From ed5077a8d03e2c02079cafdcc1efcad24fddc05a Mon Sep 17 00:00:00 2001 From: Kevin Date: Mon, 2 Dec 2024 20:02:52 +0100 Subject: [PATCH] chore(Various): Updates documentation and local setup --- .github/workflows/main.yml | 8 ++-- cms/.env.example | 20 ++++++--- cms/README.md | 4 ++ docker-compose.yml | 50 +++++++++++++++++++++++ infrastructure/README.md | 14 ++++--- infrastructure/base/vars/terraform.tfvars | 3 +- 6 files changed, 83 insertions(+), 16 deletions(-) create mode 100644 docker-compose.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 75dc7ce..abbea2e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,8 +1,8 @@ -# The workflow also processes GH secrets and variables managed by Terraform or manually, with the TF_ prefix -# for each relevant GH environment, which are used to build the .env files for the containers. +# The workflow also processes GH secrets and variables managed by Terraform (with the TF_ prefix) or manually, +# for each relevant GH environment depending on the prefix (CLIENT_ENV_ for example), which are used to build the .env files for the containers. # These follow the naming convention: -# - TF_[CLIENT_ENV|CMS_ENV]_* - managed by Terraform -# - [CLIENT_ENV|CMS_ENV]_* - managed manually +# - TF_[CLIENT_ENV|CMS_ENV]_* - automatically managed by Terraform, and cannot be changed manually +# - [CLIENT_ENV|CMS_ENV]_* - managed manually by devs, used mostly externally managed services (mapbox api keys, for example) name: Run deploy to AWS diff --git a/cms/.env.example b/cms/.env.example index ebfc96a..ab0a6a4 100644 --- a/cms/.env.example +++ b/cms/.env.example @@ -1,7 +1,17 @@ HOST=0.0.0.0 PORT=1337 -APP_KEYS="toBeModified1,toBeModified2" -API_TOKEN_SALT=tobemodified -ADMIN_JWT_SECRET=tobemodified -TRANSFER_TOKEN_SALT=tobemodified -JWT_SECRET=tobemodified +APP_KEYS=some,random,keys,here,each,base64 +#Strapi +API_TOKEN_SALT=salt_base64 +ADMIN_JWT_SECRET=jwt_secret_base64 +TRANSFER_TOKEN_SALT=transfer_salt_base64 +JWT_SECRET=secret_base64 +# Database +DATABASE_CLIENT=postgres +DATABASE_HOST=127.0.0.1 +DATABASE_PORT=5432 +DATABASE_NAME=hydro-db +DATABASE_USERNAME=strapi +DATABASE_PASSWORD=strapi +DATABASE_SSL=false + diff --git a/cms/README.md b/cms/README.md index 931729f..a36be38 100644 --- a/cms/README.md +++ b/cms/README.md @@ -40,6 +40,10 @@ Strapi gives you many possible deployment options for your project including [St yarn strapi deploy ``` +## NOTE on changing Strapi's configuration/data model + +Whenever doing any kind of changes to the configuration or data model when developing locally, remember to `export` all the changes to local files, on `Settings/Config Sync/Interface`. This will generate changes on several files managed by Stapi in the filesystem, that must be commited to the VCS, in order to get automatically deployed to the staging environment. It is also recommended to make a backup of the database when doing major changes to the data model. This can be done by exporting the database from the Strapi admin panel. + ## 📚 Learn more - [Resource center](https://strapi.io/resource-center) - Strapi resource center. diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..83e0c84 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,50 @@ +version: '3.3' + +services: + cms: + build: + context: cms + ports: + - '1337:1337' + #env_file: + #- ./cms/.env + environment: + - DATABASE_CLIENT=postgres + - DATABASE_SSL=false + - DATABASE_URL=postgres://strapi:some_password@db:5432/strapi + links: + - db + command: dev + depends_on: + - db + volumes: + - ./cms:/app/cms + + client: + build: + context: client + ports: + - '3000:3000' + #env_file: + # - ./client/.env.local + environment: + - NEXT_PUBLIC_API_URL=http://localhost:1337/api + links: + - cms + command: dev + volumes: + - ./client:/app/client + + db: + image: postgres:15.4-alpine3.18 + ports: + - '5432:5432' + environment: + - POSTGRES_PASSWORD=some_password + - POSTGRES_USER=strapi + - POSTGRES_DB=strapi + volumes: + - pgdata:/var/lib/postgresql/data + +volumes: + pgdata: diff --git a/infrastructure/README.md b/infrastructure/README.md index 90baf6a..929d78b 100644 --- a/infrastructure/README.md +++ b/infrastructure/README.md @@ -14,6 +14,7 @@ Both are deployed on AWS using the following services: - EC2: to host the Docker images (managed by Elastic Beanstalk) - ALB: to route the traffic to the EC2 instances and provide SSL termination - RDS: to host the database +- S3: to store raster and animated tiles (not included in the diagram) Other AWS services are used internally by Elastic Beanstalk, for example: - Autocaling: to scale the EC2 instances @@ -21,17 +22,20 @@ Other AWS services are used internally by Elastic Beanstalk, for example: # Deployment -The deployment is automated using a GH Action that builds the Docker images and deploys them to Elastic Beanstalk. +The deployment is automated using a GH Action that builds the Docker images and deploys them to Elastic Beanstalk. It roughly follows these steps: +- Compile the required environment variables corresponding to the environment (e.g. staging, production) and component (e.g. client, cms) being deployed. +- Build the Docker images and publish them to ECR +- Generate the Elastic Beanstalk distribution bundle with the docker-compose file, ebextensions, nginx configurations, etc. and deploy it to Elastic Beanstalk # Infrastructure as Code -The resources required to deploy the solution are defined in the `infrastructure` folder. The infrastructure is defined using Terraform. +The resources required to deploy the solution are defined in the `infrastructure` folder. The infrastructure is defined using `Terraform`. There are two Terraform projects in the `infrastructure` folder: -- state: to store the Terraform remote state in an S3 bucket -- base: to deploy the infrastructure, using the remote state stored in the S3 bucket +- `state`: to create an initial store the Terraform remote state in an S3 bucket, for all environments. This project must be deployed first and "used" only once. +- `base`: to deploy the infrastructure, using the remote state stored in the S3 bucket. This requires to have the remote state already created and configured on the `terraform/backend s3` block (which is already done in this project) -The `state` project must be deployed first, and then the `base` project can be deployed. +You will need to have an AWS user with the proper permissions to `apply` changes to the infrastructure (for example `AdministratorAccess` policy). In order to get authentication credentials for Terraform, follow the steps on https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration . The same applies when Github Secrets/Variables are updated, you will need a GitHub user with the proper permissions. Follow these instructions to set up the GH credentials for the GH Terraform provider https://registry.terraform.io/providers/integrations/github/latest/docs#authentication # Elastic Beanstalk customisation diff --git a/infrastructure/base/vars/terraform.tfvars b/infrastructure/base/vars/terraform.tfvars index 3047e6e..44f4c70 100644 --- a/infrastructure/base/vars/terraform.tfvars +++ b/infrastructure/base/vars/terraform.tfvars @@ -2,13 +2,12 @@ aws_region = "af-south-1" //il-central is much closer geographically but allowed_account_id = "533267347591" project_name = "wims-ss" repo_name = "south-sudan-pilot" -//repo_name = "wims-south-sudan" staging_domain = "ss-hydro-pilot.gmv.com" staging_ec2_instance_type = "m5.large" staging_rds_backup_retention_period = 3 -production_domain = "ss.to-be-determined.com" +production_domain = "ss.to-be-determined.com" //TBD production_ec2_instance_type = "c5a.large" production_rds_backup_retention_period = 7