You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This repository contains the AWS Lambda Function for updating the GitHub Copilot dashboard's organisation-wide historic data, Copilot teams, and teams history.
4
4
5
-
The Copilot dashboard can be found on the Copilot tab within the Digital Landscape.
5
+
The Copilot dashboard can be found on the GitHub Copilot tab within the Digital Landscape.
6
6
7
-
[View the Digital Landscape's repository](https://github.com/ONS-Innovation/keh-digital-landscape).
7
+
[View the Digital Landscape's repository](https://github.com/ONSdigital/keh-digital-landscape).
8
8
9
9
---
10
10
@@ -14,10 +14,20 @@ The Copilot dashboard can be found on the Copilot tab within the Digital Landsca
14
14
-[Table of Contents](#table-of-contents)
15
15
-[Prerequisites](#prerequisites)
16
16
-[Makefile](#makefile)
17
-
-[AWS Lambda Scripts](#aws-lambda-scripts)
18
-
-[Setup - Running in a container](#setup---running-in-a-container)
19
-
-[Setup - running outside of a Container (Development only)](#running-outside-of-a-container-development-only)
20
-
-[Storing the container on AWS Elastic Container Registry (ECR)](#storing-the-container-on-aws-elastic-container-registry-ecr)
17
+
-[AWS Lambda Script](#aws-lambda-script)
18
+
-[Running the Project](#running-the-project)
19
+
-[Outside of a Container (Recommended) (Development Only)](#outside-of-a-container-recommended-development-only)
20
+
-[Running in a container](#running-in-a-container)
21
+
-[Deployment](#deployment)
22
+
-[Deployments with Concourse](#deployments-with-concourse)
23
+
-[Allowlisting your IP](#allowlisting-your-ip)
24
+
-[Setting up a pipeline](#setting-up-a-pipeline)
25
+
-[Prod deployment](#prod-deployment)
26
+
-[Triggering a pipeline](#triggering-a-pipeline)
27
+
-[Destroying a pipeline](#destroying-a-pipeline)
28
+
-[Manual Deployment](#manual-deployment)
29
+
-[Deployment Overview](#deployment-overview)
30
+
-[Storing the container on AWS Elastic Container Registry (ECR)](#storing-the-container-on-aws-elastic-container-registry-ecr)
3. Run the image locally mapping local host port (9000) to container port (8080) and passing in AWS credentials to download a .pem file from the AWS Secrets Manager to the running container. These credentials will also be used to upload and download `historic_usage_data.json` to and from S3.
@@ -99,7 +140,7 @@ Further information can be found in [this project's documentation](/docs/index.m
The lambda can be run outside of a container for development purposes, or inside a container image to push to AWS ECR.
188
+
To setup the deployment pipeline with concourse, you must first allowlist your IP address on the Concourse
189
+
server. IP addresses are flushed everyday at 00:00 so this must be done at the beginning of every working day
190
+
whenever the deployment pipeline needs to be used. Follow the instructions on the Confluence page (SDP Homepage > SDP Concourse > Concourse Login) to
191
+
login. All our pipelines run on sdp-pipeline-prod, whereas sdp-pipeline-dev is the account used for
192
+
changes to Concourse instance itself. Make sure to export all necessary environment variables from sdp-pipeline-prod (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN).
156
193
157
-
#### Running outside of a Container (Development only)
194
+
#### Setting up a pipeline
158
195
159
-
To run the Lambda function outside of a container, we need to execute the `handler()` function.
196
+
When setting up our pipelines, we use ecs-infra-user on sdp-dev to be able to interact with our infrastructure on AWS. The credentials for this are stored on
197
+
AWS Secrets Manager so you do not need to set up anything yourself.
160
198
161
-
1. Uncomment the following at the bottom of `main.py`.
199
+
To set the pipeline, run the following script:
162
200
163
-
```python
164
-
...
165
-
# if __name__ == "__main__":
166
-
# handler(None, None)
167
-
...
168
-
```
201
+
```bash
202
+
chmod u+x ./concourse/scripts/set_pipeline.sh
203
+
./concourse/scripts/set_pipeline.sh
204
+
```
169
205
170
-
**Please Note:** If uncommenting the above in `main.py`, make sure you re-comment the code _before_ pushing back to GitHub.
206
+
Note that you only have to run chmod the first time running the script in order to give permissions.
207
+
This script will set the branch and pipeline name to whatever branch you are currently on. It will also set the image tag on ECR to 7 characters of the current branch name if running on a branch other than main. For main, the ECR tag will be the latest release tag on the repository that has semantic versioning(vX.Y.Z).
171
208
172
-
2. Run the script.
209
+
The pipeline name itself will usually follow a pattern as follows: `github-copilot-usage-lambda-<branch-name>` for any non-main branch and `github-copilot-usage-lambda` for the main/master branch.
173
210
174
-
```bash
175
-
python3 src/main.py
176
-
```
211
+
#### Prod deployment
212
+
213
+
To deploy to prod, it is required that a Github Release is made on Github. The release is required to follow semantic versioning of vX.Y.Z.
214
+
215
+
A manual trigger is to be made on the pipeline name `github-copilot-usage-lambda > deploy-after-github-release` job through the Concourse CI UI. This will create a github-create-tag resource that is required on the `github-copilot-usage-lambda > build-and-push-prod` job. Then the prod deployment job is also through a manual trigger ensuring that prod is only deployed using the latest GitHub release tag in the form of vX.Y.Z and is manually controlled.
216
+
217
+
#### Triggering a pipeline
218
+
219
+
Once the pipeline has been set, you can manually trigger a dev build on the Concourse UI, or run the following command for non-main branch deployment:
**It is unlikely that you will need to destroy a pipeline, but the command is here if needed.**
240
+
241
+
**Note:** This will not destroy any resources created by Terraform. You must manually destroy these resources using Terraform.
242
+
243
+
### Manual Deployment
244
+
245
+
#### Deployment Overview
246
+
247
+
This repository is designed to be hosted on AWS Lambda using a container image as the Lambda's definition.
248
+
249
+
There are 2 parts to deployment:
250
+
251
+
1. Updating the ECR Image.
252
+
2. Updating the Lambda.
177
253
178
254
#### Storing the container on AWS Elastic Container Registry (ECR)
179
255
@@ -298,7 +374,7 @@ If the application has been modified, the following can be performed to update t
298
374
299
375
The reconfigure options ensures that the backend state is reconfigured to point to the appropriate S3 bucket.
300
376
301
-
**_Please Note:_** This step requires an **AWS_ACCESS_KEY_ID** and **AWS_SECRET_ACCESS_KEY** to be loaded into the environment if not already in place. Please refer to [setup](#setup).
377
+
**_Please Note:_** This step requires an **AWS_ACCESS_KEY_ID** and **AWS_SECRET_ACCESS_KEY** to be loaded into the environment if not already in place.
302
378
303
379
- Refresh the local state to ensure it is in sync with the backend
To setup the deployment pipeline with concourse, you must first allowlist your IP address on the Concourse
346
-
server. IP addresses are flushed everyday at 00:00 so this must be done at the beginning of every working day whenever the deployment pipeline needs to be used.
347
-
348
-
Follow the instructions on the Confluence page (SDP Homepage > SDP Concourse > Concourse Login) to
349
-
login. All our pipelines run on `sdp-pipeline-prod`, whereas `sdp-pipeline-dev` is the account used for
350
-
changes to Concourse instance itself. Make sure to export all necessary environment variables from `sdp-pipeline-prod` (**AWS_ACCESS_KEY_ID**, **AWS_SECRET_ACCESS_KEY**, **AWS_SESSION_TOKEN**).
351
-
352
-
### Setting up a pipeline
353
-
354
-
When setting up our pipelines, we use `ecs-infra-user` on `sdp-dev` to be able to interact with our infrastructure on AWS. The credentials for this are stored on AWS Secrets Manager so you do not need to set up anything yourself.
Note that you only have to run chmod the first time running the script in order to give permissions.
364
-
This script will set the branch and pipeline name to whatever branch you are currently on. It will also set the image tag on ECR to the current commit hash at the time of setting the pipeline.
365
-
366
-
The pipeline name itself will usually follow a pattern as follows: `<repo-name>-<branch-name>`
367
-
If you wish to set a pipeline for another branch without checking out, you can run the following:
If the branch you are deploying is `main`, it will trigger a deployment to the `sdp-prod` environment. To set the ECR image tag, you must draft a GitHub release pointing to the latest release of the `main` branch that has a tag in the form of `vX.Y.Z.` Drafting up a release will automatically deploy the latest version of the `main` branch with the associated release tag, but you can also manually trigger a build through the Concourse UI or the terminal prompt.
374
-
375
-
### Triggering a pipeline
376
-
377
-
Once the pipeline has been set, you can manually trigger a build on the Concourse UI, or run the following command:
0 commit comments