ci: minimise what github deploys

xtdb · Mar 6, 2024 · e3a60ef · e3a60ef
1 parent 77abb76
commit e3a60ef
Show file tree

Hide file tree

Showing 2 changed files with 113 additions and 80 deletions.
diff --git a/cloudformation/deploy.yml b/cloudformation/deploy.yml
@@ -268,3 +268,103 @@ Resources:
       DefaultActions:
         - Type: forward
           TargetGroupArn: !Ref ECSTargetGroup
+
+
+  # >> ECS Service
+  # The rest is in service.yml so it can be deployed by github
+
+  TaskSecurityGroup:
+    Type: 'AWS::EC2::SecurityGroup'
+    Properties:
+      VpcId: '{{resolve:ssm:xt-fiddle_vpc-id}}'
+      GroupDescription: Security group allowing access to container
+      SecurityGroupIngress:
+        - CidrIp: 0.0.0.0/0
+          IpProtocol: tcp
+          FromPort: 8000
+          ToPort: 8000
+      SecurityGroupEgress:
+        - CidrIp: 0.0.0.0/0
+          IpProtocol: -1
+
+  SSMECSTaskSecurityGroup:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Type: String
+      Name: 'xt-fiddle_task-security-group'
+      Value: !Ref TaskSecurityGroup
+
+  ECSCluster:
+    Type: AWS::ECS::Cluster
+    Properties:
+      ClusterName: 'xt-fiddle'
+
+  SSMECSCluster:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Type: String
+      Name: 'xt-fiddle_ecs-cluster'
+      Value: !Ref ECSCluster
+
+  LogGroup:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName: 'xt-fiddle'
+      RetentionInDays: 365
+
+  SSMLogGroup:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Type: String
+      Name: 'xt-fiddle_log-group'
+      Value: !Ref LogGroup
+
+  TaskExecutionRole:
+    Type: 'AWS::IAM::Role'
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: 'Allow'
+            Principal:
+              Service: 'ecs-tasks.amazonaws.com'
+            Action: 'sts:AssumeRole'
+      ManagedPolicyArns:
+        - 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
+
+  SSMTaskExecutionRole:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Type: String
+      Name: 'xt-fiddle_task-execution-role-arn'
+      Value: !GetAtt TaskExecutionRole.Arn
+
+  TaskRole:
+    Type: 'AWS::IAM::Role'
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: 'Allow'
+            Principal:
+              Service: 'ecs-tasks.amazonaws.com'
+            Action: 'sts:AssumeRole'
+
+  SSMTaskRole:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Type: String
+      Name: 'xt-fiddle_task-role-arn'
+      Value: !GetAtt TaskRole.Arn
+
+  ContainerRepo:
+    Type: AWS::ECR::Repository
+    Properties:
+      RepositoryName: xt-fiddle
+
+  SSMContainerRepoRepoUri:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Type: String
+      Name: 'xt-fiddle_container-repo-repo-uri'
+      Value: !GetAtt ContainerRepo.RepositoryUri
diff --git a/cloudformation/service.yml b/cloudformation/service.yml
@@ -8,66 +8,6 @@ Parameters:
     Description: 'The zone name for the hosted zone'
 
 Resources:
-  ECSCluster:
-    Type: AWS::ECS::Cluster
-    Properties:
-      ClusterName: 'xt-fiddle'
-
-  SSMECSCluster:
-    Type: AWS::SSM::Parameter
-    Properties:
-      Type: String
-      Name: 'xt-fiddle_ecs-cluster-arn'
-      Value: !GetAtt ECSCluster.Arn
-
-  LogGroup:
-    Type: AWS::Logs::LogGroup
-    Properties:
-      LogGroupName: 'xt-fiddle'
-      RetentionInDays: 365
-
-  TaskExecutionRole:
-    Type: 'AWS::IAM::Role'
-    Properties:
-      AssumeRolePolicyDocument:
-        Version: '2012-10-17'
-        Statement:
-          - Effect: 'Allow'
-            Principal:
-              Service: 'ecs-tasks.amazonaws.com'
-            Action: 'sts:AssumeRole'
-      ManagedPolicyArns:
-        - 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
-
-  SSMTaskExecutionRole:
-    Type: AWS::SSM::Parameter
-    Properties:
-      Type: String
-      Name: 'xt-fiddle_task-execution-role-arn'
-      Value: !GetAtt TaskExecutionRole.Arn
-
-  TaskRole:
-    Type: 'AWS::IAM::Role'
-    Properties:
-      AssumeRolePolicyDocument:
-        Version: '2012-10-17'
-        Statement:
-          - Effect: 'Allow'
-            Principal:
-              Service: 'ecs-tasks.amazonaws.com'
-            Action: 'sts:AssumeRole'
-
-  SSMTaskRole:
-    Type: AWS::SSM::Parameter
-    Properties:
-      Type: String
-      Name: 'xt-fiddle_task-role-arn'
-      Value: !GetAtt TaskRole.Arn
-
-  ContainerRepo:
-    Type: AWS::ECR::Repository
-    Properties:
-      RepositoryName: xt-fiddle
 
   # TODO: Add scaling
   TaskDefinition:
@@ -81,40 +21,26 @@ Resources:
       # TODO: Scale up/down?
       Cpu: '1024'
       Memory: '4096'
-      ExecutionRoleArn: !GetAtt TaskExecutionRole.Arn
-      TaskRoleArn: !GetAtt TaskRole.Arn
+      ExecutionRoleArn: '{{resolve:ssm:xt-fiddle_task-execution-role-arn}}'
+      TaskRoleArn: '{{resolve:ssm:xt-fiddle_task-role-arn}}'
 
       ContainerDefinitions:
         - Name: 'xt-fiddle'
-          Image: !Join [":", [!GetAtt ContainerRepo.RepositoryUri, !Ref DockerTag]]
+          Image: !Join [":", ['{{resolve:ssm:xt-fiddle_container-repo-repo-uri}}', !Ref DockerTag]]
           Essential: true
           PortMappings:
             - ContainerPort: 8000
           LogConfiguration:
             LogDriver: awslogs
             Options:
-              awslogs-group: !Ref LogGroup
+              awslogs-group: '{{resolve:ssm:xt-fiddle_log-group}}'
               awslogs-region: !Ref 'AWS::Region'
               awslogs-stream-prefix: xt-fiddle
 
-  TaskSecurityGroup:
-    Type: 'AWS::EC2::SecurityGroup'
-    Properties:
-      VpcId: '{{resolve:ssm:xt-fiddle_vpc-id}}'
-      GroupDescription: Security group allowing access to container
-      SecurityGroupIngress:
-        - CidrIp: 0.0.0.0/0
-          IpProtocol: tcp
-          FromPort: 8000
-          ToPort: 8000
-      SecurityGroupEgress:
-        - CidrIp: 0.0.0.0/0
-          IpProtocol: -1
-
   ECSService:
     Type: 'AWS::ECS::Service'
     Properties:
-      Cluster: !Ref ECSCluster
+      Cluster: '{{resolve:ssm:xt-fiddle_ecs-cluster}}'
       TaskDefinition: !Ref TaskDefinition
       LaunchType: 'FARGATE'
 
@@ -125,11 +51,18 @@ Resources:
         AwsvpcConfiguration:
           AssignPublicIp: 'DISABLED'
           SecurityGroups:
-            - !Ref TaskSecurityGroup
+            - '{{resolve:ssm:xt-fiddle_task-security-group}}'
           Subnets:
             - '{{resolve:ssm:xt-fiddle_private-subnet-1}}'
             - '{{resolve:ssm:xt-fiddle_private-subnet-2}}'
       LoadBalancers:
         - ContainerName: xt-fiddle
           ContainerPort: '8000'
           TargetGroupArn: '{{resolve:ssm:xt-fiddle_target-group-arn}}'
+
+  SSMECSService:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Type: String
+      Name: 'xt-fiddle_ecs-service-arn'
+      Value: !Ref ECSService