Fix/deployment workflows (#72)

Update deployment workflows --------- Signed-off-by: Roy Scheeren <[email protected]>
StakeNow · Aug 1, 2024 · debc11b · debc11b
1 parent 523bf5f
commit debc11b
Show file tree

Hide file tree

Showing 9 changed files with 141 additions and 63 deletions.
diff --git a/.github/workflows/deploy-demo.yml b/.github/workflows/deploy-demo.yml
@@ -8,6 +8,7 @@ on:
 jobs:
   format-and-test:
     runs-on: ubuntu-latest
+    environment: Production
     permissions:
       contents: 'read'
       actions: 'read'
@@ -26,12 +27,13 @@ jobs:
       - run: npm ci
 
       - run: npx nx format:check --exclude=acq,core,discord,discord-bot-ui,discord-bot-ui-e2e,react,sdk,docs.siwt.xyz,siwt.xyz-e2e,smart-contracts
-      - run: npx nx run-many --target=test --parallel=3 --exclude=acq,core,discord,discord-bot-ui,discord-bot-ui-e2e,react,sdk,docs.siwt.xyz,siwt.xyz-e2e,smart-contracts --skip-nx-cache
-      - run: npx nx run-many --target=build --parallel=3 --exclude=acq,core,discord,discord-bot-ui,discord-bot-ui-e2e,react,sdk,docs.siwt.xyz,siwt.xyz-e2e,smart-contracts --skip-nx-cache
+      - run: npx nx test siwt.xyz --skip-nx-cache
+      - run: npx nx build siwt.xyz --skip-nx-cache
 
   deploy:
     runs-on: ubuntu-latest
     needs: format-and-test
+    environment: Production
     permissions:
       contents: 'read'
       actions: 'read'
@@ -55,24 +57,32 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
           aws-region: 'eu-central-1'
-      - run: npx nx build siwt.xyz --skip-nx-cache
-      - run: npx nx build-server siwt.xyz --skip-nx-cache
 
       - name: Setup production env file
-        if: github.ref == 'refs/heads/develop'
         env:
-          CERTIFICATE_ARN: ${{ secrets.SIWT_XYZ_SSL_CERTIFICATE_ARN }}
           ENV: production
+          CERTIFICATE_ARN: ${{ secrets.SIWT_XYZ_SSL_CERTIFICATE_ARN }}
           CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.SIWT_XYZ_DISTRIBUTION_ID }}
+          NEXT_PUBLIC_DAPP_URL: ${{ vars.NEXT_PUBLIC_DAPP_URL }}
+          NEXT_PUBLIC_NEXT_AUTH_CLIENT_ID: ${{ vars.NEXT_PUBLIC_NEXT_AUTH_CLIENT_ID }}
+          NEXT_AUTH_CLIENT_SECRET: ${{ secrets.NEXT_AUTH_CLIENT_SECRET }}
+          NEXT_AUTH_OIDC_PUBLIC_URL: ${{ vars.NEXT_AUTH_OIDC_PUBLIC_URL }}
+          NEXTAUTH_URL: ${{ vars.NEXTAUTH_URL }}
+          NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }}
         run: |
           touch .env
           echo SSL_CERTIFICATE_ARN=$CERTIFICATE_ARN >> .env
+          echo NEXT_PUBLIC_DAPP_URL=$NEXT_PUBLIC_DAPP_URL >> .env
+          echo NEXT_PUBLIC_NEXT_AUTH_CLIENT_ID=$NEXT_PUBLIC_NEXT_AUTH_CLIENT_ID >> .env
+          echo NEXT_AUTH_CLIENT_SECRET=$NEXT_AUTH_CLIENT_SECRET >> .env
+          echo NEXT_AUTH_OIDC_PUBLIC_URL=$NEXT_AUTH_OIDC_PUBLIC_URL >> .env
+          echo NEXTAUTH_URL=$NEXTAUTH_URL >> .env
+          echo NEXTAUTH_SECRET=$NEXTAUTH_SECRET >> .env
           echo ENV=$ENV >> .env
           cat .env
       - name: Deploy
         run: npx nx deploy siwt.xyz --production --skip-nx-cache
       - name: Invalidate Distribution
-        if: github.ref == 'refs/heads/develop'
         env:
           CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.SIWT_XYZ_DISTRIBUTION_ID }}
         run: aws cloudfront create-invalidation --distribution-id=$CLOUDFRONT_DISTRIBUTION_ID --paths '/*'
diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml
@@ -13,6 +13,7 @@ env:
 jobs:
   format-and-test:
     runs-on: ubuntu-latest
+    environment: Production
     permissions:
       contents: 'read'
       actions: 'read'
@@ -32,13 +33,13 @@ jobs:
       - name: Install docusaurus dependencies specifically
         run: npm install --prefix ./packages/docs.siwt.xyz
 
-      - run: npx nx format:check --exclude=acq,core,discord,discord-bot-ui,discord-bot-ui-e2e,react,sdk,siwt.xyz,siwt.xyz-e2e,smart-contracts
-      - run: npx nx run-many --target=test --parallel=3 --exclude=acq,core,discord,discord-bot-ui,discord-bot-ui-e2e,react,sdk,siwt.xyz,siwt.xyz-e2e,smart-contracts --skip-nx-cache
-      - run: npx nx run-many --target=build --parallel=3 --exclude=acq,core,discord,discord-bot-ui,discord-bot-ui-e2e,react,sdk,siwt.xyz,siwt.xyz-e2e,smart-contracts --skip-nx-cache
+      - run: npx nx format:check --exclude=acq,core,discord,discord-bot-ui,discord-bot-ui-e2e,react,sdk,siwt.xyz,siwt.xyz-e2e,smart-contracts,oidc-client,oidc-bridge,ory-hydra
+      - run: npx nx build docs.siwt.xyz --skip-nx-cache
 
   deploy:
     runs-on: ubuntu-latest
     needs: format-and-test
+    environment: Production
     permissions:
       contents: 'read'
       actions: 'read'
@@ -64,12 +65,13 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
           aws-region: 'eu-central-1'
-      - run: npx nx run docs.siwt.xyz --skip-nx-cache
       - run: |
           touch .env
           echo SSL_CERTIFICATE_ARN=$CERTIFICATE_ARN >> .env
           echo ENV=$ENV >> .env
           cat .env
+      - name: Build
+        run: npx nx build docs.siwt.xyz --skip-nx-cache
       - name: Deploy
         run: npx nx deploy docs.siwt.xyz --production --skip-nx-cache
       - name: Invalidate Distribution

diff --git a/packages/docs.siwt.xyz/cdk.json b/packages/docs.siwt.xyz/cdk.json
@@ -0,0 +1,32 @@
+{
+  "app": "npx ts-node cdk/bin/cdk.ts",
+  "output": "../../dist/packages/docs.siwt.xyz/cdk",
+  "requireApproval": "never",
+  "watch": {
+    "include": ["**"],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
+    "@aws-cdk/core:stackRelativeExports": true,
+    "@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
+    "@aws-cdk/aws-lambda:recognizeVersionProps": true,
+    "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true,
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:target-partitions": ["aws", "aws-cn"],
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false
+  }
+}
diff --git a/packages/docs.siwt.xyz/cdk/bin/cdk.ts b/packages/docs.siwt.xyz/cdk/bin/cdk.ts
@@ -0,0 +1,12 @@
+import { App } from 'aws-cdk-lib'
+
+import { AppStack } from '../lib/stack'
+
+const environment = process.env.ENV || 'staging'
+
+const app = new App()
+new AppStack(app, `docs-siwt-xyz-${environment}`, {
+  env: {
+    region: 'eu-central-1',
+  },
+})
diff --git a/packages/docs.siwt.xyz/cdk/lib/stack.ts b/packages/docs.siwt.xyz/cdk/lib/stack.ts
@@ -0,0 +1,64 @@
+import {
+  aws_certificatemanager as ACM,
+  App,
+  aws_cloudfront as Cloudfront,
+  aws_cloudfront_origins as CloudfrontOrigins,
+  Duration,
+  RemovalPolicy,
+  aws_s3 as S3,
+  aws_s3_deployment as S3Deployment,
+  Stack,
+  StackProps,
+} from 'aws-cdk-lib'
+
+const environment = process.env.ENV || 'staging'
+
+export class AppStack extends Stack {
+  constructor(scope: App, id: string, props?: StackProps) {
+    super(scope, id, props)
+
+    const bucket = new S3.Bucket(this, `docs-siwt-xyz-ui-bucket-${environment}`, {
+      blockPublicAccess: S3.BlockPublicAccess.BLOCK_ALL,
+      removalPolicy: RemovalPolicy.DESTROY,
+    })
+
+    new S3Deployment.BucketDeployment(this, `docs-siwt-xyz-ui-bucket-deployment-${environment}`, {
+      sources: [S3Deployment.Source.asset('../../dist/packages/docs.siwt.xyz', { exclude: ['cdk/**/*'] })],
+      destinationBucket: bucket,
+    })
+
+    const originAccessIdentity = new Cloudfront.OriginAccessIdentity(this, `docs-siwt-xyz-ui-oai-${environment}`)
+    bucket.grantRead(originAccessIdentity)
+
+    const certificate = ACM.Certificate.fromCertificateArn(
+      this,
+      `siwt-xyz-certificate-${environment}`,
+      process.env.SSL_CERTIFICATE_ARN || '',
+    )
+
+    let distributionConfig: Cloudfront.DistributionProps = {
+      defaultRootObject: 'index.html',
+      defaultBehavior: {
+        origin: new CloudfrontOrigins.S3Origin(bucket, {
+          originAccessIdentity: originAccessIdentity,
+        }),
+        compress: true,
+        allowedMethods: Cloudfront.AllowedMethods.ALLOW_GET_HEAD_OPTIONS,
+        viewerProtocolPolicy: Cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+        cachePolicy: Cloudfront.CachePolicy.CACHING_OPTIMIZED,
+        edgeLambdas: [],
+      },
+      errorResponses: [
+        {
+          httpStatus: 404,
+          responsePagePath: '/404.html',
+          ttl: Duration.seconds(10),
+        },
+      ],
+      domainNames: ['docs.siwt.xyz'],
+      certificate,
+    }
+
+    new Cloudfront.Distribution(this, `siwt-xyz-ui-distribution-${environment}`, distributionConfig)
+  }
+}
diff --git a/packages/docs.siwt.xyz/side.ts b/packages/docs.siwt.xyz/side.ts
diff --git a/packages/docs.siwt.xyz/tsconfig.json b/packages/docs.siwt.xyz/tsconfig.json
@@ -2,6 +2,14 @@
   // This file is not used in compilation. It is here just for a nice editor experience.
   "extends": "@docusaurus/tsconfig",
   "compilerOptions": {
-    "baseUrl": "."
+    "baseUrl": ".",
+    "target": "ESNext"
+  },
+  "ts-node": {
+    // these options are overrides used only by ts-node
+    // same as the --compilerOptions flag and the TS_NODE_COMPILER_OPTIONS environment variable
+    "compilerOptions": {
+      "module": "commonjs"
+    }
   }
 }
diff --git a/packages/siwt.xyz/project.json b/packages/siwt.xyz/project.json
@@ -4,26 +4,6 @@
   "sourceRoot": "packages/siwt.xyz",
   "projectType": "application",
   "targets": {
-    "build-server": {
-      "executor": "@nx/webpack:webpack",
-      "outputs": ["{options.outputPath}"],
-      "defaultConfiguration": "production",
-      "options": {
-        "root": "packages/siwt.xyz",
-        "outputPath": "dist/packages/siwt.xyz/server",
-        "tsConfig": "./packages/siwt.xyz/tsconfig.json",
-        "main": "./packages/siwt.xyz/server/index.ts",
-        "outputFileName": "index.js",
-        "target": "node",
-        "webpackConfig": "./packages/siwt.xyz/webpack.server.config.js"
-      },
-      "configurations": {
-        "development": {
-          "outputPath": "packages/siwt.xyz"
-        },
-        "production": {}
-      }
-    },
     "serve": {
       "executor": "@nx/next:server",
       "defaultConfiguration": "development",

diff --git a/packages/siwt.xyz/stacks/siwt.xyz.ts b/packages/siwt.xyz/stacks/siwt.xyz.ts
@@ -2,6 +2,7 @@ import { RetentionDays } from 'aws-cdk-lib/aws-logs'
 import { NextjsSite, StackContext } from 'sst/constructs'
 
 export default function siwtxyz({ stack }: StackContext) {
+  console.log('SEC:', process.env.NEXTAUTH_SECRET)
   // Create the Next.js site
   const site = new NextjsSite(stack, 'siwt-xyz', {
     path: './',