CI CD with GitHub - gosaaan1/hokulea-garage GitHub Wiki
hokulea-garage on draft [⇡]
❯ aws-vault exec hokulea -- sam pipeline init --bootstrap
sam pipeline init generates a pipeline configuration file that your CI/CD system
can use to deploy serverless applications using AWS SAM.
We will guide you through the process to bootstrap resources for each stage,
then walk through the details necessary for creating the pipeline config file.
Please ensure you are in the root folder of your SAM application before you begin.
Select a pipeline template to get started:
1 - AWS Quick Start Pipeline Templates
2 - Custom Pipeline Template Location
Choice: 1Cloning from https://github.com/aws/aws-sam-cli-pipeline-init-templates.git (process may take a moment)
Select CI/CD system
1 - Jenkins
2 - GitLab CI/CD
3 - GitHub Actions
4 - Bitbucket Pipelines
5 - AWS CodePipeline
Choice: 3You are using the 2-stage pipeline template.
_________ _________
| | | |
| Stage 1 |->| Stage 2 |
|_________| |_________|
Checking for existing stages...
[!] None detected in this account.
Do you want to go through stage setup process now? If you choose no, you can still reference other bootstrapped resources. [Y/n]:For each stage, we will ask for [1] stage definition, [2] account details, and [3]
reference application build resources in order to bootstrap these pipeline
resources.
We recommend using an individual AWS account profiles for each stage in your
pipeline. You can set these profiles up using aws configure or ~/.aws/credentials. See
[https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-getting-started-set-up-credentials.html].
Stage 1 Setup
[1] Stage definition
Enter a configuration name for this stage. This will be referenced later when you use the sam pipeline init command:
Stage configuration name: dev
[2] Account details
The following AWS credential sources are available to use.
To know more about configuration AWS credentials, visit the link below:
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
1 - Environment variables
2 - default (named profile)
3 - hokulea (named profile)
q - Quit and configure AWS credentials
Select a credential source to associate with this stage: 1
Associated account {your account id} with configuration dev.
Enter the region in which you want these resources to be created [ap-northeast-1]:
Select a user permissions provider:
1 - IAM (default)
2 - OpenID Connect (OIDC)
Choice (1, 2): 1
Enter the pipeline IAM user ARN if you have previously created one, or we will create one for you []:
[3] Reference application build resources
Enter the pipeline execution role ARN if you have previously created one, or we will create one for you []:
Enter the CloudFormation execution role ARN if you have previously created one, or we will create one for you []:
Please enter the artifact bucket ARN for your Lambda function. If you do not have a bucket, we will create one for you []:
Does your application contain any IMAGE type Lambda functions? [y/N]: y
Please enter the ECR image repository ARN(s) for your Image type function(s).If you do not yet have a repository, we will create one for you []:
[4] Summary
Below is the summary of the answers:
1 - Account: {your account id}
2 - Stage configuration name: dev
3 - Region: ap-northeast-1
4 - Pipeline user: [to be created]
5 - Pipeline execution role: [to be created]
6 - CloudFormation execution role: [to be created]
7 - Artifacts bucket: [to be created]
8 - ECR image repository: [to be created]
Press enter to confirm the values above, or select an item to edit the value:
This will create the following required resources for the 'dev' configuration:
- Pipeline IAM user
- Pipeline execution role
- CloudFormation execution role
- Artifact bucket
- ECR image repository
Should we proceed with the creation? [y/N]: y
Creating the required resources...
Successfully created!
The following resources were created in your account:
- Pipeline execution role
- CloudFormation execution role
- Artifact bucket
- Pipeline IAM user
- ECR image repository
Pipeline IAM user credential:
AWS_ACCESS_KEY_ID: {use for github secret value} # (1)
AWS_SECRET_ACCESS_KEY: {use for github secret value} # (2)
View the definition in .aws-sam/pipeline/pipelineconfig.toml,
run sam pipeline bootstrap to generate another set of resources, or proceed to
sam pipeline init to create your pipeline configuration file.
Before running sam pipeline init, we recommend first setting up AWS credentials
in your CI/CD account. Read more about how to do so with your provider in
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-generating-example-ci-cd-others.html.-
GitHubの Action secrets and variables の
AWS_ACCESS_KEY_IDにセットします。 -
1と同様に
AWS_SECRET_ACCESS_KEYにセットします。
Checking for existing stages...
Only 1 stage(s) were detected, fewer than what the template requires: 2. If these are incorrect, delete .aws-sam/pipeline/pipelineconfig.toml and rerun
Do you want to go through stage setup process now? If you choose no, you can still reference other bootstrapped resources. [Y/n]:
For each stage, we will ask for [1] stage definition, [2] account details, and [3]
reference application build resources in order to bootstrap these pipeline
resources.
We recommend using an individual AWS account profiles for each stage in your
pipeline. You can set these profiles up using aws configure or ~/.aws/credentials. See
[https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-getting-started-set-up-credentials.html].
Stage 2 Setup
[1] Stage definition
Enter a configuration name for this stage. This will be referenced later when you use the sam pipeline init command:
Stage configuration name: prd
[2] Account details
The following AWS credential sources are available to use.
To know more about configuration AWS credentials, visit the link below:
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
1 - Environment variables
2 - default (named profile)
3 - hokulea (named profile)
q - Quit and configure AWS credentials
Select a credential source to associate with this stage: 1
Associated account {your account id} with configuration prd.
Enter the region in which you want these resources to be created [ap-northeast-1]:
Pipeline IAM user ARN: arn:aws:iam::{your account id}:user/aws-sam-cli-managed-dev-pipeline-reso-PipelineUser-QHR96S4TU769
[3] Reference application build resources
Enter the pipeline execution role ARN if you have previously created one, or we will create one for you []:
Enter the CloudFormation execution role ARN if you have previously created one, or we will create one for you []:
Please enter the artifact bucket ARN for your Lambda function. If you do not have a bucket, we will create one for you []:
Does your application contain any IMAGE type Lambda functions? [y/N]: y
Please enter the ECR image repository ARN(s) for your Image type function(s).If you do not yet have a repository, we will create one for you []:
[4] Summary
Below is the summary of the answers:
1 - Account: {your account id}
2 - Stage configuration name: prd
3 - Region: ap-northeast-1
4 - Pipeline user ARN: arn:aws:iam::{your account id}:user/aws-sam-cli-managed-dev-pipeline-reso-PipelineUser-QHR96S4TU769
5 - Pipeline execution role: [to be created]
6 - CloudFormation execution role: [to be created]
7 - Artifacts bucket: [to be created]
8 - ECR image repository: [to be created]
Press enter to confirm the values above, or select an item to edit the value:
This will create the following required resources for the 'prd' configuration:
- Pipeline execution role
- CloudFormation execution role
- Artifact bucket
- ECR image repository
Should we proceed with the creation? [y/N]: y
Creating the required resources...
Successfully created!
The following resources were created in your account:
- Pipeline execution role
- CloudFormation execution role
- Artifact bucket
- ECR image repository
View the definition in .aws-sam/pipeline/pipelineconfig.toml,
run sam pipeline bootstrap to generate another set of resources, or proceed to
sam pipeline init to create your pipeline configuration file.
Checking for existing stages...
2 stage(s) were detected, matching the template requirements. If these are incorrect, delete .aws-sam/pipeline/pipelineconfig.toml and rerunThis template configures a pipeline that deploys a serverless application to a testing and a production stage.
What is the GitHub secret name for pipeline user account access key ID? [AWS_ACCESS_KEY_ID]:
What is the GitHub Secret name for pipeline user account access key secret? [AWS_SECRET_ACCESS_KEY]:
What is the git branch used for production deployments? [main]:
What is the template file path? [template.yaml]: aws_sam_project/micro-app/template.yaml
We use the stage configuration name to automatically retrieve the bootstrapped resources created when you ran `sam pipeline bootstrap`.
Here are the stage configuration names detected in .aws-sam/pipeline/pipelineconfig.toml:
1 - dev
2 - prd
Select an index or enter the stage 1's configuration name (as provided during the bootstrapping): 1
What is the sam application stack name for stage 1? [sam-app]: micro-app-dev
Stage 1 configured successfully, configuring stage 2.
Here are the stage configuration names detected in .aws-sam/pipeline/pipelineconfig.toml:
1 - dev
2 - prd
Select an index or enter the stage 2's configuration name (as provided during the bootstrapping): 2
What is the sam application stack name for stage 2? [sam-app]: micro-app-prd
Stage 2 configured successfully.
SUMMARY
We will generate a pipeline config file based on the following information:
Select a user permissions provider.: AWS IAM
What is the GitHub secret name for pipeline user account access key ID?: AWS_ACCESS_KEY_ID
What is the GitHub Secret name for pipeline user account access key secret?: AWS_SECRET_ACCESS_KEY
What is the git branch used for production deployments?: main
What is the template file path?: aws_sam_project/micro-app/template.yaml
Select an index or enter the stage 1's configuration name (as provided during the bootstrapping): 1
What is the sam application stack name for stage 1?: micro-app-dev
What is the pipeline execution role ARN for stage 1?: arn:aws:iam::{your account id}:role/aws-sam-cli-managed-dev-pipe-PipelineExecutionRole-3HYPP9B5R9MG
What is the CloudFormation execution role ARN for stage 1?: arn:aws:iam::{your account id}:role/aws-sam-cli-managed-dev-p-CloudFormationExecutionR-7HHLRL1HZNX1
What is the S3 bucket name for artifacts for stage 1?: aws-sam-cli-managed-dev-pipeline-artifactsbucket-1jy9280oglzqe
What is the ECR repository URI for stage 1?: {your account id}.dkr.ecr.ap-northeast-1.amazonaws.com/aws-sam-cli-managed-dev-pipeline-resources-imagerepository-ylkutybkftzw
What is the AWS region for stage 1?: ap-northeast-1
Select an index or enter the stage 2's configuration name (as provided during the bootstrapping): 2
What is the sam application stack name for stage 2?: micro-app-prd
What is the pipeline execution role ARN for stage 2?: arn:aws:iam::{your account id}:role/aws-sam-cli-managed-prd-pipe-PipelineExecutionRole-3BVHBMWD9SJ1
What is the CloudFormation execution role ARN for stage 2?: arn:aws:iam::{your account id}:role/aws-sam-cli-managed-prd-p-CloudFormationExecutionR-1S51CWVEZ1TAO
What is the S3 bucket name for artifacts for stage 2?: aws-sam-cli-managed-prd-pipeline-artifactsbucket-1m29pel4l2gqk
What is the ECR repository URI for stage 2?: {your account id}.dkr.ecr.ap-northeast-1.amazonaws.com/aws-sam-cli-managed-prd-pipeline-resources-imagerepository-rogweoiloyu9
What is the AWS region for stage 2?: ap-northeast-1
Successfully created the pipeline configuration file(s):
- .github/workflows/pipeline.yaml