文章目錄
- aws(學習筆記第三十八課) codepipeline-build-deploy-github-manual
- 學習內容:
- 1. 整體架構
- 1.1 代碼鏈接
- 1.2 全體處理架構
- 2. 代碼分析
- 2.1 創建`ImageRepo`,并設定給`FargateTaskDef`
- 2.2 創建`CodeBuild project`
- 2.3 對`CodeBuild project`賦予權限(`ECR`的`image repo`)
- 2.4 生成`lambda`函數觸發`codebuild`的首次執行
- 2.4.1 生成`lambda`函數觸發`codebuild`
- 2.4.2 `lambda`函數觸發`codebuild`的代碼
- 2.4.3 `AWS Custom Resource`的代碼
- 2.5 創建`vpc`和`ecs cluster`
- 2.5.1 創建`vpc`
- 2.5.2 創建`藍綠部署`
- 2.5 創建`Application Loader Balancer`
- 2.6 創建`fargate service`
- 2.6.1 創建`fargate service`
- 2.6.1 在`fargate service`上進行`application target group`的`attach`
- 2.7 創建`code pipeline`
- 2.7.2 `codepipe`整體架構
- 2.7.1 創建`pipeline artifacts`
- 2.7.2 創建`source stage`
- 2.7.3 創建`build stage`
- 2.7.4 創建`deploy stage`
- 2.8 創建`code pipeline`
- 2.8.1 為`code build`設定`github`的`confidential`
- 2.8.2 最終創建`pipeline`
- 3 執行`CDK`
- 3.1 將`application`提前部署到`github`
- 3.2 在`github`創建`PAT Person Access Tocken`
- 3.3 執行命令將`github`的`PAT`創建到`AWS Secret Manager`上
- 3.4 修改`codepipeline_build_deploy_stack.py`中的`todo`
- 3.4 執行`cdk`
- 3.5 訪問`Application Loader Balancer`
aws(學習筆記第三十八課) codepipeline-build-deploy-github-manual
- 使用
codepipeline-build-deploy
學習內容:
- 使用
codepipeline,★代碼庫不采用codecommit,而是github - 使用
codebuild - 使用
codedeploy
1. 整體架構
1.1 代碼鏈接
- 代碼鏈接(codepipeline-build-deploy-github-manual)
- 同時可以參照aws(學習筆記第二十課) codecommit以及codedeploy進行開發
1.2 全體處理架構
2. 代碼分析
2.1 創建ImageRepo,并設定給FargateTaskDef
# Creates an Elastic Container Registry (ECR) image repositoryimage_repo = ecr.Repository(self, "ImageRepo")# Creates a Task Definition for the ECS Fargate servicefargate_task_def = ecs.FargateTaskDefinition(self, "FargateTaskDef")fargate_task_def.add_container("Container",container_name="web",image=ecs.ContainerImage.from_ecr_repository(image_repo),port_mappings=[{"containerPort": 80}])
注意,這里并沒有指定具體的image的URI以及tag,這里只是指定了Image Repo(ECR)。后面會在CodeBuildStage階段build出來docker image,并且接在CodeDeployStage階段將該docker image部署到Fargate Service。
2.2 創建CodeBuild project
# CodeBuild project that builds the Docker imagebuild_image = codebuild.Project(self, "BuildImage",build_spec=codebuild.BuildSpec.from_source_filename("buildspec.yaml"),source=codebuild.Source.git_hub(owner="bufanli", # TODO: Replace with your GitHub usernamerepo="web_app", # TODO: Replace with your GitHub repository namebranch_or_ref="main",),environment=codebuild.BuildEnvironment(privileged=True),environment_variables={"AWS_ACCOUNT_ID": codebuild.BuildEnvironmentVariable(value=os.getenv('CDK_DEFAULT_ACCOUNT') or ""),"REGION": codebuild.BuildEnvironmentVariable(value=os.getenv('CDK_DEFAULT_REGION') or ""),"IMAGE_TAG": codebuild.BuildEnvironmentVariable(value="latest"),"IMAGE_REPO_NAME": codebuild.BuildEnvironmentVariable(value=image_repo.repository_name),"REPOSITORY_URI": codebuild.BuildEnvironmentVariable(value=image_repo.repository_uri),"TASK_DEFINITION_ARN": codebuild.BuildEnvironmentVariable(value=fargate_task_def.task_definition_arn),"TASK_ROLE_ARN": codebuild.BuildEnvironmentVariable(value=fargate_task_def.task_role.role_arn),"EXECUTION_ROLE_ARN": codebuild.BuildEnvironmentVariable(value=fargate_task_def.execution_role.role_arn)}
這里,設定build_spec文件,在app/buildspec.yml中,
- 設定
pre_build登錄ecr (?Amazon Elastic Container Registry(ECR),方便之后的向ecr進行鏡像的登錄。commands:- echo Logging in to Amazon ECR...- aws --version- aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com - 進行
build處理
這里的commands:- echo Building the Docker image...- docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .- docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE
)
)