Deploy the web site to the habitat account

* Set up needed environment variables in .travis.yml * Move fastly keys to Ruby section of .travis.yml * Add middlman-s3_sync * Add binstub for middlman * Add terraform variables and resources for www * Add support/ci/deploy_website.sh, which runs on master Signed-off-by: Nathan L Smith <[email protected]> Pull request: #794 Approved by: reset
habitat-sh · Jun 14, 2016 · 222f40a · 222f40a
1 parent db3f0a6
commit 222f40a
Show file tree

Hide file tree

Showing 8 changed files with 168 additions and 10 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -5,8 +5,6 @@ branches:
 env:
   global:
   - PATH=$HOME/.cargo/bin:$PATH
-  - secure: gdbeNjLU9smyegb7nNIwqi6oghu2TwQ9u0l0+BtqIUO6y3O/J9orkCGkWhwtaRkOtLVVakduC0qCCZDD24f/2aZoPN4XhHeNL6oDnq9TngKqi4/sOYRUQ5TB8xL+ja3H6Gx9bB1FhpohuMlfTbCnO3lLWP0Oj4btbcsfsYe8ytM=
-  - secure: GoX6A9uqZ7avilS62w+Noju1ntmqK45C98apBrVnym0tDON3W7kJ5sUJiq6x3+oFOxn0QlaOX1Mku5GyesDE+NbGm4YlLLcucTv2gi9iab5HJsxhHNsLgyMWBPCj25n2qcaCQE0g7naRSThnpRFFV+U6wbqLBods0jKbL95yrPY=
 matrix:
   include:
   - language: rust
@@ -147,11 +145,19 @@ matrix:
       bundle: true
       directories:
       - www/build
-      - www/vendor/bundle
-    install:
-    - "(cd www && bundle install --deployment)"
-    script:
-    - "(cd www && bundle exec middleman build)"
+    env:
+    - AWS_BUCKET=habitat-www
+    - AWS_DEFAULT_REGION=us-west-2
+    - AWS_ACCESS_KEY_ID=AKIAIS2HU4MHR2ZPW4YQ
+    # AWS_SECRET_ACCESS_KEY
+    - secure: "ku0POL6idw23V8nDXipyAsQw4E1CMDgwXTDg7Y/mrTnmsHfZYUs1j9+bHwSUg2TSnK8oFHArb4PSjz4QBfcYYNBDFfFMpb9VoIm8tYX+6hxSqZfvDheN0Zl1dsIASdJavml+YO81pNqsVpwsL0Sr3986SWgQkq92/e3LN8BtYiE="
+    # FASTLY_API_KEY
+    - secure: gdbeNjLU9smyegb7nNIwqi6oghu2TwQ9u0l0+BtqIUO6y3O/J9orkCGkWhwtaRkOtLVVakduC0qCCZDD24f/2aZoPN4XhHeNL6oDnq9TngKqi4/sOYRUQ5TB8xL+ja3H6Gx9bB1FhpohuMlfTbCnO3lLWP0Oj4btbcsfsYe8ytM=
+    # FASTLY_SERVICE_KEY
+    - secure: GoX6A9uqZ7avilS62w+Noju1ntmqK45C98apBrVnym0tDON3W7kJ5sUJiq6x3+oFOxn0QlaOX1Mku5GyesDE+NbGm4YlLLcucTv2gi9iab5HJsxhHNsLgyMWBPCj25n2qcaCQE0g7naRSThnpRFFV+U6wbqLBods0jKbL95yrPY=
+    install: "(cd www && bundle install)"
+    script: "(cd www && ./bin/middleman build)"
+    after_script: ./support/ci/deploy_website.sh
     deploy:
       provider: s3
       access_key_id: AKIAJD2LEPZPVODPFLIQ

diff --git a/support/ci/deploy_website.sh b/support/ci/deploy_website.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+git log HEAD~1..HEAD | grep -q '!!! Temporary Commit !!!'
+is_tmp_commit=$?
+
+# If we are not on a pull request, on the "auto" branch (which homu uses when
+# auto-merging master), and not on a temporary commit, then run the publish
+# script.
+if [ "${TRAVIS_PULL_REQUEST}" = "false" ] &&
+   [ "${TRAVIS_BRANCH}" = "auto" ] &&
+   [[ $is_tmp_commit = 1 ]]; then
+  set -eux
+  cd www && ./bin/middleman s3_sync
+  curl -H "Fastly-Key: ${FASTLY_API_KEY}" -X POST "https://api.fastly.com/service/${FASTLY_SERVICE_KEY}/purge_all"
+else echo "Not on master; skipping website deploy"; fi
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -1,3 +1,8 @@
+variable "aws_account_id" {
+    description = "The AWS account ID. Used by bucket policy"
+    default = "799338195663"
+}
+
 variable "env" {
     description = "Name of logical server environment for network"
 }
@@ -72,3 +77,13 @@ variable "connection_agent" {
 variable "connection_private_key" {
     description = "File path to AWS keypair private key"
 }
+
+variable "www_bucket_name" {
+    description = "Name of the bucket where the website gets deployed"
+    default = "habitat-www"
+}
+
+variable "www_user" {
+    description = "Name of the user who can deploy the website"
+    default = "www"
+}
diff --git a/terraform/www.tf b/terraform/www.tf
@@ -0,0 +1,65 @@
+resource "aws_iam_user" "www" {
+  name = "${var.www_user}"
+}
+
+resource "aws_iam_user_policy" "www" {
+  name = "${var.www_user}"
+  user = "${aws_iam_user.www.name}"
+
+  policy = <<EOF
+{
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:DeleteObject",
+        "s3:GetObject",
+        "s3:ListBucket",
+        "s3:PutObject"
+      ],
+      "Resource": "arn:aws:s3:::${aws_s3_bucket.www.bucket}/*"
+    },
+    {
+      "Action": "s3:ListAllMyBuckets",
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::*"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_s3_bucket" "www" {
+  bucket = "${var.www_bucket_name}"
+  acl    = "public-read"
+
+  website {
+    index_document = "index.html"
+    error_document = "404/index.html"
+  }
+
+  policy = <<EOF
+{
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": [
+          "*"
+        ]
+      },
+      "Resource": "arn:aws:s3:::${var.www_bucket_name}/*",
+      "Action": "s3:GetObject"
+    },
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "arn:aws:iam::${var.aws_account_id}:user/${aws_iam_user.www.name}"
+      },
+      "Resource": "arn:aws:s3:::${var.www_bucket_name}",
+      "Action": "s3:*"
+    }
+  ]
+}
+EOF
+}
diff --git a/www/Gemfile b/www/Gemfile
@@ -11,10 +11,11 @@ gem 'wdm', '~> 0.1.0', platforms: [:mswin, :mingw]
 gem 'tzinfo-data', platforms: [:mswin, :mingw]
 
 # Middleman Gems
-gem 'middleman-sprockets', '>= 4.0.0.rc.1'
 gem 'middleman', '>= 4.0.0.rc.1'
-gem 'middleman-livereload'
 gem 'middleman-autoprefixer'
+gem 'middleman-livereload'
+gem 'middleman-s3_sync'
+gem 'middleman-sprockets', '>= 4.0.0.rc.1'
 
 gem 'rubocop', require: false
 gem 'scss_lint', require: false

diff --git a/www/Gemfile.lock b/www/Gemfile.lock
@@ -8,12 +8,14 @@ GEM
       thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
     addressable (2.4.0)
+    ansi (1.5.0)
     ast (2.2.0)
     astrolabe (1.3.1)
       parser (~> 2.2)
     autoprefixer-rails (6.3.3.1)
       execjs
     backports (3.6.8)
+    builder (3.2.2)
     capybara (2.5.0)
       mime-types (>= 1.16)
       nokogiri (>= 1.3.3)
@@ -38,23 +40,42 @@ GEM
       http_parser.rb (~> 0.6.0)
     erubis (2.7.0)
     eventmachine (1.0.9.1)
+    excon (0.49.0)
     execjs (2.6.0)
     fast_blank (1.0.0)
     fastimage (1.8.1)
       addressable (~> 2.3, >= 2.3.5)
     ffi (1.9.10)
+    fog-aws (0.9.2)
+      fog-core (~> 1.27)
+      fog-json (~> 1.0)
+      fog-xml (~> 0.1)
+      ipaddress (~> 0.8)
+    fog-core (1.40.0)
+      builder
+      excon (~> 0.49)
+      formatador (~> 0.2)
+    fog-json (1.0.2)
+      fog-core (~> 1.0)
+      multi_json (~> 1.10)
+    fog-xml (0.1.2)
+      fog-core
+      nokogiri (~> 1.5, >= 1.5.11)
+    formatador (0.2.5)
     haml (4.0.7)
       tilt
     hamster (3.0.0)
       concurrent-ruby (~> 1.0)
     hashie (3.4.3)
     http_parser.rb (0.6.0)
     i18n (0.7.0)
+    ipaddress (0.8.3)
     json (1.8.3)
     kramdown (1.10.0)
     listen (3.0.6)
       rb-fsevent (>= 0.9.3)
       rb-inotify (>= 0.9.7)
+    map (6.6.0)
     method_source (0.8.2)
     middleman (4.1.2)
       coffee-script (~> 2.2)
@@ -94,6 +115,15 @@ GEM
       em-websocket (~> 0.5.1)
       middleman-core (>= 3.3)
       rack-livereload (~> 0.3.15)
+    middleman-s3_sync (4.0.3)
+      ansi (~> 1.5.0)
+      fog-aws (>= 0.1.1)
+      map
+      middleman-cli
+      middleman-core (>= 4.0.0)
+      parallel
+      ruby-progressbar
+      unf
     middleman-sprockets (4.0.0.rc.1)
       middleman-core (>= 4.0.0.rc.1)
       sprockets (~> 3.0)
@@ -102,6 +132,7 @@ GEM
     mime-types-data (3.2016.0221)
     mini_portile2 (2.0.0)
     minitest (5.8.4)
+    multi_json (1.12.1)
     nokogiri (1.6.7.2)
       mini_portile2 (~> 2.0.0.rc2)
     padrino-helpers (0.13.1)
@@ -155,6 +186,9 @@ GEM
     uglifier (2.7.2)
       execjs (>= 0.3.0)
       json (>= 1.8.0)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.2)
     xpath (2.0.0)
       nokogiri (~> 1.3)
 
@@ -166,6 +200,7 @@ DEPENDENCIES
   middleman (>= 4.0.0.rc.1)
   middleman-autoprefixer
   middleman-livereload
+  middleman-s3_sync
   middleman-sprockets (>= 4.0.0.rc.1)
   pry
   rubocop
@@ -175,4 +210,4 @@ DEPENDENCIES
   wdm (~> 0.1.0)
 
 BUNDLED WITH
-   1.11.2
+   1.12.5
diff --git a/www/bin/middleman b/www/bin/middleman
@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+#
+# This file was generated by Bundler.
+#
+# The application 'middleman' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("middleman-cli", "middleman")
diff --git a/www/config.rb b/www/config.rb
@@ -61,6 +61,10 @@ def layout_class
 activate :autoprefixer
 activate :directory_indexes
 
+activate :s3_sync do |s3_sync|
+  s3_sync.region = ENV["AWS_DEFAULT_REGION"]
+end
+
 set :markdown_engine, :kramdown
 set :markdown, coderay_line_numbers: :table