-
Notifications
You must be signed in to change notification settings - Fork 62
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1475 from CMSgov/release/v2024.2.4
Release v2024.2.4 into master
- Loading branch information
Showing
47 changed files
with
698 additions
and
2,288 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,128 @@ | ||
| version: 0.2 | ||
|
|
||
| env: | ||
| variables: | ||
| SLACK_COLOR: "good" | ||
| BUILD_STATUS: "completed successfully" | ||
| SLACK_CHANNEL: "p-qppsf-deploys" | ||
| CODEBUILD_ICON: "https://upload.wikimedia.org/wikipedia/commons/9/93/Amazon_Web_Services_Logo.svg" | ||
| AWS_DEFAULT_REGION: "us-east-1" | ||
| TEXT_VALUE: "" | ||
|
|
||
| parameter-store: | ||
| SLACK_URL: "/slack/p-qppsf-deploys" | ||
| DOCKERHUB_TOKEN: "/global/dockerhub_token" | ||
| DOCKERHUB_USER: "/global/dockerhub_user" | ||
| AWS_ACCOUNT : "/global/aws_account" | ||
| REPO_PAT: "/global/scoring_api_repo_pat" | ||
| BRANCH_STATUS_URL: "/global/ct_branch_status_url" | ||
| PART_FILE: "/qppar-sf/conversion-tool/CPC_PLUS_FILE_NAME" | ||
| PART_FILE_BUCKET: "/qppar-sf/$ENV/conversion-tool/CPC_PLUS_BUCKET_NAME" | ||
| OUTPUT_PART_FILE: "/qppar-sf/$ENV/conversion-tool/CPC_PLUS_VALIDATION_FILE" | ||
|
|
||
| phases: | ||
| install: | ||
| runtime-versions: | ||
| python: 3.8 | ||
| commands: | ||
| - | | ||
| CURL_PAYLOAD=$( jq -n \ | ||
| --arg state "pending" \ | ||
| --arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/${ENV}-conversion-tool;stream=${CODEBUILD_LOG_PATH}" \ | ||
| --arg description "The build job has started." \ | ||
| --arg context "CodeBuild Status" \ | ||
| '{state: $state, target_url: $target_url, description: $description, context: $context}' ) | ||
| echo "$CURL_PAYLOAD" | ||
| curl \ | ||
| -X POST \ | ||
| -H "Accept: application/vnd.github+json" \ | ||
| -H "Authorization: Bearer ${REPO_PAT}" \ | ||
| "${BRANCH_STATUS_URL}/${CODEBUILD_RESOLVED_SOURCE_VERSION}" \ | ||
| -d "${CURL_PAYLOAD}" | ||
| - docker --version | ||
| - aws --version | ||
| - jq --version | ||
| - pip install ecs-deploy | ||
| - pwd | ||
| - ls -la | ||
|
|
||
| pre_build: | ||
| commands: | ||
| - echo ${CODEBUILD_SRC_DIR} | ||
| - ECS_ENV="${ENV}" | ||
| - | | ||
| if [ "$ENV" = "prod" || "$ENV" = "devpre" ]; then | ||
| CLUSTER_NAME="qppa-${ENV}-api-ecs" | ||
| else | ||
| CLUSTER_NAME="${ENV}-api-ecs" | ||
| fi | ||
| - echo "${CLUSTER_NAME}" | ||
| - SERVICE_NAME="${ENV}-conversion-tool" | ||
| - BRANCH=$(echo "${CODEBUILD_SOURCE_VERSION}") | ||
| - echo ${CODEBUILD_RESOLVED_SOURCE_VERSION} | ||
| - echo "${BRANCH}" | ||
| - COMMIT_SHORT_SHA=$(echo "${CODEBUILD_RESOLVED_SOURCE_VERSION}" | cut -c1-7) | ||
| - echo "${COMMIT_SHORT_SHA}" | ||
| - TAG_BUILD="${ENV}-conversion-tool:${BRANCH}-${COMMIT_SHORT_SHA}" | ||
| - TAG_GIT="${AWS_ACCOUNT}.dkr.ecr.us-east-1.amazonaws.com/${SERVICE_NAME}:${BRANCH}-${COMMIT_SHORT_SHA}" | ||
| - TAG_LATEST="${AWS_ACCOUNT}.dkr.ecr.us-east-1.amazonaws.com/${SERVICE_NAME}:latest" | ||
| - echo Getting Certificates for ${ENV} | ||
| - chmod +x ./qppsfct-copy-certs.sh | ||
| - ./qppsfct-copy-certs.sh $ENV $AWS_DEFAULT_REGION | ||
| - pip install openpyxl | ||
| - echo "Updating participation file" | ||
| - chmod +x ./upload-part-file.sh | ||
| - ./upload-part-file.sh $PART_FILE_BUCKET $PART_FILE $OUTPUT_PART_FILE $AWS_DEFAULT_REGION | ||
| - echo "Logging in to Amazon ECR..." | ||
| - echo $DOCKERHUB_TOKEN | docker login --username $DOCKERHUB_USER --password-stdin | ||
| - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin ${AWS_ACCOUNT}.dkr.ecr.us-east-1.amazonaws.com | ||
| - TEXT_VALUE="Deploying QPP conversion tool service branch ${BRANCH} to ${ECS_ENV}-conversion-tool..." | ||
| - curl -X POST --fail --data-urlencode "payload={\"text\":\"Deployment Status\",\"channel\":\"${SLACK_CHANNEL}\",\"username\":\"CodeBuild\",\"icon_url\":\"${CODEBUILD_ICON}\",\"attachments\":[{\"title\":\"${TEXT_VALUE}\",\"color\":\"${SLACK_COLOR}\"}]}" ${SLACK_URL} | ||
|
|
||
| build: | ||
| commands: | ||
| - echo "Deploying..." | ||
| - echo "Build started on `date`..." | ||
| - echo "Building the Docker image for conversion tool..." | ||
| - docker build -t $TAG_LATEST -t $TAG_GIT .; | ||
| - echo "Pushing the Docker image to AWS ECR..." | ||
| - docker push $TAG_LATEST; | ||
| - docker push $TAG_GIT; | ||
| - echo "Branch is ${ENV}, Deploying to ${ENV}-conversion-tool service..." | ||
| - ecs deploy $CLUSTER_NAME $SERVICE_NAME -t $BRANCH-$COMMIT_SHORT_SHA --no-deregister --region us-east-1 --timeout 900 --task $SERVICE_NAME; | ||
| - aws ecs wait services-stable --cluster $CLUSTER_NAME --services $SERVICE_NAME --region us-east-1; | ||
| - echo "Branch is ${ENV}, Deployment to ${ENV}-conversion-tool service completed..." | ||
|
|
||
| post_build: | ||
| commands: | ||
| # Check the build status and set the slack message to reflect pass or fail status | ||
| - echo "Code build exit number (1 is success) = $CODEBUILD_BUILD_SUCCEEDING" | ||
| - if [ $CODEBUILD_BUILD_SUCCEEDING = 0 ]; then SLACK_COLOR="danger" && BUILD_STATUS="FAILED"; fi | ||
| - TEXT_VALUE="Deployment of branch ${BRANCH} to QPP Conversion Tool service in $ENV-conversion-tool $BUILD_STATUS" | ||
| - curl -X POST --fail --data-urlencode "payload={\"text\":\"Deployment Status\",\"channel\":\"${SLACK_CHANNEL}\",\"username\":\"CodeBuild\",\"icon_url\":\"${CODEBUILD_ICON}\",\"attachments\":[{\"title\":\"${TEXT_VALUE}\",\"color\":\"${SLACK_COLOR}\"}]}" ${SLACK_URL} | ||
| - | | ||
| if [ "${CODEBUILD_BUILD_SUCCEEDING}" = 1 ]; then | ||
| STATE="success" | ||
| DESCRIPTION="The build succeeded!" | ||
| else | ||
| STATE="failure" | ||
| DESCRIPTION="The build failed. Click Details for the logs." | ||
| fi | ||
| CURL_PAYLOAD=$( jq -n \ | ||
| --arg state "$STATE" \ | ||
| --arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/${ENV}-conversion-tool;stream=${CODEBUILD_LOG_PATH}" \ | ||
| --arg description "$DESCRIPTION" \ | ||
| --arg context "CodeBuild Status" \ | ||
| '{state: $state, target_url: $target_url, description: $description, context: $context}' ) | ||
| echo "$CURL_PAYLOAD" | ||
| curl \ | ||
| -X POST \ | ||
| -H "Accept: application/vnd.github+json" \ | ||
| -H "Authorization: Bearer ${REPO_PAT}" \ | ||
| "${BRANCH_STATUS_URL}/${CODEBUILD_RESOLVED_SOURCE_VERSION}" \ | ||
| -d "${CURL_PAYLOAD}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,74 @@ | ||
| ### Future purpose pr file | ||
| version: 0.2 | ||
|
|
||
| env: | ||
| variables: | ||
| ENV: "local" | ||
| NODE_ENV: "development" | ||
|
|
||
| parameter-store: | ||
| DOCKERHUB_TOKEN: "/global/dockerhub_token" | ||
| DOCKERHUB_USER: "/global/dockerhub_user" | ||
| SCORING_REPO_PAT: "/global/scoring_api_repo_pat" | ||
|
|
||
| phases: | ||
| install: | ||
| commands: | ||
| - | | ||
| CURL_PAYLOAD=$( jq -n \ | ||
| --arg state "pending" \ | ||
| --arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/scoring-api-pr;stream=${CODEBUILD_LOG_PATH}" \ | ||
| --arg description "The build job has started." \ | ||
| --arg context "CodeBuild Status" \ | ||
| '{state: $state, target_url: $target_url, description: $description, context: $context}' ) | ||
| echo "$CURL_PAYLOAD" | ||
| curl \ | ||
| -X POST \ | ||
| -H "Accept: application/vnd.github+json" \ | ||
| -H "Authorization: Bearer ${SCORING_REPO_PAT}" \ | ||
| ${BRANCH_STATUSES_URL} \ | ||
| -d "${CURL_PAYLOAD}" | ||
| - node -v | ||
| - npm -v | ||
| - docker --version | ||
| - aws --version | ||
| - jq --version | ||
|
|
||
| build: | ||
| commands: | ||
| - echo $DOCKERHUB_TOKEN | docker login --username $DOCKERHUB_USER --password-stdin | ||
| - echo "Building the Docker image and running tests..." | ||
| - docker build --no-cache -t $TAG_BUILD --target build . | ||
| - docker run --rm --env-file example.env $TAG_BUILD npm run lint | ||
| - docker run --rm --env-file example.env $TAG_BUILD npm run test:cov | ||
|
|
||
| post_build: | ||
| commands: | ||
| # Check the build status and set the slack message to reflect pass or fail status | ||
| - echo "Code build exit number (1 is success, 0 is failed) = $CODEBUILD_BUILD_SUCCEEDING" | ||
| - | | ||
| if [ "${CODEBUILD_BUILD_SUCCEEDING}" = 1 ]; then | ||
| STATE="success" | ||
| DESCRIPTION="The build succeeded!" | ||
| else | ||
| STATE="failure" | ||
| DESCRIPTION="The build failed. Click Details for the logs." | ||
| fi | ||
| CURL_PAYLOAD=$( jq -n \ | ||
| --arg state "$STATE" \ | ||
| --arg target_url "https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/scoring-api-pr;stream=${CODEBUILD_LOG_PATH}" \ | ||
| --arg description "$DESCRIPTION" \ | ||
| --arg context "CodeBuild Status" \ | ||
| '{state: $state, target_url: $target_url, description: $description, context: $context}' ) | ||
| echo "$CURL_PAYLOAD" | ||
| curl \ | ||
| -X POST \ | ||
| -H "Accept: application/vnd.github+json" \ | ||
| -H "Authorization: Bearer ${SCORING_REPO_PAT}" \ | ||
| ${BRANCH_STATUSES_URL} \ | ||
| -d "${CURL_PAYLOAD}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
|
|
||
| variable : | ||
| These environment variables can also be defined in example.env file which is in root directory (custom environent variables). | ||
|
|
||
| parameter-store : | ||
| Used to retrive (sensitive) custom environment variabe stored in EC2 system manager parameter store (To store sensitive values we use system manager-parameter store). | ||
|
|
||
| Phases : | ||
| Required sequence. represents the commands codebuild runs during each phase of build. different phases of build steps defined below. | ||
|
|
||
| install : | ||
| install phase only for installing packages in the build environment. example we can install code testing framework such as mocha. | ||
|
|
||
| runtime-versions phase : | ||
| runtime-versions phase specifying run time version of the build. | ||
|
|
||
| commands phase: | ||
| Contains a sequence of scalars, where each scalar represents a single command that CodeBuild runs during installation. CodeBuild runs each command, one at a time, in the order listed, from beginning to end. | ||
|
|
||
| pre_build phase : | ||
| Represents the commands, if any, that CodeBuild runs before the build. For example, you might use this phase to sign in to Amazon ECR, or you might install npm dependencies. | ||
|
|
||
| pre_build/commands : | ||
| Required sequence if pre_build is specified. Contains a sequence of scalars, where each scalar represents a single command that CodeBuild runs before the build. CodeBuild runs each command, one at a time, in the order listed, from beginning to end. | ||
|
|
||
| build phase : | ||
| Represents the commands, if any, that CodeBuild runs during the build. | ||
|
|
||
| build/commands : | ||
| Represents the commands | ||
|
|
||
| post_build : | ||
| Represents the commands, if any, that CodeBuild runs after the build. example: slack notification | ||
|
|
||
| post_build/commands : | ||
| Represents the commands | ||
|
|
||
| artifacsts : | ||
| location for build output artifacts | ||
|
|
||
|
|
||
| #ecs deploy $CLUSTER_NAME $SERVICE_NAME --newrelic-apikey ${NR_API_KEY} --newrelic-appid ${APP_ID} -t $BRANCH-$COMMIT_SHORT_SHA --newrelic-revision 1.0.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.