|
| 1 | +REGION = us-east-1 |
| 2 | +BROKER_NAME = github-lfs |
| 3 | +SNAPSHOT_NAME = github-lfs-snapshot |
| 4 | +PROFILE = YOUR_PROFILE_NAME |
| 5 | +LFS_BUCKET = YOUR_BUCKET_NAME |
| 6 | +SNAPSHOT_BUCKET = YOUR_BUCKET_NAME |
| 7 | +SNAPSHOT_PREFIX = public/ |
| 8 | +EXTRA_SNAPSHOT_BUCKETS = |
| 9 | +ACCOUNT_ID = YOUR_ACCOUNT_ID |
| 10 | +ROLE_NAME = github-lfs-lambda-role |
| 11 | +REPO = YOUR_ORG/YOUR_REPO |
| 12 | +REF = master |
| 13 | +GITHUB_HOST = github.com |
| 14 | + |
| 15 | +# ----------------------------------------------------------------------- |
| 16 | +# Init (first time only - sets up Go modules) |
| 17 | +# ----------------------------------------------------------------------- |
| 18 | + |
| 19 | +init-broker: |
| 20 | + cd lfs-broker && go mod init github.com/cbioportal/lfs-broker && \ |
| 21 | + go get github.com/aws/aws-lambda-go@latest && \ |
| 22 | + go get github.com/aws/aws-sdk-go-v2@latest && \ |
| 23 | + go get github.com/aws/aws-sdk-go-v2/config@latest && \ |
| 24 | + go get github.com/aws/aws-sdk-go-v2/service/s3@latest && \ |
| 25 | + go get github.com/aws/aws-sdk-go-v2/service/secretsmanager@latest && \ |
| 26 | + go mod tidy |
| 27 | + |
| 28 | +init-snapshot: |
| 29 | + cd lfs-snapshot && go mod init github.com/cbioportal/lfs-snapshot && \ |
| 30 | + go get github.com/aws/aws-lambda-go@latest && \ |
| 31 | + go get github.com/aws/aws-sdk-go-v2@latest && \ |
| 32 | + go get github.com/aws/aws-sdk-go-v2/config@latest && \ |
| 33 | + go get github.com/aws/aws-sdk-go-v2/service/s3@latest && \ |
| 34 | + go mod tidy |
| 35 | + |
| 36 | +init: init-broker init-snapshot |
| 37 | + |
| 38 | +# ----------------------------------------------------------------------- |
| 39 | +# Bucket setup |
| 40 | +# ----------------------------------------------------------------------- |
| 41 | + |
| 42 | +configure-bucket: |
| 43 | + aws s3api put-public-access-block \ |
| 44 | + --bucket $(LFS_BUCKET) \ |
| 45 | + --public-access-block-configuration \ |
| 46 | + "BlockPublicAcls=false,IgnorePublicAcls=false,BlockPublicPolicy=false,RestrictPublicBuckets=false" \ |
| 47 | + --region $(REGION) \ |
| 48 | + --profile $(PROFILE) |
| 49 | + aws s3api put-bucket-policy \ |
| 50 | + --bucket $(LFS_BUCKET) \ |
| 51 | + --policy file://docs/bucket-policy.json \ |
| 52 | + --region $(REGION) \ |
| 53 | + --profile $(PROFILE) |
| 54 | + |
| 55 | +# ----------------------------------------------------------------------- |
| 56 | +# Build |
| 57 | +# ----------------------------------------------------------------------- |
| 58 | + |
| 59 | +build-broker: |
| 60 | + cd lfs-broker && GOOS=linux GOARCH=amd64 go build -o bootstrap main.go && zip function.zip bootstrap |
| 61 | + |
| 62 | +build-snapshot: |
| 63 | + cd lfs-snapshot && GOOS=linux GOARCH=amd64 go build -o bootstrap main.go && zip function.zip bootstrap |
| 64 | + |
| 65 | +build: build-broker build-snapshot |
| 66 | + |
| 67 | +# ----------------------------------------------------------------------- |
| 68 | +# Create (first time setup) |
| 69 | +# ----------------------------------------------------------------------- |
| 70 | + |
| 71 | +create-broker: build-broker |
| 72 | + aws lambda create-function \ |
| 73 | + --function-name $(BROKER_NAME) \ |
| 74 | + --runtime provided.al2023 \ |
| 75 | + --role arn:aws:iam::$(ACCOUNT_ID):role/$(ROLE_NAME) \ |
| 76 | + --handler bootstrap \ |
| 77 | + --zip-file fileb://lfs-broker/function.zip \ |
| 78 | + --environment Variables="{S3_BUCKET=$(LFS_BUCKET),LFS_SECRET_NAME=github-lfs-api-keys}" \ |
| 79 | + --timeout 30 \ |
| 80 | + --region $(REGION) \ |
| 81 | + --profile $(PROFILE) |
| 82 | + aws lambda create-function-url-config \ |
| 83 | + --function-name $(BROKER_NAME) \ |
| 84 | + --auth-type NONE \ |
| 85 | + --region $(REGION) \ |
| 86 | + --profile $(PROFILE) |
| 87 | + aws lambda add-permission \ |
| 88 | + --function-name $(BROKER_NAME) \ |
| 89 | + --statement-id FunctionURLAllowPublicAccess \ |
| 90 | + --action lambda:InvokeFunctionUrl \ |
| 91 | + --principal "*" \ |
| 92 | + --function-url-auth-type NONE \ |
| 93 | + --region $(REGION) \ |
| 94 | + --profile $(PROFILE) |
| 95 | + aws lambda add-permission \ |
| 96 | + --function-name $(BROKER_NAME) \ |
| 97 | + --statement-id FunctionURLAllowInvoke \ |
| 98 | + --action lambda:InvokeFunction \ |
| 99 | + --principal "*" \ |
| 100 | + --region $(REGION) \ |
| 101 | + --profile $(PROFILE) |
| 102 | + |
| 103 | +create-snapshot: build-snapshot |
| 104 | + aws lambda create-function \ |
| 105 | + --function-name $(SNAPSHOT_NAME) \ |
| 106 | + --runtime provided.al2023 \ |
| 107 | + --role arn:aws:iam::$(ACCOUNT_ID):role/$(ROLE_NAME) \ |
| 108 | + --handler bootstrap \ |
| 109 | + --zip-file fileb://lfs-snapshot/function.zip \ |
| 110 | + --environment Variables="{LFS_BUCKET=$(LFS_BUCKET),SNAPSHOT_BUCKET=$(SNAPSHOT_BUCKET),SNAPSHOT_PREFIX=$(SNAPSHOT_PREFIX),EXTRA_SNAPSHOT_BUCKETS=$(EXTRA_SNAPSHOT_BUCKETS)}" \ |
| 111 | + --timeout 300 \ |
| 112 | + --region $(REGION) \ |
| 113 | + --profile $(PROFILE) |
| 114 | + aws lambda create-function-url-config \ |
| 115 | + --function-name $(SNAPSHOT_NAME) \ |
| 116 | + --auth-type NONE \ |
| 117 | + --region $(REGION) \ |
| 118 | + --profile $(PROFILE) |
| 119 | + aws lambda add-permission \ |
| 120 | + --function-name $(SNAPSHOT_NAME) \ |
| 121 | + --statement-id FunctionURLAllowPublicAccess \ |
| 122 | + --action lambda:InvokeFunctionUrl \ |
| 123 | + --principal "*" \ |
| 124 | + --function-url-auth-type NONE \ |
| 125 | + --region $(REGION) \ |
| 126 | + --profile $(PROFILE) |
| 127 | + aws lambda add-permission \ |
| 128 | + --function-name $(SNAPSHOT_NAME) \ |
| 129 | + --statement-id FunctionURLAllowInvoke \ |
| 130 | + --action lambda:InvokeFunction \ |
| 131 | + --principal "*" \ |
| 132 | + --region $(REGION) \ |
| 133 | + --profile $(PROFILE) |
| 134 | + |
| 135 | +create: create-broker create-snapshot |
| 136 | + |
| 137 | +# ----------------------------------------------------------------------- |
| 138 | +# Deploy (update existing functions) |
| 139 | +# ----------------------------------------------------------------------- |
| 140 | + |
| 141 | +deploy-broker: build-broker |
| 142 | + aws lambda update-function-code \ |
| 143 | + --function-name $(BROKER_NAME) \ |
| 144 | + --zip-file fileb://lfs-broker/function.zip \ |
| 145 | + --region $(REGION) \ |
| 146 | + --profile $(PROFILE) |
| 147 | + |
| 148 | +deploy-snapshot: build-snapshot |
| 149 | + aws lambda update-function-code \ |
| 150 | + --function-name $(SNAPSHOT_NAME) \ |
| 151 | + --zip-file fileb://lfs-snapshot/function.zip \ |
| 152 | + --region $(REGION) \ |
| 153 | + --profile $(PROFILE) |
| 154 | + |
| 155 | +deploy: deploy-broker deploy-snapshot |
| 156 | + |
| 157 | +# ----------------------------------------------------------------------- |
| 158 | +# Logs |
| 159 | +# ----------------------------------------------------------------------- |
| 160 | + |
| 161 | +logs-broker: |
| 162 | + aws logs tail /aws/lambda/$(BROKER_NAME) \ |
| 163 | + --region $(REGION) \ |
| 164 | + --profile $(PROFILE) \ |
| 165 | + --follow |
| 166 | + |
| 167 | +logs-snapshot: |
| 168 | + aws logs tail /aws/lambda/$(SNAPSHOT_NAME) \ |
| 169 | + --region $(REGION) \ |
| 170 | + --profile $(PROFILE) \ |
| 171 | + --follow |
| 172 | + |
| 173 | +# ----------------------------------------------------------------------- |
| 174 | +# Info |
| 175 | +# ----------------------------------------------------------------------- |
| 176 | + |
| 177 | +url-broker: |
| 178 | + aws lambda get-function-url-config \ |
| 179 | + --function-name $(BROKER_NAME) \ |
| 180 | + --region $(REGION) \ |
| 181 | + --profile $(PROFILE) \ |
| 182 | + --query FunctionUrl \ |
| 183 | + --output text |
| 184 | + |
| 185 | +url-snapshot: |
| 186 | + aws lambda get-function-url-config \ |
| 187 | + --function-name $(SNAPSHOT_NAME) \ |
| 188 | + --region $(REGION) \ |
| 189 | + --profile $(PROFILE) \ |
| 190 | + --query FunctionUrl \ |
| 191 | + --output text |
| 192 | + |
| 193 | +# ----------------------------------------------------------------------- |
| 194 | +# Secrets |
| 195 | +# ----------------------------------------------------------------------- |
| 196 | + |
| 197 | +list-curators: |
| 198 | + aws secretsmanager get-secret-value \ |
| 199 | + --secret-id github-lfs-api-keys \ |
| 200 | + --region $(REGION) \ |
| 201 | + --profile $(PROFILE) \ |
| 202 | + --query SecretString \ |
| 203 | + --output text | jq 'keys' |
| 204 | + |
| 205 | +# ----------------------------------------------------------------------- |
| 206 | +# Snapshot |
| 207 | +# ----------------------------------------------------------------------- |
| 208 | + |
| 209 | +full-snapshot: |
| 210 | + $(eval TOKEN := $(shell gh auth token --hostname $(GITHUB_HOST))) |
| 211 | + $(eval URL := $(shell make url-snapshot --no-print-directory)) |
| 212 | + curl -X POST $(URL) \ |
| 213 | + -H "Content-Type: application/json" \ |
| 214 | + -d '{"repo":"$(REPO)","ref":"$(REF)","token":"$(TOKEN)","github_host":"$(GITHUB_HOST)"}' |
| 215 | + |
| 216 | +.PHONY: init init-broker init-snapshot \ |
| 217 | + configure-bucket \ |
| 218 | + build build-broker build-snapshot \ |
| 219 | + create create-broker create-snapshot \ |
| 220 | + deploy deploy-broker deploy-snapshot \ |
| 221 | + logs-broker logs-snapshot \ |
| 222 | + url-broker url-snapshot \ |
| 223 | + list-curators full-snapshot |
0 commit comments