chore(infrastructure): Create CI /CD v2 github workflow

Vizzuality · Nov 21, 2024 · 61d4439 · 61d4439
1 parent 649c7a2
commit 61d4439
Show file tree

Hide file tree

Showing 11 changed files with 416 additions and 53 deletions.
diff --git a/.github/workflows/cicd v2.yml b/.github/workflows/cicd v2.yml
@@ -0,0 +1,215 @@
+name: CI / CD v2
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - chore/infrastructure-migration
+    paths:
+      - "api/**"
+      - ".github/workflows/*"
+
+jobs:
+  build-and-test:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Build and run tests
+        run: docker compose up --build --exit-code-from test test
+
+      - name: Clean up
+        run: docker compose down
+
+  # BUILD AND DEPLOY
+  set_environment:
+    runs-on: ubuntu-latest
+    name: Set Deployment Environment
+    # if: ${{ github.event_name == 'workflow_dispatch' || github.ref_name == 'staging' || github.ref_name == 'main' }}
+    outputs:
+      env_name: ${{ steps.set_env.outputs.env_name }}
+    steps:
+      - id: set_env
+        run: echo "env_name=develop" >> $GITHUB_OUTPUT
+        # run: echo "env_name=${{ github.ref_name }}" >> $GITHUB_OUTPUT
+
+  build_api:
+    name: build-api
+    needs: [ set_environment ]
+    runs-on: ubuntu-latest
+    environment:
+      name: ${{ needs.set_environment.outputs.env_name }}
+    steps:
+      - name: Debug env_name
+        run: |
+          echo "Environment name is: ${{ needs.set_environment.outputs.env_name }}"
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }}
+          aws-region: ${{ vars.TF_AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          mask-password: 'true'
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build, tag, and push Client image to Amazon ECR
+        uses: docker/build-push-action@v5
+        with:
+          context: api
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          file: ./api/Dockerfile
+          push: true
+          tags: |
+            ${{ steps.login-ecr.outputs.registry }}/${{ secrets.TF_API_REPOSITORY_NAME }}:${{ github.sha }}
+            ${{ steps.login-ecr.outputs.registry }}/${{ secrets.TF_API_REPOSITORY_NAME }}:${{ needs.set_environment.outputs.env_name }}
+  deploy:
+    name: deploy
+    needs: [ set_environment, build_api ]
+    runs-on: ubuntu-latest
+    environment:
+      name: ${{ needs.set_environment.outputs.env_name }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }}
+          aws-region: ${{ vars.TF_AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Generate docker compose file
+        working-directory: infrastructure/v2/source_bundle
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+
+          # API 
+          ECR_REPOSITORY_API: ${{ secrets.TF_API_REPOSITORY_NAME }}
+          IMAGE_TAG: ${{ needs.set_environment.outputs.env_name }}
+          API_AUTH_TOKEN: ${{ secrets.TF_API_AUTH_TOKEN }}
+          API_TIFF_PATH: ${{ vars.TF_API_TIFF_PATH }}
+          API_GRID_TILES_PATH: ${{ vars.TF_API_GRID_TILES_PATH }}
+
+          # Client
+          ECR_REPOSITORY_CLIENT: ${{ secrets.TF_CLIENT_REPOSITORY_NAME }}
+          CLIENT_NEXT_PUBLIC_API_URL: ${{ vars.TF_CLIENT_NEXT_PUBLIC_API_URL }}
+          CLIENT_NEXT_PUBLIC_API_KEY: ${{ secrets.TF_CLIENT_NEXT_PUBLIC_API_KEY }}
+
+          CLIENT_NEXT_PUBLIC_ARCGIS_API_KEY: ${{ secrets.TF_CLIENT_NEXT_PUBLIC_ARCGIS_API_KEY }}
+          CLIENT_ARCGIS_CLIENT_ID: ${{ secrets.TF_CLIENT_ARCGIS_CLIENT_ID }}
+          CLIENT_ARCGIS_CLIENT_SECRET: ${{ secrets.TF_CLIENT_ARCGIS_CLIENT_SECRET }}
+          CLIENT_BASIC_AUTH_USER: ${{ secrets.TF_CLIENT_BASIC_AUTH_USER }}
+          CLIENT_BASIC_AUTH_PASSWORD: ${{ secrets.TF_CLIENT_BASIC_AUTH_PASSWORD }}
+          CLIENT_SESSION_SECRET: ${{ secrets.TF_CLIENT_SESSION_SECRET }}
+        run: |
+          cat <<EOF >> docker-compose.yml
+          version: '3.9'
+          services:
+            api:
+              image: $ECR_REGISTRY/$ECR_REPOSITORY_API:$IMAGE_TAG
+              ports:
+                - "8000:8000"
+              environment:
+                - AUTH_TOKEN=${API_AUTH_TOKEN}
+                - TIFF_PATH=${API_TIFF_PATH}
+                - GRID_TILES_PATH=${API_GRID_TILES_PATH}
+              volumes:
+                - /var/app/data/api:/opt/api/data:ro
+              networks:
+                - amazonia360-network
+              restart: always
+            client:
+              image: $ECR_REGISTRY/$ECR_REPOSITORY_CLIENT:$IMAGE_TAG
+              networks:
+                - amazonia360-network
+              ports:
+                - 3000:3000
+              environment:
+                - NEXT_PUBLIC_URL=http://localhost:3000
+                - NEXT_PUBLIC_API_URL=${CLIENT_NEXT_PUBLIC_API_URL}
+                - NEXT_PUBLIC_API_KEY=${CLIENT_NEXT_PUBLIC_API_KEY}
+                - NEXT_PUBLIC_ARCGIS_API_KEY=${CLIENT_NEXT_PUBLIC_ARCGIS_API_KEY}
+                - ARCGIS_CLIENT_ID=${CLIENT_ARCGIS_CLIENT_ID}
+                - ARCGIS_CLIENT_SECRET=${CLIENT_ARCGIS_CLIENT_SECRET}
+                - BASIC_AUTH_USER=${CLIENT_BASIC_AUTH_USER}
+                - BASIC_AUTH_PASSWORD=${CLIENT_BASIC_AUTH_PASSWORD}
+              restart: always
+            nginx:
+              image: nginx
+              restart: always
+              networks:
+                - amazonia360-network
+              volumes:
+                - ./proxy/conf.d:/etc/nginx/conf.d
+                - "\${EB_LOG_BASE_DIR}/nginx:/var/log/nginx"
+              ports:
+                - 80:80
+              depends_on:
+                - api
+                - client
+          networks:
+            amazonia360-network:
+              driver: bridge
+          EOF
+
+      - name: Generate .ebextensions/20_sync_data.config
+        working-directory: infrastructure/v2/source_bundle
+        env:
+          PROJECT_NAME: ${{ vars.TF_PROJECT_NAME }}
+          ENV_NAME: ${{ needs.set_environment.outputs.env_name }}
+          AWS_REGION: ${{ vars.TF_AWS_REGION }}
+        run: |
+          mkdir -p .ebextensions
+          cat <<EOF >> .ebextensions/20_sync_data.config
+          commands:
+            20_install_awscli:
+              command: |
+                sudo apt-get update -y
+                sudo apt-get install -y awscli
+                sudo apt-get clean
+                sudo rm -rf /var/lib/apt/lists/*
+
+            21_create_data_folder:
+              command: mkdir -p /var/app/data/api
+
+            22_sync_s3_bucket:
+              command: aws s3 sync s3://${PROJECT_NAME}-${ENV_NAME}-bucket /var/app/data/api
+          EOF
+
+      - name: Generate zip file
+        working-directory: infrastructure/v2/source_bundle
+        run: |
+          zip -r deploy.zip * .[^.]*
+
+      - name: Deploy to Amazon EB
+        uses: einaregilsson/beanstalk-deploy@v21
+        with:
+          aws_access_key: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }}
+          aws_secret_key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }}
+          application_name: ${{ vars.TF_PROJECT_NAME }}-${{ needs.set_environment.outputs.env_name }}
+          environment_name: ${{ vars.TF_PROJECT_NAME }}-${{ needs.set_environment.outputs.env_name }}-environment
+          region: ${{ vars.TF_AWS_REGION }}
+          version_label: ${{ github.sha }}-${{ github.run_id }}-${{ github.run_attempt }}
+          deployment_package: infrastructure/v2/source_bundle/deploy.zip
+          wait_for_deployment: true
diff --git a/client/Dockerfile b/client/Dockerfile
@@ -0,0 +1,38 @@
+FROM node:22.2.0-alpine as base
+LABEL maintainer="[email protected]"
+
+FROM base as production
+ARG NEXT_PUBLIC_URL
+ARG NEXT_PUBLIC_API_URL
+
+ARG NEXT_PUBLIC_ARCGIS_API_KEY
+ARG NEXT_PUBLIC_API_KEY
+ARG ARCGIS_CLIENT_ID
+ARG ARCGIS_CLIENT_SECRET
+
+ARG BASIC_AUTH_USER
+ARG BASIC_AUTH_PASSWORD
+
+ENV NEXT_PUBLIC_URL $NEXT_PUBLIC_URL
+ENV NEXT_PUBLIC_API_URL $NEXT_PUBLIC_API_URL
+
+ENV NEXT_PUBLIC_ARCGIS_API_KEY $NEXT_PUBLIC_ARCGIS_API_KEY
+ENV NEXT_PUBLIC_API_KEY $NEXT_PUBLIC_API_KEY
+ENV ARCGIS_CLIENT_ID $ARCGIS_CLIENT_ID
+ENV ARCGIS_CLIENT_SECRET $ARCGIS_CLIENT_SECRET
+
+ENV BASIC_AUTH_USER $BASIC_AUTH_USER
+ENV BASIC_AUTH_PASSWORD $BASIC_AUTH_PASSWORD
+
+WORKDIR /app
+
+COPY . .
+
+RUN corepack enable pnpm
+RUN pnpm install
+
+RUN pnpm build
+
+EXPOSE 3000
+
+CMD ["pnpm", "start"]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -14,6 +14,24 @@ services:
     networks:
       - amazonia360-network
     restart: always
+  client:
+    build:
+      context: ./client
+      dockerfile: Dockerfile
+      target: production
+      args:
+        NEXT_PUBLIC_URL: "http://localhost:3000"
+        NEXT_PUBLIC_API_URL: "http://api:8000"
+        NEXT_PUBLIC_ARCGIS_API_KEY: ""
+        NEXT_PUBLIC_API_KEY: ""
+        ARCGIS_CLIENT_ID: ""
+        ARCGIS_CLIENT_SECRET: ""
+        BASIC_AUTH_USER: amazonia360
+        BASIC_AUTH_PASSWORD: amazonia360
+    ports:
+      - "3000:3000"
+    networks:
+      - amazonia360-network
   test:
     build:
         context: ./api

diff --git a/infrastructure/v2/main.tf b/infrastructure/v2/main.tf
@@ -80,7 +80,7 @@ locals {
 module state {
   source = "./modules/state"
   project_name = var.project_name
-  aws_region = var.aws_dev_region
+  aws_region = var.dev.aws_region
   aws_profile = var.aws_profile
 }
 
@@ -94,21 +94,32 @@ module api_ecr {
   repo_name = "api"
 }
 
+module client_ecr {
+  source = "./modules/ecr"
+  project_name = var.project_name
+  repo_name = "client"
+}
+
 module "github" {
   source       = "./modules/github"
-  repo_name    = "amazonia-360"
+  repo_name    = var.repo_name
   github_owner = var.github_owner
   github_token = var.github_token
   global_secret_map = {
     TF_PIPELINE_USER_ACCESS_KEY_ID     = module.iam.pipeline_user_access_key_id
     TF_PIPELINE_USER_SECRET_ACCESS_KEY = module.iam.pipeline_user_access_key_secret
+
+    # API
     TF_API_REPOSITORY_NAME             = module.api_ecr.repository_name
-    TF_AUTH_TOKEN                      = var.api_auth_token
+
+    # Client
+    TF_CLIENT_REPOSITORY_NAME          = module.client_ecr.repository_name
   }
   global_variable_map = {
     TF_PROJECT_NAME                    = var.project_name
-    TF_TIFF_PATH                       = var.api_tiff_path
-    TF_GRID_TILES_PATH                 = var.api_grid_tiles_path
+
+    # API
+    # Client
   }
 }
 
@@ -120,20 +131,40 @@ module "dev" {
   source                                        = "./modules/env"
   domain                                        = "dev.amazonia360.dev-vizzuality.com"
   project                                       = var.project_name
-  environment                                   = "develop" # Does it need to be the same as the target branch name?
-  aws_region                                    = var.aws_dev_region
+  environment                                   = "develop" # staging branch of the repo
+  aws_region                                    = var.dev.aws_region
   vpc                                           = data.aws_vpc.default_vpc
   subnet_ids                                    = local.subnets_with_ec2_instance_type_offering_ids
   availability_zones                            = data.aws_availability_zones.azs_with_ec2_instance_type_offering.names
   beanstalk_platform                            = "64bit Amazon Linux 2023 v4.4.0 running Docker"
   beanstalk_tier                                = "WebServer"
   ec2_instance_type                             = "t3.medium"
   elasticbeanstalk_iam_service_linked_role_name = aws_iam_service_linked_role.elasticbeanstalk.name
-  repo_name                                     = "amazonia-360"
+  repo_name                                     = var.repo_name
   cname_prefix                                  = "amazonia360-dev-environment"
   github_owner = var.github_owner
   github_token = var.github_token
   github_additional_environment_variables = {
-    TF_AWS_REGION   = var.aws_dev_region
+    TF_AWS_REGION   = var.dev.aws_region
+
+    # API
+    TF_API_TIFF_PATH                       = var.dev.api.tiff_path
+    TF_API_GRID_TILES_PATH                 = var.dev.api.grid_tiles_path
+
+    # Client
+    TF_CLIENT_NEXT_PUBLIC_API_URL = var.dev.client.next_public_api_url
+  }
+  github_additional_environment_secrets = {
+    # API
+    TF_API_AUTH_TOKEN = var.dev.api.auth_token
+
+    # Client
+    TF_CLIENT_NEXT_PUBLIC_API_KEY = var.dev.client.next_public_api_key
+    TF_CLIENT_NEXT_PUBLIC_ARCGIS_API_KEY = var.dev.client.next_public_arcgis_api_key
+    TF_CLIENT_ARCGIS_CLIENT_ID = var.dev.client.arcgis_client_id
+    TF_CLIENT_ARCGIS_CLIENT_SECRET = var.dev.client.arcgis_client_secret
+    TF_CLIENT_BASIC_AUTH_USER = var.dev.client.basic_auth_user
+    TF_CLIENT_BASIC_AUTH_PASSWORD = var.dev.client.basic_auth_password
+    TF_CLIENT_SESSION_SECRET = var.dev.client.session_secret
   }
 }
diff --git a/infrastructure/v2/modules/env/main.tf b/infrastructure/v2/modules/env/main.tf
@@ -20,7 +20,7 @@ module "beanstalk" {
 
 module "github" {
   source = "../github"
-  repo_name    = "amazonia-360"
+  repo_name    = var.repo_name
   github_owner = var.github_owner
   github_token = var.github_token
   github_environment = var.environment