{"id":22712159,"url":"https://github.com/buildit/fabricator-pipeline","last_synced_at":"2026-02-01T03:38:02.070Z","repository":{"id":78235702,"uuid":"128245320","full_name":"buildit/fabricator-pipeline","owner":"buildit","description":"CI/CD pipeline for Fabricator based project","archived":false,"fork":false,"pushed_at":"2018-04-26T20:42:00.000Z","size":57,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-06-18T15:54:59.348Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/buildit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-04-05T18:08:13.000Z","updated_at":"2018-04-26T20:42:01.000Z","dependencies_parsed_at":"2023-05-16T21:00:44.950Z","dependency_job_id":null,"html_url":"https://github.com/buildit/fabricator-pipeline","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/buildit/fabricator-pipeline","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buildit%2Ffabricator-pipeline","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buildit%2Ffabricator-pipeline/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buildit%2Ffabricator-pipeline/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buildit%2Ffabricator-pipeline/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/buildit","download_url":"https://codeload.github.com/buildit/fabricator-pipeline/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buildit%2Ffabricator-pipeline/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28966803,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-01T02:14:24.993Z","status":"ssl_error","status_checked_at":"2026-02-01T02:13:55.706Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-10T13:09:33.971Z","updated_at":"2026-02-01T03:38:02.052Z","avatar_url":"https://github.com/buildit.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"This projects purpose is to provide a pipeline for a [Fabricator](http://fbrctr.github.io) based project.\n\nThe current foundation has the following resources/characteristics:\n\n* 1 - VPC\n* 1 - Internet Gateway\n* 1 - Public Subnet\n* 1 - Private Subnet\n* 1 - Custom Route Table\n* 1 - Custom Route (for internet access)\n* 1 - Route Association (public subnet to custom route table)\n* 1 - Route Association (private subnet to custom route subnet)\n* 1 - NAT Gateway (routing to public subnet)\n* 1 - Route Association (private subnet to NAT)\n* 1 - Security Groups (for web server)\n* 4 - Security Group Rules\n  * HTTP inbound (any IP)\n  * SSH inbound (specific IP for admin purposes)\n  * SSH inbound (from local private subnet - used by CodeBuild containers)\n  * Anything outbound\n* 1 - EC2 instance\n* 1 - Elastic IP\n\n## Pre-build Requirements\n\n### AWSCLI\n\nYou will need to install the [AWSCLI](https://aws.amazon.com/cli/). It is highly recommended that you setup your home directory to support the AWSCLI tool as described [here](https://docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html).\n\n### Terraform\n\nThere are several ways to install Terraform. If you are a Homebrew user, I strongly encourage you to install Terraform as:\n\n```\nbrew update\nbrew doctor\nbrew install terraform\n```\n\n### Terragrunt\n\nThis is an open sources free tool for managing Terraform configurations. There are several ways to install [Terragrunt](https://github.com/gruntwork-io/terragrunt). If you are a Homebrew user, I strongly encourage you to install it this way:\n\n```\nbrew install terragrunt\n```\n\n### AWS User Access Credentials \n\nAs a best practice, create a dedicated user in AWS and associate it to the 'Terraform' group. This user will own and \noperate all the resources in AWS. A default user **fabricator-pipeline** is already created and is referenced in \nscripts.\n\nAdd the user id and secret in the AWS credentials file on your local machine in the ~/.aws/credentials:\n\n```\n[fabricator-pipeline]\naws_access_key_id = XXXXXXXXXXXXX\naws_secret_access_key = XXXXXXXXXXXXXXX\n```\n\n### Choose an AWS Region\n\nPick a region to work in. From this point onwards, everything you do will only apply to that region. If you decide to deploy the infrastructure in a different region, you will need to follow all the steps below again for that region.\n\nThe default region hard-coded in the scripts is **us-west-2** (Oregon) which you change per instructions below. \n\n### AWS Key Pair\n\nSSH Key Pair is essential to access the EC2 web server for CI/CD pipeline and administrative purposes. \n \nCreate a Key Pair in AWS to access the EC2 web sever instance. Save the key (.pem) file locally and record the key name to be used later as a parameter when creating the infrastructure. \n\nIn order for CodeBuild to deploy the artifacts to the web server automatically, you will need to place the SSH key file (.pem) file in a private encrypted S3 bucket:\n\n* Create a private S3 bucket with the following naming convention:\n  * **fabricator-support-\\\u003c\\\u003caws region\u003e\u003e** (replace the aws region appropriately)\n   e.g. **fabricator-support-us-west-2**\n* Encrypt the S3 bucket with a custom AWS-KSM \n* Add the SSH key file (.pem) with the following name:\n  * **key.pem**\n\n### Project Build Specification\n\nThe Codebuild service will utilize the **buildspec.yml** file to build, package, and deploy the target application.\n\nPlease ensure that the *buildspec.yml* is configured and available in the project root directory of your target Git project.\n\nThe following environment variables are made available to the Codebuild container which can be used in the buildspec.yml as needed:\n\n* WEB_SERVER_IP : The **private** IP address of the EC2 web server\n* SSH_KEY_S3_BUCKET : The name of the S3 bucket where SSH key file is stored\n* SSH_KEY_FILE : The name of the encrypted SSH key file which can be used to SSH in to the EC2 web server \n\n## Build\n\n### 1. Setup Remote State Management\n\nYou need to setup an S3 bucket that will be used to store Terraform state for each of the modules. This is a bit of a cart-horse thing since the S3 bucket setup is itself a module. In addition, because Terraform backend configuration doesn't allow any interpolation and Terragrunt configuration only allows function calls interpolation, this part is a little wonkie.\n\n### 1.1 Manual Change Remote State Settings\n```\ncd \u003cproject_root_dir\u003e\n```\n\nwhere 'project_root_dir' is the directory where you checked this source out to.\n\nIf you want to setup your own pipeline, then edit the root Terragrunt configuration file named 'terraform.tfvars' and change the following values:\n\n* bucket - This value needs to be globally unique name.\n  * Default: rig.fabricator-pipeline.us-west-2\n* region - Even though the S3 buckets are global and not regional specific, you still have to supply a AWS region. Weird I know.\n  * Default: us-west-2\n* dynamodb_table - A unique table name that will be used to store the lock when making changes to remote state.\n  * Default: fabricator-pipeline-lock-file.\n* profile - A local AWS CLI profile name in your AWS credentials file.\n  * Default: fabricator-pipeline\n\n### 1.2 Setup S3 Bucket to Store Remote State\n```\ncd \u003cproject_root_dir\u003e/global/s3\n```\n\nRun the Terragrunt apply to create the bucket which will also create the Dynamo DB table for you too.\n```\nterragrunt apply\n```\n\nYou will be prompted to supply some input values.\n* var.aws_profile - AWS profile name referenced in the credentials file.\n  * Provide the same profile name you entered above in the root terraform.tfvars file.\n* var.bucket_name - The name of the S3 bucket used to store terraform state. Must be globally unique.\n  * Provide the same bucket name you entered above in the root terraform.tfvars file.\n* var.shared_credentials_file - Absolute path the AWS credentials file.\n  * Provide an absolute path to the AWS credentials file on your local workstation.\n* var.state_lock_table - Name of state lock table used for remote state management.\n  * Enter value: fabricator-pipeline-lock-table\n\nIf all goes well (no errors), you will be asked to confirm changes before it creates the S3 bucket. You need to enter 'yes' to proceed.\n\nIf this finishes successfully, you will see the ARN name of the S3 bucket in the output.\n\nYou can verify the S3 bucket by logging into the AWS console for digital-rig, going to the S3 console and then filtering by the bucket name. Inside the bucket should be folders for global and then s3 and in the s3 folder, you will see the terraform.tfstate file.\n\n### 2. Setup Environment Infrastructure\n\nNext you need to create all the Infrastructure (networking, routes, security, instance, etc...) and the code pipeline for CI/CD. This project creates a new VPC so everything is isolated and self contained.\n\n### 2.1 Verify Integration Environment\n\nYou need to know your public IP address to allow SSH to the web server. You can get that IP address at [CheckIP](http://checkip.amazonaws.com). Once you have your IP, you need to build the infrastructure.\n\n```\ncd \u003cproject_root_dir\u003e/integration/services/webserver\nterragrunt plan\n```\n\nThere are many common parameters built into the terraform scripts to provision the infrastructure. Most of the parameters have default values which can be common across multiple deployments but you can change them if you wish.\n\nTo change any default parameters in the scripts, edit the **integration/services/webserver/variables.tf** file.\n\n**Note**: the default region is **us-west-2** so change this to your specific region where you provisioned your Key Pair and named your S3 bucket   \n \nYou will be prompted for the following information which is environment and deployment specific:\n* Cluster Name\n  * Enter: Name of the cluster which will be pre-fixed to all the resources created in AWS\n* Environment\n  * Enter:  int or stg\n* AWS shared credentials file\n  * Provide an absolute path to the AWS credentials file on your local workstation\n* AWS Profile\n  * Name of the user you created in Pre-build Requirements\n* SSH IP CIDR\n  * Enter: \\\u003cyour public ip address from ckeckip\u003e/32 or any other valid CIDR\n* Key pair name\n  * Enter: \u003cvalid key pair name from region\u003e\n* Git Repo Name\n  * Name of the Git repo from which to pull code and deploy to the web server\n* Git Auth Token\n  * Auth token you created in Pre-build Requirements\n* SSH Key Bucket Name\n  * Name of the S3 Key Pair bucket you created above in the Pre-build Requirements  \n* SSH Key File Name\n  * Name of the .pem key file name \n\nIf all is ok, proceed to the next step.\n\n### 2.2 Build Integration Environment\n```\nterragrunt apply\n```\n\nOnce the deployment is completed, you should see the public IP address of the \nEC2 web server in the output from Terraform. You will need this IP address in the next step and to SSH into the web server for administrative purposes. \n\n```\nApply complete! Resources: 26 added, 0 changed, 0 destroyed.\nReleasing state lock. This may take a few moments...\n\nOutputs:\n\nwebserver_public_ip = 54.218.191.159\n```\n\n**NOTE**- At this point, all of the infrastructure and CI/CD pipeline should be up and running \nbut Codebuild will fail because the nginx is not deployed yet on our web server.\n\nNot to worry, you will deploy and configure nginx web server in the next step.   \n\n### 3. Setup Nginx\n\nNext you need to configure an nginx web server on the ec2 instance. This project is using Ansible for configuration management.\n\n### 3.1 Setup configuration\n\nThere are two sample configuration files in the \u003cproject_root_dir\u003e/ansible/playbook folder:\n  * ancible.cfg.example\n  * hosts.example\n\nMake a copy the above files without the \".example\" extension, i.e. \"ancible.cfg\" and \"hosts\"\n\nMake the following changes in the configuration files:\n\n* **\u003cproject_root_dir\u003e/ansible/playbook/ansible.cfg**\n  * *private_key_file* = Absolute path of the SSH key pair file you downloaded above in the Pre-build Requirements\n* **\u003cproject_root_dir\u003e/ansible/playbook/hosts**\n  * *ansible_ssh_host* = Public IP address of the EC2 web server instance from the deployment above \n\n### 3.2 Run configuration\n\n```\ncd \u003cproject_root_dir\u003e/ansible/playbook\nansible-playbook web-notls.yml\n```\n\nwhere 'project_root_dir' is the directory where you checked this source out to.\n\n### 4. Run the Codepipeline to deploy the latest code\n\nNow that nginx server is installed and configured, run the CI/CD pipeline again in AWS to push the latest code successfully to the web server. After the deployment is complete, you should see your deployment by going to the public IP address of your web server in a browser.\n  ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbuildit%2Ffabricator-pipeline","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbuildit%2Ffabricator-pipeline","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbuildit%2Ffabricator-pipeline/lists"}