Initial commit

.github/workflows/feature-branch.yml

@@ -0,0 +1,71 @@
+name: Feature Branch
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Setup job workspace
+        uses: ServerlessOpsIO/gha-setup-workspace@v1
+
+      - name: Assume AWS Credentials
+        uses: ServerlessOpsIO/gha-assume-aws-credentials@v1
+        with:
+          build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
+
+      - name: Install AWS SAM
+        uses: aws-actions/setup-sam@v2
+
+
+      - name: Validate template
+        run: sam validate --lint
+
+      - name: Build artifact
+        run: sam build --parallel --template template.yaml
+
+      # Disableing until a full workflow for feature branches is figured out.
+      - name: Store Artifacts
+        if: false
+        uses: ServerlessOpsIO/gha-store-artifacts@v1
+        with:
+          use_aws_sam: true
+
+  deploy:
+    # Disableing until a full workflow for feature branches is figured out.
+    if: false
+    needs:
+      - build
+
+    environment: production
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Setup job workspace
+        uses: ServerlessOpsIO/gha-setup-workspace@v1
+        with:
+          checkout_artifact: true
+
+      - name: Assume AWS Credentials
+        uses: ServerlessOpsIO/gha-assume-aws-credentials@v1
+        with:
+          build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
+          deploy_aws_account_id: ${{ secrets.DEPLOYMENT_ACCOUNT_ID }}
+
+      - name: Deploy via AWS SAM
+        uses: ServerlessOpsIO/gha-deploy-aws-sam@v1
+        with:
+          aws_account_id: ${{ secrets.DEPLOYMENT_ACCOUNT_ID }}
+          env_json: ${{ toJson(env) }}
+          secrets_json: ${{ toJson(secrets) }}

.github/workflows/main.yml

@@ -0,0 +1,67 @@
+name: Main
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Setup job workspace
+        uses: ServerlessOpsIO/gha-setup-workspace@v1
+
+      - name: Assume AWS Credentials
+        uses: ServerlessOpsIO/gha-assume-aws-credentials@v1
+        with:
+          build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
+
+      - name: Install AWS SAM
+        uses: aws-actions/setup-sam@v2
+
+
+      - name: Validate template
+        run: sam validate --lint
+
+      - name: Build artifact
+        run: sam build --parallel --template template.yaml
+
+      - name: Store Artifacts
+        uses: ServerlessOpsIO/gha-store-artifacts@v1
+        with:
+          use_aws_sam: true
+
+  deploy:
+    needs:
+      - build
+
+    environment: production
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Setup job workspace
+        uses: ServerlessOpsIO/gha-setup-workspace@v1
+        with:
+          checkout_artifact: true
+
+      - name: Assume AWS Credentials
+        uses: ServerlessOpsIO/gha-assume-aws-credentials@v1
+        with:
+          build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
+          deploy_aws_account_id: ${{ secrets.DEPLOYMENT_ACCOUNT_ID }}
+
+      - name: Deploy via AWS SAM
+        uses: ServerlessOpsIO/gha-deploy-aws-sam@v1
+        with:
+          aws_account_id: ${{ secrets.DEPLOYMENT_ACCOUNT_ID }}
+          env_json: ${{ toJson(env) }}
+          secrets_json: ${{ toJson(secrets) }}

.gitignore

@@ -0,0 +1,79 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+.pytest_cache/
+
+# Dev
+.mypy_cache/
+
+# pyenv / environments
+.python-version
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# IDE
+.settings/
+.project
+.pydevproject
+.vscode/
+*.code-workspace
+.idea/
+
+# Mac Cruft
+.DS_Store
+
+# Deploy
+codepipeline-config-*.yaml
+
+
+# AWS SAM
+.aws-sam/

Makefile

@@ -0,0 +1,143 @@
+init:
+	pipenv --python {{cookiecutter.python_version}}
+	pipenv install --dev
+
+# Command to run everytime you make changes to verify everything works
+dev: flake lint test
+
+# Verifications to run before sending a pull request
+pr: init dev
+
+{%- if cookiecutter.service_platform != "none" %}
+PLATFORM ?= {{cookiecutter.service_platform}}
+{%- endif %}
+SERVICE_DOMAIN ?= {{cookiecutter.service_app_domain}}
+SAM_TEMPLATE ?= template.yaml
+ENV ?= ${USER}
+APPNAME ?= $(shell basename ${CURDIR})
+STACKNAME = $(APPNAME)-$(ENV)
+AWS_REGION ?= $(shell aws configure get region)
+
+ifdef CFN_EXEC_ROLE
+	CFN_ROLE_ARGS = --role-arn ${CFN_EXEC_ROLE}
+else
+	CFN_ROLE_ARGS =
+endif
+
+ifdef QUICK
+	QUICK =
+else
+	QUICK = validate build
+endif
+
+check_profile:
+	# Make sure we have a user-scoped credentials profile set. We don't want to be accidentally using the default profile
+	@aws configure --profile ${AWS_PROFILE} list 1>/dev/null 2>/dev/null || (echo '\nMissing AWS Credentials Profile called '${AWS_PROFILE}'. Run `aws configure --profile ${AWS_PROFILE}` to create a profile called '${AWS_PROFILE}' with creds to your personal AWS Account'; exit 1)
+
+build:
+	$(info Building application)
+	sam build --use-container --parallel --template $(SAM_TEMPLATE)
+
+validate:
+	$(info linting SAM template)
+	@sam validate --lint
+
+deploy: $(QUICK)
+	$(info Deploying to personal development stack)
+	sam deploy \
+		--region ${AWS_REGION} \
+		--resolve-s3 \
+		--no-fail-on-empty-changeset \
+		--stack-name $(STACKNAME) \
+		--template-file $(SAM_TEMPLATE) \
+		--tags \
+{%- if cookiecutter.service_platform != "none" %}
+			Platform=$(PLATFORM) \
+{%- endif %}
+			ServiceDomain=$(SERVICE_DOMAIN) \
+			ServiceName=$(APPNAME) \
+			ServiceEnv=$(ENV) \
+			StackName=$(STACKNAME) \
+		--parameter-overrides \
+{%- if cookiecutter.service_platform != "none" %}
+			Platform=$(PLATFORM) \
+{%- endif %}
+			ServiceDomain=$(SERVICE_DOMAIN) \
+			ServiceName=$(APPNAME) \
+			ServiceEnv=$(ENV) \
+			StackName=$(STACKNAME) \
+		$(CFN_ROLE_ARGS)
+
+describe:
+	$(info Describing stack)
+	@aws cloudformation describe-stacks --stack-name $(STACKNAME) --output table --query 'Stacks[0]'
+
+outputs:
+	$(info Displaying stack outputs)
+	@aws cloudformation describe-stacks --stack-name $(STACKNAME) --output table --query 'Stacks[0].Outputs'
+
+parameters:
+	$(info Displaying stack parameters)
+	@aws cloudformation describe-stacks --stack-name $(STACKNAME) --output table --query 'Stacks[0].Parameters'
+
+resources:
+	$(info Displaying stack resources)
+	@aws cloudformation describe-stack-resources --stack-name "ccsa-infra-main" --output table --query 'StackResources[].[LogicalResourceId,ResourceType,PhysicalResourceId,ResourceStatus]'
+
+delete:
+	$(info Delete stack)
+	@sam delete --stack-name $(STACKNAME) --no-prompts
+
+function:
+	$(info creating function: ${F})
+	mkdir -p src/handlers/${F}
+	touch src/handlers/${F}/__init__.py
+	touch src/handlers/${F}/function.py
+	touch src/handlers/${F}/requirements.txt
+	mkdir -p tests/{unit,integration}/src/handlers/${F}
+	touch tests/unit/src/handlers/${F}/__init__.py
+	touch tests/unit/src/handlers/${F}/test_function.py
+	touch tests/integration/src/handlers/${F}/__init__.py
+	touch tests/integration/src/handlers/${F}/test_function.py
+	mkdir data/${F}
+	echo "{}" | tee data/${F}/{event,data,output}.json
+	echo "{}" | tee data/${F}/{event,data,output}.schema.json
+
+unit-test:
+	$(info running unit tests)
+	# Integration tests don't need code coverage
+	pipenv run unit-test
+
+integ-test:
+	$(info running integration tests)
+	# Integration tests don't need code coverage
+	pipenv run integ-test
+
+test:
+	$(info running tests)
+	# Run unit tests
+	# Fail if coverage falls below 95%
+	pipenv run test
+
+flake8:
+	$(info running flake8 on code)
+	# Make sure code conforms to PEP8 standards
+	pipenv run flake8 src
+	pipenv run flake8 tests/unit tests/integration
+
+pylint:
+	$(info running pylint on code)
+	# Linter performs static analysis to catch latent bugs
+	pipenv run pylint src
+
+mypy:
+	$(info running mypy on code)
+	# Analyzes correct type usage
+	pipenv run mypy src
+
+lint: pylint flake8 mypy
+
+clean:
+	$(info cleaning project)
+	# remove sam cache
+	rm -rf .aws-sam

README.md

@@ -0,0 +1,5 @@
+# ServerlesOps Catalog API
+
+The home for everything with no better place to go.
+
+This provides a source of truth to be consumed by Backstage for entities that lack their own programatic source. While most entities can have a programatic source of truth, some abstract entities such as Domains and Services do not. Also, some entities may have a programatic source of truth but we don't want to allow Backstage direct access to it. Eg. AWS organization and account info. This API provides us a place to store that information.