From 3c6d151cd038b2fe11852ee91a4e92845771c759 Mon Sep 17 00:00:00 2001 From: Alejandro Peralta Date: Tue, 19 Nov 2024 22:16:23 +0100 Subject: [PATCH] chore(infrastructure): Create CI /CD v2 github workflow --- .github/workflows/cicd v2.yml | 183 ++++++++++++++++++ infrastructure/v2/main.tf | 4 +- infrastructure/v2/modules/env/main.tf | 2 +- .../.ebextensions/10_authorized_keys.config | 2 + infrastructure/v2/variables.tf | 5 + infrastructure/v2/vars/terraform.tfvars | 5 +- 6 files changed, 196 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/cicd v2.yml diff --git a/.github/workflows/cicd v2.yml b/.github/workflows/cicd v2.yml new file mode 100644 index 00000000..d85fce85 --- /dev/null +++ b/.github/workflows/cicd v2.yml @@ -0,0 +1,183 @@ +name: CI / CD v2 +on: + workflow_dispatch: + push: + branches: + - chore/infrastructure-migration + paths: + - "api/**" + - ".github/workflows/*" + +jobs: + build-and-test: + name: Build and Test + runs-on: ubuntu-latest + steps: + - name: Check out the repository + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Build and run tests + run: docker compose up --build --exit-code-from test test + + - name: Clean up + run: docker compose down + + # BUILD AND DEPLOY + set_environment: + runs-on: ubuntu-latest + name: Set Deployment Environment + # if: ${{ github.event_name == 'workflow_dispatch' || github.ref_name == 'develop' || github.ref_name == 'main' }} + outputs: + env_name: ${{ steps.set_env.outputs.env_name }} + steps: + - id: set_env + run: echo "env_name=develop" >> $GITHUB_OUTPUT + # run: echo "env_name=${{ github.ref_name }}" >> $GITHUB_OUTPUT + + build_api: + name: build-api + needs: [ set_environment ] + runs-on: ubuntu-latest + environment: + name: ${{ needs.set_environment.outputs.env_name }} + steps: + - name: Debug env_name + run: | + echo "Environment name is: ${{ needs.set_environment.outputs.env_name }}" + + - name: Checkout code + uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }} + aws-region: ${{ vars.TF_AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + with: + mask-password: 'true' + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build, tag, and push Client image to Amazon ECR + uses: docker/build-push-action@v5 + with: + context: api + cache-from: type=gha + cache-to: type=gha,mode=max + file: ./api/Dockerfile + push: true + tags: | + ${{ steps.login-ecr.outputs.registry }}/${{ secrets.TF_API_REPOSITORY_NAME }}:${{ github.sha }} + ${{ steps.login-ecr.outputs.registry }}/${{ secrets.TF_API_REPOSITORY_NAME }}:${{ needs.set_environment.outputs.env_name }} + deploy: + name: deploy + needs: [ set_environment, build_api ] + runs-on: ubuntu-latest + environment: + name: ${{ needs.set_environment.outputs.env_name }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }} + aws-region: ${{ vars.TF_AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + - name: Generate docker compose file + working-directory: infrastructure/v2/source_bundle + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY_API: ${{ secrets.TF_API_REPOSITORY_NAME }} + IMAGE_TAG: ${{ needs.set_environment.outputs.env_name }} + AUTH_TOKEN: ${{ secrets.TF_AUTH_TOKEN }} + TIFF_PATH: ${{ vars.TF_TIFF_PATH }} + run: | + cat <> docker-compose.yml + version: '3.9' + services: + api: + image: $ECR_REGISTRY/$ECR_REPOSITORY_API:$IMAGE_TAG + ports: + - "8000:8000" + environment: + - AUTH_TOKEN=${AUTH_TOKEN} + - TIFF_PATH=${TIFF_PATH} + - GRID_TILES_PATH=${GRID_TILES_PATH} + volumes: + - /var/app/data/api:/opt/api/data:ro + networks: + - amazonia360-network + restart: always + nginx: + image: nginx + restart: always + networks: + - amazonia360-network + volumes: + - ./proxy/conf.d:/etc/nginx/conf.d + - "\${EB_LOG_BASE_DIR}/nginx:/var/log/nginx" + ports: + - 80:80 + depends_on: + - api + networks: + amazonia360-network: + driver: bridge + EOF + + - name: Generate .ebextensions/20_sync_data.config + working-directory: infrastructure/v2/source_bundle + env: + PROJECT_NAME: ${{ vars.TF_PROJECT_NAME }} + ENV_NAME: ${{ needs.set_environment.outputs.env_name }} + AWS_REGION: ${{ vars.TF_AWS_REGION }} + run: | + mkdir -p .ebextensions + cat <> .ebextensions/20_sync_data.config + commands: + 20_install_awscli: + command: | + sudo apt-get update -y + sudo apt-get install -y awscli + sudo apt-get clean + sudo rm -rf /var/lib/apt/lists/* + + 21_create_data_folder: + command: mkdir -p /var/app/data/api + + 22_sync_s3_bucket: + command: aws s3 sync s3://${PROJECT_NAME}-${ENV_NAME}-bucket /var/app/data/api + EOF + + - name: Generate zip file + working-directory: infrastructure/v2/source_bundle + run: | + zip -r deploy.zip * .[^.]* + + - name: Deploy to Amazon EB + uses: einaregilsson/beanstalk-deploy@v21 + with: + aws_access_key: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }} + aws_secret_key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }} + application_name: ${{ vars.TF_PROJECT_NAME }}-${{ needs.set_environment.outputs.env_name }} + environment_name: ${{ vars.TF_PROJECT_NAME }}-${{ needs.set_environment.outputs.env_name }}-environment + region: ${{ vars.TF_AWS_REGION }} + version_label: ${{ github.sha }}-${{ github.run_id }}-${{ github.run_attempt }} + deployment_package: infrastructure/v2/source_bundle/deploy.zip + wait_for_deployment: true \ No newline at end of file diff --git a/infrastructure/v2/main.tf b/infrastructure/v2/main.tf index ee3f7681..1c06353d 100644 --- a/infrastructure/v2/main.tf +++ b/infrastructure/v2/main.tf @@ -96,7 +96,7 @@ module api_ecr { module "github" { source = "./modules/github" - repo_name = "amazonia-360" + repo_name = var.repo_name github_owner = var.github_owner github_token = var.github_token global_secret_map = { @@ -129,7 +129,7 @@ module "dev" { beanstalk_tier = "WebServer" ec2_instance_type = "t3.medium" elasticbeanstalk_iam_service_linked_role_name = aws_iam_service_linked_role.elasticbeanstalk.name - repo_name = "amazonia-360" + repo_name = var.repo_name cname_prefix = "amazonia360-dev-environment" github_owner = var.github_owner github_token = var.github_token diff --git a/infrastructure/v2/modules/env/main.tf b/infrastructure/v2/modules/env/main.tf index fb87f69e..0807ead2 100644 --- a/infrastructure/v2/modules/env/main.tf +++ b/infrastructure/v2/modules/env/main.tf @@ -20,7 +20,7 @@ module "beanstalk" { module "github" { source = "../github" - repo_name = "amazonia-360" + repo_name = var.repo_name github_owner = var.github_owner github_token = var.github_token github_environment = var.environment diff --git a/infrastructure/v2/source_bundle/.ebextensions/10_authorized_keys.config b/infrastructure/v2/source_bundle/.ebextensions/10_authorized_keys.config index a5764c09..c2c9366d 100644 --- a/infrastructure/v2/source_bundle/.ebextensions/10_authorized_keys.config +++ b/infrastructure/v2/source_bundle/.ebextensions/10_authorized_keys.config @@ -6,6 +6,8 @@ files: content: | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxeHqNG3GJhm+KC9tpAKht18HPlvvLxQfBm6NbH+c6Y10qH7DbtT/FXTLZpzlIeSJaG3bS/8FKOHEIuLh07UcMskLPXLR6kijcrK9A3ZA/mBwfuNFk0u+s+ZSVRuCyy2kHPhouUMfdm289b5yOSkCXW+uVKM0pT3eFhGd7IvFTDxVazLrmdAVfHktsXw+Ohc32EiW5ITI7EZ4Xg+CNypIqRf3EGlRF17A2azn5dz08AwkYIBqTy+EHSMSdU5WSotarhGMNKsVplgpgpyXxeOphPHcntjb7fiu0KTBviAelmXilNTv/HA1qjYFuSFNv3sUNQiUQzaV3T2PSOUyLXbBFy0A7pXsX2gGvTafyE8WJsu/6kkOY9iqnkcZhYYHEemWpw6oPzc3mx9Z+AO57j4nG7TlPxpY9/Ydk6NS5oj4u5djYcpQvd7ztJMuAft7I32TwXrY5E/ywzoMQsPMoMiLzjZq+B27e5dN4vQ2iJwkS629GN9vgVRe2SSG0gtObyesfUJBNFWsaZBLFYqjiCAU+DMFRR48wUVai6oOz0qWxYQxqlrEA45aRvHy3Jz2JiMzlWAaiVOWHyFXkJQlGyObPL0U0Blf8y2NWhwicejz+LH9BWA5zdtuyHZD39Fll/10j64mim5reRhO1r7FvQIiK+KtSXSMeMdV1xVyJZPYWIw== alex@Alexs-MacBook-Pro.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyeDY64NwHA4hELV92xOVjZP2+10AK9m7oTQF7T3sgh2LxcWoS7iFVM22Sl4Xbo2SEXdTebmK5ORVd8WqhdVNN7eZQPAACfGSfGk/JYQu5nRP6s3n3hFWEpsuLFth/um+IRw6guSbn7cjIDxL5mMx+o3rfN93S/Nqpe6dqL7YmA2G16SPcQgrFANgER3CXKG7za7XWXsrTtAWdAF0jXe/JS7N9R5RsOwZJD9bbfUC8oTMV+v3ZO2PLWxek1LaG7pbEdYvdrk/B1TiLrL7PIgThcK9QFxwDVReOhASBf56GJDwKaKVhJT6omzrQcpnJkYhxL8RLLawBSVVGCKEVvlWumoiZwNa5qV20+2RSHSS22uzef+gWfjaJynRKbCx+sEogCV9l6WWYQR9mRzakq0wBvD3mOqNM58nZcpY5nPE+A1nwY2Dfc78UyPG1VIiuQd4ryKyucdbkHhoVxmuz2yIPudAFY7bUWyWmllNWBHBHuZPImBfXVIAhhx12ouWJa7v0LfuYrT0Q4NzNjGkdzixod/SDa2x06z1tSK9zg6X+jzLRAFKfY36y1ZU9f3QzR2v2sdoafB0vtx6FsApBTkTP0Uw9g7ulDjxumJjLVaBuUMfORJXNoG200d7m7cKLNFcLd3RzT3ZK6PzlDObFzHXfiefhQq91tlpWUHLTBNOf4Q== alejandro.peralta@vizzuality.com + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZXWfwVn/emxxiQJRXngeyCeaWp2FZl+zp4BLKj/7goWbTKMkrgnymUq8CKWB7kS5YdbfSjKaw5lBsO+xsX7RSZLmCyrZ8m6dmIV2cOcaYyKSmY28FZpDJsMPWjUoF9+Gt40gsP92Uy3aDB3R2X+hdhNHXwq7Z8nShYZxYgBRWYHQIP0HCT3ozNsfO946hcDZsneX3Nf5rEQmXwVOPO8oY8w45v9OI4CCoMnDVxdpCiloGA2QEk/PRThRnuUKvbACQ+T25f9pYOY1K4jnHi1ZoPBkWPchQsA/+6xone2z2oxdylhmwULArvMSG9/L+5d16ZbZWUb4JF24hmOVF2+bItlDqrU16K9vyiLivmDR9w2Uea2cycEJKZUnP+1ij+VM5PHi5YG0a7EhLLpGELm4ESxlP8e5X4iYe9o1dTL840Aqy0nHznVeatKJYfqoD0gt1IdtBQX3bEjSe/6PYDjpOcd+U0uNCqYdwahRpHK68MnlEA+hOwQmvP3dQLAV7bD9o8p9GXDBLrqhWwYpnzVUsILYGkTuVLFfqmZYitY2t/vwWTBi/mPOi7KWp26oKum1H8qFnbaERhL7IL5KLpVPdzSt36cSxGhRc8e9cgeu7FBdzoG9Q4grNUevPcBTfPvHGPLyBMXGM7EZeElRVYPne7lgRJlvUmFhpuDcwrY3QaQ== biel.stela@example.com + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzqbbsS55D7nlKPIgpO0lr9UMjGrrBU+TvhUMR+eJT5FLxsUYcll+fTe4djz0iCGrST5GWKgvf2ZB5+dkZIqr9sCx2cy4/vj9F1UtCsqiiN6IIzn1J1M5IlXIfmpNBh3USjHvTNvmmgIPVJyBRnNBpqtE0deGqTrj0UW0pNgKcPv5M05yJJdPpuaCqfJtTCymRx4QHwWV07XC2o6JuxXMJbP3OZaUrBDeefwO1tlj9iU7o0NnufLPldtceiyZTNpq4LZrrJ9R6oa0y80L3UQHjTBpCf8EGZx/1mL5A98KPaYwiJ4sH68Uba6ytbbF1wxDffrT6+v5iI1JU8j9KXZHqYvMYlvAoXjE601StJn9GO7KYcu6HrrOumSN4CMH1x48JFvex9yW9Q3TGZH3ThtRx9MA0bKye5UgS6oXFeJZkr2FQWOlHKgxOY5B06qWDBaSWiHzgDegpKDzk6x3pEBi6WLpqYn4y6/zhoPlmf6komXo0WYBSQ7mYqvsFsKz5kSE= bielstela@Biels-MacBook-Pro.local commands: 10_touch_keys_file: cwd: /home/ec2-user/.ssh/ diff --git a/infrastructure/v2/variables.tf b/infrastructure/v2/variables.tf index 79d1fbc0..3593d939 100644 --- a/infrastructure/v2/variables.tf +++ b/infrastructure/v2/variables.tf @@ -23,6 +23,11 @@ variable "project_name" { description = "Short name of the project, will be used to prefix created resources" } +variable "repo_name" { + type = string + description = "Name of the Github repository where the code is hosted" +} + variable "github_owner" { type = string description = "Owner of the Github repository where the code is hosted" diff --git a/infrastructure/v2/vars/terraform.tfvars b/infrastructure/v2/vars/terraform.tfvars index f4fd98a0..06a0dcc1 100644 --- a/infrastructure/v2/vars/terraform.tfvars +++ b/infrastructure/v2/vars/terraform.tfvars @@ -3,8 +3,9 @@ aws_dev_region="eu-west-3" aws_prod_region="sa-east-1" allowed_account_id="851725508245" project_name="amazonia360" +repo_name="amazonia-360" github_owner="Vizzuality" github_token="" api_auth_token="" -api_tiff_path="./data" -api_grid_tiles_path="" \ No newline at end of file +api_tiff_path="/opt/api/data" +api_grid_tiles_path="/opt/api/data/grid" \ No newline at end of file