-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrems-pipeline-stack.ts
103 lines (95 loc) · 3.63 KB
/
rems-pipeline-stack.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
import { pipelines, Stack, StackProps } from "aws-cdk-lib";
import { Construct } from "constructs";
import { RemsBuildStage } from "./rems-build-stage";
import { StringParameter } from "aws-cdk-lib/aws-ssm";
import { PolicyStatement } from "aws-cdk-lib/aws-iam";
import { readFileSync } from "fs";
import { STACK_DESCRIPTION, TAG_STACK_VALUE } from "./rems-constants";
import { LinuxArmBuildImage } from "aws-cdk-lib/aws-codebuild";
/**
* Stack to hold the self mutating pipeline, and all the relevant settings for deployments
*/
export class RemsPipelineStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
this.tags.setTag("Stack", TAG_STACK_VALUE);
this.templateOptions.description = STACK_DESCRIPTION;
// these are *build* parameters that we either want to re-use across lots of stacks, or are
// 'sensitive' enough we don't want them checked into Git - but not sensitive enough to record as a Secret
// NOTE: these are looked up at the *build pipeline deploy* stage
const codeStarArn = StringParameter.valueFromLookup(
this,
"codestar_github_arn"
);
const pipeline = new pipelines.CodePipeline(this, "Pipeline", {
// should normally be commented out - only use when debugging pipeline itself
// selfMutation: false,
// turned on because our stack makes docker assets
dockerEnabledForSynth: true,
dockerEnabledForSelfMutation: true,
codeBuildDefaults: {
buildEnvironment: {
buildImage: LinuxArmBuildImage.AMAZON_LINUX_2_STANDARD_3_0,
},
},
synth: new pipelines.CodeBuildStep("Synth", {
// Use a connection created using the AWS console to authenticate to GitHub
// Other sources are available.
input: pipelines.CodePipelineSource.connection(
"umccr/rems-umccr",
"main",
{
connectionArn: codeStarArn,
}
),
env: {},
commands: [
"n 22",
"npm ci",
// our cdk is configured to use ts-node - so we don't need any typescript build step - just synth
"npx cdk synth",
],
rolePolicyStatements: [
new PolicyStatement({
actions: ["sts:AssumeRole"],
resources: ["*"],
conditions: {
StringEquals: {
"iam:ResourceTag/aws-cdk:bootstrap-role": "lookup",
},
},
}),
],
}),
crossAccountKeys: true,
});
// so the file with our namespace settings is the master definition of our CloudMap - so we fetch
// the settings from that
// NOTE: it is not clear that this setting would pick up a change in the file - or whether it only
// takes the value on build pipeline deploy
const cloudMapLines = readFileSync("./rems-cloudmap-namespace.txt", {
encoding: "utf-8",
}).split("\n");
const cloudMapNamespace = cloudMapLines[0].trim();
const cloudMapId = cloudMapLines[1].trim();
const cloudMapServiceName = cloudMapLines[2].trim();
const hostedPrefix = "rems";
const smtpMailFrom = "[email protected]";
const dcStage = new RemsBuildStage(this, "DataControl", {
env: {
account: "503561413336",
region: "ap-southeast-2",
},
cloudMapNamespace: cloudMapNamespace,
cloudMapId: cloudMapId,
cloudMapServiceName: cloudMapServiceName,
hostedPrefix: hostedPrefix,
smtpMailFrom: smtpMailFrom,
memoryLimitMiB: 2048,
cpu: 1024,
});
pipeline.addStage(dcStage, {
pre: [new pipelines.ManualApprovalStep("PromoteToProd")],
});
}
}