The Nubis CI project is designed to be deployed into a standard Nubis Account. It takes advantage of the standard deployment found here. For further specifics about CI consult the Jenkins documentation here.
The CI system is designed to run two basic jobs. The first job watches a single GitHub repository and builds a new AMI when that repository changes. It then runs the second job which deploys the AMI into the Stage environment. The second job can be triggered manually to deploy the AMI into the Prod environment. All deployments are applied using Terraform.
NOTE: The line colors are representative and are for readability only. They are not intended to indicate any underlying protocol or specific communication details.
The CI deployment consists of:
- A single EC2 instance acting as a Jenkins server
- An Auto Scaling group to provide resiliency
- A S3 log bucket where backups and artifacts are stored
- An ELB to facilitate inbound connectivity
Details for the deployment including; naming conventions, relationships, permissions, etcetera, can be found in the Terraform template used for deployment. Links to specific resources can be found in the following table.
| Resource Type | Resource Title | Code Location |
|---|---|---|
| atlas_artifact | nubis-ci | nubis/terraform/main.tf#L1 |
| tls_private_key | ci | nubis/terraform/main.tf#L19 |
| tls_self_signed_cert | ci | nubis/terraform/main.tf#L26 |
| aws_iam_server_certificate | ci | nubis/terraform/main.tf#L52 |
| aws_elb | ci | nubis/terraform/main.tf#L68 |
| aws_security_group | elb | nubis/terraform/main.tf#L102 |
| aws_security_group | ci | nubis/terraform/main.tf#L130 |
| aws_autoscaling_group | ci | nubis/terraform/main.tf#L169 |
| aws_launch_configuration | ci | nubis/terraform/main.tf#L201 |
| aws_route53_record | ci | nubis/terraform/main.tf#L236 |
| aws_s3_bucket | ci_artifacts | nubis/terraform/main.tf#L245 |
| aws_iam_instance_profile | ci | nubis/terraform/main.tf#L264 |
| aws_iam_role | ci | nubis/terraform/main.tf#L272 |
| aws_iam_role_policy | ci_artifacts | nubis/terraform/main.tf#L293 |
| aws_iam_role_policy | ci_build | nubis/terraform/main.tf#L323 |
| aws_iam_role_policy | ci_deploy | nubis/terraform/main.tf#L371 |
| null_resource | credstash | nubis/terraform/main.tf#L488 |
git clone git@github.com:nubisproject/nubis-base.gitgit clone git@github.com:nubisproject/nubis-builder.git- Refer to README.md in nubis-builder on how to build this project.
You need to create a new OAuth application by going to : https://github.com/settings/applications/new
Set the homepage to:
https://ci.<application>.admin.us-east-1.<account>.nubis.allizom.org/
Set the callback URL to:
https://ci.<application>.admin.us-east-1.<account>.nubis.allizom.org/securityRealm/finishLogin
And use the provided Client ID and Client Secret as inputs, respectively: github_oauth_client_id and github_oauth_client_secret
All files related to the nubis ci project
Scripts related to configuring nubis-ci AMIs creation
This is the puppet tree that's populated with librarian-puppet, it's in .gitignore and gets reset on every build.
JSON files that describe the project, configure settings, configure provisioners, etc.
Terraform deployment templates.