refactor structure

packages/app/docker/codebuild/buildspec.yml → packages/app/docker/codebuild/buildspec/root.yml

@@ -4,7 +4,7 @@ batch:
   build-graph:
     # build
     - identifier: build_amd64
-      buildspec: packages/app/docker/codebuild/buildspec-image.yml
+      buildspec: packages/app/docker/codebuild/buildspec/image.yml
       env:
         image: aws/codebuild/standard:6.0
         type: LINUX_CONTAINER
@@ -12,7 +12,7 @@ batch:
           TAG_VERSION: latest
           TAG_SUFFIX: amd64
     - identifier: build_arm64
-      buildspec: packages/app/docker/codebuild/buildspec-image.yml
+      buildspec: packages/app/docker/codebuild/buildspec/image.yml
       env:
         image: aws/codebuild/amazonlinux2-aarch64-standard:2.0
         type: ARM_CONTAINER
@@ -21,7 +21,7 @@ batch:
           TAG_SUFFIX: arm64
     # create manifest
     - identifier: create_manifest_dockerhub
-      buildspec: packages/app/docker/codebuild/buildspec-manifest.yml
+      buildspec: packages/app/docker/codebuild/buildspec/manifest.yml
       env:
         variables:
           SECRETS_JSON_KEY: DOCKER_REGISTRY_PASSWORD
@@ -32,7 +32,7 @@ batch:
         - build_amd64
         - build_arm64
     # - identifier: create_manifest_ghcr
-    #   buildspec: packages/app/docker/codebuild/buildspec-manifest.yml
+    #   buildspec: packages/app/docker/codebuild/buildspec/manifest.yml
     #   env:
     #     variables:
     #       IMAGE_HOST: ghcr.io

packages/app/docker/codebuild/codebuild.tf

@@ -0,0 +1,117 @@
+resource "aws_iam_role" "iam_role" {
+  name = "growi-official-image-builder"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_secretsmanager_secret" "secret" {
+  name = "growi/official-image-builder"
+}
+
+resource "aws_secretsmanager_secret_version" "main" {
+  secret_id     = aws_secretsmanager_secret.secret.id
+  secret_string = "CHANGE THIS"
+
+  lifecycle {
+    ignore_changes = [secret_string, version_stages]
+  }
+}
+
+resource "aws_iam_role_policy" "growi-official-image-builder" {
+  role = aws_iam_role.iam_role.name
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Resource": [
+        "*"
+      ],
+      "Action": [
+        "logs:CreateLogGroup",
+        "logs:CreateLogStream",
+        "logs:PutLogEvents"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "secretsmanager:GetResourcePolicy",
+        "secretsmanager:GetSecretValue",
+        "secretsmanager:DescribeSecret",
+        "secretsmanager:ListSecretVersionIds"
+      ],
+      "Resource": [
+        "${aws_secretsmanager_secret.secret.arn}"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "codebuild:StartBuild",
+        "codebuild:StopBuild",
+        "codebuild:RetryBuild",
+        "codebuild:CreateReportGroup",
+        "codebuild:CreateReport",
+        "codebuild:UpdateReport",
+        "codebuild:BatchPutTestCases",
+        "codebuild:BatchPutCodeCoverages"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_codebuild_project" "codebuild" {
+  name           = "growi-official-image-builder"
+  description    = "The CodeBuild Project for GROWI official docker image"
+
+  service_role = aws_iam_role.iam_role.arn
+  build_batch_config {
+    service_role = aws_iam_role.iam_role.arn
+  }
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
+  environment {
+    compute_type                = "BUILD_GENERAL1_LARGE"
+    image                       = "aws/codebuild/standard:6.0"
+    type                        = "LINUX_CONTAINER"
+    privileged_mode             = true
+  }
+
+  source {
+    # type = "NO_SOURCE"
+    type = "GITHUB"
+    location = "https://github.com/weseek/growi.git"
+    git_clone_depth = 1
+    buildspec = "packages/app/docker/codebuild/buildspec/root.yml"
+  }
+  source_version = "refs/heads/support/build-with-codebuild"
+
+  cache {
+    type  = "LOCAL"
+    modes = ["LOCAL_DOCKER_LAYER_CACHE", "LOCAL_CUSTOM_CACHE"]
+  }
+}

packages/app/docker/codebuild/main.tf

@@ -13,121 +13,3 @@ provider "aws" {
   profile = "weseek"
   region  = "ap-northeast-1"
 }
-
-resource "aws_iam_role" "iam_role" {
-  name = "growi-official-image-builder"
-
-  assume_role_policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Principal": {
-        "Service": "codebuild.amazonaws.com"
-      },
-      "Action": "sts:AssumeRole"
-    }
-  ]
-}
-EOF
-}
-
-resource "aws_secretsmanager_secret" "secret" {
-  name = "growi/official-image-builder"
-}
-
-resource "aws_secretsmanager_secret_version" "main" {
-  secret_id     = aws_secretsmanager_secret.secret.id
-  secret_string = "CHANGE THIS"
-
-  lifecycle {
-    ignore_changes = [secret_string, version_stages]
-  }
-}
-
-resource "aws_iam_role_policy" "growi-official-image-builder" {
-  role = aws_iam_role.iam_role.name
-
-  policy = <<POLICY
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Resource": [
-        "*"
-      ],
-      "Action": [
-        "logs:CreateLogGroup",
-        "logs:CreateLogStream",
-        "logs:PutLogEvents"
-      ]
-    },
-    {
-      "Effect": "Allow",
-      "Action": [
-        "secretsmanager:GetResourcePolicy",
-        "secretsmanager:GetSecretValue",
-        "secretsmanager:DescribeSecret",
-        "secretsmanager:ListSecretVersionIds"
-      ],
-      "Resource": [
-        "${aws_secretsmanager_secret.secret.arn}"
-      ]
-    },
-    {
-      "Effect": "Allow",
-      "Action": [
-        "codebuild:StartBuild",
-        "codebuild:StopBuild",
-        "codebuild:RetryBuild",
-        "codebuild:CreateReportGroup",
-        "codebuild:CreateReport",
-        "codebuild:UpdateReport",
-        "codebuild:BatchPutTestCases",
-        "codebuild:BatchPutCodeCoverages"
-      ],
-      "Resource": [
-        "*"
-      ]
-    }
-  ]
-}
-POLICY
-}
-
-resource "aws_codebuild_project" "codebuild" {
-  name           = "growi-official-image-builder"
-  description    = "The CodeBuild Project for GROWI official docker image"
-
-  service_role = aws_iam_role.iam_role.arn
-  build_batch_config {
-    service_role = aws_iam_role.iam_role.arn
-  }
-
-  artifacts {
-    type = "NO_ARTIFACTS"
-  }
-
-  environment {
-    compute_type                = "BUILD_GENERAL1_LARGE"
-    image                       = "aws/codebuild/standard:6.0"
-    type                        = "LINUX_CONTAINER"
-    privileged_mode             = true
-  }
-
-  source {
-    # type = "NO_SOURCE"
-    type = "GITHUB"
-    location = "https://github.com/weseek/growi.git"
-    git_clone_depth = 1
-    buildspec = "packages/app/docker/codebuild/buildspec.yml"
-  }
-  source_version = "refs/heads/support/build-with-codebuild"
-
-  cache {
-    type  = "LOCAL"
-    modes = ["LOCAL_DOCKER_LAYER_CACHE", "LOCAL_CUSTOM_CACHE"]
-  }
-}