Created
July 9, 2021 09:42
-
-
Save ruanbekker/222551575a50787700779e7918310259 to your computer and use it in GitHub Desktop.
Liquibase Migrations in CI/CD CodeBuild Pipeline with Docker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: 0.2 | |
env: | |
environment: | |
APP_REPO_URI: "xxxxxxxxxxxx.dkr.ecr.eu-west-1.amazonaws.com/my-application-repo" | |
ECS_SVC_NAME: "my-application" | |
parameter-store: | |
DB_USER: "/my-application/dev/DATABASE_USERNAME" | |
DB_PASSWORD: "/my-application/dev/DATABASE_PASSWORD" | |
DB_URL: "/my-application/dev/DATABASE_URL" | |
DOCKER_USER: "/codebuild/dev/DOCKER_USER" | |
DOCKER_PASSWORD: "/codebuild/dev/DOCKER_PASSWORD" | |
phases: | |
pre_build: | |
commands: | |
- echo Logging in to Amazon ECR | |
- aws --version | |
- $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email) | |
- COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7) | |
- IMAGE_TAG=$(echo $CODEBUILD_BUILD_ID | awk -F":" '{print $2}') | |
- echo $DOCKER_PASSWORD | docker login -u $DOCKER_USER --password-stdin | |
build: | |
commands: | |
- echo build started on $(date) | |
- echo building docker image | |
- docker build -f Dockerfile -t app:latest . | |
- echo $IMAGE_TAG | |
- docker tag app:latest $APP_REPO_URI:latest | |
- docker tag app:latest $APP_REPO_URI:$IMAGE_TAG | |
- docker images | |
post_build: | |
commands: | |
- echo build completed on $(date) | |
- echo pushing the docker images | |
- docker push $APP_REPO_URI:latest | |
- docker push $APP_REPO_URI:$IMAGE_TAG | |
- echo writing image definitions artifact | |
- printf '[{"name":"my-application","imageUri":"%s"}]' $APP_REPO_URI:latest > imagedefinitions.json | |
- cat imagedefinitions.json | |
artifacts: | |
files: imagedefinitions.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "AllowECRGetLogin", | |
"Effect": "Allow", | |
"Action": [ | |
"ecr:GetAuthorizationToken" | |
], | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Sid": "AllowECRPush", | |
"Effect": "Allow", | |
"Action": [ | |
"ecr:GetAuthorizationToken", | |
"ecr:InitiateLayerUpload", | |
"ecr:UploadLayerPart", | |
"ecr:CompleteLayerUpload", | |
"ecr:BatchCheckLayerAvailability", | |
"ecr:PutImage" | |
], | |
"Resource": [ | |
"arn:aws:ecr:eu-west-1:xxxxxxxxxxxx:repository/my-application-repo" | |
] | |
}, | |
{ | |
"Sid": "AllowSSM", | |
"Effect": "Allow", | |
"Action": [ | |
"ssm:GetParametersByPath", | |
"ssm:GetParameters" | |
], | |
"Resource": [ | |
"arn:aws:ssm:eu-west-1:xxxxxxxxxxxx:parameter/my-application/dev/DATABASE_*", | |
"arn:aws:ssm:eu-west-1:xxxxxxxxxxxx:parameter/codebuild/dev/DOCKER_USER", | |
"arn:aws:ssm:eu-west-1:xxxxxxxxxxxx:parameter/codebuild/dev/DOCKER_PASSWORD" | |
] | |
}, | |
{ | |
"Sid": "AllowKMS", | |
"Effect": "Allow", | |
"Action": [ | |
"kms:Decrypt", | |
"kms:GenerateDataKey" | |
], | |
"Resource": [ | |
"arn:aws:kms:eu-west-1:xxxxxxxxxxxx:key/*" | |
] | |
} | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3.6" | |
services: | |
db: | |
image: mysql:5.7 | |
volumes: | |
- /var/lib/mysql | |
restart: always | |
environment: | |
- MYSQL_ROOT_PASSWORD=password | |
- MYSQL_DATABASE=application | |
- MYSQL_ROOT_USER=root | |
- DATABASE_USERNAME=root | |
- DATABASE_PASSWORD=password | |
ports: | |
- "3306:3306" | |
app: | |
build: | |
context: . | |
dockerfile: ./Dockerfile | |
args: | |
DB_USER: "${DB_USER:-root}" | |
DB_PASSWORD: "${DB_PASSWORD:-password}" | |
DB_URL: "${DB_URL:-jdbc:mysql://host.docker.internal:3306/application}" | |
container_name: application | |
environment: | |
- PROFILE=local | |
- DATABASE_NAME=application | |
- DATABASE_PORT=3306 | |
- DATABASE_HOST=host.docker.internal | |
- DATABASE_USERNAME=root | |
- DATABASE_PASSWORD=password | |
- MYSQL_ROOT_PASSWORD=password | |
volumes: | |
- /app | |
ports: | |
- 8080:8080 | |
tty: true | |
stdin_open: true | |
depends_on: | |
- db |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM maven:3.6.1-amazoncorretto-11 as builder | |
ARG DB_USER | |
ARG DB_PASSWORD | |
ARG DB_URL | |
ENV DB_USER=${DB_USER} | |
ENV DB_PASSWORD=${DB_PASSWORD} | |
ENV DB_URL=${DB_URL} | |
RUN curl -LJO https://github.com/liquibase/liquibase/releases/download/v4.2.0/liquibase-4.2.0.tar.gz && \ | |
tar -xzf liquibase-4.2.0.tar.gz && \ | |
curl -LJO https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-8.0.22.tar.gz && \ | |
tar -xzf mysql-connector-java-8.0.22.tar.gz | |
COPY liquibase ./ | |
RUN set -ex; ./liquibase \ | |
--changeLogFile=src/main/resources/db/changelog/changelog-master.yaml \ | |
--url=$DB_URL \ | |
--username=$DB_USER \ | |
--password=$DB_PASSWORD \ | |
--driver=com.mysql.cj.jdbc.Driver \ | |
--classpath=mysql-connector-java-8.0.22/mysql-connector-java-8.0.22.jar \ | |
update | |
WORKDIR /app | |
COPY . ./ | |
RUN mvn dependency:go-offline | |
RUN mvn clean package | |
RUN cp app/target/application-0.0.1-SNAPSHOT.jar /app/application.jar | |
FROM adoptopenjdk:11-jre-hotspot | |
COPY --from=builder /app/application.jar /app/application.jar | |
CMD ["java", "-jar", "/app/application.jar"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
docker-compose pull | |
docker-compose up -d db | |
while [[ "$TCP_EXIT_CODE" != 0 ]] ; | |
do | |
echo "waiting for mysql"; | |
sleep 5; | |
nc -vz -w 1 localhost 3306 &> /dev/null && TCP_EXIT_CODE=${?} || TCP_EXIT_CODE=${?} ; | |
done | |
docker-compose up --build |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment