ cache: directories: - "$HOME/.gradle/caches/" - "$HOME/.gradle/wrapper/" +stages: + - init docker repository + - test + - publish artifacts + - deploy to development + - deploy to production jobs: include: - stage: init docker repository From f335fb317db467b17cf1ccd6e3369a6188dad29c Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Tue, 14 May 2019 15:20:07 +1200 Subject: [PATCH 06/70] Add terraform binary to bin folder --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index aade67a..6ac9d31 100644 --- a/.travis.yml +++ b/.travis.yml @@ -53,8 +53,8 @@ jobs: cache: false before_install: - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - - unzip terraform_${VERSION}_linux_amd64.zip - - chmod +x terraform + - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin + - chmod +x $HOME/bin/terraform install: - cd deployment/terraform/ecr - ./terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" From cd8bcf1b9b5364b16cc582736b0118d0556a84b5 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Tue, 14 May 2019 15:22:08 +1200 Subject: [PATCH 07/70] Use terraform instead of ./terraform --- .travis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 6ac9d31..e4e2152 100644 --- a/.travis.yml +++ b/.travis.yml @@ -57,14 +57,14 @@ jobs: - chmod +x $HOME/bin/terraform install: - cd deployment/terraform/ecr - - ./terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" + - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="role_arn=${ROLE_ARN}" script: - - ./terraform plan -input=false -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} + - terraform plan -input=false -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} deploy: - provider: script - script: ./terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} + script: terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} skip_cleanup: true on: From 0bea5181ff7b392339c01ad377c840cc6a17e13a Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Tue, 14 May 2019 15:25:07 +1200 Subject: [PATCH 08/70] Add backend key --- .travis.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index e4e2152..0e835db 100644 --- a/.travis.yml +++ b/.travis.yml @@ -26,6 +26,7 @@ env: - secure: XoxbVPpLStp/Rh2Dbc1MC/pgZANIWSmXSgtA1mZMGCKh2FayvtkC4gSmaQy/P+HbCSrppdKrKqflUNG2T+ZU7K7rT0XB08onOSAhXjGRHtgZbKHWtWneZ5lQdKytbpxyoVG3CbenOTRStuC45EyO33wL0mDcyA3HFeosZefiOFp95FP8aQ52zj7q6blbId767GobGkjXVEKtv1m7Z3TyhDLvlMPgM3th+Dn2vo+uZSx3EvBtbTDjXW7TEI3wAo/vCLdyBrE+ARmkHv+kJjrnlEAh496qIs2NlEohDH/XqQb5GTcRhT4SC/SSeKS8qkybzXtdt7XtBO7XbGHGYAf5gWDVNjsnrHMz8u+edsHTtasrB+QJelYc8iTVjIH9KWAtV8ufD9c9Fk8KQLzpVr/88BF7VQTMBTjRQHOPeGAQnZMmYXiv3b9VL9HZBrnKS0vhuvJRIYtuT93aildK2VDGsvmDX/ofKBkZiQePU7Vq8LHvnGUQxkxo/b2WGfcnTt23X1R8FcKQgbrP9mA1HOlAA3nbVTGkZJzNoXbUtZt4sZR2WHtxNpQRsVaXrRPYATHu8UStfd138EaLeAPuM4EQYTKA/9cOf7pmxtOpypYsTmkIuzxLdFrw3aniagZFQ6SDbVakbPV1BOTr5K0jZKLeeFG516MUKLk+CrIwyALIEbY= - secure: nkg6tw+1yVyky1PgDcMrj4HNgPTTQLYDbi+SHvyCxqsvcjcXsDMmh7kFHX4KiuaOIWcXKg9+lQ2buUy8qOwj1lPXbEO28ZYU41jZNM1Y4LXKOLe2d0Lz5r46LF/tJOok8XUerHdVUM/BxmXiFdSa8r2C2Or3khxf9Dqdu6nMvYmBP2s7g0ABZDNsqaQTj8iKA7XfgCiq9c9f0mDThQZ0fv79MPDGA6gL5EfkBhQ1DFd4MunJu9oxQ28fsl0vb/imOhMLTNvdcRVEz1tL/PJ5/MTcOgokmrhZ5IzTk1bbKOfaYw5s6GOGrDK0ZyQq8031P9sLj4c2HtY9W5ntT8x0utBYI390fHuYRwx2M9w9KhqikBxMPg9srd4kkG7vlJGJUf+9jS4pt/KP8TYzC9ryK/9ONz/Bys1LFN7lTHJqAZBR5cMpLLwuiXuIrDD/SL0yLWsnlMUAc0XU7CkPEnYvFBoaoX/MObO5Fy6rSXdDkaIrpWYD4AUXj8PEA/b9SafLxjmp68CtAqhQ+Kv0stAFDYbW3pW+edBKCQGtnzCeNWLK6F7hP6oqugHns8uaWdYx+vFyHrvYAAfb6ZWFnJ2umqHQbdDmgl/iwPlZsey1Z+1GUzPFnKv1B+L6VjsdPFpUlx9w7LNy9q0nxh1FTbRwlerYdGXs5ir3qjKo42wYJ/4= - secure: rsQY9ftjfAY7q30Eu3eKJw+iOhFZNouV75HcXOiaMSJ0gqypQ3Lhv1vKSEQefV/EJIojEcxdJ8NRF3dyIrgKJvf0YezzSjzDleMRcP+AmmuQyeGqd5MYJ6kl8BRLerWWAuuc+bp2dLw/KCanXrDwh7bp2/V9pOTTdBfzBFG/nPrR40CLkI7AQaEccuHVb2ZphlzSf9VOzEYlBzilXuJvRkl+/GpyEE170O7jkOBImIT8OXnO1UXzzRUymZCZs3bYTu9nIknpLeVa0ba+VHla/dlSwFFJY+zs0v83lsQ+CErkMMikPQy7j5UlIKNF8X6Zubu0D0gOP0+PwWXsBbB5/E+YCyHNcox9mzuzsDkIdBO9tABE08Zhx/UVqU5KKnkIshMIxNFbMnXgA/rsd4NyT35onWIEoom13Nar/xJpIhnWSXTQhHzamjIjIA3Oj7et++Rt36sqZNqxkGQJqvV0fE6+khJ7Y8SCiaPJW91GUz9Xdx/8FW3QMT2UeI4MpX0VlIlkBZrhMO6v6gAp/zOib1jiuKCK1ZJTYkuYPLUwEzVx50+uRB7IxHT5mKeR8IfPktWxyYA/YRL0XHLkgaV7S4v49/3ReF3+KmPTHpmKnOq5VoEORAegcqcBFgATtddDTC4c1kuwjJzdka3qnBuWCWpm8jySzBQLilrNpKP+bW8= + - secure: AqCThrzOrsP80XztRjyLS7ntP7h7KZqNv38tXLedMzBQFni4Wo8b+pOkcSvuOe/aXsX9h3kzVrzl36lS4S9seNLaLN+ZRcg3YPzSm3MlHWcneY+RvXWhUh+B51z7IUQcSQ24Mez13Udm6aGBEokDVNCacfDNk2J8c+0HB/KK9DTAvspCnFv8W2Qo7jvkQbvjVbr6RnadEXaWEuvtvfr5cX17HZPwco6+hwpGYOgKjVkeDj2yW/VzXaexzq4LLbRJdEcERxppe84OBG3IigYtVsASG94baAau+SfNq3oLQhK7RdK9lHsRONwX5kAvvM1g4AFjs1Vqtsy+jjtQUCE+hsJSm9akBqqFnOUjMDIJicdeHJptHYEZ77oT6R40pw+b5ZJGT9r2o5FJdLbygQkJ4VqwyT1lErFS6EX4apMNX1J2zx5ieiXmgh1DCeVgJSaVP4q1dnvGowfJhL7RxNww6PWHZWVzyi+x79/q8acjr/Y2+RkZzdk0gssR++4vbadRFwXsek+hfXVYIrRQfe5oEyidm99VcW1C6OfCxkXBOjqMAKnjEnUBf+B6p68pMEkBzd3/LhPxPTXEM3LXo1c6H4Jp75n/W4Wg+At8Wq/HnR1Vrojm/+rS1hEJV7GW3XxgTuHcRFueJpwlMaSbpfY9HmM0jsyiObPdsq4CJMUHjrM= before_install: - pip install --user pip --upgrade - pip install --user awscli --upgrade @@ -39,11 +40,11 @@ cache: - "$HOME/.gradle/caches/" - "$HOME/.gradle/wrapper/" stages: - - init docker repository - - test - - publish artifacts - - deploy to development - - deploy to production +- init docker repository +- test +- publish artifacts +- deploy to development +- deploy to production jobs: include: - stage: init docker repository @@ -58,7 +59,7 @@ jobs: install: - cd deployment/terraform/ecr - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" - -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" + -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${KEY}" -backend-config="role_arn=${ROLE_ARN}" script: - terraform plan -input=false -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} From b22c7ae2aac7a12da5b5dba1f61ed7c2515b51b2 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Tue, 14 May 2019 16:01:30 +1200 Subject: [PATCH 09/70] Tag and push docker image --- .travis.yml | 56 +++++++++++------------------ deployment/terraform/ecr/outputs.tf | 3 ++ 2 files changed, 23 insertions(+), 36 deletions(-) create mode 100644 deployment/terraform/ecr/outputs.tf diff --git a/.travis.yml b/.travis.yml index 0e835db..b6a84eb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,20 +13,18 @@ env: - PROD_AWS_ACCOUNT_ID= - PROD_AWS_ACCESS_KEY_ID= - PROD_AWS_SECRET_ACCESS_KEY= - - AWS_DEFAULT_REGION= - - KMS_KEY_ID= - TF_IN_AUTOMATION=1 - - ROLE_ARN= - SERVICE_NAME=spring-boot-java-base - - STATE_S3_BUCKET= - - STATE_DYNAMODB_TABLE= - - VERSION="0.11.13" + - VERSION=0.11.13 - secure: QFLxq6/aFRdQqLbR5NWDAPpnlzk5AQ3bRaYH+uegZaA5qMWvNNEoBjE5yvAJKiOe6jbqW7vqnmHFUSaMQS9gpL8O0r70rW5eswb8QUa+tSc+N2dluzCMp2+Fnj/xk8sAq+ieo5B5El296aLd+9gFK1xnjkORSZHGT+GIXxFZgqO/OCO9TETWuPtDaOkygZvPdBOLs2MItVrnBfWSUL5e6uhFn60G3+E3q3P44reesrcWyyv1x0QM91GsYm7pUVH5gW6K1vptArpW6+S5At1QtGgaLQj+6rY6ywqkOusSgFlYXrGrTGeeOiig8xKTKRQVX1myXWSVCUfiJcLp09rv2zfveQ9lmB42F+GgaocKv8FuIC8RDb4v3qdV3svFB0KpZfOHrdOW9cvTciMyIhzcF2UNui7pUkP5aMdruApAoSxzQP1nbl/lWcacHyoShibXSMw/GYgIGik2s8TY3B3J9secFkMoVgZD2qcmij2+hbTOmVnI3/ocnHdjRfe9Z8G7+P6NlMJ4AN25BglLMJaz4hvjzP3X50PUhPhorYtA9i9WB5cH9TWxnhemcerQjPsHFin2+gKLqEDrRZ+kPNkQiOXUKcfQNN80YaI0PTS4N38sMdluSAKWb6upwvWkmlZcOVZJdoa2s24lNyq2bCdzpmcfalFAZwKszHwKMrlmVgA= - secure: tmIuWwh2CTYUrg1xPLjaNEQST8KKCsw/i6PhaEmamojeDdw+nEFSXm+Yyf3wBxSPI5sLC42lIb2dKia0vcF/V1oK8/V1D/b7VbdKU3LrBKYzqKbL3Y/R/LiirvGrdG/6C9Ai3ET0cUd+oqffCEi/CWRDY9xLdT6tYuMn829xLLZol2rA7ANDP+znGPqbhG9oXAwd5Xffkf5UGKaAtsghuC9eo+F+sKXAU+12ASqivk++D3oiIz/41wIWb6tFkuAsqKvFrbHysd6iTrZjKYTVhQ9aRcQCtPEhS+9FyYe71lhaHW8r5vb1+e+uh0dq2ye6aAPVZx0T1llHF5TvcbF6rYNuAqEbi5bYTr0iPQ3yUy8mH9RWfR0OpuiBNEqdfW1yuyDUm3IURB2CXrnpjgqcntMrizs5ukP9ltqLoAp8YfvtiM7bYrYPHVfyzVjrt1R8FeaNLZtQEk3VtSnO1CwZnD80rQ1YwkpN6jq9xd1mpNCIku96KjVMdJ/lwo1mNhUqDBO4+X5bDFG1j0zBPWvFc0FjQnttn6EJkx+c62VoEDFao1Yu4N7w8qfgxpNaA/j4xeEr8IRp27XvlZc9f8XYFNvmVtZK+GiPOKFnFCZ5BzJKdV97Ma1xRUQbARDG4aqoyZYBBoHuRRGaq/Gse/ZGIPoYS5etcRxAjEGOONP8rLw= - secure: XoxbVPpLStp/Rh2Dbc1MC/pgZANIWSmXSgtA1mZMGCKh2FayvtkC4gSmaQy/P+HbCSrppdKrKqflUNG2T+ZU7K7rT0XB08onOSAhXjGRHtgZbKHWtWneZ5lQdKytbpxyoVG3CbenOTRStuC45EyO33wL0mDcyA3HFeosZefiOFp95FP8aQ52zj7q6blbId767GobGkjXVEKtv1m7Z3TyhDLvlMPgM3th+Dn2vo+uZSx3EvBtbTDjXW7TEI3wAo/vCLdyBrE+ARmkHv+kJjrnlEAh496qIs2NlEohDH/XqQb5GTcRhT4SC/SSeKS8qkybzXtdt7XtBO7XbGHGYAf5gWDVNjsnrHMz8u+edsHTtasrB+QJelYc8iTVjIH9KWAtV8ufD9c9Fk8KQLzpVr/88BF7VQTMBTjRQHOPeGAQnZMmYXiv3b9VL9HZBrnKS0vhuvJRIYtuT93aildK2VDGsvmDX/ofKBkZiQePU7Vq8LHvnGUQxkxo/b2WGfcnTt23X1R8FcKQgbrP9mA1HOlAA3nbVTGkZJzNoXbUtZt4sZR2WHtxNpQRsVaXrRPYATHu8UStfd138EaLeAPuM4EQYTKA/9cOf7pmxtOpypYsTmkIuzxLdFrw3aniagZFQ6SDbVakbPV1BOTr5K0jZKLeeFG516MUKLk+CrIwyALIEbY= - secure: nkg6tw+1yVyky1PgDcMrj4HNgPTTQLYDbi+SHvyCxqsvcjcXsDMmh7kFHX4KiuaOIWcXKg9+lQ2buUy8qOwj1lPXbEO28ZYU41jZNM1Y4LXKOLe2d0Lz5r46LF/tJOok8XUerHdVUM/BxmXiFdSa8r2C2Or3khxf9Dqdu6nMvYmBP2s7g0ABZDNsqaQTj8iKA7XfgCiq9c9f0mDThQZ0fv79MPDGA6gL5EfkBhQ1DFd4MunJu9oxQ28fsl0vb/imOhMLTNvdcRVEz1tL/PJ5/MTcOgokmrhZ5IzTk1bbKOfaYw5s6GOGrDK0ZyQq8031P9sLj4c2HtY9W5ntT8x0utBYI390fHuYRwx2M9w9KhqikBxMPg9srd4kkG7vlJGJUf+9jS4pt/KP8TYzC9ryK/9ONz/Bys1LFN7lTHJqAZBR5cMpLLwuiXuIrDD/SL0yLWsnlMUAc0XU7CkPEnYvFBoaoX/MObO5Fy6rSXdDkaIrpWYD4AUXj8PEA/b9SafLxjmp68CtAqhQ+Kv0stAFDYbW3pW+edBKCQGtnzCeNWLK6F7hP6oqugHns8uaWdYx+vFyHrvYAAfb6ZWFnJ2umqHQbdDmgl/iwPlZsey1Z+1GUzPFnKv1B+L6VjsdPFpUlx9w7LNy9q0nxh1FTbRwlerYdGXs5ir3qjKo42wYJ/4= - secure: rsQY9ftjfAY7q30Eu3eKJw+iOhFZNouV75HcXOiaMSJ0gqypQ3Lhv1vKSEQefV/EJIojEcxdJ8NRF3dyIrgKJvf0YezzSjzDleMRcP+AmmuQyeGqd5MYJ6kl8BRLerWWAuuc+bp2dLw/KCanXrDwh7bp2/V9pOTTdBfzBFG/nPrR40CLkI7AQaEccuHVb2ZphlzSf9VOzEYlBzilXuJvRkl+/GpyEE170O7jkOBImIT8OXnO1UXzzRUymZCZs3bYTu9nIknpLeVa0ba+VHla/dlSwFFJY+zs0v83lsQ+CErkMMikPQy7j5UlIKNF8X6Zubu0D0gOP0+PwWXsBbB5/E+YCyHNcox9mzuzsDkIdBO9tABE08Zhx/UVqU5KKnkIshMIxNFbMnXgA/rsd4NyT35onWIEoom13Nar/xJpIhnWSXTQhHzamjIjIA3Oj7et++Rt36sqZNqxkGQJqvV0fE6+khJ7Y8SCiaPJW91GUz9Xdx/8FW3QMT2UeI4MpX0VlIlkBZrhMO6v6gAp/zOib1jiuKCK1ZJTYkuYPLUwEzVx50+uRB7IxHT5mKeR8IfPktWxyYA/YRL0XHLkgaV7S4v49/3ReF3+KmPTHpmKnOq5VoEORAegcqcBFgATtddDTC4c1kuwjJzdka3qnBuWCWpm8jySzBQLilrNpKP+bW8= - secure: AqCThrzOrsP80XztRjyLS7ntP7h7KZqNv38tXLedMzBQFni4Wo8b+pOkcSvuOe/aXsX9h3kzVrzl36lS4S9seNLaLN+ZRcg3YPzSm3MlHWcneY+RvXWhUh+B51z7IUQcSQ24Mez13Udm6aGBEokDVNCacfDNk2J8c+0HB/KK9DTAvspCnFv8W2Qo7jvkQbvjVbr6RnadEXaWEuvtvfr5cX17HZPwco6+hwpGYOgKjVkeDj2yW/VzXaexzq4LLbRJdEcERxppe84OBG3IigYtVsASG94baAau+SfNq3oLQhK7RdK9lHsRONwX5kAvvM1g4AFjs1Vqtsy+jjtQUCE+hsJSm9akBqqFnOUjMDIJicdeHJptHYEZ77oT6R40pw+b5ZJGT9r2o5FJdLbygQkJ4VqwyT1lErFS6EX4apMNX1J2zx5ieiXmgh1DCeVgJSaVP4q1dnvGowfJhL7RxNww6PWHZWVzyi+x79/q8acjr/Y2+RkZzdk0gssR++4vbadRFwXsek+hfXVYIrRQfe5oEyidm99VcW1C6OfCxkXBOjqMAKnjEnUBf+B6p68pMEkBzd3/LhPxPTXEM3LXo1c6H4Jp75n/W4Wg+At8Wq/HnR1Vrojm/+rS1hEJV7GW3XxgTuHcRFueJpwlMaSbpfY9HmM0jsyiObPdsq4CJMUHjrM= + - secure: hCl/qkJyG5tYFZWPhasg2DNth3Hy9Yp/5Oq4c6eCcEERRysX2nXkFOgdaUQmENWqyEG1CXH56lDTajeO/YBT9zTNbH0PoOwHPtV9935/BV+hmQwdgXf/O4wc9aH/om5KQXkT8oAn2qP2s+8zm1XO5lBkYSlvQ8CNiO9t22//ekaUvwM/zG5tCeDezv9j0yXZGTBTgEJ1haI7tIfglgFNkM2waOyntBT0k7doqvPd/upc9fooichq6YUWQWBuzuRKaA89ukyL7sQsZvF+MUFtQmwCW/R853Te312Cq2AAUY8Eq6N9ppw27bc0FcUe23cwg05NuR9GLPnAzczm2lxLKe02Ug0b2nGRldjDIgVl26RKi690ysIHnFQThX7GjUa5bFfbriIqKUsZNG3pI3Rqv4MNkVrqSKxlu1loyscrkuJz5qyIL2G9MZytuEgW3Or6jFewb6rL0QlmeptmsTdukTccOiXCFC48lcO/aMVzkHh8Z0wUsM0BS3T2gRz3egOm74GTl+TDQU1dJeuRqzuNaKorjJZ6qCRUdmkVykCXvhr/nqXW5GaU12FrIZct2yGhTs/oItYNFkbKbiLv0AyF/Wfzozr4XN8QJZKYjXbfVaUXV+VAmaNsPlqcFeWsZzyzUHWroM4EYaCs6oKAHPJuUaz5ew8zzBJ7tbXrS2etuE8= + - secure: Qi0OF+l5wbkPPdWiYEZjZvn2Px6FNe4VEwx1L4djLop2qEJTdn6IS1M/vlmWgXpMzwvyB9BxwhUgPKFL0tkjRHVT6m6GW87MB/UFvrUSVsJjWaI0fjDMsNeqXeajBy9zc9kFm28t7XW5cSYujITonI5y+AJX5oiLU08MAzf2I+6pIrbGyuGqLEsXBML4fdpiToRh0HuMsCjmvO0APb7NIyxE4A1XuwcfsevnnFzIziC2DM6w6w4mG6mTIVHpjeqMRiKVNflHgcvyyBECJysDn7+2Hkt7wq34b3CKJQy5fcZ7cBWDKm/iOMJ0GQtj1gDvSPjzmfwYW7w8WIMZzUp/gExEMpt7SiL/qyg4XJCCNdan4zB/AnpsYAnPKQJscsK2WVzIGn2X5LdahAbcyFGaTPTmn5YwV7Qmhx6yERQ51WhtaTqMeQQftqwuR+jrgMM/K8PtPBHixVipE22k/RIviXe/dk76XPcbMxv+GAL6KQ2/CZQvIY4s0Szw8nDMcGfBgFxlXHRFRrzxxUBk29r3rLW9aXqHUuiqdupjx7zuaab0W6x4Q8cB4QILe/c6q5WNzpnlWhEBlnBN8Wv9wN4QLYX4Vsl8Q0d6ayaJRbdZAFWCJPWvbBcSwJbYKrr50lXeRcWytCWLdrQ0K5Q6KG9jkN2ZgFiiMd2Olu19PjS6v+w= + - secure: c/8Vz4mcDSiNjVBE9wGy11xtnByIdP+pqaizbqwA9WFA2aoCe8mIUmd05VUDAYdFKtULpnjx798FOtXY7cCtgM/yqmrZdGCMP39C6ki4zc7X2cwJl922chU6IitcUq68oHPw0X1YZYG3NNzVw7hDQDG9vKhenwhQWe6mBLtNAAnFWOBmLujtQ8RB6y42zyiojqn4M6FT+IfRyRGqPEYKiJzQdo35j8xocILpmRC4fw1sE87sE3aM/rSXqkTD8eILUQvMoW+wIZbaEK8bfwoqFlO96I4QK9oPeIozxCxULnyDhShk7kBUeFWuT6w4/sFEO5CFWukSwV67yA/wV6iy2PvP0jxraPME4sZrbiJxD32jcmIM2/i6IQMoUwaepEXvHwhJ+pvM5lVurNlkO3YSYLr0e7+1ubiw0YQc7R+5g/gjkwUZSB/KhoPFWK6Kft1HDv4sTPF5aTjKrbAvpBRjM6fawB/gkEXZLTddP0qurPGX4au4tJ93mV+DfMb6XOKGlegwbS6jkWoR+qC7c9x6+RZ57xYzhOWbpza0YsYQy/P4Wi7biCDK5hxwcfc6bu2EjEBlnaY1flis1GmRnFCy2Q+MbSbgqSAL2NMZKjEXwtj+vequffEisOnatKfUbmczKN9Xu/Y6s1HsR3StP7hRy7WaWfnVrCTgY//f0LgmS9Y= before_install: - pip install --user pip --upgrade - pip install --user awscli --upgrade @@ -37,47 +35,33 @@ before_cache: - rm -fr $HOME/.gradle/caches/*/plugin-resolution/ cache: directories: - - "$HOME/.gradle/caches/" - - "$HOME/.gradle/wrapper/" -stages: -- init docker repository -- test -- publish artifacts -- deploy to development -- deploy to production + - $HOME/.gradle/caches/ + - $HOME/.gradle/wrapper/ jobs: include: - - stage: init docker repository + - stage: test env: - secure: WlgRNrhZNfvu2gwVdoUoxM86nNV7Cb9hK7ZQ6gUgR2zuM7O13aR4yXCpJT1ok8XuGj0oTtfmoqcKoXhHa0KjBVmFMCHrslkxmNTb/4aLDDJz+v/tck80d/e9kH6c3hinD2rC9xhyK7rJ21ORil8fe4+aPv5wQnu2xVTvtUg/deo/STQLbP3dIfEDS71vDq+YdjrxtuCB2/3dFN5OR+xopO3uj6lyZXglNWdYbt+ZLyZA3z5chrCmWdBWdyUbIyO3Na2C7MUVDfYzflcja7ppkWqk6UwESPNiPqAGFxdFV867qUB6kkTBtdyIgkAQzLGP5HWAomF4FRqrWMKz8N1Op2rdgAwm/121ClW76SlO1qj4HJ49BkS5iCkjsnXvX/wWC9iSYtOdcBSQl2PHBWvHJBktvJF5AjTvBCXHrZ+BqlRjkLwuO4uByzFUv+boO2B7w0I81IrckyHF8eZrWzojivdF0/VNmB61dwp2Ld+12h2JgghFk7ZiH0WvBwZtp/H/7/6u2Qb6ctIusuOadogV/+FjERiA8sxAAmcPQ0l2XnsrcpV7CwHGC4eM9ooz5mpvwH6eFO0Sc+HuoUh913vZqfqTUrh3adRUVxArw3gh+QorynnN/RWZ4VUIcdxnUaXFhTG8PMxZSDxdIBnlMA6UK9Cm6D83N2t0bbzadktWzOg= - secure: vBYFX0YlfvUhWm0W1sQxbt+Aq2Ab+OzJTSJwbncL+eSPZxO9oRnbQVug1O4nvz1UmjUxWzE3/Du4PPWK4eavw7bLZtGgMqXNTPiPvIS59cXZvRtF7LP9g122l4mTeveiPlowpBi7rl7cTaOPrO5LERv1ZhTCdClI0rW4qoTMjfaKhi2Mo8UtbFTXFy2HLnV+Vn8ETOUcqOoNdH1Q3kZk1lTL03dAtaMJ67I4EnTgCvw7AG7JtoqrplAIQ2etB+mO0zaVEdjLTQ15dlK6Ib+BrQ/s8hH2p9f2f8vxOVpwrKHljfApsZAr36VhSCl/Nnl7TbMHS9hzT+BfrL1fHXhfO0BWYHFRDIww2EEbGIPl4uBH8H9hJvJtXSLvWZWywv/5APmY/EF5YSoDPqqK75cWhLQAXaVaNSTTFU6We7UfyooXpPshZ5tTF9DHssPp6fAXYBZx9hwKtf3+ajmpV905aSFkYvfsrMYMhmK5rHRFsJGpLu99Chrb86FuPl1/K6ACNWiBUcfwd+rZLgrenI7PVUXHNvKvgJ/6Mn7+5cnC8YfyzeV8UajQRzSJOtle5RIg1nc4m5sy9oZ2gt8+hm4e1W56b8005rrEaVpaBhZKGXjujGZpvcXwXXo/bxsAttZFcBYWppSsDkn+Cy8NXPNdNz0HxGdFRnQuj/UJNO7pi58= - cache: false before_install: - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin - chmod +x $HOME/bin/terraform - install: - - cd deployment/terraform/ecr - - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" - -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${KEY}" - -backend-config="role_arn=${ROLE_ARN}" script: - - terraform plan -input=false -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} - deploy: - - provider: script - script: terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} - -var service_name=${SERVICE_NAME} - skip_cleanup: true - on: - all_branches: true - - stage: test + - cd deployment/terraform/ecr + - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${KEY}" -backend-config="role_arn=${ROLE_ARN}" + - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} + - REPOSITORY_URI=$(terraform output repository_url) + - cd $HOME + - AWS_ACCESS_KEY_ID=$TRAVIS_AWS_ACCESS_KEY_ID + - AWS_SECRET_ACCESS_KEY=$TRAVIS_AWS_SECRET_ACCESS_KEY + - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "TravisCI" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)"') + - $(aws ecr get-login --no-include-email) + - ./gradlew check + - ./gradlew docker dockerTag dockerPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI + - ./gradlew publish after_success: - - "./gradlew sonarqube" - - stage: publish artifacts - if: env(AWS_ACCESS_KEY_ID) IS NOT blank AND env(AWS_SECRET_ACCESS_KEY) IS NOT - blank - jdk: openjdk11 - script: "./gradlew publish" + - ./gradlew sonarqube - stage: deploy to development if: env(DEV_AWS_ACCOUNT_ID) IS NOT blank AND env(DEV_AWS_ACCESS_KEY_ID) IS NOT blank diff --git a/deployment/terraform/ecr/outputs.tf b/deployment/terraform/ecr/outputs.tf new file mode 100644 index 0000000..3ec347f --- /dev/null +++ b/deployment/terraform/ecr/outputs.tf @@ -0,0 +1,3 @@ +output "repository_url" { + value = "${module.ecr.repository_url}" +} From c9bc19538c2528f8ad4f8a829f1f76b2b6e4c165 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Tue, 14 May 2019 16:07:57 +1200 Subject: [PATCH 10/70] Only run against openjdk11 --- .travis.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index b6a84eb..868eb62 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,6 @@ language: java jdk: - openjdk11 -- openjdk-ea env: global: - ECR_REPOSITORY_NAME= @@ -25,6 +24,8 @@ env: - secure: hCl/qkJyG5tYFZWPhasg2DNth3Hy9Yp/5Oq4c6eCcEERRysX2nXkFOgdaUQmENWqyEG1CXH56lDTajeO/YBT9zTNbH0PoOwHPtV9935/BV+hmQwdgXf/O4wc9aH/om5KQXkT8oAn2qP2s+8zm1XO5lBkYSlvQ8CNiO9t22//ekaUvwM/zG5tCeDezv9j0yXZGTBTgEJ1haI7tIfglgFNkM2waOyntBT0k7doqvPd/upc9fooichq6YUWQWBuzuRKaA89ukyL7sQsZvF+MUFtQmwCW/R853Te312Cq2AAUY8Eq6N9ppw27bc0FcUe23cwg05NuR9GLPnAzczm2lxLKe02Ug0b2nGRldjDIgVl26RKi690ysIHnFQThX7GjUa5bFfbriIqKUsZNG3pI3Rqv4MNkVrqSKxlu1loyscrkuJz5qyIL2G9MZytuEgW3Or6jFewb6rL0QlmeptmsTdukTccOiXCFC48lcO/aMVzkHh8Z0wUsM0BS3T2gRz3egOm74GTl+TDQU1dJeuRqzuNaKorjJZ6qCRUdmkVykCXvhr/nqXW5GaU12FrIZct2yGhTs/oItYNFkbKbiLv0AyF/Wfzozr4XN8QJZKYjXbfVaUXV+VAmaNsPlqcFeWsZzyzUHWroM4EYaCs6oKAHPJuUaz5ew8zzBJ7tbXrS2etuE8= - secure: Qi0OF+l5wbkPPdWiYEZjZvn2Px6FNe4VEwx1L4djLop2qEJTdn6IS1M/vlmWgXpMzwvyB9BxwhUgPKFL0tkjRHVT6m6GW87MB/UFvrUSVsJjWaI0fjDMsNeqXeajBy9zc9kFm28t7XW5cSYujITonI5y+AJX5oiLU08MAzf2I+6pIrbGyuGqLEsXBML4fdpiToRh0HuMsCjmvO0APb7NIyxE4A1XuwcfsevnnFzIziC2DM6w6w4mG6mTIVHpjeqMRiKVNflHgcvyyBECJysDn7+2Hkt7wq34b3CKJQy5fcZ7cBWDKm/iOMJ0GQtj1gDvSPjzmfwYW7w8WIMZzUp/gExEMpt7SiL/qyg4XJCCNdan4zB/AnpsYAnPKQJscsK2WVzIGn2X5LdahAbcyFGaTPTmn5YwV7Qmhx6yERQ51WhtaTqMeQQftqwuR+jrgMM/K8PtPBHixVipE22k/RIviXe/dk76XPcbMxv+GAL6KQ2/CZQvIY4s0Szw8nDMcGfBgFxlXHRFRrzxxUBk29r3rLW9aXqHUuiqdupjx7zuaab0W6x4Q8cB4QILe/c6q5WNzpnlWhEBlnBN8Wv9wN4QLYX4Vsl8Q0d6ayaJRbdZAFWCJPWvbBcSwJbYKrr50lXeRcWytCWLdrQ0K5Q6KG9jkN2ZgFiiMd2Olu19PjS6v+w= - secure: c/8Vz4mcDSiNjVBE9wGy11xtnByIdP+pqaizbqwA9WFA2aoCe8mIUmd05VUDAYdFKtULpnjx798FOtXY7cCtgM/yqmrZdGCMP39C6ki4zc7X2cwJl922chU6IitcUq68oHPw0X1YZYG3NNzVw7hDQDG9vKhenwhQWe6mBLtNAAnFWOBmLujtQ8RB6y42zyiojqn4M6FT+IfRyRGqPEYKiJzQdo35j8xocILpmRC4fw1sE87sE3aM/rSXqkTD8eILUQvMoW+wIZbaEK8bfwoqFlO96I4QK9oPeIozxCxULnyDhShk7kBUeFWuT6w4/sFEO5CFWukSwV67yA/wV6iy2PvP0jxraPME4sZrbiJxD32jcmIM2/i6IQMoUwaepEXvHwhJ+pvM5lVurNlkO3YSYLr0e7+1ubiw0YQc7R+5g/gjkwUZSB/KhoPFWK6Kft1HDv4sTPF5aTjKrbAvpBRjM6fawB/gkEXZLTddP0qurPGX4au4tJ93mV+DfMb6XOKGlegwbS6jkWoR+qC7c9x6+RZ57xYzhOWbpza0YsYQy/P4Wi7biCDK5hxwcfc6bu2EjEBlnaY1flis1GmRnFCy2Q+MbSbgqSAL2NMZKjEXwtj+vequffEisOnatKfUbmczKN9Xu/Y6s1HsR3StP7hRy7WaWfnVrCTgY//f0LgmS9Y= + - secure: WlgRNrhZNfvu2gwVdoUoxM86nNV7Cb9hK7ZQ6gUgR2zuM7O13aR4yXCpJT1ok8XuGj0oTtfmoqcKoXhHa0KjBVmFMCHrslkxmNTb/4aLDDJz+v/tck80d/e9kH6c3hinD2rC9xhyK7rJ21ORil8fe4+aPv5wQnu2xVTvtUg/deo/STQLbP3dIfEDS71vDq+YdjrxtuCB2/3dFN5OR+xopO3uj6lyZXglNWdYbt+ZLyZA3z5chrCmWdBWdyUbIyO3Na2C7MUVDfYzflcja7ppkWqk6UwESPNiPqAGFxdFV867qUB6kkTBtdyIgkAQzLGP5HWAomF4FRqrWMKz8N1Op2rdgAwm/121ClW76SlO1qj4HJ49BkS5iCkjsnXvX/wWC9iSYtOdcBSQl2PHBWvHJBktvJF5AjTvBCXHrZ+BqlRjkLwuO4uByzFUv+boO2B7w0I81IrckyHF8eZrWzojivdF0/VNmB61dwp2Ld+12h2JgghFk7ZiH0WvBwZtp/H/7/6u2Qb6ctIusuOadogV/+FjERiA8sxAAmcPQ0l2XnsrcpV7CwHGC4eM9ooz5mpvwH6eFO0Sc+HuoUh913vZqfqTUrh3adRUVxArw3gh+QorynnN/RWZ4VUIcdxnUaXFhTG8PMxZSDxdIBnlMA6UK9Cm6D83N2t0bbzadktWzOg= + - secure: vBYFX0YlfvUhWm0W1sQxbt+Aq2Ab+OzJTSJwbncL+eSPZxO9oRnbQVug1O4nvz1UmjUxWzE3/Du4PPWK4eavw7bLZtGgMqXNTPiPvIS59cXZvRtF7LP9g122l4mTeveiPlowpBi7rl7cTaOPrO5LERv1ZhTCdClI0rW4qoTMjfaKhi2Mo8UtbFTXFy2HLnV+Vn8ETOUcqOoNdH1Q3kZk1lTL03dAtaMJ67I4EnTgCvw7AG7JtoqrplAIQ2etB+mO0zaVEdjLTQ15dlK6Ib+BrQ/s8hH2p9f2f8vxOVpwrKHljfApsZAr36VhSCl/Nnl7TbMHS9hzT+BfrL1fHXhfO0BWYHFRDIww2EEbGIPl4uBH8H9hJvJtXSLvWZWywv/5APmY/EF5YSoDPqqK75cWhLQAXaVaNSTTFU6We7UfyooXpPshZ5tTF9DHssPp6fAXYBZx9hwKtf3+ajmpV905aSFkYvfsrMYMhmK5rHRFsJGpLu99Chrb86FuPl1/K6ACNWiBUcfwd+rZLgrenI7PVUXHNvKvgJ/6Mn7+5cnC8YfyzeV8UajQRzSJOtle5RIg1nc4m5sy9oZ2gt8+hm4e1W56b8005rrEaVpaBhZKGXjujGZpvcXwXXo/bxsAttZFcBYWppSsDkn+Cy8NXPNdNz0HxGdFRnQuj/UJNO7pi58= before_install: - pip install --user pip --upgrade - pip install --user awscli --upgrade @@ -40,9 +41,6 @@ cache: jobs: include: - stage: test - env: - - secure: WlgRNrhZNfvu2gwVdoUoxM86nNV7Cb9hK7ZQ6gUgR2zuM7O13aR4yXCpJT1ok8XuGj0oTtfmoqcKoXhHa0KjBVmFMCHrslkxmNTb/4aLDDJz+v/tck80d/e9kH6c3hinD2rC9xhyK7rJ21ORil8fe4+aPv5wQnu2xVTvtUg/deo/STQLbP3dIfEDS71vDq+YdjrxtuCB2/3dFN5OR+xopO3uj6lyZXglNWdYbt+ZLyZA3z5chrCmWdBWdyUbIyO3Na2C7MUVDfYzflcja7ppkWqk6UwESPNiPqAGFxdFV867qUB6kkTBtdyIgkAQzLGP5HWAomF4FRqrWMKz8N1Op2rdgAwm/121ClW76SlO1qj4HJ49BkS5iCkjsnXvX/wWC9iSYtOdcBSQl2PHBWvHJBktvJF5AjTvBCXHrZ+BqlRjkLwuO4uByzFUv+boO2B7w0I81IrckyHF8eZrWzojivdF0/VNmB61dwp2Ld+12h2JgghFk7ZiH0WvBwZtp/H/7/6u2Qb6ctIusuOadogV/+FjERiA8sxAAmcPQ0l2XnsrcpV7CwHGC4eM9ooz5mpvwH6eFO0Sc+HuoUh913vZqfqTUrh3adRUVxArw3gh+QorynnN/RWZ4VUIcdxnUaXFhTG8PMxZSDxdIBnlMA6UK9Cm6D83N2t0bbzadktWzOg= - - secure: vBYFX0YlfvUhWm0W1sQxbt+Aq2Ab+OzJTSJwbncL+eSPZxO9oRnbQVug1O4nvz1UmjUxWzE3/Du4PPWK4eavw7bLZtGgMqXNTPiPvIS59cXZvRtF7LP9g122l4mTeveiPlowpBi7rl7cTaOPrO5LERv1ZhTCdClI0rW4qoTMjfaKhi2Mo8UtbFTXFy2HLnV+Vn8ETOUcqOoNdH1Q3kZk1lTL03dAtaMJ67I4EnTgCvw7AG7JtoqrplAIQ2etB+mO0zaVEdjLTQ15dlK6Ib+BrQ/s8hH2p9f2f8vxOVpwrKHljfApsZAr36VhSCl/Nnl7TbMHS9hzT+BfrL1fHXhfO0BWYHFRDIww2EEbGIPl4uBH8H9hJvJtXSLvWZWywv/5APmY/EF5YSoDPqqK75cWhLQAXaVaNSTTFU6We7UfyooXpPshZ5tTF9DHssPp6fAXYBZx9hwKtf3+ajmpV905aSFkYvfsrMYMhmK5rHRFsJGpLu99Chrb86FuPl1/K6ACNWiBUcfwd+rZLgrenI7PVUXHNvKvgJ/6Mn7+5cnC8YfyzeV8UajQRzSJOtle5RIg1nc4m5sy9oZ2gt8+hm4e1W56b8005rrEaVpaBhZKGXjujGZpvcXwXXo/bxsAttZFcBYWppSsDkn+Cy8NXPNdNz0HxGdFRnQuj/UJNO7pi58= before_install: - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin From c9ab640321849caa6fa09bbcb56d37bd4d548825 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Tue, 14 May 2019 16:18:03 +1200 Subject: [PATCH 11/70] Use xenial instead of trusty --- .travis.yml | 179 ++++++++++++++++++++++++++-------------------------- 1 file changed, 90 insertions(+), 89 deletions(-) diff --git a/.travis.yml b/.travis.yml index 868eb62..e091086 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,103 +1,104 @@ language: java jdk: -- openjdk11 + - openjdk11 +dist: xenial env: global: - - ECR_REPOSITORY_NAME= - - AWS_ACCESS_KEY_ID= - - AWS_SECRET_ACCESS_KEY= - - DEV_AWS_ACCOUNT_ID= - - DEV_AWS_ACCESS_KEY_ID= - - DEV_AWS_SECRET_ACCESS_KEY= - - PROD_AWS_ACCOUNT_ID= - - PROD_AWS_ACCESS_KEY_ID= - - PROD_AWS_SECRET_ACCESS_KEY= - - TF_IN_AUTOMATION=1 - - SERVICE_NAME=spring-boot-java-base - - VERSION=0.11.13 - - secure: QFLxq6/aFRdQqLbR5NWDAPpnlzk5AQ3bRaYH+uegZaA5qMWvNNEoBjE5yvAJKiOe6jbqW7vqnmHFUSaMQS9gpL8O0r70rW5eswb8QUa+tSc+N2dluzCMp2+Fnj/xk8sAq+ieo5B5El296aLd+9gFK1xnjkORSZHGT+GIXxFZgqO/OCO9TETWuPtDaOkygZvPdBOLs2MItVrnBfWSUL5e6uhFn60G3+E3q3P44reesrcWyyv1x0QM91GsYm7pUVH5gW6K1vptArpW6+S5At1QtGgaLQj+6rY6ywqkOusSgFlYXrGrTGeeOiig8xKTKRQVX1myXWSVCUfiJcLp09rv2zfveQ9lmB42F+GgaocKv8FuIC8RDb4v3qdV3svFB0KpZfOHrdOW9cvTciMyIhzcF2UNui7pUkP5aMdruApAoSxzQP1nbl/lWcacHyoShibXSMw/GYgIGik2s8TY3B3J9secFkMoVgZD2qcmij2+hbTOmVnI3/ocnHdjRfe9Z8G7+P6NlMJ4AN25BglLMJaz4hvjzP3X50PUhPhorYtA9i9WB5cH9TWxnhemcerQjPsHFin2+gKLqEDrRZ+kPNkQiOXUKcfQNN80YaI0PTS4N38sMdluSAKWb6upwvWkmlZcOVZJdoa2s24lNyq2bCdzpmcfalFAZwKszHwKMrlmVgA= - - secure: tmIuWwh2CTYUrg1xPLjaNEQST8KKCsw/i6PhaEmamojeDdw+nEFSXm+Yyf3wBxSPI5sLC42lIb2dKia0vcF/V1oK8/V1D/b7VbdKU3LrBKYzqKbL3Y/R/LiirvGrdG/6C9Ai3ET0cUd+oqffCEi/CWRDY9xLdT6tYuMn829xLLZol2rA7ANDP+znGPqbhG9oXAwd5Xffkf5UGKaAtsghuC9eo+F+sKXAU+12ASqivk++D3oiIz/41wIWb6tFkuAsqKvFrbHysd6iTrZjKYTVhQ9aRcQCtPEhS+9FyYe71lhaHW8r5vb1+e+uh0dq2ye6aAPVZx0T1llHF5TvcbF6rYNuAqEbi5bYTr0iPQ3yUy8mH9RWfR0OpuiBNEqdfW1yuyDUm3IURB2CXrnpjgqcntMrizs5ukP9ltqLoAp8YfvtiM7bYrYPHVfyzVjrt1R8FeaNLZtQEk3VtSnO1CwZnD80rQ1YwkpN6jq9xd1mpNCIku96KjVMdJ/lwo1mNhUqDBO4+X5bDFG1j0zBPWvFc0FjQnttn6EJkx+c62VoEDFao1Yu4N7w8qfgxpNaA/j4xeEr8IRp27XvlZc9f8XYFNvmVtZK+GiPOKFnFCZ5BzJKdV97Ma1xRUQbARDG4aqoyZYBBoHuRRGaq/Gse/ZGIPoYS5etcRxAjEGOONP8rLw= - - secure: XoxbVPpLStp/Rh2Dbc1MC/pgZANIWSmXSgtA1mZMGCKh2FayvtkC4gSmaQy/P+HbCSrppdKrKqflUNG2T+ZU7K7rT0XB08onOSAhXjGRHtgZbKHWtWneZ5lQdKytbpxyoVG3CbenOTRStuC45EyO33wL0mDcyA3HFeosZefiOFp95FP8aQ52zj7q6blbId767GobGkjXVEKtv1m7Z3TyhDLvlMPgM3th+Dn2vo+uZSx3EvBtbTDjXW7TEI3wAo/vCLdyBrE+ARmkHv+kJjrnlEAh496qIs2NlEohDH/XqQb5GTcRhT4SC/SSeKS8qkybzXtdt7XtBO7XbGHGYAf5gWDVNjsnrHMz8u+edsHTtasrB+QJelYc8iTVjIH9KWAtV8ufD9c9Fk8KQLzpVr/88BF7VQTMBTjRQHOPeGAQnZMmYXiv3b9VL9HZBrnKS0vhuvJRIYtuT93aildK2VDGsvmDX/ofKBkZiQePU7Vq8LHvnGUQxkxo/b2WGfcnTt23X1R8FcKQgbrP9mA1HOlAA3nbVTGkZJzNoXbUtZt4sZR2WHtxNpQRsVaXrRPYATHu8UStfd138EaLeAPuM4EQYTKA/9cOf7pmxtOpypYsTmkIuzxLdFrw3aniagZFQ6SDbVakbPV1BOTr5K0jZKLeeFG516MUKLk+CrIwyALIEbY= - - secure: nkg6tw+1yVyky1PgDcMrj4HNgPTTQLYDbi+SHvyCxqsvcjcXsDMmh7kFHX4KiuaOIWcXKg9+lQ2buUy8qOwj1lPXbEO28ZYU41jZNM1Y4LXKOLe2d0Lz5r46LF/tJOok8XUerHdVUM/BxmXiFdSa8r2C2Or3khxf9Dqdu6nMvYmBP2s7g0ABZDNsqaQTj8iKA7XfgCiq9c9f0mDThQZ0fv79MPDGA6gL5EfkBhQ1DFd4MunJu9oxQ28fsl0vb/imOhMLTNvdcRVEz1tL/PJ5/MTcOgokmrhZ5IzTk1bbKOfaYw5s6GOGrDK0ZyQq8031P9sLj4c2HtY9W5ntT8x0utBYI390fHuYRwx2M9w9KhqikBxMPg9srd4kkG7vlJGJUf+9jS4pt/KP8TYzC9ryK/9ONz/Bys1LFN7lTHJqAZBR5cMpLLwuiXuIrDD/SL0yLWsnlMUAc0XU7CkPEnYvFBoaoX/MObO5Fy6rSXdDkaIrpWYD4AUXj8PEA/b9SafLxjmp68CtAqhQ+Kv0stAFDYbW3pW+edBKCQGtnzCeNWLK6F7hP6oqugHns8uaWdYx+vFyHrvYAAfb6ZWFnJ2umqHQbdDmgl/iwPlZsey1Z+1GUzPFnKv1B+L6VjsdPFpUlx9w7LNy9q0nxh1FTbRwlerYdGXs5ir3qjKo42wYJ/4= - - secure: rsQY9ftjfAY7q30Eu3eKJw+iOhFZNouV75HcXOiaMSJ0gqypQ3Lhv1vKSEQefV/EJIojEcxdJ8NRF3dyIrgKJvf0YezzSjzDleMRcP+AmmuQyeGqd5MYJ6kl8BRLerWWAuuc+bp2dLw/KCanXrDwh7bp2/V9pOTTdBfzBFG/nPrR40CLkI7AQaEccuHVb2ZphlzSf9VOzEYlBzilXuJvRkl+/GpyEE170O7jkOBImIT8OXnO1UXzzRUymZCZs3bYTu9nIknpLeVa0ba+VHla/dlSwFFJY+zs0v83lsQ+CErkMMikPQy7j5UlIKNF8X6Zubu0D0gOP0+PwWXsBbB5/E+YCyHNcox9mzuzsDkIdBO9tABE08Zhx/UVqU5KKnkIshMIxNFbMnXgA/rsd4NyT35onWIEoom13Nar/xJpIhnWSXTQhHzamjIjIA3Oj7et++Rt36sqZNqxkGQJqvV0fE6+khJ7Y8SCiaPJW91GUz9Xdx/8FW3QMT2UeI4MpX0VlIlkBZrhMO6v6gAp/zOib1jiuKCK1ZJTYkuYPLUwEzVx50+uRB7IxHT5mKeR8IfPktWxyYA/YRL0XHLkgaV7S4v49/3ReF3+KmPTHpmKnOq5VoEORAegcqcBFgATtddDTC4c1kuwjJzdka3qnBuWCWpm8jySzBQLilrNpKP+bW8= - - secure: AqCThrzOrsP80XztRjyLS7ntP7h7KZqNv38tXLedMzBQFni4Wo8b+pOkcSvuOe/aXsX9h3kzVrzl36lS4S9seNLaLN+ZRcg3YPzSm3MlHWcneY+RvXWhUh+B51z7IUQcSQ24Mez13Udm6aGBEokDVNCacfDNk2J8c+0HB/KK9DTAvspCnFv8W2Qo7jvkQbvjVbr6RnadEXaWEuvtvfr5cX17HZPwco6+hwpGYOgKjVkeDj2yW/VzXaexzq4LLbRJdEcERxppe84OBG3IigYtVsASG94baAau+SfNq3oLQhK7RdK9lHsRONwX5kAvvM1g4AFjs1Vqtsy+jjtQUCE+hsJSm9akBqqFnOUjMDIJicdeHJptHYEZ77oT6R40pw+b5ZJGT9r2o5FJdLbygQkJ4VqwyT1lErFS6EX4apMNX1J2zx5ieiXmgh1DCeVgJSaVP4q1dnvGowfJhL7RxNww6PWHZWVzyi+x79/q8acjr/Y2+RkZzdk0gssR++4vbadRFwXsek+hfXVYIrRQfe5oEyidm99VcW1C6OfCxkXBOjqMAKnjEnUBf+B6p68pMEkBzd3/LhPxPTXEM3LXo1c6H4Jp75n/W4Wg+At8Wq/HnR1Vrojm/+rS1hEJV7GW3XxgTuHcRFueJpwlMaSbpfY9HmM0jsyiObPdsq4CJMUHjrM= - - secure: hCl/qkJyG5tYFZWPhasg2DNth3Hy9Yp/5Oq4c6eCcEERRysX2nXkFOgdaUQmENWqyEG1CXH56lDTajeO/YBT9zTNbH0PoOwHPtV9935/BV+hmQwdgXf/O4wc9aH/om5KQXkT8oAn2qP2s+8zm1XO5lBkYSlvQ8CNiO9t22//ekaUvwM/zG5tCeDezv9j0yXZGTBTgEJ1haI7tIfglgFNkM2waOyntBT0k7doqvPd/upc9fooichq6YUWQWBuzuRKaA89ukyL7sQsZvF+MUFtQmwCW/R853Te312Cq2AAUY8Eq6N9ppw27bc0FcUe23cwg05NuR9GLPnAzczm2lxLKe02Ug0b2nGRldjDIgVl26RKi690ysIHnFQThX7GjUa5bFfbriIqKUsZNG3pI3Rqv4MNkVrqSKxlu1loyscrkuJz5qyIL2G9MZytuEgW3Or6jFewb6rL0QlmeptmsTdukTccOiXCFC48lcO/aMVzkHh8Z0wUsM0BS3T2gRz3egOm74GTl+TDQU1dJeuRqzuNaKorjJZ6qCRUdmkVykCXvhr/nqXW5GaU12FrIZct2yGhTs/oItYNFkbKbiLv0AyF/Wfzozr4XN8QJZKYjXbfVaUXV+VAmaNsPlqcFeWsZzyzUHWroM4EYaCs6oKAHPJuUaz5ew8zzBJ7tbXrS2etuE8= - - secure: Qi0OF+l5wbkPPdWiYEZjZvn2Px6FNe4VEwx1L4djLop2qEJTdn6IS1M/vlmWgXpMzwvyB9BxwhUgPKFL0tkjRHVT6m6GW87MB/UFvrUSVsJjWaI0fjDMsNeqXeajBy9zc9kFm28t7XW5cSYujITonI5y+AJX5oiLU08MAzf2I+6pIrbGyuGqLEsXBML4fdpiToRh0HuMsCjmvO0APb7NIyxE4A1XuwcfsevnnFzIziC2DM6w6w4mG6mTIVHpjeqMRiKVNflHgcvyyBECJysDn7+2Hkt7wq34b3CKJQy5fcZ7cBWDKm/iOMJ0GQtj1gDvSPjzmfwYW7w8WIMZzUp/gExEMpt7SiL/qyg4XJCCNdan4zB/AnpsYAnPKQJscsK2WVzIGn2X5LdahAbcyFGaTPTmn5YwV7Qmhx6yERQ51WhtaTqMeQQftqwuR+jrgMM/K8PtPBHixVipE22k/RIviXe/dk76XPcbMxv+GAL6KQ2/CZQvIY4s0Szw8nDMcGfBgFxlXHRFRrzxxUBk29r3rLW9aXqHUuiqdupjx7zuaab0W6x4Q8cB4QILe/c6q5WNzpnlWhEBlnBN8Wv9wN4QLYX4Vsl8Q0d6ayaJRbdZAFWCJPWvbBcSwJbYKrr50lXeRcWytCWLdrQ0K5Q6KG9jkN2ZgFiiMd2Olu19PjS6v+w= - - secure: c/8Vz4mcDSiNjVBE9wGy11xtnByIdP+pqaizbqwA9WFA2aoCe8mIUmd05VUDAYdFKtULpnjx798FOtXY7cCtgM/yqmrZdGCMP39C6ki4zc7X2cwJl922chU6IitcUq68oHPw0X1YZYG3NNzVw7hDQDG9vKhenwhQWe6mBLtNAAnFWOBmLujtQ8RB6y42zyiojqn4M6FT+IfRyRGqPEYKiJzQdo35j8xocILpmRC4fw1sE87sE3aM/rSXqkTD8eILUQvMoW+wIZbaEK8bfwoqFlO96I4QK9oPeIozxCxULnyDhShk7kBUeFWuT6w4/sFEO5CFWukSwV67yA/wV6iy2PvP0jxraPME4sZrbiJxD32jcmIM2/i6IQMoUwaepEXvHwhJ+pvM5lVurNlkO3YSYLr0e7+1ubiw0YQc7R+5g/gjkwUZSB/KhoPFWK6Kft1HDv4sTPF5aTjKrbAvpBRjM6fawB/gkEXZLTddP0qurPGX4au4tJ93mV+DfMb6XOKGlegwbS6jkWoR+qC7c9x6+RZ57xYzhOWbpza0YsYQy/P4Wi7biCDK5hxwcfc6bu2EjEBlnaY1flis1GmRnFCy2Q+MbSbgqSAL2NMZKjEXwtj+vequffEisOnatKfUbmczKN9Xu/Y6s1HsR3StP7hRy7WaWfnVrCTgY//f0LgmS9Y= - - secure: WlgRNrhZNfvu2gwVdoUoxM86nNV7Cb9hK7ZQ6gUgR2zuM7O13aR4yXCpJT1ok8XuGj0oTtfmoqcKoXhHa0KjBVmFMCHrslkxmNTb/4aLDDJz+v/tck80d/e9kH6c3hinD2rC9xhyK7rJ21ORil8fe4+aPv5wQnu2xVTvtUg/deo/STQLbP3dIfEDS71vDq+YdjrxtuCB2/3dFN5OR+xopO3uj6lyZXglNWdYbt+ZLyZA3z5chrCmWdBWdyUbIyO3Na2C7MUVDfYzflcja7ppkWqk6UwESPNiPqAGFxdFV867qUB6kkTBtdyIgkAQzLGP5HWAomF4FRqrWMKz8N1Op2rdgAwm/121ClW76SlO1qj4HJ49BkS5iCkjsnXvX/wWC9iSYtOdcBSQl2PHBWvHJBktvJF5AjTvBCXHrZ+BqlRjkLwuO4uByzFUv+boO2B7w0I81IrckyHF8eZrWzojivdF0/VNmB61dwp2Ld+12h2JgghFk7ZiH0WvBwZtp/H/7/6u2Qb6ctIusuOadogV/+FjERiA8sxAAmcPQ0l2XnsrcpV7CwHGC4eM9ooz5mpvwH6eFO0Sc+HuoUh913vZqfqTUrh3adRUVxArw3gh+QorynnN/RWZ4VUIcdxnUaXFhTG8PMxZSDxdIBnlMA6UK9Cm6D83N2t0bbzadktWzOg= - - secure: vBYFX0YlfvUhWm0W1sQxbt+Aq2Ab+OzJTSJwbncL+eSPZxO9oRnbQVug1O4nvz1UmjUxWzE3/Du4PPWK4eavw7bLZtGgMqXNTPiPvIS59cXZvRtF7LP9g122l4mTeveiPlowpBi7rl7cTaOPrO5LERv1ZhTCdClI0rW4qoTMjfaKhi2Mo8UtbFTXFy2HLnV+Vn8ETOUcqOoNdH1Q3kZk1lTL03dAtaMJ67I4EnTgCvw7AG7JtoqrplAIQ2etB+mO0zaVEdjLTQ15dlK6Ib+BrQ/s8hH2p9f2f8vxOVpwrKHljfApsZAr36VhSCl/Nnl7TbMHS9hzT+BfrL1fHXhfO0BWYHFRDIww2EEbGIPl4uBH8H9hJvJtXSLvWZWywv/5APmY/EF5YSoDPqqK75cWhLQAXaVaNSTTFU6We7UfyooXpPshZ5tTF9DHssPp6fAXYBZx9hwKtf3+ajmpV905aSFkYvfsrMYMhmK5rHRFsJGpLu99Chrb86FuPl1/K6ACNWiBUcfwd+rZLgrenI7PVUXHNvKvgJ/6Mn7+5cnC8YfyzeV8UajQRzSJOtle5RIg1nc4m5sy9oZ2gt8+hm4e1W56b8005rrEaVpaBhZKGXjujGZpvcXwXXo/bxsAttZFcBYWppSsDkn+Cy8NXPNdNz0HxGdFRnQuj/UJNO7pi58= + - ECR_REPOSITORY_NAME= + - AWS_ACCESS_KEY_ID= + - AWS_SECRET_ACCESS_KEY= + - DEV_AWS_ACCOUNT_ID= + - DEV_AWS_ACCESS_KEY_ID= + - DEV_AWS_SECRET_ACCESS_KEY= + - PROD_AWS_ACCOUNT_ID= + - PROD_AWS_ACCESS_KEY_ID= + - PROD_AWS_SECRET_ACCESS_KEY= + - TF_IN_AUTOMATION=1 + - SERVICE_NAME=spring-boot-java-base + - VERSION=0.11.13 + - secure: QFLxq6/aFRdQqLbR5NWDAPpnlzk5AQ3bRaYH+uegZaA5qMWvNNEoBjE5yvAJKiOe6jbqW7vqnmHFUSaMQS9gpL8O0r70rW5eswb8QUa+tSc+N2dluzCMp2+Fnj/xk8sAq+ieo5B5El296aLd+9gFK1xnjkORSZHGT+GIXxFZgqO/OCO9TETWuPtDaOkygZvPdBOLs2MItVrnBfWSUL5e6uhFn60G3+E3q3P44reesrcWyyv1x0QM91GsYm7pUVH5gW6K1vptArpW6+S5At1QtGgaLQj+6rY6ywqkOusSgFlYXrGrTGeeOiig8xKTKRQVX1myXWSVCUfiJcLp09rv2zfveQ9lmB42F+GgaocKv8FuIC8RDb4v3qdV3svFB0KpZfOHrdOW9cvTciMyIhzcF2UNui7pUkP5aMdruApAoSxzQP1nbl/lWcacHyoShibXSMw/GYgIGik2s8TY3B3J9secFkMoVgZD2qcmij2+hbTOmVnI3/ocnHdjRfe9Z8G7+P6NlMJ4AN25BglLMJaz4hvjzP3X50PUhPhorYtA9i9WB5cH9TWxnhemcerQjPsHFin2+gKLqEDrRZ+kPNkQiOXUKcfQNN80YaI0PTS4N38sMdluSAKWb6upwvWkmlZcOVZJdoa2s24lNyq2bCdzpmcfalFAZwKszHwKMrlmVgA= + - secure: tmIuWwh2CTYUrg1xPLjaNEQST8KKCsw/i6PhaEmamojeDdw+nEFSXm+Yyf3wBxSPI5sLC42lIb2dKia0vcF/V1oK8/V1D/b7VbdKU3LrBKYzqKbL3Y/R/LiirvGrdG/6C9Ai3ET0cUd+oqffCEi/CWRDY9xLdT6tYuMn829xLLZol2rA7ANDP+znGPqbhG9oXAwd5Xffkf5UGKaAtsghuC9eo+F+sKXAU+12ASqivk++D3oiIz/41wIWb6tFkuAsqKvFrbHysd6iTrZjKYTVhQ9aRcQCtPEhS+9FyYe71lhaHW8r5vb1+e+uh0dq2ye6aAPVZx0T1llHF5TvcbF6rYNuAqEbi5bYTr0iPQ3yUy8mH9RWfR0OpuiBNEqdfW1yuyDUm3IURB2CXrnpjgqcntMrizs5ukP9ltqLoAp8YfvtiM7bYrYPHVfyzVjrt1R8FeaNLZtQEk3VtSnO1CwZnD80rQ1YwkpN6jq9xd1mpNCIku96KjVMdJ/lwo1mNhUqDBO4+X5bDFG1j0zBPWvFc0FjQnttn6EJkx+c62VoEDFao1Yu4N7w8qfgxpNaA/j4xeEr8IRp27XvlZc9f8XYFNvmVtZK+GiPOKFnFCZ5BzJKdV97Ma1xRUQbARDG4aqoyZYBBoHuRRGaq/Gse/ZGIPoYS5etcRxAjEGOONP8rLw= + - secure: XoxbVPpLStp/Rh2Dbc1MC/pgZANIWSmXSgtA1mZMGCKh2FayvtkC4gSmaQy/P+HbCSrppdKrKqflUNG2T+ZU7K7rT0XB08onOSAhXjGRHtgZbKHWtWneZ5lQdKytbpxyoVG3CbenOTRStuC45EyO33wL0mDcyA3HFeosZefiOFp95FP8aQ52zj7q6blbId767GobGkjXVEKtv1m7Z3TyhDLvlMPgM3th+Dn2vo+uZSx3EvBtbTDjXW7TEI3wAo/vCLdyBrE+ARmkHv+kJjrnlEAh496qIs2NlEohDH/XqQb5GTcRhT4SC/SSeKS8qkybzXtdt7XtBO7XbGHGYAf5gWDVNjsnrHMz8u+edsHTtasrB+QJelYc8iTVjIH9KWAtV8ufD9c9Fk8KQLzpVr/88BF7VQTMBTjRQHOPeGAQnZMmYXiv3b9VL9HZBrnKS0vhuvJRIYtuT93aildK2VDGsvmDX/ofKBkZiQePU7Vq8LHvnGUQxkxo/b2WGfcnTt23X1R8FcKQgbrP9mA1HOlAA3nbVTGkZJzNoXbUtZt4sZR2WHtxNpQRsVaXrRPYATHu8UStfd138EaLeAPuM4EQYTKA/9cOf7pmxtOpypYsTmkIuzxLdFrw3aniagZFQ6SDbVakbPV1BOTr5K0jZKLeeFG516MUKLk+CrIwyALIEbY= + - secure: nkg6tw+1yVyky1PgDcMrj4HNgPTTQLYDbi+SHvyCxqsvcjcXsDMmh7kFHX4KiuaOIWcXKg9+lQ2buUy8qOwj1lPXbEO28ZYU41jZNM1Y4LXKOLe2d0Lz5r46LF/tJOok8XUerHdVUM/BxmXiFdSa8r2C2Or3khxf9Dqdu6nMvYmBP2s7g0ABZDNsqaQTj8iKA7XfgCiq9c9f0mDThQZ0fv79MPDGA6gL5EfkBhQ1DFd4MunJu9oxQ28fsl0vb/imOhMLTNvdcRVEz1tL/PJ5/MTcOgokmrhZ5IzTk1bbKOfaYw5s6GOGrDK0ZyQq8031P9sLj4c2HtY9W5ntT8x0utBYI390fHuYRwx2M9w9KhqikBxMPg9srd4kkG7vlJGJUf+9jS4pt/KP8TYzC9ryK/9ONz/Bys1LFN7lTHJqAZBR5cMpLLwuiXuIrDD/SL0yLWsnlMUAc0XU7CkPEnYvFBoaoX/MObO5Fy6rSXdDkaIrpWYD4AUXj8PEA/b9SafLxjmp68CtAqhQ+Kv0stAFDYbW3pW+edBKCQGtnzCeNWLK6F7hP6oqugHns8uaWdYx+vFyHrvYAAfb6ZWFnJ2umqHQbdDmgl/iwPlZsey1Z+1GUzPFnKv1B+L6VjsdPFpUlx9w7LNy9q0nxh1FTbRwlerYdGXs5ir3qjKo42wYJ/4= + - secure: rsQY9ftjfAY7q30Eu3eKJw+iOhFZNouV75HcXOiaMSJ0gqypQ3Lhv1vKSEQefV/EJIojEcxdJ8NRF3dyIrgKJvf0YezzSjzDleMRcP+AmmuQyeGqd5MYJ6kl8BRLerWWAuuc+bp2dLw/KCanXrDwh7bp2/V9pOTTdBfzBFG/nPrR40CLkI7AQaEccuHVb2ZphlzSf9VOzEYlBzilXuJvRkl+/GpyEE170O7jkOBImIT8OXnO1UXzzRUymZCZs3bYTu9nIknpLeVa0ba+VHla/dlSwFFJY+zs0v83lsQ+CErkMMikPQy7j5UlIKNF8X6Zubu0D0gOP0+PwWXsBbB5/E+YCyHNcox9mzuzsDkIdBO9tABE08Zhx/UVqU5KKnkIshMIxNFbMnXgA/rsd4NyT35onWIEoom13Nar/xJpIhnWSXTQhHzamjIjIA3Oj7et++Rt36sqZNqxkGQJqvV0fE6+khJ7Y8SCiaPJW91GUz9Xdx/8FW3QMT2UeI4MpX0VlIlkBZrhMO6v6gAp/zOib1jiuKCK1ZJTYkuYPLUwEzVx50+uRB7IxHT5mKeR8IfPktWxyYA/YRL0XHLkgaV7S4v49/3ReF3+KmPTHpmKnOq5VoEORAegcqcBFgATtddDTC4c1kuwjJzdka3qnBuWCWpm8jySzBQLilrNpKP+bW8= + - secure: AqCThrzOrsP80XztRjyLS7ntP7h7KZqNv38tXLedMzBQFni4Wo8b+pOkcSvuOe/aXsX9h3kzVrzl36lS4S9seNLaLN+ZRcg3YPzSm3MlHWcneY+RvXWhUh+B51z7IUQcSQ24Mez13Udm6aGBEokDVNCacfDNk2J8c+0HB/KK9DTAvspCnFv8W2Qo7jvkQbvjVbr6RnadEXaWEuvtvfr5cX17HZPwco6+hwpGYOgKjVkeDj2yW/VzXaexzq4LLbRJdEcERxppe84OBG3IigYtVsASG94baAau+SfNq3oLQhK7RdK9lHsRONwX5kAvvM1g4AFjs1Vqtsy+jjtQUCE+hsJSm9akBqqFnOUjMDIJicdeHJptHYEZ77oT6R40pw+b5ZJGT9r2o5FJdLbygQkJ4VqwyT1lErFS6EX4apMNX1J2zx5ieiXmgh1DCeVgJSaVP4q1dnvGowfJhL7RxNww6PWHZWVzyi+x79/q8acjr/Y2+RkZzdk0gssR++4vbadRFwXsek+hfXVYIrRQfe5oEyidm99VcW1C6OfCxkXBOjqMAKnjEnUBf+B6p68pMEkBzd3/LhPxPTXEM3LXo1c6H4Jp75n/W4Wg+At8Wq/HnR1Vrojm/+rS1hEJV7GW3XxgTuHcRFueJpwlMaSbpfY9HmM0jsyiObPdsq4CJMUHjrM= + - secure: hCl/qkJyG5tYFZWPhasg2DNth3Hy9Yp/5Oq4c6eCcEERRysX2nXkFOgdaUQmENWqyEG1CXH56lDTajeO/YBT9zTNbH0PoOwHPtV9935/BV+hmQwdgXf/O4wc9aH/om5KQXkT8oAn2qP2s+8zm1XO5lBkYSlvQ8CNiO9t22//ekaUvwM/zG5tCeDezv9j0yXZGTBTgEJ1haI7tIfglgFNkM2waOyntBT0k7doqvPd/upc9fooichq6YUWQWBuzuRKaA89ukyL7sQsZvF+MUFtQmwCW/R853Te312Cq2AAUY8Eq6N9ppw27bc0FcUe23cwg05NuR9GLPnAzczm2lxLKe02Ug0b2nGRldjDIgVl26RKi690ysIHnFQThX7GjUa5bFfbriIqKUsZNG3pI3Rqv4MNkVrqSKxlu1loyscrkuJz5qyIL2G9MZytuEgW3Or6jFewb6rL0QlmeptmsTdukTccOiXCFC48lcO/aMVzkHh8Z0wUsM0BS3T2gRz3egOm74GTl+TDQU1dJeuRqzuNaKorjJZ6qCRUdmkVykCXvhr/nqXW5GaU12FrIZct2yGhTs/oItYNFkbKbiLv0AyF/Wfzozr4XN8QJZKYjXbfVaUXV+VAmaNsPlqcFeWsZzyzUHWroM4EYaCs6oKAHPJuUaz5ew8zzBJ7tbXrS2etuE8= + - secure: Qi0OF+l5wbkPPdWiYEZjZvn2Px6FNe4VEwx1L4djLop2qEJTdn6IS1M/vlmWgXpMzwvyB9BxwhUgPKFL0tkjRHVT6m6GW87MB/UFvrUSVsJjWaI0fjDMsNeqXeajBy9zc9kFm28t7XW5cSYujITonI5y+AJX5oiLU08MAzf2I+6pIrbGyuGqLEsXBML4fdpiToRh0HuMsCjmvO0APb7NIyxE4A1XuwcfsevnnFzIziC2DM6w6w4mG6mTIVHpjeqMRiKVNflHgcvyyBECJysDn7+2Hkt7wq34b3CKJQy5fcZ7cBWDKm/iOMJ0GQtj1gDvSPjzmfwYW7w8WIMZzUp/gExEMpt7SiL/qyg4XJCCNdan4zB/AnpsYAnPKQJscsK2WVzIGn2X5LdahAbcyFGaTPTmn5YwV7Qmhx6yERQ51WhtaTqMeQQftqwuR+jrgMM/K8PtPBHixVipE22k/RIviXe/dk76XPcbMxv+GAL6KQ2/CZQvIY4s0Szw8nDMcGfBgFxlXHRFRrzxxUBk29r3rLW9aXqHUuiqdupjx7zuaab0W6x4Q8cB4QILe/c6q5WNzpnlWhEBlnBN8Wv9wN4QLYX4Vsl8Q0d6ayaJRbdZAFWCJPWvbBcSwJbYKrr50lXeRcWytCWLdrQ0K5Q6KG9jkN2ZgFiiMd2Olu19PjS6v+w= + - secure: c/8Vz4mcDSiNjVBE9wGy11xtnByIdP+pqaizbqwA9WFA2aoCe8mIUmd05VUDAYdFKtULpnjx798FOtXY7cCtgM/yqmrZdGCMP39C6ki4zc7X2cwJl922chU6IitcUq68oHPw0X1YZYG3NNzVw7hDQDG9vKhenwhQWe6mBLtNAAnFWOBmLujtQ8RB6y42zyiojqn4M6FT+IfRyRGqPEYKiJzQdo35j8xocILpmRC4fw1sE87sE3aM/rSXqkTD8eILUQvMoW+wIZbaEK8bfwoqFlO96I4QK9oPeIozxCxULnyDhShk7kBUeFWuT6w4/sFEO5CFWukSwV67yA/wV6iy2PvP0jxraPME4sZrbiJxD32jcmIM2/i6IQMoUwaepEXvHwhJ+pvM5lVurNlkO3YSYLr0e7+1ubiw0YQc7R+5g/gjkwUZSB/KhoPFWK6Kft1HDv4sTPF5aTjKrbAvpBRjM6fawB/gkEXZLTddP0qurPGX4au4tJ93mV+DfMb6XOKGlegwbS6jkWoR+qC7c9x6+RZ57xYzhOWbpza0YsYQy/P4Wi7biCDK5hxwcfc6bu2EjEBlnaY1flis1GmRnFCy2Q+MbSbgqSAL2NMZKjEXwtj+vequffEisOnatKfUbmczKN9Xu/Y6s1HsR3StP7hRy7WaWfnVrCTgY//f0LgmS9Y= + - secure: WlgRNrhZNfvu2gwVdoUoxM86nNV7Cb9hK7ZQ6gUgR2zuM7O13aR4yXCpJT1ok8XuGj0oTtfmoqcKoXhHa0KjBVmFMCHrslkxmNTb/4aLDDJz+v/tck80d/e9kH6c3hinD2rC9xhyK7rJ21ORil8fe4+aPv5wQnu2xVTvtUg/deo/STQLbP3dIfEDS71vDq+YdjrxtuCB2/3dFN5OR+xopO3uj6lyZXglNWdYbt+ZLyZA3z5chrCmWdBWdyUbIyO3Na2C7MUVDfYzflcja7ppkWqk6UwESPNiPqAGFxdFV867qUB6kkTBtdyIgkAQzLGP5HWAomF4FRqrWMKz8N1Op2rdgAwm/121ClW76SlO1qj4HJ49BkS5iCkjsnXvX/wWC9iSYtOdcBSQl2PHBWvHJBktvJF5AjTvBCXHrZ+BqlRjkLwuO4uByzFUv+boO2B7w0I81IrckyHF8eZrWzojivdF0/VNmB61dwp2Ld+12h2JgghFk7ZiH0WvBwZtp/H/7/6u2Qb6ctIusuOadogV/+FjERiA8sxAAmcPQ0l2XnsrcpV7CwHGC4eM9ooz5mpvwH6eFO0Sc+HuoUh913vZqfqTUrh3adRUVxArw3gh+QorynnN/RWZ4VUIcdxnUaXFhTG8PMxZSDxdIBnlMA6UK9Cm6D83N2t0bbzadktWzOg= + - secure: vBYFX0YlfvUhWm0W1sQxbt+Aq2Ab+OzJTSJwbncL+eSPZxO9oRnbQVug1O4nvz1UmjUxWzE3/Du4PPWK4eavw7bLZtGgMqXNTPiPvIS59cXZvRtF7LP9g122l4mTeveiPlowpBi7rl7cTaOPrO5LERv1ZhTCdClI0rW4qoTMjfaKhi2Mo8UtbFTXFy2HLnV+Vn8ETOUcqOoNdH1Q3kZk1lTL03dAtaMJ67I4EnTgCvw7AG7JtoqrplAIQ2etB+mO0zaVEdjLTQ15dlK6Ib+BrQ/s8hH2p9f2f8vxOVpwrKHljfApsZAr36VhSCl/Nnl7TbMHS9hzT+BfrL1fHXhfO0BWYHFRDIww2EEbGIPl4uBH8H9hJvJtXSLvWZWywv/5APmY/EF5YSoDPqqK75cWhLQAXaVaNSTTFU6We7UfyooXpPshZ5tTF9DHssPp6fAXYBZx9hwKtf3+ajmpV905aSFkYvfsrMYMhmK5rHRFsJGpLu99Chrb86FuPl1/K6ACNWiBUcfwd+rZLgrenI7PVUXHNvKvgJ/6Mn7+5cnC8YfyzeV8UajQRzSJOtle5RIg1nc4m5sy9oZ2gt8+hm4e1W56b8005rrEaVpaBhZKGXjujGZpvcXwXXo/bxsAttZFcBYWppSsDkn+Cy8NXPNdNz0HxGdFRnQuj/UJNO7pi58= before_install: -- pip install --user pip --upgrade -- pip install --user awscli --upgrade -- pip install --user ecs-deploy --upgrade -- export PATH=$PATH:$HOME/.local/bin + - pip3 install --user pip --upgrade + - pip install --user awscli --upgrade + - pip install --user ecs-deploy --upgrade + - export PATH=$PATH:$HOME/.local/bin before_cache: -- rm -f $HOME/.gradle/caches/modules-2/modules-2.lock -- rm -fr $HOME/.gradle/caches/*/plugin-resolution/ + - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock + - rm -fr $HOME/.gradle/caches/*/plugin-resolution/ cache: directories: - - $HOME/.gradle/caches/ - - $HOME/.gradle/wrapper/ + - $HOME/.gradle/caches/ + - $HOME/.gradle/wrapper/ jobs: include: - - stage: test - before_install: - - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin - - chmod +x $HOME/bin/terraform - script: - - cd deployment/terraform/ecr - - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${KEY}" -backend-config="role_arn=${ROLE_ARN}" - - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} - - REPOSITORY_URI=$(terraform output repository_url) - - cd $HOME - - AWS_ACCESS_KEY_ID=$TRAVIS_AWS_ACCESS_KEY_ID - - AWS_SECRET_ACCESS_KEY=$TRAVIS_AWS_SECRET_ACCESS_KEY - - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "TravisCI" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)"') - - $(aws ecr get-login --no-include-email) - - ./gradlew check - - ./gradlew docker dockerTag dockerPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI - - ./gradlew publish - after_success: - - ./gradlew sonarqube - - stage: deploy to development - if: env(DEV_AWS_ACCOUNT_ID) IS NOT blank AND env(DEV_AWS_ACCESS_KEY_ID) IS NOT - blank - jdk: openjdk11 - env: - - CLUSTER_NAME= - - SERVICE_NAME= - - AWS_ACCESS_KEY_ID=$DEV_AWS_ACCESS_KEY_ID - - AWS_SECRET_ACCESS_KEY=$DEV_AWS_SECRET_ACCESS_KEY - - REPOSITORY_URI=$DEV_AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$ECR_REPOSITORY_NAME - script: skip - before_deploy: deployment/scripts/common/push-docker-image.sh - deploy: - skip_cleanup: true - provider: script - script: ecs deploy $CLUSTER_NAME $SERVICE_NAME --tag $TRAVIS_BUILD_NUMBER --no-deregister - on: - branch: master - - stage: deploy to production - if: env(PROD_AWS_ACCOUNT_ID) IS NOT blank AND env(PROD_AWS_SECRET_ACCESS_KEY) - IS NOT blank - jdk: openjdk11 - env: - - CLUSTER_NAME= - - SERVICE_NAME= - - AWS_ACCESS_KEY_ID=$PROD_AWS_ACCESS_KEY_ID - - AWS_SECRET_ACCESS_KEY=$PROD_AWS_SECRET_ACCESS_KEY - - REPOSITORY_URI=$PROD_AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$ECR_REPOSITORY_NAME - script: skip - before_deploy: deployment/scripts/common/push-docker-image.sh - deploy: - skip_cleanup: true - provider: script - script: ecs deploy $CLUSTER_NAME $SERVICE_NAME --tag $TRAVIS_BUILD_NUMBER --no-deregister - on: - branch: master + - stage: test + before_install: + - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip + - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin + - chmod +x $HOME/bin/terraform + script: + - cd deployment/terraform/ecr + - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${KEY}" -backend-config="role_arn=${ROLE_ARN}" + - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} + - REPOSITORY_URI=$(terraform output repository_url) + - cd $HOME + - AWS_ACCESS_KEY_ID=$TRAVIS_AWS_ACCESS_KEY_ID + - AWS_SECRET_ACCESS_KEY=$TRAVIS_AWS_SECRET_ACCESS_KEY + - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "TravisCI" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)"') + - $(aws ecr get-login --no-include-email) + - ./gradlew check + - ./gradlew docker dockerTag dockerPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI + - ./gradlew publish + after_success: + - ./gradlew sonarqube + - stage: deploy to development + if: env(DEV_AWS_ACCOUNT_ID) IS NOT blank AND env(DEV_AWS_ACCESS_KEY_ID) IS NOT + blank + jdk: openjdk11 + env: + - CLUSTER_NAME= + - SERVICE_NAME= + - AWS_ACCESS_KEY_ID=$DEV_AWS_ACCESS_KEY_ID + - AWS_SECRET_ACCESS_KEY=$DEV_AWS_SECRET_ACCESS_KEY + - REPOSITORY_URI=$DEV_AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$ECR_REPOSITORY_NAME + script: skip + before_deploy: deployment/scripts/common/push-docker-image.sh + deploy: + skip_cleanup: true + provider: script + script: ecs deploy $CLUSTER_NAME $SERVICE_NAME --tag $TRAVIS_BUILD_NUMBER --no-deregister + on: + branch: master + - stage: deploy to production + if: env(PROD_AWS_ACCOUNT_ID) IS NOT blank AND env(PROD_AWS_SECRET_ACCESS_KEY) + IS NOT blank + jdk: openjdk11 + env: + - CLUSTER_NAME= + - SERVICE_NAME= + - AWS_ACCESS_KEY_ID=$PROD_AWS_ACCESS_KEY_ID + - AWS_SECRET_ACCESS_KEY=$PROD_AWS_SECRET_ACCESS_KEY + - REPOSITORY_URI=$PROD_AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$ECR_REPOSITORY_NAME + script: skip + before_deploy: deployment/scripts/common/push-docker-image.sh + deploy: + skip_cleanup: true + provider: script + script: ecs deploy $CLUSTER_NAME $SERVICE_NAME --tag $TRAVIS_BUILD_NUMBER --no-deregister + on: + branch: master allow_failures: - - jdk: openjdk-ea + - jdk: openjdk-ea fast_finish: true notifications: slack: From 190d7c474e741f969fcdcdb0697b4a319b1f54c8 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Tue, 14 May 2019 16:24:24 +1200 Subject: [PATCH 12/70] Switch to travis build dir instead of home directory --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index e091086..4a372ad 100644 --- a/.travis.yml +++ b/.travis.yml @@ -51,7 +51,7 @@ jobs: - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${KEY}" -backend-config="role_arn=${ROLE_ARN}" - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} - REPOSITORY_URI=$(terraform output repository_url) - - cd $HOME + - cd $TRAVIS_BUILD_DIR - AWS_ACCESS_KEY_ID=$TRAVIS_AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY=$TRAVIS_AWS_SECRET_ACCESS_KEY - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "TravisCI" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)"') From b89aa0489872ad5507df3e3ebc1f9c5f7f877b85 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Tue, 14 May 2019 16:27:35 +1200 Subject: [PATCH 13/70] Use snap to install awscli --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 4a372ad..b013ffb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -29,7 +29,6 @@ env: - secure: vBYFX0YlfvUhWm0W1sQxbt+Aq2Ab+OzJTSJwbncL+eSPZxO9oRnbQVug1O4nvz1UmjUxWzE3/Du4PPWK4eavw7bLZtGgMqXNTPiPvIS59cXZvRtF7LP9g122l4mTeveiPlowpBi7rl7cTaOPrO5LERv1ZhTCdClI0rW4qoTMjfaKhi2Mo8UtbFTXFy2HLnV+Vn8ETOUcqOoNdH1Q3kZk1lTL03dAtaMJ67I4EnTgCvw7AG7JtoqrplAIQ2etB+mO0zaVEdjLTQ15dlK6Ib+BrQ/s8hH2p9f2f8vxOVpwrKHljfApsZAr36VhSCl/Nnl7TbMHS9hzT+BfrL1fHXhfO0BWYHFRDIww2EEbGIPl4uBH8H9hJvJtXSLvWZWywv/5APmY/EF5YSoDPqqK75cWhLQAXaVaNSTTFU6We7UfyooXpPshZ5tTF9DHssPp6fAXYBZx9hwKtf3+ajmpV905aSFkYvfsrMYMhmK5rHRFsJGpLu99Chrb86FuPl1/K6ACNWiBUcfwd+rZLgrenI7PVUXHNvKvgJ/6Mn7+5cnC8YfyzeV8UajQRzSJOtle5RIg1nc4m5sy9oZ2gt8+hm4e1W56b8005rrEaVpaBhZKGXjujGZpvcXwXXo/bxsAttZFcBYWppSsDkn+Cy8NXPNdNz0HxGdFRnQuj/UJNO7pi58= before_install: - pip3 install --user pip --upgrade - - pip install --user awscli --upgrade - pip install --user ecs-deploy --upgrade - export PATH=$PATH:$HOME/.local/bin before_cache: @@ -104,6 +103,8 @@ notifications: slack: secure: S4Pg6XK5x3pfxldRNJVMuzLfPzKVsGdogr0u0r/pu5dpjJujoecsuDoPS8syej1hZRqJOxK36Ms+NDXRzHNK6w95X69kgwDjzoI3PoKmnqyBJIcgSueyNbm7KoQGgoKTOgEUHZ0A9JbcdH8ThBHUR8wltXctGd3kEp8KC3wSlXzDmLeFJPTqC8DMBmSC00nVL7LtXj4VdOwYZnERKErjjx5f+msOhCNbAXLr7p12O7ewHDhL1jaex4r4yzG8+oevDKYNgpHyd8BCsgsCnjiKewByiVB9q4GBjE6CN3c1VfKdWmPWwF4jgxsz8BqTjshM17msnRyXOaSsB6MG+gGMyNKwFVYEwlsAQyRl5i5IhvjIHVMZVcbon098CpNcpW/ZsWALVQSZUW8yBBVPfVs4gTI071R9hQvDWdHLEkApZpsD24tPwsXGdzupBceyqf3HZn9PDYnqMB+hDxSYmLoJRYqjdFxguUwZEYSRih0c+4npcCBO/QJ5m+4aoG2qJ7Zg10YPr3I/PU+kHKjMzvAME4iZ30CnW0gRskM7nVHZRVmR/vgweZDuo9GYXnOykUUur9S3OEhkEp6Ucmcnkv/DXRa5lU0gqpnfkcJv40UaqoxyypGn2U0dPHPCbYahvTu4QAAAkUU6RsJ3TlDhOg018lJVBBaLx+tXpTD+TpY7/XU= addons: + snaps: + - aws-cli sonarcloud: organization: bnc-projects token: From d3e5eb65485d1f13e341dda84c6d92dbd39e9134 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Tue, 14 May 2019 16:29:09 +1200 Subject: [PATCH 14/70] Fix snap install issue --- .travis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index b013ffb..339a6eb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -104,7 +104,9 @@ notifications: secure: S4Pg6XK5x3pfxldRNJVMuzLfPzKVsGdogr0u0r/pu5dpjJujoecsuDoPS8syej1hZRqJOxK36Ms+NDXRzHNK6w95X69kgwDjzoI3PoKmnqyBJIcgSueyNbm7KoQGgoKTOgEUHZ0A9JbcdH8ThBHUR8wltXctGd3kEp8KC3wSlXzDmLeFJPTqC8DMBmSC00nVL7LtXj4VdOwYZnERKErjjx5f+msOhCNbAXLr7p12O7ewHDhL1jaex4r4yzG8+oevDKYNgpHyd8BCsgsCnjiKewByiVB9q4GBjE6CN3c1VfKdWmPWwF4jgxsz8BqTjshM17msnRyXOaSsB6MG+gGMyNKwFVYEwlsAQyRl5i5IhvjIHVMZVcbon098CpNcpW/ZsWALVQSZUW8yBBVPfVs4gTI071R9hQvDWdHLEkApZpsD24tPwsXGdzupBceyqf3HZn9PDYnqMB+hDxSYmLoJRYqjdFxguUwZEYSRih0c+4npcCBO/QJ5m+4aoG2qJ7Zg10YPr3I/PU+kHKjMzvAME4iZ30CnW0gRskM7nVHZRVmR/vgweZDuo9GYXnOykUUur9S3OEhkEp6Ucmcnkv/DXRa5lU0gqpnfkcJv40UaqoxyypGn2U0dPHPCbYahvTu4QAAAkUU6RsJ3TlDhOg018lJVBBaLx+tXpTD+TpY7/XU= addons: snaps: - - aws-cli + - name: aws-cli + confinement: classic + channel: latest/stable sonarcloud: organization: bnc-projects token: From 933f0a4725658aea583dd3e1fd097e006d4cd31d Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Tue, 14 May 2019 16:57:51 +1200 Subject: [PATCH 15/70] Use dockerTagsPush to push both latest and with travis number --- .travis.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index 339a6eb..261f0ca 100644 --- a/.travis.yml +++ b/.travis.yml @@ -56,19 +56,18 @@ jobs: - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "TravisCI" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)"') - $(aws ecr get-login --no-include-email) - ./gradlew check - - ./gradlew docker dockerTag dockerPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI + - ./gradlew docker dockerTag dockerTagsPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI - ./gradlew publish after_success: - ./gradlew sonarqube - stage: deploy to development - if: env(DEV_AWS_ACCOUNT_ID) IS NOT blank AND env(DEV_AWS_ACCESS_KEY_ID) IS NOT - blank + if: env(DEV_AWS_ACCOUNT_ID) IS NOT blank AND env(DEV_AWS_ACCESS_KEY_ID) IS NOT blank jdk: openjdk11 env: - CLUSTER_NAME= - SERVICE_NAME= - - AWS_ACCESS_KEY_ID=$DEV_AWS_ACCESS_KEY_ID - - AWS_SECRET_ACCESS_KEY=$DEV_AWS_SECRET_ACCESS_KEY + - AWS_ACCESS_KEY_ID=$TRAVIS_AWS_ACCESS_KEY_ID + - AWS_SECRET_ACCESS_KEY=$TRAVIS_AWS_SECRET_ACCESS_KEY - REPOSITORY_URI=$DEV_AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$ECR_REPOSITORY_NAME script: skip before_deploy: deployment/scripts/common/push-docker-image.sh @@ -79,8 +78,7 @@ jobs: on: branch: master - stage: deploy to production - if: env(PROD_AWS_ACCOUNT_ID) IS NOT blank AND env(PROD_AWS_SECRET_ACCESS_KEY) - IS NOT blank + if: env(PROD_AWS_ACCOUNT_ID) IS NOT blank AND env(PROD_AWS_SECRET_ACCESS_KEY) IS NOT blank jdk: openjdk11 env: - CLUSTER_NAME= From 774ce3baca6e64c54b4e99ba36ce3ebcb7077f69 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Tue, 14 May 2019 17:02:36 +1200 Subject: [PATCH 16/70] Add dockerPush to push the latest docker image --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 261f0ca..63738af 100644 --- a/.travis.yml +++ b/.travis.yml @@ -56,7 +56,7 @@ jobs: - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "TravisCI" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)"') - $(aws ecr get-login --no-include-email) - ./gradlew check - - ./gradlew docker dockerTag dockerTagsPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI + - ./gradlew docker dockerTag dockerPush dockerTagsPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI - ./gradlew publish after_success: - ./gradlew sonarqube From 21413d825a151363efee2fab53a78a11205fea3b Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Wed, 15 May 2019 17:31:10 +1200 Subject: [PATCH 17/70] Add dockerPush to push the latest docker image --- deployment/LICENSE | 202 ------------------ deployment/NOTICE | 10 - .../ecs-service/backend.tfvars.example | 7 + .../ecs-service/development.tfvars.example | 11 + deployment/terraform/ecs-service/ecs.tf | 18 ++ deployment/terraform/ecs-service/main.tf | 50 +++++ deployment/terraform/ecs-service/outputs.tf | 0 .../ecs-service/production.tfvars.example | 11 + deployment/terraform/ecs-service/variables.tf | 45 ++++ 9 files changed, 142 insertions(+), 212 deletions(-) delete mode 100644 deployment/LICENSE delete mode 100644 deployment/NOTICE create mode 100644 deployment/terraform/ecs-service/backend.tfvars.example create mode 100644 deployment/terraform/ecs-service/development.tfvars.example create mode 100644 deployment/terraform/ecs-service/ecs.tf create mode 100644 deployment/terraform/ecs-service/main.tf create mode 100644 deployment/terraform/ecs-service/outputs.tf create mode 100644 deployment/terraform/ecs-service/production.tfvars.example create mode 100644 deployment/terraform/ecs-service/variables.tf diff --git a/deployment/LICENSE b/deployment/LICENSE deleted file mode 100644 index f62d4c9..0000000 --- a/deployment/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2016 Amazon Web Services - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/deployment/NOTICE b/deployment/NOTICE deleted file mode 100644 index 886dfe3..0000000 --- a/deployment/NOTICE +++ /dev/null @@ -1,10 +0,0 @@ -Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. - -Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at - - http://aws.amazon.com/apache2.0/ - -or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - -ecs-refarch-continuous-deployment -Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/deployment/terraform/ecs-service/backend.tfvars.example b/deployment/terraform/ecs-service/backend.tfvars.example new file mode 100644 index 0000000..bbde297 --- /dev/null +++ b/deployment/terraform/ecs-service/backend.tfvars.example @@ -0,0 +1,7 @@ +bucket = "" +region = "" +dynamodb_table = "" +key = ", e.g bnc//workspace/ecs/" +kms_key_id = "" +profile = "" +role_arn = "" diff --git a/deployment/terraform/ecs-service/development.tfvars.example b/deployment/terraform/ecs-service/development.tfvars.example new file mode 100644 index 0000000..7b29fab --- /dev/null +++ b/deployment/terraform/ecs-service/development.tfvars.example @@ -0,0 +1,11 @@ +profile = "" +role_arn = "" +workspace_account_ids = " " + e.g: workspace_account_ids = { development = "", production = ""} +application_path = "" +service_name = "" +splunk_url = "" +splunk_token = "" +docker_image = "The docker image to deploy ECS service" +spring_profile = "" +java_options = "" diff --git a/deployment/terraform/ecs-service/ecs.tf b/deployment/terraform/ecs-service/ecs.tf new file mode 100644 index 0000000..002df9e --- /dev/null +++ b/deployment/terraform/ecs-service/ecs.tf @@ -0,0 +1,18 @@ +module "ecs_service" { + source = "git::https://github.com/bnc-projects/terraform-ecs-service.git?ref=initial-module" + application_path = "/v1/service" + cluster_name = "${data.terraform_remote_state.market-data.ecs_cluster_name}" + docker_image = "${data.terraform_remote_state.ecr.repository_url}:${var.service_version}" + external_lb_listener_arn = "${data.terraform_remote_state.market-data.external_lb_https_listener_arn}" + internal_lb_listener_arn = "${data.terraform_remote_state.market-data.internal_lb_https_listener_arn}" + java_options = "-javaagent:newrelic/newrelic.jar -Dnewrelic.environment=${terraform.workspace} -Dnewrelic.config.file=newrelic/newrelic.yml" + is_exposed_externally = false + priority = 50 + service_name = "${var.service_name}" + splunk_token = "${var.splunk_token}" + splunk_url = "${var.splunk_url}" + spring_profile = "${terraform.workspace}" + vpc_id = "${data.terraform_remote_state.market-data.vpc_id}" + tags = "${merge(local.common_tags, var.tags)}" +} + diff --git a/deployment/terraform/ecs-service/main.tf b/deployment/terraform/ecs-service/main.tf new file mode 100644 index 0000000..a49c7ba --- /dev/null +++ b/deployment/terraform/ecs-service/main.tf @@ -0,0 +1,50 @@ +terraform { + backend "s3" { + workspace_key_prefix = "bnc" + encrypt = true + } +} + +locals { + common_tags = { + Owner = "bravenewcoin" + Team = "Market Data" + Environment = "${terraform.workspace}" + } +} + +provider "aws" { + region = "${var.aws_default_region}" + version = "~> 2.10.0" + profile = "${var.profile}" + + assume_role { + role_arn = "arn:aws:iam::${var.workspace_account_ids[terraform.workspace]}:role/BNCTerraform" + session_name = "terraform" + } +} + +data "terraform_remote_state" "market-data" { + backend = "s3" + workspace = "${terraform.workspace}" + config { + bucket = "terraform.techemy.co" + key = "market-data" + region = "${var.aws_default_region}" + profile = "${var.profile}" + role_arn = "${var.role_arn}" + workspace_key_prefix = "bnc" + } +} + +data "terraform_remote_state" "ecr" { + backend = "s3" + config { + bucket = "terraform.techemy.co" + key = "bnc/market-data/ecr/${var.service_name}" + region = "${var.aws_default_region}" + profile = "${var.profile}" + role_arn = "${var.role_arn}" + } +} + diff --git a/deployment/terraform/ecs-service/outputs.tf b/deployment/terraform/ecs-service/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/deployment/terraform/ecs-service/production.tfvars.example b/deployment/terraform/ecs-service/production.tfvars.example new file mode 100644 index 0000000..7b29fab --- /dev/null +++ b/deployment/terraform/ecs-service/production.tfvars.example @@ -0,0 +1,11 @@ +profile = "" +role_arn = "" +workspace_account_ids = " " + e.g: workspace_account_ids = { development = "", production = ""} +application_path = "" +service_name = "" +splunk_url = "" +splunk_token = "" +docker_image = "The docker image to deploy ECS service" +spring_profile = "" +java_options = "" diff --git a/deployment/terraform/ecs-service/variables.tf b/deployment/terraform/ecs-service/variables.tf new file mode 100644 index 0000000..66a7d50 --- /dev/null +++ b/deployment/terraform/ecs-service/variables.tf @@ -0,0 +1,45 @@ +variable "aws_default_region" { + type = "string" + default = "us-west-2" +} + +variable "profile" { + type = "string" + default = "default" +} + +variable "role_arn" { + type = "string" + description = "The role to assume to access the terraform remote state" +} + +variable "tags" { + type = "map" + description = "A map of tags to add to all resources" + default = {} +} + +variable "workspace_account_ids" { + type = "map" + description = "The AWS account id for workloads" +} + +variable "service_name" { + type = "string" + description = "The name of the ECS service" +} + +variable "service_version" { + type = "string" + description = "The Travis build number" +} + +variable "splunk_url" { + type = "string" + description = "The URL of Splunk" +} + +variable "splunk_token" { + type = "string" + description = "The token used to send log to Splunk collector" +} From cda704a37dbdec8f875b9bace563d8831b6975ee Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Thu, 16 May 2019 18:45:34 +1200 Subject: [PATCH 18/70] Simplify deploys to use single deployment user --- .travis.yml | 36 +++++++++---------- deployment/terraform/ecr/ecr.tf | 4 +-- deployment/terraform/ecr/main.tf | 2 +- .../terraform/ecr/master.tfvars.example | 1 + deployment/terraform/ecr/variables.tf | 5 +++ 5 files changed, 26 insertions(+), 22 deletions(-) diff --git a/.travis.yml b/.travis.yml index 63738af..48ecea9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,15 +4,17 @@ jdk: dist: xenial env: global: - - ECR_REPOSITORY_NAME= - - AWS_ACCESS_KEY_ID= - - AWS_SECRET_ACCESS_KEY= - - DEV_AWS_ACCOUNT_ID= - - DEV_AWS_ACCESS_KEY_ID= - - DEV_AWS_SECRET_ACCESS_KEY= - - PROD_AWS_ACCOUNT_ID= - - PROD_AWS_ACCESS_KEY_ID= - - PROD_AWS_SECRET_ACCESS_KEY= + - AWS_ACCESS_KEY_ID=[secure] + - AWS_SECRET_ACCESS_KEY=[secure] + - AWS_DEFAULT_REGION=[secure] + - KMS_KEY_ID=[secure] + - ROLE_ARN=[secure] + - STATE_S3_BUCKET=[secure] + - STATE_DYNAMODB_TABLE=[secure] + - KEY=[secure] + - OPERATIONS_ROLE_ARN=[secure] + - DEVELOPMENT_ROLE_ARN=[secure] + - PRODUCTION_ROLE_ARN=[secure] - TF_IN_AUTOMATION=1 - SERVICE_NAME=spring-boot-java-base - VERSION=0.11.13 @@ -27,10 +29,15 @@ env: - secure: c/8Vz4mcDSiNjVBE9wGy11xtnByIdP+pqaizbqwA9WFA2aoCe8mIUmd05VUDAYdFKtULpnjx798FOtXY7cCtgM/yqmrZdGCMP39C6ki4zc7X2cwJl922chU6IitcUq68oHPw0X1YZYG3NNzVw7hDQDG9vKhenwhQWe6mBLtNAAnFWOBmLujtQ8RB6y42zyiojqn4M6FT+IfRyRGqPEYKiJzQdo35j8xocILpmRC4fw1sE87sE3aM/rSXqkTD8eILUQvMoW+wIZbaEK8bfwoqFlO96I4QK9oPeIozxCxULnyDhShk7kBUeFWuT6w4/sFEO5CFWukSwV67yA/wV6iy2PvP0jxraPME4sZrbiJxD32jcmIM2/i6IQMoUwaepEXvHwhJ+pvM5lVurNlkO3YSYLr0e7+1ubiw0YQc7R+5g/gjkwUZSB/KhoPFWK6Kft1HDv4sTPF5aTjKrbAvpBRjM6fawB/gkEXZLTddP0qurPGX4au4tJ93mV+DfMb6XOKGlegwbS6jkWoR+qC7c9x6+RZ57xYzhOWbpza0YsYQy/P4Wi7biCDK5hxwcfc6bu2EjEBlnaY1flis1GmRnFCy2Q+MbSbgqSAL2NMZKjEXwtj+vequffEisOnatKfUbmczKN9Xu/Y6s1HsR3StP7hRy7WaWfnVrCTgY//f0LgmS9Y= - secure: WlgRNrhZNfvu2gwVdoUoxM86nNV7Cb9hK7ZQ6gUgR2zuM7O13aR4yXCpJT1ok8XuGj0oTtfmoqcKoXhHa0KjBVmFMCHrslkxmNTb/4aLDDJz+v/tck80d/e9kH6c3hinD2rC9xhyK7rJ21ORil8fe4+aPv5wQnu2xVTvtUg/deo/STQLbP3dIfEDS71vDq+YdjrxtuCB2/3dFN5OR+xopO3uj6lyZXglNWdYbt+ZLyZA3z5chrCmWdBWdyUbIyO3Na2C7MUVDfYzflcja7ppkWqk6UwESPNiPqAGFxdFV867qUB6kkTBtdyIgkAQzLGP5HWAomF4FRqrWMKz8N1Op2rdgAwm/121ClW76SlO1qj4HJ49BkS5iCkjsnXvX/wWC9iSYtOdcBSQl2PHBWvHJBktvJF5AjTvBCXHrZ+BqlRjkLwuO4uByzFUv+boO2B7w0I81IrckyHF8eZrWzojivdF0/VNmB61dwp2Ld+12h2JgghFk7ZiH0WvBwZtp/H/7/6u2Qb6ctIusuOadogV/+FjERiA8sxAAmcPQ0l2XnsrcpV7CwHGC4eM9ooz5mpvwH6eFO0Sc+HuoUh913vZqfqTUrh3adRUVxArw3gh+QorynnN/RWZ4VUIcdxnUaXFhTG8PMxZSDxdIBnlMA6UK9Cm6D83N2t0bbzadktWzOg= - secure: vBYFX0YlfvUhWm0W1sQxbt+Aq2Ab+OzJTSJwbncL+eSPZxO9oRnbQVug1O4nvz1UmjUxWzE3/Du4PPWK4eavw7bLZtGgMqXNTPiPvIS59cXZvRtF7LP9g122l4mTeveiPlowpBi7rl7cTaOPrO5LERv1ZhTCdClI0rW4qoTMjfaKhi2Mo8UtbFTXFy2HLnV+Vn8ETOUcqOoNdH1Q3kZk1lTL03dAtaMJ67I4EnTgCvw7AG7JtoqrplAIQ2etB+mO0zaVEdjLTQ15dlK6Ib+BrQ/s8hH2p9f2f8vxOVpwrKHljfApsZAr36VhSCl/Nnl7TbMHS9hzT+BfrL1fHXhfO0BWYHFRDIww2EEbGIPl4uBH8H9hJvJtXSLvWZWywv/5APmY/EF5YSoDPqqK75cWhLQAXaVaNSTTFU6We7UfyooXpPshZ5tTF9DHssPp6fAXYBZx9hwKtf3+ajmpV905aSFkYvfsrMYMhmK5rHRFsJGpLu99Chrb86FuPl1/K6ACNWiBUcfwd+rZLgrenI7PVUXHNvKvgJ/6Mn7+5cnC8YfyzeV8UajQRzSJOtle5RIg1nc4m5sy9oZ2gt8+hm4e1W56b8005rrEaVpaBhZKGXjujGZpvcXwXXo/bxsAttZFcBYWppSsDkn+Cy8NXPNdNz0HxGdFRnQuj/UJNO7pi58= + - secure: qX/5RgREXn8WbTMj2wLzy7A1Cu4DJ2BwP/HWKDEjhWjWPJ9U5rw/nw7o5qM5l1YFuYGnd7PrgkcYFSsRjYH5mpiW5fB7GSPuxZelEvAKC68YjoarbT7OM7zPotCfp8KwSuXj5EX/uncZfcIjwUksgAcKNp6t01OSyG5ueoAfV+NKiP5rdVeAEKBfUAGUEY7Ru/y2IYvI5N5EOL2EFPSvtW39WkM54IAqjGpaYhRxWyrBRzYAsz2DpjwR8mLetHc8ZKrhTxCQ7Z94Wtxj4TwcY+ZLxuVxbA5OEC3QuLuAXfkcyiFWzm22fdH2zK2y/sQwc2Xe2DfpvjRRsPsADWefWWq0Qn79fD7BsNrFVXMXtcsKQwJyVGRQP4MNu7zTzBJ8U6oVun4pW95S8BUqEaZroyBec7DSfzhVeXvjLdHz2xJ1JWjAKXBSQwWsrC4G2Jg05M4sWtuPgjGRdEm4YsSJ/7u8IP9me0dWiFvZ71jmmUCxrt1GR9HOyhs14jys+85EAzaGnQXy1p6lvZtHrrP0NUI0HWkGiUwapKvyhIpVcqu/AecX3ohrUU9l64ISpRNN/UuN6lVhe+EWvBI61B1S+eLLThzD+huZK9stfyEPbakRB64DEzvWiB80dzEp1emXcuLfSGYJC2TRHuvF1NsT2TYBLpiVc4VKUJi0QyVnpxU= before_install: - pip3 install --user pip --upgrade - pip install --user ecs-deploy --upgrade - export PATH=$PATH:$HOME/.local/bin + - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip + - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin + - chmod +x $HOME/bin/terraform + - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "$TRAVIS_REPO_SLUG" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)"') before_cache: - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock - rm -fr $HOME/.gradle/caches/*/plugin-resolution/ @@ -41,19 +48,12 @@ cache: jobs: include: - stage: test - before_install: - - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin - - chmod +x $HOME/bin/terraform script: - cd deployment/terraform/ecr - - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${KEY}" -backend-config="role_arn=${ROLE_ARN}" - - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} + - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${KEY}" -backend-config="role_arn=${ROLE_ARN}" >/dev/null + - terraform apply -backup="-" -input=false -auto-approve -var bnc_deploy_role=${OPERATIONS_ROLE_ARN} -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} >/dev/null - REPOSITORY_URI=$(terraform output repository_url) - cd $TRAVIS_BUILD_DIR - - AWS_ACCESS_KEY_ID=$TRAVIS_AWS_ACCESS_KEY_ID - - AWS_SECRET_ACCESS_KEY=$TRAVIS_AWS_SECRET_ACCESS_KEY - - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "TravisCI" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)"') - $(aws ecr get-login --no-include-email) - ./gradlew check - ./gradlew docker dockerTag dockerPush dockerTagsPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI diff --git a/deployment/terraform/ecr/ecr.tf b/deployment/terraform/ecr/ecr.tf index 22caae8..0ef270d 100644 --- a/deployment/terraform/ecr/ecr.tf +++ b/deployment/terraform/ecr/ecr.tf @@ -4,9 +4,7 @@ module "ecr" { "arn:aws:iam::${data.terraform_remote_state.techemy.bnc_dev_account_id}:root", "arn:aws:iam::${data.terraform_remote_state.techemy.bnc_prod_account_id}:root" ] - allowed_write_principals = [ - "${data.terraform_remote_state.bnc_ops.travis_ci_role_arn}" - ] + allowed_write_principals = [] ecr_repo_name = "${var.service_name}" tags = "${merge(local.common_tags, var.tags)}" } diff --git a/deployment/terraform/ecr/main.tf b/deployment/terraform/ecr/main.tf index 5758eb9..7d22f25 100644 --- a/deployment/terraform/ecr/main.tf +++ b/deployment/terraform/ecr/main.tf @@ -18,7 +18,7 @@ provider "aws" { profile = "${var.profile}" assume_role { - role_arn = "arn:aws:iam::${data.terraform_remote_state.techemy.bnc_ops_account_id}:role/BNCTerraform" + role_arn = "${var.bnc_deploy_role}" session_name = "terraform" } } diff --git a/deployment/terraform/ecr/master.tfvars.example b/deployment/terraform/ecr/master.tfvars.example index aaa2072..dcf64b3 100644 --- a/deployment/terraform/ecr/master.tfvars.example +++ b/deployment/terraform/ecr/master.tfvars.example @@ -1,3 +1,4 @@ +bnc_deploy_role = "" profile = "" role_arn = "" service_name = "" diff --git a/deployment/terraform/ecr/variables.tf b/deployment/terraform/ecr/variables.tf index 72ba2bb..f73720a 100644 --- a/deployment/terraform/ecr/variables.tf +++ b/deployment/terraform/ecr/variables.tf @@ -3,6 +3,11 @@ variable "aws_default_region" { default = "us-west-2" } +variable "bnc_deploy_role" { + type = "string" + description = "The role to assume to run this terraform project" +} + variable "profile" { type = "string" default = "default" From ac4266005c0360c5ed987bfe870f30d12a67e23b Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Thu, 16 May 2019 18:50:03 +1200 Subject: [PATCH 19/70] Remove pip and ecs deploy as they will not be used for future deploys --- .travis.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index 48ecea9..ede8f30 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,6 +4,9 @@ jdk: dist: xenial env: global: + - TF_IN_AUTOMATION=1 + - SERVICE_NAME=spring-boot-java-base + - VERSION=0.11.13 - AWS_ACCESS_KEY_ID=[secure] - AWS_SECRET_ACCESS_KEY=[secure] - AWS_DEFAULT_REGION=[secure] @@ -15,25 +18,18 @@ env: - OPERATIONS_ROLE_ARN=[secure] - DEVELOPMENT_ROLE_ARN=[secure] - PRODUCTION_ROLE_ARN=[secure] - - TF_IN_AUTOMATION=1 - - SERVICE_NAME=spring-boot-java-base - - VERSION=0.11.13 - secure: QFLxq6/aFRdQqLbR5NWDAPpnlzk5AQ3bRaYH+uegZaA5qMWvNNEoBjE5yvAJKiOe6jbqW7vqnmHFUSaMQS9gpL8O0r70rW5eswb8QUa+tSc+N2dluzCMp2+Fnj/xk8sAq+ieo5B5El296aLd+9gFK1xnjkORSZHGT+GIXxFZgqO/OCO9TETWuPtDaOkygZvPdBOLs2MItVrnBfWSUL5e6uhFn60G3+E3q3P44reesrcWyyv1x0QM91GsYm7pUVH5gW6K1vptArpW6+S5At1QtGgaLQj+6rY6ywqkOusSgFlYXrGrTGeeOiig8xKTKRQVX1myXWSVCUfiJcLp09rv2zfveQ9lmB42F+GgaocKv8FuIC8RDb4v3qdV3svFB0KpZfOHrdOW9cvTciMyIhzcF2UNui7pUkP5aMdruApAoSxzQP1nbl/lWcacHyoShibXSMw/GYgIGik2s8TY3B3J9secFkMoVgZD2qcmij2+hbTOmVnI3/ocnHdjRfe9Z8G7+P6NlMJ4AN25BglLMJaz4hvjzP3X50PUhPhorYtA9i9WB5cH9TWxnhemcerQjPsHFin2+gKLqEDrRZ+kPNkQiOXUKcfQNN80YaI0PTS4N38sMdluSAKWb6upwvWkmlZcOVZJdoa2s24lNyq2bCdzpmcfalFAZwKszHwKMrlmVgA= - secure: tmIuWwh2CTYUrg1xPLjaNEQST8KKCsw/i6PhaEmamojeDdw+nEFSXm+Yyf3wBxSPI5sLC42lIb2dKia0vcF/V1oK8/V1D/b7VbdKU3LrBKYzqKbL3Y/R/LiirvGrdG/6C9Ai3ET0cUd+oqffCEi/CWRDY9xLdT6tYuMn829xLLZol2rA7ANDP+znGPqbhG9oXAwd5Xffkf5UGKaAtsghuC9eo+F+sKXAU+12ASqivk++D3oiIz/41wIWb6tFkuAsqKvFrbHysd6iTrZjKYTVhQ9aRcQCtPEhS+9FyYe71lhaHW8r5vb1+e+uh0dq2ye6aAPVZx0T1llHF5TvcbF6rYNuAqEbi5bYTr0iPQ3yUy8mH9RWfR0OpuiBNEqdfW1yuyDUm3IURB2CXrnpjgqcntMrizs5ukP9ltqLoAp8YfvtiM7bYrYPHVfyzVjrt1R8FeaNLZtQEk3VtSnO1CwZnD80rQ1YwkpN6jq9xd1mpNCIku96KjVMdJ/lwo1mNhUqDBO4+X5bDFG1j0zBPWvFc0FjQnttn6EJkx+c62VoEDFao1Yu4N7w8qfgxpNaA/j4xeEr8IRp27XvlZc9f8XYFNvmVtZK+GiPOKFnFCZ5BzJKdV97Ma1xRUQbARDG4aqoyZYBBoHuRRGaq/Gse/ZGIPoYS5etcRxAjEGOONP8rLw= - secure: XoxbVPpLStp/Rh2Dbc1MC/pgZANIWSmXSgtA1mZMGCKh2FayvtkC4gSmaQy/P+HbCSrppdKrKqflUNG2T+ZU7K7rT0XB08onOSAhXjGRHtgZbKHWtWneZ5lQdKytbpxyoVG3CbenOTRStuC45EyO33wL0mDcyA3HFeosZefiOFp95FP8aQ52zj7q6blbId767GobGkjXVEKtv1m7Z3TyhDLvlMPgM3th+Dn2vo+uZSx3EvBtbTDjXW7TEI3wAo/vCLdyBrE+ARmkHv+kJjrnlEAh496qIs2NlEohDH/XqQb5GTcRhT4SC/SSeKS8qkybzXtdt7XtBO7XbGHGYAf5gWDVNjsnrHMz8u+edsHTtasrB+QJelYc8iTVjIH9KWAtV8ufD9c9Fk8KQLzpVr/88BF7VQTMBTjRQHOPeGAQnZMmYXiv3b9VL9HZBrnKS0vhuvJRIYtuT93aildK2VDGsvmDX/ofKBkZiQePU7Vq8LHvnGUQxkxo/b2WGfcnTt23X1R8FcKQgbrP9mA1HOlAA3nbVTGkZJzNoXbUtZt4sZR2WHtxNpQRsVaXrRPYATHu8UStfd138EaLeAPuM4EQYTKA/9cOf7pmxtOpypYsTmkIuzxLdFrw3aniagZFQ6SDbVakbPV1BOTr5K0jZKLeeFG516MUKLk+CrIwyALIEbY= - secure: nkg6tw+1yVyky1PgDcMrj4HNgPTTQLYDbi+SHvyCxqsvcjcXsDMmh7kFHX4KiuaOIWcXKg9+lQ2buUy8qOwj1lPXbEO28ZYU41jZNM1Y4LXKOLe2d0Lz5r46LF/tJOok8XUerHdVUM/BxmXiFdSa8r2C2Or3khxf9Dqdu6nMvYmBP2s7g0ABZDNsqaQTj8iKA7XfgCiq9c9f0mDThQZ0fv79MPDGA6gL5EfkBhQ1DFd4MunJu9oxQ28fsl0vb/imOhMLTNvdcRVEz1tL/PJ5/MTcOgokmrhZ5IzTk1bbKOfaYw5s6GOGrDK0ZyQq8031P9sLj4c2HtY9W5ntT8x0utBYI390fHuYRwx2M9w9KhqikBxMPg9srd4kkG7vlJGJUf+9jS4pt/KP8TYzC9ryK/9ONz/Bys1LFN7lTHJqAZBR5cMpLLwuiXuIrDD/SL0yLWsnlMUAc0XU7CkPEnYvFBoaoX/MObO5Fy6rSXdDkaIrpWYD4AUXj8PEA/b9SafLxjmp68CtAqhQ+Kv0stAFDYbW3pW+edBKCQGtnzCeNWLK6F7hP6oqugHns8uaWdYx+vFyHrvYAAfb6ZWFnJ2umqHQbdDmgl/iwPlZsey1Z+1GUzPFnKv1B+L6VjsdPFpUlx9w7LNy9q0nxh1FTbRwlerYdGXs5ir3qjKo42wYJ/4= - secure: rsQY9ftjfAY7q30Eu3eKJw+iOhFZNouV75HcXOiaMSJ0gqypQ3Lhv1vKSEQefV/EJIojEcxdJ8NRF3dyIrgKJvf0YezzSjzDleMRcP+AmmuQyeGqd5MYJ6kl8BRLerWWAuuc+bp2dLw/KCanXrDwh7bp2/V9pOTTdBfzBFG/nPrR40CLkI7AQaEccuHVb2ZphlzSf9VOzEYlBzilXuJvRkl+/GpyEE170O7jkOBImIT8OXnO1UXzzRUymZCZs3bYTu9nIknpLeVa0ba+VHla/dlSwFFJY+zs0v83lsQ+CErkMMikPQy7j5UlIKNF8X6Zubu0D0gOP0+PwWXsBbB5/E+YCyHNcox9mzuzsDkIdBO9tABE08Zhx/UVqU5KKnkIshMIxNFbMnXgA/rsd4NyT35onWIEoom13Nar/xJpIhnWSXTQhHzamjIjIA3Oj7et++Rt36sqZNqxkGQJqvV0fE6+khJ7Y8SCiaPJW91GUz9Xdx/8FW3QMT2UeI4MpX0VlIlkBZrhMO6v6gAp/zOib1jiuKCK1ZJTYkuYPLUwEzVx50+uRB7IxHT5mKeR8IfPktWxyYA/YRL0XHLkgaV7S4v49/3ReF3+KmPTHpmKnOq5VoEORAegcqcBFgATtddDTC4c1kuwjJzdka3qnBuWCWpm8jySzBQLilrNpKP+bW8= - secure: AqCThrzOrsP80XztRjyLS7ntP7h7KZqNv38tXLedMzBQFni4Wo8b+pOkcSvuOe/aXsX9h3kzVrzl36lS4S9seNLaLN+ZRcg3YPzSm3MlHWcneY+RvXWhUh+B51z7IUQcSQ24Mez13Udm6aGBEokDVNCacfDNk2J8c+0HB/KK9DTAvspCnFv8W2Qo7jvkQbvjVbr6RnadEXaWEuvtvfr5cX17HZPwco6+hwpGYOgKjVkeDj2yW/VzXaexzq4LLbRJdEcERxppe84OBG3IigYtVsASG94baAau+SfNq3oLQhK7RdK9lHsRONwX5kAvvM1g4AFjs1Vqtsy+jjtQUCE+hsJSm9akBqqFnOUjMDIJicdeHJptHYEZ77oT6R40pw+b5ZJGT9r2o5FJdLbygQkJ4VqwyT1lErFS6EX4apMNX1J2zx5ieiXmgh1DCeVgJSaVP4q1dnvGowfJhL7RxNww6PWHZWVzyi+x79/q8acjr/Y2+RkZzdk0gssR++4vbadRFwXsek+hfXVYIrRQfe5oEyidm99VcW1C6OfCxkXBOjqMAKnjEnUBf+B6p68pMEkBzd3/LhPxPTXEM3LXo1c6H4Jp75n/W4Wg+At8Wq/HnR1Vrojm/+rS1hEJV7GW3XxgTuHcRFueJpwlMaSbpfY9HmM0jsyiObPdsq4CJMUHjrM= - - secure: hCl/qkJyG5tYFZWPhasg2DNth3Hy9Yp/5Oq4c6eCcEERRysX2nXkFOgdaUQmENWqyEG1CXH56lDTajeO/YBT9zTNbH0PoOwHPtV9935/BV+hmQwdgXf/O4wc9aH/om5KQXkT8oAn2qP2s+8zm1XO5lBkYSlvQ8CNiO9t22//ekaUvwM/zG5tCeDezv9j0yXZGTBTgEJ1haI7tIfglgFNkM2waOyntBT0k7doqvPd/upc9fooichq6YUWQWBuzuRKaA89ukyL7sQsZvF+MUFtQmwCW/R853Te312Cq2AAUY8Eq6N9ppw27bc0FcUe23cwg05NuR9GLPnAzczm2lxLKe02Ug0b2nGRldjDIgVl26RKi690ysIHnFQThX7GjUa5bFfbriIqKUsZNG3pI3Rqv4MNkVrqSKxlu1loyscrkuJz5qyIL2G9MZytuEgW3Or6jFewb6rL0QlmeptmsTdukTccOiXCFC48lcO/aMVzkHh8Z0wUsM0BS3T2gRz3egOm74GTl+TDQU1dJeuRqzuNaKorjJZ6qCRUdmkVykCXvhr/nqXW5GaU12FrIZct2yGhTs/oItYNFkbKbiLv0AyF/Wfzozr4XN8QJZKYjXbfVaUXV+VAmaNsPlqcFeWsZzyzUHWroM4EYaCs6oKAHPJuUaz5ew8zzBJ7tbXrS2etuE8= - secure: Qi0OF+l5wbkPPdWiYEZjZvn2Px6FNe4VEwx1L4djLop2qEJTdn6IS1M/vlmWgXpMzwvyB9BxwhUgPKFL0tkjRHVT6m6GW87MB/UFvrUSVsJjWaI0fjDMsNeqXeajBy9zc9kFm28t7XW5cSYujITonI5y+AJX5oiLU08MAzf2I+6pIrbGyuGqLEsXBML4fdpiToRh0HuMsCjmvO0APb7NIyxE4A1XuwcfsevnnFzIziC2DM6w6w4mG6mTIVHpjeqMRiKVNflHgcvyyBECJysDn7+2Hkt7wq34b3CKJQy5fcZ7cBWDKm/iOMJ0GQtj1gDvSPjzmfwYW7w8WIMZzUp/gExEMpt7SiL/qyg4XJCCNdan4zB/AnpsYAnPKQJscsK2WVzIGn2X5LdahAbcyFGaTPTmn5YwV7Qmhx6yERQ51WhtaTqMeQQftqwuR+jrgMM/K8PtPBHixVipE22k/RIviXe/dk76XPcbMxv+GAL6KQ2/CZQvIY4s0Szw8nDMcGfBgFxlXHRFRrzxxUBk29r3rLW9aXqHUuiqdupjx7zuaab0W6x4Q8cB4QILe/c6q5WNzpnlWhEBlnBN8Wv9wN4QLYX4Vsl8Q0d6ayaJRbdZAFWCJPWvbBcSwJbYKrr50lXeRcWytCWLdrQ0K5Q6KG9jkN2ZgFiiMd2Olu19PjS6v+w= - secure: c/8Vz4mcDSiNjVBE9wGy11xtnByIdP+pqaizbqwA9WFA2aoCe8mIUmd05VUDAYdFKtULpnjx798FOtXY7cCtgM/yqmrZdGCMP39C6ki4zc7X2cwJl922chU6IitcUq68oHPw0X1YZYG3NNzVw7hDQDG9vKhenwhQWe6mBLtNAAnFWOBmLujtQ8RB6y42zyiojqn4M6FT+IfRyRGqPEYKiJzQdo35j8xocILpmRC4fw1sE87sE3aM/rSXqkTD8eILUQvMoW+wIZbaEK8bfwoqFlO96I4QK9oPeIozxCxULnyDhShk7kBUeFWuT6w4/sFEO5CFWukSwV67yA/wV6iy2PvP0jxraPME4sZrbiJxD32jcmIM2/i6IQMoUwaepEXvHwhJ+pvM5lVurNlkO3YSYLr0e7+1ubiw0YQc7R+5g/gjkwUZSB/KhoPFWK6Kft1HDv4sTPF5aTjKrbAvpBRjM6fawB/gkEXZLTddP0qurPGX4au4tJ93mV+DfMb6XOKGlegwbS6jkWoR+qC7c9x6+RZ57xYzhOWbpza0YsYQy/P4Wi7biCDK5hxwcfc6bu2EjEBlnaY1flis1GmRnFCy2Q+MbSbgqSAL2NMZKjEXwtj+vequffEisOnatKfUbmczKN9Xu/Y6s1HsR3StP7hRy7WaWfnVrCTgY//f0LgmS9Y= - secure: WlgRNrhZNfvu2gwVdoUoxM86nNV7Cb9hK7ZQ6gUgR2zuM7O13aR4yXCpJT1ok8XuGj0oTtfmoqcKoXhHa0KjBVmFMCHrslkxmNTb/4aLDDJz+v/tck80d/e9kH6c3hinD2rC9xhyK7rJ21ORil8fe4+aPv5wQnu2xVTvtUg/deo/STQLbP3dIfEDS71vDq+YdjrxtuCB2/3dFN5OR+xopO3uj6lyZXglNWdYbt+ZLyZA3z5chrCmWdBWdyUbIyO3Na2C7MUVDfYzflcja7ppkWqk6UwESPNiPqAGFxdFV867qUB6kkTBtdyIgkAQzLGP5HWAomF4FRqrWMKz8N1Op2rdgAwm/121ClW76SlO1qj4HJ49BkS5iCkjsnXvX/wWC9iSYtOdcBSQl2PHBWvHJBktvJF5AjTvBCXHrZ+BqlRjkLwuO4uByzFUv+boO2B7w0I81IrckyHF8eZrWzojivdF0/VNmB61dwp2Ld+12h2JgghFk7ZiH0WvBwZtp/H/7/6u2Qb6ctIusuOadogV/+FjERiA8sxAAmcPQ0l2XnsrcpV7CwHGC4eM9ooz5mpvwH6eFO0Sc+HuoUh913vZqfqTUrh3adRUVxArw3gh+QorynnN/RWZ4VUIcdxnUaXFhTG8PMxZSDxdIBnlMA6UK9Cm6D83N2t0bbzadktWzOg= - secure: vBYFX0YlfvUhWm0W1sQxbt+Aq2Ab+OzJTSJwbncL+eSPZxO9oRnbQVug1O4nvz1UmjUxWzE3/Du4PPWK4eavw7bLZtGgMqXNTPiPvIS59cXZvRtF7LP9g122l4mTeveiPlowpBi7rl7cTaOPrO5LERv1ZhTCdClI0rW4qoTMjfaKhi2Mo8UtbFTXFy2HLnV+Vn8ETOUcqOoNdH1Q3kZk1lTL03dAtaMJ67I4EnTgCvw7AG7JtoqrplAIQ2etB+mO0zaVEdjLTQ15dlK6Ib+BrQ/s8hH2p9f2f8vxOVpwrKHljfApsZAr36VhSCl/Nnl7TbMHS9hzT+BfrL1fHXhfO0BWYHFRDIww2EEbGIPl4uBH8H9hJvJtXSLvWZWywv/5APmY/EF5YSoDPqqK75cWhLQAXaVaNSTTFU6We7UfyooXpPshZ5tTF9DHssPp6fAXYBZx9hwKtf3+ajmpV905aSFkYvfsrMYMhmK5rHRFsJGpLu99Chrb86FuPl1/K6ACNWiBUcfwd+rZLgrenI7PVUXHNvKvgJ/6Mn7+5cnC8YfyzeV8UajQRzSJOtle5RIg1nc4m5sy9oZ2gt8+hm4e1W56b8005rrEaVpaBhZKGXjujGZpvcXwXXo/bxsAttZFcBYWppSsDkn+Cy8NXPNdNz0HxGdFRnQuj/UJNO7pi58= - secure: qX/5RgREXn8WbTMj2wLzy7A1Cu4DJ2BwP/HWKDEjhWjWPJ9U5rw/nw7o5qM5l1YFuYGnd7PrgkcYFSsRjYH5mpiW5fB7GSPuxZelEvAKC68YjoarbT7OM7zPotCfp8KwSuXj5EX/uncZfcIjwUksgAcKNp6t01OSyG5ueoAfV+NKiP5rdVeAEKBfUAGUEY7Ru/y2IYvI5N5EOL2EFPSvtW39WkM54IAqjGpaYhRxWyrBRzYAsz2DpjwR8mLetHc8ZKrhTxCQ7Z94Wtxj4TwcY+ZLxuVxbA5OEC3QuLuAXfkcyiFWzm22fdH2zK2y/sQwc2Xe2DfpvjRRsPsADWefWWq0Qn79fD7BsNrFVXMXtcsKQwJyVGRQP4MNu7zTzBJ8U6oVun4pW95S8BUqEaZroyBec7DSfzhVeXvjLdHz2xJ1JWjAKXBSQwWsrC4G2Jg05M4sWtuPgjGRdEm4YsSJ/7u8IP9me0dWiFvZ71jmmUCxrt1GR9HOyhs14jys+85EAzaGnQXy1p6lvZtHrrP0NUI0HWkGiUwapKvyhIpVcqu/AecX3ohrUU9l64ISpRNN/UuN6lVhe+EWvBI61B1S+eLLThzD+huZK9stfyEPbakRB64DEzvWiB80dzEp1emXcuLfSGYJC2TRHuvF1NsT2TYBLpiVc4VKUJi0QyVnpxU= before_install: - - pip3 install --user pip --upgrade - - pip install --user ecs-deploy --upgrade - - export PATH=$PATH:$HOME/.local/bin - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin - chmod +x $HOME/bin/terraform From 0235177274bb339db9a977494f1a88ec1ee40d31 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Thu, 16 May 2019 18:56:34 +1200 Subject: [PATCH 20/70] Move switch role into correct location --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index ede8f30..c31e0a7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -33,7 +33,6 @@ before_install: - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin - chmod +x $HOME/bin/terraform - - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "$TRAVIS_REPO_SLUG" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)"') before_cache: - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock - rm -fr $HOME/.gradle/caches/*/plugin-resolution/ @@ -50,6 +49,7 @@ jobs: - terraform apply -backup="-" -input=false -auto-approve -var bnc_deploy_role=${OPERATIONS_ROLE_ARN} -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} >/dev/null - REPOSITORY_URI=$(terraform output repository_url) - cd $TRAVIS_BUILD_DIR + - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "$TRAVIS_REPO_SLUG" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)"') - $(aws ecr get-login --no-include-email) - ./gradlew check - ./gradlew docker dockerTag dockerPush dockerTagsPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI From 128f322454f92244fd964423b9b1007ba75fae97 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Thu, 16 May 2019 20:06:11 +1200 Subject: [PATCH 21/70] Update the principal allowed to write to the ECR repository --- deployment/terraform/ecr/ecr.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/deployment/terraform/ecr/ecr.tf b/deployment/terraform/ecr/ecr.tf index 0ef270d..5e44e38 100644 --- a/deployment/terraform/ecr/ecr.tf +++ b/deployment/terraform/ecr/ecr.tf @@ -4,7 +4,9 @@ module "ecr" { "arn:aws:iam::${data.terraform_remote_state.techemy.bnc_dev_account_id}:root", "arn:aws:iam::${data.terraform_remote_state.techemy.bnc_prod_account_id}:root" ] - allowed_write_principals = [] + allowed_write_principals = [ + "${var.bnc_deploy_role}" + ] ecr_repo_name = "${var.service_name}" tags = "${merge(local.common_tags, var.tags)}" } From 0db9c96424bf30a73c4758386ab4aa03cea17e2b Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Thu, 16 May 2019 20:16:56 +1200 Subject: [PATCH 22/70] Fix role session name having invalid characters --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index c31e0a7..1ba8598 100644 --- a/.travis.yml +++ b/.travis.yml @@ -49,7 +49,7 @@ jobs: - terraform apply -backup="-" -input=false -auto-approve -var bnc_deploy_role=${OPERATIONS_ROLE_ARN} -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} >/dev/null - REPOSITORY_URI=$(terraform output repository_url) - cd $TRAVIS_BUILD_DIR - - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "$TRAVIS_REPO_SLUG" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)"') + - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//\\-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)"') - $(aws ecr get-login --no-include-email) - ./gradlew check - ./gradlew docker dockerTag dockerPush dockerTagsPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI From 9c365a892a7a6d5759f7a642c880e597d32ab479 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Thu, 16 May 2019 23:14:24 +1200 Subject: [PATCH 23/70] Print out assumed user info --- .travis.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1ba8598..dcf3f1d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -49,7 +49,8 @@ jobs: - terraform apply -backup="-" -input=false -auto-approve -var bnc_deploy_role=${OPERATIONS_ROLE_ARN} -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} >/dev/null - REPOSITORY_URI=$(terraform output repository_url) - cd $TRAVIS_BUILD_DIR - - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//\\-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)"') + - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//\\-}" | jq -r '@sh "export AWS_SESSION_TOKEN=\(.Credentials.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.Credentials.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.Credentials.SecretAccessKey)\nexport AWS_INFO=\(.AssumedRoleUser.Arn)"') + - echo $AWS_INFO - $(aws ecr get-login --no-include-email) - ./gradlew check - ./gradlew docker dockerTag dockerPush dockerTagsPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI @@ -90,9 +91,6 @@ jobs: script: ecs deploy $CLUSTER_NAME $SERVICE_NAME --tag $TRAVIS_BUILD_NUMBER --no-deregister on: branch: master - allow_failures: - - jdk: openjdk-ea - fast_finish: true notifications: slack: secure: S4Pg6XK5x3pfxldRNJVMuzLfPzKVsGdogr0u0r/pu5dpjJujoecsuDoPS8syej1hZRqJOxK36Ms+NDXRzHNK6w95X69kgwDjzoI3PoKmnqyBJIcgSueyNbm7KoQGgoKTOgEUHZ0A9JbcdH8ThBHUR8wltXctGd3kEp8KC3wSlXzDmLeFJPTqC8DMBmSC00nVL7LtXj4VdOwYZnERKErjjx5f+msOhCNbAXLr7p12O7ewHDhL1jaex4r4yzG8+oevDKYNgpHyd8BCsgsCnjiKewByiVB9q4GBjE6CN3c1VfKdWmPWwF4jgxsz8BqTjshM17msnRyXOaSsB6MG+gGMyNKwFVYEwlsAQyRl5i5IhvjIHVMZVcbon098CpNcpW/ZsWALVQSZUW8yBBVPfVs4gTI071R9hQvDWdHLEkApZpsD24tPwsXGdzupBceyqf3HZn9PDYnqMB+hDxSYmLoJRYqjdFxguUwZEYSRih0c+4npcCBO/QJ5m+4aoG2qJ7Zg10YPr3I/PU+kHKjMzvAME4iZ30CnW0gRskM7nVHZRVmR/vgweZDuo9GYXnOykUUur9S3OEhkEp6Ucmcnkv/DXRa5lU0gqpnfkcJv40UaqoxyypGn2U0dPHPCbYahvTu4QAAAkUU6RsJ3TlDhOg018lJVBBaLx+tXpTD+TpY7/XU= From b7de3be2470efc1793494560e859cc1b69c5d5a1 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Thu, 16 May 2019 23:29:25 +1200 Subject: [PATCH 24/70] Removed [secure] from env variables --- .travis.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.travis.yml b/.travis.yml index dcf3f1d..138cb0e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,17 +7,17 @@ env: - TF_IN_AUTOMATION=1 - SERVICE_NAME=spring-boot-java-base - VERSION=0.11.13 - - AWS_ACCESS_KEY_ID=[secure] - - AWS_SECRET_ACCESS_KEY=[secure] - - AWS_DEFAULT_REGION=[secure] - - KMS_KEY_ID=[secure] - - ROLE_ARN=[secure] - - STATE_S3_BUCKET=[secure] - - STATE_DYNAMODB_TABLE=[secure] - - KEY=[secure] - - OPERATIONS_ROLE_ARN=[secure] - - DEVELOPMENT_ROLE_ARN=[secure] - - PRODUCTION_ROLE_ARN=[secure] + - AWS_ACCESS_KEY_ID= + - AWS_SECRET_ACCESS_KEY= + - AWS_DEFAULT_REGION= + - KMS_KEY_ID= + - ROLE_ARN= + - STATE_S3_BUCKET= + - STATE_DYNAMODB_TABLE= + - KEY= + - OPERATIONS_ROLE_ARN= + - DEVELOPMENT_ROLE_ARN= + - PRODUCTION_ROLE_ARN= - secure: QFLxq6/aFRdQqLbR5NWDAPpnlzk5AQ3bRaYH+uegZaA5qMWvNNEoBjE5yvAJKiOe6jbqW7vqnmHFUSaMQS9gpL8O0r70rW5eswb8QUa+tSc+N2dluzCMp2+Fnj/xk8sAq+ieo5B5El296aLd+9gFK1xnjkORSZHGT+GIXxFZgqO/OCO9TETWuPtDaOkygZvPdBOLs2MItVrnBfWSUL5e6uhFn60G3+E3q3P44reesrcWyyv1x0QM91GsYm7pUVH5gW6K1vptArpW6+S5At1QtGgaLQj+6rY6ywqkOusSgFlYXrGrTGeeOiig8xKTKRQVX1myXWSVCUfiJcLp09rv2zfveQ9lmB42F+GgaocKv8FuIC8RDb4v3qdV3svFB0KpZfOHrdOW9cvTciMyIhzcF2UNui7pUkP5aMdruApAoSxzQP1nbl/lWcacHyoShibXSMw/GYgIGik2s8TY3B3J9secFkMoVgZD2qcmij2+hbTOmVnI3/ocnHdjRfe9Z8G7+P6NlMJ4AN25BglLMJaz4hvjzP3X50PUhPhorYtA9i9WB5cH9TWxnhemcerQjPsHFin2+gKLqEDrRZ+kPNkQiOXUKcfQNN80YaI0PTS4N38sMdluSAKWb6upwvWkmlZcOVZJdoa2s24lNyq2bCdzpmcfalFAZwKszHwKMrlmVgA= - secure: tmIuWwh2CTYUrg1xPLjaNEQST8KKCsw/i6PhaEmamojeDdw+nEFSXm+Yyf3wBxSPI5sLC42lIb2dKia0vcF/V1oK8/V1D/b7VbdKU3LrBKYzqKbL3Y/R/LiirvGrdG/6C9Ai3ET0cUd+oqffCEi/CWRDY9xLdT6tYuMn829xLLZol2rA7ANDP+znGPqbhG9oXAwd5Xffkf5UGKaAtsghuC9eo+F+sKXAU+12ASqivk++D3oiIz/41wIWb6tFkuAsqKvFrbHysd6iTrZjKYTVhQ9aRcQCtPEhS+9FyYe71lhaHW8r5vb1+e+uh0dq2ye6aAPVZx0T1llHF5TvcbF6rYNuAqEbi5bYTr0iPQ3yUy8mH9RWfR0OpuiBNEqdfW1yuyDUm3IURB2CXrnpjgqcntMrizs5ukP9ltqLoAp8YfvtiM7bYrYPHVfyzVjrt1R8FeaNLZtQEk3VtSnO1CwZnD80rQ1YwkpN6jq9xd1mpNCIku96KjVMdJ/lwo1mNhUqDBO4+X5bDFG1j0zBPWvFc0FjQnttn6EJkx+c62VoEDFao1Yu4N7w8qfgxpNaA/j4xeEr8IRp27XvlZc9f8XYFNvmVtZK+GiPOKFnFCZ5BzJKdV97Ma1xRUQbARDG4aqoyZYBBoHuRRGaq/Gse/ZGIPoYS5etcRxAjEGOONP8rLw= - secure: XoxbVPpLStp/Rh2Dbc1MC/pgZANIWSmXSgtA1mZMGCKh2FayvtkC4gSmaQy/P+HbCSrppdKrKqflUNG2T+ZU7K7rT0XB08onOSAhXjGRHtgZbKHWtWneZ5lQdKytbpxyoVG3CbenOTRStuC45EyO33wL0mDcyA3HFeosZefiOFp95FP8aQ52zj7q6blbId767GobGkjXVEKtv1m7Z3TyhDLvlMPgM3th+Dn2vo+uZSx3EvBtbTDjXW7TEI3wAo/vCLdyBrE+ARmkHv+kJjrnlEAh496qIs2NlEohDH/XqQb5GTcRhT4SC/SSeKS8qkybzXtdt7XtBO7XbGHGYAf5gWDVNjsnrHMz8u+edsHTtasrB+QJelYc8iTVjIH9KWAtV8ufD9c9Fk8KQLzpVr/88BF7VQTMBTjRQHOPeGAQnZMmYXiv3b9VL9HZBrnKS0vhuvJRIYtuT93aildK2VDGsvmDX/ofKBkZiQePU7Vq8LHvnGUQxkxo/b2WGfcnTt23X1R8FcKQgbrP9mA1HOlAA3nbVTGkZJzNoXbUtZt4sZR2WHtxNpQRsVaXrRPYATHu8UStfd138EaLeAPuM4EQYTKA/9cOf7pmxtOpypYsTmkIuzxLdFrw3aniagZFQ6SDbVakbPV1BOTr5K0jZKLeeFG516MUKLk+CrIwyALIEbY= @@ -49,7 +49,7 @@ jobs: - terraform apply -backup="-" -input=false -auto-approve -var bnc_deploy_role=${OPERATIONS_ROLE_ARN} -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} >/dev/null - REPOSITORY_URI=$(terraform output repository_url) - cd $TRAVIS_BUILD_DIR - - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//\\-}" | jq -r '@sh "export AWS_SESSION_TOKEN=\(.Credentials.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.Credentials.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.Credentials.SecretAccessKey)\nexport AWS_INFO=\(.AssumedRoleUser.Arn)"') + - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//\\-}" | jq -r '@sh "export AWS_SESSION_TOKEN=\(.Credentials.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.Credentials.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.Credentials.SecretAccessKey)\nexport AWS_INFO=\(.AssumedRoleUser.Arn) "') - echo $AWS_INFO - $(aws ecr get-login --no-include-email) - ./gradlew check From dbb95dbaa4f47fb846887a93c23aa2448615f52a Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Thu, 16 May 2019 23:33:37 +1200 Subject: [PATCH 25/70] Fix up role session name --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 138cb0e..2b64f62 100644 --- a/.travis.yml +++ b/.travis.yml @@ -49,7 +49,7 @@ jobs: - terraform apply -backup="-" -input=false -auto-approve -var bnc_deploy_role=${OPERATIONS_ROLE_ARN} -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} >/dev/null - REPOSITORY_URI=$(terraform output repository_url) - cd $TRAVIS_BUILD_DIR - - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//\\-}" | jq -r '@sh "export AWS_SESSION_TOKEN=\(.Credentials.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.Credentials.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.Credentials.SecretAccessKey)\nexport AWS_INFO=\(.AssumedRoleUser.Arn) "') + - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '@sh "export AWS_SESSION_TOKEN=\(.Credentials.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.Credentials.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.Credentials.SecretAccessKey)\nexport AWS_INFO=\(.AssumedRoleUser.Arn) "') - echo $AWS_INFO - $(aws ecr get-login --no-include-email) - ./gradlew check From aae51c6588fd4980d5bb82aa32be956444b133f9 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Thu, 16 May 2019 23:41:45 +1200 Subject: [PATCH 26/70] Remove AWS_INFO env variable --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2b64f62..3bad063 100644 --- a/.travis.yml +++ b/.travis.yml @@ -49,8 +49,7 @@ jobs: - terraform apply -backup="-" -input=false -auto-approve -var bnc_deploy_role=${OPERATIONS_ROLE_ARN} -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} >/dev/null - REPOSITORY_URI=$(terraform output repository_url) - cd $TRAVIS_BUILD_DIR - - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '@sh "export AWS_SESSION_TOKEN=\(.Credentials.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.Credentials.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.Credentials.SecretAccessKey)\nexport AWS_INFO=\(.AssumedRoleUser.Arn) "') - - echo $AWS_INFO + - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '@sh "export AWS_SESSION_TOKEN=\(.Credentials.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.Credentials.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.Credentials.SecretAccessKey) "') - $(aws ecr get-login --no-include-email) - ./gradlew check - ./gradlew docker dockerTag dockerPush dockerTagsPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI From 17057da71e2181f179605a4e2ddf3830ba22a228 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Fri, 17 May 2019 00:03:30 +1200 Subject: [PATCH 27/70] Fix client artifact group to include root project name --- client/build.gradle | 1 + 1 file changed, 1 insertion(+) diff --git a/client/build.gradle b/client/build.gradle index 867b68a..9f86566 100644 --- a/client/build.gradle +++ b/client/build.gradle @@ -9,6 +9,7 @@ jar { publishing { publications { mavenJava(MavenPublication) { + groupId = "com.bnc.${rootProject.name}" from components.java } } From 5222577504bd92b48f1ec8123bf103c234241d4e Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Fri, 17 May 2019 00:41:08 +1200 Subject: [PATCH 28/70] Add dev and prod role arns --- .travis.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index 3bad063..997654d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -29,6 +29,8 @@ env: - secure: WlgRNrhZNfvu2gwVdoUoxM86nNV7Cb9hK7ZQ6gUgR2zuM7O13aR4yXCpJT1ok8XuGj0oTtfmoqcKoXhHa0KjBVmFMCHrslkxmNTb/4aLDDJz+v/tck80d/e9kH6c3hinD2rC9xhyK7rJ21ORil8fe4+aPv5wQnu2xVTvtUg/deo/STQLbP3dIfEDS71vDq+YdjrxtuCB2/3dFN5OR+xopO3uj6lyZXglNWdYbt+ZLyZA3z5chrCmWdBWdyUbIyO3Na2C7MUVDfYzflcja7ppkWqk6UwESPNiPqAGFxdFV867qUB6kkTBtdyIgkAQzLGP5HWAomF4FRqrWMKz8N1Op2rdgAwm/121ClW76SlO1qj4HJ49BkS5iCkjsnXvX/wWC9iSYtOdcBSQl2PHBWvHJBktvJF5AjTvBCXHrZ+BqlRjkLwuO4uByzFUv+boO2B7w0I81IrckyHF8eZrWzojivdF0/VNmB61dwp2Ld+12h2JgghFk7ZiH0WvBwZtp/H/7/6u2Qb6ctIusuOadogV/+FjERiA8sxAAmcPQ0l2XnsrcpV7CwHGC4eM9ooz5mpvwH6eFO0Sc+HuoUh913vZqfqTUrh3adRUVxArw3gh+QorynnN/RWZ4VUIcdxnUaXFhTG8PMxZSDxdIBnlMA6UK9Cm6D83N2t0bbzadktWzOg= - secure: vBYFX0YlfvUhWm0W1sQxbt+Aq2Ab+OzJTSJwbncL+eSPZxO9oRnbQVug1O4nvz1UmjUxWzE3/Du4PPWK4eavw7bLZtGgMqXNTPiPvIS59cXZvRtF7LP9g122l4mTeveiPlowpBi7rl7cTaOPrO5LERv1ZhTCdClI0rW4qoTMjfaKhi2Mo8UtbFTXFy2HLnV+Vn8ETOUcqOoNdH1Q3kZk1lTL03dAtaMJ67I4EnTgCvw7AG7JtoqrplAIQ2etB+mO0zaVEdjLTQ15dlK6Ib+BrQ/s8hH2p9f2f8vxOVpwrKHljfApsZAr36VhSCl/Nnl7TbMHS9hzT+BfrL1fHXhfO0BWYHFRDIww2EEbGIPl4uBH8H9hJvJtXSLvWZWywv/5APmY/EF5YSoDPqqK75cWhLQAXaVaNSTTFU6We7UfyooXpPshZ5tTF9DHssPp6fAXYBZx9hwKtf3+ajmpV905aSFkYvfsrMYMhmK5rHRFsJGpLu99Chrb86FuPl1/K6ACNWiBUcfwd+rZLgrenI7PVUXHNvKvgJ/6Mn7+5cnC8YfyzeV8UajQRzSJOtle5RIg1nc4m5sy9oZ2gt8+hm4e1W56b8005rrEaVpaBhZKGXjujGZpvcXwXXo/bxsAttZFcBYWppSsDkn+Cy8NXPNdNz0HxGdFRnQuj/UJNO7pi58= - secure: qX/5RgREXn8WbTMj2wLzy7A1Cu4DJ2BwP/HWKDEjhWjWPJ9U5rw/nw7o5qM5l1YFuYGnd7PrgkcYFSsRjYH5mpiW5fB7GSPuxZelEvAKC68YjoarbT7OM7zPotCfp8KwSuXj5EX/uncZfcIjwUksgAcKNp6t01OSyG5ueoAfV+NKiP5rdVeAEKBfUAGUEY7Ru/y2IYvI5N5EOL2EFPSvtW39WkM54IAqjGpaYhRxWyrBRzYAsz2DpjwR8mLetHc8ZKrhTxCQ7Z94Wtxj4TwcY+ZLxuVxbA5OEC3QuLuAXfkcyiFWzm22fdH2zK2y/sQwc2Xe2DfpvjRRsPsADWefWWq0Qn79fD7BsNrFVXMXtcsKQwJyVGRQP4MNu7zTzBJ8U6oVun4pW95S8BUqEaZroyBec7DSfzhVeXvjLdHz2xJ1JWjAKXBSQwWsrC4G2Jg05M4sWtuPgjGRdEm4YsSJ/7u8IP9me0dWiFvZ71jmmUCxrt1GR9HOyhs14jys+85EAzaGnQXy1p6lvZtHrrP0NUI0HWkGiUwapKvyhIpVcqu/AecX3ohrUU9l64ISpRNN/UuN6lVhe+EWvBI61B1S+eLLThzD+huZK9stfyEPbakRB64DEzvWiB80dzEp1emXcuLfSGYJC2TRHuvF1NsT2TYBLpiVc4VKUJi0QyVnpxU= + - secure: VBpfsxBmLytS8mdDSHeKRIPFC/QSV0uo/wPScbFDdm8aS9bRDBkAWtyQLdir7aSYyMswV4nphpwuJ8TR0KnLSMk97J/hr371BcLR5UFU+GwIGTx5YaS0nreSZekPX/LZ69uvji/eFZ8a0Gn63nknINrZRxGySwkepTH0qwJuRswTXNtqsBOVZUohzpNLzoti1um+fo4Kt/bqjMIE1UZE4+Z93qFqH3g4A2qHC9qA6H2Atzi/ir3Yq5vsy3bM91RWwAe4mng1OvzJHrRnGTrKGaLGFioLnz0ZdNwWvLjaG1T2fTF/HzUPPuLch4Ff1bmYLi+aZRMC5yWfB5EDpNvgKQUcVnVlixR5yI+xO0rr/szocAi1qLxj+xUHpO8ngyXQkJ/maUzgm0QD5AEi3Tef0OQBJBx23wJoBpHE+pUMDRJKis7WaTFqt2BNvkBKuTkSizoLFX7aD/+lHwmjeU+0soPTJlNp7goZwU8E++sT5N2WJR+/n+zVeogQDi/iCIb/FJrnT5E+geKSPkjD3fhU8LcHu3K8ygkkKnDv+QEd5LR6pRkGffhNv36nenis0KNmy1U0e0cH9tqe4XIJ9696xz6tQ1VWbokrkTETCU3s5P/9B9+32G8JA+mH3cJfgptTYh0cAMMJTKaPlb6HciJz/OE4ebaZhkYmzUFoHbEW8qI= + - secure: lgZZrXtKwZutA0EHteUL4C+pH2kT8NcIOVPSPTt7vK/MouBkLcB/CONLQCq1C0M4K3k75ZJCluEg0G0G9gnvpbUH4f/voGaARxY5N7LKMCvnuK2UVQed5Ceh6VXMuGKt+xLMAoCwRliksI7L68uc2+1PujbmECD7aGocr/vXPe4NPqpw6YMPRqc1a6E8nOZESugmZ8wwwzm+tRwUd5zmzWKA2hP7GOeTG56/UpS315jib5rlbTCxFFYkcVLVXBzA57m07JMb0zHjl1MQGxfCCHhDu214SLvRTl1NkxAfqzNQKGdc80CK8qDXQzWnQXgo3Y9JUB7DV2G1WKk9tMtENYyfSllVk8jZTU52hyaFd+1xXhyyhnOauIszQJOqEV8upSGRxKsQ9CFyTl3hdQEJPQm6L4tqVoT362LNq5KA6N/gL7J7QqZl4O0L9qgiVzxBJAWotsVP0FPs4lR4nEUxqiwbK6i084Adj7w1OGXXlQWsVix0yCzgvMD0J1Raq/9cu5jROG7vlW69Y5PtMLNq6JeJmouO8OYHz29Q/NZKfXXikJ86kksm2ZiMOiy2NcgyyWtJSaUQgPSfKQ+m1WncS7F+a6JcsoDwcniGIO/8b44J8UOxiJ4bRLP0nTlGc//pk+4XiuX1GFqNDj7sA4dp/oENQZDOsv8OUnedbHl50Ys= before_install: - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin From fc457ea3e8f8f0f5a7d80a1dde4ac90169b2be5b Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Fri, 17 May 2019 00:45:03 +1200 Subject: [PATCH 29/70] Remvoe unrequired Travis AWS credentials --- .travis.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 997654d..8c7a03b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -24,8 +24,6 @@ env: - secure: nkg6tw+1yVyky1PgDcMrj4HNgPTTQLYDbi+SHvyCxqsvcjcXsDMmh7kFHX4KiuaOIWcXKg9+lQ2buUy8qOwj1lPXbEO28ZYU41jZNM1Y4LXKOLe2d0Lz5r46LF/tJOok8XUerHdVUM/BxmXiFdSa8r2C2Or3khxf9Dqdu6nMvYmBP2s7g0ABZDNsqaQTj8iKA7XfgCiq9c9f0mDThQZ0fv79MPDGA6gL5EfkBhQ1DFd4MunJu9oxQ28fsl0vb/imOhMLTNvdcRVEz1tL/PJ5/MTcOgokmrhZ5IzTk1bbKOfaYw5s6GOGrDK0ZyQq8031P9sLj4c2HtY9W5ntT8x0utBYI390fHuYRwx2M9w9KhqikBxMPg9srd4kkG7vlJGJUf+9jS4pt/KP8TYzC9ryK/9ONz/Bys1LFN7lTHJqAZBR5cMpLLwuiXuIrDD/SL0yLWsnlMUAc0XU7CkPEnYvFBoaoX/MObO5Fy6rSXdDkaIrpWYD4AUXj8PEA/b9SafLxjmp68CtAqhQ+Kv0stAFDYbW3pW+edBKCQGtnzCeNWLK6F7hP6oqugHns8uaWdYx+vFyHrvYAAfb6ZWFnJ2umqHQbdDmgl/iwPlZsey1Z+1GUzPFnKv1B+L6VjsdPFpUlx9w7LNy9q0nxh1FTbRwlerYdGXs5ir3qjKo42wYJ/4= - secure: rsQY9ftjfAY7q30Eu3eKJw+iOhFZNouV75HcXOiaMSJ0gqypQ3Lhv1vKSEQefV/EJIojEcxdJ8NRF3dyIrgKJvf0YezzSjzDleMRcP+AmmuQyeGqd5MYJ6kl8BRLerWWAuuc+bp2dLw/KCanXrDwh7bp2/V9pOTTdBfzBFG/nPrR40CLkI7AQaEccuHVb2ZphlzSf9VOzEYlBzilXuJvRkl+/GpyEE170O7jkOBImIT8OXnO1UXzzRUymZCZs3bYTu9nIknpLeVa0ba+VHla/dlSwFFJY+zs0v83lsQ+CErkMMikPQy7j5UlIKNF8X6Zubu0D0gOP0+PwWXsBbB5/E+YCyHNcox9mzuzsDkIdBO9tABE08Zhx/UVqU5KKnkIshMIxNFbMnXgA/rsd4NyT35onWIEoom13Nar/xJpIhnWSXTQhHzamjIjIA3Oj7et++Rt36sqZNqxkGQJqvV0fE6+khJ7Y8SCiaPJW91GUz9Xdx/8FW3QMT2UeI4MpX0VlIlkBZrhMO6v6gAp/zOib1jiuKCK1ZJTYkuYPLUwEzVx50+uRB7IxHT5mKeR8IfPktWxyYA/YRL0XHLkgaV7S4v49/3ReF3+KmPTHpmKnOq5VoEORAegcqcBFgATtddDTC4c1kuwjJzdka3qnBuWCWpm8jySzBQLilrNpKP+bW8= - secure: AqCThrzOrsP80XztRjyLS7ntP7h7KZqNv38tXLedMzBQFni4Wo8b+pOkcSvuOe/aXsX9h3kzVrzl36lS4S9seNLaLN+ZRcg3YPzSm3MlHWcneY+RvXWhUh+B51z7IUQcSQ24Mez13Udm6aGBEokDVNCacfDNk2J8c+0HB/KK9DTAvspCnFv8W2Qo7jvkQbvjVbr6RnadEXaWEuvtvfr5cX17HZPwco6+hwpGYOgKjVkeDj2yW/VzXaexzq4LLbRJdEcERxppe84OBG3IigYtVsASG94baAau+SfNq3oLQhK7RdK9lHsRONwX5kAvvM1g4AFjs1Vqtsy+jjtQUCE+hsJSm9akBqqFnOUjMDIJicdeHJptHYEZ77oT6R40pw+b5ZJGT9r2o5FJdLbygQkJ4VqwyT1lErFS6EX4apMNX1J2zx5ieiXmgh1DCeVgJSaVP4q1dnvGowfJhL7RxNww6PWHZWVzyi+x79/q8acjr/Y2+RkZzdk0gssR++4vbadRFwXsek+hfXVYIrRQfe5oEyidm99VcW1C6OfCxkXBOjqMAKnjEnUBf+B6p68pMEkBzd3/LhPxPTXEM3LXo1c6H4Jp75n/W4Wg+At8Wq/HnR1Vrojm/+rS1hEJV7GW3XxgTuHcRFueJpwlMaSbpfY9HmM0jsyiObPdsq4CJMUHjrM= - - secure: Qi0OF+l5wbkPPdWiYEZjZvn2Px6FNe4VEwx1L4djLop2qEJTdn6IS1M/vlmWgXpMzwvyB9BxwhUgPKFL0tkjRHVT6m6GW87MB/UFvrUSVsJjWaI0fjDMsNeqXeajBy9zc9kFm28t7XW5cSYujITonI5y+AJX5oiLU08MAzf2I+6pIrbGyuGqLEsXBML4fdpiToRh0HuMsCjmvO0APb7NIyxE4A1XuwcfsevnnFzIziC2DM6w6w4mG6mTIVHpjeqMRiKVNflHgcvyyBECJysDn7+2Hkt7wq34b3CKJQy5fcZ7cBWDKm/iOMJ0GQtj1gDvSPjzmfwYW7w8WIMZzUp/gExEMpt7SiL/qyg4XJCCNdan4zB/AnpsYAnPKQJscsK2WVzIGn2X5LdahAbcyFGaTPTmn5YwV7Qmhx6yERQ51WhtaTqMeQQftqwuR+jrgMM/K8PtPBHixVipE22k/RIviXe/dk76XPcbMxv+GAL6KQ2/CZQvIY4s0Szw8nDMcGfBgFxlXHRFRrzxxUBk29r3rLW9aXqHUuiqdupjx7zuaab0W6x4Q8cB4QILe/c6q5WNzpnlWhEBlnBN8Wv9wN4QLYX4Vsl8Q0d6ayaJRbdZAFWCJPWvbBcSwJbYKrr50lXeRcWytCWLdrQ0K5Q6KG9jkN2ZgFiiMd2Olu19PjS6v+w= - - secure: c/8Vz4mcDSiNjVBE9wGy11xtnByIdP+pqaizbqwA9WFA2aoCe8mIUmd05VUDAYdFKtULpnjx798FOtXY7cCtgM/yqmrZdGCMP39C6ki4zc7X2cwJl922chU6IitcUq68oHPw0X1YZYG3NNzVw7hDQDG9vKhenwhQWe6mBLtNAAnFWOBmLujtQ8RB6y42zyiojqn4M6FT+IfRyRGqPEYKiJzQdo35j8xocILpmRC4fw1sE87sE3aM/rSXqkTD8eILUQvMoW+wIZbaEK8bfwoqFlO96I4QK9oPeIozxCxULnyDhShk7kBUeFWuT6w4/sFEO5CFWukSwV67yA/wV6iy2PvP0jxraPME4sZrbiJxD32jcmIM2/i6IQMoUwaepEXvHwhJ+pvM5lVurNlkO3YSYLr0e7+1ubiw0YQc7R+5g/gjkwUZSB/KhoPFWK6Kft1HDv4sTPF5aTjKrbAvpBRjM6fawB/gkEXZLTddP0qurPGX4au4tJ93mV+DfMb6XOKGlegwbS6jkWoR+qC7c9x6+RZ57xYzhOWbpza0YsYQy/P4Wi7biCDK5hxwcfc6bu2EjEBlnaY1flis1GmRnFCy2Q+MbSbgqSAL2NMZKjEXwtj+vequffEisOnatKfUbmczKN9Xu/Y6s1HsR3StP7hRy7WaWfnVrCTgY//f0LgmS9Y= - secure: WlgRNrhZNfvu2gwVdoUoxM86nNV7Cb9hK7ZQ6gUgR2zuM7O13aR4yXCpJT1ok8XuGj0oTtfmoqcKoXhHa0KjBVmFMCHrslkxmNTb/4aLDDJz+v/tck80d/e9kH6c3hinD2rC9xhyK7rJ21ORil8fe4+aPv5wQnu2xVTvtUg/deo/STQLbP3dIfEDS71vDq+YdjrxtuCB2/3dFN5OR+xopO3uj6lyZXglNWdYbt+ZLyZA3z5chrCmWdBWdyUbIyO3Na2C7MUVDfYzflcja7ppkWqk6UwESPNiPqAGFxdFV867qUB6kkTBtdyIgkAQzLGP5HWAomF4FRqrWMKz8N1Op2rdgAwm/121ClW76SlO1qj4HJ49BkS5iCkjsnXvX/wWC9iSYtOdcBSQl2PHBWvHJBktvJF5AjTvBCXHrZ+BqlRjkLwuO4uByzFUv+boO2B7w0I81IrckyHF8eZrWzojivdF0/VNmB61dwp2Ld+12h2JgghFk7ZiH0WvBwZtp/H/7/6u2Qb6ctIusuOadogV/+FjERiA8sxAAmcPQ0l2XnsrcpV7CwHGC4eM9ooz5mpvwH6eFO0Sc+HuoUh913vZqfqTUrh3adRUVxArw3gh+QorynnN/RWZ4VUIcdxnUaXFhTG8PMxZSDxdIBnlMA6UK9Cm6D83N2t0bbzadktWzOg= - secure: vBYFX0YlfvUhWm0W1sQxbt+Aq2Ab+OzJTSJwbncL+eSPZxO9oRnbQVug1O4nvz1UmjUxWzE3/Du4PPWK4eavw7bLZtGgMqXNTPiPvIS59cXZvRtF7LP9g122l4mTeveiPlowpBi7rl7cTaOPrO5LERv1ZhTCdClI0rW4qoTMjfaKhi2Mo8UtbFTXFy2HLnV+Vn8ETOUcqOoNdH1Q3kZk1lTL03dAtaMJ67I4EnTgCvw7AG7JtoqrplAIQ2etB+mO0zaVEdjLTQ15dlK6Ib+BrQ/s8hH2p9f2f8vxOVpwrKHljfApsZAr36VhSCl/Nnl7TbMHS9hzT+BfrL1fHXhfO0BWYHFRDIww2EEbGIPl4uBH8H9hJvJtXSLvWZWywv/5APmY/EF5YSoDPqqK75cWhLQAXaVaNSTTFU6We7UfyooXpPshZ5tTF9DHssPp6fAXYBZx9hwKtf3+ajmpV905aSFkYvfsrMYMhmK5rHRFsJGpLu99Chrb86FuPl1/K6ACNWiBUcfwd+rZLgrenI7PVUXHNvKvgJ/6Mn7+5cnC8YfyzeV8UajQRzSJOtle5RIg1nc4m5sy9oZ2gt8+hm4e1W56b8005rrEaVpaBhZKGXjujGZpvcXwXXo/bxsAttZFcBYWppSsDkn+Cy8NXPNdNz0HxGdFRnQuj/UJNO7pi58= - secure: qX/5RgREXn8WbTMj2wLzy7A1Cu4DJ2BwP/HWKDEjhWjWPJ9U5rw/nw7o5qM5l1YFuYGnd7PrgkcYFSsRjYH5mpiW5fB7GSPuxZelEvAKC68YjoarbT7OM7zPotCfp8KwSuXj5EX/uncZfcIjwUksgAcKNp6t01OSyG5ueoAfV+NKiP5rdVeAEKBfUAGUEY7Ru/y2IYvI5N5EOL2EFPSvtW39WkM54IAqjGpaYhRxWyrBRzYAsz2DpjwR8mLetHc8ZKrhTxCQ7Z94Wtxj4TwcY+ZLxuVxbA5OEC3QuLuAXfkcyiFWzm22fdH2zK2y/sQwc2Xe2DfpvjRRsPsADWefWWq0Qn79fD7BsNrFVXMXtcsKQwJyVGRQP4MNu7zTzBJ8U6oVun4pW95S8BUqEaZroyBec7DSfzhVeXvjLdHz2xJ1JWjAKXBSQwWsrC4G2Jg05M4sWtuPgjGRdEm4YsSJ/7u8IP9me0dWiFvZ71jmmUCxrt1GR9HOyhs14jys+85EAzaGnQXy1p6lvZtHrrP0NUI0HWkGiUwapKvyhIpVcqu/AecX3ohrUU9l64ISpRNN/UuN6lVhe+EWvBI61B1S+eLLThzD+huZK9stfyEPbakRB64DEzvWiB80dzEp1emXcuLfSGYJC2TRHuvF1NsT2TYBLpiVc4VKUJi0QyVnpxU= From a10062ca9287e08c5a53b9dd5a497d825881581a Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Fri, 17 May 2019 12:49:16 +1200 Subject: [PATCH 30/70] Update assume role command --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 8c7a03b..c5a678b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -49,7 +49,7 @@ jobs: - terraform apply -backup="-" -input=false -auto-approve -var bnc_deploy_role=${OPERATIONS_ROLE_ARN} -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} >/dev/null - REPOSITORY_URI=$(terraform output repository_url) - cd $TRAVIS_BUILD_DIR - - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '@sh "export AWS_SESSION_TOKEN=\(.Credentials.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.Credentials.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.Credentials.SecretAccessKey) "') + - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r .Credentials | '@sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') - $(aws ecr get-login --no-include-email) - ./gradlew check - ./gradlew docker dockerTag dockerPush dockerTagsPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI From 50f222998952df8bb9b970850f99426b94f78c6f Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Fri, 17 May 2019 12:52:02 +1200 Subject: [PATCH 31/70] Revert "Update assume role command" This reverts commit a10062ca --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index c5a678b..8c7a03b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -49,7 +49,7 @@ jobs: - terraform apply -backup="-" -input=false -auto-approve -var bnc_deploy_role=${OPERATIONS_ROLE_ARN} -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} >/dev/null - REPOSITORY_URI=$(terraform output repository_url) - cd $TRAVIS_BUILD_DIR - - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r .Credentials | '@sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') + - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '@sh "export AWS_SESSION_TOKEN=\(.Credentials.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.Credentials.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.Credentials.SecretAccessKey) "') - $(aws ecr get-login --no-include-email) - ./gradlew check - ./gradlew docker dockerTag dockerPush dockerTagsPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI From 3554cad084c4e00daf09b6aec413a8426d651878 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Fri, 17 May 2019 12:57:03 +1200 Subject: [PATCH 32/70] Retry shorter assume role command --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 8c7a03b..d116f92 100644 --- a/.travis.yml +++ b/.travis.yml @@ -49,7 +49,7 @@ jobs: - terraform apply -backup="-" -input=false -auto-approve -var bnc_deploy_role=${OPERATIONS_ROLE_ARN} -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} >/dev/null - REPOSITORY_URI=$(terraform output repository_url) - cd $TRAVIS_BUILD_DIR - - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '@sh "export AWS_SESSION_TOKEN=\(.Credentials.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.Credentials.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.Credentials.SecretAccessKey) "') + - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') - $(aws ecr get-login --no-include-email) - ./gradlew check - ./gradlew docker dockerTag dockerPush dockerTagsPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI From 816c5a466dbd459e6ed6947713911ef9edcd77db Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Fri, 17 May 2019 14:34:30 +1200 Subject: [PATCH 33/70] Deploy service with terraform script Deploy service on all branch in dev for testing --- .travis.yml | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index d116f92..7f0e129 100644 --- a/.travis.yml +++ b/.travis.yml @@ -57,22 +57,31 @@ jobs: after_success: - ./gradlew sonarqube - stage: deploy to development - if: env(DEV_AWS_ACCOUNT_ID) IS NOT blank AND env(DEV_AWS_ACCESS_KEY_ID) IS NOT blank jdk: openjdk11 env: - - CLUSTER_NAME= - SERVICE_NAME= - - AWS_ACCESS_KEY_ID=$TRAVIS_AWS_ACCESS_KEY_ID - - AWS_SECRET_ACCESS_KEY=$TRAVIS_AWS_SECRET_ACCESS_KEY - - REPOSITORY_URI=$DEV_AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$ECR_REPOSITORY_NAME - script: skip - before_deploy: deployment/scripts/common/push-docker-image.sh + - SERVICE_VERSION=$TRAVIS_BUILD_NUMBER + - SPLUNK_URL = + - SPLUNK_TOKEN= + - WORKSPACE_ACCOUNT_IDS= + - secure: dS38Oo3V58NKRLGKnS27YTNg2T2CnGChGdlw5ZsoW38OpVx9marItn428H0WFL7SkNSJfSnFXJclNj99DdBMxa3nKMEinYBP3LFc1vyCxmwnpHpvOumFaMqH9Jq9Iwce/IapsoTzF/GQnMavFdYAgnxetMIvPvpsIJBjST4yZy1W2SlMr0m3T2Awg44c0Qv9xaIMDy3GSw/EeriC1/exhPmnZOwmGNiFSXqtrNkn6QNkRbuHqzh0M+ajPRNbOlrwjiCvoWDPrUku07VhvFHPxGf0xk+H3nDDyS28QkWZIbnqjpWZVHlYiAJJVUNJ9zz8k6fppCLvTHpLQ1K39bHwUQRow8Pzkx9J99N+LQEntqfo+XeMk3QYy4UJfva1ANjtgObnv3nv06EFdKRtWFZwPyRFBZcoS92OWMOFXGGONn2W1PLmXElq0TANnams1b0zzd7o1HC2jkkibb5oRRBnj7HsBNotibPQbGhVTcjPZyD3kEtkS9XZBQyKGXXDOHbTBVCfEDNSsqlgMDv3uLo5RDiE1tO58TPhUZv7GkLEOwPZcQLqznw9GLqytvE6SyNVhRqtwkyXpAU7vfedBam2JgM3297h56U+EYavLWlwQ02TyK8lsYTBQSa8rQJQ89EkkLa5MEMcT7Ly1E04h3lZf47SPeWq3E9X5Kxo80Z2xuU= + - secure: dficrzM6yl5M/yjaJXABRY2Em6QmrpGh0lRqtKyfO7qUFYNExFqE23UCdeMdixhezbUFLncGzO5HwfWXi0UbVRpoKPNxukwgtIPiU4FKV5H8UhCij8fG2KE0jSuDIGv5AMvsXpVS8lo8gM32yvtYVuNUNy0ZKjmcILEX+PDWAN1WgPqWPQDQqgLsfbD5dqYABo779LzwfhuTQUNciSWKCpHUnfB1Y/gO4LoLeIySsaYEu5UWGp53qYsQVQh0KP8f01lfcvu9cZfZpuXOm9rH9HVxT8DECSjYUUjKV32iJKjzOVMtlrGrMCTbHhEVgnSCKo/TgMh6PMYI+ycX30HA1OTzrtRA1In26TBfVC9NAO0qIhKBGYfoUCuK6RiT3hI5c11p07tkKo44gLiRrRc80F/fwLwd7L6gRRgj0rHzUooPNwBdIgsW83HIz03XvYpVgK1/4Ynj9hCtiQGbmPsPKjoulfX2QMP52/j3daE9MRK+tc6zQaIXkqy37Zg2Ii3tn5VLu/xapi0HvZ94UDQMKSMTwAF01FsgKATN8I5XrAaremfErufQAUtmPgzxSk0VpVzMV+xtOG06oqb53QtfItQtfhXwPQV/A01hyNpAZfw0KiBK5Zu78/xh/mX96rRy09ED/nswzDOIZ9zFI99qyJ7b2K6EjRzy0eQFPd7Sgj8= + - secure: nXDs5kInVf6Ty/JIa42b61X+xNcU/PVHfJJ7y9YVRX3HYrbtzusqVuxY1n+JQxZyOo8oSPwmT7OE1muxDP7Hy8APZEdjj1g2r+fp7//0w1OzEFzhk0Gj9b+okc8FgK2U+PnmhQ4n4RmhWC8Qx6L32qiECXzDP12kPuCTHu3uPC4qHLBSVH3fQ04Jk7QyJO4l9kIMRwxyARJ6VsUzwSe5jyytXVikvTZZl/CQoYMGNjMg6B091bt3b2I6Fbkw4jsV0II1VFkQXylj/nnWn2D8ohNG5pfWN3283Ks8f7r3R/yLSqJKqTOMEq7drdAXHdGveXY77xAGURnNXrUiIfMa4UmHhC6cDeC5rliOwjQVTqdo6D9UfkJV+IpSLx6PAIFezQraYEhi/lmFRhrCmsFYLJ85TPGdjkv52tFByDkRWe8+aV/owPT5NEwKJtx9BX6mU/pMavRH8IsIjhbQzeAOVxmU7/MWsU8V7lzfLtHmljZdM9E8V5f3oyDSXkA4bkLJx4P/YBCWc04ii6KXLHqWQ5LiCObhXw972fkegPIz9tDpo1NhxrgEg/cPWg9svE3bXCnegyExvTWeVnTS10IhhAyzA+EBM9kZh6asdQCwGuKnpBxkQaKsGZzUgfFRPQ/mEe2pPlRBo54Qi8ku430QtDoRQxiHkjQdyZkW7wdkonw= + - secure: p3Budl8I27/NBUeWLcTLpCkEcwtfxOQ6GZoEUyay+C/58iNP2j6ECaRdAACb+n6lfvAqZqxgQtSwuMdOQ23/k9EE5fdMLI7CxeudQyFiZLwslvF4MjhJbEl02CrxYEzdnJPCOQbXjNHqpKgZH8Ty42U6VFGLLx3VgtP6KPh5gNenjr+UkLg76s/kDE4WNO7ate812ykB9bjfzy9yyFmgI7Y4gjVyS3XBd8v3TWta3VLeAExc/GqJpjk91iByPlWyOu4GVgZJesCaHgAFXXIl0jDxtG+KsOXpVZxjhWbxP0IjbBJzH6wevMYHvIvHleFPL5Y0n4qj/13YyTukyos4WRexBSkDIxZ+HlDZjwNt6fNqxVOYpLREz3FfY2lER2C7u60bNl8zz9j6bFwo0No0SnbjyFHe+q0bMgr5q9p1uQ/4rc1pfeVi/rb2DaPyQCI+OOUspBjBDXvozteV/YcVNO84c69jpfF4LVkEW7fF6e94cQi95q4MfEpoqxSb2cyJ5tqMthF6hVEZuDQtcC9FjhacS47HD+faQaov9EYPm/sPD9voONZo9y6hCpujMmRlVOp4vS0jykBe9ZQtE9eQR3ZEqPqWVMND06WazRHPyI5VCQtXjMiS6ZUKEUP59+BYtnZadfbQvrXtQ/HDKf0TauaMwGUwKjxRQBo8D+FpqOQ= + - secure: qy3HdUT1zG5enGgdHMSK7vZ9I45iM130QjycViOuK756GyBtDVikQAeu88LCLaGFWeIdXvipZ2ZAbJ2sjxSzG0zpVf+J6HOeX1MSqYctdRsYAowr/vJryvNlQ1h0LESPOGHbZ1KKISVKvjncwHQzCJ0wQaXDtzmsllpn5qn38MNdov1xCfDAt6vjhXyJKr3ZoMEHQCNM5dj9KhkZ3Rdqj+DnzIO+WbYYoOr9FiNs8n2E/AcOdDJKB0c56GeqEJKbTIxWxLZW4CYQQlk9M1q4khbPIM1Z237uW4/8Xx2+zV7c6XxgqaW0sjY2Qr682W3f36HQlh96Wd9+QOU/g2TmkefM/J6XEpcmO/BCxnGxBeaMCVtuEufYcLXXxe/kByKq/sBe29FgIbss/GBNyb3Gg4feoAESjq4yGPMr5yzMRAMNPvCqafegwVIp4SHfkWbzsRGwQn/mMdG4fdP+0Cl4S8pW0lJMlo3G/+TwyqXCmn6jKB/yKWn9UCEfg11WAMFZHYteXlSVP8iqGSPkZC6wz15NmC4vihletmvoT0rq6o2epl/Oo9P5QWBl3PTcXYBAgdD5Y07r1rQQepG7cMec7Cpsnna5eKlqm+7zvXQgRszkQMzsShen9b/pEzqCtfqKLCEU5a6PHwYN/6+GopbI8SvyC2BZoabiqqm1Nl9VDbg= + script: + - cd deployment/terraform/ecs-service + - terraform workspace select development + - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null deploy: skip_cleanup: true provider: script - script: ecs deploy $CLUSTER_NAME $SERVICE_NAME --tag $TRAVIS_BUILD_NUMBER --no-deregister + script: + - eval $(aws sts assume-role --role-arn "$DEVELOPMENT_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') + - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var workspace_account_ids=${WORKSPACE_ACCOUNT_IDS} -var service_name=${SERVICE_NAME} -var service_version=$SERVICE_VERSION -var splunk_url=${SPLUNK_URL} -splunk_token=${SPLUNK_TOKEN} + - aws ecs wait services-stable --services $SERVICE_NAME --cluster $CLUSTER_NAME on: - branch: master + all_branches: true - stage: deploy to production if: env(PROD_AWS_ACCOUNT_ID) IS NOT blank AND env(PROD_AWS_SECRET_ACCESS_KEY) IS NOT blank jdk: openjdk11 From 21dad3627d46bfd5a6f96ed049ffa723a813e531 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Fri, 17 May 2019 14:44:22 +1200 Subject: [PATCH 34/70] Select workspace after initialization --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 7f0e129..4ece8de 100644 --- a/.travis.yml +++ b/.travis.yml @@ -71,8 +71,8 @@ jobs: - secure: qy3HdUT1zG5enGgdHMSK7vZ9I45iM130QjycViOuK756GyBtDVikQAeu88LCLaGFWeIdXvipZ2ZAbJ2sjxSzG0zpVf+J6HOeX1MSqYctdRsYAowr/vJryvNlQ1h0LESPOGHbZ1KKISVKvjncwHQzCJ0wQaXDtzmsllpn5qn38MNdov1xCfDAt6vjhXyJKr3ZoMEHQCNM5dj9KhkZ3Rdqj+DnzIO+WbYYoOr9FiNs8n2E/AcOdDJKB0c56GeqEJKbTIxWxLZW4CYQQlk9M1q4khbPIM1Z237uW4/8Xx2+zV7c6XxgqaW0sjY2Qr682W3f36HQlh96Wd9+QOU/g2TmkefM/J6XEpcmO/BCxnGxBeaMCVtuEufYcLXXxe/kByKq/sBe29FgIbss/GBNyb3Gg4feoAESjq4yGPMr5yzMRAMNPvCqafegwVIp4SHfkWbzsRGwQn/mMdG4fdP+0Cl4S8pW0lJMlo3G/+TwyqXCmn6jKB/yKWn9UCEfg11WAMFZHYteXlSVP8iqGSPkZC6wz15NmC4vihletmvoT0rq6o2epl/Oo9P5QWBl3PTcXYBAgdD5Y07r1rQQepG7cMec7Cpsnna5eKlqm+7zvXQgRszkQMzsShen9b/pEzqCtfqKLCEU5a6PHwYN/6+GopbI8SvyC2BZoabiqqm1Nl9VDbg= script: - cd deployment/terraform/ecs-service - - terraform workspace select development - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null + - terraform workspace select development deploy: skip_cleanup: true provider: script From baefe3c55c8fd1636e15fca6c17e7e4179c25116 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Fri, 17 May 2019 15:07:40 +1200 Subject: [PATCH 35/70] Add and encrypt SERVICE_KEY --- .travis.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index 4ece8de..2410209 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,6 +15,7 @@ env: - STATE_S3_BUCKET= - STATE_DYNAMODB_TABLE= - KEY= + - SERVICE_KEY= - OPERATIONS_ROLE_ARN= - DEVELOPMENT_ROLE_ARN= - PRODUCTION_ROLE_ARN= @@ -24,6 +25,7 @@ env: - secure: nkg6tw+1yVyky1PgDcMrj4HNgPTTQLYDbi+SHvyCxqsvcjcXsDMmh7kFHX4KiuaOIWcXKg9+lQ2buUy8qOwj1lPXbEO28ZYU41jZNM1Y4LXKOLe2d0Lz5r46LF/tJOok8XUerHdVUM/BxmXiFdSa8r2C2Or3khxf9Dqdu6nMvYmBP2s7g0ABZDNsqaQTj8iKA7XfgCiq9c9f0mDThQZ0fv79MPDGA6gL5EfkBhQ1DFd4MunJu9oxQ28fsl0vb/imOhMLTNvdcRVEz1tL/PJ5/MTcOgokmrhZ5IzTk1bbKOfaYw5s6GOGrDK0ZyQq8031P9sLj4c2HtY9W5ntT8x0utBYI390fHuYRwx2M9w9KhqikBxMPg9srd4kkG7vlJGJUf+9jS4pt/KP8TYzC9ryK/9ONz/Bys1LFN7lTHJqAZBR5cMpLLwuiXuIrDD/SL0yLWsnlMUAc0XU7CkPEnYvFBoaoX/MObO5Fy6rSXdDkaIrpWYD4AUXj8PEA/b9SafLxjmp68CtAqhQ+Kv0stAFDYbW3pW+edBKCQGtnzCeNWLK6F7hP6oqugHns8uaWdYx+vFyHrvYAAfb6ZWFnJ2umqHQbdDmgl/iwPlZsey1Z+1GUzPFnKv1B+L6VjsdPFpUlx9w7LNy9q0nxh1FTbRwlerYdGXs5ir3qjKo42wYJ/4= - secure: rsQY9ftjfAY7q30Eu3eKJw+iOhFZNouV75HcXOiaMSJ0gqypQ3Lhv1vKSEQefV/EJIojEcxdJ8NRF3dyIrgKJvf0YezzSjzDleMRcP+AmmuQyeGqd5MYJ6kl8BRLerWWAuuc+bp2dLw/KCanXrDwh7bp2/V9pOTTdBfzBFG/nPrR40CLkI7AQaEccuHVb2ZphlzSf9VOzEYlBzilXuJvRkl+/GpyEE170O7jkOBImIT8OXnO1UXzzRUymZCZs3bYTu9nIknpLeVa0ba+VHla/dlSwFFJY+zs0v83lsQ+CErkMMikPQy7j5UlIKNF8X6Zubu0D0gOP0+PwWXsBbB5/E+YCyHNcox9mzuzsDkIdBO9tABE08Zhx/UVqU5KKnkIshMIxNFbMnXgA/rsd4NyT35onWIEoom13Nar/xJpIhnWSXTQhHzamjIjIA3Oj7et++Rt36sqZNqxkGQJqvV0fE6+khJ7Y8SCiaPJW91GUz9Xdx/8FW3QMT2UeI4MpX0VlIlkBZrhMO6v6gAp/zOib1jiuKCK1ZJTYkuYPLUwEzVx50+uRB7IxHT5mKeR8IfPktWxyYA/YRL0XHLkgaV7S4v49/3ReF3+KmPTHpmKnOq5VoEORAegcqcBFgATtddDTC4c1kuwjJzdka3qnBuWCWpm8jySzBQLilrNpKP+bW8= - secure: AqCThrzOrsP80XztRjyLS7ntP7h7KZqNv38tXLedMzBQFni4Wo8b+pOkcSvuOe/aXsX9h3kzVrzl36lS4S9seNLaLN+ZRcg3YPzSm3MlHWcneY+RvXWhUh+B51z7IUQcSQ24Mez13Udm6aGBEokDVNCacfDNk2J8c+0HB/KK9DTAvspCnFv8W2Qo7jvkQbvjVbr6RnadEXaWEuvtvfr5cX17HZPwco6+hwpGYOgKjVkeDj2yW/VzXaexzq4LLbRJdEcERxppe84OBG3IigYtVsASG94baAau+SfNq3oLQhK7RdK9lHsRONwX5kAvvM1g4AFjs1Vqtsy+jjtQUCE+hsJSm9akBqqFnOUjMDIJicdeHJptHYEZ77oT6R40pw+b5ZJGT9r2o5FJdLbygQkJ4VqwyT1lErFS6EX4apMNX1J2zx5ieiXmgh1DCeVgJSaVP4q1dnvGowfJhL7RxNww6PWHZWVzyi+x79/q8acjr/Y2+RkZzdk0gssR++4vbadRFwXsek+hfXVYIrRQfe5oEyidm99VcW1C6OfCxkXBOjqMAKnjEnUBf+B6p68pMEkBzd3/LhPxPTXEM3LXo1c6H4Jp75n/W4Wg+At8Wq/HnR1Vrojm/+rS1hEJV7GW3XxgTuHcRFueJpwlMaSbpfY9HmM0jsyiObPdsq4CJMUHjrM= + - secure: kqk0O+HOad7JpwU8kaCMDGSIXMpif/IxjoXhIwzfxBMvCrM8BsZoypbu0NWlTGE0J3MBdWWSFp6RVjt76bSBn0lx9vtv20Og4AAJYzw64pdVVEpjvKux3RtJ1AiwECKVefWX2/wrBP9GpkO2RY+MABSfFeBOvB2OBMX3yORgFdWI9x8/+NYhtjIw9+BT8BjOCCz8j7EFag/klZlPyM2nDyyVmVE+WkbRQpwowWNDONFfVenHGJ+vLn7R0nsScMvKeAg8L4DRAvK6O4v9M3klvyVVNIyyK1OBkRq4/UaAcrQrnKjcHqspux4FQFiGV3wR00/4Z4zzb5vrCUjzG5B6GN2kBbKl6YOwUW4YvUZPJuObOMFlxkQTaGG/e7+UKD/XErAXBFv0eJxsv6zdW763Eob7ALLo7MOd4uhezFwqFBcbJcY9SM033/3B4iNrT954JrB8wMgDQtu/QG/rBOzhJi3NfSRywCn8k2o1gCCWJJVPfd6I6V6zyNSWZyVBIllHx773jcrtUKOc+TtoQ27FYKOz9XNtWBidKkt/a9PKYf8sxREGGMNw0/7KZ1R9rJMXRmstxIkw3Svt7WlOYCpQM9nEtLaZPyF8q3pLGh+Jo4yi9egCLnXLFfYvVUe/3mGHMUw6qOwkZzvqce2Owb9/c/YYAX5+e42RHtbn+r1bZss= - secure: WlgRNrhZNfvu2gwVdoUoxM86nNV7Cb9hK7ZQ6gUgR2zuM7O13aR4yXCpJT1ok8XuGj0oTtfmoqcKoXhHa0KjBVmFMCHrslkxmNTb/4aLDDJz+v/tck80d/e9kH6c3hinD2rC9xhyK7rJ21ORil8fe4+aPv5wQnu2xVTvtUg/deo/STQLbP3dIfEDS71vDq+YdjrxtuCB2/3dFN5OR+xopO3uj6lyZXglNWdYbt+ZLyZA3z5chrCmWdBWdyUbIyO3Na2C7MUVDfYzflcja7ppkWqk6UwESPNiPqAGFxdFV867qUB6kkTBtdyIgkAQzLGP5HWAomF4FRqrWMKz8N1Op2rdgAwm/121ClW76SlO1qj4HJ49BkS5iCkjsnXvX/wWC9iSYtOdcBSQl2PHBWvHJBktvJF5AjTvBCXHrZ+BqlRjkLwuO4uByzFUv+boO2B7w0I81IrckyHF8eZrWzojivdF0/VNmB61dwp2Ld+12h2JgghFk7ZiH0WvBwZtp/H/7/6u2Qb6ctIusuOadogV/+FjERiA8sxAAmcPQ0l2XnsrcpV7CwHGC4eM9ooz5mpvwH6eFO0Sc+HuoUh913vZqfqTUrh3adRUVxArw3gh+QorynnN/RWZ4VUIcdxnUaXFhTG8PMxZSDxdIBnlMA6UK9Cm6D83N2t0bbzadktWzOg= - secure: vBYFX0YlfvUhWm0W1sQxbt+Aq2Ab+OzJTSJwbncL+eSPZxO9oRnbQVug1O4nvz1UmjUxWzE3/Du4PPWK4eavw7bLZtGgMqXNTPiPvIS59cXZvRtF7LP9g122l4mTeveiPlowpBi7rl7cTaOPrO5LERv1ZhTCdClI0rW4qoTMjfaKhi2Mo8UtbFTXFy2HLnV+Vn8ETOUcqOoNdH1Q3kZk1lTL03dAtaMJ67I4EnTgCvw7AG7JtoqrplAIQ2etB+mO0zaVEdjLTQ15dlK6Ib+BrQ/s8hH2p9f2f8vxOVpwrKHljfApsZAr36VhSCl/Nnl7TbMHS9hzT+BfrL1fHXhfO0BWYHFRDIww2EEbGIPl4uBH8H9hJvJtXSLvWZWywv/5APmY/EF5YSoDPqqK75cWhLQAXaVaNSTTFU6We7UfyooXpPshZ5tTF9DHssPp6fAXYBZx9hwKtf3+ajmpV905aSFkYvfsrMYMhmK5rHRFsJGpLu99Chrb86FuPl1/K6ACNWiBUcfwd+rZLgrenI7PVUXHNvKvgJ/6Mn7+5cnC8YfyzeV8UajQRzSJOtle5RIg1nc4m5sy9oZ2gt8+hm4e1W56b8005rrEaVpaBhZKGXjujGZpvcXwXXo/bxsAttZFcBYWppSsDkn+Cy8NXPNdNz0HxGdFRnQuj/UJNO7pi58= - secure: qX/5RgREXn8WbTMj2wLzy7A1Cu4DJ2BwP/HWKDEjhWjWPJ9U5rw/nw7o5qM5l1YFuYGnd7PrgkcYFSsRjYH5mpiW5fB7GSPuxZelEvAKC68YjoarbT7OM7zPotCfp8KwSuXj5EX/uncZfcIjwUksgAcKNp6t01OSyG5ueoAfV+NKiP5rdVeAEKBfUAGUEY7Ru/y2IYvI5N5EOL2EFPSvtW39WkM54IAqjGpaYhRxWyrBRzYAsz2DpjwR8mLetHc8ZKrhTxCQ7Z94Wtxj4TwcY+ZLxuVxbA5OEC3QuLuAXfkcyiFWzm22fdH2zK2y/sQwc2Xe2DfpvjRRsPsADWefWWq0Qn79fD7BsNrFVXMXtcsKQwJyVGRQP4MNu7zTzBJ8U6oVun4pW95S8BUqEaZroyBec7DSfzhVeXvjLdHz2xJ1JWjAKXBSQwWsrC4G2Jg05M4sWtuPgjGRdEm4YsSJ/7u8IP9me0dWiFvZ71jmmUCxrt1GR9HOyhs14jys+85EAzaGnQXy1p6lvZtHrrP0NUI0HWkGiUwapKvyhIpVcqu/AecX3ohrUU9l64ISpRNN/UuN6lVhe+EWvBI61B1S+eLLThzD+huZK9stfyEPbakRB64DEzvWiB80dzEp1emXcuLfSGYJC2TRHuvF1NsT2TYBLpiVc4VKUJi0QyVnpxU= From 4e64c037fc2698de8d142bf8e794b85661d37d4b Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Fri, 17 May 2019 15:37:59 +1200 Subject: [PATCH 36/70] Fix travis error that deploy script not supporting list --- .travis.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2410209..7ad82f0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -51,7 +51,7 @@ jobs: - terraform apply -backup="-" -input=false -auto-approve -var bnc_deploy_role=${OPERATIONS_ROLE_ARN} -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} >/dev/null - REPOSITORY_URI=$(terraform output repository_url) - cd $TRAVIS_BUILD_DIR - - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') + - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') - $(aws ecr get-login --no-include-email) - ./gradlew check - ./gradlew docker dockerTag dockerPush dockerTagsPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI @@ -75,13 +75,12 @@ jobs: - cd deployment/terraform/ecs-service - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null - terraform workspace select development + - eval $(aws sts assume-role --role-arn "$DEVELOPMENT_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') + - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var workspace_account_ids=${WORKSPACE_ACCOUNT_IDS} -var service_name=${SERVICE_NAME} -var service_version=$SERVICE_VERSION -var splunk_url=${SPLUNK_URL} -splunk_token=${SPLUNK_TOKEN} deploy: skip_cleanup: true provider: script - script: - - eval $(aws sts assume-role --role-arn "$DEVELOPMENT_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') - - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var workspace_account_ids=${WORKSPACE_ACCOUNT_IDS} -var service_name=${SERVICE_NAME} -var service_version=$SERVICE_VERSION -var splunk_url=${SPLUNK_URL} -splunk_token=${SPLUNK_TOKEN} - - aws ecs wait services-stable --services $SERVICE_NAME --cluster $CLUSTER_NAME + script: aws ecs wait services-stable --services $SERVICE_NAME --cluster $CLUSTER_NAME on: all_branches: true - stage: deploy to production From 3cae0ed0a72db085bcdec6b57188fae7124dc50e Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Fri, 17 May 2019 15:48:38 +1200 Subject: [PATCH 37/70] Fix -var error when executing terraform apply --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 7ad82f0..9322cfb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -76,7 +76,7 @@ jobs: - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null - terraform workspace select development - eval $(aws sts assume-role --role-arn "$DEVELOPMENT_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') - - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var workspace_account_ids=${WORKSPACE_ACCOUNT_IDS} -var service_name=${SERVICE_NAME} -var service_version=$SERVICE_VERSION -var splunk_url=${SPLUNK_URL} -splunk_token=${SPLUNK_TOKEN} + - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var workspace_account_ids=${WORKSPACE_ACCOUNT_IDS} -var service_name=${SERVICE_NAME} -var service_version=$SERVICE_VERSION -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null deploy: skip_cleanup: true provider: script From 9a4edfbcf240fbfdf7a2542ca2e0378909f761e8 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Fri, 17 May 2019 16:01:33 +1200 Subject: [PATCH 38/70] Fix -var error when executing terraform apply --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 9322cfb..b44dd99 100644 --- a/.travis.yml +++ b/.travis.yml @@ -76,7 +76,7 @@ jobs: - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null - terraform workspace select development - eval $(aws sts assume-role --role-arn "$DEVELOPMENT_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') - - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var workspace_account_ids=${WORKSPACE_ACCOUNT_IDS} -var service_name=${SERVICE_NAME} -var service_version=$SERVICE_VERSION -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null + - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var workspace_account_ids=${WORKSPACE_ACCOUNT_IDS} -var service_name=${SERVICE_NAME} -var service_version=${SERVICE_VERSION} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null deploy: skip_cleanup: true provider: script From 46042ea740ce2d71c0671d8f9b6bbf015f9fcef3 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Fri, 17 May 2019 16:02:08 +1200 Subject: [PATCH 39/70] Fix -var error when executing terraform apply --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index b44dd99..b1a9260 100644 --- a/.travis.yml +++ b/.travis.yml @@ -80,7 +80,7 @@ jobs: deploy: skip_cleanup: true provider: script - script: aws ecs wait services-stable --services $SERVICE_NAME --cluster $CLUSTER_NAME + script: aws ecs wait services-stable --services ${SERVICE_NAME} --cluster ${CLUSTER_NAME} on: all_branches: true - stage: deploy to production From 465178c6822cb57b3e0e99f7d379b21ad70e4b45 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Fri, 17 May 2019 16:15:35 +1200 Subject: [PATCH 40/70] Split deployment step --- .travis.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index b1a9260..3d112fd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -61,22 +61,21 @@ jobs: - stage: deploy to development jdk: openjdk11 env: - - SERVICE_NAME= - - SERVICE_VERSION=$TRAVIS_BUILD_NUMBER + - TF_WORKSPACE=development - SPLUNK_URL = - SPLUNK_TOKEN= - WORKSPACE_ACCOUNT_IDS= - secure: dS38Oo3V58NKRLGKnS27YTNg2T2CnGChGdlw5ZsoW38OpVx9marItn428H0WFL7SkNSJfSnFXJclNj99DdBMxa3nKMEinYBP3LFc1vyCxmwnpHpvOumFaMqH9Jq9Iwce/IapsoTzF/GQnMavFdYAgnxetMIvPvpsIJBjST4yZy1W2SlMr0m3T2Awg44c0Qv9xaIMDy3GSw/EeriC1/exhPmnZOwmGNiFSXqtrNkn6QNkRbuHqzh0M+ajPRNbOlrwjiCvoWDPrUku07VhvFHPxGf0xk+H3nDDyS28QkWZIbnqjpWZVHlYiAJJVUNJ9zz8k6fppCLvTHpLQ1K39bHwUQRow8Pzkx9J99N+LQEntqfo+XeMk3QYy4UJfva1ANjtgObnv3nv06EFdKRtWFZwPyRFBZcoS92OWMOFXGGONn2W1PLmXElq0TANnams1b0zzd7o1HC2jkkibb5oRRBnj7HsBNotibPQbGhVTcjPZyD3kEtkS9XZBQyKGXXDOHbTBVCfEDNSsqlgMDv3uLo5RDiE1tO58TPhUZv7GkLEOwPZcQLqznw9GLqytvE6SyNVhRqtwkyXpAU7vfedBam2JgM3297h56U+EYavLWlwQ02TyK8lsYTBQSa8rQJQ89EkkLa5MEMcT7Ly1E04h3lZf47SPeWq3E9X5Kxo80Z2xuU= - - secure: dficrzM6yl5M/yjaJXABRY2Em6QmrpGh0lRqtKyfO7qUFYNExFqE23UCdeMdixhezbUFLncGzO5HwfWXi0UbVRpoKPNxukwgtIPiU4FKV5H8UhCij8fG2KE0jSuDIGv5AMvsXpVS8lo8gM32yvtYVuNUNy0ZKjmcILEX+PDWAN1WgPqWPQDQqgLsfbD5dqYABo779LzwfhuTQUNciSWKCpHUnfB1Y/gO4LoLeIySsaYEu5UWGp53qYsQVQh0KP8f01lfcvu9cZfZpuXOm9rH9HVxT8DECSjYUUjKV32iJKjzOVMtlrGrMCTbHhEVgnSCKo/TgMh6PMYI+ycX30HA1OTzrtRA1In26TBfVC9NAO0qIhKBGYfoUCuK6RiT3hI5c11p07tkKo44gLiRrRc80F/fwLwd7L6gRRgj0rHzUooPNwBdIgsW83HIz03XvYpVgK1/4Ynj9hCtiQGbmPsPKjoulfX2QMP52/j3daE9MRK+tc6zQaIXkqy37Zg2Ii3tn5VLu/xapi0HvZ94UDQMKSMTwAF01FsgKATN8I5XrAaremfErufQAUtmPgzxSk0VpVzMV+xtOG06oqb53QtfItQtfhXwPQV/A01hyNpAZfw0KiBK5Zu78/xh/mX96rRy09ED/nswzDOIZ9zFI99qyJ7b2K6EjRzy0eQFPd7Sgj8= - secure: nXDs5kInVf6Ty/JIa42b61X+xNcU/PVHfJJ7y9YVRX3HYrbtzusqVuxY1n+JQxZyOo8oSPwmT7OE1muxDP7Hy8APZEdjj1g2r+fp7//0w1OzEFzhk0Gj9b+okc8FgK2U+PnmhQ4n4RmhWC8Qx6L32qiECXzDP12kPuCTHu3uPC4qHLBSVH3fQ04Jk7QyJO4l9kIMRwxyARJ6VsUzwSe5jyytXVikvTZZl/CQoYMGNjMg6B091bt3b2I6Fbkw4jsV0II1VFkQXylj/nnWn2D8ohNG5pfWN3283Ks8f7r3R/yLSqJKqTOMEq7drdAXHdGveXY77xAGURnNXrUiIfMa4UmHhC6cDeC5rliOwjQVTqdo6D9UfkJV+IpSLx6PAIFezQraYEhi/lmFRhrCmsFYLJ85TPGdjkv52tFByDkRWe8+aV/owPT5NEwKJtx9BX6mU/pMavRH8IsIjhbQzeAOVxmU7/MWsU8V7lzfLtHmljZdM9E8V5f3oyDSXkA4bkLJx4P/YBCWc04ii6KXLHqWQ5LiCObhXw972fkegPIz9tDpo1NhxrgEg/cPWg9svE3bXCnegyExvTWeVnTS10IhhAyzA+EBM9kZh6asdQCwGuKnpBxkQaKsGZzUgfFRPQ/mEe2pPlRBo54Qi8ku430QtDoRQxiHkjQdyZkW7wdkonw= - secure: p3Budl8I27/NBUeWLcTLpCkEcwtfxOQ6GZoEUyay+C/58iNP2j6ECaRdAACb+n6lfvAqZqxgQtSwuMdOQ23/k9EE5fdMLI7CxeudQyFiZLwslvF4MjhJbEl02CrxYEzdnJPCOQbXjNHqpKgZH8Ty42U6VFGLLx3VgtP6KPh5gNenjr+UkLg76s/kDE4WNO7ate812ykB9bjfzy9yyFmgI7Y4gjVyS3XBd8v3TWta3VLeAExc/GqJpjk91iByPlWyOu4GVgZJesCaHgAFXXIl0jDxtG+KsOXpVZxjhWbxP0IjbBJzH6wevMYHvIvHleFPL5Y0n4qj/13YyTukyos4WRexBSkDIxZ+HlDZjwNt6fNqxVOYpLREz3FfY2lER2C7u60bNl8zz9j6bFwo0No0SnbjyFHe+q0bMgr5q9p1uQ/4rc1pfeVi/rb2DaPyQCI+OOUspBjBDXvozteV/YcVNO84c69jpfF4LVkEW7fF6e94cQi95q4MfEpoqxSb2cyJ5tqMthF6hVEZuDQtcC9FjhacS47HD+faQaov9EYPm/sPD9voONZo9y6hCpujMmRlVOp4vS0jykBe9ZQtE9eQR3ZEqPqWVMND06WazRHPyI5VCQtXjMiS6ZUKEUP59+BYtnZadfbQvrXtQ/HDKf0TauaMwGUwKjxRQBo8D+FpqOQ= - secure: qy3HdUT1zG5enGgdHMSK7vZ9I45iM130QjycViOuK756GyBtDVikQAeu88LCLaGFWeIdXvipZ2ZAbJ2sjxSzG0zpVf+J6HOeX1MSqYctdRsYAowr/vJryvNlQ1h0LESPOGHbZ1KKISVKvjncwHQzCJ0wQaXDtzmsllpn5qn38MNdov1xCfDAt6vjhXyJKr3ZoMEHQCNM5dj9KhkZ3Rdqj+DnzIO+WbYYoOr9FiNs8n2E/AcOdDJKB0c56GeqEJKbTIxWxLZW4CYQQlk9M1q4khbPIM1Z237uW4/8Xx2+zV7c6XxgqaW0sjY2Qr682W3f36HQlh96Wd9+QOU/g2TmkefM/J6XEpcmO/BCxnGxBeaMCVtuEufYcLXXxe/kByKq/sBe29FgIbss/GBNyb3Gg4feoAESjq4yGPMr5yzMRAMNPvCqafegwVIp4SHfkWbzsRGwQn/mMdG4fdP+0Cl4S8pW0lJMlo3G/+TwyqXCmn6jKB/yKWn9UCEfg11WAMFZHYteXlSVP8iqGSPkZC6wz15NmC4vihletmvoT0rq6o2epl/Oo9P5QWBl3PTcXYBAgdD5Y07r1rQQepG7cMec7Cpsnna5eKlqm+7zvXQgRszkQMzsShen9b/pEzqCtfqKLCEU5a6PHwYN/6+GopbI8SvyC2BZoabiqqm1Nl9VDbg= - script: + install: - cd deployment/terraform/ecs-service - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null - - terraform workspace select development + script: + - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var workspace_account_ids=${WORKSPACE_ACCOUNT_IDS} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null + before_deploy: - eval $(aws sts assume-role --role-arn "$DEVELOPMENT_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') - - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var workspace_account_ids=${WORKSPACE_ACCOUNT_IDS} -var service_name=${SERVICE_NAME} -var service_version=${SERVICE_VERSION} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null deploy: skip_cleanup: true provider: script From a6d90e6dd712f840c84afc22e3c963a0b1c0310f Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Fri, 17 May 2019 16:19:41 +1200 Subject: [PATCH 41/70] Get the cluster name from terraform outputs to reduce variables --- .travis.yml | 2 +- deployment/terraform/ecs-service/outputs.tf | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 3d112fd..a21b338 100644 --- a/.travis.yml +++ b/.travis.yml @@ -65,7 +65,6 @@ jobs: - SPLUNK_URL = - SPLUNK_TOKEN= - WORKSPACE_ACCOUNT_IDS= - - secure: dS38Oo3V58NKRLGKnS27YTNg2T2CnGChGdlw5ZsoW38OpVx9marItn428H0WFL7SkNSJfSnFXJclNj99DdBMxa3nKMEinYBP3LFc1vyCxmwnpHpvOumFaMqH9Jq9Iwce/IapsoTzF/GQnMavFdYAgnxetMIvPvpsIJBjST4yZy1W2SlMr0m3T2Awg44c0Qv9xaIMDy3GSw/EeriC1/exhPmnZOwmGNiFSXqtrNkn6QNkRbuHqzh0M+ajPRNbOlrwjiCvoWDPrUku07VhvFHPxGf0xk+H3nDDyS28QkWZIbnqjpWZVHlYiAJJVUNJ9zz8k6fppCLvTHpLQ1K39bHwUQRow8Pzkx9J99N+LQEntqfo+XeMk3QYy4UJfva1ANjtgObnv3nv06EFdKRtWFZwPyRFBZcoS92OWMOFXGGONn2W1PLmXElq0TANnams1b0zzd7o1HC2jkkibb5oRRBnj7HsBNotibPQbGhVTcjPZyD3kEtkS9XZBQyKGXXDOHbTBVCfEDNSsqlgMDv3uLo5RDiE1tO58TPhUZv7GkLEOwPZcQLqznw9GLqytvE6SyNVhRqtwkyXpAU7vfedBam2JgM3297h56U+EYavLWlwQ02TyK8lsYTBQSa8rQJQ89EkkLa5MEMcT7Ly1E04h3lZf47SPeWq3E9X5Kxo80Z2xuU= - secure: nXDs5kInVf6Ty/JIa42b61X+xNcU/PVHfJJ7y9YVRX3HYrbtzusqVuxY1n+JQxZyOo8oSPwmT7OE1muxDP7Hy8APZEdjj1g2r+fp7//0w1OzEFzhk0Gj9b+okc8FgK2U+PnmhQ4n4RmhWC8Qx6L32qiECXzDP12kPuCTHu3uPC4qHLBSVH3fQ04Jk7QyJO4l9kIMRwxyARJ6VsUzwSe5jyytXVikvTZZl/CQoYMGNjMg6B091bt3b2I6Fbkw4jsV0II1VFkQXylj/nnWn2D8ohNG5pfWN3283Ks8f7r3R/yLSqJKqTOMEq7drdAXHdGveXY77xAGURnNXrUiIfMa4UmHhC6cDeC5rliOwjQVTqdo6D9UfkJV+IpSLx6PAIFezQraYEhi/lmFRhrCmsFYLJ85TPGdjkv52tFByDkRWe8+aV/owPT5NEwKJtx9BX6mU/pMavRH8IsIjhbQzeAOVxmU7/MWsU8V7lzfLtHmljZdM9E8V5f3oyDSXkA4bkLJx4P/YBCWc04ii6KXLHqWQ5LiCObhXw972fkegPIz9tDpo1NhxrgEg/cPWg9svE3bXCnegyExvTWeVnTS10IhhAyzA+EBM9kZh6asdQCwGuKnpBxkQaKsGZzUgfFRPQ/mEe2pPlRBo54Qi8ku430QtDoRQxiHkjQdyZkW7wdkonw= - secure: p3Budl8I27/NBUeWLcTLpCkEcwtfxOQ6GZoEUyay+C/58iNP2j6ECaRdAACb+n6lfvAqZqxgQtSwuMdOQ23/k9EE5fdMLI7CxeudQyFiZLwslvF4MjhJbEl02CrxYEzdnJPCOQbXjNHqpKgZH8Ty42U6VFGLLx3VgtP6KPh5gNenjr+UkLg76s/kDE4WNO7ate812ykB9bjfzy9yyFmgI7Y4gjVyS3XBd8v3TWta3VLeAExc/GqJpjk91iByPlWyOu4GVgZJesCaHgAFXXIl0jDxtG+KsOXpVZxjhWbxP0IjbBJzH6wevMYHvIvHleFPL5Y0n4qj/13YyTukyos4WRexBSkDIxZ+HlDZjwNt6fNqxVOYpLREz3FfY2lER2C7u60bNl8zz9j6bFwo0No0SnbjyFHe+q0bMgr5q9p1uQ/4rc1pfeVi/rb2DaPyQCI+OOUspBjBDXvozteV/YcVNO84c69jpfF4LVkEW7fF6e94cQi95q4MfEpoqxSb2cyJ5tqMthF6hVEZuDQtcC9FjhacS47HD+faQaov9EYPm/sPD9voONZo9y6hCpujMmRlVOp4vS0jykBe9ZQtE9eQR3ZEqPqWVMND06WazRHPyI5VCQtXjMiS6ZUKEUP59+BYtnZadfbQvrXtQ/HDKf0TauaMwGUwKjxRQBo8D+FpqOQ= - secure: qy3HdUT1zG5enGgdHMSK7vZ9I45iM130QjycViOuK756GyBtDVikQAeu88LCLaGFWeIdXvipZ2ZAbJ2sjxSzG0zpVf+J6HOeX1MSqYctdRsYAowr/vJryvNlQ1h0LESPOGHbZ1KKISVKvjncwHQzCJ0wQaXDtzmsllpn5qn38MNdov1xCfDAt6vjhXyJKr3ZoMEHQCNM5dj9KhkZ3Rdqj+DnzIO+WbYYoOr9FiNs8n2E/AcOdDJKB0c56GeqEJKbTIxWxLZW4CYQQlk9M1q4khbPIM1Z237uW4/8Xx2+zV7c6XxgqaW0sjY2Qr682W3f36HQlh96Wd9+QOU/g2TmkefM/J6XEpcmO/BCxnGxBeaMCVtuEufYcLXXxe/kByKq/sBe29FgIbss/GBNyb3Gg4feoAESjq4yGPMr5yzMRAMNPvCqafegwVIp4SHfkWbzsRGwQn/mMdG4fdP+0Cl4S8pW0lJMlo3G/+TwyqXCmn6jKB/yKWn9UCEfg11WAMFZHYteXlSVP8iqGSPkZC6wz15NmC4vihletmvoT0rq6o2epl/Oo9P5QWBl3PTcXYBAgdD5Y07r1rQQepG7cMec7Cpsnna5eKlqm+7zvXQgRszkQMzsShen9b/pEzqCtfqKLCEU5a6PHwYN/6+GopbI8SvyC2BZoabiqqm1Nl9VDbg= @@ -75,6 +74,7 @@ jobs: script: - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var workspace_account_ids=${WORKSPACE_ACCOUNT_IDS} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null before_deploy: + - CLUSTER_NAME=$(terraform output ecs_cluster_name) - eval $(aws sts assume-role --role-arn "$DEVELOPMENT_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') deploy: skip_cleanup: true diff --git a/deployment/terraform/ecs-service/outputs.tf b/deployment/terraform/ecs-service/outputs.tf index e69de29..94c8701 100644 --- a/deployment/terraform/ecs-service/outputs.tf +++ b/deployment/terraform/ecs-service/outputs.tf @@ -0,0 +1,4 @@ +output "ecs_cluster_name" { + sensitive = true + value = "${data.terraform_remote_state.market-data.ecs_cluster_name}" +} From 9490e669c4dbd59ba0b1e7aa9fcb8a4a35eb0b12 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Fri, 17 May 2019 16:23:03 +1200 Subject: [PATCH 42/70] Add change directory at each step --- .travis.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index a21b338..3a825c2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -72,8 +72,10 @@ jobs: - cd deployment/terraform/ecs-service - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null script: + - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var workspace_account_ids=${WORKSPACE_ACCOUNT_IDS} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null before_deploy: + - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service - CLUSTER_NAME=$(terraform output ecs_cluster_name) - eval $(aws sts assume-role --role-arn "$DEVELOPMENT_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') deploy: From d001b2294e2475abb6e01e835fb726b10c1bff04 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Fri, 17 May 2019 16:37:45 +1200 Subject: [PATCH 43/70] Move workspace_account_ids to global --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3a825c2..bb7949a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,6 +19,7 @@ env: - OPERATIONS_ROLE_ARN= - DEVELOPMENT_ROLE_ARN= - PRODUCTION_ROLE_ARN= + - WORKSPACE_ACCOUNT_IDS= - secure: QFLxq6/aFRdQqLbR5NWDAPpnlzk5AQ3bRaYH+uegZaA5qMWvNNEoBjE5yvAJKiOe6jbqW7vqnmHFUSaMQS9gpL8O0r70rW5eswb8QUa+tSc+N2dluzCMp2+Fnj/xk8sAq+ieo5B5El296aLd+9gFK1xnjkORSZHGT+GIXxFZgqO/OCO9TETWuPtDaOkygZvPdBOLs2MItVrnBfWSUL5e6uhFn60G3+E3q3P44reesrcWyyv1x0QM91GsYm7pUVH5gW6K1vptArpW6+S5At1QtGgaLQj+6rY6ywqkOusSgFlYXrGrTGeeOiig8xKTKRQVX1myXWSVCUfiJcLp09rv2zfveQ9lmB42F+GgaocKv8FuIC8RDb4v3qdV3svFB0KpZfOHrdOW9cvTciMyIhzcF2UNui7pUkP5aMdruApAoSxzQP1nbl/lWcacHyoShibXSMw/GYgIGik2s8TY3B3J9secFkMoVgZD2qcmij2+hbTOmVnI3/ocnHdjRfe9Z8G7+P6NlMJ4AN25BglLMJaz4hvjzP3X50PUhPhorYtA9i9WB5cH9TWxnhemcerQjPsHFin2+gKLqEDrRZ+kPNkQiOXUKcfQNN80YaI0PTS4N38sMdluSAKWb6upwvWkmlZcOVZJdoa2s24lNyq2bCdzpmcfalFAZwKszHwKMrlmVgA= - secure: tmIuWwh2CTYUrg1xPLjaNEQST8KKCsw/i6PhaEmamojeDdw+nEFSXm+Yyf3wBxSPI5sLC42lIb2dKia0vcF/V1oK8/V1D/b7VbdKU3LrBKYzqKbL3Y/R/LiirvGrdG/6C9Ai3ET0cUd+oqffCEi/CWRDY9xLdT6tYuMn829xLLZol2rA7ANDP+znGPqbhG9oXAwd5Xffkf5UGKaAtsghuC9eo+F+sKXAU+12ASqivk++D3oiIz/41wIWb6tFkuAsqKvFrbHysd6iTrZjKYTVhQ9aRcQCtPEhS+9FyYe71lhaHW8r5vb1+e+uh0dq2ye6aAPVZx0T1llHF5TvcbF6rYNuAqEbi5bYTr0iPQ3yUy8mH9RWfR0OpuiBNEqdfW1yuyDUm3IURB2CXrnpjgqcntMrizs5ukP9ltqLoAp8YfvtiM7bYrYPHVfyzVjrt1R8FeaNLZtQEk3VtSnO1CwZnD80rQ1YwkpN6jq9xd1mpNCIku96KjVMdJ/lwo1mNhUqDBO4+X5bDFG1j0zBPWvFc0FjQnttn6EJkx+c62VoEDFao1Yu4N7w8qfgxpNaA/j4xeEr8IRp27XvlZc9f8XYFNvmVtZK+GiPOKFnFCZ5BzJKdV97Ma1xRUQbARDG4aqoyZYBBoHuRRGaq/Gse/ZGIPoYS5etcRxAjEGOONP8rLw= - secure: XoxbVPpLStp/Rh2Dbc1MC/pgZANIWSmXSgtA1mZMGCKh2FayvtkC4gSmaQy/P+HbCSrppdKrKqflUNG2T+ZU7K7rT0XB08onOSAhXjGRHtgZbKHWtWneZ5lQdKytbpxyoVG3CbenOTRStuC45EyO33wL0mDcyA3HFeosZefiOFp95FP8aQ52zj7q6blbId767GobGkjXVEKtv1m7Z3TyhDLvlMPgM3th+Dn2vo+uZSx3EvBtbTDjXW7TEI3wAo/vCLdyBrE+ARmkHv+kJjrnlEAh496qIs2NlEohDH/XqQb5GTcRhT4SC/SSeKS8qkybzXtdt7XtBO7XbGHGYAf5gWDVNjsnrHMz8u+edsHTtasrB+QJelYc8iTVjIH9KWAtV8ufD9c9Fk8KQLzpVr/88BF7VQTMBTjRQHOPeGAQnZMmYXiv3b9VL9HZBrnKS0vhuvJRIYtuT93aildK2VDGsvmDX/ofKBkZiQePU7Vq8LHvnGUQxkxo/b2WGfcnTt23X1R8FcKQgbrP9mA1HOlAA3nbVTGkZJzNoXbUtZt4sZR2WHtxNpQRsVaXrRPYATHu8UStfd138EaLeAPuM4EQYTKA/9cOf7pmxtOpypYsTmkIuzxLdFrw3aniagZFQ6SDbVakbPV1BOTr5K0jZKLeeFG516MUKLk+CrIwyALIEbY= @@ -31,6 +32,7 @@ env: - secure: qX/5RgREXn8WbTMj2wLzy7A1Cu4DJ2BwP/HWKDEjhWjWPJ9U5rw/nw7o5qM5l1YFuYGnd7PrgkcYFSsRjYH5mpiW5fB7GSPuxZelEvAKC68YjoarbT7OM7zPotCfp8KwSuXj5EX/uncZfcIjwUksgAcKNp6t01OSyG5ueoAfV+NKiP5rdVeAEKBfUAGUEY7Ru/y2IYvI5N5EOL2EFPSvtW39WkM54IAqjGpaYhRxWyrBRzYAsz2DpjwR8mLetHc8ZKrhTxCQ7Z94Wtxj4TwcY+ZLxuVxbA5OEC3QuLuAXfkcyiFWzm22fdH2zK2y/sQwc2Xe2DfpvjRRsPsADWefWWq0Qn79fD7BsNrFVXMXtcsKQwJyVGRQP4MNu7zTzBJ8U6oVun4pW95S8BUqEaZroyBec7DSfzhVeXvjLdHz2xJ1JWjAKXBSQwWsrC4G2Jg05M4sWtuPgjGRdEm4YsSJ/7u8IP9me0dWiFvZ71jmmUCxrt1GR9HOyhs14jys+85EAzaGnQXy1p6lvZtHrrP0NUI0HWkGiUwapKvyhIpVcqu/AecX3ohrUU9l64ISpRNN/UuN6lVhe+EWvBI61B1S+eLLThzD+huZK9stfyEPbakRB64DEzvWiB80dzEp1emXcuLfSGYJC2TRHuvF1NsT2TYBLpiVc4VKUJi0QyVnpxU= - secure: VBpfsxBmLytS8mdDSHeKRIPFC/QSV0uo/wPScbFDdm8aS9bRDBkAWtyQLdir7aSYyMswV4nphpwuJ8TR0KnLSMk97J/hr371BcLR5UFU+GwIGTx5YaS0nreSZekPX/LZ69uvji/eFZ8a0Gn63nknINrZRxGySwkepTH0qwJuRswTXNtqsBOVZUohzpNLzoti1um+fo4Kt/bqjMIE1UZE4+Z93qFqH3g4A2qHC9qA6H2Atzi/ir3Yq5vsy3bM91RWwAe4mng1OvzJHrRnGTrKGaLGFioLnz0ZdNwWvLjaG1T2fTF/HzUPPuLch4Ff1bmYLi+aZRMC5yWfB5EDpNvgKQUcVnVlixR5yI+xO0rr/szocAi1qLxj+xUHpO8ngyXQkJ/maUzgm0QD5AEi3Tef0OQBJBx23wJoBpHE+pUMDRJKis7WaTFqt2BNvkBKuTkSizoLFX7aD/+lHwmjeU+0soPTJlNp7goZwU8E++sT5N2WJR+/n+zVeogQDi/iCIb/FJrnT5E+geKSPkjD3fhU8LcHu3K8ygkkKnDv+QEd5LR6pRkGffhNv36nenis0KNmy1U0e0cH9tqe4XIJ9696xz6tQ1VWbokrkTETCU3s5P/9B9+32G8JA+mH3cJfgptTYh0cAMMJTKaPlb6HciJz/OE4ebaZhkYmzUFoHbEW8qI= - secure: lgZZrXtKwZutA0EHteUL4C+pH2kT8NcIOVPSPTt7vK/MouBkLcB/CONLQCq1C0M4K3k75ZJCluEg0G0G9gnvpbUH4f/voGaARxY5N7LKMCvnuK2UVQed5Ceh6VXMuGKt+xLMAoCwRliksI7L68uc2+1PujbmECD7aGocr/vXPe4NPqpw6YMPRqc1a6E8nOZESugmZ8wwwzm+tRwUd5zmzWKA2hP7GOeTG56/UpS315jib5rlbTCxFFYkcVLVXBzA57m07JMb0zHjl1MQGxfCCHhDu214SLvRTl1NkxAfqzNQKGdc80CK8qDXQzWnQXgo3Y9JUB7DV2G1WKk9tMtENYyfSllVk8jZTU52hyaFd+1xXhyyhnOauIszQJOqEV8upSGRxKsQ9CFyTl3hdQEJPQm6L4tqVoT362LNq5KA6N/gL7J7QqZl4O0L9qgiVzxBJAWotsVP0FPs4lR4nEUxqiwbK6i084Adj7w1OGXXlQWsVix0yCzgvMD0J1Raq/9cu5jROG7vlW69Y5PtMLNq6JeJmouO8OYHz29Q/NZKfXXikJ86kksm2ZiMOiy2NcgyyWtJSaUQgPSfKQ+m1WncS7F+a6JcsoDwcniGIO/8b44J8UOxiJ4bRLP0nTlGc//pk+4XiuX1GFqNDj7sA4dp/oENQZDOsv8OUnedbHl50Ys= + - secure: ni+SpSWK2lv+YptuzNGZraG8mv1iJ2tHh2XXWnckNgc1cjrvz5lXeo9fWdnrwOGARxSTlFsj3DMKKy2VVrnVnE0Ux3+1DJ3WzGh+68fPhKrF1i4bdD+6C0KSPmgrSEWsEF3rxk0FhEAODeUxEKPSR7L0F8uQwZLTV8kcs4VkDBmD/TQYrIup9or1A+IrzmC40iQSSDxnamupDnykk+qbf26ac12fPcaMMZAiYrg1Dm3vo5QpA6tYuvZ2cufCxt1Fq0d27ebRd8iqeLF7oJAPvxVt75NcR2Ft6BvMyPXQN/2BW6lqOf/uEFx329f/pwNusQ+eUjiUubPmPsiF6VJVoVUj4o9INwy0hfcKBp1+2VO1SobRpAzo6scrfc5/Y0MsK9x7pSe/KO5zVIwV9I35f0ohO6M8un1ESN5Vj0c3KM+KyLdNkDeKQB5xJVF44DBUOCBWxXO+iu3q+mgBarXdxblpfMBF3kZpPbUteP7NXcJBGp5Ud9c4zHsFj8z+c7uLLDABVA9LuuA/lzQnl58nrY3AYAuKD9YwXPGMlLKh7dJG+Ov4804Qh2qMF9yGbqqRuh78ZcmtZP/zFCQ/J+n+hewJO7NCUrdU23WWQgJWuE1UnT7ze54rtR58bIusyBpxkQ89LuGQl/Ld86ielJ4PZ+9HSNdrB9u7yqwZ13nsi18= before_install: - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin @@ -64,10 +66,8 @@ jobs: - TF_WORKSPACE=development - SPLUNK_URL = - SPLUNK_TOKEN= - - WORKSPACE_ACCOUNT_IDS= - secure: nXDs5kInVf6Ty/JIa42b61X+xNcU/PVHfJJ7y9YVRX3HYrbtzusqVuxY1n+JQxZyOo8oSPwmT7OE1muxDP7Hy8APZEdjj1g2r+fp7//0w1OzEFzhk0Gj9b+okc8FgK2U+PnmhQ4n4RmhWC8Qx6L32qiECXzDP12kPuCTHu3uPC4qHLBSVH3fQ04Jk7QyJO4l9kIMRwxyARJ6VsUzwSe5jyytXVikvTZZl/CQoYMGNjMg6B091bt3b2I6Fbkw4jsV0II1VFkQXylj/nnWn2D8ohNG5pfWN3283Ks8f7r3R/yLSqJKqTOMEq7drdAXHdGveXY77xAGURnNXrUiIfMa4UmHhC6cDeC5rliOwjQVTqdo6D9UfkJV+IpSLx6PAIFezQraYEhi/lmFRhrCmsFYLJ85TPGdjkv52tFByDkRWe8+aV/owPT5NEwKJtx9BX6mU/pMavRH8IsIjhbQzeAOVxmU7/MWsU8V7lzfLtHmljZdM9E8V5f3oyDSXkA4bkLJx4P/YBCWc04ii6KXLHqWQ5LiCObhXw972fkegPIz9tDpo1NhxrgEg/cPWg9svE3bXCnegyExvTWeVnTS10IhhAyzA+EBM9kZh6asdQCwGuKnpBxkQaKsGZzUgfFRPQ/mEe2pPlRBo54Qi8ku430QtDoRQxiHkjQdyZkW7wdkonw= - secure: p3Budl8I27/NBUeWLcTLpCkEcwtfxOQ6GZoEUyay+C/58iNP2j6ECaRdAACb+n6lfvAqZqxgQtSwuMdOQ23/k9EE5fdMLI7CxeudQyFiZLwslvF4MjhJbEl02CrxYEzdnJPCOQbXjNHqpKgZH8Ty42U6VFGLLx3VgtP6KPh5gNenjr+UkLg76s/kDE4WNO7ate812ykB9bjfzy9yyFmgI7Y4gjVyS3XBd8v3TWta3VLeAExc/GqJpjk91iByPlWyOu4GVgZJesCaHgAFXXIl0jDxtG+KsOXpVZxjhWbxP0IjbBJzH6wevMYHvIvHleFPL5Y0n4qj/13YyTukyos4WRexBSkDIxZ+HlDZjwNt6fNqxVOYpLREz3FfY2lER2C7u60bNl8zz9j6bFwo0No0SnbjyFHe+q0bMgr5q9p1uQ/4rc1pfeVi/rb2DaPyQCI+OOUspBjBDXvozteV/YcVNO84c69jpfF4LVkEW7fF6e94cQi95q4MfEpoqxSb2cyJ5tqMthF6hVEZuDQtcC9FjhacS47HD+faQaov9EYPm/sPD9voONZo9y6hCpujMmRlVOp4vS0jykBe9ZQtE9eQR3ZEqPqWVMND06WazRHPyI5VCQtXjMiS6ZUKEUP59+BYtnZadfbQvrXtQ/HDKf0TauaMwGUwKjxRQBo8D+FpqOQ= - - secure: qy3HdUT1zG5enGgdHMSK7vZ9I45iM130QjycViOuK756GyBtDVikQAeu88LCLaGFWeIdXvipZ2ZAbJ2sjxSzG0zpVf+J6HOeX1MSqYctdRsYAowr/vJryvNlQ1h0LESPOGHbZ1KKISVKvjncwHQzCJ0wQaXDtzmsllpn5qn38MNdov1xCfDAt6vjhXyJKr3ZoMEHQCNM5dj9KhkZ3Rdqj+DnzIO+WbYYoOr9FiNs8n2E/AcOdDJKB0c56GeqEJKbTIxWxLZW4CYQQlk9M1q4khbPIM1Z237uW4/8Xx2+zV7c6XxgqaW0sjY2Qr682W3f36HQlh96Wd9+QOU/g2TmkefM/J6XEpcmO/BCxnGxBeaMCVtuEufYcLXXxe/kByKq/sBe29FgIbss/GBNyb3Gg4feoAESjq4yGPMr5yzMRAMNPvCqafegwVIp4SHfkWbzsRGwQn/mMdG4fdP+0Cl4S8pW0lJMlo3G/+TwyqXCmn6jKB/yKWn9UCEfg11WAMFZHYteXlSVP8iqGSPkZC6wz15NmC4vihletmvoT0rq6o2epl/Oo9P5QWBl3PTcXYBAgdD5Y07r1rQQepG7cMec7Cpsnna5eKlqm+7zvXQgRszkQMzsShen9b/pEzqCtfqKLCEU5a6PHwYN/6+GopbI8SvyC2BZoabiqqm1Nl9VDbg= install: - cd deployment/terraform/ecs-service - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null From cba2fbdfeb7b7bdd62bda3ad7b2d8c00228a0cca Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Fri, 17 May 2019 16:46:00 +1200 Subject: [PATCH 44/70] Attempt to fix WORKSPACE_ACCOUNT_IDS variable with single quote --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index bb7949a..8d9c85f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,7 +32,7 @@ env: - secure: qX/5RgREXn8WbTMj2wLzy7A1Cu4DJ2BwP/HWKDEjhWjWPJ9U5rw/nw7o5qM5l1YFuYGnd7PrgkcYFSsRjYH5mpiW5fB7GSPuxZelEvAKC68YjoarbT7OM7zPotCfp8KwSuXj5EX/uncZfcIjwUksgAcKNp6t01OSyG5ueoAfV+NKiP5rdVeAEKBfUAGUEY7Ru/y2IYvI5N5EOL2EFPSvtW39WkM54IAqjGpaYhRxWyrBRzYAsz2DpjwR8mLetHc8ZKrhTxCQ7Z94Wtxj4TwcY+ZLxuVxbA5OEC3QuLuAXfkcyiFWzm22fdH2zK2y/sQwc2Xe2DfpvjRRsPsADWefWWq0Qn79fD7BsNrFVXMXtcsKQwJyVGRQP4MNu7zTzBJ8U6oVun4pW95S8BUqEaZroyBec7DSfzhVeXvjLdHz2xJ1JWjAKXBSQwWsrC4G2Jg05M4sWtuPgjGRdEm4YsSJ/7u8IP9me0dWiFvZ71jmmUCxrt1GR9HOyhs14jys+85EAzaGnQXy1p6lvZtHrrP0NUI0HWkGiUwapKvyhIpVcqu/AecX3ohrUU9l64ISpRNN/UuN6lVhe+EWvBI61B1S+eLLThzD+huZK9stfyEPbakRB64DEzvWiB80dzEp1emXcuLfSGYJC2TRHuvF1NsT2TYBLpiVc4VKUJi0QyVnpxU= - secure: VBpfsxBmLytS8mdDSHeKRIPFC/QSV0uo/wPScbFDdm8aS9bRDBkAWtyQLdir7aSYyMswV4nphpwuJ8TR0KnLSMk97J/hr371BcLR5UFU+GwIGTx5YaS0nreSZekPX/LZ69uvji/eFZ8a0Gn63nknINrZRxGySwkepTH0qwJuRswTXNtqsBOVZUohzpNLzoti1um+fo4Kt/bqjMIE1UZE4+Z93qFqH3g4A2qHC9qA6H2Atzi/ir3Yq5vsy3bM91RWwAe4mng1OvzJHrRnGTrKGaLGFioLnz0ZdNwWvLjaG1T2fTF/HzUPPuLch4Ff1bmYLi+aZRMC5yWfB5EDpNvgKQUcVnVlixR5yI+xO0rr/szocAi1qLxj+xUHpO8ngyXQkJ/maUzgm0QD5AEi3Tef0OQBJBx23wJoBpHE+pUMDRJKis7WaTFqt2BNvkBKuTkSizoLFX7aD/+lHwmjeU+0soPTJlNp7goZwU8E++sT5N2WJR+/n+zVeogQDi/iCIb/FJrnT5E+geKSPkjD3fhU8LcHu3K8ygkkKnDv+QEd5LR6pRkGffhNv36nenis0KNmy1U0e0cH9tqe4XIJ9696xz6tQ1VWbokrkTETCU3s5P/9B9+32G8JA+mH3cJfgptTYh0cAMMJTKaPlb6HciJz/OE4ebaZhkYmzUFoHbEW8qI= - secure: lgZZrXtKwZutA0EHteUL4C+pH2kT8NcIOVPSPTt7vK/MouBkLcB/CONLQCq1C0M4K3k75ZJCluEg0G0G9gnvpbUH4f/voGaARxY5N7LKMCvnuK2UVQed5Ceh6VXMuGKt+xLMAoCwRliksI7L68uc2+1PujbmECD7aGocr/vXPe4NPqpw6YMPRqc1a6E8nOZESugmZ8wwwzm+tRwUd5zmzWKA2hP7GOeTG56/UpS315jib5rlbTCxFFYkcVLVXBzA57m07JMb0zHjl1MQGxfCCHhDu214SLvRTl1NkxAfqzNQKGdc80CK8qDXQzWnQXgo3Y9JUB7DV2G1WKk9tMtENYyfSllVk8jZTU52hyaFd+1xXhyyhnOauIszQJOqEV8upSGRxKsQ9CFyTl3hdQEJPQm6L4tqVoT362LNq5KA6N/gL7J7QqZl4O0L9qgiVzxBJAWotsVP0FPs4lR4nEUxqiwbK6i084Adj7w1OGXXlQWsVix0yCzgvMD0J1Raq/9cu5jROG7vlW69Y5PtMLNq6JeJmouO8OYHz29Q/NZKfXXikJ86kksm2ZiMOiy2NcgyyWtJSaUQgPSfKQ+m1WncS7F+a6JcsoDwcniGIO/8b44J8UOxiJ4bRLP0nTlGc//pk+4XiuX1GFqNDj7sA4dp/oENQZDOsv8OUnedbHl50Ys= - - secure: ni+SpSWK2lv+YptuzNGZraG8mv1iJ2tHh2XXWnckNgc1cjrvz5lXeo9fWdnrwOGARxSTlFsj3DMKKy2VVrnVnE0Ux3+1DJ3WzGh+68fPhKrF1i4bdD+6C0KSPmgrSEWsEF3rxk0FhEAODeUxEKPSR7L0F8uQwZLTV8kcs4VkDBmD/TQYrIup9or1A+IrzmC40iQSSDxnamupDnykk+qbf26ac12fPcaMMZAiYrg1Dm3vo5QpA6tYuvZ2cufCxt1Fq0d27ebRd8iqeLF7oJAPvxVt75NcR2Ft6BvMyPXQN/2BW6lqOf/uEFx329f/pwNusQ+eUjiUubPmPsiF6VJVoVUj4o9INwy0hfcKBp1+2VO1SobRpAzo6scrfc5/Y0MsK9x7pSe/KO5zVIwV9I35f0ohO6M8un1ESN5Vj0c3KM+KyLdNkDeKQB5xJVF44DBUOCBWxXO+iu3q+mgBarXdxblpfMBF3kZpPbUteP7NXcJBGp5Ud9c4zHsFj8z+c7uLLDABVA9LuuA/lzQnl58nrY3AYAuKD9YwXPGMlLKh7dJG+Ov4804Qh2qMF9yGbqqRuh78ZcmtZP/zFCQ/J+n+hewJO7NCUrdU23WWQgJWuE1UnT7ze54rtR58bIusyBpxkQ89LuGQl/Ld86ielJ4PZ+9HSNdrB9u7yqwZ13nsi18= + - secure: nvcaE95PDocQcOLdbGRMeLnUmpyAGV7scjZW2V8Tfc2exekxmJwUkXqbusH4k5IQoqEJaGbRVG9KxR4MVYG2dUYUKLKm3TAwnBCvqGt4+leRyYYIENplFHSAjuAiPeO+detg7L4uthsNX/OTo6pwbRO3V1IHIOfYFITIAXtI+RIB/zyUGiyIvBNi1TKoGvmKBCAx6+4zCHkSBF8/qqffHeBfJnaNduU1wsGfMmnr4F2zDXGgsuKE/R4RyUx9Cb98fRARQGISoVK257SgMRG7Pf6AfUIdbGd31Gs2FFsYEvFo07hjR1x/sPVvQKUoS4PgvE9XDqd8DsLioizujPo+DfNcQu5w8jfGVl3AE/mWoA9lC23wCJi6FVrIAhxIFe0UuSDo6GhOSlGZOuMxRLEX2/rh93JIoCtTJgbCIeSh1Rb0wMHT9pDNs9TK+xW38+KlPBLzxt9UCzE23BaVCF5fDRUbEaTpBoPn3Wym3zRCSfxIlEee2BG137nxRdIM+Nb8CXgh7IuJzOEWzs67UfvUYiK0vV6Uqy/baiZ+ziWEghLcYBo/nuaPA6eHRWjlZWgXVveeBl6vL1sdF/rT7Fq1j2FpmZIC0YQr/4C9BmJRJniiChmjYAXo2PaJvbhC4EbqwpIHHHc+EH84rvAP/YljH5NkUYaREDN0SMRFLBKaTl4= before_install: - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin From a60fd1c3c24e041d522f3af19e40d35aa5a314c1 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Fri, 17 May 2019 16:56:01 +1200 Subject: [PATCH 45/70] Temporary echo of workspace variable --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 8d9c85f..be1a7da 100644 --- a/.travis.yml +++ b/.travis.yml @@ -73,6 +73,7 @@ jobs: - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null script: - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service + - echo $WORKSPACE_ACCOUNT_IDS - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var workspace_account_ids=${WORKSPACE_ACCOUNT_IDS} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null before_deploy: - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service From 70bc98b6939d91dceb9b7b9a875aaa1b22f725a4 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Fri, 17 May 2019 16:56:49 +1200 Subject: [PATCH 46/70] Revert "Temporary echo of workspace variable" This reverts commit a60fd1c3 --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index be1a7da..8d9c85f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -73,7 +73,6 @@ jobs: - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null script: - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service - - echo $WORKSPACE_ACCOUNT_IDS - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var workspace_account_ids=${WORKSPACE_ACCOUNT_IDS} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null before_deploy: - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service From 8d1bdfad16e32cfe019fe0a07a6146c1dff4ce31 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Fri, 17 May 2019 17:20:25 +1200 Subject: [PATCH 47/70] Change setting for workspace_account_ids --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 8d9c85f..500b7c1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,7 +32,7 @@ env: - secure: qX/5RgREXn8WbTMj2wLzy7A1Cu4DJ2BwP/HWKDEjhWjWPJ9U5rw/nw7o5qM5l1YFuYGnd7PrgkcYFSsRjYH5mpiW5fB7GSPuxZelEvAKC68YjoarbT7OM7zPotCfp8KwSuXj5EX/uncZfcIjwUksgAcKNp6t01OSyG5ueoAfV+NKiP5rdVeAEKBfUAGUEY7Ru/y2IYvI5N5EOL2EFPSvtW39WkM54IAqjGpaYhRxWyrBRzYAsz2DpjwR8mLetHc8ZKrhTxCQ7Z94Wtxj4TwcY+ZLxuVxbA5OEC3QuLuAXfkcyiFWzm22fdH2zK2y/sQwc2Xe2DfpvjRRsPsADWefWWq0Qn79fD7BsNrFVXMXtcsKQwJyVGRQP4MNu7zTzBJ8U6oVun4pW95S8BUqEaZroyBec7DSfzhVeXvjLdHz2xJ1JWjAKXBSQwWsrC4G2Jg05M4sWtuPgjGRdEm4YsSJ/7u8IP9me0dWiFvZ71jmmUCxrt1GR9HOyhs14jys+85EAzaGnQXy1p6lvZtHrrP0NUI0HWkGiUwapKvyhIpVcqu/AecX3ohrUU9l64ISpRNN/UuN6lVhe+EWvBI61B1S+eLLThzD+huZK9stfyEPbakRB64DEzvWiB80dzEp1emXcuLfSGYJC2TRHuvF1NsT2TYBLpiVc4VKUJi0QyVnpxU= - secure: VBpfsxBmLytS8mdDSHeKRIPFC/QSV0uo/wPScbFDdm8aS9bRDBkAWtyQLdir7aSYyMswV4nphpwuJ8TR0KnLSMk97J/hr371BcLR5UFU+GwIGTx5YaS0nreSZekPX/LZ69uvji/eFZ8a0Gn63nknINrZRxGySwkepTH0qwJuRswTXNtqsBOVZUohzpNLzoti1um+fo4Kt/bqjMIE1UZE4+Z93qFqH3g4A2qHC9qA6H2Atzi/ir3Yq5vsy3bM91RWwAe4mng1OvzJHrRnGTrKGaLGFioLnz0ZdNwWvLjaG1T2fTF/HzUPPuLch4Ff1bmYLi+aZRMC5yWfB5EDpNvgKQUcVnVlixR5yI+xO0rr/szocAi1qLxj+xUHpO8ngyXQkJ/maUzgm0QD5AEi3Tef0OQBJBx23wJoBpHE+pUMDRJKis7WaTFqt2BNvkBKuTkSizoLFX7aD/+lHwmjeU+0soPTJlNp7goZwU8E++sT5N2WJR+/n+zVeogQDi/iCIb/FJrnT5E+geKSPkjD3fhU8LcHu3K8ygkkKnDv+QEd5LR6pRkGffhNv36nenis0KNmy1U0e0cH9tqe4XIJ9696xz6tQ1VWbokrkTETCU3s5P/9B9+32G8JA+mH3cJfgptTYh0cAMMJTKaPlb6HciJz/OE4ebaZhkYmzUFoHbEW8qI= - secure: lgZZrXtKwZutA0EHteUL4C+pH2kT8NcIOVPSPTt7vK/MouBkLcB/CONLQCq1C0M4K3k75ZJCluEg0G0G9gnvpbUH4f/voGaARxY5N7LKMCvnuK2UVQed5Ceh6VXMuGKt+xLMAoCwRliksI7L68uc2+1PujbmECD7aGocr/vXPe4NPqpw6YMPRqc1a6E8nOZESugmZ8wwwzm+tRwUd5zmzWKA2hP7GOeTG56/UpS315jib5rlbTCxFFYkcVLVXBzA57m07JMb0zHjl1MQGxfCCHhDu214SLvRTl1NkxAfqzNQKGdc80CK8qDXQzWnQXgo3Y9JUB7DV2G1WKk9tMtENYyfSllVk8jZTU52hyaFd+1xXhyyhnOauIszQJOqEV8upSGRxKsQ9CFyTl3hdQEJPQm6L4tqVoT362LNq5KA6N/gL7J7QqZl4O0L9qgiVzxBJAWotsVP0FPs4lR4nEUxqiwbK6i084Adj7w1OGXXlQWsVix0yCzgvMD0J1Raq/9cu5jROG7vlW69Y5PtMLNq6JeJmouO8OYHz29Q/NZKfXXikJ86kksm2ZiMOiy2NcgyyWtJSaUQgPSfKQ+m1WncS7F+a6JcsoDwcniGIO/8b44J8UOxiJ4bRLP0nTlGc//pk+4XiuX1GFqNDj7sA4dp/oENQZDOsv8OUnedbHl50Ys= - - secure: nvcaE95PDocQcOLdbGRMeLnUmpyAGV7scjZW2V8Tfc2exekxmJwUkXqbusH4k5IQoqEJaGbRVG9KxR4MVYG2dUYUKLKm3TAwnBCvqGt4+leRyYYIENplFHSAjuAiPeO+detg7L4uthsNX/OTo6pwbRO3V1IHIOfYFITIAXtI+RIB/zyUGiyIvBNi1TKoGvmKBCAx6+4zCHkSBF8/qqffHeBfJnaNduU1wsGfMmnr4F2zDXGgsuKE/R4RyUx9Cb98fRARQGISoVK257SgMRG7Pf6AfUIdbGd31Gs2FFsYEvFo07hjR1x/sPVvQKUoS4PgvE9XDqd8DsLioizujPo+DfNcQu5w8jfGVl3AE/mWoA9lC23wCJi6FVrIAhxIFe0UuSDo6GhOSlGZOuMxRLEX2/rh93JIoCtTJgbCIeSh1Rb0wMHT9pDNs9TK+xW38+KlPBLzxt9UCzE23BaVCF5fDRUbEaTpBoPn3Wym3zRCSfxIlEee2BG137nxRdIM+Nb8CXgh7IuJzOEWzs67UfvUYiK0vV6Uqy/baiZ+ziWEghLcYBo/nuaPA6eHRWjlZWgXVveeBl6vL1sdF/rT7Fq1j2FpmZIC0YQr/4C9BmJRJniiChmjYAXo2PaJvbhC4EbqwpIHHHc+EH84rvAP/YljH5NkUYaREDN0SMRFLBKaTl4= + - secure: V82GWcaFmZTgWPv/iGghlPUMhA63lAoxf2KQ0yqWLjiRy8cfRAyyJrYGkAL2itAxmCyUzD2swRLuo+zbo45GSSXDxZ4KMCDEZt0SoxQk8GeZCqIQgyW0kqNfbCKGD1bepJ4VeLMGjsmzGhEH8ELLArbZVI8z9HaZdG1Lk+wIl3tiOJHSmxQPO/TDUbiyK9JGCNgYQbPt5N2UepVSyXLo/JysVxBnSQp7L+j3ueQRJu0IGXFE5lbNtyn/KzDOBV9aHIze9A1HHy8vKZYZaeVQXMpp2sr27ZSdDDj8zrqFPiPgdoIxJqIIufvEHYLN0sQk0ph/zSz+MQSp6ta7LS3keDSAjo7RW4DhwbJKWG7o3pj9fKkGK7b3PAK6UzHMAo6hoq9Ab3uI5l5G/tca9SNKpWEUhR4Rm2CwdbZXHt7glXGPy76E2nxZPQJPUoKb0p4gBL2gGXQgWp0bE7gohL0s4CaSHPFoDoWYEDodd0g4iHG8tbqXMHoI2tJBrH4N0mjQ259DDwDkMbombHlPdqXVF9LSGVz75Wr4joQa4ld2uCDIzEEOVnGtg8CrCejwZL+yz6BEGlxowC3F59/7lr9TyQL4wMjGfu1IrUIsD2p5DM319tIE2yH9pJQXfmNLBXK661ccokxtY8wS5aK4EfUpoeGevaQ1MzRsBYRPX3mT+Zw= before_install: - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin @@ -73,7 +73,7 @@ jobs: - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null script: - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service - - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var workspace_account_ids=${WORKSPACE_ACCOUNT_IDS} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null + - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var 'workspace_account_ids=${WORKSPACE_ACCOUNT_IDS}' -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null before_deploy: - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service - CLUSTER_NAME=$(terraform output ecs_cluster_name) From 7f448b06e8d76d8d0f70c863d9fc3219c3976b72 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Fri, 17 May 2019 17:30:37 +1200 Subject: [PATCH 48/70] Change setting for workspace_account_ids --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 500b7c1..1891521 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,7 +32,7 @@ env: - secure: qX/5RgREXn8WbTMj2wLzy7A1Cu4DJ2BwP/HWKDEjhWjWPJ9U5rw/nw7o5qM5l1YFuYGnd7PrgkcYFSsRjYH5mpiW5fB7GSPuxZelEvAKC68YjoarbT7OM7zPotCfp8KwSuXj5EX/uncZfcIjwUksgAcKNp6t01OSyG5ueoAfV+NKiP5rdVeAEKBfUAGUEY7Ru/y2IYvI5N5EOL2EFPSvtW39WkM54IAqjGpaYhRxWyrBRzYAsz2DpjwR8mLetHc8ZKrhTxCQ7Z94Wtxj4TwcY+ZLxuVxbA5OEC3QuLuAXfkcyiFWzm22fdH2zK2y/sQwc2Xe2DfpvjRRsPsADWefWWq0Qn79fD7BsNrFVXMXtcsKQwJyVGRQP4MNu7zTzBJ8U6oVun4pW95S8BUqEaZroyBec7DSfzhVeXvjLdHz2xJ1JWjAKXBSQwWsrC4G2Jg05M4sWtuPgjGRdEm4YsSJ/7u8IP9me0dWiFvZ71jmmUCxrt1GR9HOyhs14jys+85EAzaGnQXy1p6lvZtHrrP0NUI0HWkGiUwapKvyhIpVcqu/AecX3ohrUU9l64ISpRNN/UuN6lVhe+EWvBI61B1S+eLLThzD+huZK9stfyEPbakRB64DEzvWiB80dzEp1emXcuLfSGYJC2TRHuvF1NsT2TYBLpiVc4VKUJi0QyVnpxU= - secure: VBpfsxBmLytS8mdDSHeKRIPFC/QSV0uo/wPScbFDdm8aS9bRDBkAWtyQLdir7aSYyMswV4nphpwuJ8TR0KnLSMk97J/hr371BcLR5UFU+GwIGTx5YaS0nreSZekPX/LZ69uvji/eFZ8a0Gn63nknINrZRxGySwkepTH0qwJuRswTXNtqsBOVZUohzpNLzoti1um+fo4Kt/bqjMIE1UZE4+Z93qFqH3g4A2qHC9qA6H2Atzi/ir3Yq5vsy3bM91RWwAe4mng1OvzJHrRnGTrKGaLGFioLnz0ZdNwWvLjaG1T2fTF/HzUPPuLch4Ff1bmYLi+aZRMC5yWfB5EDpNvgKQUcVnVlixR5yI+xO0rr/szocAi1qLxj+xUHpO8ngyXQkJ/maUzgm0QD5AEi3Tef0OQBJBx23wJoBpHE+pUMDRJKis7WaTFqt2BNvkBKuTkSizoLFX7aD/+lHwmjeU+0soPTJlNp7goZwU8E++sT5N2WJR+/n+zVeogQDi/iCIb/FJrnT5E+geKSPkjD3fhU8LcHu3K8ygkkKnDv+QEd5LR6pRkGffhNv36nenis0KNmy1U0e0cH9tqe4XIJ9696xz6tQ1VWbokrkTETCU3s5P/9B9+32G8JA+mH3cJfgptTYh0cAMMJTKaPlb6HciJz/OE4ebaZhkYmzUFoHbEW8qI= - secure: lgZZrXtKwZutA0EHteUL4C+pH2kT8NcIOVPSPTt7vK/MouBkLcB/CONLQCq1C0M4K3k75ZJCluEg0G0G9gnvpbUH4f/voGaARxY5N7LKMCvnuK2UVQed5Ceh6VXMuGKt+xLMAoCwRliksI7L68uc2+1PujbmECD7aGocr/vXPe4NPqpw6YMPRqc1a6E8nOZESugmZ8wwwzm+tRwUd5zmzWKA2hP7GOeTG56/UpS315jib5rlbTCxFFYkcVLVXBzA57m07JMb0zHjl1MQGxfCCHhDu214SLvRTl1NkxAfqzNQKGdc80CK8qDXQzWnQXgo3Y9JUB7DV2G1WKk9tMtENYyfSllVk8jZTU52hyaFd+1xXhyyhnOauIszQJOqEV8upSGRxKsQ9CFyTl3hdQEJPQm6L4tqVoT362LNq5KA6N/gL7J7QqZl4O0L9qgiVzxBJAWotsVP0FPs4lR4nEUxqiwbK6i084Adj7w1OGXXlQWsVix0yCzgvMD0J1Raq/9cu5jROG7vlW69Y5PtMLNq6JeJmouO8OYHz29Q/NZKfXXikJ86kksm2ZiMOiy2NcgyyWtJSaUQgPSfKQ+m1WncS7F+a6JcsoDwcniGIO/8b44J8UOxiJ4bRLP0nTlGc//pk+4XiuX1GFqNDj7sA4dp/oENQZDOsv8OUnedbHl50Ys= - - secure: V82GWcaFmZTgWPv/iGghlPUMhA63lAoxf2KQ0yqWLjiRy8cfRAyyJrYGkAL2itAxmCyUzD2swRLuo+zbo45GSSXDxZ4KMCDEZt0SoxQk8GeZCqIQgyW0kqNfbCKGD1bepJ4VeLMGjsmzGhEH8ELLArbZVI8z9HaZdG1Lk+wIl3tiOJHSmxQPO/TDUbiyK9JGCNgYQbPt5N2UepVSyXLo/JysVxBnSQp7L+j3ueQRJu0IGXFE5lbNtyn/KzDOBV9aHIze9A1HHy8vKZYZaeVQXMpp2sr27ZSdDDj8zrqFPiPgdoIxJqIIufvEHYLN0sQk0ph/zSz+MQSp6ta7LS3keDSAjo7RW4DhwbJKWG7o3pj9fKkGK7b3PAK6UzHMAo6hoq9Ab3uI5l5G/tca9SNKpWEUhR4Rm2CwdbZXHt7glXGPy76E2nxZPQJPUoKb0p4gBL2gGXQgWp0bE7gohL0s4CaSHPFoDoWYEDodd0g4iHG8tbqXMHoI2tJBrH4N0mjQ259DDwDkMbombHlPdqXVF9LSGVz75Wr4joQa4ld2uCDIzEEOVnGtg8CrCejwZL+yz6BEGlxowC3F59/7lr9TyQL4wMjGfu1IrUIsD2p5DM319tIE2yH9pJQXfmNLBXK661ccokxtY8wS5aK4EfUpoeGevaQ1MzRsBYRPX3mT+Zw= + - secure: lvb33bBDqhFsghyTDUb27K2ctK79Ut5J5ebSIh9vxGc7orssCbhVdYdvTSre0FXDJhgGUtAw1tds+UA8kb47XHul/ry3EYhDzBC4waf5lMBdLRh9+CyW9992ScILk3ShZenIOvzkUnRLLJtpjCnj/PG5xAq5ijaZVlQj9AjscbKC+6iilY31yKzHEpx5MdGYJdde3v+Oo5kLl7HeceaUzgyQrMsWh0nElf7p+btnd+gR+p4OtRe11l2WhzQWAukMfONVJajl4LGf1e71BgSRQe27GUby26mc8fXqi4CdmwcqpJgZo5Zykp6goa7i2+GITmFtSGo24kNoqRpclfOikPwSTZB+eb0dqlC0MqUedznqHcb5uineeMPiF6JNBpPCfHyLy+gL0hm1hjJiohXd1QnO4cZx+LRGHJAuyRpXp+KGaP1wnyqoO72hhBnRU+2oXAZdRvxS2sB9ne1SAQnRGoFdWzma+9hboYiQATVNbdtwZAjFHE6avj+a5ZCS7YhAw0yCQ3fUqs5bUtB9sIntVShdI3GzhQZwTI3iROKIgEXf8yBJJZKzYxtJyKLbIrS6RdGCugH7sYXwdCvMiXd9fHbwO+16Bg89LLiSD4bO67wSN1LXydq5OklzVn/Y9DlXatRJHemzbzrSrQV2U9JRjUFbSTwrq6/X42L+mxdEsPk= before_install: - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin From 0ef554e4802ac3cd1ff2e6dffe5ffe58a09efc9d Mon Sep 17 00:00:00 2001 From: james Date: Fri, 17 May 2019 17:03:15 +1200 Subject: [PATCH 49/70] Add includes group for the brave new coin repo --- build.gradle | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/build.gradle b/build.gradle index e7b540c..35f301f 100644 --- a/build.gradle +++ b/build.gradle @@ -28,12 +28,17 @@ allprojects { sourceCompatibility = JavaVersion.VERSION_11 targetCompatibility = JavaVersion.VERSION_11 compileJava.options.encoding = "UTF-8" + compileTestJava.options.encoding = "UTF-8" repositories { mavenCentral() jcenter() maven { + // This repository is only used for Brave New Coin artifacts. It is not required to build this project. url "s3://artifact.bravenewcoin.com/maven/release" + content { + includeGroup "com.bnc" + } credentials(AwsCredentials) { accessKey "${awsAccessKeyId}" secretKey "${awsSecretAccessKey}" From f599bc89c8bb3304b10b5ddd1b4ac43cf582e57b Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Fri, 17 May 2019 17:48:44 +1200 Subject: [PATCH 50/70] Change setting for workspace_account_ids --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 1891521..db13553 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,7 +32,7 @@ env: - secure: qX/5RgREXn8WbTMj2wLzy7A1Cu4DJ2BwP/HWKDEjhWjWPJ9U5rw/nw7o5qM5l1YFuYGnd7PrgkcYFSsRjYH5mpiW5fB7GSPuxZelEvAKC68YjoarbT7OM7zPotCfp8KwSuXj5EX/uncZfcIjwUksgAcKNp6t01OSyG5ueoAfV+NKiP5rdVeAEKBfUAGUEY7Ru/y2IYvI5N5EOL2EFPSvtW39WkM54IAqjGpaYhRxWyrBRzYAsz2DpjwR8mLetHc8ZKrhTxCQ7Z94Wtxj4TwcY+ZLxuVxbA5OEC3QuLuAXfkcyiFWzm22fdH2zK2y/sQwc2Xe2DfpvjRRsPsADWefWWq0Qn79fD7BsNrFVXMXtcsKQwJyVGRQP4MNu7zTzBJ8U6oVun4pW95S8BUqEaZroyBec7DSfzhVeXvjLdHz2xJ1JWjAKXBSQwWsrC4G2Jg05M4sWtuPgjGRdEm4YsSJ/7u8IP9me0dWiFvZ71jmmUCxrt1GR9HOyhs14jys+85EAzaGnQXy1p6lvZtHrrP0NUI0HWkGiUwapKvyhIpVcqu/AecX3ohrUU9l64ISpRNN/UuN6lVhe+EWvBI61B1S+eLLThzD+huZK9stfyEPbakRB64DEzvWiB80dzEp1emXcuLfSGYJC2TRHuvF1NsT2TYBLpiVc4VKUJi0QyVnpxU= - secure: VBpfsxBmLytS8mdDSHeKRIPFC/QSV0uo/wPScbFDdm8aS9bRDBkAWtyQLdir7aSYyMswV4nphpwuJ8TR0KnLSMk97J/hr371BcLR5UFU+GwIGTx5YaS0nreSZekPX/LZ69uvji/eFZ8a0Gn63nknINrZRxGySwkepTH0qwJuRswTXNtqsBOVZUohzpNLzoti1um+fo4Kt/bqjMIE1UZE4+Z93qFqH3g4A2qHC9qA6H2Atzi/ir3Yq5vsy3bM91RWwAe4mng1OvzJHrRnGTrKGaLGFioLnz0ZdNwWvLjaG1T2fTF/HzUPPuLch4Ff1bmYLi+aZRMC5yWfB5EDpNvgKQUcVnVlixR5yI+xO0rr/szocAi1qLxj+xUHpO8ngyXQkJ/maUzgm0QD5AEi3Tef0OQBJBx23wJoBpHE+pUMDRJKis7WaTFqt2BNvkBKuTkSizoLFX7aD/+lHwmjeU+0soPTJlNp7goZwU8E++sT5N2WJR+/n+zVeogQDi/iCIb/FJrnT5E+geKSPkjD3fhU8LcHu3K8ygkkKnDv+QEd5LR6pRkGffhNv36nenis0KNmy1U0e0cH9tqe4XIJ9696xz6tQ1VWbokrkTETCU3s5P/9B9+32G8JA+mH3cJfgptTYh0cAMMJTKaPlb6HciJz/OE4ebaZhkYmzUFoHbEW8qI= - secure: lgZZrXtKwZutA0EHteUL4C+pH2kT8NcIOVPSPTt7vK/MouBkLcB/CONLQCq1C0M4K3k75ZJCluEg0G0G9gnvpbUH4f/voGaARxY5N7LKMCvnuK2UVQed5Ceh6VXMuGKt+xLMAoCwRliksI7L68uc2+1PujbmECD7aGocr/vXPe4NPqpw6YMPRqc1a6E8nOZESugmZ8wwwzm+tRwUd5zmzWKA2hP7GOeTG56/UpS315jib5rlbTCxFFYkcVLVXBzA57m07JMb0zHjl1MQGxfCCHhDu214SLvRTl1NkxAfqzNQKGdc80CK8qDXQzWnQXgo3Y9JUB7DV2G1WKk9tMtENYyfSllVk8jZTU52hyaFd+1xXhyyhnOauIszQJOqEV8upSGRxKsQ9CFyTl3hdQEJPQm6L4tqVoT362LNq5KA6N/gL7J7QqZl4O0L9qgiVzxBJAWotsVP0FPs4lR4nEUxqiwbK6i084Adj7w1OGXXlQWsVix0yCzgvMD0J1Raq/9cu5jROG7vlW69Y5PtMLNq6JeJmouO8OYHz29Q/NZKfXXikJ86kksm2ZiMOiy2NcgyyWtJSaUQgPSfKQ+m1WncS7F+a6JcsoDwcniGIO/8b44J8UOxiJ4bRLP0nTlGc//pk+4XiuX1GFqNDj7sA4dp/oENQZDOsv8OUnedbHl50Ys= - - secure: lvb33bBDqhFsghyTDUb27K2ctK79Ut5J5ebSIh9vxGc7orssCbhVdYdvTSre0FXDJhgGUtAw1tds+UA8kb47XHul/ry3EYhDzBC4waf5lMBdLRh9+CyW9992ScILk3ShZenIOvzkUnRLLJtpjCnj/PG5xAq5ijaZVlQj9AjscbKC+6iilY31yKzHEpx5MdGYJdde3v+Oo5kLl7HeceaUzgyQrMsWh0nElf7p+btnd+gR+p4OtRe11l2WhzQWAukMfONVJajl4LGf1e71BgSRQe27GUby26mc8fXqi4CdmwcqpJgZo5Zykp6goa7i2+GITmFtSGo24kNoqRpclfOikPwSTZB+eb0dqlC0MqUedznqHcb5uineeMPiF6JNBpPCfHyLy+gL0hm1hjJiohXd1QnO4cZx+LRGHJAuyRpXp+KGaP1wnyqoO72hhBnRU+2oXAZdRvxS2sB9ne1SAQnRGoFdWzma+9hboYiQATVNbdtwZAjFHE6avj+a5ZCS7YhAw0yCQ3fUqs5bUtB9sIntVShdI3GzhQZwTI3iROKIgEXf8yBJJZKzYxtJyKLbIrS6RdGCugH7sYXwdCvMiXd9fHbwO+16Bg89LLiSD4bO67wSN1LXydq5OklzVn/Y9DlXatRJHemzbzrSrQV2U9JRjUFbSTwrq6/X42L+mxdEsPk= + - secure: rvF/Dke01ReKoZzRfyADT2OUcBKtIsQL7pX3H16KDIAOffN/weaJ+aGCmB7Od3t9U0P3NEP9PGjohl8ZNHo/JsonImFuqkjoFRAkVi+xwSeXmsrUPihSQdeFjd6QdVptSG7t9oP6OSNNSPvRk1JkL9X7BlFBlj4YMrMWC2UL5LBKCMnYV/TkDjQUX2q4OzWTFaltAx3nvjZNQQhVrB198MG9oA0Xx9iFKjHyqfEoeSf6omZhM8OusqI0MkiPwGE2NBKryVCFtKIzUCwxLq0tLYlihafVFEJjFa+17iLCRTA/H8z3HKc9w2yHNntxBrNxXDNmUubVT3DwSRCz24W8mwpHAUmfvFM88RdVah5cAOSsPymee2Nbq/H+BfyXTlPHGz8GlIyOCJc2LB4XxhFipAGOxTHv0RowOCxXJ8duZdH+lYwxBf6PqNr9QTlIkPKFFwb5z6VHOUnc7GW9TNKVgrwuHDaoQvb9EUVXhE5ZeKYymKRqx0CVEsi5FHxqjULIp6p1xstZCFyH6m2mqpVKYN1/XF6Ziz3l0MAEnonU2SzguvXT3bLw4mIC1EvBLno8bN4+lE7HPnRod30d39hRPdVXImO7WSLFz72p/FjUMaaPZyDOHu2eBCXtNW2OiVHL5kMkDnsz1qXpCm9Btt89HK0ofB4zQu3N17+jnHphxak= before_install: - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin From 926e2c3504506ac6e4aff064a14862a75ce2f42b Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Fri, 17 May 2019 17:52:30 +1200 Subject: [PATCH 51/70] Change setting for workspace_account_ids --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index db13553..523486a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,7 +32,7 @@ env: - secure: qX/5RgREXn8WbTMj2wLzy7A1Cu4DJ2BwP/HWKDEjhWjWPJ9U5rw/nw7o5qM5l1YFuYGnd7PrgkcYFSsRjYH5mpiW5fB7GSPuxZelEvAKC68YjoarbT7OM7zPotCfp8KwSuXj5EX/uncZfcIjwUksgAcKNp6t01OSyG5ueoAfV+NKiP5rdVeAEKBfUAGUEY7Ru/y2IYvI5N5EOL2EFPSvtW39WkM54IAqjGpaYhRxWyrBRzYAsz2DpjwR8mLetHc8ZKrhTxCQ7Z94Wtxj4TwcY+ZLxuVxbA5OEC3QuLuAXfkcyiFWzm22fdH2zK2y/sQwc2Xe2DfpvjRRsPsADWefWWq0Qn79fD7BsNrFVXMXtcsKQwJyVGRQP4MNu7zTzBJ8U6oVun4pW95S8BUqEaZroyBec7DSfzhVeXvjLdHz2xJ1JWjAKXBSQwWsrC4G2Jg05M4sWtuPgjGRdEm4YsSJ/7u8IP9me0dWiFvZ71jmmUCxrt1GR9HOyhs14jys+85EAzaGnQXy1p6lvZtHrrP0NUI0HWkGiUwapKvyhIpVcqu/AecX3ohrUU9l64ISpRNN/UuN6lVhe+EWvBI61B1S+eLLThzD+huZK9stfyEPbakRB64DEzvWiB80dzEp1emXcuLfSGYJC2TRHuvF1NsT2TYBLpiVc4VKUJi0QyVnpxU= - secure: VBpfsxBmLytS8mdDSHeKRIPFC/QSV0uo/wPScbFDdm8aS9bRDBkAWtyQLdir7aSYyMswV4nphpwuJ8TR0KnLSMk97J/hr371BcLR5UFU+GwIGTx5YaS0nreSZekPX/LZ69uvji/eFZ8a0Gn63nknINrZRxGySwkepTH0qwJuRswTXNtqsBOVZUohzpNLzoti1um+fo4Kt/bqjMIE1UZE4+Z93qFqH3g4A2qHC9qA6H2Atzi/ir3Yq5vsy3bM91RWwAe4mng1OvzJHrRnGTrKGaLGFioLnz0ZdNwWvLjaG1T2fTF/HzUPPuLch4Ff1bmYLi+aZRMC5yWfB5EDpNvgKQUcVnVlixR5yI+xO0rr/szocAi1qLxj+xUHpO8ngyXQkJ/maUzgm0QD5AEi3Tef0OQBJBx23wJoBpHE+pUMDRJKis7WaTFqt2BNvkBKuTkSizoLFX7aD/+lHwmjeU+0soPTJlNp7goZwU8E++sT5N2WJR+/n+zVeogQDi/iCIb/FJrnT5E+geKSPkjD3fhU8LcHu3K8ygkkKnDv+QEd5LR6pRkGffhNv36nenis0KNmy1U0e0cH9tqe4XIJ9696xz6tQ1VWbokrkTETCU3s5P/9B9+32G8JA+mH3cJfgptTYh0cAMMJTKaPlb6HciJz/OE4ebaZhkYmzUFoHbEW8qI= - secure: lgZZrXtKwZutA0EHteUL4C+pH2kT8NcIOVPSPTt7vK/MouBkLcB/CONLQCq1C0M4K3k75ZJCluEg0G0G9gnvpbUH4f/voGaARxY5N7LKMCvnuK2UVQed5Ceh6VXMuGKt+xLMAoCwRliksI7L68uc2+1PujbmECD7aGocr/vXPe4NPqpw6YMPRqc1a6E8nOZESugmZ8wwwzm+tRwUd5zmzWKA2hP7GOeTG56/UpS315jib5rlbTCxFFYkcVLVXBzA57m07JMb0zHjl1MQGxfCCHhDu214SLvRTl1NkxAfqzNQKGdc80CK8qDXQzWnQXgo3Y9JUB7DV2G1WKk9tMtENYyfSllVk8jZTU52hyaFd+1xXhyyhnOauIszQJOqEV8upSGRxKsQ9CFyTl3hdQEJPQm6L4tqVoT362LNq5KA6N/gL7J7QqZl4O0L9qgiVzxBJAWotsVP0FPs4lR4nEUxqiwbK6i084Adj7w1OGXXlQWsVix0yCzgvMD0J1Raq/9cu5jROG7vlW69Y5PtMLNq6JeJmouO8OYHz29Q/NZKfXXikJ86kksm2ZiMOiy2NcgyyWtJSaUQgPSfKQ+m1WncS7F+a6JcsoDwcniGIO/8b44J8UOxiJ4bRLP0nTlGc//pk+4XiuX1GFqNDj7sA4dp/oENQZDOsv8OUnedbHl50Ys= - - secure: rvF/Dke01ReKoZzRfyADT2OUcBKtIsQL7pX3H16KDIAOffN/weaJ+aGCmB7Od3t9U0P3NEP9PGjohl8ZNHo/JsonImFuqkjoFRAkVi+xwSeXmsrUPihSQdeFjd6QdVptSG7t9oP6OSNNSPvRk1JkL9X7BlFBlj4YMrMWC2UL5LBKCMnYV/TkDjQUX2q4OzWTFaltAx3nvjZNQQhVrB198MG9oA0Xx9iFKjHyqfEoeSf6omZhM8OusqI0MkiPwGE2NBKryVCFtKIzUCwxLq0tLYlihafVFEJjFa+17iLCRTA/H8z3HKc9w2yHNntxBrNxXDNmUubVT3DwSRCz24W8mwpHAUmfvFM88RdVah5cAOSsPymee2Nbq/H+BfyXTlPHGz8GlIyOCJc2LB4XxhFipAGOxTHv0RowOCxXJ8duZdH+lYwxBf6PqNr9QTlIkPKFFwb5z6VHOUnc7GW9TNKVgrwuHDaoQvb9EUVXhE5ZeKYymKRqx0CVEsi5FHxqjULIp6p1xstZCFyH6m2mqpVKYN1/XF6Ziz3l0MAEnonU2SzguvXT3bLw4mIC1EvBLno8bN4+lE7HPnRod30d39hRPdVXImO7WSLFz72p/FjUMaaPZyDOHu2eBCXtNW2OiVHL5kMkDnsz1qXpCm9Btt89HK0ofB4zQu3N17+jnHphxak= + - secure: A9WG0Q9DrTPmUei6cGysowHwt32o/QUQDNWfWfel54GZLWOVCDFqMdO/BeENK3AiHLyHRk/N40ZnGD1YJmRWNODtd8k5jvq//F2CVSmb4Sy4jMgifslZQutW9Fnf/oRp1vsoUZQTwlnmpM6vesfsc7PwWOjHIT7zkBZAuGi0NtW+5Cb+wMCGMygIb+0OCDfI1qywXH7a5T3F8L0n7QQkA/0jJug71EvUZK7FrgJL5aE/phNQbO0kD9CLLxaffdzls4sT4Cs+IcetsR0PczROiaAbDyx2vR0tKxtpxwXCgskDCvTAzYHUJ2ahjkWIwr9qVecGMcs/YDpFKhGtkXwXDC+kImN7e8LZffVGYbpYYfzxRjaRNpS6wXij5X2PU5yVrT9Ye3TZd1kLy0+F9kYHikFlC2MCtbKgI5rARivx9toYTTVULJDO30qtdun60grR4ThyZeSbeyCP6ujYz95usxHpHqSDEmqA0xvOD6xh+4vG6uK5ZNBkkNZnNRamHtosLZOWPnVnwuyv3u3VD7QgoCqZzaDfSLusuk3HsUdOPxlLQVgiztQRt5qtosGYNVh8XflCagmvYIBwTA85ibKVb4V+8ghHK03rIXZrjxcTNuyhCVBvwuknHvgbhwyUNhtzSdOzL0Qjfmq708w+33sdovfaGCckhppwzXiVT8TlxC0= before_install: - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin From 7b52dc89abfeecee829cefd841a03f5bb4b41d03 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Fri, 17 May 2019 17:58:54 +1200 Subject: [PATCH 52/70] Echo WORKSPACE variable --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 523486a..5fbe989 100644 --- a/.travis.yml +++ b/.travis.yml @@ -73,6 +73,7 @@ jobs: - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null script: - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service + - echo $WORKSPACE_ACCOUNT_IDS - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var 'workspace_account_ids=${WORKSPACE_ACCOUNT_IDS}' -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null before_deploy: - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service From 60430776ab1735704c973fd74e965b8c52863f53 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Fri, 17 May 2019 18:18:28 +1200 Subject: [PATCH 53/70] Use the roles defined instead of building the role arn dynamically --- .travis.yml | 6 ++---- deployment/terraform/ecs-service/main.tf | 2 +- deployment/terraform/ecs-service/variables.tf | 10 +++++----- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/.travis.yml b/.travis.yml index 5fbe989..08395cb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,7 +19,6 @@ env: - OPERATIONS_ROLE_ARN= - DEVELOPMENT_ROLE_ARN= - PRODUCTION_ROLE_ARN= - - WORKSPACE_ACCOUNT_IDS= - secure: QFLxq6/aFRdQqLbR5NWDAPpnlzk5AQ3bRaYH+uegZaA5qMWvNNEoBjE5yvAJKiOe6jbqW7vqnmHFUSaMQS9gpL8O0r70rW5eswb8QUa+tSc+N2dluzCMp2+Fnj/xk8sAq+ieo5B5El296aLd+9gFK1xnjkORSZHGT+GIXxFZgqO/OCO9TETWuPtDaOkygZvPdBOLs2MItVrnBfWSUL5e6uhFn60G3+E3q3P44reesrcWyyv1x0QM91GsYm7pUVH5gW6K1vptArpW6+S5At1QtGgaLQj+6rY6ywqkOusSgFlYXrGrTGeeOiig8xKTKRQVX1myXWSVCUfiJcLp09rv2zfveQ9lmB42F+GgaocKv8FuIC8RDb4v3qdV3svFB0KpZfOHrdOW9cvTciMyIhzcF2UNui7pUkP5aMdruApAoSxzQP1nbl/lWcacHyoShibXSMw/GYgIGik2s8TY3B3J9secFkMoVgZD2qcmij2+hbTOmVnI3/ocnHdjRfe9Z8G7+P6NlMJ4AN25BglLMJaz4hvjzP3X50PUhPhorYtA9i9WB5cH9TWxnhemcerQjPsHFin2+gKLqEDrRZ+kPNkQiOXUKcfQNN80YaI0PTS4N38sMdluSAKWb6upwvWkmlZcOVZJdoa2s24lNyq2bCdzpmcfalFAZwKszHwKMrlmVgA= - secure: tmIuWwh2CTYUrg1xPLjaNEQST8KKCsw/i6PhaEmamojeDdw+nEFSXm+Yyf3wBxSPI5sLC42lIb2dKia0vcF/V1oK8/V1D/b7VbdKU3LrBKYzqKbL3Y/R/LiirvGrdG/6C9Ai3ET0cUd+oqffCEi/CWRDY9xLdT6tYuMn829xLLZol2rA7ANDP+znGPqbhG9oXAwd5Xffkf5UGKaAtsghuC9eo+F+sKXAU+12ASqivk++D3oiIz/41wIWb6tFkuAsqKvFrbHysd6iTrZjKYTVhQ9aRcQCtPEhS+9FyYe71lhaHW8r5vb1+e+uh0dq2ye6aAPVZx0T1llHF5TvcbF6rYNuAqEbi5bYTr0iPQ3yUy8mH9RWfR0OpuiBNEqdfW1yuyDUm3IURB2CXrnpjgqcntMrizs5ukP9ltqLoAp8YfvtiM7bYrYPHVfyzVjrt1R8FeaNLZtQEk3VtSnO1CwZnD80rQ1YwkpN6jq9xd1mpNCIku96KjVMdJ/lwo1mNhUqDBO4+X5bDFG1j0zBPWvFc0FjQnttn6EJkx+c62VoEDFao1Yu4N7w8qfgxpNaA/j4xeEr8IRp27XvlZc9f8XYFNvmVtZK+GiPOKFnFCZ5BzJKdV97Ma1xRUQbARDG4aqoyZYBBoHuRRGaq/Gse/ZGIPoYS5etcRxAjEGOONP8rLw= - secure: XoxbVPpLStp/Rh2Dbc1MC/pgZANIWSmXSgtA1mZMGCKh2FayvtkC4gSmaQy/P+HbCSrppdKrKqflUNG2T+ZU7K7rT0XB08onOSAhXjGRHtgZbKHWtWneZ5lQdKytbpxyoVG3CbenOTRStuC45EyO33wL0mDcyA3HFeosZefiOFp95FP8aQ52zj7q6blbId767GobGkjXVEKtv1m7Z3TyhDLvlMPgM3th+Dn2vo+uZSx3EvBtbTDjXW7TEI3wAo/vCLdyBrE+ARmkHv+kJjrnlEAh496qIs2NlEohDH/XqQb5GTcRhT4SC/SSeKS8qkybzXtdt7XtBO7XbGHGYAf5gWDVNjsnrHMz8u+edsHTtasrB+QJelYc8iTVjIH9KWAtV8ufD9c9Fk8KQLzpVr/88BF7VQTMBTjRQHOPeGAQnZMmYXiv3b9VL9HZBrnKS0vhuvJRIYtuT93aildK2VDGsvmDX/ofKBkZiQePU7Vq8LHvnGUQxkxo/b2WGfcnTt23X1R8FcKQgbrP9mA1HOlAA3nbVTGkZJzNoXbUtZt4sZR2WHtxNpQRsVaXrRPYATHu8UStfd138EaLeAPuM4EQYTKA/9cOf7pmxtOpypYsTmkIuzxLdFrw3aniagZFQ6SDbVakbPV1BOTr5K0jZKLeeFG516MUKLk+CrIwyALIEbY= @@ -32,7 +31,6 @@ env: - secure: qX/5RgREXn8WbTMj2wLzy7A1Cu4DJ2BwP/HWKDEjhWjWPJ9U5rw/nw7o5qM5l1YFuYGnd7PrgkcYFSsRjYH5mpiW5fB7GSPuxZelEvAKC68YjoarbT7OM7zPotCfp8KwSuXj5EX/uncZfcIjwUksgAcKNp6t01OSyG5ueoAfV+NKiP5rdVeAEKBfUAGUEY7Ru/y2IYvI5N5EOL2EFPSvtW39WkM54IAqjGpaYhRxWyrBRzYAsz2DpjwR8mLetHc8ZKrhTxCQ7Z94Wtxj4TwcY+ZLxuVxbA5OEC3QuLuAXfkcyiFWzm22fdH2zK2y/sQwc2Xe2DfpvjRRsPsADWefWWq0Qn79fD7BsNrFVXMXtcsKQwJyVGRQP4MNu7zTzBJ8U6oVun4pW95S8BUqEaZroyBec7DSfzhVeXvjLdHz2xJ1JWjAKXBSQwWsrC4G2Jg05M4sWtuPgjGRdEm4YsSJ/7u8IP9me0dWiFvZ71jmmUCxrt1GR9HOyhs14jys+85EAzaGnQXy1p6lvZtHrrP0NUI0HWkGiUwapKvyhIpVcqu/AecX3ohrUU9l64ISpRNN/UuN6lVhe+EWvBI61B1S+eLLThzD+huZK9stfyEPbakRB64DEzvWiB80dzEp1emXcuLfSGYJC2TRHuvF1NsT2TYBLpiVc4VKUJi0QyVnpxU= - secure: VBpfsxBmLytS8mdDSHeKRIPFC/QSV0uo/wPScbFDdm8aS9bRDBkAWtyQLdir7aSYyMswV4nphpwuJ8TR0KnLSMk97J/hr371BcLR5UFU+GwIGTx5YaS0nreSZekPX/LZ69uvji/eFZ8a0Gn63nknINrZRxGySwkepTH0qwJuRswTXNtqsBOVZUohzpNLzoti1um+fo4Kt/bqjMIE1UZE4+Z93qFqH3g4A2qHC9qA6H2Atzi/ir3Yq5vsy3bM91RWwAe4mng1OvzJHrRnGTrKGaLGFioLnz0ZdNwWvLjaG1T2fTF/HzUPPuLch4Ff1bmYLi+aZRMC5yWfB5EDpNvgKQUcVnVlixR5yI+xO0rr/szocAi1qLxj+xUHpO8ngyXQkJ/maUzgm0QD5AEi3Tef0OQBJBx23wJoBpHE+pUMDRJKis7WaTFqt2BNvkBKuTkSizoLFX7aD/+lHwmjeU+0soPTJlNp7goZwU8E++sT5N2WJR+/n+zVeogQDi/iCIb/FJrnT5E+geKSPkjD3fhU8LcHu3K8ygkkKnDv+QEd5LR6pRkGffhNv36nenis0KNmy1U0e0cH9tqe4XIJ9696xz6tQ1VWbokrkTETCU3s5P/9B9+32G8JA+mH3cJfgptTYh0cAMMJTKaPlb6HciJz/OE4ebaZhkYmzUFoHbEW8qI= - secure: lgZZrXtKwZutA0EHteUL4C+pH2kT8NcIOVPSPTt7vK/MouBkLcB/CONLQCq1C0M4K3k75ZJCluEg0G0G9gnvpbUH4f/voGaARxY5N7LKMCvnuK2UVQed5Ceh6VXMuGKt+xLMAoCwRliksI7L68uc2+1PujbmECD7aGocr/vXPe4NPqpw6YMPRqc1a6E8nOZESugmZ8wwwzm+tRwUd5zmzWKA2hP7GOeTG56/UpS315jib5rlbTCxFFYkcVLVXBzA57m07JMb0zHjl1MQGxfCCHhDu214SLvRTl1NkxAfqzNQKGdc80CK8qDXQzWnQXgo3Y9JUB7DV2G1WKk9tMtENYyfSllVk8jZTU52hyaFd+1xXhyyhnOauIszQJOqEV8upSGRxKsQ9CFyTl3hdQEJPQm6L4tqVoT362LNq5KA6N/gL7J7QqZl4O0L9qgiVzxBJAWotsVP0FPs4lR4nEUxqiwbK6i084Adj7w1OGXXlQWsVix0yCzgvMD0J1Raq/9cu5jROG7vlW69Y5PtMLNq6JeJmouO8OYHz29Q/NZKfXXikJ86kksm2ZiMOiy2NcgyyWtJSaUQgPSfKQ+m1WncS7F+a6JcsoDwcniGIO/8b44J8UOxiJ4bRLP0nTlGc//pk+4XiuX1GFqNDj7sA4dp/oENQZDOsv8OUnedbHl50Ys= - - secure: A9WG0Q9DrTPmUei6cGysowHwt32o/QUQDNWfWfel54GZLWOVCDFqMdO/BeENK3AiHLyHRk/N40ZnGD1YJmRWNODtd8k5jvq//F2CVSmb4Sy4jMgifslZQutW9Fnf/oRp1vsoUZQTwlnmpM6vesfsc7PwWOjHIT7zkBZAuGi0NtW+5Cb+wMCGMygIb+0OCDfI1qywXH7a5T3F8L0n7QQkA/0jJug71EvUZK7FrgJL5aE/phNQbO0kD9CLLxaffdzls4sT4Cs+IcetsR0PczROiaAbDyx2vR0tKxtpxwXCgskDCvTAzYHUJ2ahjkWIwr9qVecGMcs/YDpFKhGtkXwXDC+kImN7e8LZffVGYbpYYfzxRjaRNpS6wXij5X2PU5yVrT9Ye3TZd1kLy0+F9kYHikFlC2MCtbKgI5rARivx9toYTTVULJDO30qtdun60grR4ThyZeSbeyCP6ujYz95usxHpHqSDEmqA0xvOD6xh+4vG6uK5ZNBkkNZnNRamHtosLZOWPnVnwuyv3u3VD7QgoCqZzaDfSLusuk3HsUdOPxlLQVgiztQRt5qtosGYNVh8XflCagmvYIBwTA85ibKVb4V+8ghHK03rIXZrjxcTNuyhCVBvwuknHvgbhwyUNhtzSdOzL0Qjfmq708w+33sdovfaGCckhppwzXiVT8TlxC0= before_install: - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin @@ -71,10 +69,10 @@ jobs: install: - cd deployment/terraform/ecs-service - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null + - terraform plan -input=false -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${$DEVELOPMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null script: - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service - - echo $WORKSPACE_ACCOUNT_IDS - - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var 'workspace_account_ids=${WORKSPACE_ACCOUNT_IDS}' -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null + - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${$DEVELOPMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null before_deploy: - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service - CLUSTER_NAME=$(terraform output ecs_cluster_name) diff --git a/deployment/terraform/ecs-service/main.tf b/deployment/terraform/ecs-service/main.tf index a49c7ba..3808274 100644 --- a/deployment/terraform/ecs-service/main.tf +++ b/deployment/terraform/ecs-service/main.tf @@ -19,7 +19,7 @@ provider "aws" { profile = "${var.profile}" assume_role { - role_arn = "arn:aws:iam::${var.workspace_account_ids[terraform.workspace]}:role/BNCTerraform" + role_arn = "${var.bnc_deploy_role}" session_name = "terraform" } } diff --git a/deployment/terraform/ecs-service/variables.tf b/deployment/terraform/ecs-service/variables.tf index 66a7d50..cde9c37 100644 --- a/deployment/terraform/ecs-service/variables.tf +++ b/deployment/terraform/ecs-service/variables.tf @@ -3,6 +3,11 @@ variable "aws_default_region" { default = "us-west-2" } +variable "bnc_deploy_role" { + type = "string" + description = "The role to assume to run this terraform project" +} + variable "profile" { type = "string" default = "default" @@ -19,11 +24,6 @@ variable "tags" { default = {} } -variable "workspace_account_ids" { - type = "map" - description = "The AWS account id for workloads" -} - variable "service_name" { type = "string" description = "The name of the ECS service" From 58fec608fa9388efe6fcc877475fd04ee4680101 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Fri, 17 May 2019 18:31:37 +1200 Subject: [PATCH 54/70] Fix env variable --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 08395cb..a50570d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -69,10 +69,10 @@ jobs: install: - cd deployment/terraform/ecs-service - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null - - terraform plan -input=false -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${$DEVELOPMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null + - terraform plan -input=false -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${DEVELOPMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null script: - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service - - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${$DEVELOPMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null + - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${DEVELOPMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null before_deploy: - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service - CLUSTER_NAME=$(terraform output ecs_cluster_name) From 0d93ed60d0f710470397722862444ff112e623e0 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Mon, 20 May 2019 11:14:05 +1200 Subject: [PATCH 55/70] Remove cloudformation related templates and scripts --- deployment/scripts/common/cfn-common.sh | 83 ---- .../scripts/common/push-docker-image.sh | 9 - deployment/scripts/deploy.sh | 42 -- deployment/templates/.yamllint | 9 - deployment/templates/repository.yaml | 22 - deployment/templates/service.yaml | 408 ------------------ 6 files changed, 573 deletions(-) delete mode 100644 deployment/scripts/common/cfn-common.sh delete mode 100755 deployment/scripts/common/push-docker-image.sh delete mode 100755 deployment/scripts/deploy.sh delete mode 100644 deployment/templates/.yamllint delete mode 100644 deployment/templates/repository.yaml delete mode 100644 deployment/templates/service.yaml diff --git a/deployment/scripts/common/cfn-common.sh b/deployment/scripts/common/cfn-common.sh deleted file mode 100644 index da65869..0000000 --- a/deployment/scripts/common/cfn-common.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/usr/bin/env bash - -updateStack() -{ - STACK_NAME=$1 - TEMPLATE=$2 - PARAMS_JSON=scripts/${environment}/parameters-${TEMPLATE//\//-}.json - - echo "Updating stack - ${STACK_NAME}" - - if [ -e ${PARAMS_JSON} ] - then - aws cloudformation update-stack --stack-name ${STACK_NAME} --template-body file://templates/${TEMPLATE}.yaml \ - --parameters file://${PARAMS_JSON} --capabilities CAPABILITY_IAM --profile=${aws_profile} && \ - aws cloudformation wait stack-update-complete --stack-name ${STACK_NAME} --profile=${aws_profile} || true - else - aws cloudformation update-stack --stack-name ${STACK_NAME} --template-body file://templates/${TEMPLATE}.yaml \ - --capabilities CAPABILITY_IAM --profile=${aws_profile} && \ - aws cloudformation wait stack-update-complete --stack-name ${STACK_NAME} --profile=${aws_profile} || true - fi -} - -createStack() -{ - STACK_NAME=$1 - TEMPLATE=$2 - PARAMS_JSON=scripts/${environment}/parameters-${TEMPLATE//\//-}.json - - echo "Creating stack - ${STACK_NAME}" - - if [ -e ${PARAMS_JSON} ] - then - aws cloudformation create-stack --timeout-in-minutes 30 --enable-termination-protection --timeout-in-minutes 30 --stack-name ${STACK_NAME} --template-body file://templates/${TEMPLATE}.yaml \ - --parameters file://${PARAMS_JSON} --capabilities CAPABILITY_IAM --profile=${aws_profile} && aws cloudformation wait stack-create-complete --stack-name ${STACK_NAME} --profile=${aws_profile} || true - else - aws cloudformation create-stack --timeout-in-minutes 30 --enable-termination-protection --timeout-in-minutes 30 --stack-name ${STACK_NAME} --template-body file://templates/${TEMPLATE}.yaml \ - --capabilities CAPABILITY_IAM --profile=${aws_profile} && aws cloudformation wait stack-create-complete --stack-name ${STACK_NAME} --profile=${aws_profile} || true - fi -} - -stackExists() -{ - STACK_NAME=$1 - - echo "Checking if stack exists - ${STACK_NAME}" - if aws cloudformation describe-stacks --stack-name=${STACK_NAME} --profile=${aws_profile} - then - return 0; - else - return 1; - fi -} - -createOrUpdateStack() { - STACK_NAME=$1 - TEMPLATE=$2 - stackExists ${STACK_NAME} - STACK_EXISTS=$? - - if [ "${STACK_EXISTS}" -eq 1 ] - then - createStack ${STACK_NAME} ${TEMPLATE} - else - updateStack ${STACK_NAME} ${TEMPLATE} - fi -} - -syncBaseHealthcheckImage() { - ACCOUNT_NUMBER=$(aws ec2 describe-security-groups --profile=${aws_profile} --query 'SecurityGroups[0].OwnerId' --output text) - ECR_REPOSITORY_NAME=$1 - REPOSITORY_SIZE=$(aws ecr list-images --profile=${aws_profile} --repository-name=${ECR_REPOSITORY_NAME} --query 'length(imageIds)') - - if [ ${REPOSITORY_SIZE} -eq 0 ] - then - echo "Pushing base health check image ...." - $(aws ecr get-login --no-include-email --region ${region} --profile=${aws_profile}) - docker pull bncprojects/base-healthcheck:latest - docker tag bncprojects/base-healthcheck:latest ${ACCOUNT_NUMBER}.dkr.ecr.${region}.amazonaws.com/${ECR_REPOSITORY_NAME}:latest - docker push ${ACCOUNT_NUMBER}.dkr.ecr.${region}.amazonaws.com/${ECR_REPOSITORY_NAME}:latest - else - echo "Images already exist in the repository. Will not push base image ..." - fi -} diff --git a/deployment/scripts/common/push-docker-image.sh b/deployment/scripts/common/push-docker-image.sh deleted file mode 100755 index 84adeac..0000000 --- a/deployment/scripts/common/push-docker-image.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -echo "Login into ECR ..." - -$(aws ecr get-login --no-include-email) - -echo "Push docker image to ECR ..." - -./gradlew docker dockerTag dockerPush -PTAG=$TRAVIS_BUILD_NUMBER -PREPOSITORY_URI=$REPOSITORY_URI diff --git a/deployment/scripts/deploy.sh b/deployment/scripts/deploy.sh deleted file mode 100755 index 6d6292f..0000000 --- a/deployment/scripts/deploy.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -regions=( -# ap-northeast-1 -# ap-southeast-1 -# ap-southeast-2 -# eu-central-1 -# eu-west-1 -# us-east-1 -# us-east-2 -us-west-2 -) - -if [ $# -eq 0 ] -then - echo "Missing argument" - echo "Usage : scripts/deploy.sh [development/production] [profile]" - exit -fi - - -#environment=production -environment=$1 - -if [ -z "$2" ] -then - aws_profile=default -else - aws_profile=$2 -fi - -echo "Environment is : " ${environment} -echo "AWS Profile is is : " ${aws_profile} - -source scripts/common/cfn-common.sh - -for region in "${regions[@]}" -do - createOrUpdateStack SbjbECRRepository repository - syncBaseHealthcheckImage sbjb-service - createOrUpdateStack SBJBECSService service -done diff --git a/deployment/templates/.yamllint b/deployment/templates/.yamllint deleted file mode 100644 index cc1b5da..0000000 --- a/deployment/templates/.yamllint +++ /dev/null @@ -1,9 +0,0 @@ ---- -extends: default -rules: - indentation: - indent-sequences: false - line-length: - max: 999 - comments: - min-spaces-from-content: 1 diff --git a/deployment/templates/repository.yaml b/deployment/templates/repository.yaml deleted file mode 100644 index b99cc27..0000000 --- a/deployment/templates/repository.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -AWSTemplateFormatVersion: '2010-09-09' - -Parameters: - RepositoryName: - Type: String - ParentServiceStack: - Type: String - -Resources: - Repository: - Type: AWS::ECR::Repository - DeletionPolicy: Retain - Properties: - RepositoryName: !Ref RepositoryName - -Outputs: - ServiceName: - Description: 'The Name of the repository for storing docker images' - Value: !Ref Repository - Export: - Name: !Sub '${ParentServiceStack}-RepositoryName' diff --git a/deployment/templates/service.yaml b/deployment/templates/service.yaml deleted file mode 100644 index 950c08f..0000000 --- a/deployment/templates/service.yaml +++ /dev/null @@ -1,408 +0,0 @@ ---- -AWSTemplateFormatVersion: '2010-09-09' - -Metadata: - AWS::CloudFormation::Interface: - ParameterGroups: - - Label: - default: Parent Stacks - Parameters: - - ParentVPCStack - - ParentECSStack - - ParentAlertStack - - Label: - default: Service Parameters - Parameters: - - ContainerName - - DesiredCount - - CPUReservation - - MemoryLimit - - MemoryReservation - - HealthCheckGracePeriodSeconds - - TaskDeregistrationDelay - - ExternalFacing - - LoadBalancerPriority - - Label: - default: Application Parameters - Parameters: - - ApplicationContext - - JavaOptions - - SpringProfile - - Label: - default: Logging Parameters - Parameters: - - SplunkToken - - SplunkUrl - -Parameters: - ParentVPCStack: - Type: String - - ParentECSStack: - Type: String - - ParentAlertStack: - Type: String - Default: '' - - ContainerName: - Type: String - - DesiredCount: - Type: Number - Default: 1 - - HealthCheckGracePeriodSeconds: - Type: Number - Default: 300 - - TaskDeregistrationDelay: - Type: Number - Default: 15 - - ExternalFacing: - Description: Boolean flag which enables the service to be exposed via the external load balancer - Type: String - Default: false - AllowedValues: [true, false] - - LoadBalancerPriority: - Description: The priority of the service in the load balancer - Type: Number - MinValue: 1 - MaxValue: 100 - ConstraintDescription: 'Priority must be provided' - - ApplicationContext: - Type: String - - JavaOptions: - Type: String - - SpringProfile: - Type: String - - CPUReservation: - Description: The number of cpu units to reserve for the container. This is only enforced when CPU cycles are constrained. - Type: Number - Default: 128 - AllowedValues: [0, 10, 20, 32, 64, 128, 256, 512, 1024, 2048, 4096] - - MemoryReservation: - Description: The memory reservation for the task, this is the expected upper limit during normal operations. - Type: Number - Default: 512 - AllowedValues: [16, 32, 64, 128, 256, 512, 768, 1024, 1280, 1536, 1792, 2048, 2304, 2560, 2816, 3072, 3328, 3584, 3840, 4096] - - MemoryLimit: - Description: The memory limit for the task, when reached the task will be automatically terminated - Type: Number - Default: 512 - AllowedValues: [16, 32, 64, 128, 256, 512, 768, 1024, 1280, 1536, 1792, 2048, 2304, 2560, 2816, 3072, 3328, 3584, 3840, 4096] - - SplunkToken: - Type: String - NoEcho: true - - SplunkUrl: - Type: String - -Conditions: - IsExternalFacing: !Equals [!Ref ExternalFacing, true] - IsInternalFacing: !Equals [!Ref ExternalFacing, false] - CreateExternalAlarms: !And - - !Not [!Equals [!Ref ParentAlertStack, '']] - - !Equals [!Ref ExternalFacing, true] - CreateInternalAlarms: !And - - !Not [!Equals [!Ref ParentAlertStack, '']] - - !Equals [!Ref ExternalFacing, false] - -Resources: - ExternalTargetGroup: - Condition: IsExternalFacing - Type: AWS::ElasticLoadBalancingV2::TargetGroup - Properties: - VpcId: - 'Fn::ImportValue': !Sub '${ParentVPCStack}-VPC' - Port: 80 - Protocol: HTTP - Matcher: - HttpCode: 200-299 - HealthCheckIntervalSeconds: 10 - HealthCheckPath: !Sub '/actuator/health' - HealthCheckProtocol: HTTP - HealthCheckTimeoutSeconds: 5 # Healthcheck timeout must be smaller than the interval - HealthyThresholdCount: 2 - UnhealthyThresholdCount: 3 - TargetGroupAttributes: - - Key: deregistration_delay.timeout_seconds - Value: !Ref TaskDeregistrationDelay - - ExternalHttpsListenerRule: - DependsOn: ExternalTargetGroup - Condition: IsExternalFacing - Type: AWS::ElasticLoadBalancingV2::ListenerRule - Properties: - ListenerArn: - 'Fn::ImportValue': !Sub '${ParentECSStack}-ExternalLoadBalancerHttpsListener' - Priority: !Ref LoadBalancerPriority - Conditions: - - Field: path-pattern - Values: - - !Sub "${ApplicationContext}/*" - Actions: - - TargetGroupArn: !Ref ExternalTargetGroup - Type: forward - - InternalTargetGroup: - Condition: IsInternalFacing - Type: AWS::ElasticLoadBalancingV2::TargetGroup - Properties: - VpcId: - 'Fn::ImportValue': !Sub '${ParentVPCStack}-VPC' - Port: 80 - Protocol: HTTP - Matcher: - HttpCode: 200-299 - HealthCheckIntervalSeconds: 10 - HealthCheckPath: !Sub '/actuator/health' - HealthCheckProtocol: HTTP - HealthCheckTimeoutSeconds: 5 # Healthcheck timeout must be smaller than the interval - HealthyThresholdCount: 2 - UnhealthyThresholdCount: 3 - TargetGroupAttributes: - - Key: deregistration_delay.timeout_seconds - Value: !Ref TaskDeregistrationDelay - - InternalHttpsListenerRule: - DependsOn: InternalTargetGroup - Condition: IsInternalFacing - Type: AWS::ElasticLoadBalancingV2::ListenerRule - Properties: - ListenerArn: - 'Fn::ImportValue': !Sub '${ParentECSStack}-InternalLoadBalancerHttpsListener' - Priority: !Ref LoadBalancerPriority - Conditions: - - Field: path-pattern - Values: - - !Sub "${ApplicationContext}/*" - Actions: - - TargetGroupArn: !Ref InternalTargetGroup - Type: forward - - ServiceRole: - Type: AWS::IAM::Role - Properties: - Path: / - AssumeRolePolicyDocument: | - { - "Statement": [{ - "Effect": "Allow", - "Principal": { "Service": [ "ecs.amazonaws.com" ]}, - "Action": [ "sts:AssumeRole" ] - }] - } - ManagedPolicyArns: - - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole - - ExternalService: - DependsOn: - - ExternalTargetGroup - - TaskDefinition - - ServiceRole - Condition: IsExternalFacing - Type: AWS::ECS::Service - Properties: - Cluster: - 'Fn::ImportValue': !Sub '${ParentECSStack}-Cluster' - Role: !Ref ServiceRole - DesiredCount: !Ref DesiredCount - HealthCheckGracePeriodSeconds: !Ref HealthCheckGracePeriodSeconds - PlacementStrategies: - - Type: spread - Field: 'attribute:ecs.availability-zone' - - Type: spread - Field: 'instanceId' - - Type: binpack - Field: 'memory' - TaskDefinition: !Ref TaskDefinition - LoadBalancers: - - ContainerName: !Ref ContainerName - ContainerPort: 8080 - TargetGroupArn: !Ref ExternalTargetGroup - - InternalService: - DependsOn: - - InternalTargetGroup - - TaskDefinition - - ServiceRole - Condition: IsInternalFacing - Type: AWS::ECS::Service - Properties: - Cluster: - 'Fn::ImportValue': !Sub '${ParentECSStack}-Cluster' - Role: !Ref ServiceRole - DesiredCount: !Ref DesiredCount - HealthCheckGracePeriodSeconds: !Ref HealthCheckGracePeriodSeconds - PlacementStrategies: - - Type: spread - Field: 'attribute:ecs.availability-zone' - - Type: spread - Field: 'instanceId' - - Type: binpack - Field: 'memory' - TaskDefinition: !Ref TaskDefinition - LoadBalancers: - - ContainerName: !Ref ContainerName - ContainerPort: 8080 - TargetGroupArn: !Ref InternalTargetGroup - - TaskDefinition: - Type: AWS::ECS::TaskDefinition - Properties: - Family: !Sub ${AWS::StackName}-Task - ContainerDefinitions: - - Name: !Ref ContainerName - Image: !Join ['', ["Fn::Sub": '${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/', "Fn::ImportValue": {"Fn::Sub":'${AWS::StackName}-RepositoryName'}, ':latest']] - Essential: true - Cpu: !Ref CPUReservation - Memory: !Ref MemoryLimit - MemoryReservation: !Ref MemoryReservation - HealthCheck: - Command: - - "CMD-SHELL" - - "wget --quiet --tries=1 --spider --timeout=30 http://localhost:8080/actuator/health || exit 1" - StartPeriod: !Ref HealthCheckGracePeriodSeconds - Timeout: 30 - PortMappings: - - ContainerPort: 8080 - LogConfiguration: - LogDriver: splunk - Options: - splunk-format: raw - splunk-token: !Ref SplunkToken - splunk-url: !Ref SplunkUrl - splunk-insecureskipverify: true - Environment: - - Name: JAVA_OPTS - Value: !Ref JavaOptions - - Name: SPRING_PROFILES_ACTIVE - Value: !Ref SpringProfile - - HTTPCodeExternalTarget5XXTooHighAlarm: - DependsOn: - - ExternalTargetGroup - Condition: CreateExternalAlarms - Type: 'AWS::CloudWatch::Alarm' - Properties: - AlarmDescription: '${AWS::StackName} HTTP 500 response code alarm' - Namespace: 'AWS/ApplicationELB' - MetricName: HTTPCode_Target_5XX_Count - Statistic: Sum - Period: 60 - EvaluationPeriods: 1 - ComparisonOperator: GreaterThanThreshold - Threshold: 0 - TreatMissingData: notBreaching - AlarmActions: - - 'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN' - Dimensions: - - Name: LoadBalancer - Value: - 'Fn::ImportValue': !Sub '${ParentECSStack}-ExternalLoadBalancerName' - - Name: TargetGroup - Value: !GetAtt 'ExternalTargetGroup.TargetGroupFullName' - NoHealthyExternalServiceAlarm: - DependsOn: - - ExternalTargetGroup - - ExternalService - Condition: CreateExternalAlarms - Type: 'AWS::CloudWatch::Alarm' - Properties: - AlarmDescription: '${AWS::StackName} has no healthy services' - Namespace: 'AWS/ApplicationELB' - MetricName: HealthyHostCount - Statistic: Minimum - Period: 60 - EvaluationPeriods: 1 - ComparisonOperator: LessThanThreshold - Threshold: 1 - TreatMissingData: breaching - AlarmActions: - - 'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN' - Dimensions: - - Name: LoadBalancer - Value: - 'Fn::ImportValue': !Sub '${ParentECSStack}-ExternalLoadBalancerName' - - Name: TargetGroup - Value: !GetAtt 'ExternalTargetGroup.TargetGroupFullName' - - HTTPCodeInternalTarget5XXTooHighAlarm: - DependsOn: - - InternalTargetGroup - Condition: CreateInternalAlarms - Type: 'AWS::CloudWatch::Alarm' - Properties: - AlarmDescription: '${AWS::StackName} HTTP 500 response code alarm' - Namespace: 'AWS/ApplicationELB' - MetricName: HTTPCode_Target_5XX_Count - Statistic: Sum - Period: 60 - EvaluationPeriods: 1 - ComparisonOperator: GreaterThanThreshold - Threshold: 0 - TreatMissingData: notBreaching - AlarmActions: - - 'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN' - Dimensions: - - Name: LoadBalancer - Value: - 'Fn::ImportValue': !Sub '${ParentECSStack}-InternalLoadBalancerName' - - Name: TargetGroup - Value: !GetAtt 'InternalTargetGroup.TargetGroupFullName' - NoHealthyInternalServiceAlarm: - DependsOn: - - InternalTargetGroup - - InternalService - Condition: CreateInternalAlarms - Type: 'AWS::CloudWatch::Alarm' - Properties: - AlarmDescription: '${AWS::StackName} has no healthy services' - Namespace: 'AWS/ApplicationELB' - MetricName: HealthyHostCount - Statistic: Minimum - Period: 60 - EvaluationPeriods: 1 - ComparisonOperator: LessThanThreshold - Threshold: 1 - TreatMissingData: breaching - AlarmActions: - - 'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN' - Dimensions: - - Name: LoadBalancer - Value: - 'Fn::ImportValue': !Sub '${ParentECSStack}-InternalLoadBalancerName' - - Name: TargetGroup - Value: !GetAtt 'InternalTargetGroup.TargetGroupFullName' - -Outputs: - ExternalServiceName: - Condition: IsExternalFacing - Description: 'The name of the external service running the ECS' - Value: !Ref ExternalService - Export: - Name: !Sub '${AWS::StackName}-Name' - InternalServiceName: - Condition: IsInternalFacing - Description: 'The name of the internal service running the ECS' - Value: !Ref InternalService - Export: - Name: !Sub '${AWS::StackName}-Name' - ApplicationContext: - Description: 'The application context of the service' - Value: !Sub "${ApplicationContext}/" - ContainerName: - Description: 'The container name for the service' - Value: !Ref ContainerName - Export: - Name: !Sub '${AWS::StackName}-ContainerName' From bf72356b0449779889d360b103851100dc62ff39 Mon Sep 17 00:00:00 2001 From: Yi Zhang Date: Mon, 20 May 2019 11:14:39 +1200 Subject: [PATCH 56/70] Add deploy to production stage --- .travis.yml | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/.travis.yml b/.travis.yml index a50570d..b538daf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -62,7 +62,7 @@ jobs: jdk: openjdk11 env: - TF_WORKSPACE=development - - SPLUNK_URL = + - SPLUNK_URL= - SPLUNK_TOKEN= - secure: nXDs5kInVf6Ty/JIa42b61X+xNcU/PVHfJJ7y9YVRX3HYrbtzusqVuxY1n+JQxZyOo8oSPwmT7OE1muxDP7Hy8APZEdjj1g2r+fp7//0w1OzEFzhk0Gj9b+okc8FgK2U+PnmhQ4n4RmhWC8Qx6L32qiECXzDP12kPuCTHu3uPC4qHLBSVH3fQ04Jk7QyJO4l9kIMRwxyARJ6VsUzwSe5jyytXVikvTZZl/CQoYMGNjMg6B091bt3b2I6Fbkw4jsV0II1VFkQXylj/nnWn2D8ohNG5pfWN3283Ks8f7r3R/yLSqJKqTOMEq7drdAXHdGveXY77xAGURnNXrUiIfMa4UmHhC6cDeC5rliOwjQVTqdo6D9UfkJV+IpSLx6PAIFezQraYEhi/lmFRhrCmsFYLJ85TPGdjkv52tFByDkRWe8+aV/owPT5NEwKJtx9BX6mU/pMavRH8IsIjhbQzeAOVxmU7/MWsU8V7lzfLtHmljZdM9E8V5f3oyDSXkA4bkLJx4P/YBCWc04ii6KXLHqWQ5LiCObhXw972fkegPIz9tDpo1NhxrgEg/cPWg9svE3bXCnegyExvTWeVnTS10IhhAyzA+EBM9kZh6asdQCwGuKnpBxkQaKsGZzUgfFRPQ/mEe2pPlRBo54Qi8ku430QtDoRQxiHkjQdyZkW7wdkonw= - secure: p3Budl8I27/NBUeWLcTLpCkEcwtfxOQ6GZoEUyay+C/58iNP2j6ECaRdAACb+n6lfvAqZqxgQtSwuMdOQ23/k9EE5fdMLI7CxeudQyFiZLwslvF4MjhJbEl02CrxYEzdnJPCOQbXjNHqpKgZH8Ty42U6VFGLLx3VgtP6KPh5gNenjr+UkLg76s/kDE4WNO7ate812ykB9bjfzy9yyFmgI7Y4gjVyS3XBd8v3TWta3VLeAExc/GqJpjk91iByPlWyOu4GVgZJesCaHgAFXXIl0jDxtG+KsOXpVZxjhWbxP0IjbBJzH6wevMYHvIvHleFPL5Y0n4qj/13YyTukyos4WRexBSkDIxZ+HlDZjwNt6fNqxVOYpLREz3FfY2lER2C7u60bNl8zz9j6bFwo0No0SnbjyFHe+q0bMgr5q9p1uQ/4rc1pfeVi/rb2DaPyQCI+OOUspBjBDXvozteV/YcVNO84c69jpfF4LVkEW7fF6e94cQi95q4MfEpoqxSb2cyJ5tqMthF6hVEZuDQtcC9FjhacS47HD+faQaov9EYPm/sPD9voONZo9y6hCpujMmRlVOp4vS0jykBe9ZQtE9eQR3ZEqPqWVMND06WazRHPyI5VCQtXjMiS6ZUKEUP59+BYtnZadfbQvrXtQ/HDKf0TauaMwGUwKjxRQBo8D+FpqOQ= @@ -84,22 +84,30 @@ jobs: on: all_branches: true - stage: deploy to production - if: env(PROD_AWS_ACCOUNT_ID) IS NOT blank AND env(PROD_AWS_SECRET_ACCESS_KEY) IS NOT blank jdk: openjdk11 env: - - CLUSTER_NAME= - - SERVICE_NAME= - - AWS_ACCESS_KEY_ID=$PROD_AWS_ACCESS_KEY_ID - - AWS_SECRET_ACCESS_KEY=$PROD_AWS_SECRET_ACCESS_KEY - - REPOSITORY_URI=$PROD_AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$ECR_REPOSITORY_NAME - script: skip - before_deploy: deployment/scripts/common/push-docker-image.sh + - TF_WORKSPACE=production + - SPLUNK_URL= + - SPLUNK_TOKEN= + - secure: qJgNsPCfuHLqj8ilWEdglGT6RnLJJHx9ZOuU82HXVwkeZ+fww7CCqq4HtEYL2klp+V4edngTBCNBihtLUlW16usv3K9xyc0II3/brnZheLazrqUrGQE08Ip75p7f87ZiE5iMQTtxDsSr4UHztl3XB55DntPKIqurNvmsD+Q21AhFb0A94Ktu7cxlNkEcMd+IJaQTy4Xz3vFBL/xhuzEBRaVVNeJIrE0a9C6MpQY6P+dKsYRAfvXzKVy2E1wcU7h1dCLlzBA0EVcRrAi5MLxueffMptlsbFdcxYsGFWI243nY1p5DVmnnDqa1UOqNJnGWLe59DnqtmLYThUH1X2voz6z7RkyfO8wCFHkhuf2cnA5IbEeZ2TZrDshPB9wtwXq5tHJ4wZmDQxNHtDlszgYKCPfUjLYMPIs0sZZY8iHrLOqRvb1Esc0bs/BXmgrWd/7yNFtafS4pMEG9cdUEt3nos5q8vnjQUAgEd2T3oW8ENduHUDeqW5PU9wKIK/nHJOL+LmCYRKKYUsb/ry/BDGN7hnKuTbGAP/4l7QYk+CFueY//H/+eOF73UHZfl2py1LRui8Uyd+koDoUczW4Bd6UZutT8Vb6hhHNsiCVffLEXvMvQbUHT3IRKcwSh5zDorBG7i+a00FCJfHwuBLClgXqjdlQ2opahXD7Y+CWKawBGw6o= + - secure: BXvYtV2Ek6kzoRFrkVrHRps7dee2ygY+XiV8pCZ+e23bRi6D/Ew8uZ/1FKwNV3XNO/blFyGiMMwDShnX9UFDXVvHV352t/lpw6w5+jEzPr4YM4duKKt9zd4oO39TliIziazQS3W7lR4z00MIQ1YJ3F6zJZsPgj6RwYgqlViBjUXASt28lUaJGT7aL795oLpU314N4DgfGqSDU/8sakgteq5zYF2qxwWEAd+4muhsj3ixBWQitukGML6KFtX4EYz6o6um7NKcC/STDvfSLjNKoxeV1XNyuIoWxqF/b9iDfhJOlaCSur3RruJoV+XjPrBpBfpjBFJZuyQ++OFxoYo0PoVzPxxPe6bGDVEz10QEG6BNfeWRDtiMAL862wSuyCt8wpJhxVfHEXffhi2Uw2FAzMCMfOTV7LYjfcwH9ZqoRJ1ZzxOEA6zejHquOiy26bIaclFa4/n2rurDs3IPlwAJMJWcI7V0+S7gDiwoO3GUFF0tgm6hz9zn5pexaGBu5Lptc50LI2XkBMHbG1dmnOVdyblTGqSnAkTIcS26ChjlTFScYs+BqGhzydMgV9ZUPjlgJ2a0C+y9sYbxeTy5kS9LxPnsL/9jCwQmLPnwjn+Icm7gDTb5Yfa1O7oqTEHTTZICDqrIuMy4/MN4IqMNb2LDZHuElFX9CyVP4NIGGLH6yaw= + install: + - cd deployment/terraform/ecs-service + - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null + - terraform plan -input=false -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${PRODUCTION_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null + script: + - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service + - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${PRODUCTION_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null + before_deploy: + - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service + - CLUSTER_NAME=$(terraform output ecs_cluster_name) + - eval $(aws sts assume-role --role-arn "$PRODUCTION_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') deploy: skip_cleanup: true provider: script - script: ecs deploy $CLUSTER_NAME $SERVICE_NAME --tag $TRAVIS_BUILD_NUMBER --no-deregister + script: aws ecs wait services-stable --services ${SERVICE_NAME} --cluster ${CLUSTER_NAME} on: - branch: master + all_branches: true notifications: slack: secure: S4Pg6XK5x3pfxldRNJVMuzLfPzKVsGdogr0u0r/pu5dpjJujoecsuDoPS8syej1hZRqJOxK36Ms+NDXRzHNK6w95X69kgwDjzoI3PoKmnqyBJIcgSueyNbm7KoQGgoKTOgEUHZ0A9JbcdH8ThBHUR8wltXctGd3kEp8KC3wSlXzDmLeFJPTqC8DMBmSC00nVL7LtXj4VdOwYZnERKErjjx5f+msOhCNbAXLr7p12O7ewHDhL1jaex4r4yzG8+oevDKYNgpHyd8BCsgsCnjiKewByiVB9q4GBjE6CN3c1VfKdWmPWwF4jgxsz8BqTjshM17msnRyXOaSsB6MG+gGMyNKwFVYEwlsAQyRl5i5IhvjIHVMZVcbon098CpNcpW/ZsWALVQSZUW8yBBVPfVs4gTI071R9hQvDWdHLEkApZpsD24tPwsXGdzupBceyqf3HZn9PDYnqMB+hDxSYmLoJRYqjdFxguUwZEYSRih0c+4npcCBO/QJ5m+4aoG2qJ7Zg10YPr3I/PU+kHKjMzvAME4iZ30CnW0gRskM7nVHZRVmR/vgweZDuo9GYXnOykUUur9S3OEhkEp6Ucmcnkv/DXRa5lU0gqpnfkcJv40UaqoxyypGn2U0dPHPCbYahvTu4QAAAkUU6RsJ3TlDhOg018lJVBBaLx+tXpTD+TpY7/XU= From 7c9f56e9f42999dd868e1b576b8a71ceb604595b Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Mon, 20 May 2019 11:55:52 +1200 Subject: [PATCH 57/70] Use a deployment script for more control in the deploy stage --- .travis.yml | 28 +++++++++++++--------------- deployment/script/travis_deploy.sh | 4 ++++ 2 files changed, 17 insertions(+), 15 deletions(-) create mode 100644 deployment/script/travis_deploy.sh diff --git a/.travis.yml b/.travis.yml index b538daf..827f08e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,6 +19,7 @@ env: - OPERATIONS_ROLE_ARN= - DEVELOPMENT_ROLE_ARN= - PRODUCTION_ROLE_ARN= + - SPLUNK_URL= - secure: QFLxq6/aFRdQqLbR5NWDAPpnlzk5AQ3bRaYH+uegZaA5qMWvNNEoBjE5yvAJKiOe6jbqW7vqnmHFUSaMQS9gpL8O0r70rW5eswb8QUa+tSc+N2dluzCMp2+Fnj/xk8sAq+ieo5B5El296aLd+9gFK1xnjkORSZHGT+GIXxFZgqO/OCO9TETWuPtDaOkygZvPdBOLs2MItVrnBfWSUL5e6uhFn60G3+E3q3P44reesrcWyyv1x0QM91GsYm7pUVH5gW6K1vptArpW6+S5At1QtGgaLQj+6rY6ywqkOusSgFlYXrGrTGeeOiig8xKTKRQVX1myXWSVCUfiJcLp09rv2zfveQ9lmB42F+GgaocKv8FuIC8RDb4v3qdV3svFB0KpZfOHrdOW9cvTciMyIhzcF2UNui7pUkP5aMdruApAoSxzQP1nbl/lWcacHyoShibXSMw/GYgIGik2s8TY3B3J9secFkMoVgZD2qcmij2+hbTOmVnI3/ocnHdjRfe9Z8G7+P6NlMJ4AN25BglLMJaz4hvjzP3X50PUhPhorYtA9i9WB5cH9TWxnhemcerQjPsHFin2+gKLqEDrRZ+kPNkQiOXUKcfQNN80YaI0PTS4N38sMdluSAKWb6upwvWkmlZcOVZJdoa2s24lNyq2bCdzpmcfalFAZwKszHwKMrlmVgA= - secure: tmIuWwh2CTYUrg1xPLjaNEQST8KKCsw/i6PhaEmamojeDdw+nEFSXm+Yyf3wBxSPI5sLC42lIb2dKia0vcF/V1oK8/V1D/b7VbdKU3LrBKYzqKbL3Y/R/LiirvGrdG/6C9Ai3ET0cUd+oqffCEi/CWRDY9xLdT6tYuMn829xLLZol2rA7ANDP+znGPqbhG9oXAwd5Xffkf5UGKaAtsghuC9eo+F+sKXAU+12ASqivk++D3oiIz/41wIWb6tFkuAsqKvFrbHysd6iTrZjKYTVhQ9aRcQCtPEhS+9FyYe71lhaHW8r5vb1+e+uh0dq2ye6aAPVZx0T1llHF5TvcbF6rYNuAqEbi5bYTr0iPQ3yUy8mH9RWfR0OpuiBNEqdfW1yuyDUm3IURB2CXrnpjgqcntMrizs5ukP9ltqLoAp8YfvtiM7bYrYPHVfyzVjrt1R8FeaNLZtQEk3VtSnO1CwZnD80rQ1YwkpN6jq9xd1mpNCIku96KjVMdJ/lwo1mNhUqDBO4+X5bDFG1j0zBPWvFc0FjQnttn6EJkx+c62VoEDFao1Yu4N7w8qfgxpNaA/j4xeEr8IRp27XvlZc9f8XYFNvmVtZK+GiPOKFnFCZ5BzJKdV97Ma1xRUQbARDG4aqoyZYBBoHuRRGaq/Gse/ZGIPoYS5etcRxAjEGOONP8rLw= - secure: XoxbVPpLStp/Rh2Dbc1MC/pgZANIWSmXSgtA1mZMGCKh2FayvtkC4gSmaQy/P+HbCSrppdKrKqflUNG2T+ZU7K7rT0XB08onOSAhXjGRHtgZbKHWtWneZ5lQdKytbpxyoVG3CbenOTRStuC45EyO33wL0mDcyA3HFeosZefiOFp95FP8aQ52zj7q6blbId767GobGkjXVEKtv1m7Z3TyhDLvlMPgM3th+Dn2vo+uZSx3EvBtbTDjXW7TEI3wAo/vCLdyBrE+ARmkHv+kJjrnlEAh496qIs2NlEohDH/XqQb5GTcRhT4SC/SSeKS8qkybzXtdt7XtBO7XbGHGYAf5gWDVNjsnrHMz8u+edsHTtasrB+QJelYc8iTVjIH9KWAtV8ufD9c9Fk8KQLzpVr/88BF7VQTMBTjRQHOPeGAQnZMmYXiv3b9VL9HZBrnKS0vhuvJRIYtuT93aildK2VDGsvmDX/ofKBkZiQePU7Vq8LHvnGUQxkxo/b2WGfcnTt23X1R8FcKQgbrP9mA1HOlAA3nbVTGkZJzNoXbUtZt4sZR2WHtxNpQRsVaXrRPYATHu8UStfd138EaLeAPuM4EQYTKA/9cOf7pmxtOpypYsTmkIuzxLdFrw3aniagZFQ6SDbVakbPV1BOTr5K0jZKLeeFG516MUKLk+CrIwyALIEbY= @@ -31,6 +32,7 @@ env: - secure: qX/5RgREXn8WbTMj2wLzy7A1Cu4DJ2BwP/HWKDEjhWjWPJ9U5rw/nw7o5qM5l1YFuYGnd7PrgkcYFSsRjYH5mpiW5fB7GSPuxZelEvAKC68YjoarbT7OM7zPotCfp8KwSuXj5EX/uncZfcIjwUksgAcKNp6t01OSyG5ueoAfV+NKiP5rdVeAEKBfUAGUEY7Ru/y2IYvI5N5EOL2EFPSvtW39WkM54IAqjGpaYhRxWyrBRzYAsz2DpjwR8mLetHc8ZKrhTxCQ7Z94Wtxj4TwcY+ZLxuVxbA5OEC3QuLuAXfkcyiFWzm22fdH2zK2y/sQwc2Xe2DfpvjRRsPsADWefWWq0Qn79fD7BsNrFVXMXtcsKQwJyVGRQP4MNu7zTzBJ8U6oVun4pW95S8BUqEaZroyBec7DSfzhVeXvjLdHz2xJ1JWjAKXBSQwWsrC4G2Jg05M4sWtuPgjGRdEm4YsSJ/7u8IP9me0dWiFvZ71jmmUCxrt1GR9HOyhs14jys+85EAzaGnQXy1p6lvZtHrrP0NUI0HWkGiUwapKvyhIpVcqu/AecX3ohrUU9l64ISpRNN/UuN6lVhe+EWvBI61B1S+eLLThzD+huZK9stfyEPbakRB64DEzvWiB80dzEp1emXcuLfSGYJC2TRHuvF1NsT2TYBLpiVc4VKUJi0QyVnpxU= - secure: VBpfsxBmLytS8mdDSHeKRIPFC/QSV0uo/wPScbFDdm8aS9bRDBkAWtyQLdir7aSYyMswV4nphpwuJ8TR0KnLSMk97J/hr371BcLR5UFU+GwIGTx5YaS0nreSZekPX/LZ69uvji/eFZ8a0Gn63nknINrZRxGySwkepTH0qwJuRswTXNtqsBOVZUohzpNLzoti1um+fo4Kt/bqjMIE1UZE4+Z93qFqH3g4A2qHC9qA6H2Atzi/ir3Yq5vsy3bM91RWwAe4mng1OvzJHrRnGTrKGaLGFioLnz0ZdNwWvLjaG1T2fTF/HzUPPuLch4Ff1bmYLi+aZRMC5yWfB5EDpNvgKQUcVnVlixR5yI+xO0rr/szocAi1qLxj+xUHpO8ngyXQkJ/maUzgm0QD5AEi3Tef0OQBJBx23wJoBpHE+pUMDRJKis7WaTFqt2BNvkBKuTkSizoLFX7aD/+lHwmjeU+0soPTJlNp7goZwU8E++sT5N2WJR+/n+zVeogQDi/iCIb/FJrnT5E+geKSPkjD3fhU8LcHu3K8ygkkKnDv+QEd5LR6pRkGffhNv36nenis0KNmy1U0e0cH9tqe4XIJ9696xz6tQ1VWbokrkTETCU3s5P/9B9+32G8JA+mH3cJfgptTYh0cAMMJTKaPlb6HciJz/OE4ebaZhkYmzUFoHbEW8qI= - secure: lgZZrXtKwZutA0EHteUL4C+pH2kT8NcIOVPSPTt7vK/MouBkLcB/CONLQCq1C0M4K3k75ZJCluEg0G0G9gnvpbUH4f/voGaARxY5N7LKMCvnuK2UVQed5Ceh6VXMuGKt+xLMAoCwRliksI7L68uc2+1PujbmECD7aGocr/vXPe4NPqpw6YMPRqc1a6E8nOZESugmZ8wwwzm+tRwUd5zmzWKA2hP7GOeTG56/UpS315jib5rlbTCxFFYkcVLVXBzA57m07JMb0zHjl1MQGxfCCHhDu214SLvRTl1NkxAfqzNQKGdc80CK8qDXQzWnQXgo3Y9JUB7DV2G1WKk9tMtENYyfSllVk8jZTU52hyaFd+1xXhyyhnOauIszQJOqEV8upSGRxKsQ9CFyTl3hdQEJPQm6L4tqVoT362LNq5KA6N/gL7J7QqZl4O0L9qgiVzxBJAWotsVP0FPs4lR4nEUxqiwbK6i084Adj7w1OGXXlQWsVix0yCzgvMD0J1Raq/9cu5jROG7vlW69Y5PtMLNq6JeJmouO8OYHz29Q/NZKfXXikJ86kksm2ZiMOiy2NcgyyWtJSaUQgPSfKQ+m1WncS7F+a6JcsoDwcniGIO/8b44J8UOxiJ4bRLP0nTlGc//pk+4XiuX1GFqNDj7sA4dp/oENQZDOsv8OUnedbHl50Ys= + - secure: p3Budl8I27/NBUeWLcTLpCkEcwtfxOQ6GZoEUyay+C/58iNP2j6ECaRdAACb+n6lfvAqZqxgQtSwuMdOQ23/k9EE5fdMLI7CxeudQyFiZLwslvF4MjhJbEl02CrxYEzdnJPCOQbXjNHqpKgZH8Ty42U6VFGLLx3VgtP6KPh5gNenjr+UkLg76s/kDE4WNO7ate812ykB9bjfzy9yyFmgI7Y4gjVyS3XBd8v3TWta3VLeAExc/GqJpjk91iByPlWyOu4GVgZJesCaHgAFXXIl0jDxtG+KsOXpVZxjhWbxP0IjbBJzH6wevMYHvIvHleFPL5Y0n4qj/13YyTukyos4WRexBSkDIxZ+HlDZjwNt6fNqxVOYpLREz3FfY2lER2C7u60bNl8zz9j6bFwo0No0SnbjyFHe+q0bMgr5q9p1uQ/4rc1pfeVi/rb2DaPyQCI+OOUspBjBDXvozteV/YcVNO84c69jpfF4LVkEW7fF6e94cQi95q4MfEpoqxSb2cyJ5tqMthF6hVEZuDQtcC9FjhacS47HD+faQaov9EYPm/sPD9voONZo9y6hCpujMmRlVOp4vS0jykBe9ZQtE9eQR3ZEqPqWVMND06WazRHPyI5VCQtXjMiS6ZUKEUP59+BYtnZadfbQvrXtQ/HDKf0TauaMwGUwKjxRQBo8D+FpqOQ= before_install: - wget https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip - unzip terraform_${VERSION}_linux_amd64.zip -d $HOME/bin @@ -59,55 +61,51 @@ jobs: after_success: - ./gradlew sonarqube - stage: deploy to development + if: env(DEVELOPMENT_ROLE_ARN) IS NOT blank jdk: openjdk11 env: - TF_WORKSPACE=development - - SPLUNK_URL= - SPLUNK_TOKEN= + - DEPLOYMENT_ROLE_ARN=$DEVELOPMENT_ROLE_ARN - secure: nXDs5kInVf6Ty/JIa42b61X+xNcU/PVHfJJ7y9YVRX3HYrbtzusqVuxY1n+JQxZyOo8oSPwmT7OE1muxDP7Hy8APZEdjj1g2r+fp7//0w1OzEFzhk0Gj9b+okc8FgK2U+PnmhQ4n4RmhWC8Qx6L32qiECXzDP12kPuCTHu3uPC4qHLBSVH3fQ04Jk7QyJO4l9kIMRwxyARJ6VsUzwSe5jyytXVikvTZZl/CQoYMGNjMg6B091bt3b2I6Fbkw4jsV0II1VFkQXylj/nnWn2D8ohNG5pfWN3283Ks8f7r3R/yLSqJKqTOMEq7drdAXHdGveXY77xAGURnNXrUiIfMa4UmHhC6cDeC5rliOwjQVTqdo6D9UfkJV+IpSLx6PAIFezQraYEhi/lmFRhrCmsFYLJ85TPGdjkv52tFByDkRWe8+aV/owPT5NEwKJtx9BX6mU/pMavRH8IsIjhbQzeAOVxmU7/MWsU8V7lzfLtHmljZdM9E8V5f3oyDSXkA4bkLJx4P/YBCWc04ii6KXLHqWQ5LiCObhXw972fkegPIz9tDpo1NhxrgEg/cPWg9svE3bXCnegyExvTWeVnTS10IhhAyzA+EBM9kZh6asdQCwGuKnpBxkQaKsGZzUgfFRPQ/mEe2pPlRBo54Qi8ku430QtDoRQxiHkjQdyZkW7wdkonw= - - secure: p3Budl8I27/NBUeWLcTLpCkEcwtfxOQ6GZoEUyay+C/58iNP2j6ECaRdAACb+n6lfvAqZqxgQtSwuMdOQ23/k9EE5fdMLI7CxeudQyFiZLwslvF4MjhJbEl02CrxYEzdnJPCOQbXjNHqpKgZH8Ty42U6VFGLLx3VgtP6KPh5gNenjr+UkLg76s/kDE4WNO7ate812ykB9bjfzy9yyFmgI7Y4gjVyS3XBd8v3TWta3VLeAExc/GqJpjk91iByPlWyOu4GVgZJesCaHgAFXXIl0jDxtG+KsOXpVZxjhWbxP0IjbBJzH6wevMYHvIvHleFPL5Y0n4qj/13YyTukyos4WRexBSkDIxZ+HlDZjwNt6fNqxVOYpLREz3FfY2lER2C7u60bNl8zz9j6bFwo0No0SnbjyFHe+q0bMgr5q9p1uQ/4rc1pfeVi/rb2DaPyQCI+OOUspBjBDXvozteV/YcVNO84c69jpfF4LVkEW7fF6e94cQi95q4MfEpoqxSb2cyJ5tqMthF6hVEZuDQtcC9FjhacS47HD+faQaov9EYPm/sPD9voONZo9y6hCpujMmRlVOp4vS0jykBe9ZQtE9eQR3ZEqPqWVMND06WazRHPyI5VCQtXjMiS6ZUKEUP59+BYtnZadfbQvrXtQ/HDKf0TauaMwGUwKjxRQBo8D+FpqOQ= install: - cd deployment/terraform/ecs-service - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null - - terraform plan -input=false -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${DEVELOPMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null script: - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service - - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${DEVELOPMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null + - terraform plan -input=false -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${DEPLOYMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null before_deploy: - - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service - - CLUSTER_NAME=$(terraform output ecs_cluster_name) + - cd $TRAVIS_BUILD_DIR - eval $(aws sts assume-role --role-arn "$DEVELOPMENT_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') deploy: skip_cleanup: true provider: script - script: aws ecs wait services-stable --services ${SERVICE_NAME} --cluster ${CLUSTER_NAME} + script: deployment/script/travis_deploy.sh on: all_branches: true - stage: deploy to production + if: env(PRODUCTION_ROLE_ARN) IS NOT blank jdk: openjdk11 env: - TF_WORKSPACE=production - - SPLUNK_URL= - SPLUNK_TOKEN= - - secure: qJgNsPCfuHLqj8ilWEdglGT6RnLJJHx9ZOuU82HXVwkeZ+fww7CCqq4HtEYL2klp+V4edngTBCNBihtLUlW16usv3K9xyc0II3/brnZheLazrqUrGQE08Ip75p7f87ZiE5iMQTtxDsSr4UHztl3XB55DntPKIqurNvmsD+Q21AhFb0A94Ktu7cxlNkEcMd+IJaQTy4Xz3vFBL/xhuzEBRaVVNeJIrE0a9C6MpQY6P+dKsYRAfvXzKVy2E1wcU7h1dCLlzBA0EVcRrAi5MLxueffMptlsbFdcxYsGFWI243nY1p5DVmnnDqa1UOqNJnGWLe59DnqtmLYThUH1X2voz6z7RkyfO8wCFHkhuf2cnA5IbEeZ2TZrDshPB9wtwXq5tHJ4wZmDQxNHtDlszgYKCPfUjLYMPIs0sZZY8iHrLOqRvb1Esc0bs/BXmgrWd/7yNFtafS4pMEG9cdUEt3nos5q8vnjQUAgEd2T3oW8ENduHUDeqW5PU9wKIK/nHJOL+LmCYRKKYUsb/ry/BDGN7hnKuTbGAP/4l7QYk+CFueY//H/+eOF73UHZfl2py1LRui8Uyd+koDoUczW4Bd6UZutT8Vb6hhHNsiCVffLEXvMvQbUHT3IRKcwSh5zDorBG7i+a00FCJfHwuBLClgXqjdlQ2opahXD7Y+CWKawBGw6o= + - DEPLOYMENT_ROLE_ARN=$PRODUCTION_ROLE_ARN - secure: BXvYtV2Ek6kzoRFrkVrHRps7dee2ygY+XiV8pCZ+e23bRi6D/Ew8uZ/1FKwNV3XNO/blFyGiMMwDShnX9UFDXVvHV352t/lpw6w5+jEzPr4YM4duKKt9zd4oO39TliIziazQS3W7lR4z00MIQ1YJ3F6zJZsPgj6RwYgqlViBjUXASt28lUaJGT7aL795oLpU314N4DgfGqSDU/8sakgteq5zYF2qxwWEAd+4muhsj3ixBWQitukGML6KFtX4EYz6o6um7NKcC/STDvfSLjNKoxeV1XNyuIoWxqF/b9iDfhJOlaCSur3RruJoV+XjPrBpBfpjBFJZuyQ++OFxoYo0PoVzPxxPe6bGDVEz10QEG6BNfeWRDtiMAL862wSuyCt8wpJhxVfHEXffhi2Uw2FAzMCMfOTV7LYjfcwH9ZqoRJ1ZzxOEA6zejHquOiy26bIaclFa4/n2rurDs3IPlwAJMJWcI7V0+S7gDiwoO3GUFF0tgm6hz9zn5pexaGBu5Lptc50LI2XkBMHbG1dmnOVdyblTGqSnAkTIcS26ChjlTFScYs+BqGhzydMgV9ZUPjlgJ2a0C+y9sYbxeTy5kS9LxPnsL/9jCwQmLPnwjn+Icm7gDTb5Yfa1O7oqTEHTTZICDqrIuMy4/MN4IqMNb2LDZHuElFX9CyVP4NIGGLH6yaw= install: - cd deployment/terraform/ecs-service - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null - - terraform plan -input=false -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${PRODUCTION_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null script: - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service - - terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${PRODUCTION_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null + - terraform plan -input=false -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${DEPLOYMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null before_deploy: - - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service - - CLUSTER_NAME=$(terraform output ecs_cluster_name) + - cd $TRAVIS_BUILD_DIR - eval $(aws sts assume-role --role-arn "$PRODUCTION_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') deploy: skip_cleanup: true provider: script - script: aws ecs wait services-stable --services ${SERVICE_NAME} --cluster ${CLUSTER_NAME} + script: deployment/script/travis_deploy.sh on: - all_branches: true + branch: master notifications: slack: secure: S4Pg6XK5x3pfxldRNJVMuzLfPzKVsGdogr0u0r/pu5dpjJujoecsuDoPS8syej1hZRqJOxK36Ms+NDXRzHNK6w95X69kgwDjzoI3PoKmnqyBJIcgSueyNbm7KoQGgoKTOgEUHZ0A9JbcdH8ThBHUR8wltXctGd3kEp8KC3wSlXzDmLeFJPTqC8DMBmSC00nVL7LtXj4VdOwYZnERKErjjx5f+msOhCNbAXLr7p12O7ewHDhL1jaex4r4yzG8+oevDKYNgpHyd8BCsgsCnjiKewByiVB9q4GBjE6CN3c1VfKdWmPWwF4jgxsz8BqTjshM17msnRyXOaSsB6MG+gGMyNKwFVYEwlsAQyRl5i5IhvjIHVMZVcbon098CpNcpW/ZsWALVQSZUW8yBBVPfVs4gTI071R9hQvDWdHLEkApZpsD24tPwsXGdzupBceyqf3HZn9PDYnqMB+hDxSYmLoJRYqjdFxguUwZEYSRih0c+4npcCBO/QJ5m+4aoG2qJ7Zg10YPr3I/PU+kHKjMzvAME4iZ30CnW0gRskM7nVHZRVmR/vgweZDuo9GYXnOykUUur9S3OEhkEp6Ucmcnkv/DXRa5lU0gqpnfkcJv40UaqoxyypGn2U0dPHPCbYahvTu4QAAAkUU6RsJ3TlDhOg018lJVBBaLx+tXpTD+TpY7/XU= diff --git a/deployment/script/travis_deploy.sh b/deployment/script/travis_deploy.sh new file mode 100644 index 0000000..5329cf7 --- /dev/null +++ b/deployment/script/travis_deploy.sh @@ -0,0 +1,4 @@ +cd deployment/terraform/ecs-service +terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${DEVELOPMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null +CLUSTER_NAME=$(terraform output ecs_cluster_name) +aws ecs wait services-stable --services ${SERVICE_NAME} --cluster ${CLUSTER_NAME} From fb46b82a54ae5284cf95c63e19923c9e785b232c Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Mon, 20 May 2019 11:56:46 +1200 Subject: [PATCH 58/70] Give execute permissions --- deployment/script/travis_deploy.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 deployment/script/travis_deploy.sh diff --git a/deployment/script/travis_deploy.sh b/deployment/script/travis_deploy.sh old mode 100644 new mode 100755 From c125d9e1b3e9e4e2d6bbb24d4cd2f061c4271aa9 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Mon, 20 May 2019 11:59:00 +1200 Subject: [PATCH 59/70] Remove conditions from stages --- .travis.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 827f08e..0ce4c0e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -61,7 +61,6 @@ jobs: after_success: - ./gradlew sonarqube - stage: deploy to development - if: env(DEVELOPMENT_ROLE_ARN) IS NOT blank jdk: openjdk11 env: - TF_WORKSPACE=development @@ -84,7 +83,6 @@ jobs: on: all_branches: true - stage: deploy to production - if: env(PRODUCTION_ROLE_ARN) IS NOT blank jdk: openjdk11 env: - TF_WORKSPACE=production From f477f57c23f40e378d921fd64686198a58429aa6 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Mon, 20 May 2019 12:13:56 +1200 Subject: [PATCH 60/70] Move duplicate commands to travis deploy script --- .travis.yml | 29 +++++++---------------------- deployment/script/travis_deploy.sh | 5 +++++ 2 files changed, 12 insertions(+), 22 deletions(-) diff --git a/.travis.yml b/.travis.yml index 0ce4c0e..45e1c5a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -67,41 +67,26 @@ jobs: - SPLUNK_TOKEN= - DEPLOYMENT_ROLE_ARN=$DEVELOPMENT_ROLE_ARN - secure: nXDs5kInVf6Ty/JIa42b61X+xNcU/PVHfJJ7y9YVRX3HYrbtzusqVuxY1n+JQxZyOo8oSPwmT7OE1muxDP7Hy8APZEdjj1g2r+fp7//0w1OzEFzhk0Gj9b+okc8FgK2U+PnmhQ4n4RmhWC8Qx6L32qiECXzDP12kPuCTHu3uPC4qHLBSVH3fQ04Jk7QyJO4l9kIMRwxyARJ6VsUzwSe5jyytXVikvTZZl/CQoYMGNjMg6B091bt3b2I6Fbkw4jsV0II1VFkQXylj/nnWn2D8ohNG5pfWN3283Ks8f7r3R/yLSqJKqTOMEq7drdAXHdGveXY77xAGURnNXrUiIfMa4UmHhC6cDeC5rliOwjQVTqdo6D9UfkJV+IpSLx6PAIFezQraYEhi/lmFRhrCmsFYLJ85TPGdjkv52tFByDkRWe8+aV/owPT5NEwKJtx9BX6mU/pMavRH8IsIjhbQzeAOVxmU7/MWsU8V7lzfLtHmljZdM9E8V5f3oyDSXkA4bkLJx4P/YBCWc04ii6KXLHqWQ5LiCObhXw972fkegPIz9tDpo1NhxrgEg/cPWg9svE3bXCnegyExvTWeVnTS10IhhAyzA+EBM9kZh6asdQCwGuKnpBxkQaKsGZzUgfFRPQ/mEe2pPlRBo54Qi8ku430QtDoRQxiHkjQdyZkW7wdkonw= - install: - - cd deployment/terraform/ecs-service - - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null - script: - - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service - - terraform plan -input=false -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${DEPLOYMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null - before_deploy: - - cd $TRAVIS_BUILD_DIR - - eval $(aws sts assume-role --role-arn "$DEVELOPMENT_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') - deploy: + install: skip + script: skip + deploy: &deploy-service skip_cleanup: true provider: script script: deployment/script/travis_deploy.sh on: all_branches: true - stage: deploy to production + if: env(PRODUCTION_ROLE_ARN) IS present jdk: openjdk11 env: - TF_WORKSPACE=production - SPLUNK_TOKEN= - DEPLOYMENT_ROLE_ARN=$PRODUCTION_ROLE_ARN - secure: BXvYtV2Ek6kzoRFrkVrHRps7dee2ygY+XiV8pCZ+e23bRi6D/Ew8uZ/1FKwNV3XNO/blFyGiMMwDShnX9UFDXVvHV352t/lpw6w5+jEzPr4YM4duKKt9zd4oO39TliIziazQS3W7lR4z00MIQ1YJ3F6zJZsPgj6RwYgqlViBjUXASt28lUaJGT7aL795oLpU314N4DgfGqSDU/8sakgteq5zYF2qxwWEAd+4muhsj3ixBWQitukGML6KFtX4EYz6o6um7NKcC/STDvfSLjNKoxeV1XNyuIoWxqF/b9iDfhJOlaCSur3RruJoV+XjPrBpBfpjBFJZuyQ++OFxoYo0PoVzPxxPe6bGDVEz10QEG6BNfeWRDtiMAL862wSuyCt8wpJhxVfHEXffhi2Uw2FAzMCMfOTV7LYjfcwH9ZqoRJ1ZzxOEA6zejHquOiy26bIaclFa4/n2rurDs3IPlwAJMJWcI7V0+S7gDiwoO3GUFF0tgm6hz9zn5pexaGBu5Lptc50LI2XkBMHbG1dmnOVdyblTGqSnAkTIcS26ChjlTFScYs+BqGhzydMgV9ZUPjlgJ2a0C+y9sYbxeTy5kS9LxPnsL/9jCwQmLPnwjn+Icm7gDTb5Yfa1O7oqTEHTTZICDqrIuMy4/MN4IqMNb2LDZHuElFX9CyVP4NIGGLH6yaw= - install: - - cd deployment/terraform/ecs-service - - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null - script: - - cd $TRAVIS_BUILD_DIR && cd deployment/terraform/ecs-service - - terraform plan -input=false -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${DEPLOYMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null - before_deploy: - - cd $TRAVIS_BUILD_DIR - - eval $(aws sts assume-role --role-arn "$PRODUCTION_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') + install: skip + script: skip deploy: - skip_cleanup: true - provider: script - script: deployment/script/travis_deploy.sh + <<: *deploy-service on: branch: master notifications: diff --git a/deployment/script/travis_deploy.sh b/deployment/script/travis_deploy.sh index 5329cf7..9d07c58 100755 --- a/deployment/script/travis_deploy.sh +++ b/deployment/script/travis_deploy.sh @@ -1,4 +1,9 @@ +#!bin/bash + +cd $TRAVIS_BUILD_DIR cd deployment/terraform/ecs-service +terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${DEVELOPMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null CLUSTER_NAME=$(terraform output ecs_cluster_name) +eval $(aws sts assume-role --role-arn "$DEPLOYMENT_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') aws ecs wait services-stable --services ${SERVICE_NAME} --cluster ${CLUSTER_NAME} From 29e9bfc0413ec38fcb4d313b74a163f51afd109d Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Mon, 20 May 2019 12:23:38 +1200 Subject: [PATCH 61/70] Attempt to fix script failing to run --- deployment/script/travis_deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/script/travis_deploy.sh b/deployment/script/travis_deploy.sh index 9d07c58..33334eb 100755 --- a/deployment/script/travis_deploy.sh +++ b/deployment/script/travis_deploy.sh @@ -1,4 +1,4 @@ -#!bin/bash +#! /bin/sh cd $TRAVIS_BUILD_DIR cd deployment/terraform/ecs-service From 98210845da412c89aff0a7cb3e4bfca6c0a0da94 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Mon, 20 May 2019 12:25:08 +1200 Subject: [PATCH 62/70] Add sh in front of deploy script --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 45e1c5a..69d44c0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -72,7 +72,7 @@ jobs: deploy: &deploy-service skip_cleanup: true provider: script - script: deployment/script/travis_deploy.sh + script: sh deployment/script/travis_deploy.sh on: all_branches: true - stage: deploy to production From 15a5763d2af9348913bc7e56011f578fbb411ecd Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Mon, 20 May 2019 12:34:59 +1200 Subject: [PATCH 63/70] Use bash instead sh --- .travis.yml | 2 +- deployment/script/travis_deploy.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 69d44c0..31d650f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -72,7 +72,7 @@ jobs: deploy: &deploy-service skip_cleanup: true provider: script - script: sh deployment/script/travis_deploy.sh + script: bash deployment/script/travis_deploy.sh on: all_branches: true - stage: deploy to production diff --git a/deployment/script/travis_deploy.sh b/deployment/script/travis_deploy.sh index 33334eb..cf2f83e 100755 --- a/deployment/script/travis_deploy.sh +++ b/deployment/script/travis_deploy.sh @@ -1,4 +1,4 @@ -#! /bin/sh +#! /bin/bash cd $TRAVIS_BUILD_DIR cd deployment/terraform/ecs-service From ce1c3abcd97ff4e4a1379794793faed5ff46985b Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Mon, 20 May 2019 13:50:29 +1200 Subject: [PATCH 64/70] Remove stage condition --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 31d650f..1cefadc 100644 --- a/.travis.yml +++ b/.travis.yml @@ -76,7 +76,6 @@ jobs: on: all_branches: true - stage: deploy to production - if: env(PRODUCTION_ROLE_ARN) IS present jdk: openjdk11 env: - TF_WORKSPACE=production From c5bd31dae07bfaea4a7225d6366b29bfa9089b87 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Mon, 20 May 2019 14:58:48 +1200 Subject: [PATCH 65/70] Add variables for alerting --- .travis.yml | 4 ++-- deployment/terraform/ecs-service/ecs.tf | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1cefadc..6f35aac 100644 --- a/.travis.yml +++ b/.travis.yml @@ -64,8 +64,8 @@ jobs: jdk: openjdk11 env: - TF_WORKSPACE=development - - SPLUNK_TOKEN= - DEPLOYMENT_ROLE_ARN=$DEVELOPMENT_ROLE_ARN + - SPLUNK_TOKEN= - secure: nXDs5kInVf6Ty/JIa42b61X+xNcU/PVHfJJ7y9YVRX3HYrbtzusqVuxY1n+JQxZyOo8oSPwmT7OE1muxDP7Hy8APZEdjj1g2r+fp7//0w1OzEFzhk0Gj9b+okc8FgK2U+PnmhQ4n4RmhWC8Qx6L32qiECXzDP12kPuCTHu3uPC4qHLBSVH3fQ04Jk7QyJO4l9kIMRwxyARJ6VsUzwSe5jyytXVikvTZZl/CQoYMGNjMg6B091bt3b2I6Fbkw4jsV0II1VFkQXylj/nnWn2D8ohNG5pfWN3283Ks8f7r3R/yLSqJKqTOMEq7drdAXHdGveXY77xAGURnNXrUiIfMa4UmHhC6cDeC5rliOwjQVTqdo6D9UfkJV+IpSLx6PAIFezQraYEhi/lmFRhrCmsFYLJ85TPGdjkv52tFByDkRWe8+aV/owPT5NEwKJtx9BX6mU/pMavRH8IsIjhbQzeAOVxmU7/MWsU8V7lzfLtHmljZdM9E8V5f3oyDSXkA4bkLJx4P/YBCWc04ii6KXLHqWQ5LiCObhXw972fkegPIz9tDpo1NhxrgEg/cPWg9svE3bXCnegyExvTWeVnTS10IhhAyzA+EBM9kZh6asdQCwGuKnpBxkQaKsGZzUgfFRPQ/mEe2pPlRBo54Qi8ku430QtDoRQxiHkjQdyZkW7wdkonw= install: skip script: skip @@ -79,8 +79,8 @@ jobs: jdk: openjdk11 env: - TF_WORKSPACE=production - - SPLUNK_TOKEN= - DEPLOYMENT_ROLE_ARN=$PRODUCTION_ROLE_ARN + - SPLUNK_TOKEN= - secure: BXvYtV2Ek6kzoRFrkVrHRps7dee2ygY+XiV8pCZ+e23bRi6D/Ew8uZ/1FKwNV3XNO/blFyGiMMwDShnX9UFDXVvHV352t/lpw6w5+jEzPr4YM4duKKt9zd4oO39TliIziazQS3W7lR4z00MIQ1YJ3F6zJZsPgj6RwYgqlViBjUXASt28lUaJGT7aL795oLpU314N4DgfGqSDU/8sakgteq5zYF2qxwWEAd+4muhsj3ixBWQitukGML6KFtX4EYz6o6um7NKcC/STDvfSLjNKoxeV1XNyuIoWxqF/b9iDfhJOlaCSur3RruJoV+XjPrBpBfpjBFJZuyQ++OFxoYo0PoVzPxxPe6bGDVEz10QEG6BNfeWRDtiMAL862wSuyCt8wpJhxVfHEXffhi2Uw2FAzMCMfOTV7LYjfcwH9ZqoRJ1ZzxOEA6zejHquOiy26bIaclFa4/n2rurDs3IPlwAJMJWcI7V0+S7gDiwoO3GUFF0tgm6hz9zn5pexaGBu5Lptc50LI2XkBMHbG1dmnOVdyblTGqSnAkTIcS26ChjlTFScYs+BqGhzydMgV9ZUPjlgJ2a0C+y9sYbxeTy5kS9LxPnsL/9jCwQmLPnwjn+Icm7gDTb5Yfa1O7oqTEHTTZICDqrIuMy4/MN4IqMNb2LDZHuElFX9CyVP4NIGGLH6yaw= install: skip script: skip diff --git a/deployment/terraform/ecs-service/ecs.tf b/deployment/terraform/ecs-service/ecs.tf index 002df9e..7620935 100644 --- a/deployment/terraform/ecs-service/ecs.tf +++ b/deployment/terraform/ecs-service/ecs.tf @@ -1,10 +1,15 @@ module "ecs_service" { source = "git::https://github.com/bnc-projects/terraform-ecs-service.git?ref=initial-module" + alarm_actions = [ + "${data.terraform_remote_state.market-data.alert_topic_arn}" + ] application_path = "/v1/service" cluster_name = "${data.terraform_remote_state.market-data.ecs_cluster_name}" docker_image = "${data.terraform_remote_state.ecr.repository_url}:${var.service_version}" external_lb_listener_arn = "${data.terraform_remote_state.market-data.external_lb_https_listener_arn}" + external_lb_name = "${data.terraform_remote_state.market-data.external_lb_name}" internal_lb_listener_arn = "${data.terraform_remote_state.market-data.internal_lb_https_listener_arn}" + internal_lb_name = "${data.terraform_remote_state.market-data.internal_lb_name}" java_options = "-javaagent:newrelic/newrelic.jar -Dnewrelic.environment=${terraform.workspace} -Dnewrelic.config.file=newrelic/newrelic.yml" is_exposed_externally = false priority = 50 From a614d358a273e6eb4389132d37ec2ec492ad0b03 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Mon, 20 May 2019 15:21:58 +1200 Subject: [PATCH 66/70] Update redirect to /dev/null --- .travis.yml | 4 ++-- deployment/script/travis_deploy.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 6f35aac..f93cf2d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -49,8 +49,8 @@ jobs: - stage: test script: - cd deployment/terraform/ecr - - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${KEY}" -backend-config="role_arn=${ROLE_ARN}" >/dev/null - - terraform apply -backup="-" -input=false -auto-approve -var bnc_deploy_role=${OPERATIONS_ROLE_ARN} -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} >/dev/null + - terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${KEY}" -backend-config="role_arn=${ROLE_ARN}" 1>/dev/null + - terraform apply -backup="-" -input=false -auto-approve -var bnc_deploy_role=${OPERATIONS_ROLE_ARN} -var role_arn=${ROLE_ARN} -var service_name=${SERVICE_NAME} 1>/dev/null - REPOSITORY_URI=$(terraform output repository_url) - cd $TRAVIS_BUILD_DIR - eval $(aws sts assume-role --role-arn "$OPERATIONS_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') diff --git a/deployment/script/travis_deploy.sh b/deployment/script/travis_deploy.sh index cf2f83e..ebb1af5 100755 --- a/deployment/script/travis_deploy.sh +++ b/deployment/script/travis_deploy.sh @@ -2,8 +2,8 @@ cd $TRAVIS_BUILD_DIR cd deployment/terraform/ecs-service -terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" > /dev/null -terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${DEVELOPMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} > /dev/null +terraform init -backend-config="bucket=${STATE_S3_BUCKET}" -backend-config="region=${AWS_DEFAULT_REGION}" -backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE}" -backend-config="kms_key_id=${KMS_KEY_ID}" -backend-config="key=${SERVICE_KEY}" -backend-config="role_arn=${ROLE_ARN}" 1> /dev/null +terraform apply -backup="-" -input=false -auto-approve -var role_arn=${ROLE_ARN} -var bnc_deploy_role=${DEVELOPMENT_ROLE_ARN} -var service_name=${SERVICE_NAME} -var service_version=${TRAVIS_BUILD_NUMBER} -var splunk_url=${SPLUNK_URL} -var splunk_token=${SPLUNK_TOKEN} 1> /dev/null CLUSTER_NAME=$(terraform output ecs_cluster_name) eval $(aws sts assume-role --role-arn "$DEPLOYMENT_ROLE_ARN" --role-session-name "${TRAVIS_REPO_SLUG//\//-}" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.SessionToken)\nexport AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey) "') aws ecs wait services-stable --services ${SERVICE_NAME} --cluster ${CLUSTER_NAME} From 9a7cc4028ef9f524c223891a058405b3713a3a56 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Mon, 20 May 2019 15:39:58 +1200 Subject: [PATCH 67/70] Use versioned ECS module --- deployment/terraform/ecs-service/ecs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/terraform/ecs-service/ecs.tf b/deployment/terraform/ecs-service/ecs.tf index 7620935..21dc1d9 100644 --- a/deployment/terraform/ecs-service/ecs.tf +++ b/deployment/terraform/ecs-service/ecs.tf @@ -1,5 +1,5 @@ module "ecs_service" { - source = "git::https://github.com/bnc-projects/terraform-ecs-service.git?ref=initial-module" + source = "git::https://github.com/bnc-projects/terraform-ecs-service.git?ref=1.0.0" alarm_actions = [ "${data.terraform_remote_state.market-data.alert_topic_arn}" ] From 508559c0fb5243861dc516b755c753459ec79fea Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Mon, 20 May 2019 16:22:03 +1200 Subject: [PATCH 68/70] Update documentation --- README.md | 116 ++++++++++++++++-- deployment/README.md | 7 -- .../ecs-service/backend.tfvars.example | 2 +- 3 files changed, 105 insertions(+), 20 deletions(-) delete mode 100644 deployment/README.md diff --git a/README.md b/README.md index b289b57..5785314 100644 --- a/README.md +++ b/README.md @@ -4,18 +4,30 @@ [![Known Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=spring-boot-java-base&metric=vulnerabilities)](https://sonarcloud.io/api/project_badges/measure?project=spring-boot-java-base&metric=vulnerabilities) # Spring Boot Java Base -## How tos +## Build & Test + +This project uses gradle and uses the default tasks to compile and run unit tests. -### Build & Test ```bash ./gradlew clean assemble check ``` -### How to: Build and run locally on Docker -1. `./gradlew clean assemble check docker` -2. `docker run -e SPRING_PROFILES_ACTIVE=localhost -p 8080:8080 -i -t spring-boot-java-base` +### Build and run locally on Docker +1. Build the docker container +```bash +./gradlew clean assemble check docker +``` +2. Run the docker container +```bash +docker run -e SPRING_PROFILES_ACTIVE=localhost -p 8080:8080 -i -t spring-boot-java-base +``` + +### Build production equivalent container +```bash +./gradlew clean assemble check docker dockerTag -PTAG=$(git rev-parse --verify HEAD --short) -PREPOSITORY_URI=${DOCKER_REPO}${IMAGE_NAME} +``` -#### Debug / Profiling +### Profiling To debug the container locally, the `JAVA_OPTS` environment variable can be provided when running the container. ```bash docker run -p 8080:8080 -i -t -e JAVA_OPTS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" spring-boot-java-base @@ -27,12 +39,92 @@ New relic can be enabled by providing the following `JAVA_OPTS` environment vari docker run -p 8080:8080 -i -t -e JAVA_OPTS="-javaagent:newrelic/newrelic.jar -Dnewrelic.environment=development -Dnewrelic.config.file=newrelic/newrelic.yml" spring-boot-java-base ``` -### How to: Build production equivalent container -```bash -./gradlew clean assemble check docker dockerTag -PTAG=$(git rev-parse --verify HEAD --short) -PREPOSITORY_URI=${DOCKER_REPO}${IMAGE_NAME} +## Deployment + +This project uses Terraform and the AWS CLI to deploy the service to the BNC ECS Cluster. To have the CI/CD pipeline deploy a service which has be deployed using a fork of this project you can follow the instructions below. + +### Terraform ECS Workspaces + +By default Terraform will not create the required workspaces. Before setting up the deployment in the CI environment, ensure you have created all of the appropriate workspaces. + +The default workspaces for BNC are: +* development +* production + +To create the workspaces run the following commands: +``` +cd deployment/terraform/ecs-service +terraform workspace new production +terraform workspace new development ``` -## For more tasks run -```bash -./gradlew tasks +### Setting up Travis-CI deployment + +1. Encrypt the following global environment variables using the Travis-CI CLI. +``` +AWS_ACCESS_KEY_ID= +AWS_SECRET_ACCESS_KEY= +AWS_DEFAULT_REGION= +KMS_KEY_ID= +ROLE_ARN= +STATE_S3_BUCKET= +STATE_DYNAMODB_TABLE= +KEY=, e.g bnc//ecr/ +SERVICE_KEY=, e.g bnc///ecs/ +OPERATIONS_ROLE_ARN= +DEVELOPMENT_ROLE_ARN= +PRODUCTION_ROLE_ARN= +SPLUNK_URL= +``` + +2. Encrypt the following environment variables for the development deployment: +``` +TF_WORKSPACE= +SPLUNK_TOKEN= +``` + +### Deployment to development ECS cluster + +#### Setup AWS Credentials + +1. Setup the AWS profile using `aws configure --profile bnc-terraform`. The credentials can be retrieved using `terraform output` command in the terraform-techemy-master project if you have this setup. + +#### Terraform ECR Project + +1. cd deployment/terraform/ecr + +2. Copy `backend.tfvars.example` to `backend.tfvars`. + +3. Fill out the `backend.tfvars` + +4. Run `terraform init "-backend-config=backend.tfvars"`. + +5. Copy `master.tfvars.example` to `master.tfvars`. + +6. Fill in the `master.tfvars` with the correct values. + +7. Now the project is fully setup and you will have the ability to run [terraform commands](https://www.terraform.io/docs/commands/index.html). +``` +terraform plan "-var-file=master.tfvars" +``` + +#### Terraform ECS Project + +1. cd deployment/terraform/ecs-service + +2. Copy `backend.tfvars.example` to `backend.tfvars`. + +3. Fill out the `backend.tfvars` + +4. Run `terraform init "-backend-config=backend.tfvars"`. + +5. Copy `master.tfvars.example` to `master.tfvars`. + +6. Fill in the `master.tfvars` with the correct values. + +7. Select the development work space `terraform workspace select development` + +8. Now the project is fully setup and you will have the ability to run [terraform commands](https://www.terraform.io/docs/commands/index.html). +``` +terraform plan "-var-file=master.tfvars" ``` diff --git a/deployment/README.md b/deployment/README.md deleted file mode 100644 index 6c70906..0000000 --- a/deployment/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# AWS cloudformation - -## More information - -* This stack depends on an ASG cluster created by the `bnc-cfn-stack`. -* A new target group gets assigned to an existing ALB which forwards request to this service. -* This will create a new service to be deployed in the cluster and a new deployment pipeline for it. diff --git a/deployment/terraform/ecs-service/backend.tfvars.example b/deployment/terraform/ecs-service/backend.tfvars.example index bbde297..bf7d486 100644 --- a/deployment/terraform/ecs-service/backend.tfvars.example +++ b/deployment/terraform/ecs-service/backend.tfvars.example @@ -1,7 +1,7 @@ bucket = "" region = "" dynamodb_table = "" -key = ", e.g bnc//workspace/ecs/" +key = ", e.g bnc///ecs/" kms_key_id = "" profile = "" role_arn = "" From c0ab725c1252a2b1626c190e14ffaab51251fbe8 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Mon, 20 May 2019 16:48:09 +1200 Subject: [PATCH 69/70] Update application path and module version --- deployment/terraform/ecs-service/ecs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/terraform/ecs-service/ecs.tf b/deployment/terraform/ecs-service/ecs.tf index 21dc1d9..71d5cca 100644 --- a/deployment/terraform/ecs-service/ecs.tf +++ b/deployment/terraform/ecs-service/ecs.tf @@ -1,9 +1,9 @@ module "ecs_service" { - source = "git::https://github.com/bnc-projects/terraform-ecs-service.git?ref=1.0.0" + source = "git::https://github.com/bnc-projects/terraform-ecs-service.git?ref=1.0.1" alarm_actions = [ "${data.terraform_remote_state.market-data.alert_topic_arn}" ] - application_path = "/v1/service" + application_path = "/sbjb" cluster_name = "${data.terraform_remote_state.market-data.ecs_cluster_name}" docker_image = "${data.terraform_remote_state.ecr.repository_url}:${var.service_version}" external_lb_listener_arn = "${data.terraform_remote_state.market-data.external_lb_https_listener_arn}" From 0ab67e651e04cfee413b4676bafac11aad3d0810 Mon Sep 17 00:00:00 2001 From: Bhavik Kumar Date: Mon, 20 May 2019 16:48:20 +1200 Subject: [PATCH 70/70] Update documentation --- .../terraform/ecs-service/backend.tfvars.example | 2 +- .../terraform/ecs-service/development.tfvars.example | 12 ++++-------- .../terraform/ecs-service/production.tfvars.example | 12 ++++-------- 3 files changed, 9 insertions(+), 17 deletions(-) diff --git a/deployment/terraform/ecs-service/backend.tfvars.example b/deployment/terraform/ecs-service/backend.tfvars.example index bf7d486..c9f78bc 100644 --- a/deployment/terraform/ecs-service/backend.tfvars.example +++ b/deployment/terraform/ecs-service/backend.tfvars.example @@ -1,7 +1,7 @@ bucket = "" region = "" dynamodb_table = "" -key = ", e.g bnc///ecs/" +key = ", e.g ecs/" kms_key_id = "" profile = "" role_arn = "" diff --git a/deployment/terraform/ecs-service/development.tfvars.example b/deployment/terraform/ecs-service/development.tfvars.example index 7b29fab..f089cb4 100644 --- a/deployment/terraform/ecs-service/development.tfvars.example +++ b/deployment/terraform/ecs-service/development.tfvars.example @@ -1,11 +1,7 @@ -profile = "" -role_arn = "" -workspace_account_ids = " " - e.g: workspace_account_ids = { development = "", production = ""} -application_path = "" +bnc_deploy_role = "