diff --git a/.github/skills/commit-message-generator/SKILL.md b/.github/skills/commit-message-generator/SKILL.md index 7a41080..19ff1f1 100644 --- a/.github/skills/commit-message-generator/SKILL.md +++ b/.github/skills/commit-message-generator/SKILL.md @@ -6,6 +6,7 @@ description: Generate appropriate commit messages based on Git diffs ## Prerequisites - This Skill retrieves Git diffs and suggests meaningful commit messages - Message format should follow Conventional Commits +- Commit messages should have a one-line Conventional Commits header, an optional blank second line, and from the third line onward include a bulleted list summarizing the changes - Commit messages should be in English - **Never perform Git commit or Git push** diff --git a/ci/buildspec.yml b/ci/buildspec.yml index 0c1b314..37b41cf 100644 --- a/ci/buildspec.yml +++ b/ci/buildspec.yml @@ -16,3 +16,6 @@ phases: - set -e - docker push ${REPOSITORY_URI}:${GIT_TAG} - docker push ${REPOSITORY_URI}:latest + - printf '[{"name":"forgejo","imageUri":"%s"}]' $REPOSITORY_URI:$GIT_TAG > imagedefinitions.json +artifacts: + files: imagedefinitions.json diff --git a/infra/cfn/forgejo-cl.yaml b/infra/cfn/forgejo-cl.yaml index 0712008..ec1142a 100644 --- a/infra/cfn/forgejo-cl.yaml +++ b/infra/cfn/forgejo-cl.yaml @@ -10,6 +10,10 @@ Parameters: Type: String Default: forgejo-source.zip + ArtifactBucketName: + Type: String + Default: forgejo-artifact-bucket + ForgejoRepositoryName: Type: String Default: forgejo-repository @@ -29,12 +33,49 @@ Resources: EventBridgeConfiguration: EventBridgeEnabled: true + ArtifactBucket: + Type: AWS::S3::Bucket + Properties: + BucketName: !Sub "${AWS::Region}-${AWS::AccountId}-${ArtifactBucketName}" + Tags: + - Key: Project + Value: Git-server + VersioningConfiguration: + Status: Enabled + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + SSEAlgorithm: AES256 + PublicAccessBlockConfiguration: + BlockPublicAcls: true + BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true + ForgejoRepository: Type: AWS::ECR::Repository Properties: RepositoryName: !Ref ForgejoRepositoryName ImageScanningConfiguration: ScanOnPush: true + LifecyclePolicy: + LifecyclePolicyText: | + { + "rules": [ + { + "rulePriority": 1, + "description": "Expire images to keep maximum 5", + "selection": { + "tagStatus": "any", + "countType": "imageCountMoreThan", + "countNumber": 5 + }, + "action": { + "type": "expire" + } + } + ] + } CodeBuildRole: Type: AWS::IAM::Role @@ -76,8 +117,8 @@ Resources: - s3:PutObject - s3:ListBucket Resource: - - !Sub "arn:aws:s3:::codebuild-${AWS::Region}-${AWS::AccountId}-input-bucket" - - !Sub "arn:aws:s3:::codebuild-${AWS::Region}-${AWS::AccountId}-input-bucket/*" + - !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${ArtifactBucketName}" + - !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${ArtifactBucketName}/*" - !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${SourceBucketName}" - !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${SourceBucketName}/*" @@ -127,8 +168,8 @@ Resources: - s3:GetBucketLocation - s3:GetBucketVersioning Resource: - - !Sub "arn:aws:s3:::codebuild-${AWS::Region}-${AWS::AccountId}-input-bucket" - - !Sub "arn:aws:s3:::codebuild-${AWS::Region}-${AWS::AccountId}-input-bucket/*" + - !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${ArtifactBucketName}" + - !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${ArtifactBucketName}/*" - !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${SourceBucketName}" - !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${SourceBucketName}/*" - Effect: Allow @@ -143,6 +184,41 @@ Resources: - codepipeline:PutApprovalResult - codepipeline:StartPipelineExecution Resource: !Sub "arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:*" + - Sid: TaskDefinitionPermissions + Effect: Allow + Action: + - ecs:DescribeTaskDefinition + - ecs:RegisterTaskDefinition + Resource: + - "*" + - Sid: ECSServicePermissions + Effect: Allow + Action: + - ecs:DescribeServices + - ecs:UpdateService + Resource: + - !Sub "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:service/*/*" + - Sid: ECSTagResource + Effect: Allow + Action: + - ecs:TagResource + Resource: + - !Sub "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:task-definition/*:*" + Condition: + StringEquals: + ecs:CreateAction: + - RegisterTaskDefinition + - Sid: IamPassRolePermissions + Effect: Allow + Action: + - iam:PassRole + Resource: + - !Sub "arn:aws:iam::${AWS::AccountId}:role/*" + Condition: + StringEquals: + iam:PassedToService: + - ecs.amazonaws.com + - ecs-tasks.amazonaws.com ForgejoPipeline: Type: AWS::CodePipeline::Pipeline @@ -151,7 +227,7 @@ Resources: RoleArn: !GetAtt CodePipelineRole.Arn ArtifactStore: Type: S3 - Location: !Sub "codebuild-ap-northeast-1-${AWS::AccountId}-input-bucket" + Location: !Ref ArtifactBucket Stages: - Name: Source Actions: @@ -177,8 +253,23 @@ Resources: Version: "1" InputArtifacts: - Name: SourceOutput + OutputArtifacts: + - Name: BuildOutput Configuration: ProjectName: !Ref ForgejoBuildProject + - Name: Deploy + Actions: + - Name: DeployECS + ActionTypeId: + Category: Deploy + Owner: AWS + Provider: ECS + Version: "1" + InputArtifacts: + - Name: BuildOutput + Configuration: + ClusterName: my-forgejo-cluster + ServiceName: forgejo-service S3SourceChangeRule: Type: AWS::Events::Rule diff --git a/infra/cfn/forgejo-ecs-service.yaml b/infra/cfn/forgejo-ecs-service.yaml index 6401f5c..8e3e96d 100644 --- a/infra/cfn/forgejo-ecs-service.yaml +++ b/infra/cfn/forgejo-ecs-service.yaml @@ -35,6 +35,7 @@ Parameters: Resources: + ECSService: Type: AWS::ECS::Service Properties: @@ -56,13 +57,18 @@ Resources: - TargetGroupArn: !ImportValue forgejo-network-TargetGroupArn ContainerName: forgejo ContainerPort: 3000 - HealthCheckGracePeriodSeconds: 0 + HealthCheckGracePeriodSeconds: 300 + DeploymentController: + Type: ECS DeploymentConfiguration: + Strategy: ROLLING MaximumPercent: 100 MinimumHealthyPercent: 0 - DeploymentCircuitBreaker: - Enable: true + Alarms: + AlarmNames: + - myAlarm Rollback: true + Enable: true SchedulingStrategy: REPLICA EnableECSManagedTags: true PropagateTags: TASK_DEFINITION diff --git a/infra/cfn/forgejo-network.yaml b/infra/cfn/forgejo-network.yaml index 01cc151..f1faa67 100644 --- a/infra/cfn/forgejo-network.yaml +++ b/infra/cfn/forgejo-network.yaml @@ -70,9 +70,7 @@ Resources: Weight: 1 Priority: 1 Conditions: - - Values: - - "git.n-daisuke897.com" - HostHeaderConfig: + - HostHeaderConfig: Values: - "git.n-daisuke897.com" Field: "host-header" @@ -81,7 +79,13 @@ Resources: Outputs: TargetGroupArn: - Description: ARN of the Forgejo target group + Description: ARN of the Forgejo blue target group Value: !Ref ElasticLoadBalancingV2TargetGroupForgejo Export: Name: !Sub "${AWS::StackName}-TargetGroupArn" + + ListenerRuleForgejoArn: + Description: ARN of the Forgejo listener rule + Value: !GetAtt ElasticLoadBalancingV2ListenerRuleForgejo.RuleArn + Export: + Name: !Sub "${AWS::StackName}-ListenerRuleForgejoArn"