Merge pull request #88 from TKOaly/deployment

Niclas Forsman · web-flow · commit d4be8f44b305 · 2020-07-12T12:24:56.000+03:00
Deployment
diff --git a/.travis.yml b/.travis.yml
@@ -1,44 +1,37 @@
 dist: trusty
 sudo: required
-language: generic
 
-addons:
-  apt:
-    packages:
-      - docker-ce
+branches:
+  only:
+    - master
+
+services:
+  - docker
+
+before_install:
+  - pip install --user awscli
+  - export PATH=$PATH:$HOME/.local/bin
+
+install:
+  - curl -sLo /tmp/terraform.zip https://releases.hashicorp.com/terraform/0.12.28/terraform_0.12.28_linux_amd64.zip
+  - unzip /tmp/terraform.zip -d /tmp
+  - mv /tmp/terraform ~/bin
+  - export PATH="~/bin:$PATH"
+
+before_script:
+  - terraform init "./deploy"
 
 jobs:
   include:
-    - stage: test
-      env:
-        - DOCKER_COMPOSE_VERSION=1.22.0
-      before_install:
-        - sudo rm /usr/local/bin/docker-compose
-        - curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
-        - chmod +x docker-compose
-        - sudo mv docker-compose /usr/local/bin
-        - docker --version
-        - docker-compose --version
-      install:
-        - docker-compose build
-        - docker-compose up -d mysql
-        - sleep 5
-        - docker-compose run web yarn db:init
-      after_script:
-        - docker-compose down
-      after_success:
-        - codecov
-      script:
-        - docker-compose run web yarn lint
-        - docker-compose run web yarn test
+    - stage: build_push
+      script: bash ./build_and_push_ecr.sh
+    - stage: plan
+      script: bash ./deploy/scripts/terraform_plan.sh $TRAVIS_BUILD_NUMBER
     - stage: deploy
-      script: skip
-      deploy:
-        provider: script
-        script: bash ./deploy-container.sh
-        skip_cleanup: true
+      script: bash ./deploy/scripts/terraform_apply.sh $TRAVIS_BUILD_NUMBER
+      after_success: bash ./deploy/scripts/cleanup.sh $TRAVIS_BUILD_NUMBER
 
 stages:
-  - test
+  - build_push
+  - plan
   - name: deploy
-    if: (NOT type IN (pull_request)) AND (branch = master)
diff --git a/Dockerfile b/Dockerfile
@@ -13,4 +13,6 @@ RUN yarn --dev --frozen-lockfile
 
 COPY . /app/
 
+EXPOSE 3001
+
 CMD ["yarn", "start"]
diff --git a/build_and_push_ecr.sh b/build_and_push_ecr.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+echo "Building and tagging docker image"
+docker build --shm-size 512M -t user-service .
+docker tag user-service:latest $AWS_ECR_URL/user-service:latest
+
+echo "Logging into ecr"
+aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $AWS_ECR_URL
+
+echo "Pushing image to ecr"
+docker push $AWS_ECR_URL/user-service:latest
diff --git a/deploy/main.tf b/deploy/main.tf
@@ -96,7 +96,7 @@ EOF
 
 resource "aws_iam_role_policy" "user_service_execution_role_policy" {
   name = "user-service-execution-role-policy"
-  role = "${aws_iam_role.user_service_execution_role.id}"
+  role = aws_iam_role.user_service_execution_role.id
 
   policy = <<EOF
 {
@@ -123,7 +123,7 @@ EOF
 
 resource "aws_security_group" "user_service_task_sg" {
   name   = "user-service-task-sg"
-  vpc_id = "${data.aws_vpc.tekis_vpc.id}"
+  vpc_id = data.aws_vpc.tekis_vpc.id
 
   ingress {
     from_port   = 3001
@@ -141,10 +141,10 @@ resource "aws_security_group" "user_service_task_sg" {
 }
 
 resource "aws_alb_target_group" "user_service_lb_target_group" {
-  name        = "cb-target-group"
+  name        = "users-target-group"
   port        = 3001
   protocol    = "HTTP"
-  vpc_id      = "${data.aws_vpc.tekis_vpc.id}"
+  vpc_id      = data.aws_vpc.tekis_vpc.id
   target_type = "ip"
 
   health_check {
@@ -154,16 +154,16 @@ resource "aws_alb_target_group" "user_service_lb_target_group" {
 }
 
 resource "aws_alb_listener_rule" "user_service_listener_rule" {
-  listener_arn = "${data.aws_lb_listener.alb_listener.arn}"
+  listener_arn = data.aws_lb_listener.alb_listener.arn
 
   action {
     type             = "forward"
-    target_group_arn = "${aws_alb_target_group.user_service_lb_target_group.arn}"
+    target_group_arn = aws_alb_target_group.user_service_lb_target_group.arn
   }
 
   condition {
     host_header {
-      values = ["event-api.tko-aly.fi"]
+      values = ["users.tko-aly.fi"]
     }
   }
 }
@@ -174,12 +174,12 @@ resource "aws_cloudwatch_log_group" "user_service_cw" {
 }
 
 resource "aws_ecs_task_definition" "user_serivce_task" {
-  family                   = "service"
+  family                   = "user-service"
   network_mode             = "awsvpc"
   requires_compatibilities = ["FARGATE"]
   cpu                      = 256
   memory                   = 512
-  execution_role_arn       = "${aws_iam_role.user_service_execution_role.arn}"
+  execution_role_arn       = aws_iam_role.user_service_execution_role.arn
   container_definitions    = <<DEFINITION
 [
   {
@@ -204,12 +204,11 @@ resource "aws_ecs_task_definition" "user_serivce_task" {
       }
     },
     "environment": [
-      {"name": "NODE_ENV", "valueFrom": "production"},
-      {"name": "COOKIE_DOMAIN", "valueFrom": "tko-aly.fi"},
-      {"name": "API_VERSION", "valueFrom": "v1"},
-      {"name": "USERSERVICE_PORT", "valueFrom": "5001"},
-      {"name": "DEFAULT_LOCALE", "valueFrom": "fi"},
-      {"name": "COOKIE_DOMAIN", "valueFrom": "tko-aly.fi"}
+      {"name": "NODE_ENV", "value": "production"},
+      {"name": "COOKIE_DOMAIN", "value": "tko-aly.fi"},
+      {"name": "API_VERSION", "value": "v1"},
+      {"name": "USERSERVICE_PORT", "value": "3001"},
+      {"name": "DEFAULT_LOCALE", "value": "fi"}
     ],
     "secrets": [
       {"name": "DB_HOST", "valueFrom": "${data.aws_ssm_parameter.user_service_db_host.arn}"},
@@ -228,18 +227,18 @@ DEFINITION
 
 resource "aws_ecs_service" "user_service" {
   name            = "user-service"
-  cluster         = "${data.aws_ecs_cluster.cluster.id}"
-  task_definition = "${aws_ecs_task_definition.user_serivce_task.arn}"
+  cluster         = data.aws_ecs_cluster.cluster.id
+  task_definition = aws_ecs_task_definition.user_serivce_task.arn
   desired_count   = 1
   launch_type     = "FARGATE"
 
   network_configuration {
     security_groups = ["${aws_security_group.user_service_task_sg.id}"]
-    subnets         = "${data.aws_subnet_ids.user_service_subnets.ids}"
+    subnets         = data.aws_subnet_ids.user_service_subnets.ids
   }
 
   load_balancer {
-    target_group_arn = "${aws_alb_target_group.user_service_lb_target_group.arn}"
+    target_group_arn = aws_alb_target_group.user_service_lb_target_group.arn
     container_name   = "user_service_task"
     container_port   = 3001
   }
diff --git a/deploy/scripts/cleanup.sh b/deploy/scripts/cleanup.sh
@@ -0,0 +1,2 @@
+
+aws s3 rm s3://user-service-state/plan-$1
diff --git a/deploy/scripts/terraform_apply.sh b/deploy/scripts/terraform_apply.sh
@@ -0,0 +1,3 @@
+
+aws s3 cp s3://user-service-state/plan-$1 plan_output-$1
+terraform apply plan_output-$1
diff --git a/deploy/scripts/terraform_plan.sh b/deploy/scripts/terraform_plan.sh
@@ -0,0 +1,3 @@
+
+terraform plan --out=./plan_output-$1 "./deploy"
+aws s3 cp plan_output-$1 s3://user-service-state/plan-$1
diff --git a/package.json b/package.json
@@ -40,7 +40,7 @@
     "csurf": "^1.10.0",
     "dotenv": "^8.2.0",
     "express": "4.17.1",
-    "express-mysql-session": "^2.0.1",
+    "express-mysql-session": "^2.1.4",
     "express-session": "^1.16.2",
     "helmet": "^3.21.1",
     "i18n": "^0.8.3",
diff --git a/src/App.ts b/src/App.ts
@@ -9,7 +9,7 @@ import Raven from "raven";
 import cookieParser from "cookie-parser";
 import express from "express";
 import session from "express-session";
-import SessionFileStore from "session-file-store";
+import MySQLSessionStore from "express-mysql-session";
 import helmet from "helmet";
 import sassMiddleware from "node-sass-middleware";
 import Path from "path";
@@ -69,16 +69,20 @@ app.use(
   }),
 );
 
-const FileStore = SessionFileStore(session);
-
 // Session
 app.use(
   session({
     cookie: { secure: "auto", maxAge: 60000 },
     resave: true,
     saveUninitialized: true,
     secret: process.env.SESSION_SECRET || "unsafe",
-    store: new FileStore({ path: Path.resolve(__dirname, "..", ".sessions") }),
+    store: new MySQLSessionStore({
+      host: process.env.DB_HOST,
+      port: Number(process.env.DB_PORT),
+      user: process.env.DB_USER,
+      password: process.env.DB_PASSWORD,
+      database: process.env.DB_NAME
+    })
   }),
 );
 
diff --git a/yarn.lock b/yarn.lock
@@ -1501,7 +1501,7 @@ expect-ct@0.2.0:
   resolved "https://registry.yarnpkg.com/expect-ct/-/expect-ct-0.2.0.tgz#3a54741b6ed34cc7a93305c605f63cd268a54a62"
   integrity sha512-6SK3MG/Bbhm8MsgyJAylg+ucIOU71/FzyFalcfu5nY19dH8y/z0tBJU0wrNBXD4B27EoQtqPF/9wqH0iYAd04g==
 
-express-mysql-session@^2.0.1:
+express-mysql-session@^2.1.4:
   version "2.1.4"
   resolved "https://registry.yarnpkg.com/express-mysql-session/-/express-mysql-session-2.1.4.tgz#fa32cb9035dbfbff57daaa6bd310f583819e1f7b"
   integrity sha512-Fcq168xVI8jtIJLhVHLJvBCvJlHnFWCcPmtt93UrWH38T2YsB919KrMCCh57/YkECkfff/L5zTQ95K1DxfOixg==

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+`
	`2`	`+aws s3 rm s3://user-service-state/plan-$1`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+`
	`2`	`+aws s3 cp s3://user-service-state/plan-$1 plan_output-$1`
	`3`	`+terraform apply plan_output-$1`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+`
	`2`	`+terraform plan --out=./plan_output-$1 "./deploy"`
	`3`	`+aws s3 cp plan_output-$1 s3://user-service-state/plan-$1`