some scripts for deployment

akirasosa · akirasosa · commit 6ebd3f67d223 · 2016-08-20T14:09:21.000+07:00
diff --git a/.travis.yml b/.travis.yml
@@ -10,9 +10,14 @@ cache:
 script: mvn clean test -Dspring.profiles.active=test
 
 before_deploy:
+  # install aws cli
   - sudo apt-get -y install python-pip
   - sudo pip install awscli
+  # Parse branch name and determine an environment to deploy
   - export ENV=$(echo "${TRAVIS_BRANCH}" | perl -ne "print $& if /(?<=deploy\/).*/")
+  # Switch AWS Role when ENV is prod
+  - test "${ENV}" = "prod" && source scripts/switch-production-role.sh
+  # Create an archive to deploy
   - scripts/create-archives.sh
 deploy:
   # upload jar and codedeploy scripts
diff --git a/codedeploy/application_start.sh b/codedeploy/application_start.sh
@@ -15,5 +15,5 @@ cat << EOF > inventory
 localhost
 EOF
 
-ansible-playbook -i inventory --connection=local -e "deploy_bucket=${S3_DEPLOY_BUCKET}" site.yml --tags deploy
+ansible-playbook -i inventory -c local -e "deploy_bucket=${S3_DEPLOY_BUCKET}" site.yml --tags deploy
 )
diff --git a/scripts/switch-production-role.sh b/scripts/switch-production-role.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+credentials=$(aws sts assume-role --role-arn ${PROD_ROLE_ARN} --role-session-name travisci)
+
+export AWS_ACCESS_KEY_ID=$(echo ${credentials} | jq --raw-output .Credentials.AccessKeyId)
+export AWS_SECRET_ACCESS_KEY=$(echo ${credentials} | jq --raw-output .Credentials.SecretAccessKey)
+export AWS_SESSION_TOKEN=$(echo ${credentials} | jq --raw-output .Credentials.SessionToken)
+
+unset credentials

Original file line number	Diff line number	Diff line change
`@@ -15,5 +15,5 @@ cat << EOF > inventory`
`15`	`15`	`localhost`
`16`	`16`	`EOF`
`17`	`17`
`18`		`-ansible-playbook -i inventory --connection=local -e "deploy_bucket=${S3_DEPLOY_BUCKET}" site.yml --tags deploy`
	`18`	`+ansible-playbook -i inventory -c local -e "deploy_bucket=${S3_DEPLOY_BUCKET}" site.yml --tags deploy`
`19`	`19`	`)`