Alfred Lucero alfredlucero
alfredlucero
/ main.tf
Created
August 14, 2020 22:17
Security Headers Terraform - Modules for CloudFront/Lambda_Zip in apply environment folder's main.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ...more modules for other environments and use cases | |
| # We instantiate this module to zip up the lambdas/security_headers folder which holds our lambda js files | |
| module "security_headers_lambda_zip_staging" { | |
| source = "../../modules/lambda_zip" | |
| source_dir_path = "security_headers" | |
| zip_filename = "securityHeadersLambdaStaging.zip" | |
| } | |
| module "cloudfront-staging" { |
alfredlucero
/ cloudfront.tf
Created
August 14, 2020 22:10
Security Headers Terraform - CloudFront Module Cache Behavior Lambda Function Association
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ...S3 resources/policies | |
| resource "aws_cloudfront_distribution" "cloudfront-distribution" { | |
| # ...S3 origin configs | |
| default_cache_behavior { | |
| allowed_methods = ["GET", "HEAD", "OPTIONS"] | |
| cached_methods = ["GET", "HEAD", "OPTIONS"] | |
| target_origin_id = "${var.origin_group_id}" | |
| compress = true |
alfredlucero
/ cloudfront.tf
Created
August 14, 2020 22:06
Security Headers Terraform - CloudFront Module Lambda Resource
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ...CloudFront/S3 resources/policies | |
| # Lambda Edge Role | |
| resource "aws_iam_role" "lambda_edge_role" { | |
| name = "${var.lambda_edge_role_name}" | |
| assume_role_policy = <<EOF | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ |
alfredlucero
/ lambda_zip.tf
Created
August 14, 2020 22:01
Security Headers Terraform - Lambda Zip Module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # In each of our development and production folders we have a main.tf, backend.tf, | |
| # and lambas folder holding the environment's lambdas | |
| # We intend on zipping up the files within the lambdas folder for us to eventually upload for our lambda function resource | |
| # We pass in variables such as source_dir_path and zip_filename for flexibility when instantiating this module for different environments | |
| data "archive_file" "lambda_zip" { | |
| type = "zip" | |
| source_dir = "./lambdas/${var.source_dir_path}" | |
| output_path = "./lambdas/${var.zip_filename}" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "use strict"; | |
| const path = require("path"); | |
| const formSpaceSeparatedList = (list) => list.join(" "); | |
| // For scripts we want to be able to load in our app i.e. third-party scripts, app scripts | |
| const scriptSrcAllowlist = [ | |
| // https://somescript.com... | |
| ]; | |
| const generateScriptSrcPolicy = () => { |
alfredlucero
/ pipeline.cypress.yml
Created
August 3, 2020 17:39
Cypress Tips/Tricks - Cypress Trigger Pipeline Buildkite Steps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Whether we plan to use this in a separate pipeline for scheduled Cypress test runs or for triggering tests in a separate Cypress pipeline | |
| # all we have to do is change up the environment variable values for things to work | |
| steps: | |
| - label: ':npm: :docker: Build Cypress Docker image' | |
| command: | |
| # Building Cypress Docker image with application/test code | |
| # We need to tag latest and Buildkite version on the container | |
| - docker-compose -f docker-compose.cypress.yml build cypress | |
| - docker tag <private_docker_registry_path>:${VERSION} <private_docker_registry_path>:latest | |
| # Pushing images to private registry with Buildkite versioning and latest tags |
alfredlucero
/ docker-compose.cypress.yml
Created
August 3, 2020 17:32
Cypress Tips/Tricks - Cypress Docker Compose File
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3.2' | |
| services: | |
| cypress: | |
| image: <private_docker_image_path>:${VERSION:-latest} | |
| # To handle OOM issues when running Cypress headless electron in Docker | |
| shm_size: '3gb' | |
| build: | |
| cache_from: | |
| - <private_docker_image_path>:latest | |
| context: . |
alfredlucero
/ Dockerfile.cypress
Created
August 3, 2020 17:26
Cypress Tips/Tricks - Cypress Dockerfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Dockerfile | |
| # Use Cypress's base image to help set up the environment/dependencies | |
| FROM cypress/base:12.6.0 | |
| # This helps to clean up the console output | |
| ENV CI=1 | |
| # Proceed with installing Node dependencies | |
| RUN mkdir -p /opt/frontendapp/ | |
| WORKDIR /opt/frontendapp/ |
alfredlucero
/ triggerCypress.yml
Created
August 2, 2020 03:03
Cypress Tips/Tricks - Buildkite Trigger Cypress from Bash Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is triggered from our runCypress.sh script from the main pipeline.yml's Cypress select and trigger steps | |
| steps: | |
| - trigger: 'cypress-trigger' # We have a separate pipeline called cypress-trigger to run our Cypress tests | |
| label: ':cypress: Triggered $CYPRESS_SPECS specs against the $CYPRESS_TEST_ENV environment :cypress:' | |
| async: '$ASYNC' | |
| build: | |
| commit: '$BUILDKITE_COMMIT' | |
| message: '$BUILDKITE_MESSAGE' | |
| branch: '$BUILDKITE_BRANCH' | |
| # Refer to environment variables exported from runCypress.sh for where these are coming from when we call this trigger step |
alfredlucero
/ runCypress.sh
Created
August 2, 2020 02:57
Cypress Tips/Tricks - Buildkite Parse Selected Cypress Specs and Trigger Cypress Pipeline to Run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| # Get where the script is currently running from | |
| DIRNAME=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) | |
| # Get spec selection values; its value will be the Cypress spec's relative path i.e. cypress/integration/SenderAuthentication/**/* | |
| RUNALL=$(buildkite-agent meta-data get "runAll") | |
| RUNALERTS=$(buildkite-agent meta-data get "runAlerts") | |
| RUNMAILSETTINGS=$(buildkite-agent meta-data get "runMailSettings") |
NewerOlder