nakada0907/forgejo-deployment
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: nakada0907:777e51ab45597e643d4dfd0cc94437ded5f3ff36
Branches Tags
nakada0907:master
..
compare: nakada0907:53271302e22992bd8f52f3d5ca64720da3cea133
Branches Tags
nakada0907:master

No commits in common. "777e51ab45597e643d4dfd0cc94437ded5f3ff36" and "53271302e22992bd8f52f3d5ca64720da3cea133" have entirely different histories.
777e51ab45 ... 53271302e2

5 changed files with 12 additions and 117 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.github/skills/commit-message-generator/SKILL.md vendored
View file

@ -6,7 +6,6 @@ description: Generate appropriate commit messages based on Git diffs
## Prerequisites ## Prerequisites
- This Skill retrieves Git diffs and suggests meaningful commit messages - This Skill retrieves Git diffs and suggests meaningful commit messages
- Message format should follow Conventional Commits - Message format should follow Conventional Commits
- Commit messages should have a one-line Conventional Commits header, an optional blank second line, and from the third line onward include a bulleted list summarizing the changes
- Commit messages should be in English - Commit messages should be in English
- **Never perform Git commit or Git push** - **Never perform Git commit or Git push**

3
ci/buildspec.yml
View file

@ -16,6 +16,3 @@ phases:
- set -e - set -e
- docker push ${REPOSITORY_URI}:${GIT_TAG} - docker push ${REPOSITORY_URI}:${GIT_TAG}
- docker push ${REPOSITORY_URI}:latest - docker push ${REPOSITORY_URI}:latest
- printf '[{"name":"forgejo","imageUri":"%s"}]' $REPOSITORY_URI:$GIT_TAG > imagedefinitions.json
artifacts:
files: imagedefinitions.json

101
infra/cfn/forgejo-cl.yaml
View file

@ -10,10 +10,6 @@ Parameters:
Type: String Type: String
Default: forgejo-source.zip Default: forgejo-source.zip
ArtifactBucketName:
Type: String
Default: forgejo-artifact-bucket
ForgejoRepositoryName: ForgejoRepositoryName:
Type: String Type: String
Default: forgejo-repository Default: forgejo-repository
@ -33,49 +29,12 @@ Resources:
EventBridgeConfiguration: EventBridgeConfiguration:
EventBridgeEnabled: true EventBridgeEnabled: true
ArtifactBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub "${AWS::Region}-${AWS::AccountId}-${ArtifactBucketName}"
Tags:
- Key: Project
Value: Git-server
VersioningConfiguration:
Status: Enabled
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
ForgejoRepository: ForgejoRepository:
Type: AWS::ECR::Repository Type: AWS::ECR::Repository
Properties: Properties:
RepositoryName: !Ref ForgejoRepositoryName RepositoryName: !Ref ForgejoRepositoryName
ImageScanningConfiguration: ImageScanningConfiguration:
ScanOnPush: true ScanOnPush: true
LifecyclePolicy:
LifecyclePolicyText: |
{
"rules": [
{
"rulePriority": 1,
"description": "Expire images to keep maximum 5",
"selection": {
"tagStatus": "any",
"countType": "imageCountMoreThan",
"countNumber": 5
},
"action": {
"type": "expire"
}
}
]
}
CodeBuildRole: CodeBuildRole:
Type: AWS::IAM::Role Type: AWS::IAM::Role
@ -117,8 +76,8 @@ Resources:
- s3:PutObject - s3:PutObject
- s3:ListBucket - s3:ListBucket
Resource: Resource:
- !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${ArtifactBucketName}" - !Sub "arn:aws:s3:::codebuild-${AWS::Region}-${AWS::AccountId}-input-bucket"
- !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${ArtifactBucketName}/*" - !Sub "arn:aws:s3:::codebuild-${AWS::Region}-${AWS::AccountId}-input-bucket/*"
- !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${SourceBucketName}" - !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${SourceBucketName}"
- !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${SourceBucketName}/*" - !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${SourceBucketName}/*"
@ -168,8 +127,8 @@ Resources:
- s3:GetBucketLocation - s3:GetBucketLocation
- s3:GetBucketVersioning - s3:GetBucketVersioning
Resource: Resource:
- !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${ArtifactBucketName}" - !Sub "arn:aws:s3:::codebuild-${AWS::Region}-${AWS::AccountId}-input-bucket"
- !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${ArtifactBucketName}/*" - !Sub "arn:aws:s3:::codebuild-${AWS::Region}-${AWS::AccountId}-input-bucket/*"
- !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${SourceBucketName}" - !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${SourceBucketName}"
- !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${SourceBucketName}/*" - !Sub "arn:aws:s3:::${AWS::Region}-${AWS::AccountId}-${SourceBucketName}/*"
- Effect: Allow - Effect: Allow
@ -184,41 +143,6 @@ Resources:
- codepipeline:PutApprovalResult - codepipeline:PutApprovalResult
- codepipeline:StartPipelineExecution - codepipeline:StartPipelineExecution
Resource: !Sub "arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:*" Resource: !Sub "arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:*"
- Sid: TaskDefinitionPermissions
Effect: Allow
Action:
- ecs:DescribeTaskDefinition
- ecs:RegisterTaskDefinition
Resource:
- "*"
- Sid: ECSServicePermissions
Effect: Allow
Action:
- ecs:DescribeServices
- ecs:UpdateService
Resource:
- !Sub "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:service/*/*"
- Sid: ECSTagResource
Effect: Allow
Action:
- ecs:TagResource
Resource:
- !Sub "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:task-definition/*:*"
Condition:
StringEquals:
ecs:CreateAction:
- RegisterTaskDefinition
- Sid: IamPassRolePermissions
Effect: Allow
Action:
- iam:PassRole
Resource:
- !Sub "arn:aws:iam::${AWS::AccountId}:role/*"
Condition:
StringEquals:
iam:PassedToService:
- ecs.amazonaws.com
- ecs-tasks.amazonaws.com
ForgejoPipeline: ForgejoPipeline:
Type: AWS::CodePipeline::Pipeline Type: AWS::CodePipeline::Pipeline
@ -227,7 +151,7 @@ Resources:
RoleArn: !GetAtt CodePipelineRole.Arn RoleArn: !GetAtt CodePipelineRole.Arn
ArtifactStore: ArtifactStore:
Type: S3 Type: S3
Location: !Ref ArtifactBucket Location: !Sub "codebuild-ap-northeast-1-${AWS::AccountId}-input-bucket"
Stages: Stages:
- Name: Source - Name: Source
Actions: Actions:
@ -253,23 +177,8 @@ Resources:
Version: "1" Version: "1"
InputArtifacts: InputArtifacts:
- Name: SourceOutput - Name: SourceOutput
OutputArtifacts:
- Name: BuildOutput
Configuration: Configuration:
ProjectName: !Ref ForgejoBuildProject ProjectName: !Ref ForgejoBuildProject
- Name: Deploy
Actions:
- Name: DeployECS
ActionTypeId:
Category: Deploy
Owner: AWS
Provider: ECS
Version: "1"
InputArtifacts:
- Name: BuildOutput
Configuration:
ClusterName: my-forgejo-cluster
ServiceName: forgejo-service
S3SourceChangeRule: S3SourceChangeRule:
Type: AWS::Events::Rule Type: AWS::Events::Rule

12
infra/cfn/forgejo-ecs-service.yaml
View file

@ -35,7 +35,6 @@ Parameters:
Resources: Resources:
ECSService: ECSService:
Type: AWS::ECS::Service Type: AWS::ECS::Service
Properties: Properties:
@ -57,18 +56,13 @@ Resources:
- TargetGroupArn: !ImportValue forgejo-network-TargetGroupArn - TargetGroupArn: !ImportValue forgejo-network-TargetGroupArn
ContainerName: forgejo ContainerName: forgejo
ContainerPort: 3000 ContainerPort: 3000
HealthCheckGracePeriodSeconds: 300 HealthCheckGracePeriodSeconds: 0
DeploymentController:
Type: ECS
DeploymentConfiguration: DeploymentConfiguration:
Strategy: ROLLING
MaximumPercent: 100 MaximumPercent: 100
MinimumHealthyPercent: 0 MinimumHealthyPercent: 0
Alarms: DeploymentCircuitBreaker:
AlarmNames:
- myAlarm
Rollback: true
Enable: true Enable: true
Rollback: true
SchedulingStrategy: REPLICA SchedulingStrategy: REPLICA
EnableECSManagedTags: true EnableECSManagedTags: true
PropagateTags: TASK_DEFINITION PropagateTags: TASK_DEFINITION

12
infra/cfn/forgejo-network.yaml
View file

@ -70,7 +70,9 @@ Resources:
Weight: 1 Weight: 1
Priority: 1 Priority: 1
Conditions: Conditions:
- HostHeaderConfig: - Values:
- "git.n-daisuke897.com"
HostHeaderConfig:
Values: Values:
- "git.n-daisuke897.com" - "git.n-daisuke897.com"
Field: "host-header" Field: "host-header"
@ -79,13 +81,7 @@ Resources:
Outputs: Outputs:
TargetGroupArn: TargetGroupArn:
Description: ARN of the Forgejo blue target group Description: ARN of the Forgejo target group
Value: !Ref ElasticLoadBalancingV2TargetGroupForgejo Value: !Ref ElasticLoadBalancingV2TargetGroupForgejo
Export: Export:
Name: !Sub "${AWS::StackName}-TargetGroupArn" Name: !Sub "${AWS::StackName}-TargetGroupArn"
ListenerRuleForgejoArn:
Description: ARN of the Forgejo listener rule
Value: !GetAtt ElasticLoadBalancingV2ListenerRuleForgejo.RuleArn
Export:
Name: !Sub "${AWS::StackName}-ListenerRuleForgejoArn"