Merge branch 'main' into henrykie/helix-swarm

aws-games · Sep 26, 2024 · b257f36 · b257f36
2 parents 4d14348 + 848f061
commit b257f36
Show file tree

Hide file tree

Showing 18 changed files with 360 additions and 21 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,12 @@
 <a name="unreleased"></a>
 ## [Unreleased]
 
+### Chore
+- **deps:** bump mkdocs-material from 9.5.34 to 9.5.35 in /docs ([#287](https://github.com/aws-games/cloud-game-development-toolkit/issues/287))
+
+### Features
+- **helix-core:** add ARM64 support ([#239](https://github.com/aws-games/cloud-game-development-toolkit/issues/239))
+
 
 <a name="v1.0.1-alpha"></a>
 ## [v1.0.1-alpha] - 2024-09-16
@@ -20,19 +26,20 @@
 ### Chore
 - adjusting changelog automation to leverage GH api ([#266](https://github.com/aws-games/cloud-game-development-toolkit/issues/266))
 - update changelog workflow ([#284](https://github.com/aws-games/cloud-game-development-toolkit/issues/284))
-- **deps:** bump mkdocs-material from 9.5.31 to 9.5.32 in /docs ([#211](https://github.com/aws-games/cloud-game-development-toolkit/issues/211))
-- **deps:** bump hashicorp/aws from 5.59.0 to 5.62.0 in /modules/jenkins ([#195](https://github.com/aws-games/cloud-game-development-toolkit/issues/195))
-- **deps:** bump mkdocs-open-in-new-tab from 1.0.3 to 1.0.5 in /docs ([#263](https://github.com/aws-games/cloud-game-development-toolkit/issues/263))
+- update changelog ([#285](https://github.com/aws-games/cloud-game-development-toolkit/issues/285))
+- **deps:** bump hashicorp/awscc from 1.10.0 to 1.11.0 in /samples/simple-build-pipeline ([#220](https://github.com/aws-games/cloud-game-development-toolkit/issues/220))
+- **deps:** bump hashicorp/awscc from 1.9.0 to 1.10.0 in /modules/perforce/helix-core ([#207](https://github.com/aws-games/cloud-game-development-toolkit/issues/207))
+- **deps:** bump mkdocs-material from 9.5.33 to 9.5.34 in /docs ([#236](https://github.com/aws-games/cloud-game-development-toolkit/issues/236))
 - **deps:** bump actions/upload-artifact from 4.3.6 to 4.4.0 ([#235](https://github.com/aws-games/cloud-game-development-toolkit/issues/235))
 - **deps:** bump the aws-provider group across 5 directories with 1 update ([#241](https://github.com/aws-games/cloud-game-development-toolkit/issues/241))
 - **deps:** bump the awscc-provider group across 3 directories with 1 update ([#242](https://github.com/aws-games/cloud-game-development-toolkit/issues/242))
 - **deps:** bump the aws-provider group across 5 directories with 1 update ([#233](https://github.com/aws-games/cloud-game-development-toolkit/issues/233))
 - **deps:** bump the aws-provider group across 5 directories with 1 update ([#231](https://github.com/aws-games/cloud-game-development-toolkit/issues/231))
 - **deps:** bump mkdocs-material from 9.5.32 to 9.5.33 in /docs ([#229](https://github.com/aws-games/cloud-game-development-toolkit/issues/229))
-- **deps:** bump hashicorp/awscc from 1.9.0 to 1.10.0 in /modules/perforce/helix-authentication-service ([#205](https://github.com/aws-games/cloud-game-development-toolkit/issues/205))
-- **deps:** bump mkdocs-material from 9.5.33 to 9.5.34 in /docs ([#236](https://github.com/aws-games/cloud-game-development-toolkit/issues/236))
+- **deps:** bump mkdocs-open-in-new-tab from 1.0.3 to 1.0.5 in /docs ([#263](https://github.com/aws-games/cloud-game-development-toolkit/issues/263))
+- **deps:** bump mkdocs-material from 9.5.31 to 9.5.32 in /docs ([#211](https://github.com/aws-games/cloud-game-development-toolkit/issues/211))
 - **deps:** bump python from 3.12 to 3.12.6 in /docs ([#243](https://github.com/aws-games/cloud-game-development-toolkit/issues/243))
-- **deps:** bump hashicorp/awscc from 1.10.0 to 1.11.0 in /samples/simple-build-pipeline ([#220](https://github.com/aws-games/cloud-game-development-toolkit/issues/220))
+- **deps:** bump hashicorp/awscc from 1.9.0 to 1.10.0 in /modules/perforce/helix-authentication-service ([#205](https://github.com/aws-games/cloud-game-development-toolkit/issues/205))
 - **deps:** bump hashicorp/aws from 5.62.0 to 5.63.1 in /samples/simple-build-pipeline ([#216](https://github.com/aws-games/cloud-game-development-toolkit/issues/216))
 - **deps:** bump hashicorp/awscc from 1.6.0 to 1.9.0 in /modules/perforce/helix-authentication-service ([#196](https://github.com/aws-games/cloud-game-development-toolkit/issues/196))
 - **deps:** bump hashicorp/aws from 5.59.0 to 5.62.0 in /modules/perforce/helix-authentication-service ([#197](https://github.com/aws-games/cloud-game-development-toolkit/issues/197))
@@ -42,7 +49,7 @@
 - **deps:** bump hashicorp/aws from 5.59.0 to 5.62.0 in /samples/simple-build-pipeline ([#201](https://github.com/aws-games/cloud-game-development-toolkit/issues/201))
 - **deps:** bump hashicorp/awscc from 1.6.0 to 1.9.0 in /samples/simple-build-pipeline ([#202](https://github.com/aws-games/cloud-game-development-toolkit/issues/202))
 - **deps:** bump mike from 2.1.2 to 2.1.3 in /docs ([#189](https://github.com/aws-games/cloud-game-development-toolkit/issues/189))
-- **deps:** bump hashicorp/awscc from 1.9.0 to 1.10.0 in /modules/perforce/helix-core ([#207](https://github.com/aws-games/cloud-game-development-toolkit/issues/207))
+- **deps:** bump hashicorp/aws from 5.59.0 to 5.62.0 in /modules/jenkins ([#195](https://github.com/aws-games/cloud-game-development-toolkit/issues/195))
 
 ### Docs
 - add openssf scorecard badge to readme ([#219](https://github.com/aws-games/cloud-game-development-toolkit/issues/219))

diff --git a/assets/packer/perforce/helix-core/p4_configure.sh b/assets/packer/perforce/helix-core/p4_configure.sh
@@ -138,11 +138,12 @@ print_help() {
     echo "  --hx_logs <path>         Path for Helix Core logs"
     echo "  --hx_metadata <path>     Path for Helix Core metadata"
     echo "  --hx_depots <path>       Path for Helix Core depots"
+    echo "  --case_sensitive <0/1>   Set the case sensitivity of the Helix Core server"
     echo "  --help                   Display this help and exit"
 }
 
 # Parse command-line options
-OPTS=$(getopt -o '' --long p4d_type:,username:,password:,auth:,fqdn:,hx_logs:,hx_metadata:,hx_depots:,help -n 'parse-options' -- "$@")
+OPTS=$(getopt -o '' --long p4d_type:,username:,password:,auth:,fqdn:,hx_logs:,hx_metadata:,hx_depots:,case_sensitive:,help -n 'parse-options' -- "$@")
 
 if [ $? != 0 ]; then
     log_message "Failed to parse options"
@@ -197,6 +198,11 @@ while true; do
             log_message "EBS_DEPOTS: $EBS_DEPOTS"
             shift 2
             ;;
+        --case_sensitive)
+            CASE_SENSITIVE="$2"
+            log_message "CASE_SENSITIVE: $CASE_SENSITIVE"
+            shift 2
+            ;;
         --help)
             print_help
             exit 0
@@ -355,6 +361,10 @@ sed -i "s/^P4MASTERHOST=.*/P4MASTERHOST=$EC2_DNS_PRIVATE/" "$SDP_Setup_Script_Co
 
 log_message "Updated P4MASTERHOST to $EC2_DNS_PRIVATE in $SDP_Setup_Script_Config."
 
+# Update Perforce case_sensitivity in configuration
+sed -i "s/^CASE_SENSITIVE=.*/CASE_SENSITIVE=CASE_SENSITIVE/" "$SDP_Setup_Script_Config"
+
+log_message "Updated CASE_SENSITIVE in $SDP_Setup_Script_Config."
 
 log_message "Mounting done ok - continue to the install"
 

diff --git a/modules/jenkins/examples/complete/dns.tf b/modules/jenkins/examples/complete/dns.tf
@@ -0,0 +1,60 @@
+##########################################
+# Route53 Hosted Zone for FQDN
+##########################################
+data "aws_route53_zone" "root" {
+  name         = var.fully_qualified_domain_name
+  private_zone = false
+}
+
+resource "aws_route53_record" "jenkins" {
+  zone_id = data.aws_route53_zone.root.id
+  name    = "jenkins.${data.aws_route53_zone.root.name}"
+  type    = "A"
+  alias {
+    name                   = module.jenkins.jenkins_alb_dns_name
+    zone_id                = module.jenkins.jenkins_alb_zone_id
+    evaluate_target_health = true
+  }
+}
+
+##########################################
+# Jenkins Certificate Management
+##########################################
+
+resource "aws_acm_certificate" "jenkins" {
+  domain_name       = "jenkins.${data.aws_route53_zone.root.name}"
+  validation_method = "DNS"
+
+  tags = {
+    Environment = "dev"
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_route53_record" "jenkins_cert" {
+  for_each = {
+    for dvo in aws_acm_certificate.jenkins.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    }
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 60
+  type            = each.value.type
+  zone_id         = data.aws_route53_zone.root.id
+}
+
+resource "aws_acm_certificate_validation" "jenkins" {
+  timeouts {
+    create = "15m"
+  }
+  certificate_arn         = aws_acm_certificate.jenkins.arn
+  validation_record_fqdns = [for record in aws_route53_record.jenkins_cert : record.fqdn]
+}
diff --git a/modules/jenkins/examples/complete/local.tf b/modules/jenkins/examples/complete/local.tf
@@ -0,0 +1,32 @@
+data "aws_availability_zones" "available" {}
+
+
+locals {
+
+  build_farm_compute = {
+    example_builders : {
+      ami           = "ami-066784287e358dad1" // Amazon Linux 2023 (64-bit x86)
+      instance_type = "t3.medium"
+    }
+  }
+
+  build_farm_fsx_openzfs_storage = {
+    cache : {
+      storage_type        = "SSD"
+      throughput_capacity = 160
+      storage_capacity    = 256
+      deployment_type     = "MULTI_AZ_1"
+      route_table_ids     = [aws_route_table.private_rt.id]
+    }
+  }
+
+  # VPC Configuration
+  vpc_cidr_block       = "10.0.0.0/16"
+  public_subnet_cidrs  = ["10.0.1.0/24", "10.0.2.0/24"]
+  private_subnet_cidrs = ["10.0.3.0/24", "10.0.4.0/24"]
+
+  tags = {
+    environment = "cgd"
+  }
+  azs = slice(data.aws_availability_zones.available.names, 0, 2)
+}
diff --git a/modules/jenkins/examples/complete/main.tf b/modules/jenkins/examples/complete/main.tf
@@ -0,0 +1,64 @@
+# tflint-ignore: terraform_required_version
+
+##########################################
+# Shared ECS Cluster for Services
+##########################################
+
+resource "aws_ecs_cluster" "jenkins_cluster" {
+  name = "jenkins-cluster"
+
+  setting {
+    name  = "containerInsights"
+    value = "enabled"
+  }
+}
+
+resource "aws_ecs_cluster_capacity_providers" "providers" {
+  cluster_name = aws_ecs_cluster.jenkins_cluster.name
+
+  capacity_providers = ["FARGATE"]
+
+  default_capacity_provider_strategy {
+    base              = 1
+    weight            = 100
+    capacity_provider = "FARGATE"
+  }
+}
+
+##########################################
+# Jenkins
+##########################################
+
+module "jenkins" {
+  source = "../.."
+
+  cluster_name                   = aws_ecs_cluster.jenkins_cluster.name
+  vpc_id                         = aws_vpc.jenkins_vpc.id
+  jenkins_alb_subnets            = aws_subnet.public_subnets[*].id
+  jenkins_service_subnets        = aws_subnet.private_subnets[*].id
+  existing_security_groups       = []
+  internal                       = false
+  certificate_arn                = aws_acm_certificate.jenkins.arn
+  jenkins_agent_secret_arns      = var.jenkins_agent_secret_arns
+  create_ec2_fleet_plugin_policy = true
+
+  # Build Farms
+  build_farm_subnets = aws_subnet.private_subnets[*].id
+
+  build_farm_compute = local.build_farm_compute
+
+  build_farm_fsx_openzfs_storage = local.build_farm_fsx_openzfs_storage
+  # Artifacts
+  artifact_buckets = {
+    builds : {
+      name                 = "game-builds"
+      enable_force_destroy = true
+
+      tags = {
+        Name = "game-builds"
+      }
+    },
+  }
+
+  depends_on = [aws_ecs_cluster.jenkins_cluster, aws_acm_certificate_validation.jenkins]
+}
diff --git a/modules/jenkins/examples/complete/variables.tf b/modules/jenkins/examples/complete/variables.tf
@@ -0,0 +1,10 @@
+variable "fully_qualified_domain_name" {
+  type        = string
+  description = "A fully qualified domain name (FQDN) to be used for jenkins. A record will be created on the hosted zone with the following patterns 'jenkins.<your_fqdn>'"
+}
+
+variable "jenkins_agent_secret_arns" {
+  type        = list(string)
+  description = "A list of secretmanager ARNs (wildcards allowed) that contain any secrets which need to be accessed by the Jenkins service."
+  default     = []
+}
diff --git a/modules/jenkins/examples/complete/versions.tf b/modules/jenkins/examples/complete/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.66.0"
+    }
+  }
+}
diff --git a/modules/jenkins/examples/complete/vpc.tf b/modules/jenkins/examples/complete/vpc.tf
@@ -0,0 +1,130 @@
+##########################################
+# VPC
+##########################################
+
+resource "aws_vpc" "jenkins_vpc" {
+  cidr_block = local.vpc_cidr_block
+  tags = merge(local.tags,
+    {
+      Name = "jenkins-vpc"
+    }
+  )
+  enable_dns_hostnames = true
+  #checkov:skip=CKV2_AWS_11: VPC flow logging disabled by design
+}
+
+# Set default SG to restrict all traffic
+resource "aws_default_security_group" "default" {
+  vpc_id = aws_vpc.jenkins_vpc.id
+}
+
+##########################################
+# Subnets
+##########################################
+
+resource "aws_subnet" "public_subnets" {
+  count             = length(local.public_subnet_cidrs)
+  vpc_id            = aws_vpc.jenkins_vpc.id
+  cidr_block        = element(local.public_subnet_cidrs, count.index)
+  availability_zone = element(local.azs, count.index)
+
+  tags = merge(local.tags,
+    {
+      Name = "pub-subnet-${count.index + 1}"
+    }
+  )
+}
+
+resource "aws_subnet" "private_subnets" {
+  count             = length(local.private_subnet_cidrs)
+  vpc_id            = aws_vpc.jenkins_vpc.id
+  cidr_block        = element(local.private_subnet_cidrs, count.index)
+  availability_zone = element(local.azs, count.index)
+
+  tags = merge(local.tags,
+    {
+      Name = "pvt-subnet-${count.index + 1}"
+    }
+  )
+}
+
+##########################################
+# Internet Gateway
+##########################################
+
+resource "aws_internet_gateway" "igw" {
+  vpc_id = aws_vpc.jenkins_vpc.id
+  tags = merge(local.tags,
+    {
+      Name = "build-pipeline-igw"
+    }
+  )
+}
+
+##########################################
+# Route Tables & NAT Gateway
+##########################################
+
+resource "aws_route_table" "public_rt" {
+  vpc_id = aws_vpc.jenkins_vpc.id
+
+  # public route to the internet
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.igw.id
+  }
+
+  tags = merge(local.tags,
+    {
+      Name = "jenkins-public-rt"
+    }
+  )
+}
+
+resource "aws_route_table_association" "public_rt_asso" {
+  count          = length(aws_subnet.public_subnets)
+  route_table_id = aws_route_table.public_rt.id
+  subnet_id      = aws_subnet.public_subnets[count.index].id
+}
+
+resource "aws_eip" "nat_gateway_eip" {
+  depends_on = [aws_internet_gateway.igw]
+  #checkov:skip=CKV2_AWS_19:EIP associated with NAT Gateway through association ID
+  tags = merge(local.tags,
+    {
+      Name = "jenkins-nat-eip"
+    }
+  )
+}
+
+resource "aws_route_table" "private_rt" {
+  vpc_id = aws_vpc.jenkins_vpc.id
+
+  # route to the internet through NAT gateway
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.nat_gateway.id
+  }
+
+  tags = merge(local.tags,
+    {
+      Name = "jenkins-private-rt"
+    }
+  )
+}
+
+resource "aws_route_table_association" "private_rt_asso" {
+  count          = length(aws_subnet.private_subnets)
+  route_table_id = aws_route_table.private_rt.id
+  subnet_id      = aws_subnet.private_subnets[count.index].id
+}
+
+resource "aws_nat_gateway" "nat_gateway" {
+  allocation_id = aws_eip.nat_gateway_eip.id
+  subnet_id     = aws_subnet.public_subnets[0].id
+  tags = merge(local.tags,
+    {
+      Name = "jenkins-nat"
+    }
+  )
+}