Merge pull request #37 from Instituto-Maua-de-Tecnologia/dev

Delivering application to prod stage
Instituto-Maua-de-Tecnologia · May 21, 2024 · d7a589a · d7a589a
2 parents 43ee8b1 + ae37b59
commit d7a589a
Show file tree

Hide file tree

Showing 146 changed files with 9,380 additions and 1 deletion.
diff --git a/.env.example b/.env.example
@@ -0,0 +1,3 @@
+SECRET_KEY=
+AZURE_URL=
+STAGE=
diff --git a/.github/workflows/CD.yml b/.github/workflows/CD.yml
@@ -0,0 +1,78 @@
+name: CD
+
+on:
+  push:
+    branches:
+      - dev
+      - prod
+
+jobs:
+  Deploy_to_AWS:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: '20.x'
+
+      - name: Install CDK dependencies
+        run: |
+          echo "Installing CDK dependencies"
+          npm install -g aws-cdk
+          npm install -g ts-node
+          npm install
+          cd iac
+          npm install
+          
+      - name: Populate DB
+        run: |
+          echo "Populating DB"
+          npm run populate-db
+        env:
+          STAGE: ${{ github.ref_name }}
+          RDS_HOSTNAME: ${{ secrets.RDS_HOSTNAME }}
+          RDS_USERNAME: ${{ secrets.RDS_USERNAME }}
+          RDS_PASSWORD: ${{ secrets.RDS_PASSWORD }}
+          RDS_PORT: ${{ secrets.RDS_PORT }}
+          RDS_DB_NAME: ${{ secrets.RDS_DB_NAME }}
+          RDS_DIALECT: ${{ secrets.RDS_DIALECT }}
+
+      - name: AWS Credentials
+        run: |
+          echo "Configuring AWS Credentials"
+          aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY }}
+          aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws configure set default.region ${{ secrets.AWS_REGION }}
+          aws configure set default.output json
+
+      - name: CDK Bootstrap
+        run: |
+          echo "CDK Bootstrap"
+          cd iac
+          aws cloudformation describe-stacks --stack-name CDKToolkit 2>&1 > /dev/null || \
+            cdk bootstrap aws://${{ secrets.AWS_ACCOUNT_ID }}/${{ secrets.AWS_REGION }}
+
+
+      - name: CDK Deploy
+        run: |
+          echo "CDK Deploy"
+          cd iac
+          cdk deploy --require-approval never
+        env:
+          STAGE: ${{ github.ref_name }}
+          AZURE_URL: ${{ secrets.AZURE_URL }}
+          SECRET_KEY: ${{ secrets.SECRET_KEY }}
+          RDS_HOSTNAME: ${{ secrets.RDS_HOSTNAME }}
+          RDS_USERNAME: ${{ secrets.RDS_USERNAME }}
+          RDS_PASSWORD: ${{ secrets.RDS_PASSWORD }}
+          RDS_PORT: ${{ secrets.RDS_PORT }}
+          RDS_DB_NAME: ${{ secrets.RDS_DB_NAME }}
+          RDS_DIALECT: ${{ secrets.RDS_DIALECT }}
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+          AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -0,0 +1,32 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - '*'
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: '20.x'
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Run tests
+        run: npm test
+        env:
+          STAGE: test
+          AZURE_URL: ${{ secrets.AZURE_URL }}
+          SECRET_KEY: ${{ secrets.SECRET_KEY }}
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,7 @@
+node_modules
+package-lock.json
+# Keep environment variables out of version control
+.env
+
+# Ignore the Prisma schema file that is not checked in
+prisma/migrations
diff --git a/README.md b/README.md
diff --git a/iac/.gitignore b/iac/.gitignore
@@ -0,0 +1,9 @@
+*.js
+!jest.config.js
+*.d.ts
+node_modules
+package-lock.json
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
diff --git a/iac/.npmignore b/iac/.npmignore
@@ -0,0 +1,6 @@
+*.ts
+!*.d.ts
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
diff --git a/iac/README.md b/iac/README.md
@@ -0,0 +1,14 @@
+# Welcome to your CDK TypeScript project
+
+This is a blank project for CDK development with TypeScript.
+
+The `cdk.json` file tells the CDK Toolkit how to execute your app.
+
+## Useful commands
+
+* `npm run build`   compile typescript to js
+* `npm run watch`   watch for changes and compile
+* `npm run test`    perform the jest unit tests
+* `npx cdk deploy`  deploy this stack to your default AWS account/region
+* `npx cdk diff`    compare deployed stack with current state
+* `npx cdk synth`   emits the synthesized CloudFormation template
diff --git a/iac/bin/iac.ts b/iac/bin/iac.ts
@@ -0,0 +1,16 @@
+import * as cdk from 'aws-cdk-lib';
+import { IacStack } from '../lib/iac_stack';
+
+const app = new cdk.App();
+
+const aws_account = process.env.AWS_ACCOUNT_ID;
+const aws_region = process.env.AWS_DEFAULT_REGION;
+
+new IacStack(app, 'CoilMssStack', {
+  env: {
+    account: aws_account,
+    region: aws_region,
+  }
+});
+
+app.synth();
diff --git a/iac/cdk.json b/iac/cdk.json
@@ -0,0 +1,64 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/iac.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
+    "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
+    "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true,
+    "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
+    "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
+    "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
+    "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true
+  }
+}
diff --git a/iac/lib/iac_stack.ts b/iac/lib/iac_stack.ts
@@ -0,0 +1,75 @@
+import * as cdk from 'aws-cdk-lib';
+import { Construct } from 'constructs';
+import * as iam from 'aws-cdk-lib/aws-iam';
+import { Bucket } from 'aws-cdk-lib/aws-s3';
+import { LambdaStack } from './lambda_stack';
+import { RestApi } from 'aws-cdk-lib/aws-apigateway';
+
+
+export class IacStack extends cdk.Stack {
+  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
+    super(scope, id, props);
+
+    const restapi = new RestApi(
+      this, "Coil_Restapi", {
+      restApiName: "CoilRestApi",
+      description: "This is the REST API for the Coil mss application.",
+      defaultCorsPreflightOptions: {
+        allowOrigins: ["*"],
+        allowMethods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+        allowHeaders: ["*"],
+      }
+    }
+    );
+
+    const bucket = new Bucket(this, "Coil_Bucket", {
+      bucketName: "coil-bucket",
+      removalPolicy: cdk.RemovalPolicy.DESTROY,
+      publicReadAccess: true,
+    });
+    bucket.grantPublicAccess();
+
+    const coil_resource = restapi.root.addResource("coil", {
+      defaultCorsPreflightOptions: {
+        allowOrigins: ["*"],
+        allowMethods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+        allowHeaders: ["*"],
+      }
+    });
+
+    const ENVIROMMENT_VARIABLES: { [key: string]: string } = {
+      "AWS_ACCOUNT_ID": process.env.AWS_ACCOUNT_ID || "",
+      "DOMAIN": process.env.DOMAIN || "",
+      "STAGE": process.env.STAGE || "test",
+      "AZURE_URL": process.env.AZURE_URL || "",
+      "SECRET_KEY": process.env.SECRET_KEY || "",
+      "AWS_BUCKET": bucket.bucketName,
+      "RDS_HOSTNAME": process.env.RDS_HOSTNAME || "",
+      "RDS_PORT": process.env.RDS_PORT || "",
+      "RDS_DB_NAME": process.env.RDS_DB_NAME || "",
+      "RDS_USERNAME": process.env.RDS_USERNAME || "",
+      "RDS_PASSWORD": process.env.RDS_PASSWORD || "",
+      "RDS_DIALECT": process.env.RDS_DIALECT || "",
+    };
+
+    const lambda_stack = new LambdaStack(
+      this,
+      "Coil_Lambda_Stack",
+      ENVIROMMENT_VARIABLES,
+      coil_resource
+    );
+
+    lambda_stack.functions_need_event_bridge_access.forEach((lambda_function: cdk.aws_lambda.Function) => {
+      lambda_function.addToRolePolicy(
+        new iam.PolicyStatement({
+          actions: ["events:*", "lambda:*"],
+          resources: ["*"],
+        })
+      );
+    });
+
+    lambda_stack.functions_need_s3_access.forEach((lambda_function: cdk.aws_lambda.Function) => {
+      bucket.grantReadWrite(lambda_function);
+    });
+  }
+}