chore(infrastructure): Create CI /CD v2 github workflow

Vizzuality · Nov 20, 2024 · 3c6d151 · 3c6d151
1 parent 649c7a2
commit 3c6d151
Show file tree

Hide file tree

Showing 6 changed files with 196 additions and 5 deletions.
diff --git a/.github/workflows/cicd v2.yml b/.github/workflows/cicd v2.yml
@@ -0,0 +1,183 @@
+name: CI / CD v2
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - chore/infrastructure-migration
+    paths:
+      - "api/**"
+      - ".github/workflows/*"
+
+jobs:
+  build-and-test:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Build and run tests
+        run: docker compose up --build --exit-code-from test test
+
+      - name: Clean up
+        run: docker compose down
+
+  # BUILD AND DEPLOY
+  set_environment:
+    runs-on: ubuntu-latest
+    name: Set Deployment Environment
+    # if: ${{ github.event_name == 'workflow_dispatch' || github.ref_name == 'develop' || github.ref_name == 'main' }}
+    outputs:
+      env_name: ${{ steps.set_env.outputs.env_name }}
+    steps:
+      - id: set_env
+        run: echo "env_name=develop" >> $GITHUB_OUTPUT
+        # run: echo "env_name=${{ github.ref_name }}" >> $GITHUB_OUTPUT
+
+  build_api:
+    name: build-api
+    needs: [ set_environment ]
+    runs-on: ubuntu-latest
+    environment:
+      name: ${{ needs.set_environment.outputs.env_name }}
+    steps:
+      - name: Debug env_name
+        run: |
+          echo "Environment name is: ${{ needs.set_environment.outputs.env_name }}"
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }}
+          aws-region: ${{ vars.TF_AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          mask-password: 'true'
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build, tag, and push Client image to Amazon ECR
+        uses: docker/build-push-action@v5
+        with:
+          context: api
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          file: ./api/Dockerfile
+          push: true
+          tags: |
+            ${{ steps.login-ecr.outputs.registry }}/${{ secrets.TF_API_REPOSITORY_NAME }}:${{ github.sha }}
+            ${{ steps.login-ecr.outputs.registry }}/${{ secrets.TF_API_REPOSITORY_NAME }}:${{ needs.set_environment.outputs.env_name }}
+  deploy:
+    name: deploy
+    needs: [ set_environment, build_api ]
+    runs-on: ubuntu-latest
+    environment:
+      name: ${{ needs.set_environment.outputs.env_name }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }}
+          aws-region: ${{ vars.TF_AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Generate docker compose file
+        working-directory: infrastructure/v2/source_bundle
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY_API: ${{ secrets.TF_API_REPOSITORY_NAME }}
+          IMAGE_TAG: ${{ needs.set_environment.outputs.env_name }}
+          AUTH_TOKEN: ${{ secrets.TF_AUTH_TOKEN }}
+          TIFF_PATH: ${{ vars.TF_TIFF_PATH }}
+        run: |
+          cat <<EOF >> docker-compose.yml
+          version: '3.9'
+          services:
+            api:
+              image: $ECR_REGISTRY/$ECR_REPOSITORY_API:$IMAGE_TAG
+              ports:
+                - "8000:8000"
+              environment:
+                - AUTH_TOKEN=${AUTH_TOKEN}
+                - TIFF_PATH=${TIFF_PATH}
+                - GRID_TILES_PATH=${GRID_TILES_PATH}
+              volumes:
+                - /var/app/data/api:/opt/api/data:ro
+              networks:
+                - amazonia360-network
+              restart: always
+            nginx:
+              image: nginx
+              restart: always
+              networks:
+                - amazonia360-network
+              volumes:
+                - ./proxy/conf.d:/etc/nginx/conf.d
+                - "\${EB_LOG_BASE_DIR}/nginx:/var/log/nginx"
+              ports:
+                - 80:80
+              depends_on:
+                - api
+          networks:
+            amazonia360-network:
+              driver: bridge
+          EOF
+
+      - name: Generate .ebextensions/20_sync_data.config
+        working-directory: infrastructure/v2/source_bundle
+        env:
+          PROJECT_NAME: ${{ vars.TF_PROJECT_NAME }}
+          ENV_NAME: ${{ needs.set_environment.outputs.env_name }}
+          AWS_REGION: ${{ vars.TF_AWS_REGION }}
+        run: |
+          mkdir -p .ebextensions
+          cat <<EOF >> .ebextensions/20_sync_data.config
+          commands:
+            20_install_awscli:
+              command: |
+                sudo apt-get update -y
+                sudo apt-get install -y awscli
+                sudo apt-get clean
+                sudo rm -rf /var/lib/apt/lists/*
+
+            21_create_data_folder:
+              command: mkdir -p /var/app/data/api
+
+            22_sync_s3_bucket:
+              command: aws s3 sync s3://${PROJECT_NAME}-${ENV_NAME}-bucket /var/app/data/api
+          EOF
+
+      - name: Generate zip file
+        working-directory: infrastructure/v2/source_bundle
+        run: |
+          zip -r deploy.zip * .[^.]*
+
+      - name: Deploy to Amazon EB
+        uses: einaregilsson/beanstalk-deploy@v21
+        with:
+          aws_access_key: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }}
+          aws_secret_key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }}
+          application_name: ${{ vars.TF_PROJECT_NAME }}-${{ needs.set_environment.outputs.env_name }}
+          environment_name: ${{ vars.TF_PROJECT_NAME }}-${{ needs.set_environment.outputs.env_name }}-environment
+          region: ${{ vars.TF_AWS_REGION }}
+          version_label: ${{ github.sha }}-${{ github.run_id }}-${{ github.run_attempt }}
+          deployment_package: infrastructure/v2/source_bundle/deploy.zip
+          wait_for_deployment: true
diff --git a/infrastructure/v2/main.tf b/infrastructure/v2/main.tf
@@ -96,7 +96,7 @@ module api_ecr {
 
 module "github" {
   source       = "./modules/github"
-  repo_name    = "amazonia-360"
+  repo_name    = var.repo_name
   github_owner = var.github_owner
   github_token = var.github_token
   global_secret_map = {
@@ -129,7 +129,7 @@ module "dev" {
   beanstalk_tier                                = "WebServer"
   ec2_instance_type                             = "t3.medium"
   elasticbeanstalk_iam_service_linked_role_name = aws_iam_service_linked_role.elasticbeanstalk.name
-  repo_name                                     = "amazonia-360"
+  repo_name                                     = var.repo_name
   cname_prefix                                  = "amazonia360-dev-environment"
   github_owner = var.github_owner
   github_token = var.github_token

diff --git a/infrastructure/v2/modules/env/main.tf b/infrastructure/v2/modules/env/main.tf
@@ -20,7 +20,7 @@ module "beanstalk" {
 
 module "github" {
   source = "../github"
-  repo_name    = "amazonia-360"
+  repo_name    = var.repo_name
   github_owner = var.github_owner
   github_token = var.github_token
   github_environment = var.environment

diff --git a/infrastructure/v2/source_bundle/.ebextensions/10_authorized_keys.config b/infrastructure/v2/source_bundle/.ebextensions/10_authorized_keys.config
@@ -6,6 +6,8 @@ files:
     content: |
       ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxeHqNG3GJhm+KC9tpAKht18HPlvvLxQfBm6NbH+c6Y10qH7DbtT/FXTLZpzlIeSJaG3bS/8FKOHEIuLh07UcMskLPXLR6kijcrK9A3ZA/mBwfuNFk0u+s+ZSVRuCyy2kHPhouUMfdm289b5yOSkCXW+uVKM0pT3eFhGd7IvFTDxVazLrmdAVfHktsXw+Ohc32EiW5ITI7EZ4Xg+CNypIqRf3EGlRF17A2azn5dz08AwkYIBqTy+EHSMSdU5WSotarhGMNKsVplgpgpyXxeOphPHcntjb7fiu0KTBviAelmXilNTv/HA1qjYFuSFNv3sUNQiUQzaV3T2PSOUyLXbBFy0A7pXsX2gGvTafyE8WJsu/6kkOY9iqnkcZhYYHEemWpw6oPzc3mx9Z+AO57j4nG7TlPxpY9/Ydk6NS5oj4u5djYcpQvd7ztJMuAft7I32TwXrY5E/ywzoMQsPMoMiLzjZq+B27e5dN4vQ2iJwkS629GN9vgVRe2SSG0gtObyesfUJBNFWsaZBLFYqjiCAU+DMFRR48wUVai6oOz0qWxYQxqlrEA45aRvHy3Jz2JiMzlWAaiVOWHyFXkJQlGyObPL0U0Blf8y2NWhwicejz+LH9BWA5zdtuyHZD39Fll/10j64mim5reRhO1r7FvQIiK+KtSXSMeMdV1xVyJZPYWIw== [email protected]
       ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyeDY64NwHA4hELV92xOVjZP2+10AK9m7oTQF7T3sgh2LxcWoS7iFVM22Sl4Xbo2SEXdTebmK5ORVd8WqhdVNN7eZQPAACfGSfGk/JYQu5nRP6s3n3hFWEpsuLFth/um+IRw6guSbn7cjIDxL5mMx+o3rfN93S/Nqpe6dqL7YmA2G16SPcQgrFANgER3CXKG7za7XWXsrTtAWdAF0jXe/JS7N9R5RsOwZJD9bbfUC8oTMV+v3ZO2PLWxek1LaG7pbEdYvdrk/B1TiLrL7PIgThcK9QFxwDVReOhASBf56GJDwKaKVhJT6omzrQcpnJkYhxL8RLLawBSVVGCKEVvlWumoiZwNa5qV20+2RSHSS22uzef+gWfjaJynRKbCx+sEogCV9l6WWYQR9mRzakq0wBvD3mOqNM58nZcpY5nPE+A1nwY2Dfc78UyPG1VIiuQd4ryKyucdbkHhoVxmuz2yIPudAFY7bUWyWmllNWBHBHuZPImBfXVIAhhx12ouWJa7v0LfuYrT0Q4NzNjGkdzixod/SDa2x06z1tSK9zg6X+jzLRAFKfY36y1ZU9f3QzR2v2sdoafB0vtx6FsApBTkTP0Uw9g7ulDjxumJjLVaBuUMfORJXNoG200d7m7cKLNFcLd3RzT3ZK6PzlDObFzHXfiefhQq91tlpWUHLTBNOf4Q== [email protected]
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZXWfwVn/emxxiQJRXngeyCeaWp2FZl+zp4BLKj/7goWbTKMkrgnymUq8CKWB7kS5YdbfSjKaw5lBsO+xsX7RSZLmCyrZ8m6dmIV2cOcaYyKSmY28FZpDJsMPWjUoF9+Gt40gsP92Uy3aDB3R2X+hdhNHXwq7Z8nShYZxYgBRWYHQIP0HCT3ozNsfO946hcDZsneX3Nf5rEQmXwVOPO8oY8w45v9OI4CCoMnDVxdpCiloGA2QEk/PRThRnuUKvbACQ+T25f9pYOY1K4jnHi1ZoPBkWPchQsA/+6xone2z2oxdylhmwULArvMSG9/L+5d16ZbZWUb4JF24hmOVF2+bItlDqrU16K9vyiLivmDR9w2Uea2cycEJKZUnP+1ij+VM5PHi5YG0a7EhLLpGELm4ESxlP8e5X4iYe9o1dTL840Aqy0nHznVeatKJYfqoD0gt1IdtBQX3bEjSe/6PYDjpOcd+U0uNCqYdwahRpHK68MnlEA+hOwQmvP3dQLAV7bD9o8p9GXDBLrqhWwYpnzVUsILYGkTuVLFfqmZYitY2t/vwWTBi/mPOi7KWp26oKum1H8qFnbaERhL7IL5KLpVPdzSt36cSxGhRc8e9cgeu7FBdzoG9Q4grNUevPcBTfPvHGPLyBMXGM7EZeElRVYPne7lgRJlvUmFhpuDcwrY3QaQ== [email protected]
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzqbbsS55D7nlKPIgpO0lr9UMjGrrBU+TvhUMR+eJT5FLxsUYcll+fTe4djz0iCGrST5GWKgvf2ZB5+dkZIqr9sCx2cy4/vj9F1UtCsqiiN6IIzn1J1M5IlXIfmpNBh3USjHvTNvmmgIPVJyBRnNBpqtE0deGqTrj0UW0pNgKcPv5M05yJJdPpuaCqfJtTCymRx4QHwWV07XC2o6JuxXMJbP3OZaUrBDeefwO1tlj9iU7o0NnufLPldtceiyZTNpq4LZrrJ9R6oa0y80L3UQHjTBpCf8EGZx/1mL5A98KPaYwiJ4sH68Uba6ytbbF1wxDffrT6+v5iI1JU8j9KXZHqYvMYlvAoXjE601StJn9GO7KYcu6HrrOumSN4CMH1x48JFvex9yW9Q3TGZH3ThtRx9MA0bKye5UgS6oXFeJZkr2FQWOlHKgxOY5B06qWDBaSWiHzgDegpKDzk6x3pEBi6WLpqYn4y6/zhoPlmf6komXo0WYBSQ7mYqvsFsKz5kSE= [email protected]
 commands:
   10_touch_keys_file:
     cwd: /home/ec2-user/.ssh/

diff --git a/infrastructure/v2/variables.tf b/infrastructure/v2/variables.tf
@@ -23,6 +23,11 @@ variable "project_name" {
   description = "Short name of the project, will be used to prefix created resources"
 }
 
+variable "repo_name" {
+  type        = string
+  description = "Name of the Github repository where the code is hosted"
+}
+
 variable "github_owner" {
   type        = string
   description = "Owner of the Github repository where the code is hosted"

diff --git a/infrastructure/v2/vars/terraform.tfvars b/infrastructure/v2/vars/terraform.tfvars
@@ -3,8 +3,9 @@ aws_dev_region="eu-west-3"
 aws_prod_region="sa-east-1"
 allowed_account_id="851725508245"
 project_name="amazonia360"
+repo_name="amazonia-360"
 github_owner="Vizzuality"
 github_token=""
 api_auth_token=""
-api_tiff_path="./data"
-api_grid_tiles_path=""
+api_tiff_path="/opt/api/data"
+api_grid_tiles_path="/opt/api/data/grid"