Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support optional CODE environment/stage via new optional action input codeDomain #19

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

support optional CODE environment/stage via new optional action input codeDomain #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c77fad0
add a separate code bucket to segregate code static sites
twrichards Feb 27, 2023
440e248
wire the new `codeDomain` into the riff-raff.yaml (making use of the …
twrichards Mar 3, 2023
a4c7b97
hardcode `validCodeDomainSuffixes` rather than relying on fallback ap…
twrichards Apr 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,17 +48,20 @@ jobs:
## Inputs

### **app** `string` (required):

The app name. Used for the Riffraff deployment name and also to tag AWS
resources. Typically this would be the first part of your domain name - e.g.
'example' for 'example.gutools.co.uk'.
### **domain** `string` (required):

### **domain** `string` (required):
The domain should be a Guardian-owned domain. For internal tools,
`[app].gutools.co.uk` is recommended but check it is free first!

### **artifact** `string` (optional - default='artifact')
### **codeDomain** `string` (optional):
The domain should be a Guardian-owned domain. For internal tools,
`[name].code.dev-gutools.co.uk` is recommended but check it is free first!
Only use this option if your project really needs a lower envionment.

### **artifact** `string` (optional - default='artifact')
Name of the artifact containing the static resources. Should be uploaded in
an earlier workflow step.

Expand Down
21 changes: 17 additions & 4 deletions action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ inputs:
domain:
description: A Guardian-owned domain. [name].gutools.co.uk is recommended.
required: true
codeDomain:
description: OPTIONAL Guardian-owned domain for CODE environment. [name].code.dev-gutools.co.uk is recommended.
required: false
artifact:
description: 'Name of artifact containing the static site. Should be uploaded in an earlier workflow step.'
required: false
Expand All @@ -31,6 +34,7 @@ runs:
env:
INPUT_APP: ${{ inputs.app }}
INPUT_DOMAIN: ${{ inputs.domain }}
INPUT_CODE_DOMAIN: ${{ inputs.codeDomain }}
INPUT_ARTIFACT: ${{ inputs.artifact }}
INPUT_DRYRUN: ${{ inputs.dryRun}}
INPUT_ACTIONS_RUNTIME_TOKEN: ${ github.token }
Expand Down Expand Up @@ -64,20 +68,29 @@ runs:
- eu-west-1
allowedStages:
- PROD
${{ inputs.codeDomain && '- CODE' || '' }}
deployments:
cfn:
type: cloud-formation
app: ${{ inputs.app }}
parameters:
templatePath: cfn.json
templatePath:
templateStagePaths:
PROD: cfn.json
CODE: cfn-CODE.json
static-site-assets:
type: aws-s3
app: ${{ inputs.domain }} # A hack to prefix uploads with the domain.
app: ${{ inputs.app }}
parameters:
cacheControl: private
publicReadAcl: false
bucket: deploy-infra-actions-static-site-i-staticd8c87b36-jyufgyb0llkj # TODO replace with SSM param once possible.
prefixApp: true # See comment on `app` above.
bucketSsmKeyStageParam:
PROD: /INFRA/deploy/actions-static-site-infra/bucket
CODE: /INFRA/deploy/actions-static-site-infra/codeBucket
prefixStagePaths:
PROD: ${{ inputs.domain }}
CODE: ${{ inputs.codeDomain }}
prefixApp: false
prefixStack: false
prefixStage: false
dependencies:
Expand Down
234 changes: 164 additions & 70 deletions cdk/__snapshots__/infra.test.ts.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,11 +198,17 @@ cat << EOF > /etc/systemd/system/app.service
Description=Static Site service

[Service]
Environment=\\"BUCKET=",
Environment=\\"PROD_BUCKET=",
Object {
"Ref": "staticD8C87B36",
},
"\\"
Environment=\\"CODE_BUCKET=",
Object {
"Ref": "codestaticB41DF3D7",
},
"\\"
Environment=\\"VALID_CODE_DOMAIN_SUFFIXES=.code.dev-gutools.co.uk\\"
Environment=\\"PORT=9000\\"
ExecStart=/app

Expand Down Expand Up @@ -652,6 +658,36 @@ systemctl start app
},
],
},
Object {
"Action": Array [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::GetAtt": Array [
"codestaticB41DF3D7",
"Arn",
],
},
Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"codestaticB41DF3D7",
"Arn",
],
},
"/*",
],
],
},
],
},
],
"Version": "2012-10-17",
},
Expand Down Expand Up @@ -1139,6 +1175,133 @@ systemctl start app
},
"Type": "AWS::EC2::SecurityGroup",
},
"codestaticB41DF3D7": Object {
"DeletionPolicy": "Retain",
"Properties": Object {
"Tags": Array [
Object {
"Key": "gu:cdk:version",
"Value": "48.5.1",
},
Object {
"Key": "gu:repo",
"Value": "guardian/actions-static-site",
},
Object {
"Key": "Stack",
"Value": "stack",
},
Object {
"Key": "Stage",
"Value": "INFRA",
},
],
"WebsiteConfiguration": Object {
"IndexDocument": "index.html",
},
},
"Type": "AWS::S3::Bucket",
"UpdateReplacePolicy": "Retain",
},
"codestaticPolicy56B5E7C1": Object {
"Properties": Object {
"Bucket": Object {
"Ref": "codestaticB41DF3D7",
},
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "s3:PutObject",
"Effect": "Allow",
"Principal": Object {
"AWS": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iam::000000000016:root",
],
],
},
"arn:aws:iam::000000000016:role/galaxies-data-refresher-lambda-role-CODE",
],
},
"Resource": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"codestaticB41DF3D7",
"Arn",
],
},
"/galaxies.code.dev-gutools.co.uk/data/*",
],
],
},
},
Object {
"Action": "s3:ListBucket",
"Condition": Object {
"StringLike": Object {
"s3:prefix": Array [
"galaxies.code.dev-gutools.co.uk/data/*",
],
},
},
"Effect": "Allow",
"Principal": Object {
"AWS": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iam::000000000016:root",
],
],
},
"arn:aws:iam::000000000016:role/galaxies-data-refresher-lambda-role-CODE",
],
},
"Resource": Object {
"Fn::GetAtt": Array [
"codestaticB41DF3D7",
"Arn",
],
},
},
],
"Version": "2012-10-17",
},
},
"Type": "AWS::S3::BucketPolicy",
},
"codestaticsitebucketCDD8A031": Object {
"Properties": Object {
"Description": "Bucket for CODE static sites.",
"Name": "/INFRA/stack/app/codeBucket",
"Tags": Object {
"Stack": "stack",
"Stage": "INFRA",
"gu:cdk:version": "48.5.1",
"gu:repo": "guardian/actions-static-site",
},
"Type": "String",
"Value": Object {
"Ref": "codestaticB41DF3D7",
},
},
"Type": "AWS::SSM::Parameter",
},
"ldpaccess567AC006": Object {
"Properties": Object {
"GroupDescription": "static-site-INFRA/ldp-access",
Expand Down Expand Up @@ -1249,75 +1412,6 @@ systemctl start app
],
},
},
Object {
"Action": "s3:PutObject",
"Effect": "Allow",
"Principal": Object {
"AWS": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iam::000000000016:root",
],
],
},
"arn:aws:iam::000000000016:role/galaxies-data-refresher-lambda-role-CODE",
],
},
"Resource": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"staticD8C87B36",
"Arn",
],
},
"/galaxies.code.dev-gutools.co.uk/data/*",
],
],
},
},
Object {
"Action": "s3:ListBucket",
"Condition": Object {
"StringLike": Object {
"s3:prefix": Array [
"galaxies.code.dev-gutools.co.uk/data/*",
],
},
},
"Effect": "Allow",
"Principal": Object {
"AWS": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iam::000000000016:root",
],
],
},
"arn:aws:iam::000000000016:role/galaxies-data-refresher-lambda-role-CODE",
],
},
"Resource": Object {
"Fn::GetAtt": Array [
"staticD8C87B36",
"Arn",
],
},
},
],
"Version": "2012-10-17",
},
Expand Down
Loading