diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..79ca25c --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,20 @@ +name: Deploy + +on: + workflow_dispatch: + inputs: + environment: + description: 'Target Environment' + required: true + tags: + description: 'Release tag to be deployed' + required: true +jobs: + Verify: + environment: ${{ github.event.deployment.environment }} + runs-on: ubuntu-latest + steps: + - name: Print event data + env: + EVENT: ${{ toJSON( github.event ) }} + run: echo "$EVENT" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8a190ba..dd5ffb5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,22 +29,27 @@ jobs: runs-on: ubuntu-latest if: ${{ github.ref == 'refs/heads/main' }} needs: [Verify] + permissions: + id-token: write + contents: write steps: - uses: actions/checkout@v2 - name: Setup Node.js environment uses: actions/setup-node@v1.4.5 with: node-version: 14 - - name: Package 📦 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-region: ap-southeast-2 + role-to-assume: arn:aws:iam::045615149555:role/service-image-upload + role-session-name: service-image-upload-session + - name: Publish 🚀 run: | - aws ecr get-login-password --region ap-southeast-2 | docker login --username AWS --password-stdin 045615149555.dkr.ecr.ap-southeast-2.amazonaws.com + aws ecr get-login-password --region ap-southeast-2 | docker login --username AWS --password-stdin $REPO_REGISTRY npm ci - npm run build - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - - name: Publish 🚀 - run: npm run release + npm run release env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + REPO_NAME: "lambda-container-service" + REPO_URI: "045615149555.dkr.ecr.ap-southeast-2.amazonaws.com/lambda-container-service" + REPO_REGISTRY: "045615149555.dkr.ecr.ap-southeast-2.amazonaws.com" diff --git a/.releaserc b/.releaserc index 3ca0f47..1f9d777 100644 --- a/.releaserc +++ b/.releaserc @@ -10,6 +10,7 @@ [ "@semantic-release/exec", { + "prepareCmd": "./prepare.sh ${nextRelease.version} ${options.branch} ${commits.length} ${Date.now()}", "publishCmd": "./publish.sh ${nextRelease.version} ${options.branch} ${commits.length} ${Date.now()}" } ] diff --git a/CHANGELOG.md b/CHANGELOG.md index ddff7fb..5d48c30 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,51 @@ +# [1.3.0](https://github.com/phenixcoder/lambda-container-service/compare/v1.2.1...v1.3.0) (2021-11-22) + + +### Bug Fixes + +* **newman:** fixed dev server express mapping ([9be5ee3](https://github.com/phenixcoder/lambda-container-service/commit/9be5ee3804eeec84316f36011d3c39e611d9e07c)) + + +### Features + +* **logger:** added improved logger ([2530e38](https://github.com/phenixcoder/lambda-container-service/commit/2530e3832e5ad53bf0b7e76bb26d6c574720f8a1)) + +# [1.3.0](https://github.com/phenixcoder/lambda-container-service/compare/v1.2.1...v1.3.0) (2021-11-22) + + +### Bug Fixes + +* **newman:** fixed dev server express mapping ([9be5ee3](https://github.com/phenixcoder/lambda-container-service/commit/9be5ee3804eeec84316f36011d3c39e611d9e07c)) + + +### Features + +* **logger:** added improved logger ([2530e38](https://github.com/phenixcoder/lambda-container-service/commit/2530e3832e5ad53bf0b7e76bb26d6c574720f8a1)) + +# [1.3.0](https://github.com/phenixcoder/lambda-container-service/compare/v1.2.1...v1.3.0) (2021-11-22) + + +### Bug Fixes + +* **newman:** fixed dev server express mapping ([9be5ee3](https://github.com/phenixcoder/lambda-container-service/commit/9be5ee3804eeec84316f36011d3c39e611d9e07c)) + + +### Features + +* **logger:** added improved logger ([2530e38](https://github.com/phenixcoder/lambda-container-service/commit/2530e3832e5ad53bf0b7e76bb26d6c574720f8a1)) + +# [1.3.0](https://github.com/phenixcoder/lambda-container-service/compare/v1.2.1...v1.3.0) (2021-11-22) + + +### Bug Fixes + +* **newman:** fixed dev server express mapping ([9be5ee3](https://github.com/phenixcoder/lambda-container-service/commit/9be5ee3804eeec84316f36011d3c39e611d9e07c)) + + +### Features + +* **logger:** added improved logger ([2530e38](https://github.com/phenixcoder/lambda-container-service/commit/2530e3832e5ad53bf0b7e76bb26d6c574720f8a1)) + ## [1.2.1](https://github.com/phenixcoder/lambda-container-service/compare/v1.2.0...v1.2.1) (2021-11-14) diff --git a/Dockerfile b/Dockerfile index 551f7a9..b7bfad0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,8 @@ FROM public.ecr.aws/lambda/nodejs:14 COPY ./build ${LAMBDA_TASK_ROOT} +WORKDIR ${LAMBDA_TASK_ROOT} +RUN pwd && ls -la RUN npm ci --only=production # Set the CMD to your handler (could also be done as a parameter override outside of the Dockerfile) diff --git a/README.md b/README.md index a444156..bc7f44e 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,26 @@ # Lambda Container Service > Service template using container based lambda function +## Setup +1. Create ECR Repo +2. Add folloeing permissions to Repo which allows Lambda to fetch image. +```json +{ + "Sid": "LambdaECRImageRetrievalPolicy", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + }, + "Action": [ + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ] +} +``` +3. Change the Repo Name in + 1. publish.sh:3 (Line 3) + 2. .github/workflows/release.yml (Line 40; To update login credentials) + ## Developing Runs a custom dev webserver which hosts the lambda function which can be hosted on diff --git a/deploy.yml b/deploy.yml new file mode 100644 index 0000000..5095b52 --- /dev/null +++ b/deploy.yml @@ -0,0 +1,19 @@ +envs: + # Development environment + - name: development + task: "${GITPLOY_DEPLOY_TASK}${GITPLOY_ROLLBACK_TASK}:lambda-service:development" + auto_merge: false + required_contexts: [] + + # Development environment + - name: beta + task: "${GITPLOY_DEPLOY_TASK}${GITPLOY_ROLLBACK_TASK}:lambda-service:beta" + auto_merge: false + required_contexts: [] + + # Production environment + - name: production + task: "${GITPLOY_DEPLOY_TASK}${GITPLOY_ROLLBACK_TASK}:lambda-service:production" + production_environment: true + auto_merge: false + required_contexts: [] diff --git a/prepare.sh b/prepare.sh new file mode 100755 index 0000000..aafba81 --- /dev/null +++ b/prepare.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# export LAMBDA_TASK_ROOT=/var/task + +npm version $1 --no-git-tag-version +npm run build:image +docker build --no-cache -t lambda-container-service . \ No newline at end of file diff --git a/publish.sh b/publish.sh index 792b3d5..c7d6be7 100755 --- a/publish.sh +++ b/publish.sh @@ -1,10 +1,9 @@ #!/bin/bash -REPO=045615149555.dkr.ecr.ap-southeast-2.amazonaws.com/lambda-container-service +SERVICE_NAME=$REPO_NAME +REPO=$REPO_URI -npm version $1 --no-git-tag-version -docker build -t lambda-container-service . -docker tag lambda-container-service:latest $REPO:$1 +docker tag $SERVICE_NAME:latest $REPO:$1 docker push $REPO:$1 -docker tag lambda-container-service:latest $REPO:latest +docker tag $SERVICE_NAME:latest $REPO:latest docker push $REPO:latest \ No newline at end of file diff --git a/setup b/setup new file mode 100644 index 0000000..bb40724 --- /dev/null +++ b/setup @@ -0,0 +1,69 @@ +#!/bin/env node + +const execSync = require('child_process').execSync; +const { readFileSync, writeFileSync, unlinkSync } = require('fs'); +const POLICY = { + "Version" : "2008-10-17", + "Statement" : [ + { + "Sid": "LambdaECRImageRetrievalPolicy", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + }, + "Action": [ + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ] + } + ] + }; + +const runtimeConfig = { + REPO_NAME : process.argv[2], + REPO_URI: null, + REPO_REGISTRY: null +} +try { + const repos = execSync(` aws ecr describe-repositories --repository-names=${runtimeConfig.REPO_NAME}`, { stdio: 'pipe'}); + console.log(); + runtimeConfig.REPO_URI = JSON.parse(repos.toString()).repositories[0].repositoryUri; +} catch (error) { + console.log(error); + const newRepo = execSync(`aws ecr create-repository --repository-name ${runtimeConfig.REPO_NAME}`, { stdio: 'pipe'}); + runtimeConfig.REPO_URI = JSON.parse(newRepo.toString()).repository.repositoryUri; +} + +if (runtimeConfig.REPO_URI) { + runtimeConfig.REPO_REGISTRY = runtimeConfig.REPO_URI.replace(`/${runtimeConfig.REPO_NAME}`, ""); + console.log('Setting Repo Policy'); + writeFileSync('./lcs-policy.json', JSON.stringify(POLICY)); + try { + execSync(`aws ecr set-repository-policy --repository-name=${runtimeConfig.REPO_NAME} --policy-text=file://lcs-policy.json`, { stdio: 'pipe'}); + unlinkSync('./lcs-policy.json'); + console.log(`Repo policy set on ${runtimeConfig.REPO_NAME} repo.`); + } catch (error) { + console.log('Error setting policy', error.stderr.toString()); + unlinkSync('./lcs-policy.json'); + process.exit(1); + } +} + +console.log('\nRuntime Config:'); +console.log('==============='); +console.log('REPO_NAME:', runtimeConfig.REPO_NAME); +console.log('REPO_URI :', runtimeConfig.REPO_URI); +console.log('REPO_REGISTRY :', runtimeConfig.REPO_REGISTRY); + +console.log("Updating package.json"); +let packageFile = JSON.parse(readFileSync('package.json').toString()); +packageFile.name = runtimeConfig.REPO_NAME; +writeFileSync('package.json', JSON.stringify(packageFile, null, ' ')); + +console.log("Updating .github/workflows/release.yml"); +let releaseFile = readFileSync('.github/workflows/release.yml').toString(); +releaseFile = releaseFile.replace('REPO_NAME: "lambda-container-service"', `REPO_NAME: "${runtimeConfig.REPO_NAME}"`); +releaseFile = releaseFile.replace('REPO_URI: "045615149555.dkr.ecr.ap-southeast-2.amazonaws.com/lambda-container-service"', `REPO_URI: "${runtimeConfig.REPO_URI}"`); +releaseFile = releaseFile.replace('REPO_REGISTRY: "045615149555.dkr.ecr.ap-southeast-2.amazonaws.com"', `REPO_REGISTRY: "${runtimeConfig.REPO_REGISTRY}"`); +writeFileSync('.github/workflows/release.yml', releaseFile); +console.log('Setup Successfull. Please delete this setup script.'); \ No newline at end of file