Create pre-production stage for CI pipeline #2282
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2282 +/- ##
==========================================
+ Coverage 79.02% 79.05% +0.02%
==========================================
Files 614 614
Lines 106934 107058 +124
Branches 15145 15162 +17
==========================================
+ Hits 84504 84634 +130
+ Misses 21777 21771 -6
Partials 653 653 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
nhatnghiho
force-pushed
the
ci-pipeline
branch
2 times, most recently
from
267feb5 to
b100ece
Compare
nhatnghiho
force-pushed
the
ci-pipeline
branch
3 times, most recently
from
3f82970 to
edbd376
Compare
| image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-20.04_clang-7x-bm-framework_latest | ||
| image: 183295444613.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-20.04_clang-7x-bm-framework_latest |
There was a problem hiding this comment.
Should remain as the team account
| image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-20.04_clang-7x-bm-framework_latest | ||
| image: 183295444613.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-20.04_clang-7x-bm-framework_latest |
There was a problem hiding this comment.
Should remain as the team account
| image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-20.04_clang-7x-bm-framework_latest | ||
| image: 183295444613.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-20.04_clang-7x-bm-framework_latest |
There was a problem hiding this comment.
Should remain as the team account
| image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-20.04_clang-7x-bm-framework_latest | ||
| image: 183295444613.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-20.04_clang-7x-bm-framework_latest |
There was a problem hiding this comment.
Should remain as the team account
| if env.account == PRE_PROD_ACCOUNT: | ||
| github_repo_owner = STAGING_GITHUB_REPO_OWNER | ||
| github_repo_name = STAGING_GITHUB_REPO_NAME |
There was a problem hiding this comment.
How does this work for deploying to your own personal account if you want to go through setting up the pipeline and all that?
There was a problem hiding this comment.
I guess these are correctly set to the values from the pipeline cdk_env in AwsLcCiPipeline?
| while [[ ${attempt} -le ${MAX_RETRY} ]]; do | ||
| if [[ $attempt -gt 0 ]]; then | ||
| echo "Retrying ${attempt}/${MAX_RETRY}..." | ||
| fi | ||
|
|
||
| attempt=$((attempt + 1)) | ||
|
|
|
|
||
| assume_role | ||
|
|
||
| if [[ -z "${BUILD_TYPE+x}" || -z "${BUILD_TYPE}" ]]; then |
There was a problem hiding this comment.
| if [[ -z "${BUILD_TYPE+x}" || -z "${BUILD_TYPE}" ]]; then | |
| if [[ -z "${BUILD_TYPE:+x}" ]]; then |
Does both of these for you. If BUILD_TYPE is either unset / empty string or not defined it will be a empty string substituted for this check. Otherwise x will be substituted and thus not move into the if statement body.
| fi | ||
|
|
||
| if [[ ${BUILD_TYPE} == "docker" ]]; then | ||
| if [[ -z "${PLATFORM+x}" || -z "${PLATFORM}" ]]; then |
| fi | ||
|
|
||
| if [[ ${BUILD_TYPE} == "ci" ]]; then | ||
| if [[ -z "${PROJECT+x}" || -z "${PROJECT}" ]]; then |
| if [[ -z "${BUILD_TYPE+x}" || -z "${BUILD_TYPE}" ]]; then | ||
| echo "No build type provided." | ||
| exit 1 | ||
| fi | ||
|
|
||
| if [[ -z "${STACKS+x}" || -z "${STACKS}" ]]; then | ||
| echo "No stacks provided." | ||
| exit 1 | ||
| fi | ||
|
|
||
| if [[ -n "${PREVIOUS_REBUILDS+x}" && -n "${PREVIOUS_REBUILDS}" ]]; then |
| ### CI Commands | ||
| Use these commands if you wish to deploy individual stacks instead of the entire pipeline. | ||
|
|
||
| These commands are run from `aws-lc/tests/ci/cdk`. | ||
|
|
||
| If not done previously, bootstrap cdk before running the commands below. Make sure that AWS_ACCOUNT_ID is the AWS account you wish to deploy the CI stacks to. |
There was a problem hiding this comment.
Is there any reason to keep this support and documented?
There was a problem hiding this comment.
This is helpful if we want to deploy 1 stack at a time. Say, if I only want to deploy aws-lc-ci-integration and don't want to deal with anything else, these commands will come in handy.
| from aws_cdk import ( | ||
| Duration, | ||
| Stack, | ||
| aws_codebuild as codebuild, | ||
| aws_iam as iam, | ||
| aws_s3_assets, | ||
| aws_logs as logs, | ||
| Environment, | ||
| ) |
There was a problem hiding this comment.
In the future it is much easier to review big changes like this if you don't reformat unrelated code. If there wasn't consistent formatting of this cdk code before your change it would much easier to review if one PR is just reformatting everything.
| class BmFrameworkStack(Stack): | ||
| """Define a stack used to create a CodeBuild instance on which to execute the AWS-LC benchmarking framework""" |
There was a problem hiding this comment.
We can actually delete this file/stack. We haven't run the benchmark stack in codebuild in years.
|
|
||
| self.build_options = [] | ||
|
|
||
| # Define CodeBuild Batch job for testing code. |
There was a problem hiding this comment.
Can this reuse any of the existing CDK definitions? In the future if we add a new build project to our public CI we might forget to update this spot as well.
| # bm_framework_build_spec_file = "cdk/codebuild/bm_framework_omnibus.yaml" | ||
| # BmFrameworkStack(app, "aws-lc-ci-bm-framework", bm_framework_build_spec_file, env=env) |
There was a problem hiding this comment.
| # bm_framework_build_spec_file = "cdk/codebuild/bm_framework_omnibus.yaml" | |
| # BmFrameworkStack(app, "aws-lc-ci-bm-framework", bm_framework_build_spec_file, env=env) |
|
|
||
| self.build_options = [] | ||
|
|
||
| # Define CodeBuild Batch job for testing code. |
There was a problem hiding this comment.
Is this the CI that tests the code in PRs, or the CI that tests the pipeline and docker images is working?
| "curl -H \"Authorization: token ${GITHUB_PAT}\" https://api.github.com/user", | ||
| "git clone https://${GITHUB_PAT}@github.com/${STAGING_GITHUB_REPO_OWNER}/${STAGING_GITHUB_REPO_NAME}.git", | ||
| "git remote add upstream https://github.com/aws/aws-lc.git", | ||
| "git fetch upstream", | ||
| "git checkout main", | ||
| "git merge upstream/main", |
There was a problem hiding this comment.
Why are you merging aws/aws-lc into the pr branch? What happens if there is a conflict?
There was a problem hiding this comment.
This is merging aws/aws-lc into our staging repo's main branch, not the pr branch. Since our staging repo is for testing only, it should never diverge from aws-lc. Conflicts should never happen. If they do, it means something is wrong with our staging repo.
| else {} | ||
| ) | ||
|
|
||
| @jsii.member(jsii_name="produceAction") |
There was a problem hiding this comment.
Yeah, is there some functionality missing in the Python CDK? Have we given feedback to them about it
Issues:
Resolves #CryptoAlg-2983 and #CryptoAlg-2984
Description of changes:
This PR implements steps to deploy to pre-production in the CI pipeline, which will act as template for production deployment later on. The PR also sets up a dev deployment environment for testing purposes.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.