-
Notifications
You must be signed in to change notification settings - Fork 0
/
buildspec.yml
71 lines (66 loc) · 2.72 KB
/
buildspec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
version: 0.2
#https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html
#####
# Performs an infrastructure deployment.
# For Code Deployments see CircleCI and AWS CodeDeploy
#####
run-as: circleci
env:
variables:
#Terraform workspace that we operate in
TF_DEV_WORKSPACE: Dev
TF_WORKSPACE: Prod
#The ref of the main branch we work against
MAIN_BRANCH_REF: 'refs/heads/main'
MAIN_BRANCH: 'main'
#The ref of the dev branch we work against
DEV_BRANCH_REF: 'refs/heads/dev'
DEV_BRANCH: 'dev'
#Metaflow requires a username to run
USERNAME: 'codebuild'
secrets-manager:
#Pull in the default terraform cloud token
TERRAFORM_TOKEN: 'CodeBuild/Default:terraform_token'
PAGERDUTY_TOKEN: 'CodeBuild/Default:mozilla_pagerduty_token'
GITHUB_ACCESS_TOKEN: 'CodeBuild/Default:github_access_token'
#All phases are ran within the pocket/pocket-build:prod docker image
phases:
pre_build:
run-as: circleci
commands:
- . /home/circleci/.codebuild_shims_wrapper.sh
- echo $CODEBUILD_WEBHOOK_HEAD_REF
- echo Setting Up Terraform Token
- rc="credentials \"app.terraform.io\" { "
- rc="${rc} token=\"$TERRAFORM_TOKEN\" "
- rc="${rc}}"
- echo "$rc" > ~/.terraformrc
- echo Setting environment variables
- cd .aws
- npm ci
- tfenv install
# synthesize the js into terraform json with the proper node environment
- 'if [ "$GIT_BRANCH" = "$DEV_BRANCH" ]; then NODE_ENV=development npm run synth; else npm run synth; fi'
- cd cdktf.out/stacks/firefox-api-proxy
- 'if [ "$GIT_BRANCH" = "$DEV_BRANCH" ]; then TF_WORKSPACE=$TF_DEV_WORKSPACE terraform init; else terraform init; fi'
build:
run-as: circleci
commands:
- echo Build started on `date`
### If the branch is not main and its not dev, lets do a plan on prod.
- 'if [ "$CODEBUILD_WEBHOOK_HEAD_REF" != "$MAIN_BRANCH_REF" ] && [ "$CODEBUILD_WEBHOOK_HEAD_REF" != "$DEV_BRANCH_REF" ] && [ -z "$GIT_BRANCH" ]; then terraform plan -lock=false -refresh=false -no-color; fi'
#### If the branch is dev, lets do an apply on dev.
- 'if [ "$GIT_BRANCH" = "$DEV_BRANCH" ]; then TF_WORKSPACE=$TF_DEV_WORKSPACE TF_LOG=INFO terraform apply -auto-approve -no-color; fi'
#### If the branch is main lets apply.
- 'if [ "$GIT_BRANCH" = "$MAIN_BRANCH" ]; then terraform apply -auto-approve -no-color; fi'
post_build:
run-as: circleci
commands:
- 'if [ "$GIT_BRANCH" = "$MAIN_BRANCH" ] || [ "$GIT_BRANCH" = "$DEV_BRANCH" ]; then cp appspec.json taskdef.json ../../../../; fi'
# get back to the root dir
- cd ../../
- echo Build completed on `date`
artifacts:
files:
- taskdef.json
- appspec.json