set up parameter store for sensitive env vars and add versioning to d…

…emo images
magento · Apr 5, 2019 · 86b3fee · 86b3fee
1 parent c3da586
commit 86b3fee
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 9 deletions.
diff --git a/.codebuild/buildspec.deploy.demo.yml b/.codebuild/buildspec.deploy.demo.yml
@@ -1,23 +1,32 @@
 # buildspec for deploying latest changes to main development branch
 version: 0.2
+env:
+  parameter-store:
+    BRAINTREE_TOKEN: "/pwa/BRAINTREE_TOKEN"
+    MAGENTO_BACKEND_URL: "/pwa/MAGENTO_BACKEND_URL"
 phases:
-  install:
-    commands:
-      - echo install step...
   pre_build:
     commands:
       - echo logging in to AWS ECR...
       - $(aws ecr get-login --no-include-email --region us-east-1)
+      - echo copying env vars to env file
+      - sed -i "s%MAGENTO_BACKEND_URL=redacted%MAGENTO_BACKEND_URL=${MAGENTO_BACKEND_URL}%g" ./docker/.env.docker.prod
+      - sed -i "s/BRAINTREE_TOKEN=redacted/BRAINTREE_TOKEN=${BRAINTREE_TOKEN}/g" ./docker/.env.docker.prod
+      - VERSION=$CODEBUILD_RESOLVED_SOURCE_VERSION
+      - echo VERSION=$VERSION
   build:
     commands:
       - echo build Docker image on `date`
       - docker build -f Dockerfile.prod -t pwa-demo:latest .
-      - docker tag pwa-demo:latest 276375911640.dkr.ecr.us-east-1.amazonaws.com/pwa-demo
+      - docker tag pwa-demo:latest 276375911640.dkr.ecr.us-east-1.amazonaws.com/pwa-demo:latest
+      - docker tag pwa-demo:latest 276375911640.dkr.ecr.us-east-1.amazonaws.com/pwa-demo:$VERSION
   post_build:
     commands:
       - echo build Docker image complete `date`
       - echo push latest Docker images to ECR...
-      - docker push 276375911640.dkr.ecr.us-east-1.amazonaws.com/pwa-demo
+      - docker push 276375911640.dkr.ecr.us-east-1.amazonaws.com/pwa-demo:latest
+      - docker push 276375911640.dkr.ecr.us-east-1.amazonaws.com/pwa-demo:$VERSION
+      - sed -i "s/:latest/:${VERSION}/g" Dockerrun.aws.json
 artifacts:
   files:
     - Dockerrun.aws.json
diff --git a/.codebuild/buildspec.pr.build.yml b/.codebuild/buildspec.pr.build.yml
@@ -1,4 +1,8 @@
 version: 0.2
+env:
+  parameter-store:
+    BRAINTREE_TOKEN: "/pwa/BRAINTREE_TOKEN"
+    MAGENTO_BACKEND_URL: "/pwa/MAGENTO_BACKEND_URL"
 phases:
   pre_build:
     commands:
@@ -7,6 +11,9 @@ phases:
       - echo getting PR ID... PR_ID_TAG = $PR_ID_TAG
       - echo logging in to AWS ECR...
       - $(aws ecr get-login --no-include-email --region us-east-1)
+      - echo copying env vars to env file
+      - sed -i "s%MAGENTO_BACKEND_URL=redacted%MAGENTO_BACKEND_URL=${MAGENTO_BACKEND_URL}%g" ./docker/.env.docker.prod
+      - sed -i "s/BRAINTREE_TOKEN=redacted/BRAINTREE_TOKEN=${BRAINTREE_TOKEN}/g" ./docker/.env.docker.prod
   build:
     commands:
       - echo build Docker image on `date` for github branch $CODEBUILD_SOURCE_VERSION

diff --git a/.codebuild/buildspec.pr.test.yml b/.codebuild/buildspec.pr.test.yml
@@ -1,4 +1,8 @@
 version: 0.2
+env:
+  parameter-store:
+    BRAINTREE_TOKEN: "/pwa/BRAINTREE_TOKEN"
+    MAGENTO_BACKEND_URL: "/pwa/MAGENTO_BACKEND_URL"
 phases:
   install:
     commands:
@@ -8,6 +12,11 @@ phases:
       - echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
       - apt-get update -y
       - apt-get install -y yarn
+  pre_build:
+    commands:
+      - echo copying env vars to env file
+      - sed -i "s%MAGENTO_BACKEND_URL=redacted%MAGENTO_BACKEND_URL=${MAGENTO_BACKEND_URL}%g" ./docker/.env.docker.prod
+      - sed -i "s/BRAINTREE_TOKEN=redacted/BRAINTREE_TOKEN=${BRAINTREE_TOKEN}/g" ./docker/.env.docker.prod
   build:
     commands:
       - echo running pr-checks script `date`

diff --git a/docker/.env.docker.prod b/docker/.env.docker.prod
@@ -7,10 +7,10 @@
 NODE_ENV=production
 PORT=8080
 PWA_STUDIO_HOST=localhost
-# magento enterprise edition - in production mode
-MAGENTO_BACKEND_URL=https://m231-pwa-ent-1.testsonfire.com/
+# magento graphql backend set to production mode
+MAGENTO_BACKEND_URL=redacted
 MAGENTO_BUILDPACK_PROVIDE_SECURE_HOST=0
 UPWARD_JS_UPWARD_PATH=venia-upward.yml
 UPWARD_JS_BIND_LOCAL=1
 UPWARD_JS_LOG_URL=1
-BRAINTREE_TOKEN=sandbox_8yrzsvtm_s2bg8fs563crhqzk
+BRAINTREE_TOKEN=redacted
diff --git a/packages/venia-concept/package.json b/packages/venia-concept/package.json
@@ -13,7 +13,7 @@
     "venia": "./bin/venia.js"
   },
   "scripts": {
-    "build": "yarn run clean && yarn run build:esm && yarn run build:prod",
+    "build": "yarn run clean && yarn run build:esm && yarn run validate-queries && yarn run build:prod",
     "build:analyze": "yarn run clean && mkdir dist && yarn run validate-queries && yarn run build:stats",
     "build:dev": "echo 'Skipping venia-concept build...'",
     "build:esm": "BABEL_ENV=development babel src --out-dir esm --root-mode 'upward' --source-maps --copy-files",