Merge pull request #83 from buildkite/pdp-298-make-it-easier-to-subst…

…itute-the
buildkite · Apr 2, 2023 · 6fdf0bc · 6fdf0bc
2 parents ffde4fc + ec7fb0e
commit 6fdf0bc
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 20 deletions.
diff --git a/.buildkite/pipeline-sar.yml b/.buildkite/pipeline-sar.yml
@@ -30,9 +30,10 @@ steps:
       - package
 
   - label: ":package: :arrow_right: :aws:"
-    key: sar
-    command:
-      - buildkite-agent artifact download 'packaged.yml' .
-      - aws serverlessrepo create-application-version --application-id arn:aws:serverlessrepo:us-east-1:172840064832:applications/buildkite-agent-scaler --template-body file://packaged.yml --semantic-version "$(buildkite-agent meta-data get version)" --source-code-url "https://github.com/buildkite/buildkite-agent-scaler/tree/$(git rev-parse HEAD)/"
+    key: publish
+    command: .buildkite/steps/publish-package.sh
     depends_on:
       - release
+    plugins:
+      - aws-assume-role-with-web-identity:
+          role-arn: arn:aws:iam::172840064832:role/pipeline-buildkite-agent-scaler-publish
diff --git a/.buildkite/steps/build-lambda.sh b/.buildkite/steps/build-lambda.sh
@@ -3,6 +3,11 @@ set -eu
 
 make handler.zip
 
-# set a version for later steps
-buildkite-agent meta-data set version \
-  "$(awk -F\" '/const Version/ {print $2}' version/version.go)"
+if [[ -z "${BUILDKITE_TAG:-}" ]]; then
+  VERSION=$(git describe --tags)
+else
+  VERSION=$(awk -F\" '/const Version/ {print $2}' version/version.go)
+fi
+
+# set version for later steps
+buildkite-agent meta-data set version "$VERSION"
diff --git a/.buildkite/steps/github-release.sh b/.buildkite/steps/github-release.sh
@@ -1,8 +1,16 @@
-#!/bin/bash
-set -e
+#!/usr/bin/env bash
+
+set -eufo pipefail
 
 echo '--- Getting credentials from SSM'
-export GITHUB_RELEASE_ACCESS_TOKEN=$(aws ssm get-parameter --name /pipelines/buildkite-agent-scaler/GITHUB_RELEASE_ACCESS_TOKEN --with-decryption --output text --query Parameter.Value --region us-east-1)
+GITHUB_RELEASE_ACCESS_TOKEN=$( \
+  aws ssm get-parameter \
+    --name /pipelines/buildkite-agent-scaler/GITHUB_RELEASE_ACCESS_TOKEN \
+    --with-decryption \
+    --output text \
+    --query Parameter.Value \
+    --region us-east-1 \
+)
 
 if [[ "$GITHUB_RELEASE_ACCESS_TOKEN" == "" ]]; then
   echo "Error: Missing \$GITHUB_RELEASE_ACCESS_TOKEN"
@@ -13,6 +21,7 @@ VERSION=$(buildkite-agent meta-data get "version")
 buildkite-agent artifact download "handler.zip" .
 
 echo "--- 🚀 Releasing $VERSION"
-github-release "v$VERSION" handler.zip \
+export GITHUB_RELEASE_ACCESS_TOKEN
+github-release "v${VERSION#v}" handler.zip \
   --commit "$(git rev-parse HEAD)" \
   --github-repository "buildkite/buildkite-agent-scaler"
diff --git a/.buildkite/steps/publish-package.sh b/.buildkite/steps/publish-package.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -eufo pipefail
+
+VERSION=$(buildkite-agent meta-data get version)
+
+buildkite-agent artifact download 'packaged.yml' .
+
+if [[ -z $BUILDKITE_TAG ]]; then
+  APP_ID=arn:aws:serverlessrepo:us-east-1:172840064832:applications/buildkite-agent-scaler-edge
+else
+  APP_ID=arn:aws:serverlessrepo:us-east-1:172840064832:applications/buildkite-agent-scaler
+fi
+
+echo --- ":aws::lambda: Publishing version $VERSION to SAR"
+aws serverlessrepo create-application-version \
+  --application-id "$APP_ID" \
+  --template-body file://packaged.yml \
+  --semantic-version "${VERSION#v}" \
+  --source-code-url "https://github.com/buildkite/buildkite-agent-scaler/tree/$(git rev-parse HEAD)/"
diff --git a/Makefile b/Makefile
@@ -13,10 +13,14 @@ LAMBDA_S3_BUCKET_PATH := /
 
 ifdef BUILDKITE_BUILD_NUMBER
 	LD_FLAGS := -s -w -X version.Build=$(BUILDKITE_BUILD_NUMBER)
+	BUILDVSC_FLAG := false
+	USER := 0:0
 endif
 
 ifndef BUILDKITE_BUILD_NUMBER
 	LD_FLAGS := -s -w
+	BUILDVSC_FLAG := true
+	USER := "$(shell id -u):$(shell id -g)"
 endif
 
 build: handler.zip
@@ -26,12 +30,12 @@ handler.zip: lambda/handler
 
 lambda/handler: lambda/main.go
 	docker run \
-		--volume go-module-cache:/go/pkg/mod \
-		--volume $(PWD):/go/src/github.com/buildkite/buildkite-agent-scaler \
-		--workdir /go/src/github.com/buildkite/buildkite-agent-scaler \
+		--env GOCACHE=/go/cache \
+		--user $(USER) \
+		--volume $(PWD):/app \
+		--workdir /app \
 		--rm golang:1.19 \
-		go build -ldflags="$(LD_FLAGS)" -o ./lambda/handler ./lambda
-	chmod +x lambda/handler
+		go build -ldflags="$(LD_FLAGS)" -buildvcs="$(BUILDVSC_FLAG)" -o lambda/handler ./lambda
 
 lambda-sync: handler.zip
 	aws s3 sync \

diff --git a/template.yaml b/template.yaml
@@ -16,12 +16,12 @@ Parameters:
     Description: Queue name that agents will use, targeted in pipeline steps using "queue={value}"
     Type: String
     Default: default
-    MinLength: 1
+    MinLength: "1"
 
   RootStackName:
     Description: Name of parent CloudFormation stack (if exists)
     Type: String
-    Default: !Ref AWS::StackName
+    Default: "Elastic CI Stack"
 
   AgentAutoScaleGroup:
     Description: The name of the Auto Scaling group to set desired count on.
@@ -52,6 +52,7 @@ Parameters:
   InstanceBuffer:
     Description: How many free instances to maintain
     Type: Number
+    Default: "0"
 
   ScaleOutForWaitingJobs:
     Description: ""
@@ -68,7 +69,7 @@ Parameters:
       - "true"
       - "false"
     Default: "true"
-    
+
   RolePermissionsBoundaryARN:
     Type: String
     Description: The ARN of the policy used to set the permissions boundary for the role.
@@ -77,7 +78,7 @@ Parameters:
   LogRetentionDays:
     Type: Number
     Description: The number of days to retain the Cloudwatch Logs of the lambda.
-    Default: 1
+    Default: "1"
 
 Conditions:
   CreateRole: