summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZachariah Mully <mully@mapbox.com>2019-06-13 12:10:09 -0400
committerJason Wray <jason@mapbox.com>2019-07-01 11:03:25 -0700
commit888623e8d5f7662626c7a2077ea5e6306dc15272 (patch)
treeb146f1cb8628e7d32159ece3629bb37c4537c83f
parent4c896cbb31fcb929b0e57c7bd02e519c267a1be1 (diff)
downloadqtlocation-mapboxgl-upstream/fixCiTemplate.tar.gz
[build] clean up cloudformation template and policiesupstream/fixCiTemplate
-rw-r--r--ci.template223
-rw-r--r--cloudformation/ci.template.js117
2 files changed, 117 insertions, 223 deletions
diff --git a/ci.template b/ci.template
deleted file mode 100644
index 578ce24c81..0000000000
--- a/ci.template
+++ /dev/null
@@ -1,223 +0,0 @@
-{
- "AWSTemplateFormatVersion": "2010-09-09",
- "Description": "mapbox-gl-native travis resources",
- "Resources": {
- "BuildUser": {
- "Type": "AWS::IAM::User",
- "Properties": {
- "Policies": [
- {
- "PolicyName": "list-testing",
- "PolicyDocument": {
- "Statement": [
- {
- "Action": [
- "s3:ListBucket"
- ],
- "Effect": "Allow",
- "Resource": [
- "arn:aws:s3:::mapbox"
- ],
- "Condition": {
- "StringLike": {
- "s3:prefix": "mapbox-gl-native/*"
- }
- }
- }
- ]
- }
- },
- {
- "PolicyName": "build-testing",
- "PolicyDocument": {
- "Statement": [
- {
- "Action": [
- "s3:DeleteObject",
- "s3:GetObject",
- "s3:GetObjectAcl",
- "s3:PutObject",
- "s3:PutObjectAcl"
- ],
- "Effect": "Allow",
- "Resource": [
- "arn:aws:s3:::mapbox/mapbox-gl-native/*"
- ]
- }
- ]
- }
- },
- {
- "PolicyName": "list-node",
- "PolicyDocument": {
- "Statement": [
- {
- "Action": [
- "s3:ListBucket"
- ],
- "Resource": [
- "arn:aws:s3:::mapbox-node-binary"
- ],
- "Effect": "Allow"
- }
- ]
- }
- },
- {
- "PolicyName": "build-node",
- "PolicyDocument": {
- "Statement": [
- {
- "Action": [
- "s3:DeleteObject",
- "s3:GetObject",
- "s3:GetObjectAcl",
- "s3:PutObject",
- "s3:PutObjectAcl"
- ],
- "Resource": [
- "arn:aws:s3:::mapbox-node-binary/@mapbox/mapbox-gl-native/*"
- ],
- "Effect": "Allow"
- }
- ]
- }
- },
- {
- "PolicyName": "cloudwatch-metrics",
- "PolicyDocument": {
- "Statement": [
- {
- "Action": [
- "cloudwatch:PutMetricData",
- "cloudwatch:GetMetricData",
- "cloudwatch:GetMetricStatistics"
- ],
- "Effect": "Allow",
- "Resource": [
- "*"
- ]
- }
- ]
- }
- },
- {
- "PolicyName": "get-signing-key",
- "PolicyDocument": {
- "Statement": [
- {
- "Action": [
- "s3:GetObject"
- ],
- "Effect": "Allow",
- "Resource": [
- "arn:aws:s3:::mapbox/android/signing-credentials/secring.gpg"
- ]
- }
- ]
- }
- },
- {
- "PolicyName": "publish-metrics",
- "PolicyDocument": {
- "Statement": [
- {
- "Action": [
- "s3:PutObject",
- "s3:GetObject",
- "s3:GetObjectAcl"
- ],
- "Effect": "Allow",
- "Resource": [
- "arn:aws:s3:::mapbox-loading-dock/raw/mobile.binarysize/*",
- "arn:aws:s3:::mapbox-loading-dock/raw/mobile.codecoverage/*",
- "arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.docs_coverage/*",
- "arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.codecoverage/*",
- "arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.github_stats/*"
- ]
- }
- ]
- }
- },
- {
- "PolicyName": "list-loading-dock",
- "PolicyDocument": {
- "Statement": [
- {
- "Action": [
- "s3:ListBucket"
- ],
- "Resource": [
- "arn:aws:s3:::mapbox-loading-dock"
- ],
- "Effect": "Allow"
- }
- ]
- }
- },
- {
- "PolicyName": "cloudwatch-metrics",
- "PolicyDocument": {
- "Statement": [
- {
- "Action": [
- "cloudwatch:PutMetricData",
- "cloudwatch:GetMetricData",
- "cloudwatch:GetMetricStatistics"
- ],
- "Effect": "Allow",
- "Resource": [
- "*"
- ]
- }
- ]
- }
- },
- {
- "PolicyName": "publish-nightlies",
- "PolicyDocument": {
- "Statement": [
- {
- "Action": [
- "s3:DeleteObject",
- "s3:GetObject",
- "s3:GetObjectAcl",
- "s3:PutObject",
- "s3:PutObjectAcl"
- ],
- "Effect": "Allow",
- "Resource": [
- "arn:aws:s3:::mapbox/mapbox-gl-native/ios/builds/*"
- ]
- }
- ]
- }
- }
- ]
- }
- },
- "BuildUserKey": {
- "Type": "AWS::IAM::AccessKey",
- "Properties": {
- "UserName": {
- "Ref": "BuildUser"
- }
- }
- }
- },
- "Outputs": {
- "AccessKeyId": {
- "Value": {
- "Ref": "BuildUserKey"
- }
- },
- "SecretAccessKey": {
- "Value": {
- "Fn::GetAtt": [
- "BuildUserKey",
- "SecretAccessKey"
- ]
- }
- }
- }
-}
diff --git a/cloudformation/ci.template.js b/cloudformation/ci.template.js
new file mode 100644
index 0000000000..e0e1fc0603
--- /dev/null
+++ b/cloudformation/ci.template.js
@@ -0,0 +1,117 @@
+'use strict';
+
+const template = {
+ AWSTemplateFormatVersion: '2010-09-09',
+ Description: 'mapbox-gl-native travis resources',
+ Resources: {
+ BuildUser: {
+ Type: 'AWS::IAM::User',
+ Properties: {
+ Policies: [
+ {
+ PolicyName: 'listBuckets',
+ PolicyDocument: {
+ Statement: [
+ {
+ Action: [ 's3:ListBucket' ],
+ Effect: 'Allow',
+ Resource: [ 'arn:aws:s3:::mapbox' ],
+ Condition: { StringLike: { 's3:prefix': 'mapbox-gl-native/*' } }
+ },
+ {
+ Action: [ 's3:ListBucket' ],
+ Resource: [ 'arn:aws:s3:::mapbox-node-binary' ],
+ Effect: 'Allow'
+ },
+ {
+ Action: [ 's3:ListBucket' ],
+ Resource: [ 'arn:aws:s3:::mapbox-loading-dock' ],
+ Effect: 'Allow'
+ }
+ ]
+ }
+ },
+ {
+ PolicyName: 'build-testing',
+ PolicyDocument: {
+ Statement: [
+ {
+ Action: [
+ 's3:GetObject',
+ 's3:GetObjectAcl',
+ 's3:PutObject',
+ 's3:PutObjectAcl'
+ ],
+ Effect: 'Allow',
+ Resource: [
+ 'arn:aws:s3:::mapbox/mapbox-gl-native/*',
+ 'arn:aws:s3:::mapbox-node-binary/@mapbox/mapbox-gl-native/*',
+ 'arn:aws:s3:::mapbox/mapbox-gl-native/ios/builds/*'
+ ]
+ }
+ ]
+ }
+ },
+ {
+ PolicyName: 'cloudwatch-metrics',
+ PolicyDocument: {
+ Statement: [
+ {
+ Action: [
+ 'cloudwatch:PutMetricData',
+ 'cloudwatch:GetMetricData',
+ 'cloudwatch:GetMetricStatistics'
+ ],
+ Effect: 'Allow',
+ Resource: [ '*' ]
+ }
+ ]
+ }
+ },
+ {
+ PolicyName: 'get-signing-key',
+ PolicyDocument: {
+ Statement: [
+ {
+ Action: [ 's3:GetObject' ],
+ Effect: 'Allow',
+ Resource: [
+ 'arn:aws:s3:::mapbox/android/signing-credentials/secring.gpg'
+ ]
+ }
+ ]
+ }
+ },
+ {
+ PolicyName: 'publish-metrics',
+ PolicyDocument: {
+ Statement: [
+ {
+ Action: [ 's3:PutObject', 's3:GetObject', 's3:GetObjectAcl' ],
+ Effect: 'Allow',
+ Resource: [
+ 'arn:aws:s3:::mapbox-loading-dock/raw/mobile.binarysize/*',
+ 'arn:aws:s3:::mapbox-loading-dock/raw/mobile.codecoverage/*',
+ 'arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.docs_coverage/*',
+ 'arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.codecoverage/*',
+ 'arn:aws:s3:::mapbox-loading-dock/raw/mobile_staging.github_stats/*'
+ ]
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ BuildUserKey: {
+ Type: 'AWS::IAM::AccessKey',
+ Properties: { UserName: { Ref: 'BuildUser' } }
+ }
+ },
+ Outputs: {
+ AccessKeyId: { Value: { Ref: 'BuildUserKey' } },
+ SecretAccessKey: { Value: { 'Fn::GetAtt': [ 'BuildUserKey', 'SecretAccessKey' ] } }
+ }
+};
+
+module.exports = template;