chore(ops): api deployment (#349)

* chore(ops): api deployment * add correct acc * update release-apps * update release-apps * update release-apps * update release-apps * update release-apps * chore(ops): add server dockerfile * change node version on server dockerfile --------- Co-authored-by: Lyka Labrada <[email protected]>
DeFiCh · Nov 10, 2023 · b4ece47 · b4ece47
1 parent 16711a1
commit b4ece47
Show file tree

Hide file tree

Showing 4 changed files with 150 additions and 1 deletion.
diff --git a/.github/scripts/release-ecr-tags.js b/.github/scripts/release-ecr-tags.js
@@ -0,0 +1,47 @@
+/**
+ * Release Tags
+ *
+ * Creating release tag based on each release version for AWS ECR Public
+ *
+ */
+
+module.exports = ({ context }) => {
+  if (context.eventName === "release") {
+    return getReleaseTag(context);
+  }
+  if (isStaging(context) === true) {
+    return getMainTag(context);
+  }
+  if (isDev(context) === true) {
+    return getPullRequestTag(context);
+  }
+  throw new Error(
+    "Release Violation: Could not determine the required release tags."
+  );
+};
+
+function getReleaseTag(context) {
+  const semver = context.payload.release.tag_name;
+  if (semver.match(/^v[0-9]+\.[0-9]+\.[0-9]+$/) === null) {
+    throw new Error(
+      `Release Violation: Provided version '${semver}' is not valid semver.`
+    );
+  }
+  return semver.replace("v", "");
+}
+
+function getMainTag({ sha }) {
+  return `${sha}`;
+}
+
+function getPullRequestTag({ payload: { number }, sha }) {
+  return `pr-${number}`;
+}
+
+function isStaging(context) {
+  return context.eventName === "push" && context.ref === "refs/heads/main";
+}
+
+function isDev(context) {
+  return context.eventName === "pull_request";
+}
diff --git a/.github/workflows/release-apps.yml b/.github/workflows/release-apps.yml
@@ -0,0 +1,69 @@
+name: Release Apps
+
+on:
+  release:
+    types: [published]
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+    paths-ignore:
+      - "apps/web/**"
+      - "packages/**"
+
+permissions:
+  id-token: write
+  contents: read
+  packages: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  aws_ecr:
+    name: Publish AWS ECR
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - name: metascan-api
+            environment: AWS ECR
+            acc: 553774129222
+    environment: ${{ matrix.environment }}
+    steps:
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.0.0
+      - run: corepack enable pnpm
+      - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
+        with:
+          node-version-file: ".nvmrc"
+          cache: "pnpm"
+
+      - run: pnpm install --frozen-lockfile
+
+      - uses: aws-actions/configure-aws-credentials@50ac8dd1e1b10d09dac7b8727528b91bed831ac0 # v3.0.2
+        with:
+          aws-region: ap-southeast-1
+          role-to-assume: arn:aws:iam::${{ matrix.acc }}:role/GITHUB_OIDC_DEFICHAIN_OPS_METASCAN_ECR_PRIVATE
+          role-duration-seconds: 900
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.0
+        with:
+          registry-type: private
+
+      - name: Resolve ECR Tags
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
+        id: ecr-tags
+        with:
+          script: return require('./.github/scripts/release-ecr-tags.js')({ context })
+          result-encoding: string
+
+      - name: Build, tag, and push image to Amazon ECR
+        env:
+          ECR_REGISTRY: ${{ matrix.acc }}.dkr.ecr.ap-southeast-1.amazonaws.com
+          IMAGE_TAG: metascan-api:${{ steps.ecr-tags.outputs.result }}
+        run: |
+          docker build --file apps/server/Dockerfile -t $ECR_REGISTRY/$IMAGE_TAG .
+          docker push $ECR_REGISTRY/$IMAGE_TAG
diff --git a/apps/server/Dockerfile b/apps/server/Dockerfile
@@ -0,0 +1,33 @@
+# Dockerfile used to build an image for the metascan-api
+FROM node:18.17.0-alpine3.17
+
+RUN corepack enable pnpm
+RUN pnpm config set auto-install-peers true
+
+RUN apk --no-cache add curl git
+RUN apk add --no-cache --virtual .gyp python3 make g++
+# See: https://github.com/vercel/turbo/issues/2198#issuecomment-1276475618
+RUN apk add --no-cache libc6-compat
+RUN apk update
+
+WORKDIR /app
+
+ENV PUPPETEER_SKIP_DOWNLOAD=false
+ENV CYPRESS_INSTALL_BINARY=0
+
+COPY pnpm-lock.yaml ./
+COPY package.json ./
+COPY pnpm-workspace.yaml ./
+COPY turbo.json ./
+COPY .npmrc ./
+
+COPY apps ./apps
+
+EXPOSE 5741
+
+RUN pnpm fetch
+
+RUN pnpm install -r --offline
+RUN pnpm build --filter="server"
+
+CMD node apps/server/dist/main.js
diff --git a/apps/server/src/main.ts b/apps/server/src/main.ts
@@ -4,7 +4,7 @@ import { AppModule } from './app.module';
 
 async function bootstrap() {
   const app = await NestFactory.create(AppModule);
-  const PORT = process.env.PORT || 3001;
+  const PORT = process.env.PORT || 5741;
   // eslint-disable-next-line @typescript-eslint/no-floating-promises
   app.listen(PORT).then(() => {
     // eslint-disable-next-line no-console