diff --git a/.github/Dockerfile b/.github/Dockerfile new file mode 100644 index 0000000..66c2c98 --- /dev/null +++ b/.github/Dockerfile @@ -0,0 +1,7 @@ +FROM nginx:alpine + +COPY ./assets/ /usr/share/nginx/html +RUN rm -rf /usr/share/nginx/html/.git* + +EXPOSE 3000 +CMD ["nginx", "-g", "daemon off;"] \ No newline at end of file diff --git a/.github/taskdef/dev-taskdef.yaml b/.github/taskdef/dev-taskdef.yaml new file mode 100644 index 0000000..bf53b8c --- /dev/null +++ b/.github/taskdef/dev-taskdef.yaml @@ -0,0 +1,11 @@ +region: eu-west-1 +account_number: "058264511034" +hostport: 3000 +containerport: 3000 +app_name: wallet-asset-dev +role: frontend-apps +environment: dev +iac: terraform-workspace-aws-dev-apps-eu-west-1-apps-wallet-asset-dev-polygon-technology +team_name: product-apps +memory: 1024 +cpu: 512 diff --git a/.github/taskdef/prod-taskdef.yaml b/.github/taskdef/prod-taskdef.yaml new file mode 100644 index 0000000..958ca99 --- /dev/null +++ b/.github/taskdef/prod-taskdef.yaml @@ -0,0 +1,11 @@ +region: eu-west-1 +account_number: "042947190491" +hostport: 3000 +containerport: 3000 +app_name: wallet-asset-staging +role: frontend-apps +environment: staging +iac: terraform-workspace-aws-test-applications-eu-west-1-apps-wallet-asset-staging-polygon-technology +team_name: product-apps +memory: 1024 +cpu: 512 diff --git a/.github/taskdef/staging-taskdef.yaml b/.github/taskdef/staging-taskdef.yaml new file mode 100644 index 0000000..0e19645 --- /dev/null +++ b/.github/taskdef/staging-taskdef.yaml @@ -0,0 +1,11 @@ +region: eu-west-1 +account_number: "070528468658" +hostport: 3000 +containerport: 3000 +app_name: wallet-asset-prod +role: frontend-apps +environment: prod +iac: terraform-workspace-aws-prod-applications-eu-west-1-apps-wallet-asset-prod-polygon-technology +team_name: product-apps +memory: 1024 +cpu: 512 diff --git a/.github/taskdefinition_template/Pipfile b/.github/taskdefinition_template/Pipfile new file mode 100644 index 0000000..c5754f7 --- /dev/null +++ b/.github/taskdefinition_template/Pipfile @@ -0,0 +1,7 @@ +[[source]] +name = "pypi" +url = "https://pypi.org/simple" +verify_ssl = true + +[packages] +pyyaml = "6.0.1" \ No newline at end of file diff --git a/.github/taskdefinition_template/Pipfile.lock b/.github/taskdefinition_template/Pipfile.lock new file mode 100644 index 0000000..8f83fa2 --- /dev/null +++ b/.github/taskdefinition_template/Pipfile.lock @@ -0,0 +1,76 @@ +{ + "_meta": { + "hash": { + "sha256": "50b136775148391a355082540f8cf183843fd6305f19e0c822e1741ed4d6a6c8" + }, + "pipfile-spec": 6, + "requires": {}, + "sources": [ + { + "name": "pypi", + "url": "https://pypi.org/simple", + "verify_ssl": true + } + ] + }, + "default": { + "pyyaml": { + "hashes": [ + "sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5", + "sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc", + "sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df", + "sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741", + "sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206", + "sha256:18aeb1bf9a78867dc38b259769503436b7c72f7a1f1f4c93ff9a17de54319b27", + "sha256:1d4c7e777c441b20e32f52bd377e0c409713e8bb1386e1099c2415f26e479595", + "sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62", + "sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98", + "sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696", + "sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290", + "sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9", + "sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d", + "sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6", + "sha256:4fb147e7a67ef577a588a0e2c17b6db51dda102c71de36f8549b6816a96e1867", + "sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47", + "sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486", + "sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6", + "sha256:596106435fa6ad000c2991a98fa58eeb8656ef2325d7e158344fb33864ed87e3", + "sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007", + "sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938", + "sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0", + "sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c", + "sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735", + "sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d", + "sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28", + "sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4", + "sha256:9046c58c4395dff28dd494285c82ba00b546adfc7ef001486fbf0324bc174fba", + "sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8", + "sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5", + "sha256:afd7e57eddb1a54f0f1a974bc4391af8bcce0b444685d936840f125cf046d5bd", + "sha256:b1275ad35a5d18c62a7220633c913e1b42d44b46ee12554e5fd39c70a243d6a3", + "sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0", + "sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515", + "sha256:baa90d3f661d43131ca170712d903e6295d1f7a0f595074f151c0aed377c9b9c", + "sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c", + "sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924", + "sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34", + "sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43", + "sha256:c8098ddcc2a85b61647b2590f825f3db38891662cfc2fc776415143f599bb859", + "sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673", + "sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54", + "sha256:d858aa552c999bc8a8d57426ed01e40bef403cd8ccdd0fc5f6f04a00414cac2a", + "sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b", + "sha256:f003ed9ad21d6a4713f0a9b5a7a0a79e08dd0f221aff4525a2be4c346ee60aab", + "sha256:f22ac1c3cac4dbc50079e965eba2c1058622631e526bd9afd45fedd49ba781fa", + "sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c", + "sha256:fca0e3a251908a499833aa292323f32437106001d436eca0e6e7833256674585", + "sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d", + "sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f" + ], + "index": "pypi", + "markers": "python_version >= '3.6'", + "version": "==6.0.1" + } + }, + "develop": {} +} diff --git a/.github/taskdefinition_template/example_parameters.yaml b/.github/taskdefinition_template/example_parameters.yaml new file mode 100644 index 0000000..75d01e3 --- /dev/null +++ b/.github/taskdefinition_template/example_parameters.yaml @@ -0,0 +1,22 @@ +--- +region: eu-west-1 +account_number: "070528468658" +hostport: 3000 +containerport: 3000 +app_name: appname +role: backend +environment: staging +iac: aws-test-applications-eu-west-1-apps-appname +team_name: dev-experience +memory: 1024 +cpu: 512 +env_vars: + - name: START_BLOCK + value: "0" + - name: NODE_ENV + value: "staging" +secret_vars: + - KAFKA_CONNECTION_URL + - MONGO_URL + - RPC_WS_ENDPOINT_URL_LIST + - SENTRY_DSN diff --git a/.github/taskdefinition_template/taskdef_creator.py b/.github/taskdefinition_template/taskdef_creator.py new file mode 100644 index 0000000..2a17029 --- /dev/null +++ b/.github/taskdefinition_template/taskdef_creator.py @@ -0,0 +1,160 @@ +"""Generates taskefinition file for the github workflow to deploy +""" + +import argparse +import json +import os +import re +import yaml + + +class TaskdefCreator: + """Handles creation of taskdef file for ECS using template""" + + def __init__(self): + parser = argparse.ArgumentParser(description="Task definition creator") + parser.add_argument( + "parameters_file", + type=str, + help="Parameters yaml file with required values", + ) + parser.add_argument( + "taskdef_template", + type=str, + help="Template json file to be used", + default=".github/taskdefinition_template/taskdef_template.json", + ) + self.args = parser.parse_args() + self.template_data = "" + self.taskdef_final_file = "" + + def _read_yaml_file(self): + """Reads yaml file into dictionary from user input""" + with open(self.args.parameters_file, "r") as file_object: + try: + data = yaml.safe_load(file_object) + return data + except yaml.YAMLError as error: + print(f"Error reading YAML file {self.args.parameters_file}: {error}") + return None + + def _read_template_file(self): + """Reads template file for data substitution""" + try: + with open(self.args.taskdef_template, "r") as file: + self.template_data = file.read() + except FileNotFoundError: + print(f"Error: File '{self.args.taskdef_template}' not found.") + except IOError as error: + print(f"Error reading file '{self.args.taskdef_template}': {error}") + except Exception as error: + print(f"An unexpected error occurred: {error}") + + def _substitute_env_vars(self, data_read: list): + """Substitutes value in self.template_data based on env names and values + + Args: + data_read (list): [{name: value}...] of environment variables for app + """ + env_values = "" + env_template = """{ + "name": "name_sub", + "value": "value_sub" + }, + """ + for env_data in data_read: + name = env_data.get("name") + value = env_data.get("value") + env_values += env_template.replace("name_sub", name).replace( + "value_sub", value + ) + env_values = env_values.strip().rstrip(",") + self.template_data = self.template_data.replace("$env_vars", env_values) + + def _substitute_secret_vars(self, data_read: list): + """Substitutes value in self.template_data based on secret names + + Args: + data_read (list): [{name: value}...] of environment variables for app + """ + secret_str = "" + secret_template = """{ + "valueFrom": "arn:aws:ssm:$region:$account_number:parameter/$app_name/$secret_name", + "name": "$secret_name" + },""" + for secret in data_read: + secret_str += secret_template.replace("$secret_name", secret) + secret_str = secret_str.strip().rstrip(",") + self.template_data = self.template_data.replace("$secret_vars", secret_str) + + def _subtitute_data(self, user_data: dict, sub: str): + """Subtitutes data in self.template_data based on user specified data + + Args: + user_data (dict): Data read from user defined yaml file + sub (str): Element to be searched for and substituted + """ + data_read = str(user_data.get(sub, "")).strip() + self.template_data = self.template_data.replace(f"${sub}", data_read) + if sub == "app_name": + self.taskdef_final_file = data_read + + def _print_secrets_to_create(self, json_data_str: str): + """Prints secrets to be created for systems manager parameter store + + Args: + json_data_str (str): File data for taskdef file + """ + for line in json_data_str.split("\n"): + if "valueFrom" in line: + secret = ( + line.split('"valueFrom": "arn:aws:ssm:', 1)[1].strip().rstrip('",') + ) + + print(f"Update SSM for secret: {secret}") + + def create_taskdef_file(self): + """Create a taskdef file based on the app name""" + directory = os.path.dirname(self.args.taskdef_template) + file_path = os.sep.join([directory, self.taskdef_final_file]) + ".json" + self.template_data = self.template_data.replace("\n", "") + self.template_data = re.sub(r"\s+", " ", self.template_data) + json_data_dict = json.loads(self.template_data) + json_data_str = json.dumps(json_data_dict, indent=2) + self._print_secrets_to_create(json_data_str) + with open(file_path, "w") as file_object: + json.dump(json_data_dict, file_object, ensure_ascii=False, indent=2) + print(f"Create file {file_path}") + + def substitute_values(self): + """Substitutes values taskdef template to generate a new file + Expected strings in template to be replaced for values are: + region, account_number, hostport, containerport, app_name, + role, environment, iac, team_name, memory, cpu, env_vars, secret_vars + """ + self._read_template_file() + user_data = self._read_yaml_file() + expected_sub = [ + "region", + "account_number", + "hostport", + "containerport", + "app_name", + "role", + "environment", + "iac", + "team_name", + "memory", + "cpu", + ] + self._substitute_env_vars(user_data["env_vars"]) + self._substitute_secret_vars(user_data["secret_vars"]) + [user_data.pop(key) for key in ["env_vars", "secret_vars"] if key in user_data] + for sub in expected_sub: + self._subtitute_data(user_data, sub) + + +if __name__ == "__main__": + TASKDEF_CREATOR = TaskdefCreator() + TASKDEF_CREATOR.substitute_values() + TASKDEF_CREATOR.create_taskdef_file() diff --git a/.github/taskdefinition_template/taskdef_template.json b/.github/taskdefinition_template/taskdef_template.json new file mode 100644 index 0000000..d55c424 --- /dev/null +++ b/.github/taskdefinition_template/taskdef_template.json @@ -0,0 +1,147 @@ +{ + "requiresCompatibilities": [ + "FARGATE" + ], + "inferenceAccelerators": [], + "containerDefinitions": [ + { + "dnsSearchDomains": null, + "environmentFiles": [], + "logConfiguration": { + "logDriver": "awsfirelens", + "options": { + "Name": "datadog", + "Host": "http-intake.logs.datadoghq.com", + "dd_service": "$app_name", + "dd_source": "nodejs", + "TLS": "on", + "provider": "ecs" + }, + "secretOptions": [ + { + "name": "apiKey", + "valueFrom": "arn:aws:ssm:$region:$account_number:parameter/DATADOG_APIKEY" + } + ] + }, + "entryPoint": null, + "portMappings": [ + { + "hostPort": $hostport, + "protocol": "tcp", + "containerPort": $containerport + } + ], + "command": null, + "linuxParameters": null, + "cpu": 0, + "environment": [ + $env_vars + ], + "resourceRequirements": null, + "ulimits": null, + "dnsServers": null, + "mountPoints": null, + "workingDirectory": null, + "secrets": [ + $secret_vars + ], + "dockerSecurityOptions": null, + "memory": null, + "memoryReservation": null, + "volumesFrom": null, + "stopTimeout": null, + "image": "nginx:latest", + "startTimeout": null, + "firelensConfiguration": null, + "dependsOn": null, + "disableNetworking": null, + "interactive": null, + "healthCheck": null, + "essential": true, + "links": null, + "hostname": null, + "extraHosts": null, + "pseudoTerminal": null, + "user": null, + "readonlyRootFilesystem": null, + "dockerLabels": null, + "systemControls": null, + "privileged": null, + "name": "$app_name", + "repositoryCredentials": { + "credentialsParameter": "" + } + }, + { + "essential": true, + "image": "amazon/aws-for-fluent-bit:stable", + "name": "log_router", + "firelensConfiguration": { + "type": "fluentbit", + "options": { + "enable-ecs-log-metadata": "true" + } + }, + "environment": null, + "secrets": null, + "memoryReservation": 50, + "resourceRequirements": null, + "portMappings": [], + "environmentFiles": [], + "mountPoints": null, + "volumesFrom": null, + "hostname": null, + "user": null, + "workingDirectory": null, + "extraHosts": null, + "logConfiguration": null, + "ulimits": null, + "dockerLabels": null, + "dependsOn": null, + "repositoryCredentials": { + "credentialsParameter": "" + } + } + ], + "volumes": [], + "networkMode": "awsvpc", + "memory": "$memory", + "cpu": "$cpu", + "executionRoleArn": "arn:aws:iam::$account_number:role/$app_name-TaskRole", + "family": "$app_name-taskdefinition", + "taskRoleArn": "arn:aws:iam::$account_number:role/$app_name-TaskRole", + "runtimePlatform": { + "operatingSystemFamily": "LINUX" + }, + "tags": [ + { + "key": "Role", + "value": "$role" + }, + { + "key": "Environment", + "value": "$environment" + }, + { + "key": "Service", + "value": "$app_name.polygon.technology" + }, + { + "key": "Host", + "value": "AWS" + }, + { + "key": "IAC", + "value": "$iac" + }, + { + "key": "Team", + "value": "$team_name" + }, + { + "key": "Name", + "value": "$app_name-taskdefinition" + } + ] +} \ No newline at end of file diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml new file mode 100644 index 0000000..f2c75f5 --- /dev/null +++ b/.github/workflows/deployment.yml @@ -0,0 +1,45 @@ +name: Wallet Deployment +on: + push: + branches: + - dev + - staging + - main + paths: + - "assets/**" + - ".github/workflows/deployment.yml" + workflow_dispatch: + +jobs: + set-env-variable: + runs-on: ubuntu-latest + outputs: + ENVIRONMENT: ${{ steps.set-env-var.outputs.ENVIRONMENT }} + ACCOUNT_NUMBER: ${{ steps.set-env-var.outputs.ACCOUNT_NUMBER }} + steps: + - name: Set Environment Variable + id: set-env-var + run: | + if [ "${{ github.ref }}" == "refs/heads/dev" ]; then + echo "::set-output name=ENVIRONMENT::dev" + echo "::set-output name=ACCOUNT_NUMBER::058264511034" + elif [ "${{ github.ref }}" == "refs/heads/staging" ]; then + echo "::set-output name=ENVIRONMENT::staging" + echo "::set-output name=ACCOUNT_NUMBER::070528468658" + elif [ "${{ github.ref }}" == "refs/heads/main" ]; then + echo "::set-output name=ENVIRONMENT::prod" + echo "::set-output name=ACCOUNT_NUMBER::042947190491" + fi + + deploy: + uses: 0xPolygon/pipelines/.github/workflows/ecs_deploy_docker_taskdef.yaml@main + needs: set-env-variable + with: + app_name: wallet-asset-${{ needs.set-env-variable.outputs.ENVIRONMENT }} + taskdef_file_vars: .github/taskdef/${{ needs.set-env-variable.outputs.ENVIRONMENT }}-taskdef.yaml + account_number: "${{ needs.set-env-variable.outputs.ACCOUNT_NUMBER }}" + aws_region: eu-west-1 + environment: ${{ needs.set-env-variable.outputs.ENVIRONMENT }} + docker_file: .github/Dockerfile + cluster_name: wallet-asset-${{ needs.set-env-variable.outputs.ENVIRONMENT }}-ecs-cluster + secrets: inherit