up structure for tf

gitlab-ci/all.yml

@@ -0,0 +1,37 @@
+# --------------------------------------------------------------------------------
+# Include for all environments
+#---------------------------------------------------------------------------------
+
+.setenv:
+  tags:
+      - aws-app-common-fast
+  script: |
+      echo "--- Check AWS IAM assumed role  ----"
+      aws sts get-caller-identity
+      echo "export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" > .awsenv.sh
+      echo "export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> .awsenv.sh
+      echo "export AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN" >> .awsenv.sh
+      echo "export VAULT_TOKEN=$VAULT_TOKEN" >> .awsenv.sh
+  artifacts:
+      paths:
+        - .awsenv.sh
+      expire_in: 5 mins
+# ---------------------------------
+# Build Docker reverse proxy image
+# ---------------------------------
+.build_image:
+  tags:
+      - aws-image-builder-fast
+  stage: build
+  script: |
+      source ./.awsenv.sh
+      echo "################### Running image builder pipeline."
+      /kaniko/executor version
+      for image in $(ls ${SRC_FOLDER})
+      do
+        echo "################### Building image ${image}..."
+        KANIKOPROXYBUILDARGS="--force --build-arg http_proxy=${HTTP_PROXY} --build-arg https_proxy=${HTTPS_PROXY} --build-arg no_proxy=${NO_PROXY} --build-arg ENV=${CI_ENVIRONMENT_NAME} --cache=true --single-snapshot --compressed-caching=true"
+        # build image
+        /kaniko/executor $KANIKOPROXYBUILDARGS --context ./src/${image} --dockerfile ./src/${image}/Dockerfile --destination ${ECR_REGISTRY}/${APPNAME}-${image}:${IMAGE_TAG}
+      done
+  timeout: 3h

gitlab-ci/dev.yml

@@ -0,0 +1,112 @@
+# -----------------------------------
+# DEV TAG MANDATORY BLOCKS
+# -----------------------------------
+
+variables: 
+  ECR_REGISTRY_DEV: 147795259188.dkr.ecr.eu-west-3.amazonaws.com 
+  ENABLE_DESTROY_DEV: "false" # "true" #
+
+# dev:custom_commands:
+#   extends: .init
+#   environment:
+#     name: dev
+#     deployment_tier: staging
+#   stage: test
+#   script:
+#     # - terraform force-unlock -force bfac4f1d-1f74-2ce7-c9b2-6ac7775dc5d0
+#     # - aws s3 rm s3://objstr-sae---z2-dev--248189935936-chatbotdata/metadata/ --recursive
+#   rules:
+#     - if: '$CI_COMMIT_BRANCH == "dev"'
+
+dev:credentials:
+  stage: build
+  extends: 
+    - .aws-credentials
+    - .setenv
+  environment:
+    name: dev
+    deployment_tier: staging
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "dev"'
+      changes:
+        - src/** 
+        - src/**/*
+
+dev:build_docker_images:
+  stage: build
+  extends:
+    - .build_image
+  environment:
+    name: dev
+    deployment_tier: staging
+  variables:
+    IMAGE_TAG: ${CI_COMMIT_SHORT_SHA}
+    SRC_FOLDER: "src"
+    ECR_REGISTRY: ${ECR_REGISTRY_DEV}
+  rules:
+  - if: '$CI_COMMIT_BRANCH == "dev"'
+    changes:
+    - src/**
+    - src/**/*
+  needs:
+  - job: dev:credentials
+    artifacts: true
+
+dev:update_ssm_parameters:
+  stage: build
+  extends: 
+  - .aws-credentials
+  environment:
+    name: dev
+    deployment_tier: staging 
+  image: 675609327636.dkr.ecr.eu-west-1.amazonaws.com/core/base-images/ubi8/${TERRAFORM_IMAGE}
+  tags:
+  - aws-core-tools-fast 
+  script: |
+    for image in $(ls src)
+    do
+      aws ssm put-parameter --name "/${APPNAME}/dev/${image}ImageTag" --type "String" --value ${CI_COMMIT_SHORT_SHA} --overwrite
+    done
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "dev"'
+      changes:
+        - src/**
+        - src/**/*
+  needs: [dev:build_docker_images]
+
+dev:plan:
+  stage: plan
+  extends:
+  - .init
+  - .plan
+  environment:
+    name: dev
+    deployment_tier: staging
+  rules:
+  - if: $CI_COMMIT_BRANCH == "dev"
+
+dev:apply:
+  stage: apply
+  extends:
+  - .init
+  - .apply
+  environment:
+    name: dev
+    deployment_tier: staging
+  rules:
+    - if: $CI_COMMIT_BRANCH == "dev"
+      when: manual        
+  needs: ["dev:plan"]
+    
+dev:destroy:
+  stage: destroy
+  extends:
+  - .init
+  - .destroy
+  environment:
+    name: dev
+    deployment_tier: staging
+  rules:
+  - if: '$CI_COMMIT_BRANCH == "dev" && $ENABLE_DESTROY_DEV == "true"'
+    when: manual
+  dependencies: []

gitlab-ci/ppd.yml

@@ -0,0 +1,119 @@
+# --------------------------------------------------------------------------------
+# Purpose : PPD pipelines
+#---------------------------------------------------------------------------------
+
+variables:
+  ECR_REGISTRY_PPD: XXXXXXXXXXXXXXXXXXXX.dkr.ecr.eu-west-3.amazonaws.com  
+  ENABLE_DESTROY_PPD: "false" # "true" #
+
+# ppd:custom_commands:
+#   extends: 
+#     - .aws-credentials
+#   image: 675609327636.dkr.ecr.eu-west-1.amazonaws.com/core/base-images/ubi8/${TERRAFORM_IMAGE}
+#   tags:
+#     - aws-core-tools-fast
+#   environment:
+#       name: ppd 
+#       deployment_tier: staging
+#   stage: build
+#   script: 
+#     # - aws kms cancel-key-deletion --key-id 3841fc17-a82c-4a6c-a585-f7eaebaacc96
+#     # - aws kms schedule-key-deletion --key-id 3841fc17-a82c-4a6c-a585-f7eaebaacc96 --pending-window-in-days 7
+#     # - aws lambda delete-function --function-name matcher-sae-eu2-z2-ppd-docker
+#     - aws sagemaker delete-endpoint --endpoint-name matcher-huggingface-endpoint
+#     - aws sagemaker delete-model --model-name matcher-huggingface-model
+#   rules:
+#     - if: '$CI_COMMIT_BRANCH == "ppd"'
+
+ppd:credentials:
+  stage: build
+  extends: 
+  - .aws-credentials
+  - .setenv
+  environment:
+    name: ppd
+    deployment_tier: staging
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "ppd"'
+    changes:
+    - src/** 
+    - src/**/*
+
+ppd:build_docker_images:
+  stage: build  
+  extends:
+    - .build_image
+  environment:
+    name: ppd
+    deployment_tier: staging
+  variables:
+    IMAGE_TAG: ${CI_COMMIT_SHORT_SHA}
+    SRC_FOLDER: "src"
+    ECR_REGISTRY: ${ECR_REGISTRY_PPD}
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "ppd"'
+    changes:
+    - src/**
+    - src/**/*
+  needs: 
+  - job: ppd:credentials
+    artifacts: true
+
+ppd:update_ssm_parameters:
+  stage: build
+  extends: 
+    - .aws-credentials
+  environment:
+    name: ppd 
+    deployment_tier: staging
+  image: 675609327636.dkr.ecr.eu-west-1.amazonaws.com/core/base-images/ubi8/${TERRAFORM_IMAGE}
+  tags:
+    - aws-core-tools-fast
+  script: |
+    for image in $(ls src)
+    do
+      aws ssm put-parameter --name "/${APPNAME}/ppd/${image}ImageTag" --type "String" --value ${CI_COMMIT_SHORT_SHA} --overwrite
+    done
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "ppd"'
+      changes:
+        - src/**
+        - src/**/*
+  needs: [ppd:build_docker_images]
+
+ppd:plan:
+  stage: plan
+  extends:
+  - .init
+  - .plan
+  environment:
+    name: ppd
+    deployment_tier: staging
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "ppd"'
+
+ppd:apply:
+  stage: apply
+  extends:
+      - .init
+      - .apply
+  environment:
+    name: ppd
+    deployment_tier: staging
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "ppd"'
+    when: manual        
+  needs: ["ppd:plan"]
+    
+ppd:destroy:
+  stage: destroy
+  extends:
+    - .init
+    - .destroy
+  environment:
+    name: ppd
+    deployment_tier: staging
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "ppd" && $ENABLE_DESTROY_PPD == "true"'
+    when: manual
+  dependencies: []

gitlab-ci/prd.yml

@@ -0,0 +1,121 @@
+# --------------------------------------------------------------------------------
+# Purpose : PRD pipelines
+#---------------------------------------------------------------------------------
+
+variables:
+  ECR_REGISTRY_PRD: XXXXXXXXXXXXXXXXXXX.dkr.ecr.eu-west-3.amazonaws.com
+  ENABLE_DESTROY_PRD: "false" # "true" #
+
+# prd:custom_commands:
+#   extends: 
+#     - .aws-credentials
+#   image: 675609327636.dkr.ecr.eu-west-1.amazonaws.com/core/base-images/ubi8/${TERRAFORM_IMAGE}
+#   tags:
+#     - aws-core-tools-fast
+#   environment:
+#       name: prd 
+#       deployment_tier: staging
+#   stage: build
+#   script: 
+#     # - aws kms cancel-key-deletion --key-id 3841fc17-a82c-4a6c-a585-f7eaebaacc96
+#     # - aws kms schedule-key-deletion --key-id 3841fc17-a82c-4a6c-a585-f7eaebaacc96 --pending-window-in-days 7
+#     # - aws kms schedule-key-deletion --key-id 3841fc17-a82c-4a6c-a585-f7eaebaacc96 --pending-window-in-days 7
+#     # - aws lambda delete-function --function-name matcher-sae-eu2-z2-prd-docker
+#     - aws sagemaker delete-endpoint --endpoint-name matcher-huggingface-endpoint
+#     - aws sagemaker delete-model --model-name matcher-huggingface-model
+#   rules:
+#   - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"'
+#   - if: '$CI_COMMIT_BRANCH == "main"'
+
+prd:credentials:
+  stage: build
+  extends: 
+  - .aws-credentials
+  - .setenv
+  environment:
+    name: prd
+    deployment_tier: staging
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"'
+    changes:
+      - src/** 
+      - src/**/*
+
+prd:build_docker_images:
+  stage: build
+  extends:
+    - .build_image
+  environment:
+    name: prd
+    deployment_tier: staging
+  variables:
+    IMAGE_TAG: ${CI_COMMIT_SHORT_SHA}
+    SRC_FOLDER: "src"
+    ECR_REGISTRY: ${ECR_REGISTRY_PRD}
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"'
+    changes:
+    - src/**
+    - src/**/*
+  needs: 
+  - job: prd:credentials
+    artifacts: true
+
+prd:update_ssm_parameters:
+  stage: build
+  extends: 
+  - .aws-credentials
+  environment:
+    name: prd 
+    deployment_tier: staging
+  image: 675609327636.dkr.ecr.eu-west-1.amazonaws.com/core/base-images/ubi8/${TERRAFORM_IMAGE}
+  tags:
+  - aws-core-tools-fast
+  script: |
+    for image in $(ls src)
+    do
+      aws ssm put-parameter --name "/${APPNAME}/prd/${image}ImageTag" --type "String" --value ${CI_COMMIT_SHORT_SHA} --overwrite
+    done
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"'
+    changes:
+      - src/**
+      - src/**/*
+  needs: [prd:build_docker_images]
+
+prd:plan:
+  stage: plan
+  extends:
+  - .init
+  - .plan
+  environment:
+    name: prd
+    deployment_tier: staging
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"'
+
+prd:apply:
+  stage: apply
+  extends:
+  - .init
+  - .apply
+  environment:
+    name: prd
+    deployment_tier: staging
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"'
+    when: manual        
+  needs: ["prd:plan"]
+    
+prd:destroy:
+  stage: destroy
+  extends:
+  - .init
+  - .destroy
+  environment:
+    name: prd
+    deployment_tier: staging
+  rules:
+  - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main" && $ENABLE_DESTROY_PRD == "true"'
+    when: manual
+  dependencies: []