From d56f16e1e59a273fa766bae9c6b963b8f8929140 Mon Sep 17 00:00:00 2001 From: Alejandro Peralta Date: Tue, 19 Nov 2024 22:16:23 +0100 Subject: [PATCH] chore(infrastructure): Create CI /CD v2 github workflow --- .github/workflows/cicd v2.yml | 263 ++++++++++++++++++ client/Dockerfile | 38 +++ docker-compose.yml | 18 ++ infrastructure/v2/main.tf | 51 +++- infrastructure/v2/modules/env/main.tf | 2 +- infrastructure/v2/modules/types/types.tf | 20 ++ infrastructure/v2/providers.tf | 2 +- .../.ebextensions/10_authorized_keys.config | 2 + .../proxy/conf.d/application.conf | 48 +++- infrastructure/v2/variables.tf | 47 ++-- infrastructure/v2/vars/terraform.tfvars | 28 +- 11 files changed, 465 insertions(+), 54 deletions(-) create mode 100644 .github/workflows/cicd v2.yml create mode 100644 client/Dockerfile create mode 100644 infrastructure/v2/modules/types/types.tf diff --git a/.github/workflows/cicd v2.yml b/.github/workflows/cicd v2.yml new file mode 100644 index 00000000..260a9db8 --- /dev/null +++ b/.github/workflows/cicd v2.yml @@ -0,0 +1,263 @@ +name: CI / CD v2 +on: + workflow_dispatch: + push: + branches: + - chore/infrastructure-migration + paths: + - "api/**" + - ".github/workflows/*" + +jobs: + build-and-test: + name: Build and Test + runs-on: ubuntu-latest + steps: + - name: Check out the repository + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Build and run tests + run: docker compose up --build --exit-code-from test test + + - name: Clean up + run: docker compose down + + # BUILD AND DEPLOY + set_environment: + runs-on: ubuntu-latest + name: Set Deployment Environment + # if: ${{ github.event_name == 'workflow_dispatch' || github.ref_name == 'staging' || github.ref_name == 'main' }} + outputs: + env_name: ${{ steps.set_env.outputs.env_name }} + steps: + - id: set_env + run: echo "env_name=develop" >> $GITHUB_OUTPUT + # run: echo "env_name=${{ github.ref_name }}" >> $GITHUB_OUTPUT + + build_api: + name: build-api + needs: [ set_environment ] + runs-on: ubuntu-latest + environment: + name: ${{ needs.set_environment.outputs.env_name }} + steps: + - name: Debug env_name + run: | + echo "Environment name is: ${{ needs.set_environment.outputs.env_name }}" + + - name: Checkout code + uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }} + aws-region: ${{ vars.TF_AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + with: + mask-password: 'true' + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build, tag, and push Client image to Amazon ECR + uses: docker/build-push-action@v5 + with: + context: api + cache-from: type=gha + cache-to: type=gha,mode=max + file: ./api/Dockerfile + push: true + tags: | + ${{ steps.login-ecr.outputs.registry }}/${{ secrets.TF_API_REPOSITORY_NAME }}:${{ github.sha }} + ${{ steps.login-ecr.outputs.registry }}/${{ secrets.TF_API_REPOSITORY_NAME }}:${{ needs.set_environment.outputs.env_name }} + + build_client: + name: build-client + needs: [ set_environment ] + environment: + name: ${{ needs.set_environment.outputs.env_name }} + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.TF_AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + with: + mask-password: 'true' + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build, tag, and push Client image to Amazon ECR + uses: docker/build-push-action@v5 + with: + build-args: | + NEXT_PUBLIC_URL=http://0.0.0.0:3000 + NEXT_PUBLIC_API_URL=${{ vars.NEXT_PUBLIC_API_URL }} + NEXT_PUBLIC_ARCGIS_API_KEY=${{ secrets.TF_CLIENT_NEXT_PUBLIC_ARCGIS_API_KEY }} + NEXT_PUBLIC_API_KEY=${{ secrets.TF_CLIENT_NEXT_PUBLIC_API_KEY }} + ARCGIS_CLIENT_ID=${{ secrets.TF_CLIENT_ARCGIS_CLIENT_ID }} + ARCGIS_CLIENT_SECRET=${{ secrets.TF_CLIENT_ARCGIS_CLIENT_SECRET }} + BASIC_AUTH_USER=${{ secrets.TF_CLIENT_BASIC_AUTH_USER }} + BASIC_AUTH_PASSWORD=${{ secrets.TF_CLIENT_BASIC_AUTH_PASSWORD }} + context: . + cache-from: type=gha + cache-to: type=gha,mode=max + file: ./client/Dockerfile + push: true + tags: | + ${{ steps.login-ecr.outputs.registry }}/${{ secrets.TF_CLIENT_REPOSITORY_NAME }}:${{ github.sha }} + ${{ steps.login-ecr.outputs.registry }}/${{ secrets.TF_CLIENT_REPOSITORY_NAME }}:${{ needs.set_environment.outputs.env_name }} + + deploy: + name: deploy + needs: [ set_environment, build_api, build_client ] + runs-on: ubuntu-latest + environment: + name: ${{ needs.set_environment.outputs.env_name }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }} + aws-region: ${{ vars.TF_AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + - name: Generate docker compose file + working-directory: infrastructure/v2/source_bundle + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + + # API + ECR_REPOSITORY_API: ${{ secrets.TF_API_REPOSITORY_NAME }} + IMAGE_TAG: ${{ needs.set_environment.outputs.env_name }} + API_AUTH_TOKEN: ${{ secrets.TF_API_AUTH_TOKEN }} + API_TIFF_PATH: ${{ vars.TF_API_TIFF_PATH }} + API_GRID_TILES_PATH: ${{ vars.TF_API_GRID_TILES_PATH }} + + # Client + ECR_REPOSITORY_CLIENT: ${{ secrets.TF_CLIENT_REPOSITORY_NAME }} + CLIENT_NEXT_PUBLIC_API_URL: ${{ vars.TF_CLIENT_NEXT_PUBLIC_API_URL }} + CLIENT_NEXT_PUBLIC_API_KEY: ${{ secrets.TF_CLIENT_NEXT_PUBLIC_API_KEY }} + + CLIENT_NEXT_PUBLIC_ARCGIS_API_KEY: ${{ secrets.TF_CLIENT_NEXT_PUBLIC_ARCGIS_API_KEY }} + CLIENT_ARCGIS_CLIENT_ID: ${{ secrets.TF_CLIENT_ARCGIS_CLIENT_ID }} + CLIENT_ARCGIS_CLIENT_SECRET: ${{ secrets.TF_CLIENT_ARCGIS_CLIENT_SECRET }} + CLIENT_BASIC_AUTH_USER: ${{ secrets.TF_CLIENT_BASIC_AUTH_USER }} + CLIENT_BASIC_AUTH_PASSWORD: ${{ secrets.TF_CLIENT_BASIC_AUTH_PASSWORD }} + CLIENT_SESSION_SECRET: ${{ secrets.TF_CLIENT_SESSION_SECRET }} + run: | + cat <> docker-compose.yml + version: '3.9' + services: + api: + image: $ECR_REGISTRY/$ECR_REPOSITORY_API:$IMAGE_TAG + ports: + - "8000:8000" + environment: + - AUTH_TOKEN=${API_AUTH_TOKEN} + - TIFF_PATH=${API_TIFF_PATH} + - GRID_TILES_PATH=${API_GRID_TILES_PATH} + volumes: + - /var/app/data/api:/opt/api/data:ro + networks: + - amazonia360-network + restart: always + client: + image: $ECR_REGISTRY/$ECR_REPOSITORY_CLIENT:$IMAGE_TAG + networks: + - amazonia360-network + ports: + - 3000:3000 + environment: + - NEXT_PUBLIC_URL=http://localhost:3000 + - NEXT_PUBLIC_API_URL=${CLIENT_NEXT_PUBLIC_API_URL} + - NEXT_PUBLIC_API_KEY=${CLIENT_NEXT_PUBLIC_API_KEY} + - NEXT_PUBLIC_ARCGIS_API_KEY=${CLIENT_NEXT_PUBLIC_ARCGIS_API_KEY} + - ARCGIS_CLIENT_ID=${CLIENT_ARCGIS_CLIENT_ID} + - ARCGIS_CLIENT_SECRET=${CLIENT_ARCGIS_CLIENT_SECRET} + - BASIC_AUTH_USER=${CLIENT_BASIC_AUTH_USER} + - BASIC_AUTH_PASSWORD=${CLIENT_BASIC_AUTH_PASSWORD} + restart: always + nginx: + image: nginx + restart: always + networks: + - amazonia360-network + volumes: + - ./proxy/conf.d:/etc/nginx/conf.d + - "\${EB_LOG_BASE_DIR}/nginx:/var/log/nginx" + ports: + - 80:80 + depends_on: + - api + - client + networks: + amazonia360-network: + driver: bridge + EOF + + - name: Generate .ebextensions/20_sync_data.config + working-directory: infrastructure/v2/source_bundle + env: + PROJECT_NAME: ${{ vars.TF_PROJECT_NAME }} + ENV_NAME: ${{ needs.set_environment.outputs.env_name }} + AWS_REGION: ${{ vars.TF_AWS_REGION }} + run: | + mkdir -p .ebextensions + cat <> .ebextensions/20_sync_data.config + commands: + 20_install_awscli: + command: | + sudo apt-get update -y + sudo apt-get install -y awscli + sudo apt-get clean + sudo rm -rf /var/lib/apt/lists/* + + 21_create_data_folder: + command: mkdir -p /var/app/data/api + + 22_sync_s3_bucket: + command: aws s3 sync s3://${PROJECT_NAME}-${ENV_NAME}-bucket /var/app/data/api + EOF + + - name: Generate zip file + working-directory: infrastructure/v2/source_bundle + run: | + zip -r deploy.zip * .[^.]* + + - name: Deploy to Amazon EB + uses: einaregilsson/beanstalk-deploy@v21 + with: + aws_access_key: ${{ secrets.TF_PIPELINE_USER_ACCESS_KEY_ID }} + aws_secret_key: ${{ secrets.TF_PIPELINE_USER_SECRET_ACCESS_KEY }} + application_name: ${{ vars.TF_PROJECT_NAME }}-${{ needs.set_environment.outputs.env_name }} + environment_name: ${{ vars.TF_PROJECT_NAME }}-${{ needs.set_environment.outputs.env_name }}-environment + region: ${{ vars.TF_AWS_REGION }} + version_label: ${{ github.sha }}-${{ github.run_id }}-${{ github.run_attempt }} + deployment_package: infrastructure/v2/source_bundle/deploy.zip + wait_for_deployment: true \ No newline at end of file diff --git a/client/Dockerfile b/client/Dockerfile new file mode 100644 index 00000000..d52bf030 --- /dev/null +++ b/client/Dockerfile @@ -0,0 +1,38 @@ +FROM node:22.2.0-alpine as base +LABEL maintainer="hello@vizzuality.com" + +FROM base as production +ARG NEXT_PUBLIC_URL +ARG NEXT_PUBLIC_API_URL + +ARG NEXT_PUBLIC_ARCGIS_API_KEY +ARG NEXT_PUBLIC_API_KEY +ARG ARCGIS_CLIENT_ID +ARG ARCGIS_CLIENT_SECRET + +ARG BASIC_AUTH_USER +ARG BASIC_AUTH_PASSWORD + +ENV NEXT_PUBLIC_URL $NEXT_PUBLIC_URL +ENV NEXT_PUBLIC_API_URL $NEXT_PUBLIC_API_URL + +ENV NEXT_PUBLIC_ARCGIS_API_KEY $NEXT_PUBLIC_ARCGIS_API_KEY +ENV NEXT_PUBLIC_API_KEY $NEXT_PUBLIC_API_KEY +ENV ARCGIS_CLIENT_ID $ARCGIS_CLIENT_ID +ENV ARCGIS_CLIENT_SECRET $ARCGIS_CLIENT_SECRET + +ENV BASIC_AUTH_USER $BASIC_AUTH_USER +ENV BASIC_AUTH_PASSWORD $BASIC_AUTH_PASSWORD + +WORKDIR /app + +COPY . . + +RUN corepack enable pnpm +RUN pnpm install + +RUN pnpm build + +EXPOSE 3000 + +CMD ["pnpm", "start"] diff --git a/docker-compose.yml b/docker-compose.yml index fffa746f..98b6b56f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,6 +14,24 @@ services: networks: - amazonia360-network restart: always + client: + build: + context: ./client + dockerfile: Dockerfile + target: production + args: + NEXT_PUBLIC_URL: "http://localhost:3000" + NEXT_PUBLIC_API_URL: "http://api:8000" + NEXT_PUBLIC_ARCGIS_API_KEY: "" + NEXT_PUBLIC_API_KEY: "" + ARCGIS_CLIENT_ID: "" + ARCGIS_CLIENT_SECRET: "" + BASIC_AUTH_USER: amazonia360 + BASIC_AUTH_PASSWORD: amazonia360 + ports: + - "3000:3000" + networks: + - amazonia360-network test: build: context: ./api diff --git a/infrastructure/v2/main.tf b/infrastructure/v2/main.tf index ee3f7681..1deb79ba 100644 --- a/infrastructure/v2/main.tf +++ b/infrastructure/v2/main.tf @@ -80,7 +80,7 @@ locals { module state { source = "./modules/state" project_name = var.project_name - aws_region = var.aws_dev_region + aws_region = var.dev.aws_region aws_profile = var.aws_profile } @@ -94,21 +94,32 @@ module api_ecr { repo_name = "api" } +module client_ecr { + source = "./modules/ecr" + project_name = var.project_name + repo_name = "client" +} + module "github" { source = "./modules/github" - repo_name = "amazonia-360" + repo_name = var.repo_name github_owner = var.github_owner github_token = var.github_token global_secret_map = { TF_PIPELINE_USER_ACCESS_KEY_ID = module.iam.pipeline_user_access_key_id TF_PIPELINE_USER_SECRET_ACCESS_KEY = module.iam.pipeline_user_access_key_secret + + # API TF_API_REPOSITORY_NAME = module.api_ecr.repository_name - TF_AUTH_TOKEN = var.api_auth_token + + # Client + TF_CLIENT_REPOSITORY_NAME = module.client_ecr.repository_name } global_variable_map = { TF_PROJECT_NAME = var.project_name - TF_TIFF_PATH = var.api_tiff_path - TF_GRID_TILES_PATH = var.api_grid_tiles_path + + # API + # Client } } @@ -120,20 +131,40 @@ module "dev" { source = "./modules/env" domain = "dev.amazonia360.dev-vizzuality.com" project = var.project_name - environment = "develop" # Does it need to be the same as the target branch name? - aws_region = var.aws_dev_region + environment = "develop" # staging branch of the repo + aws_region = var.dev.aws_region vpc = data.aws_vpc.default_vpc subnet_ids = local.subnets_with_ec2_instance_type_offering_ids availability_zones = data.aws_availability_zones.azs_with_ec2_instance_type_offering.names - beanstalk_platform = "64bit Amazon Linux 2023 v4.4.0 running Docker" + beanstalk_platform = "64bit Amazon Linux 2023 v4.4.1 running Docker" beanstalk_tier = "WebServer" ec2_instance_type = "t3.medium" elasticbeanstalk_iam_service_linked_role_name = aws_iam_service_linked_role.elasticbeanstalk.name - repo_name = "amazonia-360" + repo_name = var.repo_name cname_prefix = "amazonia360-dev-environment" github_owner = var.github_owner github_token = var.github_token github_additional_environment_variables = { - TF_AWS_REGION = var.aws_dev_region + TF_AWS_REGION = var.dev.aws_region + + # API + TF_API_TIFF_PATH = var.dev.api.tiff_path + TF_API_GRID_TILES_PATH = var.dev.api.grid_tiles_path + + # Client + TF_CLIENT_NEXT_PUBLIC_API_URL = var.dev.client.next_public_api_url + } + github_additional_environment_secrets = { + # API + TF_API_AUTH_TOKEN = var.dev.api.auth_token + + # Client + TF_CLIENT_NEXT_PUBLIC_API_KEY = var.dev.client.next_public_api_key + TF_CLIENT_NEXT_PUBLIC_ARCGIS_API_KEY = var.dev.client.next_public_arcgis_api_key + TF_CLIENT_ARCGIS_CLIENT_ID = var.dev.client.arcgis_client_id + TF_CLIENT_ARCGIS_CLIENT_SECRET = var.dev.client.arcgis_client_secret + TF_CLIENT_BASIC_AUTH_USER = var.dev.client.basic_auth_user + TF_CLIENT_BASIC_AUTH_PASSWORD = var.dev.client.basic_auth_password + TF_CLIENT_SESSION_SECRET = var.dev.client.session_secret } } \ No newline at end of file diff --git a/infrastructure/v2/modules/env/main.tf b/infrastructure/v2/modules/env/main.tf index fb87f69e..0807ead2 100644 --- a/infrastructure/v2/modules/env/main.tf +++ b/infrastructure/v2/modules/env/main.tf @@ -20,7 +20,7 @@ module "beanstalk" { module "github" { source = "../github" - repo_name = "amazonia-360" + repo_name = var.repo_name github_owner = var.github_owner github_token = var.github_token github_environment = var.environment diff --git a/infrastructure/v2/modules/types/types.tf b/infrastructure/v2/modules/types/types.tf new file mode 100644 index 00000000..64bd7c3a --- /dev/null +++ b/infrastructure/v2/modules/types/types.tf @@ -0,0 +1,20 @@ +variable "environment_type" { + default = { + aws_region = string + api = { + auth_token = string + tiff_path = string + grid_tiles_path = string + } + client = { + next_public_api_url = string + next_public_api_key = string + next_public_arcgis_api_key = string + arcgis_client_id = string + arcgis_client_secret = string + basic_auth_user = string + basic_auth_password = string + session_secret = string + } + } +} \ No newline at end of file diff --git a/infrastructure/v2/providers.tf b/infrastructure/v2/providers.tf index 2675d143..3d6bdfe1 100644 --- a/infrastructure/v2/providers.tf +++ b/infrastructure/v2/providers.tf @@ -1,4 +1,4 @@ provider "aws" { - region = var.aws_dev_region + region = var.dev.aws_region profile = var.aws_profile } \ No newline at end of file diff --git a/infrastructure/v2/source_bundle/.ebextensions/10_authorized_keys.config b/infrastructure/v2/source_bundle/.ebextensions/10_authorized_keys.config index a5764c09..c2c9366d 100644 --- a/infrastructure/v2/source_bundle/.ebextensions/10_authorized_keys.config +++ b/infrastructure/v2/source_bundle/.ebextensions/10_authorized_keys.config @@ -6,6 +6,8 @@ files: content: | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxeHqNG3GJhm+KC9tpAKht18HPlvvLxQfBm6NbH+c6Y10qH7DbtT/FXTLZpzlIeSJaG3bS/8FKOHEIuLh07UcMskLPXLR6kijcrK9A3ZA/mBwfuNFk0u+s+ZSVRuCyy2kHPhouUMfdm289b5yOSkCXW+uVKM0pT3eFhGd7IvFTDxVazLrmdAVfHktsXw+Ohc32EiW5ITI7EZ4Xg+CNypIqRf3EGlRF17A2azn5dz08AwkYIBqTy+EHSMSdU5WSotarhGMNKsVplgpgpyXxeOphPHcntjb7fiu0KTBviAelmXilNTv/HA1qjYFuSFNv3sUNQiUQzaV3T2PSOUyLXbBFy0A7pXsX2gGvTafyE8WJsu/6kkOY9iqnkcZhYYHEemWpw6oPzc3mx9Z+AO57j4nG7TlPxpY9/Ydk6NS5oj4u5djYcpQvd7ztJMuAft7I32TwXrY5E/ywzoMQsPMoMiLzjZq+B27e5dN4vQ2iJwkS629GN9vgVRe2SSG0gtObyesfUJBNFWsaZBLFYqjiCAU+DMFRR48wUVai6oOz0qWxYQxqlrEA45aRvHy3Jz2JiMzlWAaiVOWHyFXkJQlGyObPL0U0Blf8y2NWhwicejz+LH9BWA5zdtuyHZD39Fll/10j64mim5reRhO1r7FvQIiK+KtSXSMeMdV1xVyJZPYWIw== alex@Alexs-MacBook-Pro.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyeDY64NwHA4hELV92xOVjZP2+10AK9m7oTQF7T3sgh2LxcWoS7iFVM22Sl4Xbo2SEXdTebmK5ORVd8WqhdVNN7eZQPAACfGSfGk/JYQu5nRP6s3n3hFWEpsuLFth/um+IRw6guSbn7cjIDxL5mMx+o3rfN93S/Nqpe6dqL7YmA2G16SPcQgrFANgER3CXKG7za7XWXsrTtAWdAF0jXe/JS7N9R5RsOwZJD9bbfUC8oTMV+v3ZO2PLWxek1LaG7pbEdYvdrk/B1TiLrL7PIgThcK9QFxwDVReOhASBf56GJDwKaKVhJT6omzrQcpnJkYhxL8RLLawBSVVGCKEVvlWumoiZwNa5qV20+2RSHSS22uzef+gWfjaJynRKbCx+sEogCV9l6WWYQR9mRzakq0wBvD3mOqNM58nZcpY5nPE+A1nwY2Dfc78UyPG1VIiuQd4ryKyucdbkHhoVxmuz2yIPudAFY7bUWyWmllNWBHBHuZPImBfXVIAhhx12ouWJa7v0LfuYrT0Q4NzNjGkdzixod/SDa2x06z1tSK9zg6X+jzLRAFKfY36y1ZU9f3QzR2v2sdoafB0vtx6FsApBTkTP0Uw9g7ulDjxumJjLVaBuUMfORJXNoG200d7m7cKLNFcLd3RzT3ZK6PzlDObFzHXfiefhQq91tlpWUHLTBNOf4Q== alejandro.peralta@vizzuality.com + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZXWfwVn/emxxiQJRXngeyCeaWp2FZl+zp4BLKj/7goWbTKMkrgnymUq8CKWB7kS5YdbfSjKaw5lBsO+xsX7RSZLmCyrZ8m6dmIV2cOcaYyKSmY28FZpDJsMPWjUoF9+Gt40gsP92Uy3aDB3R2X+hdhNHXwq7Z8nShYZxYgBRWYHQIP0HCT3ozNsfO946hcDZsneX3Nf5rEQmXwVOPO8oY8w45v9OI4CCoMnDVxdpCiloGA2QEk/PRThRnuUKvbACQ+T25f9pYOY1K4jnHi1ZoPBkWPchQsA/+6xone2z2oxdylhmwULArvMSG9/L+5d16ZbZWUb4JF24hmOVF2+bItlDqrU16K9vyiLivmDR9w2Uea2cycEJKZUnP+1ij+VM5PHi5YG0a7EhLLpGELm4ESxlP8e5X4iYe9o1dTL840Aqy0nHznVeatKJYfqoD0gt1IdtBQX3bEjSe/6PYDjpOcd+U0uNCqYdwahRpHK68MnlEA+hOwQmvP3dQLAV7bD9o8p9GXDBLrqhWwYpnzVUsILYGkTuVLFfqmZYitY2t/vwWTBi/mPOi7KWp26oKum1H8qFnbaERhL7IL5KLpVPdzSt36cSxGhRc8e9cgeu7FBdzoG9Q4grNUevPcBTfPvHGPLyBMXGM7EZeElRVYPne7lgRJlvUmFhpuDcwrY3QaQ== biel.stela@example.com + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzqbbsS55D7nlKPIgpO0lr9UMjGrrBU+TvhUMR+eJT5FLxsUYcll+fTe4djz0iCGrST5GWKgvf2ZB5+dkZIqr9sCx2cy4/vj9F1UtCsqiiN6IIzn1J1M5IlXIfmpNBh3USjHvTNvmmgIPVJyBRnNBpqtE0deGqTrj0UW0pNgKcPv5M05yJJdPpuaCqfJtTCymRx4QHwWV07XC2o6JuxXMJbP3OZaUrBDeefwO1tlj9iU7o0NnufLPldtceiyZTNpq4LZrrJ9R6oa0y80L3UQHjTBpCf8EGZx/1mL5A98KPaYwiJ4sH68Uba6ytbbF1wxDffrT6+v5iI1JU8j9KXZHqYvMYlvAoXjE601StJn9GO7KYcu6HrrOumSN4CMH1x48JFvex9yW9Q3TGZH3ThtRx9MA0bKye5UgS6oXFeJZkr2FQWOlHKgxOY5B06qWDBaSWiHzgDegpKDzk6x3pEBi6WLpqYn4y6/zhoPlmf6komXo0WYBSQ7mYqvsFsKz5kSE= bielstela@Biels-MacBook-Pro.local commands: 10_touch_keys_file: cwd: /home/ec2-user/.ssh/ diff --git a/infrastructure/v2/source_bundle/proxy/conf.d/application.conf b/infrastructure/v2/source_bundle/proxy/conf.d/application.conf index 243dcd0d..6a5e675f 100644 --- a/infrastructure/v2/source_bundle/proxy/conf.d/application.conf +++ b/infrastructure/v2/source_bundle/proxy/conf.d/application.conf @@ -1,22 +1,42 @@ upstream api { - server api:8000; + server api:8000; +} + +upstream client { + server client:3000; } server { - listen 80; + listen 80; + + location / { + proxy_pass http://client; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + } - location / { - proxy_pass http://api; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - } + location /api/ { + rewrite ^/api/?(.*)$ /$1 break; + proxy_pass http://api; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_pass_request_headers on; + client_max_body_size 5m; + } } diff --git a/infrastructure/v2/variables.tf b/infrastructure/v2/variables.tf index 79d1fbc0..e967a337 100644 --- a/infrastructure/v2/variables.tf +++ b/infrastructure/v2/variables.tf @@ -3,16 +3,6 @@ variable "aws_profile" { description = "AWS profile to use to perform TF operations" } -variable "aws_dev_region" { - type = string - default = "eu-west-3" -} - -variable "aws_prod_region" { - type = string - default = "sa-east-1" -} - variable "allowed_account_id" { type = string description = "AWS account id" @@ -23,6 +13,11 @@ variable "project_name" { description = "Short name of the project, will be used to prefix created resources" } +variable "repo_name" { + type = string + description = "Name of the Github repository where the code is hosted" +} + variable "github_owner" { type = string description = "Owner of the Github repository where the code is hosted" @@ -33,17 +28,23 @@ variable "github_token" { description = "Github token to access the repository" } -variable "api_auth_token" { - type = string - description = "API auth token" -} - -variable "api_tiff_path" { - type = string - description = "API TIFF file path" -} - -variable "api_grid_tiles_path" { - type = string - description = "API Grid tiles file path" +variable "dev" { + type = object({ + aws_region = string + api = object({ + auth_token = string + tiff_path = string + grid_tiles_path = string + }) + client = object({ + next_public_api_url = string + next_public_api_key = string + next_public_arcgis_api_key = string + arcgis_client_id = string + arcgis_client_secret = string + basic_auth_user = string + basic_auth_password = string + session_secret = string + }) + }) } \ No newline at end of file diff --git a/infrastructure/v2/vars/terraform.tfvars b/infrastructure/v2/vars/terraform.tfvars index f4fd98a0..73ba03ca 100644 --- a/infrastructure/v2/vars/terraform.tfvars +++ b/infrastructure/v2/vars/terraform.tfvars @@ -1,10 +1,28 @@ aws_profile="amazonia360" -aws_dev_region="eu-west-3" -aws_prod_region="sa-east-1" allowed_account_id="851725508245" project_name="amazonia360" +repo_name="amazonia-360" github_owner="Vizzuality" github_token="" -api_auth_token="" -api_tiff_path="./data" -api_grid_tiles_path="" \ No newline at end of file + +# DEV +dev = { + aws_region="eu-west-3" + + api = { + auth_token="" + tiff_path="/opt/api/data" + grid_tiles_path="/opt/api/data/grid" + } + + client = { + next_public_api_url="" + next_public_api_key="" + next_public_arcgis_api_key="" + arcgis_client_id="" + arcgis_client_secret="" + basic_auth_user="" + basic_auth_password="" + session_secret="" + } +} \ No newline at end of file