diff --git a/.github/actions/Dockerfile b/.github/actions/Dockerfile deleted file mode 100644 index 2d3dcb97..00000000 --- a/.github/actions/Dockerfile +++ /dev/null @@ -1,18 +0,0 @@ -FROM r.j3ss.co/terraform:latest - -LABEL "com.github.actions.name"="AWS Fargate" -LABEL "com.github.actions.description"="Deploy to AWS Fargate on push to the master branch" -LABEL "com.github.actions.icon"="cloud" -LABEL "com.github.actions.color"="red" - -RUN apk add --no-cache \ - git \ - make - -COPY ../../terraform /usr/src/terraform -COPY Makefile /usr/src -COPY deploy.sh /usr/local/bin/deploy - -WORKDIR /usr/src - -ENTRYPOINT ["deploy"] diff --git a/.github/actions/Makefile b/.github/actions/Makefile deleted file mode 100644 index ce594ffc..00000000 --- a/.github/actions/Makefile +++ /dev/null @@ -1,104 +0,0 @@ -SHELL := /bin/bash -AWS_REGION := ${AWS_REGION} -AWS_ACCESS_KEY_ID := ${AWS_ACCESS_KEY_ID} -AWS_SECRET_ACCESS_KEY := ${AWS_SECRET_ACCESS_KEY} -IMAGE := ${IMAGE} -PORT := ${PORT} -COUNT := ${COUNT} -CPU := ${CPU} -MEMORY := ${MEMORY} -BUCKET := ${BUCKET} - -AWS_DIR=$(CURDIR)/terraform/amazon -TERRAFORM_FLAGS := -AWS_TERRAFORM_FLAGS = -var "region=$(AWS_REGION)" \ - -var "access_key=$(AWS_ACCESS_KEY_ID)" \ - -var "secret_key=$(AWS_SECRET_ACCESS_KEY)" \ - -var "image=$(IMAGE)" \ - -var "port=$(PORT)" \ - -var "count=$(COUNT)" \ - -var "cpu=$(CPU)" \ - -var "memory=$(MEMORY)" \ - -var "bucket=$(BUCKET)" - -.PHONY: aws-init -aws-init: - @:$(call check_defined, AWS_REGION, Amazon Region) - @:$(call check_defined, AWS_ACCESS_KEY_ID, Amazon Access Key ID) - @:$(call check_defined, AWS_SECRET_ACCESS_KEY, Amazon Secret Access Key) - @:$(call check_defined, IMAGE, Docker image to run) - @:$(call check_defined, PORT, Port to expose) - @:$(call check_defined, COUNT, Number of containers to run) - @:$(call check_defined, CPU, Fargate instance CPU units to provision (1 vCPU = 1024 CPU units)) - @:$(call check_defined, MEMORY, Fargate instance memory to provision (in MiB)) - @:$(call check_defined, BUCKET, s3 bucket name to store the terraform state) - @cd $(AWS_DIR) && terraform init \ - -backend-config "bucket=$(BUCKET)" \ - -backend-config "region=$(AWS_REGION)" \ - $(AWS_TERRAFORM_FLAGS) - -.PHONY: terraform-validate -terraform-validate: ## Validate terraform scripts. - @cd $(AWS_DIR) && echo "$$(docker run --rm -it --entrypoint bash -w '/mnt' -v $$(pwd):/mnt r.j3ss.co/terraform -c 'terraform validate -check-variables=false . && echo [OK] terraform')" - -.PHONY: aws-plan -aws-plan: aws-init ## Run terraform plan for Amazon. - @cd $(AWS_DIR) && terraform plan \ - $(AWS_TERRAFORM_FLAGS) - -.PHONY: aws-apply -aws-apply: aws-init ## Run terraform apply for Amazon. - @cd $(AWS_DIR) && terraform apply \ - $(AWS_TERRAFORM_FLAGS) \ - $(TERRAFORM_FLAGS) - -.PHONY: aws-destroy -aws-destroy: aws-init ## Run terraform destroy for Amazon. - @cd $(AWS_DIR) && terraform destroy \ - $(AWS_TERRAFORM_FLAGS) - -check_defined = \ - $(strip $(foreach 1,$1, \ - $(call __check_defined,$1,$(strip $(value 2))))) -__check_defined = \ - $(if $(value $1),, \ - $(error Undefined $1$(if $2, ($2))$(if $(value @), \ - required by target `$@'))) - -.PHONY: update -update: update-terraform ## Update terraform binary locally. - -TERRAFORM_BINARY:=$(shell which terraform || echo "/usr/local/bin/terraform") -TMP_TERRAFORM_BINARY:=/tmp/terraform -.PHONY: update-terraform -update-terraform: ## Update terraform binary locally from the docker container. - @echo "Updating terraform binary..." - $(shell docker run --rm --entrypoint bash r.j3ss.co/terraform -c "cd \$\$$(dirname \$\$$(which terraform)) && tar -Pc terraform" | tar -xvC $(dir $(TMP_TERRAFORM_BINARY)) > /dev/null) - sudo mv $(TMP_TERRAFORM_BINARY) $(TERRAFORM_BINARY) - sudo chmod +x $(TERRAFORM_BINARY) - @echo "Update terraform binary: $(TERRAFORM_BINARY)" - @terraform version - -.PHONY: test -test: terraform-validate shellcheck ## Runs the tests on the repository. - -# if this session isn't interactive, then we don't want to allocate a -# TTY, which would fail, but if it is interactive, we do want to attach -# so that the user can send e.g. ^C through. -INTERACTIVE := $(shell [ -t 0 ] && echo 1 || echo 0) -ifeq ($(INTERACTIVE), 1) - DOCKER_FLAGS += -t -endif - -.PHONY: shellcheck -shellcheck: ## Runs the shellcheck tests on the scripts. - docker run --rm -i $(DOCKER_FLAGS) \ - --name shellcheck \ - -v $(CURDIR):/usr/src:ro \ - --workdir /usr/src \ - r.j3ss.co/shellcheck ./test.sh - -.PHONY: help -help: - @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' - diff --git a/.github/actions/deploy.sh b/.github/actions/deploy.sh deleted file mode 100644 index 92eb67a7..00000000 --- a/.github/actions/deploy.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -set -e -set -o pipefail - -if [[ "$GITHUB_REF" != "refs/heads/master" ]]; then - echo "$GITHUB_REF was not master, exiting..." - exit 0 -fi - -echo "On branch ${GITHUB_REF}, deploying..." - -( -cd /usr/src -make aws-apply TERRAFORM_FLAGS=-auto-approve -) diff --git a/.github/main.workflow b/.github/main.workflow index 28e976be..7a6c7540 100644 --- a/.github/main.workflow +++ b/.github/main.workflow @@ -33,7 +33,6 @@ action "Push" { env = { IMAGE = "445220836204.dkr.ecr.eu-west-1.amazonaws.com/etdashboard" } - } action "Deploy to Fargate" { diff --git a/Dockerfile b/Dockerfile index fe88ed9b..070f073f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,6 +13,6 @@ RUN npm i --silent COPY --chown=node:node . . -EXPOSE 8081 +EXPOSE 3000 CMD [ "npm", "start" ] diff --git a/terraform/ecs.tf b/terraform/ecs.tf deleted file mode 100644 index 19a0894b..00000000 --- a/terraform/ecs.tf +++ /dev/null @@ -1,150 +0,0 @@ -## Most of this is taken from https://github.com/jessfraz/aws-fargate-action -## Because I am super lazy and stuck for time -## Updated it so it's not old and doesn't work. - -### Network - -# Fetch availability zones in the current region. -data "aws_availability_zones" "available" {} - -resource "aws_vpc" "main" { - cidr_block = "10.0.0.0/16" -} - -# Create var.az_count private subnets, each in a different availability zone. -resource "aws_subnet" "private" { - count = var.az_count - cidr_block = cidrsubnet(aws_vpc.main.cidr_block, 8, count.index) - availability_zone = data.aws_availability_zones.available.names[count.index] - vpc_id = aws_vpc.main.id -} - -# Create var.az_count public subnets, each in a different availability zone. -resource "aws_subnet" "public" { - count = var.az_count - cidr_block = cidrsubnet(aws_vpc.main.cidr_block, 8, var.az_count + count.index) - availability_zone = data.aws_availability_zones.available.names[count.index] - vpc_id = aws_vpc.main.id - map_public_ip_on_launch = true -} - -# Internet gateway for the public subnet. -resource "aws_internet_gateway" "gw" { - vpc_id = aws_vpc.main.id -} - -# Route the public subnet traffic through the internet gateway. -resource "aws_route" "internet_access" { - route_table_id = aws_vpc.main.main_route_table_id - destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.gw.id -} - -# Create a NAT gateway with an EIP for each private subnet to get internet connectivity. -resource "aws_eip" "gw" { - count = var.az_count - vpc = true - depends_on = aws_internet_gateway.gw -} - -resource "aws_nat_gateway" "gw" { - count = var.az_count - subnet_id = element(aws_subnet.public.*.id, count.index) - allocation_id = element(aws_eip.gw.*.id, count.index) -} - -# Create a new route table for the private subnets. -# And make it route non-local traffic through the NAT gateway to the internet. -resource "aws_route_table" "private" { - count = var.az_count - vpc_id = aws_vpc.main.id - - route { - cidr_block = "0.0.0.0/0" - nat_gateway_id = element(aws_nat_gateway.gw.*.id, count.index) - } -} - -# Explicitely associate the newly created route tables to the private subnets (so they don't default to the main route table). -resource "aws_route_table_association" "private" { - count = var.az_count - subnet_id = element(aws_subnet.private.*.id, count.index) - route_table_id = element(aws_route_table.private.*.id, count.index) -} - -### Security - -# Load balancer security group. -# This is the group you need to edit if you want to restrict access to your application. -resource "aws_security_group" "ecs_lb" { - name = "ecs-lb" - description = "controls access to the ALB" - vpc_id = aws_vpc.main.id - - ingress { - protocol = "tcp" - from_port = 80 - to_port = 80 - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } -} - -# Traffic to the ECS Cluster should only come from the load balancer. -resource "aws_security_group" "ecs_tasks" { - name = "ecs-tasks" - description = "allow inbound access from the ALB only" - vpc_id = aws_vpc.main.id - - ingress { - protocol = "tcp" - from_port = var.port - to_port = var.port - security_groups = [aws_security_group.ecs_lb.id] - } - - egress { - protocol = "-1" - from_port = 0 - to_port = 0 - cidr_blocks = ["0.0.0.0/0"] - } -} - -### Load balancer. -resource "aws_alb" "main" { - name = "github-actions-deploy" - subnets = [aws_subnet.public.*.id] - security_groups = [aws_security_group.ecs_lb.id] -} - -resource "aws_alb_target_group" "app" { - name = "github-actions-deploy" - port = 80 - protocol = "HTTP" - vpc_id = aws_vpc.main.id - target_type = "ip" -} - -# Redirect all traffic from the load balancer to the target group. -resource "aws_alb_listener" "front_end" { - load_balancer_arn = aws_alb.main.id - port = "80" - protocol = "HTTP" - - default_action { - target_group_arn = aws_alb_target_group.app.id - type = "forward" - } -} - -### ECS -resource "aws_ecs_cluster" "main" { - name = "ecs-cluster" -} diff --git a/terraform/outputs.tf b/terraform/outputs.tf deleted file mode 100644 index 378a1043..00000000 --- a/terraform/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "alb_hostname" { - value = aws_alb.main.dns_name -} - -output "container_definitions" { - value = local.container_definitions -} diff --git a/terraform/service.tf b/terraform/service.tf deleted file mode 100644 index d762d193..00000000 --- a/terraform/service.tf +++ /dev/null @@ -1,55 +0,0 @@ -locals { - container_definitions = <