Skip to content

Commit

Permalink
add pipeline
Browse files Browse the repository at this point in the history
  • Loading branch information
Ryosuke Tomita committed Dec 16, 2023
1 parent f81259f commit 3329358
Show file tree
Hide file tree
Showing 11 changed files with 123 additions and 74 deletions.
12 changes: 2 additions & 10 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -9,23 +9,15 @@ RUN npm install && npm run build
FROM public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nginx:latest-al23
COPY --from=build /app/build /usr/share/nginx/html
COPY nginx.conf /etc/nginx/nginx.conf
#COPY default.conf /etc/nginx/conf.d/default.conf


# Change owner to allow non-root users to start the service
USER root
# RUN <<EOF
# mkdir -p /var/log/nginx
# chown -R nginx:nginx /var/log/nginx
# touch /run/nginx.pid
# chown -R nginx:nginx /run/nginx.pid
# EOF
RUN mkdir -p /var/log/nginx \
&& chown -R nginx:nginx /var/log/nginx \
&& touch /run/nginx.pid \
&& chown -R nginx:nginx /run/nginx.pid


EXPOSE 80
# Use 8080 instead of 80 to avoid the `nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)` when using ECS.
EXPOSE 8080
USER nginx
CMD ["nginx", "-g", "daemon off;"]
102 changes: 101 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,13 +1,113 @@
# INDEX

- [ABOUT](#ABOUT)
- [ENVIRONMENT](#ENVIRONMENT)
- [PREPARING](#PREPARING)
- [HOW TO USE](#HOW-TO-USE)
- [REFERENCE](#REFERENCE)
******


# ABOUT
Sample for DevSecOps environment.
See [./doc/tools_doc](./doc/tools_doc)
******


# ENVIRONMENT
- AWS
- Github Actions
- node:20
******


# PREPARING
## AWSの設定
copilot cliを使って環境構築を行う。
### appの作成
- 名前は任意だが,自分はreact-appとした
- ここで必用なIAMロールの一部やKMSのキーやCodePipelineに使うS3やそのポリシーが作成されている。

```shell
copilot app init
cat ./copilot/.workspace
application: react-app
```
### development用のenvironmentとserviceをまとめて作成する。
- amd64を指定しないとなぜかビルドエラーになる。

```shell
DOCKER_DEFAULT_PLATFORM=linux/amd64 copilot init
```
- 名前は任意だが,dev-envとdev-svcとした。
- copilot/以下のファイルを編集することで設定を変更できる。
- 新しいVPCや,ECSのCluster,Load Balancerや権限周りが作成される。

### production用のenvironmentとserviceをまとめて作成する。
- vpcをいくつも作りたくない場合はenvironment単体で作成すると既存リソースの使用が選択できる。

```shell
copilot env init # prod-envと命名してcopilot-react-app-dev-vpcを選択する。
```
<details>
<summary>see detail</summary>

```shell
copilot env init
Environment name: prod-env

Which credentials would you like to use to create hoge? [Use arrows to move, type to filter, ? for more help]
Enter temporary credentials
> [profile default]


Environment name: prod-env
Credential source: [profile default]
Would you like to use the default configuration for a new environment?
- A new VPC with 2 AZs, 2 public subnets and 2 private subnets
- A new ECS Cluster
- New IAM Roles to manage services and jobs in your environment
[Use arrows to move, type to filter]
Yes, use default.
Yes, but I'd like configure the default resources (CIDR ranges, AZs).
> No, I'd like to import existing resources (VPC, subnets).


Environment name: prod-env
Credential source: [profile default]
Default environment configuration? No, I'd like to import existing resources
Which VPC would you like to use? [Use arrows to move, type to filter]
> vpc-xxxxxxxxxxxxxxxxx (copilot-react-app-dev-env)
```
</details>
- environmentをデプロイ
```shell
copilot env deploy
```
- prod用のserviceを作成してデプロイする。
この際に間違えてdev-svcやdev-envを選ばないように注意する。
```shell
DOCKER_DEFAULT_PLATFORM=linux/amd64 copilot svc init
copilot svc deploy
```
### CodePipelineの作成
## その他の設定
- ローカルでのインストールが必須なのはpre-commitくらい
```shell
cd devsecops-demo-aws-ecs
pre-commit install
```
- VSCodeのExtensionsもお好みで。Dockerのhadolintはおすすめ。
******
# HOW TO USE
# REFERENCE
- [ECSの仕様で非特権ユーザを使用したコンテナでは80番ポートが使えないっぽい](https://repost.aws/questions/QU1bCV9wT4T5iBrrP1c2ISfg/container-cannot-bind-to-port-80-running-as-non-root-user-on-ecs-fargate) --> つまり,localのdockerで80でサービスが起動できてもECSだと権限エラーになる。
> nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
2 changes: 1 addition & 1 deletion copilot/.workspace
Original file line number Diff line number Diff line change
@@ -1 +1 @@
application: roulette-app
application: react-app
6 changes: 2 additions & 4 deletions copilot/dev-svc/manifest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,11 @@ image:
# Docker build arguments. For additional overrides: https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/#image-build
build: Dockerfile
# Port exposed through your container to route traffic to it.
port: 80
port: 8080

cpu: 256 # Number of CPU units for the task.
memory: 512 # Amount of memory in MiB used by the task.
count: # Number of tasks that should be running in your service.
range: 1-2
cpu_percentage: 50
count: 1 # Number of tasks that should be running in your service.
exec: true # Enable running commands in your container.
network:
connect: true # Enable Service Connect for intra-environment traffic between services.
Expand Down
30 changes: 0 additions & 30 deletions copilot/environments/app-scanner-env/manifest.yml

This file was deleted.

15 changes: 3 additions & 12 deletions copilot/environments/dev-env/manifest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,9 @@ name: dev-env
type: Environment

# Import your own VPC and subnets or configure how they should be created.
network:
vpc:
id: vpc-03581f28225eebcf8
subnets:
public:
- id: subnet-02af5dce7bdaae4c9
- id: subnet-070a378ffc7a92766
- id: subnet-0bfd16c35ed005f62
private:
- id: subnet-059ce9420f335d7b0
- id: subnet-0cb914099ba5f287b
- id: subnet-003d479c3698684de
# network:
# vpc:
# id:

# Configure the load balancers in your environment, once created.
# http:
Expand Down
12 changes: 5 additions & 7 deletions copilot/environments/prod-env/manifest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,16 +9,14 @@ type: Environment
# Import your own VPC and subnets or configure how they should be created.
network:
vpc:
id: vpc-03581f28225eebcf8
id: vpc-0e2c3939c6159987c
subnets:
public:
- id: subnet-02af5dce7bdaae4c9
- id: subnet-070a378ffc7a92766
- id: subnet-0bfd16c35ed005f62
- id: subnet-077af848ce2255562
- id: subnet-074c71e5fac150d04
private:
- id: subnet-059ce9420f335d7b0
- id: subnet-0cb914099ba5f287b
- id: subnet-003d479c3698684de
- id: subnet-0c572ccc92f2f825f
- id: subnet-0209edab730676d3e

# Configure the load balancers in your environment, once created.
# http:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ phases:
- ls -l
- export COLOR="false"
- export CI="true"
- pipeline=$(cat $CODEBUILD_SRC_DIR/copilot/pipelines/tomita-pipeline/manifest.yml | ruby -ryaml -rjson -e 'puts JSON.pretty_generate(YAML.load(ARGF))')
- pipeline=$(cat $CODEBUILD_SRC_DIR/copilot/pipelines/react-app-pipeline/manifest.yml | ruby -ryaml -rjson -e 'puts JSON.pretty_generate(YAML.load(ARGF))')
- pl_envs=$(echo $pipeline | jq -r '.stages[].name')
# Find all the local services in the workspace.
- svc_ls_result=$(./copilot-linux svc ls --local --json)
Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
# The manifest for the "tomita-pipeline" pipeline.
# The manifest for the "react-app-pipeline" pipeline.
# This YAML file defines your pipeline: the source repository it tracks and the order of the environments to deploy to.
# For more info: https://aws.github.io/copilot-cli/docs/manifest/pipeline/

# The name of the pipeline.
name: tomita-pipeline
name: react-app-pipeline

# The version of the schema used in this template.
version: 1
Expand All @@ -16,7 +16,7 @@ source:
# Additional properties that further specify the location of the artifacts.
properties:
branch: master
repository: https://github.com/RyosukeDTomita/react-roulette-frontend
repository: https://github.com/RyosukeDTomita/devsecops-demo-aws-ecs
# Optional: specify the name of an existing CodeStar Connections connection.
# connection_name: a-connection

Expand All @@ -28,7 +28,6 @@ stages:
# requires_approval: true
# Optional: use test commands to validate this stage of your build.
# test_commands: [echo 'running tests', make test]
test_commands: [echo 'hogehogehoge']

- # The name of the environment.
name: prod-env
Expand Down
2 changes: 1 addition & 1 deletion copilot/prod-svc/manifest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ image:
# Docker build arguments. For additional overrides: https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/#image-build
build: Dockerfile
# Port exposed through your container to route traffic to it.
port: 80
port: 8080

cpu: 256 # Number of CPU units for the task.
memory: 512 # Amount of memory in MiB used by the task.
Expand Down
7 changes: 4 additions & 3 deletions nginx.conf
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@

# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
Expand Down Expand Up @@ -35,9 +34,11 @@ http {
# for more information.
include /etc/nginx/conf.d/*.conf;


# Use 8080 instead of 80 to avoid the `nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)` when using ECS.
server {
listen 80;
listen [::]:80;
listen 8080;
listen [::]:8080;
server_name _;
root /usr/share/nginx/html;

Expand Down

0 comments on commit 3329358

Please sign in to comment.