feat: set environment

Signed-off-by: Roy Scheeren <[email protected]>
StakeNow · Aug 1, 2024 · 2cfb3db · 2cfb3db
1 parent 2f672ce
commit 2cfb3db
Show file tree

Hide file tree

Showing 5 changed files with 119 additions and 1 deletion.
diff --git a/.github/workflows/deploy-demo.yml b/.github/workflows/deploy-demo.yml
@@ -9,6 +9,7 @@ on:
 jobs:
   format-and-test:
     runs-on: ubuntu-latest
+    environment: Production
     permissions:
       contents: 'read'
       actions: 'read'
@@ -33,6 +34,7 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     needs: format-and-test
+    environment: Production
     permissions:
       contents: 'read'
       actions: 'read'
@@ -60,9 +62,15 @@ jobs:
       - name: Setup production env file
         if: github.ref == 'refs/heads/develop'
         env:
-          CERTIFICATE_ARN: ${{ secrets.SIWT_XYZ_SSL_CERTIFICATE_ARN }}
           ENV: production
+          CERTIFICATE_ARN: ${{ secrets.SIWT_XYZ_SSL_CERTIFICATE_ARN }}
           CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.SIWT_XYZ_DISTRIBUTION_ID }}
+          NEXT_PUBLIC_DAPP_URL: ${{ vars.SIWT_XYZ_DAPP_URL }}
+          NEXT_PUBLIC_NEXT_AUTH_CLIENT_ID: ${{ vars.NEXT_PUBLIC_NEXT_AUTH_CLIENT_ID }}
+          NEXT_AUTH_CLIENT_SECRET: ${{ secrets.NEXT_AUTH_CLIENT_SECRET }}
+          NEXT_AUTH_OIDC_PUBLIC_URL: ${{ vars.NEXT_AUTH_OIDC_PUBLIC_URL }}
+          NEXTAUTH_URL: ${{ vars.NEXTAUTH_URL }}
+          NEXTAUTH_SECRET: ${{ secrets.KuS08kEIMZ68PSo3 }}
         run: |
           touch .env
           echo SSL_CERTIFICATE_ARN=$CERTIFICATE_ARN >> .env

diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml
@@ -14,6 +14,7 @@ env:
 jobs:
   format-and-test:
     runs-on: ubuntu-latest
+    environment: Production
     permissions:
       contents: 'read'
       actions: 'read'
@@ -39,6 +40,7 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     needs: format-and-test
+    environment: Production
     permissions:
       contents: 'read'
       actions: 'read'

diff --git a/packages/docs.siwt.xyz/cdk.json b/packages/docs.siwt.xyz/cdk.json
@@ -0,0 +1,32 @@
+{
+  "app": "npx ts-node cdk/bin/cdk.ts",
+  "output": "../../dist/packages/docs.siwt.xyz/cdk",
+  "requireApproval": "never",
+  "watch": {
+    "include": ["**"],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
+    "@aws-cdk/core:stackRelativeExports": true,
+    "@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
+    "@aws-cdk/aws-lambda:recognizeVersionProps": true,
+    "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true,
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:target-partitions": ["aws", "aws-cn"],
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false
+  }
+}
diff --git a/packages/docs.siwt.xyz/cdk/bin/cdk.ts b/packages/docs.siwt.xyz/cdk/bin/cdk.ts
@@ -0,0 +1,12 @@
+import { App } from 'aws-cdk-lib'
+
+import { AppStack } from '../lib/stack'
+
+const environment = process.env.ENV || 'staging'
+
+const app = new App()
+new AppStack(app, `docs-siwt-xyz-${environment}`, {
+  env: {
+    region: 'eu-central-1',
+  },
+})
diff --git a/packages/docs.siwt.xyz/cdk/lib/stack.ts b/packages/docs.siwt.xyz/cdk/lib/stack.ts
@@ -0,0 +1,64 @@
+import {
+  aws_certificatemanager as ACM,
+  App,
+  aws_cloudfront as Cloudfront,
+  aws_cloudfront_origins as CloudfrontOrigins,
+  Duration,
+  RemovalPolicy,
+  aws_s3 as S3,
+  aws_s3_deployment as S3Deployment,
+  Stack,
+  StackProps,
+} from 'aws-cdk-lib'
+
+const environment = process.env.ENV || 'staging'
+
+export class AppStack extends Stack {
+  constructor(scope: App, id: string, props?: StackProps) {
+    super(scope, id, props)
+
+    const bucket = new S3.Bucket(this, `docs-siwt-xyz-ui-bucket-${environment}`, {
+      blockPublicAccess: S3.BlockPublicAccess.BLOCK_ALL,
+      removalPolicy: RemovalPolicy.DESTROY,
+    })
+
+    new S3Deployment.BucketDeployment(this, `docs-siwt-xyz-ui-bucket-deployment-${environment}`, {
+      sources: [S3Deployment.Source.asset('../../dist/packages/docs.siwt.xyz', { exclude: ['cdk/**/*'] })],
+      destinationBucket: bucket,
+    })
+
+    const originAccessIdentity = new Cloudfront.OriginAccessIdentity(this, `docs-siwt-xyz-ui-oai-${environment}`)
+    bucket.grantRead(originAccessIdentity)
+
+    const certificate = ACM.Certificate.fromCertificateArn(
+      this,
+      `siwt-xyz-certificate-${environment}`,
+      process.env.SSL_CERTIFICATE_ARN || '',
+    )
+
+    let distributionConfig: Cloudfront.DistributionProps = {
+      defaultRootObject: 'index.html',
+      defaultBehavior: {
+        origin: new CloudfrontOrigins.S3Origin(bucket, {
+          originAccessIdentity: originAccessIdentity,
+        }),
+        compress: true,
+        allowedMethods: Cloudfront.AllowedMethods.ALLOW_GET_HEAD_OPTIONS,
+        viewerProtocolPolicy: Cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+        cachePolicy: Cloudfront.CachePolicy.CACHING_OPTIMIZED,
+        edgeLambdas: [],
+      },
+      errorResponses: [
+        {
+          httpStatus: 404,
+          responsePagePath: '/404.html',
+          ttl: Duration.seconds(10),
+        },
+      ],
+      domainNames: ['docs.siwt.xyz'],
+      certificate,
+    }
+
+    new Cloudfront.Distribution(this, `siwt-xyz-ui-distribution-${environment}`, distributionConfig)
+  }
+}