Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Build & CI - Containerized Environments #633

Merged
merged 31 commits into from
Jan 15, 2020
Merged

Build & CI - Containerized Environments #633

merged 31 commits into from
Jan 15, 2020

Conversation

jahkeup
Copy link
Member

@jahkeup jahkeup commented Jan 9, 2020

Description of changes:

This branch holds, in total, the entire set of changes that need to be made together once related & dependent changes are themselves reviewed and finalized. The PR cannot be merged before changes are reviewed and staged as several scripts, buildspecs, Cloudformation stacks have dependencies tied up until we can flip over.

Related/contained PRs:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

jahkeup added 10 commits January 9, 2020 16:58
Projects producing images will utilize this tool to push images to ECR
repositories as part of their build.
This uses the SSM pointers defined and provisioned in another stack that
provides a pre-established parameter with the Container Image and its
Tag to use.
This uses the SSM pointers defined and provisioned in another stack that
provides a pre-established parameter with the Container Image and its
Tag to use.
@jahkeup
Copy link
Member Author

jahkeup commented Jan 13, 2020

Reviewers please note: these changes are incompatible with current PR checks and will fail until switched over to this setup

Add CodeBuild Infra containers supporting resources
This polyfill implementation of `logger` handles scenarios where the
environment isn't fully initialized or where the logger stub isn't able
to be run. Falling back to `printf` eliminates logged errors from these
places and in their place prints the expected messages.
ci: polyfill logger in edge cases for #541
This adds a CI specific harness for creating AMIs from built disk
images. To accomplish the task at hand, the script "create-ami-image"
manages the use of build artifacts and kicks off the amiize process
according to its build environment. "ensure-key-pair" validates and/or
creates an EC2 key pair for its use during automated builds. This key
may be rotated (by way of deletion) as needed with additional
straightforward & well scoped permissions needed for the build task to
manage its own key pair (aside from the overlapping EC2 permissions
needed for amiizing):

- ssm:PutParameter
- ssm:GetParameter
- ec2:ImportKey
- ec2:DescribeKeyPairs
- kms:Encrypt
- kms:Decrypt

The KMS documentation page regarding SSM Parameter Store has much more
outlined on restricting the usage of SSM' AWS-Managed CMK to the SSM
Parameters involved as well.

Signed-off-by: Jacob Vallejo <[email protected]>
Copy link
Contributor

@zmrow zmrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🥇

@zmrow
Copy link
Contributor

zmrow commented Jan 15, 2020

I may be missing it somewhere, but I don't see the CodeBuild buildspec for the Thar "build" step - does this still live in CodeCommit?

Tidy buildspecs to use container environment
@jahkeup jahkeup requested a review from tjkirch January 15, 2020 17:05
@jahkeup jahkeup marked this pull request as ready for review January 15, 2020 17:05
@jahkeup
Copy link
Member Author

jahkeup commented Jan 15, 2020

@zmrow yeah, in fact that step was alternating between using a sideband buildspec (from codecommit as a second source) and using the in-repo thar-pr-build.yml buildspec. I think we should be able to use the thar-pr-build.yml for the time being and split it off later - for now the steps would reach towards the same target: build and output the artifacts - which is done in the thar-pr-build build project today.

Copy link
Contributor

@etungsten etungsten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@jahkeup jahkeup removed the request for review from tjkirch January 15, 2020 18:13
@jahkeup jahkeup merged commit c38271b into develop Jan 15, 2020
@iliana iliana deleted the ci-containers branch January 18, 2020 00:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants