feature: deployment to aws and profile switcher

.ebextensions/authorized_keys.config

@@ -0,0 +1,17 @@
+files:
+  /home/ec2-user/.ssh/extra_authorized_keys:
+    mode: "000400"
+    owner: ec2-user
+    group: ec2-user
+    content: |
+      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH1+VZgAMiuz7Z31FMbemWLowmG7qgsDCLfh5zp3iWLY wemap-devops
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsxx31EqpdWNmwqZCj9CCGy2vaKwFAHjpG2CYnK5o8Jsjxq3XQq8z2UEUQ/2uRDJmKwcGpx7L3jo8Mg8Az8c4MM3kpOR6y5qgrMGCOXVdhtOPFZ41QFVSR59wKVt6Y22SBUXddQBeClc4nANfzs9Cq9wFfI91ksyk78tUtcg7o2r23fkyKDzGPl9AF7r7HDmZ6Y3MMzAexoAFGiME6R7SJO4qo0z/1/mRc5Mex806tr8fF3fAM9U/7+v+JOb5ekAn3osiXMXBmV/AaUVWUltWyOpUtSrMU+ccdxHBlNYC6uRsRACVuhQyrVD2aBD85NA6PIXT67P+jyiKczfliSfD9jjZlseBbZgA2eNp6mJTnOIuYzhuI73P7Ne6sUJr5lghdAokrItHspvtbjCwX67tqvpEUY4PBWsDaW7ZGeICOLMTStBTliy7mc9WbxFFUe1KDDryog0i4sikJz1VZ2/bOywUwIgpHM3ZiiJ4vB3eJSINo1crDbfMTLimbBroaehFwSikeg2Nm70yo/u2wWCfGElB/cpzhAM1+e72iO1NP8O+vM/blF7bNFWMA0etEOUputMB+I0lOxYLZ4460rVV23f/2/XDvVkYsLCOfU/8quYvyKsChmcmIdbAupdfHcCgSAODWPWE+foO522kLrn4dWbLgy1QJUrDIoTQ4NAEtnQ== [email protected]
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnFyXbf6LhJYJia27suj2p52ueZTgPfMSaWiRNNfN5mnLJK1L1gvkIBQDzWyv5aHZd1YbmBopN9G+RZiEOEhghDJRzzENGsTYXiLJIOjd9P9enXf3XdvEvhcScJcnCr5+j/tKVY4awTD/G2LRD0FHUEYz7mI2pCaklmOYz5snjV9N86P1Z7NhgmA36bpTN5DppbfN9Zs/UAW0gVa76mzzt7uUQi7MY5appC9JhQV9WEbjf9U4eteglTPwH70lhm9v3o5K+/uj1p6h/2yl3ZNk5bBKq+91J8mggmE5h2vSOElQB78ISgtviGhohJbLKLoRTLzev52+rj1NzP0gAzxKQ8iUt1IAekfSrRSASBLxqT0eRIwUDjYPxXWm5Ddm03UUQmnKo6hLHsyqHRIKwfOEKfv6uPkH9J0hqBKaIsXBNpQOb/3ynOAFRPhpX8tXfJxM2ioJgB8JWTs5UEoELmCAMA8c3PAcg1WODaOctY1H/FMJvWJEHQ6Cc4e2bLYc3HqM=  adrian@getwemap
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClrda9Jv2vqqg2OCk7zLYX/pYZtPEISP53b6fthjUanE4q4uEEGU029ySqfQReqlEjcbiS+N9Gn42utNUU1cS0CCpxJYGxCielfCtsoI/5jjGwwA5oPcPyFeeM5ioCHfWUIrM1ZFc7XKrhKLpxvfFmSt8q7tHvLx7Nlf+ZG6rne0H+k477BIwD2lubjwYkLeomrj6MvYB5i9PxNSgALL+KiP5eScewK6Vxwrf0zuRsqHo5nIFu/kf+mebOXKW5rP28RNSVMqJtOGohgURkhr4QP7pb26qm9gmqHj3l5ddZem2vfGTHVtAIDXxKgaXvP20l+NIhOAuWUDdclBcTIX13 [email protected]
+commands:
+  01_append_keys:
+    cwd: /home/ec2-user/.ssh/
+    command: sort -u extra_authorized_keys authorized_keys -o authorized_keys
+  99_rm_extra_keys:
+    cwd: /home/ec2-user/.ssh/
+    command: rm extra_authorized_keys

.elasticbeanstalk/config.yml

@@ -0,0 +1,5 @@
+deploy:
+  artifact: wemap-osrm-frontend-artifact.zip
+global:
+  application_name: wemap-osrm-frontend
+  default_region: eu-west-1

.github/workflows/ci_cd.yml

@@ -0,0 +1,104 @@
+name: CI/CD
+
+on: [push]
+
+##################################
+#  Global environment variables  #
+##################################
+env:
+  AWS_OWNER_ACCOUNT_ID: ${{ secrets.AWS_OWNER_ACCOUNT_ID }}
+  SLACK_HOOK_URL: ${{ secrets.SLACK_HOOK_URL }}
+  CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+  EB_APP_NAME: wemap-osrm-frontend
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+
+  deploy:
+    if: |
+      startsWith(github.ref_name, 'dev-') ||
+      startsWith(github.ref_name, 'prod-')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::${{secrets.AWS_OWNER_ACCOUNT_ID}}:role/wemap-osrm-frontend
+          role-session-name: wemap-osrm-frontend
+          aws-region: eu-west-1
+
+      - name: Install eb cli
+        run: |
+          pip install awsebcli --upgrade
+          echo "PATH=$PATH:/.local/bin" >> $GITHUB_ENV
+
+      - name: Setup Terragrunt
+        uses: autero1/[email protected]
+        with:
+          terragrunt_version: 0.45.15
+
+      - name: Update infra
+        env:
+          CLOUDFLARE_DEV_ZONE_ID: ${{ secrets.CLOUDFLARE_DEV_ZONE_ID }}
+          CLOUDFLARE_PROD_ZONE_ID: ${{ secrets.CLOUDFLARE_PROD_ZONE_ID }}
+          ENVIRONMENT: ${{ github.ref_name }}
+        run: |
+          mkdir -p ~/.ssh; chmod go-rwx ~/.ssh
+          ssh-keyscan github.com >> ~/.ssh/known_hosts
+          eval `ssh-agent -s`
+          ssh-add - <<< '${{ secrets.SSH_KEY_GITHUB_ACTIONS }}'
+          cd infra/terraform
+          ./manage_infra.sh --deploy
+
+      - name: Deploy to app to eb environment
+        env: 
+          ENVIRONMENT: ${{ github.ref_name }}
+        run: |
+          zip -r $EB_APP_NAME-artifact.zip . --symlinks --exclude ".github/*" ".vscode/*" "act/*" "infra/*" ".git/*" "settings/*"
+          eb deploy $EB_APP_NAME-$ENVIRONMENT --nohang
+
+  notify:
+    needs: 
+      - deploy
+    if: |
+      always() && 
+      (needs.deploy.result == 'success' || needs.deploy.result == 'failure')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Define branch and notification msg
+        if: always()
+        env:
+          WORKFLOW_STATUS: ${{ job.status }} ${{ needs.deploy.result }}
+        run: |   
+          if [[ "${{ github.ref_name }}" == *"prod"* ]]; then
+              echo "CHANNEL_TAG=<!channel>" >> $GITHUB_ENV
+              echo "SLACK_MSG="$(echo ${{ github.ref_name }} | cut -d "-" -f2-) profile has been deployed to PRODUCTION :rocket:"" >> $GITHUB_ENV
+          elif [[ ${{ github.ref_name }} == *"dev"* ]]; then
+              echo "ENVIRONMENT=DEVELOP" >> $GITHUB_ENV
+              echo "SLACK_MSG="$(echo ${{ github.ref_name }} | cut -d "-" -f2-) profile has been deployed to DEVELOP :rocket:"" >> $GITHUB_ENV
+          fi
+          echo "WORKFLOW_STATUS=success" >> $GITHUB_ENV
+          if ${{ contains(env.WORKFLOW_STATUS, 'failure') }}; then 
+            echo "WORKFLOW_STATUS=failure" >> $GITHUB_ENV
+            echo "SLACK_MSG= unable to deployed profile ${{ github.ref_name }} :x:" >> $GITHUB_ENV
+          fi
+
+      - name: Slack Notification
+        if: always()
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_CHANNEL: deployments
+          SLACK_COLOR: ${{ env.WORKFLOW_STATUS }}
+          SLACK_ICON: https://s3-us-west-2.amazonaws.com/slack-files2/avatars/2022-10-11/4204602550962_14433d2bdcb7fb385ad2_72.png
+          SLACL_LINK_NAMES: true
+          SLACK_MESSAGE: "${{ env.CHANNEL_TAG }} ${{ github.event.head_commit.message }}"
+          SLACK_TITLE: ${{ env.EB_APP_NAME }} pipeline ${{ env.WORKFLOW_STATUS }} ! ${{ env.SLACK_MSG }}
+          SLACK_FOOTER: "Wemap notification system :love-wemap:"
+          SLACK_USERNAME: Wemap-sentinel
+          SLACK_WEBHOOK: ${{ secrets.SLACK_HOOK_URL }}

.gitignore

@@ -2,3 +2,7 @@ node_modules/
 *.swp
 bundle*raw*
 bundle*map
+**/.env
+settings/local/**
+**/.github-actions.conf
+**/event_payload.json

README.md

@@ -60,9 +60,39 @@ In `src/leaflet_options.js` adjust:
 
 ```
 services: [{
-  label: 'Car (fastest)',
-  path: 'http://localhost:5000/route/v1'
-}],
+    label: 'Car',
+    path: 'https://routing-osrm-car.getwemap.com/route/v1',
+    debug: 'car',
+  },
+  {
+    label: 'Bike (fastest)',
+    path: 'https://routing-osrm-bicycle-fastest.getwemap.com/route/v1',
+    debug: 'bike-fastest',
+  },
+  {
+    label: 'Bike (safest)',
+    path: 'https://routing-osrm-bicycle-safest.getwemap.com/route/v1',
+    debug: 'bike-safest',
+  },
+  {
+    label: 'Foot',
+    path: 'https://routing-osrm-foot.getwemap.com/route/v1',
+    debug: 'foot',
+  },
+  {
+    label: 'Pmr',
+    path: 'https://routing-osrm-pmr.getwemap.com/route/v1',
+    debug: 'pmr',
+  }],
+```
+
+After adjusting services, add translations to `i18n/en.js` 
+```
+'Bike (fastest)': 'Bike (fastest)',
+'Bike (safest)': 'Bike (safest)',
+'Car': 'Car',
+'Foot': 'Foot',
+'Pmr': 'Pmr',
 ```
 
 For debug tiles showing speeds and small components available at `/debug` adjust in `debug/index.html`
@@ -73,3 +103,14 @@ For debug tiles showing speeds and small components available at `/debug` adjust
   "tiles" : ["http://localhost:5000/tile/v1/car/tile({x},{y},{z}).mvt"]
 }
 ```
+
+## Testing and Deployment
+
+To build a new docker image version, execute the build script from the root directory.
+
+```
+./docker/hooks/build MY_TAG_OR_LAST_SHORT_GIT_HASH
+```
+
+Deployment is done with github actions. The docker image is build on the fly at the same times as the deployment.
+Make your changes on prod-frontend branch then push to remote.

act/.env.dist

@@ -0,0 +1,3 @@
+AWS_DEFAULT_REGION=""
+AWS_ACCESS_KEY_ID=""
+AWS_SECRET_ACCESS_KEY=""

act/.github/workflows/ci_cd.yml

@@ -0,0 +1,104 @@
+name: CI/CD
+
+on: [push]
+
+##################################
+#  Global environment variables  #
+##################################
+env:
+  AWS_OWNER_ACCOUNT_ID: ${{ secrets.AWS_OWNER_ACCOUNT_ID }}
+  SLACK_HOOK_URL: ${{ secrets.SLACK_HOOK_URL }}
+  CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+  EB_APP_NAME: wemap-osrm-frontend
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+
+  deploy:
+    if: |
+      startsWith(github.ref_name, 'dev-') ||
+      startsWith(github.ref_name, 'prod-')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      # - name: Configure AWS Credentials
+      #   uses: aws-actions/configure-aws-credentials@v2
+      #   with:
+      #     role-to-assume: arn:aws:iam::${{secrets.AWS_OWNER_ACCOUNT_ID}}:role/wemap-osrm-backend
+      #     role-session-name: wemap-osrm-backend
+      #     aws-region: eu-west-1
+
+      - name: Install eb cli
+        run: |
+          pip install awsebcli --upgrade
+          echo "PATH=$PATH:/.local/bin" >> $GITHUB_ENV
+
+      - name: Setup Terragrunt
+        uses: autero1/[email protected]
+        with:
+          terragrunt_version: 0.45.15
+
+      - name: Update infra
+        env:
+          CLOUDFLARE_DEV_ZONE_ID: ${{ secrets.CLOUDFLARE_DEV_ZONE_ID }}
+          CLOUDFLARE_PROD_ZONE_ID: ${{ secrets.CLOUDFLARE_PROD_ZONE_ID }}
+          ENVIRONMENT: ${{ github.ref_name }}
+        run: |
+          mkdir -p ~/.ssh; chmod go-rwx ~/.ssh
+          ssh-keyscan github.com >> ~/.ssh/known_hosts
+          eval `ssh-agent -s`
+          ssh-add - <<< '${{ secrets.SSH_KEY_GITHUB_ACTIONS }}'
+          cd infra/terraform
+          ./manage_infra.sh --deploy
+
+      - name: Deploy to app to eb environment
+        env: 
+          ENVIRONMENT: ${{ github.ref_name }}
+        run: |
+          zip -r $EB_APP_NAME-artifact.zip . --symlinks --exclude ".github/*" ".vscode/*" "act/*" "infra/*" ".git/*" "settings/*"
+          eb deploy $EB_APP_NAME-$ENVIRONMENT --nohang
+
+  notify:
+    needs: 
+      - deploy
+    if: |
+      always() && 
+      (needs.deploy.result == 'success' || needs.deploy.result == 'failure')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Define branch and notification msg
+        if: always()
+        env:
+          WORKFLOW_STATUS: ${{ job.status }} ${{ needs.deploy.result }}
+        run: |   
+          if [[ "${{ github.ref_name }}" == *"prod"* ]]; then
+              echo "CHANNEL_TAG=<!channel>" >> $GITHUB_ENV
+              echo "SLACK_MSG="$(echo ${{ github.ref_name }} | cut -d "-" -f2-) profile has been deployed to PRODUCTION :rocket:"" >> $GITHUB_ENV
+          elif [[ ${{ github.ref_name }} == *"dev"* ]]; then
+              echo "ENVIRONMENT=DEVELOP" >> $GITHUB_ENV
+              echo "SLACK_MSG="$(echo ${{ github.ref_name }} | cut -d "-" -f2-) profile has been deployed to DEVELOP :rocket:"" >> $GITHUB_ENV
+          fi
+          echo "WORKFLOW_STATUS=success" >> $GITHUB_ENV
+          if ${{ contains(env.WORKFLOW_STATUS, 'failure') }}; then 
+            echo "WORKFLOW_STATUS=failure" >> $GITHUB_ENV
+            echo "SLACK_MSG= unable to deployed profile ${{ github.ref_name }} :x:" >> $GITHUB_ENV
+          fi
+
+      - name: Slack Notification
+        if: always()
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_CHANNEL: deployments-testing
+          SLACK_COLOR: ${{ env.WORKFLOW_STATUS }}
+          SLACK_ICON: https://s3-us-west-2.amazonaws.com/slack-files2/avatars/2022-10-11/4204602550962_14433d2bdcb7fb385ad2_72.png
+          SLACL_LINK_NAMES: true
+          SLACK_MESSAGE: "${{ env.CHANNEL_TAG }} ${{ github.event.head_commit.message }}"
+          SLACK_TITLE: ${{ env.EB_APP_NAME }} pipeline ${{ env.WORKFLOW_STATUS }} ! ${{ env.SLACK_MSG }}
+          SLACK_FOOTER: "Wemap notification system :love-wemap:"
+          SLACK_USERNAME: Wemap-sentinel
+          SLACK_WEBHOOK: ${{ secrets.SLACK_HOOK_URL }}

act/run_pipeline.sh

@@ -0,0 +1,33 @@
+BRANCH="$1"
+AWS_DEFAULT_REGION="eu-west-1"
+SECRET_FILE_PATH=act/secrets/.github-actions.conf
+ENV_FILE_PATH="act/.env"
+EVENT_PATH="act/event_payload.json"
+PLATFORM_VERSION="3bcb267"
+PLATFORM="028996598430.dkr.ecr.eu-west-1.amazonaws.com/wemap-github-runner:$PLATFORM_VERSION"
+
+aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $PLATFORM
+SSH_KEY_GITHUB_ACTIONS="$(cat ~/.ssh/DeployKeys/infra-delivery/github_actions_terraform)"
+
+
+cat <<EOT > act/event_payload.json
+{
+    "ref": "refs/heads/$BRANCH",
+    "ref_name": "$BRANCH",
+    "head_commit": {
+      "id": "commit_id",
+      "message": "commit message",
+      "author": {
+        "name": "Author Name",
+        "email": "[email protected]"
+      }
+    }
+}
+EOT
+
+act -P ubuntu-latest=$PLATFORM --secret-file $SECRET_FILE_PATH \
+                               --eventpath $EVENT_PATH \
+                               --env-file $ENV_FILE_PATH \
+                               --workflows ./act/.github/workflows/ci_cd.yml \
+                               --secret SSH_KEY_GITHUB_ACTIONS="$SSH_KEY_GITHUB_ACTIONS" \
+                               --container-architecture linux/amd64

act/secrets/.github-actions.conf.dist

@@ -0,0 +1,5 @@
+NPM_TOKEN=""
+SLACK_HOOK_URL=""
+CLOUDFLARE_API_TOKEN=""
+CLOUDFLARE_DEV_ZONE_ID=""
+CLOUDFLARE_PROD_ZONE_ID=""