Merge branch 'feat/environment-url-improvement' into 'master' (532773a8) · Commits · to be continuous... / Amazon Web Services

README.md

+161 −128

File changed.

Preview size limit exceeded, changes collapsed.

kicker.json

+30 −25

Original line number	Diff line number	Diff line
		@@ -15,6 +15,11 @@
		"default": "$CI_PROJECT_NAME",
		"advanced": true
		},
		{
		"name": "AWS_ENVIRONMENT_URL",
		"type": "url",
		"description": "The default environments url _(only define for static environment URLs declaration)_\n\n_supports late variable expansion (ex: `https://%{environment_name}.aws.acme.com`)_"
		},
		{
		"name": "AWS_OIDC_ROLE_ARN",
		"description": "Default IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/)",
		@@ -40,18 +45,15 @@
		"advanced": true
		},
		{
		"name": "AWS_REVIEW_OIDC_ROLE_ARN",
		"description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `review` env _(only define if different from global)_",
		"name": "AWS_REVIEW_ENVIRONMENT_URL",
		"type": "url",
		"description": "The review environments url _(only define for static environment URLs declaration and if different from default)_",
		"advanced": true
		},
		{
		"name": "AWS_REVIEW_ENVIRONMENT_SCHEME",
		"description": "The review environment protocol scheme",
		"default": "https"
		},
		{
		"name": "AWS_REVIEW_ENVIRONMENT_DOMAIN",
		"description": "The review environment domain (ex: `noprod-aws.domain.com`).\n\nRequired for static environment URLs declaration only (see doc).\n\nBy default review `environment.url` will be built as `${AWS_REVIEW_ENVIRONMENT_SCHEME}://${$CI_PROJECT_NAME}-${CI_ENVIRONMENT_SLUG}.${AWS_REVIEW_ENVIRONMENT_DOMAIN}`"
		"name": "AWS_REVIEW_OIDC_ROLE_ARN",
		"description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `review` env _(only define if different from global)_",
		"advanced": true
		}
		]
		},
		@@ -67,14 +69,15 @@
		"advanced": true
		},
		{
		"name": "AWS_INTEG_OIDC_ROLE_ARN",
		"description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `integration` env _(only define if different from global)_",
		"name": "AWS_INTEG_ENVIRONMENT_URL",
		"type": "url",
		"description": "The integration environment url _(only define for static environment URLs declaration and if different from default)_",
		"advanced": true
		},
		{
		"name": "AWS_INTEG_ENVIRONMENT_URL",
		"type": "url",
		"description": "The integration environment url including scheme (ex: `https://my-application-integration.noprod-aws.domain.com`).\n\nRequired for static environment URLs declaration only (see doc).\n\nDo not use variable inside variable definition as it will result in a two level cascade variable and gitlab does not allow that."
		"name": "AWS_INTEG_OIDC_ROLE_ARN",
		"description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `integration` env _(only define if different from global)_",
		"advanced": true
		}
		]
		},
		@@ -90,14 +93,15 @@
		"advanced": true
		},
		{
		"name": "AWS_STAGING_OIDC_ROLE_ARN",
		"description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `staging` env _(only define if different from global)_",
		"name": "AWS_STAGING_ENVIRONMENT_URL",
		"type": "url",
		"description": "The staging environment url _(only define for static environment URLs declaration and if different from default)_",
		"advanced": true
		},
		{
		"name": "AWS_STAGING_ENVIRONMENT_URL",
		"type": "url",
		"description": "The staging environment url including scheme (ex: `https://my-application-staging.noprod-aws.domain.com`).\n\nRequired for static environment URLs declaration only (see doc).\n\nDo not use variable inside variable definition as it will result in a two level cascade variable and gitlab does not allow that."
		"name": "AWS_STAGING_OIDC_ROLE_ARN",
		"description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `staging` env _(only define if different from global)_",
		"advanced": true
		}
		]
		},
		@@ -113,14 +117,15 @@
		"advanced": true
		},
		{
		"name": "AWS_PROD_OIDC_ROLE_ARN",
		"description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `production` env _(only define if different from global)_",
		"name": "AWS_PROD_ENVIRONMENT_URL",
		"type": "url",
		"description": "The production environment url _(only define for static environment URLs declaration and if different from default)_",
		"advanced": true
		},
		{
		"name": "AWS_PROD_ENVIRONMENT_URL",
		"type": "url",
		"description": "The production environment url including scheme (ex: `https://my-application.aws.domain.com`).\n\nRequired for static environment URLs declaration only (see doc).\n\nDo not use variable inside variable definition as it will result in a two level cascade variable and gitlab does not allow that."
		"name": "AWS_PROD_OIDC_ROLE_ARN",
		"description": "IAM Role ARN associated with GitLab to [authenticate using OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/aws/) on `production` env _(only define if different from global)_",
		"advanced": true
		},
		{
		"name": "AUTODEPLOY_TO_PROD",

templates/gitlab-ci-aws.yml

+32 −21

Original line number	Diff line number	Diff line
		@@ -244,7 +244,7 @@ stages:
		}

		function awkenvsubst() {
		awk '{while(match($0,"[$]{[^}]*}")) {var=substr($0,RSTART+2,RLENGTH -3);val=ENVIRON[var];gsub(/["\\]/,"\\\\&", val);gsub("\n", "\\n", val);gsub("\r", "\\r", val);gsub("[$]{"var"}",val)}}1'
		awk '{while(match($0,"[$%]{[^}]*}")) {g0=substr($0,RSTART,RLENGTH); val=ENVIRON[substr(g0,3,RLENGTH-3)]; gsub(g0,val)}}1'
		}

		function exec_hook() {
		@@ -274,25 +274,31 @@ stages:

		# application deployment function
		function deploy() {
		export env=$1
		export appname=$2
		export environment_url=$3
		export environment_type=$1
		export environment_name=$2
		environment_url=$3

		# backward compatibility
		export env=$environment_type
		export appname=$environment_name

		# variables expansion in $environment_url
		environment_url=$(echo "$environment_url" \| awkenvsubst)
		export environment_url
		# extract hostname from $environment_url
		hostname=$(echo "$environment_url" \| awk -F[/:] '{print $4}')
		export hostname

		log_info "--- \\e[32mdeploy\\e[0m (env: \\e[33;1m${env}\\e[0m)"
		log_info "--- \$appname: \\e[33;1m${appname}\\e[0m"
		log_info "--- \$env: \\e[33;1m${env}\\e[0m"
		log_info "--- \\e[32mdeploy\\e[0m"
		log_info "--- \$environment_type: \\e[33;1m${environment_type}\\e[0m"
		log_info "--- \$environment_name: \\e[33;1m${environment_name}\\e[0m"
		log_info "--- \$hostname: \\e[33;1m${hostname}\\e[0m"

		# unset any upstream deployment env & artifacts
		unset environment_name
		unset environment_type
		rm -f aws.env
		rm -f environment_url.txt

		deployscript=$(ls -1 "$AWS_SCRIPTS_DIR/aws-deploy-${env}.sh" 2>/dev/null \|\| ls -1 "$AWS_SCRIPTS_DIR/aws-deploy.sh" 2>/dev/null \|\| echo "")
		deployscript=$(ls -1 "$AWS_SCRIPTS_DIR/aws-deploy-${environment_type}.sh" 2>/dev/null \|\| ls -1 "$AWS_SCRIPTS_DIR/aws-deploy.sh" 2>/dev/null \|\| echo "")
		if [[ -f "$deployscript" ]]
		then
		log_info "--- deploy script (\\e[33;1m${deployscript}\\e[0m) found: execute"
		@@ -311,19 +317,23 @@ stages:
		else
		echo "$environment_url" > environment_url.txt
		fi
		echo -e "environment_type=$env\\nenvironment_name=$appname\\nenvironment_url=$environment_url" > aws.env
		echo -e "environment_type=$environment_type\\nenvironment_name=$environment_name\\nenvironment_url=$environment_url" > aws.env
		}

		# environment cleanup function
		function delete() {
		export env=$1
		export appname=$2
		export environment_type=$1
		export environment_name=$2

		# backward compatibility
		export env=$environment_type
		export appname=$environment_name

		log_info "--- \\e[32mdelete\\e[0m (env: ${env})"
		log_info "--- \$appname: \\e[33;1m${appname}\\e[0m"
		log_info "--- \$env: \\e[33;1m${env}\\e[0m"
		log_info "--- \\e[32mdelete\\e[0m"
		log_info "--- \$environment_type: \\e[33;1m${environment_type}\\e[0m"
		log_info "--- \$environment_name: \\e[33;1m${environment_name}\\e[0m"

		cleanupscript=$(ls -1 "$AWS_SCRIPTS_DIR/aws-cleanup-${env}.sh" 2>/dev/null \|\| ls -1 "$AWS_SCRIPTS_DIR/aws-cleanup.sh" 2>/dev/null \|\| echo "")
		cleanupscript=$(ls -1 "$AWS_SCRIPTS_DIR/aws-cleanup-${environment_type}.sh" 2>/dev/null \|\| ls -1 "$AWS_SCRIPTS_DIR/aws-cleanup.sh" 2>/dev/null \|\| echo "")
		if [[ -f "$cleanupscript" ]]
		then
		log_info "--- cleanup script (\\e[33;1m${cleanupscript}\\e[0m) found: execute"
		@@ -366,7 +376,7 @@ stages:
		variables:
		ENV_APP_SUFFIX: "-$CI_ENVIRONMENT_SLUG"
		script:
		- deploy "$ENV_TYPE" "${ENV_APP_NAME:-${AWS_BASE_APP_NAME}${ENV_APP_SUFFIX}}" "$ENV_URL"
		- deploy "$ENV_TYPE" "${ENV_APP_NAME:-${AWS_BASE_APP_NAME}${ENV_APP_SUFFIX}}" "${ENV_URL:-${AWS_ENVIRONMENT_URL:-$ENV_URL_LEGACY}}"
		artifacts:
		name: "$ENV_TYPE env url for $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
		paths:
		@@ -401,7 +411,8 @@ aws-review:
		variables:
		ENV_TYPE: review
		ENV_APP_NAME: "$AWS_REVIEW_APP_NAME"
		ENV_URL: "${AWS_REVIEW_ENVIRONMENT_SCHEME}://${CI_PROJECT_NAME}-${CI_ENVIRONMENT_SLUG}.${AWS_REVIEW_ENVIRONMENT_DOMAIN}"
		ENV_URL: "${AWS_REVIEW_ENVIRONMENT_URL}"
		ENV_URL_LEGACY: "${AWS_REVIEW_ENVIRONMENT_SCHEME}://${CI_PROJECT_NAME}-${CI_ENVIRONMENT_SLUG}.${AWS_REVIEW_ENVIRONMENT_DOMAIN}"
		ENV_OIDC_ROLE_ARN: "$AWS_REVIEW_OIDC_ROLE_ARN"
		environment:
		name: review/$CI_COMMIT_REF_NAME