From 83862708e784b5768a73360092f22d12a5f8919f Mon Sep 17 00:00:00 2001 From: sreevalsanmr Date: Tue, 28 Nov 2023 13:21:55 +0530 Subject: [PATCH 1/8] add deployment files for docs-dev --- .github/workflows/dev_deployment.yml | 73 +++++++++++++++++++++ Dockerfile.nginx | 14 ++++ dev-taskdef.json | 95 ++++++++++++++++++++++++++++ nginx.conf | 11 ++++ 4 files changed, 193 insertions(+) create mode 100644 .github/workflows/dev_deployment.yml create mode 100644 Dockerfile.nginx create mode 100644 dev-taskdef.json create mode 100644 nginx.conf diff --git a/.github/workflows/dev_deployment.yml b/.github/workflows/dev_deployment.yml new file mode 100644 index 000000000..a8c873a62 --- /dev/null +++ b/.github/workflows/dev_deployment.yml @@ -0,0 +1,73 @@ +name: Docs Dev Deployment +on: + push: + branches: ['dev'] + workflow_dispatch: + +jobs: + deploy_staging: + name: Dev Deployment + permissions: + id-token: write + contents: write + environment: dev + runs-on: ubuntu-latest + env: + AWS_REGION: eu-west-1 + ECR_REPOSITORY: docs-dev-ecr + ECS_SERVICE: docs-dev-ecs-service + ECS_CLUSTER: frontend-dev-ecs-cluster + ECS_TASK_DEFINITION: dev-taskdef.json + CONTAINER_NAME: docs-dev + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-region: ${{ env.AWS_REGION }} + role-to-assume: arn:aws:iam::605436358845:role/docs-dev-GithubActionsRole + role-session-name: GithubActionsSession + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - uses: actions/setup-python@v4 + with: + python-version: '3.11' + + - name: pip Install + run: pip install -r requirements.txt --no-cache-dir + + - name: Build mkdocs + run: mkdocs build + + - name: Build, tag, and push image to Amazon ECR + id: build-image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + IMAGE_TAG: ${{ github.sha }} + run: | + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG Dockerfile.nginx + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT + + - name: Fill in the new image ID in the Amazon ECS task definition + id: task-def + uses: aws-actions/amazon-ecs-render-task-definition@v1 + with: + task-definition: ${{ env.ECS_TASK_DEFINITION }} + container-name: ${{ env.CONTAINER_NAME }} + image: ${{ steps.build-image.outputs.image }} + + - name: Deploy Amazon ECS task definition + uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + with: + task-definition: ${{ steps.task-def.outputs.task-definition }} + service: ${{ env.ECS_SERVICE }} + cluster: ${{ env.ECS_CLUSTER }} + wait-for-service-stability: true diff --git a/Dockerfile.nginx b/Dockerfile.nginx new file mode 100644 index 000000000..1cee78aa6 --- /dev/null +++ b/Dockerfile.nginx @@ -0,0 +1,14 @@ +#Serve the app with NGINX +FROM nginx:alpine + +# Copy the build files from the build folder to /usr/share/nginx/html +COPY site /usr/share/nginx/html + +#Replace default nginx.conf with custom configuration +COPY nginx.conf /etc/nginx/conf.d/default.conf + +# Expose the desired port (default is 80 for NGINX) +EXPOSE 80 + +# Start NGINX +CMD ["nginx", "-g", "daemon off;"] diff --git a/dev-taskdef.json b/dev-taskdef.json new file mode 100644 index 000000000..a06d210f3 --- /dev/null +++ b/dev-taskdef.json @@ -0,0 +1,95 @@ +{ + "requiresCompatibilities": [ + "FARGATE" + ], + "inferenceAccelerators": [], + "containerDefinitions": [{ + "dnsSearchDomains": null, + "environmentFiles": [], + "entryPoint": null, + "portMappings": [{ + "hostPort": 80, + "protocol": "tcp", + "containerPort": 80 + }], + "command": null, + "linuxParameters": null, + "cpu": 0, + "environment": null, + "resourceRequirements": null, + "ulimits": null, + "dnsServers": null, + "mountPoints": null, + "workingDirectory": null, + "secrets": null, + "dockerSecurityOptions": null, + "memory": null, + "memoryReservation": null, + "volumesFrom": null, + "stopTimeout": null, + "image": "test", + "startTimeout": null, + "firelensConfiguration": null, + "dependsOn": null, + "disableNetworking": null, + "interactive": null, + "healthCheck": null, + "essential": true, + "links": null, + "hostname": null, + "extraHosts": null, + "pseudoTerminal": null, + "user": null, + "readonlyRootFilesystem": null, + "dockerLabels": null, + "systemControls": null, + "privileged": null, + "name": "docs-dev", + "repositoryCredentials": { + "credentialsParameter": "" + } + }], + "volumes": [], + "networkMode": "awsvpc", + "memory": "1024", + "cpu": "512", + "executionRoleArn": "arn:aws:iam::605436358845:role/docs-dev-TaskRole", + "family": "docs-dev-taskdefinition", + "taskRoleArn": "arn:aws:iam::605436358845:role/docs-dev-TaskRole", + "runtimePlatform": { + "operatingSystemFamily": "LINUX" + }, + "tags": [{ + "key": "Role", + "value": "frontend-application" + }, + { + "key": "ParentService", + "value": "docs-dev" + }, + { + "key": "Environment", + "value": "dev" + }, + { + "key": "Service", + "value": "docs-dev.polygon.technology" + }, + { + "key": "Host", + "value": "AWS" + }, + { + "key": "IAC", + "value": "terraform-workspace-aws-dev-applications-eu-west-1-apps-docs-dev-polygon-technology" + }, + { + "key": "Team", + "value": "documentation" + }, + { + "key": "Name", + "value": "docs-dev-taskdefinition" + } + ] +} diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 000000000..48e738e0d --- /dev/null +++ b/nginx.conf @@ -0,0 +1,11 @@ +server { + listen 0.0.0.0:80; + root /usr/share/nginx/html; + index index.html; + + error_page 404 /404.html; + + location / { + try_files $uri.html $uri $uri/ /index.html; + } +} From c265b5b975d4cbbff199bf8f594ef8d386671838 Mon Sep 17 00:00:00 2001 From: sreevalsanmr Date: Tue, 28 Nov 2023 13:45:11 +0530 Subject: [PATCH 2/8] fix typo --- .github/workflows/dev_deployment.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dev_deployment.yml b/.github/workflows/dev_deployment.yml index a8c873a62..0fb48d64f 100644 --- a/.github/workflows/dev_deployment.yml +++ b/.github/workflows/dev_deployment.yml @@ -36,7 +36,8 @@ jobs: id: login-ecr uses: aws-actions/amazon-ecr-login@v1 - - uses: actions/setup-python@v4 + - name: Use Python + uses: actions/setup-python@v4 with: python-version: '3.11' From 099806b94766c7d160aa46c50c7727639463af1f Mon Sep 17 00:00:00 2001 From: sreevalsanmr <82149813+sreevalsanmr@users.noreply.github.com> Date: Tue, 28 Nov 2023 13:47:56 +0530 Subject: [PATCH 3/8] Update dev_deployment.yml --- .github/workflows/dev_deployment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dev_deployment.yml b/.github/workflows/dev_deployment.yml index 0fb48d64f..e4732558d 100644 --- a/.github/workflows/dev_deployment.yml +++ b/.github/workflows/dev_deployment.yml @@ -53,7 +53,7 @@ jobs: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} IMAGE_TAG: ${{ github.sha }} run: | - docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG Dockerfile.nginx + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG Dockerfile.nginx . docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT From 0291894dda816e87f235e78539837c45de35867e Mon Sep 17 00:00:00 2001 From: sreevalsanmr <82149813+sreevalsanmr@users.noreply.github.com> Date: Tue, 28 Nov 2023 13:49:59 +0530 Subject: [PATCH 4/8] Update dev_deployment.yml --- .github/workflows/dev_deployment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dev_deployment.yml b/.github/workflows/dev_deployment.yml index e4732558d..c09c036cd 100644 --- a/.github/workflows/dev_deployment.yml +++ b/.github/workflows/dev_deployment.yml @@ -53,7 +53,7 @@ jobs: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} IMAGE_TAG: ${{ github.sha }} run: | - docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG Dockerfile.nginx . + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile.nginx . docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT From a637c214a96d1af8c17f3fdb268b43a561e6ea1e Mon Sep 17 00:00:00 2001 From: kmurphypolygon Date: Tue, 28 Nov 2023 09:40:51 +0100 Subject: [PATCH 5/8] testing dev staging --- mkdocs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mkdocs.yml b/mkdocs.yml index 57b99614f..3126e4c7d 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -64,7 +64,7 @@ nav: - Validium: cdk/get-started/deploy-validium.md - Rollup: cdk/get-started/deploy-rollup.md - How to: - - Manage policies - allowlists, denylists, ACLs: cdk/how-to/manage-allowlists.md + - Manage policies - allowlists, denylists: cdk/how-to/manage-allowlists.md #- Architecture: - Specification: - Validium vs rollup: cdk/specification/validium-vs-rollup.md From f2b9a23ce9949375a800b706fc3f3b74b1d5affc Mon Sep 17 00:00:00 2001 From: sreevalsanmr Date: Tue, 28 Nov 2023 16:04:06 +0530 Subject: [PATCH 6/8] add workflow to merge main barnch with dev on daily basis --- .github/workflows/main_to_dev_merge.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/main_to_dev_merge.yml diff --git a/.github/workflows/main_to_dev_merge.yml b/.github/workflows/main_to_dev_merge.yml new file mode 100644 index 000000000..6ae112e66 --- /dev/null +++ b/.github/workflows/main_to_dev_merge.yml @@ -0,0 +1,21 @@ +name: Merge Main to Dev + +on: + schedule: + - cron: '0 0 * * *' # Run daily at midnight UTC + +jobs: + merge: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Merge Main to Dev + run: | + git checkout dev + git pull origin dev + git fetch origin main + git merge origin/main --no-edit + git push origin dev From dcb7401410ffe17b11f38fe77a8f8beb05f91fb7 Mon Sep 17 00:00:00 2001 From: sreevalsanmr Date: Tue, 28 Nov 2023 17:52:01 +0530 Subject: [PATCH 7/8] add deployment workflows for staging and prod deployment --- .github/workflows/prod_deployment.yml | 82 ++++++++++++++++++++++++ .github/workflows/staging_deployment.yml | 74 +++++++++++++++++++++ 2 files changed, 156 insertions(+) create mode 100644 .github/workflows/prod_deployment.yml create mode 100644 .github/workflows/staging_deployment.yml diff --git a/.github/workflows/prod_deployment.yml b/.github/workflows/prod_deployment.yml new file mode 100644 index 000000000..53a8d1f1d --- /dev/null +++ b/.github/workflows/prod_deployment.yml @@ -0,0 +1,82 @@ +name: Prod Deployment +on: + push: + branches: ['main'] + workflow_dispatch: + inputs: + stage: + description: 'Stage to deploy (production)' + required: true + run_production: + description: 'Staging deployment completed (yes, no)' + required: true + +jobs: + deploy_prod: + name: Prod Deployment + permissions: + id-token: write + contents: write + environment: prod + runs-on: ubuntu-latest + if: github.event_name == 'workflow_dispatch' && github.event.inputs.stage == 'production' && github.event.inputs.run_production == 'yes' + env: + AWS_REGION: eu-west-1 + ECR_REPOSITORY: docs-ecr + ECS_SERVICE: docs-ecs-service + ECS_CLUSTER: frontend-prod-ecs-cluster + ECS_TASK_DEFINITION: prod-taskdef.json + CONTAINER_NAME: docs + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-region: ${{ env.AWS_REGION }} + role-to-assume: arn:aws:iam::042947190491:role/docs-GithubActionsRole + role-session-name: GithubActionsSession + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Use Python + uses: actions/setup-python@v4 + with: + python-version: '3.11' + + - name: pip Install + run: pip install -r requirements.txt --no-cache-dir + + - name: Build mkdocs + run: mkdocs build + + - name: Build, tag, and push image to Amazon ECR + id: build-image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + IMAGE_TAG: ${{ github.sha }} + run: | + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile.nginx . + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT + + - name: Fill in the new image ID in the Amazon ECS task definition + id: task-def + uses: aws-actions/amazon-ecs-render-task-definition@v1 + with: + task-definition: ${{ env.ECS_TASK_DEFINITION }} + container-name: ${{ env.CONTAINER_NAME }} + image: ${{ steps.build-image.outputs.image }} + + - name: Deploy Amazon ECS task definition + uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + with: + task-definition: ${{ steps.task-def.outputs.task-definition }} + service: ${{ env.ECS_SERVICE }} + cluster: ${{ env.ECS_CLUSTER }} + wait-for-service-stability: true diff --git a/.github/workflows/staging_deployment.yml b/.github/workflows/staging_deployment.yml new file mode 100644 index 000000000..0f22f8b37 --- /dev/null +++ b/.github/workflows/staging_deployment.yml @@ -0,0 +1,74 @@ +name: Staging Deployment +on: + push: + branches: ['main'] + workflow_dispatch: + +jobs: + deploy_staging: + name: Staging Deployment + permissions: + id-token: write + contents: write + environment: staging + runs-on: ubuntu-latest + env: + AWS_REGION: eu-west-1 + ECR_REPOSITORY: docs-staging-ecr + ECS_SERVICE: docs-staging-ecs-service + ECS_CLUSTER: frontend-staging-ecs-cluster + ECS_TASK_DEFINITION: staging-taskdef.json + CONTAINER_NAME: docs-staging + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-region: ${{ env.AWS_REGION }} + role-to-assume: arn:aws:iam::070528468658:role/docs-staging-GithubActionsRole + role-session-name: GithubActionsSession + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Use Python + uses: actions/setup-python@v4 + with: + python-version: '3.11' + + - name: pip Install + run: pip install -r requirements.txt --no-cache-dir + + - name: Build mkdocs + run: mkdocs build + + - name: Build, tag, and push image to Amazon ECR + id: build-image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + IMAGE_TAG: ${{ github.sha }} + run: | + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile.nginx . + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT + + - name: Fill in the new image ID in the Amazon ECS task definition + id: task-def + uses: aws-actions/amazon-ecs-render-task-definition@v1 + with: + task-definition: ${{ env.ECS_TASK_DEFINITION }} + container-name: ${{ env.CONTAINER_NAME }} + image: ${{ steps.build-image.outputs.image }} + + - name: Deploy Amazon ECS task definition + uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + with: + task-definition: ${{ steps.task-def.outputs.task-definition }} + service: ${{ env.ECS_SERVICE }} + cluster: ${{ env.ECS_CLUSTER }} + wait-for-service-stability: true From e3a94c29d226b385901fa8a95accf46e469b1a2d Mon Sep 17 00:00:00 2001 From: sreevalsanmr Date: Tue, 28 Nov 2023 18:06:04 +0530 Subject: [PATCH 8/8] add taskdef files for staging and prod --- prod-taskdef.json | 95 ++++++++++++++++++++++++++++++++++++++++++++ staging-taskdef.json | 95 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 190 insertions(+) create mode 100644 prod-taskdef.json create mode 100644 staging-taskdef.json diff --git a/prod-taskdef.json b/prod-taskdef.json new file mode 100644 index 000000000..90e4c9768 --- /dev/null +++ b/prod-taskdef.json @@ -0,0 +1,95 @@ +{ + "requiresCompatibilities": [ + "FARGATE" + ], + "inferenceAccelerators": [], + "containerDefinitions": [{ + "dnsSearchDomains": null, + "environmentFiles": [], + "entryPoint": null, + "portMappings": [{ + "hostPort": 80, + "protocol": "tcp", + "containerPort": 80 + }], + "command": null, + "linuxParameters": null, + "cpu": 0, + "environment": null, + "resourceRequirements": null, + "ulimits": null, + "dnsServers": null, + "mountPoints": null, + "workingDirectory": null, + "secrets": null, + "dockerSecurityOptions": null, + "memory": null, + "memoryReservation": null, + "volumesFrom": null, + "stopTimeout": null, + "image": "test", + "startTimeout": null, + "firelensConfiguration": null, + "dependsOn": null, + "disableNetworking": null, + "interactive": null, + "healthCheck": null, + "essential": true, + "links": null, + "hostname": null, + "extraHosts": null, + "pseudoTerminal": null, + "user": null, + "readonlyRootFilesystem": null, + "dockerLabels": null, + "systemControls": null, + "privileged": null, + "name": "docs", + "repositoryCredentials": { + "credentialsParameter": "" + } + }], + "volumes": [], + "networkMode": "awsvpc", + "memory": "1024", + "cpu": "512", + "executionRoleArn": "arn:aws:iam::042947190491:role/docs-TaskRole", + "family": "docs-taskdefinition", + "taskRoleArn": "arn:aws:iam::042947190491:role/docs-TaskRole", + "runtimePlatform": { + "operatingSystemFamily": "LINUX" + }, + "tags": [{ + "key": "Role", + "value": "frontend-application" + }, + { + "key": "ParentService", + "value": "docs" + }, + { + "key": "Environment", + "value": "prod" + }, + { + "key": "Service", + "value": "docs.polygon.technology" + }, + { + "key": "Host", + "value": "AWS" + }, + { + "key": "IAC", + "value": "terraform-workspace-aws-prod-applications-eu-west-1-apps-docs-polygon-technology" + }, + { + "key": "Team", + "value": "documentation" + }, + { + "key": "Name", + "value": "docs-taskdefinition" + } + ] +} diff --git a/staging-taskdef.json b/staging-taskdef.json new file mode 100644 index 000000000..921b50e1c --- /dev/null +++ b/staging-taskdef.json @@ -0,0 +1,95 @@ +{ + "requiresCompatibilities": [ + "FARGATE" + ], + "inferenceAccelerators": [], + "containerDefinitions": [{ + "dnsSearchDomains": null, + "environmentFiles": [], + "entryPoint": null, + "portMappings": [{ + "hostPort": 80, + "protocol": "tcp", + "containerPort": 80 + }], + "command": null, + "linuxParameters": null, + "cpu": 0, + "environment": null, + "resourceRequirements": null, + "ulimits": null, + "dnsServers": null, + "mountPoints": null, + "workingDirectory": null, + "secrets": null, + "dockerSecurityOptions": null, + "memory": null, + "memoryReservation": null, + "volumesFrom": null, + "stopTimeout": null, + "image": "test", + "startTimeout": null, + "firelensConfiguration": null, + "dependsOn": null, + "disableNetworking": null, + "interactive": null, + "healthCheck": null, + "essential": true, + "links": null, + "hostname": null, + "extraHosts": null, + "pseudoTerminal": null, + "user": null, + "readonlyRootFilesystem": null, + "dockerLabels": null, + "systemControls": null, + "privileged": null, + "name": "docs-staging", + "repositoryCredentials": { + "credentialsParameter": "" + } + }], + "volumes": [], + "networkMode": "awsvpc", + "memory": "1024", + "cpu": "512", + "executionRoleArn": "arn:aws:iam::070528468658:role/docs-staging-TaskRole", + "family": "docs-staging-taskdefinition", + "taskRoleArn": "arn:aws:iam::070528468658:role/docs-staging-TaskRole", + "runtimePlatform": { + "operatingSystemFamily": "LINUX" + }, + "tags": [{ + "key": "Role", + "value": "frontend-application" + }, + { + "key": "ParentService", + "value": "docs-staging" + }, + { + "key": "Environment", + "value": "staging" + }, + { + "key": "Service", + "value": "docs-staging.polygon.technology" + }, + { + "key": "Host", + "value": "AWS" + }, + { + "key": "IAC", + "value": "terraform-workspace-aws-test-applications-eu-west-1-apps-docs-staging-polygon-technology" + }, + { + "key": "Team", + "value": "documentation" + }, + { + "key": "Name", + "value": "docs-staging-taskdefinition" + } + ] +}