chore(Various): Updates documentation and local setup

Vizzuality · Dec 2, 2024 · ed5077a · ed5077a
1 parent 1e45315
commit ed5077a
Show file tree

Hide file tree

Showing 6 changed files with 83 additions and 16 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,8 +1,8 @@
-# The workflow also processes GH secrets and variables managed by Terraform or manually, with the TF_ prefix
-# for each relevant GH environment, which are used to build the .env files for the containers.
+# The workflow also processes GH secrets and variables managed by Terraform (with the TF_ prefix) or manually,
+# for each relevant GH environment depending on the prefix (CLIENT_ENV_ for example), which are used to build the .env files for the containers.
 # These follow the naming convention:
-# - TF_[CLIENT_ENV|CMS_ENV]_* - managed by Terraform
-# - [CLIENT_ENV|CMS_ENV]_* - managed manually
+# - TF_[CLIENT_ENV|CMS_ENV]_* - automatically managed by Terraform, and cannot be changed manually
+# - [CLIENT_ENV|CMS_ENV]_* - managed manually by devs, used mostly externally managed services (mapbox api keys, for example)
 
 name: Run deploy to AWS
 

diff --git a/cms/.env.example b/cms/.env.example
@@ -1,7 +1,17 @@
 HOST=0.0.0.0
 PORT=1337
-APP_KEYS="toBeModified1,toBeModified2"
-API_TOKEN_SALT=tobemodified
-ADMIN_JWT_SECRET=tobemodified
-TRANSFER_TOKEN_SALT=tobemodified
-JWT_SECRET=tobemodified
+APP_KEYS=some,random,keys,here,each,base64
+#Strapi
+API_TOKEN_SALT=salt_base64
+ADMIN_JWT_SECRET=jwt_secret_base64
+TRANSFER_TOKEN_SALT=transfer_salt_base64
+JWT_SECRET=secret_base64
+# Database
+DATABASE_CLIENT=postgres
+DATABASE_HOST=127.0.0.1
+DATABASE_PORT=5432
+DATABASE_NAME=hydro-db
+DATABASE_USERNAME=strapi
+DATABASE_PASSWORD=strapi
+DATABASE_SSL=false
+
diff --git a/cms/README.md b/cms/README.md
@@ -40,6 +40,10 @@ Strapi gives you many possible deployment options for your project including [St
 yarn strapi deploy
 ```
 
+## NOTE on changing Strapi's configuration/data model
+
+Whenever doing any kind of changes to the configuration or data model when developing locally, remember to `export` all the changes to local files, on `Settings/Config Sync/Interface`. This will generate changes on several files managed by Stapi in the filesystem, that must be commited to the VCS, in order to get automatically deployed to the staging environment. It is also  recommended to make a backup of the database when doing major changes to the data model. This can be done by exporting the database from the Strapi admin panel.
+
 ## 📚 Learn more
 
 - [Resource center](https://strapi.io/resource-center) - Strapi resource center.

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,50 @@
+version: '3.3'
+
+services:
+  cms:
+    build:
+      context: cms
+    ports:
+      - '1337:1337'
+    #env_file:
+      #- ./cms/.env
+    environment:
+      - DATABASE_CLIENT=postgres
+      - DATABASE_SSL=false
+      - DATABASE_URL=postgres://strapi:some_password@db:5432/strapi
+    links:
+      - db
+    command: dev
+    depends_on:
+      - db
+    volumes:
+      - ./cms:/app/cms
+
+  client:
+    build:
+      context: client
+    ports:
+      - '3000:3000'
+    #env_file:
+     # - ./client/.env.local
+    environment:
+      - NEXT_PUBLIC_API_URL=http://localhost:1337/api
+    links:
+      - cms
+    command: dev
+    volumes:
+      - ./client:/app/client
+
+  db:
+    image: postgres:15.4-alpine3.18
+    ports:
+      - '5432:5432'
+    environment:
+      - POSTGRES_PASSWORD=some_password
+      - POSTGRES_USER=strapi
+      - POSTGRES_DB=strapi
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+
+volumes:
+  pgdata:
diff --git a/infrastructure/README.md b/infrastructure/README.md
@@ -14,24 +14,28 @@ Both are deployed on AWS using the following services:
 - EC2: to host the Docker images (managed by Elastic Beanstalk)
 - ALB: to route the traffic to the EC2 instances and provide SSL termination
 - RDS: to host the database
+- S3: to store raster and animated tiles (not included in the diagram)
 
 Other AWS services are used internally by Elastic Beanstalk, for example:
 - Autocaling: to scale the EC2 instances
 - S3: to store the logs
 
 # Deployment
 
-The deployment is automated using a GH Action that builds the Docker images and deploys them to Elastic Beanstalk.
+The deployment is automated using a GH Action that builds the Docker images and deploys them to Elastic Beanstalk. It roughly follows these steps:
+- Compile the required environment variables corresponding to the environment (e.g. staging, production) and component (e.g. client, cms) being deployed.
+- Build the Docker images and publish them to ECR
+- Generate the Elastic Beanstalk distribution bundle with the docker-compose file, ebextensions, nginx configurations, etc. and deploy it to Elastic Beanstalk
 
 # Infrastructure as Code
 
-The resources required to deploy the solution are defined in the `infrastructure` folder. The infrastructure is defined using Terraform.
+The resources required to deploy the solution are defined in the `infrastructure` folder. The infrastructure is defined using `Terraform`.
 
 There are two Terraform projects in the `infrastructure` folder:
-- state: to store the Terraform remote state in an S3 bucket
-- base: to deploy the infrastructure, using the remote state stored in the S3 bucket
+- `state`: to create an initial store the Terraform remote state in an S3 bucket, for all environments. This project must be deployed first and "used" only once.
+- `base`: to deploy the infrastructure, using the remote state stored in the S3 bucket. This requires to have the remote state already created and configured on the `terraform/backend s3` block (which is already done in this project)
 
-The `state` project must be deployed first, and then the `base` project can be deployed.
+You will need to have an AWS user with the proper permissions to `apply` changes to the infrastructure (for example `AdministratorAccess` policy). In order to get authentication credentials for Terraform, follow the steps on https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration . The same applies when Github Secrets/Variables are updated, you will need a GitHub user with the proper permissions. Follow these instructions to set up the GH credentials for the GH Terraform provider https://registry.terraform.io/providers/integrations/github/latest/docs#authentication
 
 # Elastic Beanstalk customisation
 

diff --git a/infrastructure/base/vars/terraform.tfvars b/infrastructure/base/vars/terraform.tfvars
@@ -2,13 +2,12 @@ aws_region         = "af-south-1" //il-central is much closer geographically but
 allowed_account_id = "533267347591"
 project_name       = "wims-ss"
 repo_name          = "south-sudan-pilot"
-//repo_name          = "wims-south-sudan"
 
 staging_domain                      = "ss-hydro-pilot.gmv.com"
 staging_ec2_instance_type           = "m5.large"
 staging_rds_backup_retention_period = 3
 
-production_domain                      = "ss.to-be-determined.com"
+production_domain                      = "ss.to-be-determined.com" //TBD
 production_ec2_instance_type           = "c5a.large"
 production_rds_backup_retention_period = 7