Add infrastructure code; add AWS SES Strapi provider

Vizzuality · Oct 25, 2023 · b6a2427 · b6a2427
1 parent 6c9a2d5
commit b6a2427
Show file tree

Hide file tree

Showing 46 changed files with 2,566 additions and 14 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,210 @@
+name: Run deploy
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+#      - main
+      - staging
+    paths:
+      - 'client/**'
+      - 'cms/**'
+      - '.github/workflows/*'
+      - 'infrastructure/**'
+
+jobs:
+  build_client_image:
+    name: Build Client image and push to Amazon ECR
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - uses: dorny/paths-filter@v2
+        id: client-changes
+        with:
+          filters: |
+            client:
+              - 'client/**'
+              - '.github/workflows/**'
+
+      - name: Extract branch name
+        if: steps.client-changes.outputs.client == 'true'
+        run: |
+          {
+            branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
+            echo "branch=${branch}"
+            echo "branch_upper=${branch^^}"
+          } >> $GITHUB_OUTPUT
+        id: extract_branch
+
+      - name: Copy env variables to docker
+        if: steps.client-changes.outputs.client == 'true'
+        run: |
+          echo "${{ steps.extract_branch.outputs.branch == 'main' && secrets.PRODUCTION_CLIENT_ENV_FILE || secrets[format('{0}_CLIENT_ENV_FILE', steps.extract_branch.outputs.branch_upper)] }}" > client/.env.local
+
+      - name: Configure AWS credentials
+        if: steps.client-changes.outputs.client == 'true'
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.PIPELINE_USER_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.PIPELINE_USER_SECRET_ACCESS_KEY }}
+          aws-region: ${{ vars.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        if: steps.client-changes.outputs.client == 'true'
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+        with:
+          mask-password: 'true'
+
+      - name: Set up Docker Buildx
+        if: steps.client-changes.outputs.client == 'true'
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build, tag, and push Client image to Amazon ECR
+        if: steps.client-changes.outputs.client == 'true'
+        uses: docker/build-push-action@v5
+        with:
+          context: ./client
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          file: ./client/Dockerfile.prod
+          push: true
+          tags: |
+            ${{ steps.login-ecr.outputs.registry }}/${{ secrets.CLIENT_REPOSITORY_NAME }}:${{ github.sha }}
+            ${{ steps.login-ecr.outputs.registry }}/${{ secrets.CMS_REPOSITORY_NAME }}:${{ steps.extract_branch.outputs.branch == 'main' && 'production' || steps.extract_branch.outputs.branch }}
+
+  build_cms_image:
+    name: Build CMS image and push to Amazon ECR
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - uses: dorny/paths-filter@v2
+        id: api-changes
+        with:
+          filters: |
+            cms:
+              - 'cms/**'
+              - '.github/workflows/**'
+
+      - name: Extract branch name
+        if: steps.cms-changes.outputs.cms == 'true'
+        run: |
+          {
+            branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
+            echo "branch=${branch}"
+            echo "branch_upper=${branch^^}"
+          } >> $GITHUB_OUTPUT
+        id: extract_branch
+
+      - name: Copy env variables to docker
+        if: steps.cms-changes.outputs.cms == 'true'
+        run: |
+          echo "${{ steps.extract_branch.outputs.branch == 'main' && secrets.PRODUCTION_CMS_ENV_FILE || secrets[format('{0}_CMS_ENV_FILE', steps.extract_branch.outputs.branch_upper)] }}" > cms/.env
+
+      - name: Configure AWS credentials
+        if: steps.cms-changes.outputs.cms == 'true'
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.PIPELINE_USER_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.PIPELINE_USER_SECRET_ACCESS_KEY }}
+          aws-region: ${{ vars.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        if: steps.cms-changes.outputs.cms == 'true'
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+        with:
+          mask-password: 'true'
+
+      - name: Set up Docker Buildx
+        if: steps.cms-changes.outputs.cms == 'true'
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build, tag, and push API image to Amazon ECR
+        if: steps.cms-changes.outputs.cms == 'true'
+        uses: docker/build-push-action@v5
+        with:
+          context: ./cms
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          file: ./cms/Dockerfile.prod
+          push: true
+          tags: |
+            ${{ steps.login-ecr.outputs.registry }}/${{ secrets.API_REPOSITORY_NAME }}:${{ github.sha }}
+            ${{ steps.login-ecr.outputs.registry }}/${{ secrets.API_REPOSITORY_NAME }}:${{ steps.extract_branch.outputs.branch == 'main' && 'production' || steps.extract_branch.outputs.branch }}
+
+  deploy:
+    name: Deploy Client and CMS to Amazon EB
+    needs: [build_client_image, build_cms_image]
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.PIPELINE_USER_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.PIPELINE_USER_SECRET_ACCESS_KEY }}
+          aws-region: ${{ vars.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+        with:
+          mask-password: 'true'
+
+      - name: Generate docker compose file
+        working-directory: infrastructure/source_bundle
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY_CLIENT: ${{ secrets.CLIENT_REPOSITORY_NAME }}
+          ECR_REPOSITORY_CMS: ${{ secrets.CMS_REPOSITORY_NAME }}
+          IMAGE_TAG: ${{ steps.extract_branch.outputs.branch == 'main' && 'production' || steps.extract_branch.outputs.branch }}
+        run: |
+          echo "version: '3.3'" > docker-compose.yml
+          echo "services:" >> docker-compose.yml
+          echo "  client:" >> docker-compose.yml
+          echo "    image: $ECR_REGISTRY/$ECR_REPOSITORY_CLIENT:$IMAGE_TAG" >> docker-compose.yml
+          echo "    restart: always" >> docker-compose.yml
+          echo "    ports:" >> docker-compose.yml
+          echo "      - 3000:3000" >> docker-compose.yml
+          echo "  cms:" >> docker-compose.yml
+          echo "    image: $ECR_REGISTRY/$ECR_REPOSITORY_CMS:$IMAGE_TAG" >> docker-compose.yml
+          echo "    restart: always" >> docker-compose.yml
+          echo "    ports:" >> docker-compose.yml
+          echo "      - 1337:1337" >> docker-compose.yml
+          echo "  nginx:" >> docker-compose.yml
+          echo "    image: nginx" >> docker-compose.yml
+          echo "    restart: always" >> docker-compose.yml
+          echo "    volumes:" >> docker-compose.yml
+          echo "      - ./proxy/conf.d:/etc/nginx/conf.d" >> docker-compose.yml
+          echo "      - \"\${EB_LOG_BASE_DIR}/nginx:/var/log/nginx\"" >> docker-compose.yml
+          echo "    ports:" >> docker-compose.yml
+          echo "      - 80:80" >> docker-compose.yml
+          echo "    depends_on:" >> docker-compose.yml
+          echo "      - cms" >> docker-compose.yml
+          echo "      - client" >> docker-compose.yml
+
+      - name: Generate zip file
+        working-directory: infrastructure/source_bundle
+        run: |
+          zip -r deploy.zip * .[^.]*
+
+      - name: Deploy to Amazon EB
+        uses: einaregilsson/beanstalk-deploy@v21
+        with:
+          aws_access_key: ${{ secrets.PIPELINE_USER_ACCESS_KEY_ID }}
+          aws_secret_key: ${{ secrets.PIPELINE_USER_SECRET_ACCESS_KEY }}
+          application_name: orcasa-${{ steps.extract_branch.outputs.branch == 'main' && 'production' || steps.extract_branch.outputs.branch }}
+          environment_name: orcasa-${{ steps.extract_branch.outputs.branch == 'main' && 'production' || steps.extract_branch.outputs.branch }}-environment
+          region: ${{ vars.AWS_REGION }}
+          version_label: ${{ github.sha }}-${{ github.run_id }}-${{ github.run_attempt }}
+          deployment_package: infrastructure/source_bundle/deploy.zip
diff --git a/.github/workflows/e2e_client.yml b/.github/workflows/e2e_client.yml
@@ -1,4 +1,4 @@
-name: e2e_client
+name: Client E2E tests
 on:
   push:
     paths:
@@ -8,10 +8,9 @@ on:
 
 jobs:
   e2e_client:
+    name: Client E2E tests
     timeout-minutes: 15
     runs-on: ubuntu-22.04
-    strategy:
-      fail-fast: false
     defaults:
       run:
         working-directory: client

diff --git a/cms/Dockerfile.prod b/cms/Dockerfile.prod
@@ -0,0 +1,58 @@
+# Build all the things
+FROM node:18.17-bullseye-slim as build
+RUN apt-get update -y && \
+    apt-get upgrade -y && \
+    apt-get install -y \
+      build-essential \
+      gcc autoconf \
+      automake \
+      zlib1g-dev \
+      libpng-dev \
+      nasm bash \
+      libvips-dev \
+    && apt-get clean
+
+ENV NODE_ENV production
+
+WORKDIR /app
+
+COPY .yarn ./.yarn
+COPY config ./config
+COPY database ./database
+COPY public ./public
+COPY src ./src
+
+COPY .env \
+     .nvmrc \
+     .yarnrc.yml \
+     favicon.png \
+     package.json \
+     entrypoint.sh \
+     tsconfig.json \
+     yarn.lock
+     ./
+
+RUN yarn install
+
+RUN yarn build
+
+# Copy only the built files into the final image
+FROM node:18.17-bullseye-slim AS runner
+RUN apt-get update -y && \
+    apt-get upgrade -y && \
+    apt-get install -y libvips-dev && \
+    apt-get clean
+
+ENV NODE_ENV production
+
+WORKDIR /app
+
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 strapi
+
+COPY --from=build --chown=strapi:nodejs /app ./
+
+USER strapi
+
+EXPOSE 1337
+ENTRYPOINT ["/app/entrypoint.sh"]
diff --git a/cms/config/plugins.ts b/cms/config/plugins.ts
@@ -12,6 +12,20 @@ module.exports = ({ env }) => ({
       ],
     },
   },
+  email: {
+    config: {
+      provider: 'amazon-ses',
+      providerOptions: {
+        key: env('AWS_SES_ACCESS_KEY_ID'),
+        secret: env('AWS_SES_ACCESS_KEY_SECRET'),
+        amazon: `https://email.${env('AWS_REGION')}.amazonaws.com`,
+      },
+      settings: {
+        defaultFrom: `no-reply@no-reply.${env('AWS_SES_DOMAIN')}`,
+        defaultReplyTo: `no-reply@no-reply.${env('AWS_SES_DOMAIN')}`,
+      },
+    },
+  },
   documentation: {
     config: {
       "x-strapi-config": {

diff --git a/cms/entrypoint.sh b/cms/entrypoint.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+set -e
+
+case "${NODE_ENV}" in
+    development)
+        echo "Running Development Server"
+        exec yarn dev
+        ;;
+    test)
+        echo "Running Test"
+        exec yarn test
+        ;;
+    production)
+        echo "Import config"
+        yarn config-sync import -y
+        echo "Running Production Server"
+        exec yarn start
+        ;;
+    *)
+        echo "Unknown NODE environment: \"${NODE_ENV}\""
+esac
diff --git a/cms/package.json b/cms/package.json
@@ -14,6 +14,7 @@
     "@strapi/plugin-documentation": "^4.14.5",
     "@strapi/plugin-i18n": "4.14.5",
     "@strapi/plugin-users-permissions": "4.14.5",
+    "@strapi/provider-email-amazon-ses": "4.14.5",
     "@strapi/strapi": "4.14.5",
     "pg": "8.8.0",
     "strapi-plugin-config-sync": "^1.2.1",
@@ -23,7 +24,8 @@
     "name": "Vizzuality"
   },
   "strapi": {
-    "uuid": "d6c35ecd-a7d3-4e06-bbec-080329e0e5b8"
+    "uuid": "d6c35ecd-a7d3-4e06-bbec-080329e0e5b8",
+    "telemetryDisabled": true
   },
   "engines": {
     "node": ">=16.0.0 <=20.x.x",