sample-spec-driven-presentation-maker/buildspec.yml at main · aws-samples/sample-spec-driven-presentation-maker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
version: 0.2

phases:
  install:
    runtime-versions:
      nodejs: 20
    commands:
      - npm install -g aws-cdk
      - cd infra && npm ci && cd ..
  pre_build:
    commands:
      # Use config.yaml from source if present; otherwise generate from env vars.
      # This allows local deploys to use their own config.yaml (with model settings,
      # WAF, auth, etc.) while CloudShell/fresh-clone deploys still work via env vars.
      - |
        if [ -f infra/config.yaml ]; then
          echo "Using config.yaml from source"
        else
          echo "Generating config.yaml from environment variables"
          cat > infra/config.yaml <<EOF
        stacks:
          data: true
          runtime: true
          agent: ${STACK_AGENT:-false}
          webUi: ${STACK_WEB_UI:-false}
        features:
          enableInvocationLogging: ${FEATURE_ENABLE_INVOCATION_LOGGING:-false}
        EOF
          sed -i 's/^        //' infra/config.yaml
          if [ -n "${WAF_IPV4}" ] || [ -n "${WAF_IPV6}" ]; then
            echo "waf:" >> infra/config.yaml
            if [ -n "${WAF_IPV4}" ]; then
              echo "  allowedIpV4AddressRanges:" >> infra/config.yaml
              IFS=',' read -ra CIDRS <<< "${WAF_IPV4}"
              for c in "${CIDRS[@]}"; do
                echo "    - \"${c}\"" >> infra/config.yaml
              done
            fi
            if [ -n "${WAF_IPV6}" ]; then
              echo "  allowedIpV6AddressRanges:" >> infra/config.yaml
              IFS=',' read -ra CIDRS <<< "${WAF_IPV6}"
              for c in "${CIDRS[@]}"; do
                echo "    - \"${c}\"" >> infra/config.yaml
              done
            fi
          fi
          if [ -n "${AUTH_OIDC_URL}" ] && [ -n "${AUTH_ALLOWED_CLIENTS}" ]; then
            cat >> infra/config.yaml <<AUTHEOF
        auth:
          oidcDiscoveryUrl: "${AUTH_OIDC_URL}"
          allowedClients:
        AUTHEOF
            sed -i '/^auth:/,$ s/^        //' infra/config.yaml
            IFS=',' read -ra CLIENTS <<< "${AUTH_ALLOWED_CLIENTS}"
            for c in "${CLIENTS[@]}"; do
              echo "  - \"${c}\"" >> infra/config.yaml
            done
          fi
        fi
      - cat infra/config.yaml
  build:
    commands:
      # Build web-ui if Layer 4 (webUi) is enabled.
      - |
        if grep -q "webUi: true" infra/config.yaml 2>/dev/null; then
          echo "Building web-ui..."
          eval "$(cd infra && node lib/resolve-model-env.js)"
          cd web-ui && npm ci && npm run build:cloud && cd ..
        fi
      # Bootstrap CDK if not already done (idempotent)
      - cd infra && cdk bootstrap --quiet || true
      - cdk ${CDK_COMMAND:-deploy} ${STACK:---all} --require-approval never