From 4afadea2aee61a81631a6d1f1b4c57f145b91e47 Mon Sep 17 00:00:00 2001 From: Alejandro Peralta Date: Tue, 19 Nov 2024 22:16:23 +0100 Subject: [PATCH] chore(infrastructure): Create CI /CD v2 github workflow --- .github/workflows/cicd v2.yml | 235 ++++++++++++++++++ client/Dockerfile | 38 +++ docker-compose.yml | 18 ++ infrastructure/v2/.terraform.lock.hcl | 19 -- infrastructure/v2/main.tf | 152 +++++------ infrastructure/v2/modules/env/main.tf | 71 +++++- infrastructure/v2/modules/env/variables.tf | 15 +- infrastructure/v2/modules/types/types.tf | 20 ++ infrastructure/v2/providers.tf | 2 +- .../.ebextensions/10_authorized_keys.config | 2 + .../proxy/conf.d/application.conf | 48 ++-- infrastructure/v2/variables.tf | 64 +++-- infrastructure/v2/vars/terraform.tfvars | 28 ++- 13 files changed, 568 insertions(+), 144 deletions(-) create mode 100644 .github/workflows/cicd v2.yml create mode 100644 client/Dockerfile create mode 100644 infrastructure/v2/modules/types/types.tf diff --git a/.github/workflows/cicd v2.yml b/.github/workflows/cicd v2.yml new file mode 100644 index 00000000..ed1011e0 --- /dev/null +++ b/.github/workflows/cicd v2.yml @@ -0,0 +1,235 @@ +name: CI / CD v2 +on: + workflow_dispatch: + push: + branches: + - chore/infrastructure-migration + paths: + - "api/**" + - ".github/workflows/*" + +jobs: + build-and-test: + name: Build and Test + runs-on: ubuntu-latest + steps: + - name: Check out the repository + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Build and run tests + run: docker compose up --build --exit-code-from test test + + - name: Clean up + run: docker compose down + + # BUILD AND DEPLOY + set_environment: + name: Set Deployment Environment + needs: [ build-and-test ] + runs-on: ubuntu-latest + # if: ${{ github.event_name == 'workflow_dispatch' || github.ref_name == 'develop' || github.ref_name == 'main' }} + outputs: + env_name: ${{ steps.set_env.outputs.env_name }} + steps: + - id: set_env + run: echo "env_name=develop" >> $GITHUB_OUTPUT + # run: echo "env_name=${{ github.ref_name == 'main' && 'production' || github.ref_name }}" >> $GITHUB_OUTPUT + + build_api: + name: build-api + needs: [ set_environment ] + runs-on: ubuntu-latest + environment: + name: ${{ needs.set_environment.outputs.env_name }} + steps: + - name: Debug env_name + run: | + echo "Environment name is: ${{ needs.set_environment.outputs.env_name }}" + + - name: Checkout code + uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }} + aws-region: ${{ vars.TF_AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + with: + mask-password: 'true' + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build, tag, and push Client image to Amazon ECR + uses: docker/build-push-action@v5 + with: + context: api + cache-from: type=gha + cache-to: type=gha,mode=max + file: ./api/Dockerfile + push: true + tags: | + ${{ steps.login-ecr.outputs.registry }}/${{ secrets.TF_API_REPOSITORY_NAME }}:${{ github.sha }} + ${{ steps.login-ecr.outputs.registry }}/${{ secrets.TF_API_REPOSITORY_NAME }}:${{ needs.set_environment.outputs.env_name }} + + build_client: + name: build-client + needs: [ set_environment ] + environment: + name: ${{ needs.set_environment.outputs.env_name }} + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }} + aws-region: ${{ vars.TF_AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + with: + mask-password: 'true' + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build, tag, and push Client image to Amazon ECR + uses: docker/build-push-action@v5 + with: + build-args: | + NEXT_PUBLIC_URL=http://0.0.0.0:3000 + NEXT_PUBLIC_API_URL=${{ vars.TF_CLIENT_NEXT_PUBLIC_API_URL }} + NEXT_PUBLIC_ARCGIS_API_KEY=${{ secrets.TF_CLIENT_NEXT_PUBLIC_ARCGIS_API_KEY }} + NEXT_PUBLIC_API_KEY=${{ secrets.TF_CLIENT_NEXT_PUBLIC_API_KEY }} + ARCGIS_CLIENT_ID=${{ secrets.TF_CLIENT_ARCGIS_CLIENT_ID }} + ARCGIS_CLIENT_SECRET=${{ secrets.TF_CLIENT_ARCGIS_CLIENT_SECRET }} + BASIC_AUTH_USER=${{ secrets.TF_CLIENT_BASIC_AUTH_USER }} + BASIC_AUTH_PASSWORD=${{ secrets.TF_CLIENT_BASIC_AUTH_PASSWORD }} + context: client + cache-from: type=gha + cache-to: type=gha,mode=max + file: ./client/Dockerfile + push: true + tags: | + ${{ steps.login-ecr.outputs.registry }}/${{ secrets.TF_CLIENT_REPOSITORY_NAME }}:${{ github.sha }} + ${{ steps.login-ecr.outputs.registry }}/${{ secrets.TF_CLIENT_REPOSITORY_NAME }}:${{ needs.set_environment.outputs.env_name }} + + deploy: + name: deploy + needs: [ set_environment, build_api, build_client ] + runs-on: ubuntu-latest + environment: + name: ${{ needs.set_environment.outputs.env_name }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }} + aws-region: ${{ vars.TF_AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + - name: Generate docker compose file + working-directory: infrastructure/v2/source_bundle + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY_API: ${{ secrets.TF_API_REPOSITORY_NAME }} + ECR_REPOSITORY_CLIENT: ${{ secrets.TF_CLIENT_REPOSITORY_NAME }} + IMAGE_TAG: ${{ needs.set_environment.outputs.env_name }} + run: | + cat <> docker-compose.yml + version: '3.9' + services: + api: + image: $ECR_REGISTRY/$ECR_REPOSITORY_API:$IMAGE_TAG + ports: + - "8000:8000" + volumes: + - /var/app/data/api:/opt/api/data:ro + networks: + - amazonia360-network + restart: always + client: + image: $ECR_REGISTRY/$ECR_REPOSITORY_CLIENT:$IMAGE_TAG + networks: + - amazonia360-network + ports: + - 3000:3000 + restart: always + nginx: + image: nginx + restart: always + networks: + - amazonia360-network + volumes: + - ./proxy/conf.d:/etc/nginx/conf.d + - "\${EB_LOG_BASE_DIR}/nginx:/var/log/nginx" + ports: + - 80:80 + depends_on: + - api + - client + networks: + amazonia360-network: + driver: bridge + EOF + + - name: Generate .ebextensions/20_sync_data.config + working-directory: infrastructure/v2/source_bundle + env: + PROJECT_NAME: ${{ vars.TF_PROJECT_NAME }} + ENV_NAME: ${{ needs.set_environment.outputs.env_name }} + AWS_REGION: ${{ vars.TF_AWS_REGION }} + run: | + mkdir -p .ebextensions + cat <> .ebextensions/20_sync_data.config + commands: + 20_install_awscli: + command: | + sudo apt-get update -y + sudo apt-get install -y awscli + sudo apt-get clean + sudo rm -rf /var/lib/apt/lists/* + + 21_create_data_folder: + command: mkdir -p /var/app/data/api + + 22_sync_s3_bucket: + command: aws s3 sync s3://${PROJECT_NAME}-${ENV_NAME}-bucket /var/app/data/api + EOF + + - name: Generate zip file + working-directory: infrastructure/v2/source_bundle + run: | + zip -r deploy.zip * .[^.]* + + - name: Deploy to Amazon EB + uses: einaregilsson/beanstalk-deploy@v21 + with: + aws_access_key: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }} + aws_secret_key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }} + application_name: ${{ vars.TF_PROJECT_NAME }}-${{ needs.set_environment.outputs.env_name }} + environment_name: ${{ vars.TF_PROJECT_NAME }}-${{ needs.set_environment.outputs.env_name }}-environment + region: ${{ vars.TF_AWS_REGION }} + version_label: ${{ github.sha }}-${{ github.run_id }}-${{ github.run_attempt }} + deployment_package: infrastructure/v2/source_bundle/deploy.zip + wait_for_deployment: true \ No newline at end of file diff --git a/client/Dockerfile b/client/Dockerfile new file mode 100644 index 00000000..2eac1c92 --- /dev/null +++ b/client/Dockerfile @@ -0,0 +1,38 @@ +FROM node:22.2.0-alpine as base +LABEL maintainer="hello@vizzuality.com" + +FROM base as production +ARG NEXT_PUBLIC_URL +ARG NEXT_PUBLIC_API_URL + +ARG NEXT_PUBLIC_ARCGIS_API_KEY +ARG NEXT_PUBLIC_API_KEY +ARG ARCGIS_CLIENT_ID +ARG ARCGIS_CLIENT_SECRET + +ARG BASIC_AUTH_USER +ARG BASIC_AUTH_PASSWORD + +ENV NEXT_PUBLIC_URL $NEXT_PUBLIC_URL +ENV NEXT_PUBLIC_API_URL $NEXT_PUBLIC_API_URL + +ENV NEXT_PUBLIC_ARCGIS_API_KEY $NEXT_PUBLIC_ARCGIS_API_KEY +ENV NEXT_PUBLIC_API_KEY $NEXT_PUBLIC_API_KEY +ENV ARCGIS_CLIENT_ID $ARCGIS_CLIENT_ID +ENV ARCGIS_CLIENT_SECRET $ARCGIS_CLIENT_SECRET + +ENV BASIC_AUTH_USER $BASIC_AUTH_USER +ENV BASIC_AUTH_PASSWORD "$BASIC_AUTH_PASSWORD" + +WORKDIR /app + +COPY . . + +RUN corepack enable pnpm +RUN pnpm install + +RUN pnpm build + +EXPOSE 3000 + +CMD ["pnpm", "start"] diff --git a/docker-compose.yml b/docker-compose.yml index fffa746f..98b6b56f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,6 +14,24 @@ services: networks: - amazonia360-network restart: always + client: + build: + context: ./client + dockerfile: Dockerfile + target: production + args: + NEXT_PUBLIC_URL: "http://localhost:3000" + NEXT_PUBLIC_API_URL: "http://api:8000" + NEXT_PUBLIC_ARCGIS_API_KEY: "" + NEXT_PUBLIC_API_KEY: "" + ARCGIS_CLIENT_ID: "" + ARCGIS_CLIENT_SECRET: "" + BASIC_AUTH_USER: amazonia360 + BASIC_AUTH_PASSWORD: amazonia360 + ports: + - "3000:3000" + networks: + - amazonia360-network test: build: context: ./api diff --git a/infrastructure/v2/.terraform.lock.hcl b/infrastructure/v2/.terraform.lock.hcl index 10c6620c..c4b6ccbb 100644 --- a/infrastructure/v2/.terraform.lock.hcl +++ b/infrastructure/v2/.terraform.lock.hcl @@ -24,25 +24,6 @@ provider "registry.terraform.io/hashicorp/aws" { ] } -provider "registry.terraform.io/hashicorp/random" { - version = "3.6.3" - hashes = [ - "h1:zG9uFP8l9u+yGZZvi5Te7PV62j50azpgwPunq2vTm1E=", - "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", - "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", - "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", - "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", - "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", - "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", - "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", - "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", - "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", - "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", - ] -} - provider "registry.terraform.io/integrations/github" { version = "5.45.0" constraints = "~> 5.17" diff --git a/infrastructure/v2/main.tf b/infrastructure/v2/main.tf index ee3f7681..3169c9ee 100644 --- a/infrastructure/v2/main.tf +++ b/infrastructure/v2/main.tf @@ -19,68 +19,11 @@ terraform { required_version = "~> 1.9.0" } -data "aws_vpc" "default_vpc" { - default = true -} - -data "aws_availability_zones" "all_available_azs" { - state = "available" -} - -# THIS IS TO FILTER THE AVAILABLE ZONES BY EC2 INSTANCE TYPE AVAILABILITY -# returns zone ids that have the requested instance type available -data "aws_ec2_instance_type_offerings" "azs_with_ec2_instance_type_offering" { - # filter { - # name = "instance-type" - # values = ["m5a.large"] - # } - - filter { - name = "location" - values = data.aws_availability_zones.all_available_azs.zone_ids - } - - location_type = "availability-zone-id" -} - -# THIS IS TO FIND THE NAMES OF THOSE ZONES GIVEN BY IDS FROM ABOVE... -# because we need the names to pass to the staging module -data "aws_availability_zones" "azs_with_ec2_instance_type_offering" { - filter { - name = "zone-id" - values = sort(data.aws_ec2_instance_type_offerings.azs_with_ec2_instance_type_offering.locations) - } -} - -# THIS IS TO FILTER THE SUBNETS BY AVAILABILITY ZONES WITH EC2 INSTANCE TYPE AVAILABILITY -# so that we know which subnets can be passed to the beanstalk resource without upsetting it -data "aws_subnets" "subnets_with_ec2_instance_type_offering_map" { - for_each = toset( - data.aws_ec2_instance_type_offerings.azs_with_ec2_instance_type_offering.locations - ) - - filter { - name = "vpc-id" - values = [data.aws_vpc.default_vpc.id] - } - - filter { - name = "availability-zone-id" - values = ["${each.value}"] - } -} - -locals { - subnets_with_ec2_instance_type_offering_ids = sort([ - for k, v in data.aws_subnets.subnets_with_ec2_instance_type_offering_map : v.ids[0] - ]) -} - # Terraform state persistence infra module state { source = "./modules/state" project_name = var.project_name - aws_region = var.aws_dev_region + aws_region = var.dev.aws_region aws_profile = var.aws_profile } @@ -94,21 +37,32 @@ module api_ecr { repo_name = "api" } +module client_ecr { + source = "./modules/ecr" + project_name = var.project_name + repo_name = "client" +} + module "github" { source = "./modules/github" - repo_name = "amazonia-360" + repo_name = var.repo_name github_owner = var.github_owner github_token = var.github_token global_secret_map = { TF_PIPELINE_USER_ACCESS_KEY_ID = module.iam.pipeline_user_access_key_id TF_PIPELINE_USER_SECRET_ACCESS_KEY = module.iam.pipeline_user_access_key_secret + + # API TF_API_REPOSITORY_NAME = module.api_ecr.repository_name - TF_AUTH_TOKEN = var.api_auth_token + + # Client + TF_CLIENT_REPOSITORY_NAME = module.client_ecr.repository_name } global_variable_map = { TF_PROJECT_NAME = var.project_name - TF_TIFF_PATH = var.api_tiff_path - TF_GRID_TILES_PATH = var.api_grid_tiles_path + + # API + # Client } } @@ -120,20 +74,78 @@ module "dev" { source = "./modules/env" domain = "dev.amazonia360.dev-vizzuality.com" project = var.project_name - environment = "develop" # Does it need to be the same as the target branch name? - aws_region = var.aws_dev_region - vpc = data.aws_vpc.default_vpc - subnet_ids = local.subnets_with_ec2_instance_type_offering_ids - availability_zones = data.aws_availability_zones.azs_with_ec2_instance_type_offering.names - beanstalk_platform = "64bit Amazon Linux 2023 v4.4.0 running Docker" + environment = "develop" + aws_profile = var.aws_profile + aws_region = var.dev.aws_region + beanstalk_platform = "64bit Amazon Linux 2023 v4.4.1 running Docker" beanstalk_tier = "WebServer" ec2_instance_type = "t3.medium" elasticbeanstalk_iam_service_linked_role_name = aws_iam_service_linked_role.elasticbeanstalk.name - repo_name = "amazonia-360" + repo_name = var.repo_name cname_prefix = "amazonia360-dev-environment" github_owner = var.github_owner github_token = var.github_token github_additional_environment_variables = { - TF_AWS_REGION = var.aws_dev_region + TF_AWS_REGION = var.dev.aws_region + + # API + TF_API_TIFF_PATH = var.dev.api.tiff_path + TF_API_GRID_TILES_PATH = var.dev.api.grid_tiles_path + + # Client + TF_CLIENT_NEXT_PUBLIC_API_URL = var.dev.client.next_public_api_url + } + github_additional_environment_secrets = { + # API + TF_API_AUTH_TOKEN = var.dev.api.auth_token + + # Client + TF_CLIENT_NEXT_PUBLIC_API_KEY = var.dev.client.next_public_api_key + TF_CLIENT_NEXT_PUBLIC_ARCGIS_API_KEY = var.dev.client.next_public_arcgis_api_key + TF_CLIENT_ARCGIS_CLIENT_ID = var.dev.client.arcgis_client_id + TF_CLIENT_ARCGIS_CLIENT_SECRET = var.dev.client.arcgis_client_secret + TF_CLIENT_BASIC_AUTH_USER = var.dev.client.basic_auth_user + TF_CLIENT_BASIC_AUTH_PASSWORD = var.dev.client.basic_auth_password + TF_CLIENT_SESSION_SECRET = var.dev.client.session_secret + } +} + +module "prod" { + source = "./modules/env" + domain = "prod.amazonia360.dev-vizzuality.com" + project = var.project_name + environment = "production" + aws_profile = var.aws_profile + aws_region = var.prod.aws_region + beanstalk_platform = "64bit Amazon Linux 2023 v4.4.1 running Docker" + beanstalk_tier = "WebServer" + ec2_instance_type = "t3.medium" + elasticbeanstalk_iam_service_linked_role_name = aws_iam_service_linked_role.elasticbeanstalk.name + repo_name = var.repo_name + cname_prefix = "amazonia360-prod-environment" + github_owner = var.github_owner + github_token = var.github_token + github_additional_environment_variables = { + TF_AWS_REGION = var.prod.aws_region + + # API + TF_API_TIFF_PATH = var.prod.api.tiff_path + TF_API_GRID_TILES_PATH = var.prod.api.grid_tiles_path + + # Client + TF_CLIENT_NEXT_PUBLIC_API_URL = var.prod.client.next_public_api_url + } + github_additional_environment_secrets = { + # API + TF_API_AUTH_TOKEN = var.prod.api.auth_token + + # Client + TF_CLIENT_NEXT_PUBLIC_API_KEY = var.prod.client.next_public_api_key + TF_CLIENT_NEXT_PUBLIC_ARCGIS_API_KEY = var.prod.client.next_public_arcgis_api_key + TF_CLIENT_ARCGIS_CLIENT_ID = var.prod.client.arcgis_client_id + TF_CLIENT_ARCGIS_CLIENT_SECRET = var.prod.client.arcgis_client_secret + TF_CLIENT_BASIC_AUTH_USER = var.prod.client.basic_auth_user + TF_CLIENT_BASIC_AUTH_PASSWORD = var.prod.client.basic_auth_password + TF_CLIENT_SESSION_SECRET = var.prod.client.session_secret } } \ No newline at end of file diff --git a/infrastructure/v2/modules/env/main.tf b/infrastructure/v2/modules/env/main.tf index fb87f69e..a055c6d3 100644 --- a/infrastructure/v2/modules/env/main.tf +++ b/infrastructure/v2/modules/env/main.tf @@ -1,3 +1,66 @@ +provider "aws" { + region = var.aws_region + profile = var.aws_profile +} + +data "aws_vpc" "vpc" { + default = true +} + +data "aws_availability_zones" "all_available_azs" { + state = "available" +} + +# THIS IS TO FILTER THE AVAILABLE ZONES BY EC2 INSTANCE TYPE AVAILABILITY +# returns zone ids that have the requested instance type available +data "aws_ec2_instance_type_offerings" "azs_with_ec2_instance_type_offering" { + # filter { + # name = "instance-type" + # values = ["m5a.large"] + # } + + filter { + name = "location" + values = data.aws_availability_zones.all_available_azs.zone_ids + } + + location_type = "availability-zone-id" +} + +# THIS IS TO FIND THE NAMES OF THOSE ZONES GIVEN BY IDS FROM ABOVE... +# because we need the names to pass to the staging module +data "aws_availability_zones" "azs_with_ec2_instance_type_offering" { + filter { + name = "zone-id" + values = sort(data.aws_ec2_instance_type_offerings.azs_with_ec2_instance_type_offering.locations) + } +} + +# THIS IS TO FILTER THE SUBNETS BY AVAILABILITY ZONES WITH EC2 INSTANCE TYPE AVAILABILITY +# so that we know which subnets can be passed to the beanstalk resource without upsetting it +data "aws_subnets" "subnets_with_ec2_instance_type_offering_map" { + for_each = toset( + data.aws_ec2_instance_type_offerings.azs_with_ec2_instance_type_offering.locations + ) + + filter { + name = "vpc-id" + values = [data.aws_vpc.vpc.id] + } + + filter { + name = "availability-zone-id" + values = ["${each.value}"] + } +} + +locals { + subnet_ids = sort([ + for k, v in data.aws_subnets.subnets_with_ec2_instance_type_offering_map : v.ids[0] + ]) +} + + module "beanstalk" { source = "../beanstalk" project = var.project @@ -8,9 +71,9 @@ module "beanstalk" { solution_stack_name = var.beanstalk_platform tier = var.beanstalk_tier tags = var.tags - vpc = var.vpc - public_subnets = var.subnet_ids - elb_public_subnets = var.subnet_ids + vpc = data.aws_vpc.vpc + public_subnets = local.subnet_ids + elb_public_subnets = local.subnet_ids ec2_instance_type = var.ec2_instance_type domain = var.domain acm_certificate = aws_acm_certificate.acm_certificate @@ -20,7 +83,7 @@ module "beanstalk" { module "github" { source = "../github" - repo_name = "amazonia-360" + repo_name = var.repo_name github_owner = var.github_owner github_token = var.github_token github_environment = var.environment diff --git a/infrastructure/v2/modules/env/variables.tf b/infrastructure/v2/modules/env/variables.tf index 08564f7f..4f2037f7 100644 --- a/infrastructure/v2/modules/env/variables.tf +++ b/infrastructure/v2/modules/env/variables.tf @@ -1,3 +1,8 @@ +variable "aws_profile" { + type = string + description = "AWS profile" +} + variable "aws_region" { type = string description = "AWS region" @@ -17,21 +22,11 @@ variable "environment" { description = "Name of the environment, will be used to prefix created resources" } -variable "vpc" { -} - variable "tags" { default = {} description = "Additional tags to add to resources" } -variable "subnet_ids" { -} - -variable "availability_zones" { - type = list(string) -} - variable "beanstalk_platform" { type = string description = "The Elastic Beanstalk platform to use" diff --git a/infrastructure/v2/modules/types/types.tf b/infrastructure/v2/modules/types/types.tf new file mode 100644 index 00000000..64bd7c3a --- /dev/null +++ b/infrastructure/v2/modules/types/types.tf @@ -0,0 +1,20 @@ +variable "environment_type" { + default = { + aws_region = string + api = { + auth_token = string + tiff_path = string + grid_tiles_path = string + } + client = { + next_public_api_url = string + next_public_api_key = string + next_public_arcgis_api_key = string + arcgis_client_id = string + arcgis_client_secret = string + basic_auth_user = string + basic_auth_password = string + session_secret = string + } + } +} \ No newline at end of file diff --git a/infrastructure/v2/providers.tf b/infrastructure/v2/providers.tf index 2675d143..3d6bdfe1 100644 --- a/infrastructure/v2/providers.tf +++ b/infrastructure/v2/providers.tf @@ -1,4 +1,4 @@ provider "aws" { - region = var.aws_dev_region + region = var.dev.aws_region profile = var.aws_profile } \ No newline at end of file diff --git a/infrastructure/v2/source_bundle/.ebextensions/10_authorized_keys.config b/infrastructure/v2/source_bundle/.ebextensions/10_authorized_keys.config index a5764c09..c2c9366d 100644 --- a/infrastructure/v2/source_bundle/.ebextensions/10_authorized_keys.config +++ b/infrastructure/v2/source_bundle/.ebextensions/10_authorized_keys.config @@ -6,6 +6,8 @@ files: content: | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxeHqNG3GJhm+KC9tpAKht18HPlvvLxQfBm6NbH+c6Y10qH7DbtT/FXTLZpzlIeSJaG3bS/8FKOHEIuLh07UcMskLPXLR6kijcrK9A3ZA/mBwfuNFk0u+s+ZSVRuCyy2kHPhouUMfdm289b5yOSkCXW+uVKM0pT3eFhGd7IvFTDxVazLrmdAVfHktsXw+Ohc32EiW5ITI7EZ4Xg+CNypIqRf3EGlRF17A2azn5dz08AwkYIBqTy+EHSMSdU5WSotarhGMNKsVplgpgpyXxeOphPHcntjb7fiu0KTBviAelmXilNTv/HA1qjYFuSFNv3sUNQiUQzaV3T2PSOUyLXbBFy0A7pXsX2gGvTafyE8WJsu/6kkOY9iqnkcZhYYHEemWpw6oPzc3mx9Z+AO57j4nG7TlPxpY9/Ydk6NS5oj4u5djYcpQvd7ztJMuAft7I32TwXrY5E/ywzoMQsPMoMiLzjZq+B27e5dN4vQ2iJwkS629GN9vgVRe2SSG0gtObyesfUJBNFWsaZBLFYqjiCAU+DMFRR48wUVai6oOz0qWxYQxqlrEA45aRvHy3Jz2JiMzlWAaiVOWHyFXkJQlGyObPL0U0Blf8y2NWhwicejz+LH9BWA5zdtuyHZD39Fll/10j64mim5reRhO1r7FvQIiK+KtSXSMeMdV1xVyJZPYWIw== alex@Alexs-MacBook-Pro.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyeDY64NwHA4hELV92xOVjZP2+10AK9m7oTQF7T3sgh2LxcWoS7iFVM22Sl4Xbo2SEXdTebmK5ORVd8WqhdVNN7eZQPAACfGSfGk/JYQu5nRP6s3n3hFWEpsuLFth/um+IRw6guSbn7cjIDxL5mMx+o3rfN93S/Nqpe6dqL7YmA2G16SPcQgrFANgER3CXKG7za7XWXsrTtAWdAF0jXe/JS7N9R5RsOwZJD9bbfUC8oTMV+v3ZO2PLWxek1LaG7pbEdYvdrk/B1TiLrL7PIgThcK9QFxwDVReOhASBf56GJDwKaKVhJT6omzrQcpnJkYhxL8RLLawBSVVGCKEVvlWumoiZwNa5qV20+2RSHSS22uzef+gWfjaJynRKbCx+sEogCV9l6WWYQR9mRzakq0wBvD3mOqNM58nZcpY5nPE+A1nwY2Dfc78UyPG1VIiuQd4ryKyucdbkHhoVxmuz2yIPudAFY7bUWyWmllNWBHBHuZPImBfXVIAhhx12ouWJa7v0LfuYrT0Q4NzNjGkdzixod/SDa2x06z1tSK9zg6X+jzLRAFKfY36y1ZU9f3QzR2v2sdoafB0vtx6FsApBTkTP0Uw9g7ulDjxumJjLVaBuUMfORJXNoG200d7m7cKLNFcLd3RzT3ZK6PzlDObFzHXfiefhQq91tlpWUHLTBNOf4Q== alejandro.peralta@vizzuality.com + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZXWfwVn/emxxiQJRXngeyCeaWp2FZl+zp4BLKj/7goWbTKMkrgnymUq8CKWB7kS5YdbfSjKaw5lBsO+xsX7RSZLmCyrZ8m6dmIV2cOcaYyKSmY28FZpDJsMPWjUoF9+Gt40gsP92Uy3aDB3R2X+hdhNHXwq7Z8nShYZxYgBRWYHQIP0HCT3ozNsfO946hcDZsneX3Nf5rEQmXwVOPO8oY8w45v9OI4CCoMnDVxdpCiloGA2QEk/PRThRnuUKvbACQ+T25f9pYOY1K4jnHi1ZoPBkWPchQsA/+6xone2z2oxdylhmwULArvMSG9/L+5d16ZbZWUb4JF24hmOVF2+bItlDqrU16K9vyiLivmDR9w2Uea2cycEJKZUnP+1ij+VM5PHi5YG0a7EhLLpGELm4ESxlP8e5X4iYe9o1dTL840Aqy0nHznVeatKJYfqoD0gt1IdtBQX3bEjSe/6PYDjpOcd+U0uNCqYdwahRpHK68MnlEA+hOwQmvP3dQLAV7bD9o8p9GXDBLrqhWwYpnzVUsILYGkTuVLFfqmZYitY2t/vwWTBi/mPOi7KWp26oKum1H8qFnbaERhL7IL5KLpVPdzSt36cSxGhRc8e9cgeu7FBdzoG9Q4grNUevPcBTfPvHGPLyBMXGM7EZeElRVYPne7lgRJlvUmFhpuDcwrY3QaQ== biel.stela@example.com + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzqbbsS55D7nlKPIgpO0lr9UMjGrrBU+TvhUMR+eJT5FLxsUYcll+fTe4djz0iCGrST5GWKgvf2ZB5+dkZIqr9sCx2cy4/vj9F1UtCsqiiN6IIzn1J1M5IlXIfmpNBh3USjHvTNvmmgIPVJyBRnNBpqtE0deGqTrj0UW0pNgKcPv5M05yJJdPpuaCqfJtTCymRx4QHwWV07XC2o6JuxXMJbP3OZaUrBDeefwO1tlj9iU7o0NnufLPldtceiyZTNpq4LZrrJ9R6oa0y80L3UQHjTBpCf8EGZx/1mL5A98KPaYwiJ4sH68Uba6ytbbF1wxDffrT6+v5iI1JU8j9KXZHqYvMYlvAoXjE601StJn9GO7KYcu6HrrOumSN4CMH1x48JFvex9yW9Q3TGZH3ThtRx9MA0bKye5UgS6oXFeJZkr2FQWOlHKgxOY5B06qWDBaSWiHzgDegpKDzk6x3pEBi6WLpqYn4y6/zhoPlmf6komXo0WYBSQ7mYqvsFsKz5kSE= bielstela@Biels-MacBook-Pro.local commands: 10_touch_keys_file: cwd: /home/ec2-user/.ssh/ diff --git a/infrastructure/v2/source_bundle/proxy/conf.d/application.conf b/infrastructure/v2/source_bundle/proxy/conf.d/application.conf index 243dcd0d..6a5e675f 100644 --- a/infrastructure/v2/source_bundle/proxy/conf.d/application.conf +++ b/infrastructure/v2/source_bundle/proxy/conf.d/application.conf @@ -1,22 +1,42 @@ upstream api { - server api:8000; + server api:8000; +} + +upstream client { + server client:3000; } server { - listen 80; + listen 80; + + location / { + proxy_pass http://client; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + } - location / { - proxy_pass http://api; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - } + location /api/ { + rewrite ^/api/?(.*)$ /$1 break; + proxy_pass http://api; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_pass_request_headers on; + client_max_body_size 5m; + } } diff --git a/infrastructure/v2/variables.tf b/infrastructure/v2/variables.tf index 79d1fbc0..7bc62ea0 100644 --- a/infrastructure/v2/variables.tf +++ b/infrastructure/v2/variables.tf @@ -3,16 +3,6 @@ variable "aws_profile" { description = "AWS profile to use to perform TF operations" } -variable "aws_dev_region" { - type = string - default = "eu-west-3" -} - -variable "aws_prod_region" { - type = string - default = "sa-east-1" -} - variable "allowed_account_id" { type = string description = "AWS account id" @@ -23,6 +13,11 @@ variable "project_name" { description = "Short name of the project, will be used to prefix created resources" } +variable "repo_name" { + type = string + description = "Name of the Github repository where the code is hosted" +} + variable "github_owner" { type = string description = "Owner of the Github repository where the code is hosted" @@ -33,17 +28,44 @@ variable "github_token" { description = "Github token to access the repository" } -variable "api_auth_token" { - type = string - description = "API auth token" -} - -variable "api_tiff_path" { - type = string - description = "API TIFF file path" +variable "dev" { + type = object({ + aws_region = string + api = object({ + auth_token = string + tiff_path = string + grid_tiles_path = string + }) + client = object({ + next_public_api_url = string + next_public_api_key = string + next_public_arcgis_api_key = string + arcgis_client_id = string + arcgis_client_secret = string + basic_auth_user = string + basic_auth_password = string + session_secret = string + }) + }) } -variable "api_grid_tiles_path" { - type = string - description = "API Grid tiles file path" +variable "prod" { + type = object({ + aws_region = string + api = object({ + auth_token = string + tiff_path = string + grid_tiles_path = string + }) + client = object({ + next_public_api_url = string + next_public_api_key = string + next_public_arcgis_api_key = string + arcgis_client_id = string + arcgis_client_secret = string + basic_auth_user = string + basic_auth_password = string + session_secret = string + }) + }) } \ No newline at end of file diff --git a/infrastructure/v2/vars/terraform.tfvars b/infrastructure/v2/vars/terraform.tfvars index f4fd98a0..73ba03ca 100644 --- a/infrastructure/v2/vars/terraform.tfvars +++ b/infrastructure/v2/vars/terraform.tfvars @@ -1,10 +1,28 @@ aws_profile="amazonia360" -aws_dev_region="eu-west-3" -aws_prod_region="sa-east-1" allowed_account_id="851725508245" project_name="amazonia360" +repo_name="amazonia-360" github_owner="Vizzuality" github_token="" -api_auth_token="" -api_tiff_path="./data" -api_grid_tiles_path="" \ No newline at end of file + +# DEV +dev = { + aws_region="eu-west-3" + + api = { + auth_token="" + tiff_path="/opt/api/data" + grid_tiles_path="/opt/api/data/grid" + } + + client = { + next_public_api_url="" + next_public_api_key="" + next_public_arcgis_api_key="" + arcgis_client_id="" + arcgis_client_secret="" + basic_auth_user="" + basic_auth_password="" + session_secret="" + } +} \ No newline at end of file