Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bento ref 1.2 #110

Open
wants to merge 25 commits into
base: main
Choose a base branch
from
Open

Bento ref 1.2 #110

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
1486225
adding bento ref
cloudprofessionals Oct 5, 2022
9e9b66f
changed trivy timeout
cloudprofessionals Jan 25, 2023
2578672
terraform-docs: automated action
github-actions[bot] Mar 14, 2023
1c3d54c
uncommented trivy
jw34 Mar 14, 2023
64d48c4
Merge branch 'bento-ref-1.2' of https://github.com/CBIIT/datacommons-…
jw34 Mar 14, 2023
4a0224e
central-ecr change
jw34 Mar 24, 2023
0812ad0
Update main.yml
jw34 Mar 24, 2023
78e813a
Update main.yml
jw34 Mar 24, 2023
46a2aa6
Update main.yml
jw34 Mar 24, 2023
ad2e47b
Update main.yml
jw34 Apr 6, 2023
24ed982
Update main.yml
jw34 Apr 6, 2023
1fabc01
Update main.yml
jw34 Apr 6, 2023
c543c66
Update main.yml
jw34 Apr 6, 2023
7bbca53
resolved conflict with container name
colemandevries Apr 6, 2023
9406af4
updated naming conventions for hub ecs/main.yml
colemandevries Apr 7, 2023
3a7b095
Merge pull request #115 from CBIIT/bento-ref-1.2.1
jw34 Apr 7, 2023
a56e7e7
updated frintend build file
Sowmyak442 Apr 18, 2023
0efe462
updated node_option env variable
Sowmyak442 Apr 19, 2023
5aa9e54
commented out trivy scam
Sowmyak442 Apr 19, 2023
98cf806
updated repo name
Sowmyak442 Apr 19, 2023
557c9cd
bumping up the apm agent version
colemandevries Apr 19, 2023
539841a
Merge pull request #126 from CBIIT/bento-ref-1.2-apm
jw34 Apr 19, 2023
f8c8591
Update main.yml
jw34 Jul 17, 2023
bdb5b90
changing desired count back to 1
jw34 Aug 28, 2023
7fcb09f
Supporting ECR Immutability
jw34 Sep 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 10 additions & 53 deletions ansible/collections/bento/common/roles/build_backend/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,47 +2,11 @@
# Backend Build
############################################################################################################################

- name: remove the application_example.properties file
file:
path: "{{ workspace }}/src/main/resources/application_example.properties"
state: absent

- name: copy application.properties file to /src/main/resources/
template:
src: "{{ workspace }}/src/main/resources/application.properties.j2"
dest: "{{ workspace }}/src/main/resources/application.properties"

- name: create graphql directory in backend
file:
state: directory
path: "{{ workspace }}/src/main/resources/graphql"

- name: create yaml directory in backend
file:
state: directory
path: "{{ workspace }}/src/main/resources/yaml"

- name: copy schema from frontend to resources
template:
remote_src: yes
src: "{{item.src}}"
dest: "{{item.dest}}"
loop:
- { src: "{{ workspace }}/{{ project_name }}-frontend/graphql/{{ schema_file}}",dest: "{{ workspace }}/src/main/resources/graphql/{{ schema_file}}"}
- { src: "{{ workspace }}/{{ project_name }}-frontend/graphql/{{ public_schema_file}}",dest: "{{ workspace }}/src/main/resources/graphql/{{ public_schema_file}}"}

- name: verify test queries file exists
stat:
path: "{{ workspace }}/{{ project_name }}-frontend/yaml/{{ test_queries_file }}"
register: test_queries

- name: copy test queries from frontend to resources
template:
remote_src: yes
src: "{{ workspace }}/{{ project_name }}-frontend/yaml/{{ test_queries_file }}"
dest: "{{ workspace }}/src/main/resources/yaml/{{ test_queries_file }}"
when: test_queries.stat.exists

- name: build springboot code
command: mvn package -DskipTests
args:
Expand All @@ -69,16 +33,16 @@
force_source: yes
source: build

- name: test image for vulnerabilities
block:
- name: run trivy scanner on
#command: "trivy image --exit-code 1 --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}-{{ build_number }}"
command: "trivy image --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}.{{ build_number }}"
register: vuln_results
always:
- name: echo vulnerability results
debug:
msg: "{{ vuln_results.stdout_lines }}"
# - name: test image for vulnerabilities
# block:
# - name: run trivy scanner on
# #command: "trivy image --exit-code 1 --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}-{{ build_number }}"
# command: "trivy image --timeout 15m --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}.{{ build_number }}"
# register: vuln_results
# always:
# - name: echo vulnerability results
# debug:
# msg: "{{ vuln_results.stdout_lines }}"

- name: Add {{ project_name }}-{{ container_name }} image to ECR
docker_image:
Expand All @@ -89,10 +53,3 @@
push: yes
source: local

- name: Add tag latest to {{ project_name }}-{{container_name}} image
community.docker.docker_image:
name: "{{ container_registry_url }}/{{ project_name }}-{{ container_name }}:{{ image_version }}.{{build_number}}"
repository: "{{ container_registry_url }}/{{ project_name }}-{{ container_name }}:latest"
force_tag: yes
push: yes
source: local
44 changes: 19 additions & 25 deletions ansible/collections/bento/common/roles/build_frontend/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
- name: copy nginx conf
copy:
remote_src: yes
src: '{{workspace}}/icdc-devops/docker/dockerfiles/nginx.conf'
src: '{{workspace}}/playbooks/docker/dockerfiles/nginx.conf'
dest: '{{workspace}}/build/nginx.conf'

- name: copy entrypoint.sh to workspace
Expand All @@ -21,6 +21,8 @@
args:
chdir: "{{ container_build_path }}"
warn: false
environment:
NODE_OPTIONS: --max-old-space-size=4096
loop:
- npm set progress=false
- npm install --silent
Expand All @@ -45,50 +47,42 @@
src: '{{ dockerfile_path }}'
dest: '{{workspace}}/build/Dockerfile'

- name: build {{ project_name }}-{{container_name}} image
- name: build {{ program }}-{{ project_name }}-{{container_name}} image
community.docker.docker_image:
build:
args:
ECR_REPO: "{{ container_registry_url }}"
path: "{{workspace}}/build"
pull: yes
# nocache: yes
name: "{{ project_name }}-{{ container_name }}"
name: "{{ program }}-{{ project_name }}-{{ container_name }}"
tag: "{{ image_version }}.{{ build_number }}"
push: no
force_source: yes
source: build
environment:
DOCKER_BUILDKIT: 1

- name: test image for vulnerabilities
block:
- name: run trivy scanner on
#command: "trivy image --exit-code 1 --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}-{{ build_number }}"
command: "trivy image --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}.{{ build_number }}"
register: vuln_results
always:
- name: echo vulnerability results
debug:
msg: "{{ vuln_results.stdout_lines }}"
# - name: test image for vulnerabilities
# block:
# - name: run trivy scanner on
# #command: "trivy image --exit-code 1 --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}-{{ build_number }}"
# command: "trivy image --severity HIGH,CRITICAL {{ project_name }}-{{ container_name }}:{{ image_version }}.{{ build_number }}"
# register: vuln_results
# always:
# - name: echo vulnerability results
# debug:
# msg: "{{ vuln_results.stdout_lines }}"

- name: debug
debug:
msg: "{{ container_registry_url }}/{{ project_name }}-{{ container_name }}:{{ image_version }}.{{ build_number }}"
msg: "{{ container_registry_url }}/{{ program }}-{{ project_name }}-{{ container_name }}:{{ image_version }}.{{ build_number }}"

- name: Add {{ project_name }}-{{ container_name }} image to ECR
community.docker.docker_image:
name: "{{ project_name }}-{{ container_name }}"
repository: "{{ container_registry_url }}/{{ project_name }}-{{ container_name }}"
name: "{{ program }}-{{ project_name }}-{{ container_name }}"
repository: "{{ container_registry_url }}/{{ program }}-{{ project_name }}-{{ container_name }}"
tag: "{{ image_version }}.{{ build_number }}"
force_tag: yes
push: yes
source: local


- name: Add tag latest to {{ project_name }}-{{container_name}} image
community.docker.docker_image:
name: "{{ container_registry_url }}/{{ project_name }}-{{ container_name }}:{{ image_version }}.{{build_number}}"
repository: "{{ container_registry_url }}/{{ project_name }}-{{ container_name }}:latest"
force_tag: yes
push: yes
source: local
4 changes: 2 additions & 2 deletions ansible/collections/bento/common/roles/ecr_login/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@

- name: set ECR registry name
set_fact:
ecr_repo: "{{ caller_info.account }}.dkr.ecr.{{ region }}.amazonaws.com"
ecr_repo: "986019062625.dkr.ecr.{{ region }}.amazonaws.com"
account: "{{ caller_info.account }}"

- name: login into ecr
shell: "docker login -u AWS -p $(aws ecr get-login-password --region {{ region }}) {{ ecr_repo }}"
ignore_errors: True
register: ecr_login
register: ecr_login
28 changes: 15 additions & 13 deletions ansible/collections/bento/common/roles/ecs/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
- name: create task definition for {{ project_name }}-{{ container_name }}
- name: create task definition for "{{ program }}-{{ tier }}-{{ project_name }}-{{ microservice }}"
community.aws.ecs_taskdefinition:
containers:
- name: sumologic-firelens
Expand All @@ -11,14 +11,14 @@
enable-ecs-log-metadata: "true"
- name: "{{ project_name }}-{{ tier }}-fargate-infra"
essential: true
image: "newrelic/nri-ecs:1.9.2"
image: "newrelic/nri-ecs:1.9.9"
environment:
- name: NRIA_OVERRIDE_HOST_ROOT
value: ""
- name: NRIA_IS_FORWARD_ONLY
value: "true"
- name: NEW_RELIC_APP_NAME
value: "{{ project_name }}-{{tier}}-{{ container_name }}"
value: "{{ program }}-{{ tier }}-{{ project_name }}-{{ microservice }}"
- name: NEW_RELIC_DISTRIBUTED_TRACING_ENABLED
value: "true"
- name: NEW_RELIC_HOST
Expand All @@ -31,7 +31,7 @@
value: "{\"nrDeployMethod\":\"downloadPage\"}"
- name: NRIA_LICENSE_KEY
value: "{{ newrelic_license_key }}"
- name: "{{ container_name }}"
- name: "{{ program }}-{{ project_name }}-{{ microservice }}"
essential: true
image: "{{ container_image_url }}:{{ image_version }}"
environment: "{{ container_env }}"
Expand All @@ -54,7 +54,7 @@
network_mode: awsvpc
execution_role_arn: "arn:aws:iam::{{ account }}:role/{{ execution_role }}"
task_role_arn: "arn:aws:iam::{{ account }}:role/{{ task_role }}"
family: "{{ project_name }}-{{ tier }}-{{ container_name }}"
family: "{{ program }}-{{ tier }}-{{ project_name }}-{{ microservice }}"
memory: "{{ container_memory }}"
cpu: "{{ container_cpu }}"
state: present
Expand All @@ -67,17 +67,18 @@
############################################################################################################################
- name: query task definition - {{ container_name }}
ecs_taskdefinition_info:
task_definition: "{{ project_name }}-{{ tier }}-{{ container_name }}"
task_definition: "{{ program }}-{{ tier }}-{{ project_name }}-{{ microservice }}"
region: "{{ region }}"
register: task

############################################################################################################################
# Service Queries
############################################################################################################################
- name: query {{ container_name }} service

- name: query {{ service_name }} service
ecs_service_info:
cluster: "{{ ecs_cluster_name }}"
service: "{{ project_name }}-{{ tier }}-{{ container_name }}"
service: "{{ service_name }}"
details: true
region: "{{ region }}"
register: service
Expand All @@ -89,13 +90,14 @@
lb: "{{ service.services[0].loadBalancers }}"
role_arn: "{{ service.services[0].roleArn }}"

###########################################################################################################################
#Update Services
############################################################################################################################
- name: update {{ container_name }} service
# Update Services
############################################################################################################################

- name: update {{ service_name }} service
ecs_service:
state: present
name: "{{ project_name }}-{{ tier }}-{{ container_name }}"
name: "{{ service_name }}"
cluster: "{{ ecs_cluster_name }}"
task_definition: "{{ task_name }}:{{ task_revision }}"
role: "{{ role_arn }}"
Expand All @@ -109,4 +111,4 @@
desired_count: 1
load_balancers: "{{ lb }}"
region: "{{ region }}"
register: output
register: output
Loading