Environment Setup
Setup AWS Simple Email Service
Governor uses AWS SES to send emails. Therefore, you must configure an SES identity for the system.notifications.sender address used in Governor's configuration. See the AWS SES documentation for more information.
Create Secret in AWS Secrets Manager
Create a secret containing the GitHub App configuration and credentials in AWS Secrets Manager with the following keys and the appropriate values:
application_idclient_idprivate_keywebhook_secret
For example, a plain-text secret could look like this:
{
"application_id": 1234567890,
"client_id": "1234567890",
"private_key": "-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----\n",
"webhook_secret": "12345678901234567890"
}
Make a note of the secret name as it will be required when deploying Governor.
Pull and Deploy Docker Image
AWS Lambda does not support public AWS ECR images. Therefore, the image must be pulled from public ECR and pushed to a private registry before it can be deployed to Lambda. The following script can be used to pull the image and push it to a private ECR registry:
# Configure the version of Governor to deploy
GOVERNOR_VERSION="0.0.3-arm64"
# Configure your private ECR registry
REGION="us-east-1"
ACCOUNT_ID="<your-account-id>"
PRIVATE_ECR="${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com/stronghold/governor"
# Pull the image
docker pull public.ecr.aws/d5l8l5c9/stronghold/governor:${GOVERNOR_VERSION}
# Login to your private ECR
aws ecr get-login-password --region ${REGION} | docker login --username AWS --password-stdin ${PRIVATE_ECR%%/*}
# Tag and push to your private ECR
docker tag public.ecr.aws/d5l8l5c9/stronghold/governor:${GOVERNOR_VERSION} ${PRIVATE_ECR}:${GOVERNOR_VERSION}
docker push ${PRIVATE_ECR}:${GOVERNOR_VERSION}
echo "Update the EcrImageUri parameter in cloudformation.yaml to ${PRIVATE_ECR}:${GOVERNOR_VERSION}"