travis ci token is broken after copying the token from the travis-ci.com web ui. generated a new token from travis cli:
travis --version
1.8.2
# not using --org as i had before
travis login
travis token
big problem is that moving from org to com, the build numbering is restarted. this will overwrite the existing builds once the build numbers gets up that high. i think i need to rename the existing build data in s3.
prefix with org-? build/org-123.yml. this might have some unintended consequences.
aws --profile personal s3 sync s3://laps.run-ops-data-private/ data/
cp -R data data-original
cd data/build
find * -maxdepth 0 -exec mv {} org-{} \;
mv org-1.yml 1.yml
cd ../deploy-preview
find * -maxdepth 0 -exec mv {} org-{} \;
cd ../deploy-production
find * -maxdepth 0 -exec mv {} org-{} \;
mv org-1.yml 1.yml
aws --profile personal s3 sync data/ s3://laps.run-ops-data-private/ --delete
we’re looking good. i updated builds to use the filename as the page title, same as the deploy types.
moving existing laps.run resources from one terraform workspace to another. both are backed by s3. the source is an older version of terraform. i want to use the latest version in the new destination.
# source
terraform --version
Terraform v0.9.6
# destination
terraform --version
Terraform v0.11.8
+ provider.aws v1.40.0
deleted laps_run.tf file in source repo:
terraform plan
- aws_iam_access_key.laps_run_ci
- aws_iam_access_key.ops_laps_run_ci
- aws_iam_user.laps_run_ci
- aws_iam_user.ops_laps_run_ci
- aws_iam_user_policy.laps_run_ci
- aws_iam_user_policy.ops_laps_run_ci
- aws_s3_bucket.laps_run
- aws_s3_bucket.laps_run_ops
- aws_s3_bucket.laps_run_ops_data_private
- aws_s3_bucket.laps_run_preview
- aws_s3_bucket.laps_run_www
Plan: 0 to add, 0 to change, 11 to destroy.
this presents a list of the resources to moved.
AWS_PROFILE=personal terraform import aws_iam_user.laps_run_ci laps_run
AWS_PROFILE=personal terraform import aws_iam_user.ops_laps_run_ci ops_laps_run
AWS_PROFILE=personal terraform import aws_iam_user_policy.laps_run_ci laps_run:laps_run_ci
AWS_PROFILE=personal terraform import aws_iam_user_policy.ops_laps_run_ci ops_laps_run:ops_laps_run_ci
AWS_PROFILE=personal terraform import aws_s3_bucket.laps_run "laps.run"
AWS_PROFILE=personal terraform import aws_s3_bucket.laps_run_ops "ops.laps.run"
AWS_PROFILE=personal terraform import aws_s3_bucket.laps_run_ops_data_private "laps.run-ops-data-private"
AWS_PROFILE=personal terraform import aws_s3_bucket.laps_run_www "www.laps.run"
AWS_PROFILE=personal terraform import aws_s3_bucket.laps_run_preview "laps.run-preview"
iam access keys are not importable. i’ll delete and recreate.
remove items from original state (infra, 0.9.6)
terraform state rm aws_iam_user.laps_run_ci
and a plan after the rm runs and it looks as expected.
terraform plan
- aws_iam_access_key.laps_run_ci
- aws_iam_access_key.ops_laps_run_ci
Plan: 0 to add, 0 to change, 2 to destroy.
applied.
terraform apply plan
aws_iam_access_key.laps_run_ci: Destroying... (ID: AKIAJY2B6HKEH6LABESQ)
aws_iam_access_key.ops_laps_run_ci: Destroying... (ID: AKIAJNJDUHJRATYJYYIQ)
aws_iam_access_key.ops_laps_run_ci: Destruction complete
aws_iam_access_key.laps_run_ci: Destruction complete
Apply complete! Resources: 0 added, 0 changed, 2 destroyed.
new destination, plan:
+ aws_iam_access_key.laps_run_ci
+ aws_iam_access_key.ops_laps_run_ci
~ aws_iam_user.laps_run_ci
~ aws_iam_user.ops_laps_run_ci
~ aws_s3_bucket.laps_run
~ aws_s3_bucket.laps_run_ops
~ aws_s3_bucket.laps_run_ops_data_private
~ aws_s3_bucket.laps_run_preview
~ aws_s3_bucket.laps_run_www
- aws_s3_bucket_policy.laps_run
- aws_s3_bucket_policy.laps_run_ops
- aws_s3_bucket_policy.laps_run_preview
- aws_s3_bucket_policy.laps_run_www
Plan: 2 to add, 7 to change, 4 to destroy.
the edits and deletes appear to be differences in internals of the aws provider. i expect it to do inplace edits of the current resources at apply time.
rejiggered bucket policies as standalone resources instead of embedded in the bucket resource. still using the data source.
+ aws_iam_access_key.laps_run_ci
+ aws_iam_access_key.ops_laps_run_ci
~ aws_iam_user.laps_run_ci
force_destroy: "" => "false"
~ aws_iam_user.ops_laps_run_ci
force_destroy: "" => "false"
~ aws_s3_bucket.laps_run
acl: "" => "public-read"
force_destroy: "" => "true"
~ aws_s3_bucket.laps_run_ops
acl: "" => "public-read"
force_destroy: "" => "true"
~ aws_s3_bucket.laps_run_ops_data_private
acl: "" => "private"
force_destroy: "" => "true"
~ aws_s3_bucket.laps_run_preview
acl: "" => "public-read"
force_destroy: "" => "true"
~ aws_s3_bucket.laps_run_www
acl: "" => "public-read"
force_destroy: "" => "true"
~ aws_s3_bucket_policy.laps_run
~ aws_s3_bucket_policy.laps_run_ops
~ aws_s3_bucket_policy.laps_run_preview
~ aws_s3_bucket_policy.laps_run_www
Plan: 2 to add, 11 to change, 0 to destroy.
the bucket policy changes are whitespace only. probably differences in the version of the aws provider i used to create the policies and the latest version.
Apply complete! Resources: 2 added, 11 changed, 0 destroyed.
plan after apply:
No changes. Infrastructure is up-to-date.
resource list:
terraform state list
aws_iam_access_key.laps_run_ci
aws_iam_access_key.ops_laps_run_ci
aws_iam_policy_document.laps_run
aws_iam_policy_document.laps_run_ci
aws_iam_policy_document.laps_run_ops
aws_iam_policy_document.laps_run_preview
aws_iam_policy_document.laps_run_www
aws_iam_policy_document.ops_laps_run_ci
aws_iam_user.laps_run_ci
aws_iam_user.ops_laps_run_ci
aws_iam_user_policy.laps_run_ci
aws_iam_user_policy.ops_laps_run_ci
aws_s3_bucket.laps_run
aws_s3_bucket.laps_run_ops
aws_s3_bucket.laps_run_ops_data_private
aws_s3_bucket.laps_run_preview
aws_s3_bucket.laps_run_www
aws_s3_bucket_policy.laps_run
aws_s3_bucket_policy.laps_run_ops
aws_s3_bucket_policy.laps_run_preview
aws_s3_bucket_policy.laps_run_www
The difference between trusted and untrusted builds can be determined based on env var TRAVIS_SECURE_ENV_VARS, “true” or “false”.