curation-tools-data-sync/buildspec.yml at main · Pocket/curation-tools-data-sync · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
version: 0.2
#https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html

#####
# Performs an infrastructure deployment.
# For Code Deployments see CircleCI and AWS CodeDeploy
#####

run-as: circleci

env:
  variables:
    #Terraform workspace that we operate in
    TF_DEV_WORKSPACE: Dev
    TF_WORKSPACE: Prod
    #The ref of the main branch we work against
    MAIN_BRANCH_REF: 'refs/heads/main'
    MAIN_BRANCH: 'main'
    #The ref of the dev branch we work against
    DEV_BRANCH_REF: 'refs/heads/dev'
    DEV_BRANCH: 'dev'
    #Metaflow requires a username to run
    USERNAME: 'codebuild'
  secrets-manager:
    #Pull in the default terraform cloud token
    PAGERDUTY_TOKEN: 'CodeBuild/Default:mozilla_pagerduty_token'
    GITHUB_ACCESS_TOKEN: 'CodeBuild/Default:github_access_token'

#All phases are ran within the pocket/pocket-build:prod docker image
phases:
  pre_build:
    run-as: circleci
    commands:
      - |
        . /home/circleci/.codebuild_shims_wrapper.sh
        echo $CODEBUILD_WEBHOOK_HEAD_REF
        echo Setting Github Access Token
        echo "//npm.pkg.github.com/:_authToken=${GITHUB_ACCESS_TOKEN}" > ~/.npmrc
        echo Setting environment variables
        cd .aws
        nvm install --no-progress
        nvm use
        npm ci
        tfenv install
        tfenv use
        if [ "$GIT_BRANCH" = "$DEV_BRANCH" ]; then NODE_ENV=development npm run synth; else npm run synth; fi
        cd cdktf.out/stacks/curation-tools-data-sync
        terraform init
  build:
    run-as: circleci
    commands:
      - echo Build started on `date`
      ### If the branch is not main and its not dev, lets do a plan on prod.
      - 'if [ "$CODEBUILD_WEBHOOK_HEAD_REF" != "$MAIN_BRANCH_REF" ] && [ "$CODEBUILD_WEBHOOK_HEAD_REF" != "$DEV_BRANCH_REF" ] && [ -z "$GIT_BRANCH" ]; then terraform plan -lock=false -refresh=false -no-color; fi'
      #### If the branch is dev, lets do an apply on dev.
      - 'if [ "$GIT_BRANCH" = "$DEV_BRANCH" ]; then TF_WORKSPACE=$TF_DEV_WORKSPACE TF_LOG=INFO terraform apply -auto-approve -no-color; fi'
      #### If the branch is main lets apply.
      - 'if [ "$GIT_BRANCH" = "$MAIN_BRANCH" ]; then terraform apply -auto-approve -no-color; fi'
  post_build:
    run-as: circleci
    commands:
      # get back to the root dir
      - cd ../../
      - echo Build completed on `date`