forked from cdklabs/aws-delivlib
-
Notifications
You must be signed in to change notification settings - Fork 0
/
delivlib.ts
116 lines (103 loc) · 3.44 KB
/
delivlib.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
//
// This app manages the delivery pipeline for aws-delivlib itself. Very meta.
//
// To update the pipeline, you'll need AWS credentials for this account and
// then run:
//
// npm run pipeline-update
//
import {
App, Aspects, Stack, StackProps,
aws_codebuild as codebuild,
aws_events as events,
aws_secretsmanager as secret,
} from 'monocdk';
import * as delivlib from '../lib';
const SUPERCHAIN = 'jsii/superchain';
export class DelivLibPipelineStack extends Stack {
constructor(parent: App, id: string, props: StackProps = { }) {
super(parent, id, props);
const github = new delivlib.WritableGitHubRepo({
repository: 'awslabs/aws-delivlib',
tokenSecretArn: 'arn:aws:secretsmanager:us-east-1:712950704752:secret:github-token-nnAqfW',
commitEmail: '[email protected]',
commitUsername: 'aws-cdk-dev',
sshKeySecret: { secretArn: 'arn:aws:secretsmanager:us-east-1:712950704752:secret:awslabs/delivlib/github-ssh-UBHEyF' },
});
const pipeline = new delivlib.Pipeline(this, 'GitHubPipeline', {
title: 'aws-delivlib production pipeline',
repo: github,
branch: 'main',
pipelineName: 'delivlib-main',
notificationEmail: '[email protected]',
buildSpec: codebuild.BuildSpec.fromObject({
version: '0.2',
phases: {
install: {
commands: ['yarn install --frozen-lockfile'],
},
build: {
commands: [
'yarn build',
'yarn test',
],
},
post_build: {
commands: ['[ ${CODEBUILD_BUILD_SUCCEEDING:-1} != 1 ] || npm run package'],
},
},
artifacts: {
'files': ['**/*'],
'base-directory': 'dist',
},
}),
autoBuild: true,
autoBuildOptions: { publicLogs: true },
});
pipeline.publishToNpm({
npmTokenSecret: { secretArn: 'arn:aws:secretsmanager:us-east-1:712950704752:secret:delivlib/npm-OynG62' },
});
pipeline.autoBump({
scheduleExpression: 'cron(0 12 * * ? *)',
bumpCommand: 'yarn install --frozen-lockfile && yarn bump',
base: {
name: 'main',
},
head: {
name: 'main',
},
pushOnly: true,
});
}
}
export class EcrMirrorStack extends Stack {
public readonly mirror: delivlib.EcrMirror;
constructor(scope: App, id: string, props?: StackProps) {
super(scope, id, props);
const superchainSource = delivlib.MirrorSource.fromDockerHub(SUPERCHAIN);
this.mirror = new delivlib.EcrMirror(this, 'Default', {
dockerHubCredentials: {
secret: secret.Secret.fromSecretArn(this, 'DockerHubCreds', 'arn:aws:secretsmanager:us-east-1:712950704752:secret:dockerhub/ReadOnly-VXZo5Z'),
usernameKey: 'username',
passwordKey: 'password',
},
sources: [
superchainSource,
],
schedule: events.Schedule.cron({
hour: '9',
minute: '0',
}),
});
}
}
const app = new App();
// this pipeline is mastered in a specific account where all the secrets are stored
const ecrMirrorStack = new EcrMirrorStack(app, 'aws-delivlib-ecr-mirror', {
env: { region: 'us-east-1', account: '712950704752' },
});
const pipelineStack = new DelivLibPipelineStack(app, 'aws-delivlib-pipeline', {
env: { region: 'us-east-1', account: '712950704752' },
});
Aspects.of(pipelineStack).add(new delivlib.EcrMirrorAspect(ecrMirrorStack.mirror));
app.synth();