From ad9bb8c3f317519fa793b6e6eb272804eedac7f8 Mon Sep 17 00:00:00 2001 From: "jonathan.kerr" Date: Wed, 15 Mar 2023 15:15:19 +0000 Subject: [PATCH 1/3] Initial steps towards AWS infrastructure --- mentor-match-infra/app.py | 22 ++++++++++ mentor-match-infra/cdk.json | 44 +++++++++++++++++++ .../mentor_match_infra/__init__.py | 0 .../mentor_match_infra_stack.py | 30 +++++++++++++ 4 files changed, 96 insertions(+) create mode 100644 mentor-match-infra/app.py create mode 100644 mentor-match-infra/cdk.json create mode 100644 mentor-match-infra/mentor_match_infra/__init__.py create mode 100644 mentor-match-infra/mentor_match_infra/mentor_match_infra_stack.py diff --git a/mentor-match-infra/app.py b/mentor-match-infra/app.py new file mode 100644 index 00000000..1007ca11 --- /dev/null +++ b/mentor-match-infra/app.py @@ -0,0 +1,22 @@ +#!/usr/bin/env python3 +import aws_cdk as cdk + +from mentor_match_infra.mentor_match_infra_stack import MentorMatchStack + +app = cdk.App() +MentorMatchStack( + app, + "MentorMatchStack", + # If you don't specify 'env', this stack will be environment-agnostic. + # Account/Region-dependent features and context lookups will not work, + # but a single synthesized template can be deployed anywhere. + # Uncomment the next line to specialize this stack for the AWS Account + # and Region that are implied by the current CLI configuration. + # env=cdk.Environment(account=os.getenv('CDK_DEFAULT_ACCOUNT'), region=os.getenv('CDK_DEFAULT_REGION')), + # Uncomment the next line if you know exactly what Account and Region you + # want to deploy the stack to. */ + # env=cdk.Environment(account='123456789012', region='us-east-1'), + # For more information, see https://docs.aws.amazon.com/cdk/latest/guide/environments.html +) + +app.synth() diff --git a/mentor-match-infra/cdk.json b/mentor-match-infra/cdk.json new file mode 100644 index 00000000..9df9cb57 --- /dev/null +++ b/mentor-match-infra/cdk.json @@ -0,0 +1,44 @@ +{ + "app": "python3 app.py", + "watch": { + "include": [ + "**" + ], + "exclude": [ + "README.md", + "cdk*.json", + "requirements*.txt", + "source.bat", + "**/__init__.py", + "python/__pycache__", + "tests" + ] + }, + "context": { + "@aws-cdk/aws-lambda:recognizeLayerVersion": true, + "@aws-cdk/core:checkSecretUsage": true, + "@aws-cdk/core:target-partitions": [ + "aws", + "aws-cn" + ], + "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true, + "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true, + "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true, + "@aws-cdk/aws-iam:minimizePolicies": true, + "@aws-cdk/core:validateSnapshotRemovalPolicy": true, + "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true, + "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true, + "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true, + "@aws-cdk/aws-apigateway:disableCloudWatchRole": true, + "@aws-cdk/core:enablePartitionLiterals": true, + "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true, + "@aws-cdk/aws-iam:standardizedServicePrincipals": true, + "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true, + "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true, + "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true, + "@aws-cdk/aws-route53-patters:useCertificate": true, + "@aws-cdk/customresources:installLatestAwsSdkDefault": false, + "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true, + "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true + } +} diff --git a/mentor-match-infra/mentor_match_infra/__init__.py b/mentor-match-infra/mentor_match_infra/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/mentor-match-infra/mentor_match_infra/mentor_match_infra_stack.py b/mentor-match-infra/mentor_match_infra/mentor_match_infra_stack.py new file mode 100644 index 00000000..6dac3b2f --- /dev/null +++ b/mentor-match-infra/mentor_match_infra/mentor_match_infra_stack.py @@ -0,0 +1,30 @@ +import aws_cdk as cdk +import aws_cdk.aws_ecs as ecs +import aws_cdk.aws_ecs_patterns as ecsp +from constructs import Construct + + +class MentorMatchStack(cdk.Stack): + def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: + super().__init__(scope, construct_id, **kwargs) + + ecsp.ApplicationLoadBalancedFargateService( + self, + "MentorMatchWebServer", + task_image_options=ecsp.ApplicationLoadBalancedTaskImageOptions( + image=ecs.ContainerImage.from_registry( + "ghcr.io/mentor-matching-online/mentor-match/web" + ) + ), + public_load_balancer=True, + ) + ecsp.ApplicationLoadBalancedFargateService( + self, + "MentorMatchWorker", + task_image_options=ecsp.ApplicationLoadBalancedTaskImageOptions( + image=ecs.ContainerImage.from_registry( + "ghcr.io/mentor-matching-online/mentor-match/worker" + ) + ), + public_load_balancer=True, + ) From 0f7e571d025b50064ab8bd3de082a43b6d1e7351 Mon Sep 17 00:00:00 2001 From: "jonathan.kerr" Date: Wed, 15 Mar 2023 15:17:01 +0000 Subject: [PATCH 2/3] Minor change to check actions run --- .../mentor_match_infra/mentor_match_infra_stack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mentor-match-infra/mentor_match_infra/mentor_match_infra_stack.py b/mentor-match-infra/mentor_match_infra/mentor_match_infra_stack.py index 6dac3b2f..d4131b3c 100644 --- a/mentor-match-infra/mentor_match_infra/mentor_match_infra_stack.py +++ b/mentor-match-infra/mentor_match_infra/mentor_match_infra_stack.py @@ -10,7 +10,7 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: ecsp.ApplicationLoadBalancedFargateService( self, - "MentorMatchWebServer", + "MentorMatchWeb", task_image_options=ecsp.ApplicationLoadBalancedTaskImageOptions( image=ecs.ContainerImage.from_registry( "ghcr.io/mentor-matching-online/mentor-match/web" From 017fc277ec1deee6f909e6c86b370d6583ecb20f Mon Sep 17 00:00:00 2001 From: "jonathan.kerr" Date: Wed, 15 Mar 2023 15:24:22 +0000 Subject: [PATCH 3/3] Change Action to push to the local repository's registry --- .github/workflows/trunk-dev.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/trunk-dev.yml b/.github/workflows/trunk-dev.yml index c054eaa2..2fe980e8 100644 --- a/.github/workflows/trunk-dev.yml +++ b/.github/workflows/trunk-dev.yml @@ -77,10 +77,10 @@ jobs: run: | export WEB_IMAGE=web:${GH_IMAGE_COMMIT_TAG} export WORKER_IMAGE=worker:${GH_IMAGE_COMMIT_TAG} - docker tag ${WEB_IMAGE} ghcr.io/jonodrew/mentor-match/${WEB_IMAGE} - docker tag ${WEB_IMAGE} ghcr.io/jonodrew/mentor-match/web:latest - docker tag ${WORKER_IMAGE} ghcr.io/jonodrew/mentor-match/${WORKER_IMAGE} - docker tag ${WORKER_IMAGE} ghcr.io/jonodrew/mentor-match/worker:latest + docker tag ${WEB_IMAGE} ghcr.io/${{ github.repository }}/${WEB_IMAGE} + docker tag ${WEB_IMAGE} ghcr.io/${{ github.repository }}/web:latest + docker tag ${WORKER_IMAGE} ghcr.io/${{ github.repository }}/${WORKER_IMAGE} + docker tag ${WORKER_IMAGE} ghcr.io/${{ github.repository }}/worker:latest - name: log in to registries run: | @@ -88,5 +88,5 @@ jobs: - name: Push images run: | - docker image push --all-tags ghcr.io/jonodrew/mentor-match/web - docker image push --all-tags ghcr.io/jonodrew/mentor-match/worker + docker image push --all-tags ghcr.io/${{ github.repository }}/web + docker image push --all-tags ghcr.io/${{ github.repository }}/worker