diff --git a/.github/workflows/deploy-dev-manual.yaml b/.github/workflows/deploy-dev-manual.yaml new file mode 100644 index 0000000..df72f2b --- /dev/null +++ b/.github/workflows/deploy-dev-manual.yaml @@ -0,0 +1,47 @@ +name: Deploy-dev-manual + +on: + workflow_dispatch: + inputs: + branch: + description: 'Branch name' + required: true + default: 'develop' + +jobs: + deploy: + name: deploy dev + runs-on: ubuntu-latest + + env: + IMAGE_TAG: ${{ github.run_number }} + ECR_REPOSITORY: waffledotcom-dev/waffledotcom-server + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + ref: ${{ inputs.branch }} + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ap-northeast-2 + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build, tag, and push image to ECR to be deployed for K8S + id: build-image-k8s + uses: docker/build-push-action@v4 + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + with: + context: . + push: true + tags: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} + build-args: | + ENV=dev diff --git a/.github/workflows/deploy-dev.yaml b/.github/workflows/deploy-dev.yaml index 5a54ce5..2d652e3 100644 --- a/.github/workflows/deploy-dev.yaml +++ b/.github/workflows/deploy-dev.yaml @@ -39,8 +39,3 @@ jobs: tags: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} build-args: | ENV=dev - DB_HOST=${{ secrets.DB_HOST_DEV }} - DB_PORT=${{ secrets.DB_PORT_DEV }} - DB_NAME=${{ secrets.DB_NAME_DEV }} - DB_USERNAME=${{ secrets.DB_USERNAME_DEV }} - DB_PASSWORD=${{ secrets.DB_PASSWORD_DEV }} diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml index 0250e23..a21414f 100644 --- a/.github/workflows/deploy-prod.yaml +++ b/.github/workflows/deploy-prod.yaml @@ -2,7 +2,8 @@ name: Deploy-prod on: push: - branches: [main] + tags: + - 'v[0-9]+.[0-9]+.[0-9]+*' jobs: deploy: @@ -10,7 +11,7 @@ jobs: runs-on: ubuntu-latest env: - IMAGE_TAG: ${{ github.run_number }} + IMAGE_TAG: ${{ github.ref_name }} ECR_REPOSITORY: waffledotcom-prod/waffledotcom-server steps: @@ -28,7 +29,6 @@ jobs: id: login-ecr uses: aws-actions/amazon-ecr-login@v1 - - name: Build, tag, and push image to ECR to be deployed for K8S id: build-image-k8s uses: docker/build-push-action@v4 @@ -40,8 +40,3 @@ jobs: tags: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} build-args: | ENV=prod - DB_HOST=${{ secrets.DB_HOST_PROD }} - DB_PORT=${{ secrets.DB_PORT_PROD }} - DB_NAME=${{ secrets.DB_NAME_PROD }} - DB_USERNAME=${{ secrets.DB_USERNAME_PROD }} - DB_PASSWORD=${{ secrets.DB_PASSWORD_PROD }} diff --git a/README.md b/README.md index 6ccf713..f548796 100644 --- a/README.md +++ b/README.md @@ -85,3 +85,78 @@ alembic downgrade - With **ArgoCD**, `waffle-cluster` lets the new image to be deployed as a **Deployment** API resource. - Define a manifest file in [waffle-world/apps/](https://github.com/wafflestudio/waffle-world/tree/main/apps)[projectName] including **Deployment**, **ServiceAccount**, **Service**, **VirtualService**, etc. - DevOps tools(ex. Istio, Prometheus, etc.) have been managed by **Helm**([/charts](https://github.com/wafflestudio/waffle-world/tree/main/charts)) and **kubectl** command([/misc](https://github.com/wafflestudio/waffle-world/tree/main/misc)). + + +## PN Rules +와플닷컴에서는 3단계로 간소화된 Pn 룰을 사용합니다. +- P1: 꼭 반영해주세요. (Request Changes) +- P2: 웬만하면 반영해주세요. (Comment) +- P3: 사소한 의견입니다. (Approve) + + +## Deployment Strategy + +![git-flow-diagram](https://nvie.com/img/git-model@2x.png) + +배포 시 브랜치 전략은 git-flow를 사용합니다. +이 레포에는 영원히 존재하는 2개의 메인 브랜치가 존재합니다: + +* `main` +* `development` + +그리고 메인 브랜치를 뒷받침하는 3 종류의 브랜치들이 있습니다. 이 브랜치들은 제한된 생명주기를 갖습니다: + +* `feature` +* `release` +* `hotfix` + +### Feature +먼저 feature 브랜치는 다음 규약을 지켜야합니다. + +* branch off from + * `develop` +* merge back into + * `develop` +* naming convention + * `feat/*`, `refact/*`, `fix/*`... + +feature 브랜치는 다음 릴리즈에 포함될 기능들의 개발을 위해 사용됩니다. `develop` 브랜치에서 분기하여 `develop` 브랜치에 머지합니다. 최대한 작은 단위로 개발하는 것을 지향합니다. + +### Release +release 브랜치는 다음 규약을 지켜야합니다. + +* branch off from + * `develop` +* merge back into + * `develop` and `main` +* naming convention + * `release-v..` + +release 브랜치는 이전 릴리즈 이후 추가된 기능들을 배포하기 위해 사용되며, `develop` 브랜치에서 분기 후 QA 기간 동안 추가적인 커밋이 생길 수 있습니다. 이러한 사항을 반영하기 위해 `develop` 브랜치와 `main` 브랜치에 동시에 머지하며, `main` 브랜치 머지 직후 새로운 버전의 태그를 따서 배포합니다. + +### Hotfix +hotfix 브랜치는 다음 규약을 지켜야합니다. + +* branch off from + * `main` +* merge back into + * `develop` and `main` +* naming convention + * `hotfix/*` + +hotfix 브랜치는 main 브랜치에서 발견된 심각한 버그를 수정하기 위해 존재합니다. 최신의 `main` 브랜치에서 분기하여, 버그 수정 후 `develop` 과 `main` 브랜치에 동시에 머지합니다. release 브랜치와 마찬가지로 `main` 브랜치에 머지 직후 새로운 버전의 태그를 따서 배포합니다. + +참고: https://nvie.com/posts/a-successful-git-branching-model/ + +### Versioning + +![Semantic Versioning](https://miro.medium.com/v2/resize:fit:1400/0*s9t0r3aU04Mi5n3t) + +배포를 위해 만들어지는 태그들의 이름은 Semantic Versioning에 기반합니다. +각 버전에 대한 간략한 설명은 다음과 같습니다. + +* MAJOR version: API의 변경이 기존 버전과 호환되지 않을 때 바꾼다. +* MINOR version: 이전 버전과의 호환성을 유지하며 새로운 기능을 추가할 때 바꾼다. +* PATCH version: 이전 버전과의 호환성을 유지하며 버그를 수정했을 때 바꾼다. + +그 외 자세한 명세는 https://semver.org/ 에서 볼 수 있습니다. diff --git a/poetry.lock b/poetry.lock index 009928b..606ae7b 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,10 +1,9 @@ -# This file is automatically @generated by Poetry and should not be changed by hand. +# This file is automatically @generated by Poetry 1.5.1 and should not be changed by hand. [[package]] name = "alembic" version = "1.11.1" description = "A database migration tool for SQLAlchemy." -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -24,7 +23,6 @@ tz = ["python-dateutil"] name = "anyio" version = "3.6.2" description = "High level compatibility layer for multiple asynchronous event loop implementations" -category = "main" optional = false python-versions = ">=3.6.2" files = [ @@ -45,7 +43,6 @@ trio = ["trio (>=0.16,<0.22)"] name = "astroid" version = "2.15.5" description = "An abstract syntax tree for Python with inference support." -category = "dev" optional = false python-versions = ">=3.7.2" files = [ @@ -61,7 +58,6 @@ wrapt = {version = ">=1.14,<2", markers = "python_version >= \"3.11\""} name = "asttokens" version = "2.2.1" description = "Annotate AST trees with source code positions" -category = "dev" optional = false python-versions = "*" files = [ @@ -75,11 +71,24 @@ six = "*" [package.extras] test = ["astroid", "pytest"] +[[package]] +name = "aws-secretsmanager-caching" +version = "1.1.1.5" +description = "Client-side AWS Secrets Manager caching library" +optional = false +python-versions = ">3.5" +files = [ + {file = "aws_secretsmanager_caching-1.1.1.5-py3-none-any.whl", hash = "sha256:6afb0233b6ae0183b518138e79b3a53f26432f3a71b03df99801e02e2456adc0"}, + {file = "aws_secretsmanager_caching-1.1.1.5.tar.gz", hash = "sha256:5cee2762bb89b72f3e5123feee8e45fbe44ffe163bfca08b28f27b2e2b7772e1"}, +] + +[package.dependencies] +botocore = "*" + [[package]] name = "bcrypt" version = "4.0.1" description = "Modern password hashing for your software and your servers" -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -114,7 +123,6 @@ typecheck = ["mypy"] name = "black" version = "23.3.0" description = "The uncompromising code formatter." -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -158,11 +166,48 @@ d = ["aiohttp (>=3.7.4)"] jupyter = ["ipython (>=7.8.0)", "tokenize-rt (>=3.2.0)"] uvloop = ["uvloop (>=0.15.2)"] +[[package]] +name = "boto3" +version = "1.28.53" +description = "The AWS SDK for Python" +optional = false +python-versions = ">= 3.7" +files = [ + {file = "boto3-1.28.53-py3-none-any.whl", hash = "sha256:dc2da9aff7de359774030a243a09b74568664117e2afb77c6e4b90572ae3a6c3"}, + {file = "boto3-1.28.53.tar.gz", hash = "sha256:b95b0cc39f08402029c3a2bb141e1775cfa46576ebe9f9916f79bde90e27f53f"}, +] + +[package.dependencies] +botocore = ">=1.31.53,<1.32.0" +jmespath = ">=0.7.1,<2.0.0" +s3transfer = ">=0.6.0,<0.7.0" + +[package.extras] +crt = ["botocore[crt] (>=1.21.0,<2.0a0)"] + +[[package]] +name = "botocore" +version = "1.31.53" +description = "Low-level, data-driven core of boto 3." +optional = false +python-versions = ">= 3.7" +files = [ + {file = "botocore-1.31.53-py3-none-any.whl", hash = "sha256:aa647f94039d21de97c969df21ce8c5186b68234eb5c53148f0d8bbd708e375d"}, + {file = "botocore-1.31.53.tar.gz", hash = "sha256:905580ea724d74f11652bab63fcec6bf0d32f1cf8b2963f7388efc0ea406b69b"}, +] + +[package.dependencies] +jmespath = ">=0.7.1,<2.0.0" +python-dateutil = ">=2.1,<3.0.0" +urllib3 = ">=1.25.4,<1.27" + +[package.extras] +crt = ["awscrt (==0.16.26)"] + [[package]] name = "certifi" version = "2023.5.7" description = "Python package for providing Mozilla's CA Bundle." -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -174,7 +219,6 @@ files = [ name = "cffi" version = "1.15.1" description = "Foreign Function Interface for Python calling C code." -category = "main" optional = false python-versions = "*" files = [ @@ -251,7 +295,6 @@ pycparser = "*" name = "cfgv" version = "3.3.1" description = "Validate configuration and produce human readable error messages." -category = "dev" optional = false python-versions = ">=3.6.1" files = [ @@ -263,7 +306,6 @@ files = [ name = "charset-normalizer" version = "3.1.0" description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet." -category = "main" optional = false python-versions = ">=3.7.0" files = [ @@ -348,7 +390,6 @@ files = [ name = "click" version = "8.1.3" description = "Composable command line interface toolkit" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -363,7 +404,6 @@ colorama = {version = "*", markers = "platform_system == \"Windows\""} name = "colorama" version = "0.4.6" description = "Cross-platform colored terminal text." -category = "main" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7" files = [ @@ -375,7 +415,6 @@ files = [ name = "cryptography" version = "41.0.1" description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers." -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -417,7 +456,6 @@ test-randomorder = ["pytest-randomly"] name = "deprecated" version = "1.2.14" description = "Python @deprecated decorator to deprecate old python classes, functions or methods." -category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" files = [ @@ -435,7 +473,6 @@ dev = ["PyTest", "PyTest-Cov", "bump2version (<1)", "sphinx (<2)", "tox"] name = "devtools" version = "0.11.0" description = "Python's missing debug print command, and more." -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -454,7 +491,6 @@ pygments = ["pygments (>=2.2.0)"] name = "dill" version = "0.3.6" description = "serialize all of python" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -469,7 +505,6 @@ graph = ["objgraph (>=1.7.2)"] name = "distlib" version = "0.3.6" description = "Distribution utilities" -category = "dev" optional = false python-versions = "*" files = [ @@ -481,7 +516,6 @@ files = [ name = "executing" version = "1.2.0" description = "Get the currently executing AST node of a frame, and other information" -category = "dev" optional = false python-versions = "*" files = [ @@ -496,7 +530,6 @@ tests = ["asttokens", "littleutils", "pytest", "rich"] name = "fastapi" version = "0.95.1" description = "FastAPI framework, high performance, easy to learn, fast to code, ready for production" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -518,7 +551,6 @@ test = ["anyio[trio] (>=3.2.1,<4.0.0)", "black (==23.1.0)", "coverage[toml] (>=6 name = "filelock" version = "3.12.0" description = "A platform independent file lock." -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -534,7 +566,6 @@ testing = ["covdefaults (>=2.3)", "coverage (>=7.2.3)", "diff-cover (>=7.5)", "p name = "greenlet" version = "2.0.2" description = "Lightweight in-process concurrent programming" -category = "main" optional = false python-versions = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*" files = [ @@ -608,7 +639,6 @@ test = ["objgraph", "psutil"] name = "h11" version = "0.14.0" description = "A pure-Python, bring-your-own-I/O implementation of HTTP/1.1" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -620,7 +650,6 @@ files = [ name = "identify" version = "2.5.24" description = "File identification library for Python" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -635,7 +664,6 @@ license = ["ukkonen"] name = "idna" version = "3.4" description = "Internationalized Domain Names in Applications (IDNA)" -category = "main" optional = false python-versions = ">=3.5" files = [ @@ -647,7 +675,6 @@ files = [ name = "iniconfig" version = "2.0.0" description = "brain-dead simple config-ini parsing" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -659,7 +686,6 @@ files = [ name = "isort" version = "5.12.0" description = "A Python utility / library to sort Python imports." -category = "dev" optional = false python-versions = ">=3.8.0" files = [ @@ -673,11 +699,21 @@ pipfile-deprecated-finder = ["pip-shims (>=0.5.2)", "pipreqs", "requirementslib" plugins = ["setuptools"] requirements-deprecated-finder = ["pip-api", "pipreqs"] +[[package]] +name = "jmespath" +version = "1.0.1" +description = "JSON Matching Expressions" +optional = false +python-versions = ">=3.7" +files = [ + {file = "jmespath-1.0.1-py3-none-any.whl", hash = "sha256:02e2e4cc71b5bcab88332eebf907519190dd9e6e82107fa7f83b1003a6252980"}, + {file = "jmespath-1.0.1.tar.gz", hash = "sha256:90261b206d6defd58fdd5e85f478bf633a2901798906be2ad389150c5c60edbe"}, +] + [[package]] name = "lazy-object-proxy" version = "1.9.0" description = "A fast and thorough lazy object proxy." -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -723,7 +759,6 @@ files = [ name = "loguru" version = "0.7.0" description = "Python logging made (stupidly) simple" -category = "main" optional = false python-versions = ">=3.5" files = [ @@ -742,7 +777,6 @@ dev = ["Sphinx (==5.3.0)", "colorama (==0.4.5)", "colorama (==0.4.6)", "freezegu name = "mako" version = "1.2.4" description = "A super-fast templating language that borrows the best ideas from the existing templating languages." -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -762,7 +796,6 @@ testing = ["pytest"] name = "markupsafe" version = "2.1.2" description = "Safely add untrusted strings to HTML/XML markup." -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -822,7 +855,6 @@ files = [ name = "mccabe" version = "0.7.0" description = "McCabe checker, plugin for flake8" -category = "dev" optional = false python-versions = ">=3.6" files = [ @@ -834,7 +866,6 @@ files = [ name = "mypy-extensions" version = "1.0.0" description = "Type system extensions for programs checked with the mypy type checker." -category = "dev" optional = false python-versions = ">=3.5" files = [ @@ -846,7 +877,6 @@ files = [ name = "mysqlclient" version = "2.1.1" description = "Python interface to MySQL" -category = "main" optional = false python-versions = ">=3.5" files = [ @@ -863,7 +893,6 @@ files = [ name = "nodeenv" version = "1.8.0" description = "Node.js virtual environment builder" -category = "dev" optional = false python-versions = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*" files = [ @@ -878,7 +907,6 @@ setuptools = "*" name = "packaging" version = "23.1" description = "Core utilities for Python packages" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -890,7 +918,6 @@ files = [ name = "pathspec" version = "0.11.1" description = "Utility library for gitignore style pattern matching of file paths." -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -902,7 +929,6 @@ files = [ name = "platformdirs" version = "3.5.1" description = "A small Python package for determining appropriate platform-specific dirs, e.g. a \"user data dir\"." -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -918,7 +944,6 @@ test = ["appdirs (==1.4.4)", "covdefaults (>=2.3)", "pytest (>=7.3.1)", "pytest- name = "pluggy" version = "1.0.0" description = "plugin and hook calling mechanisms for python" -category = "dev" optional = false python-versions = ">=3.6" files = [ @@ -934,7 +959,6 @@ testing = ["pytest", "pytest-benchmark"] name = "pre-commit" version = "3.3.1" description = "A framework for managing and maintaining multi-language pre-commit hooks." -category = "dev" optional = false python-versions = ">=3.8" files = [ @@ -953,7 +977,6 @@ virtualenv = ">=20.10.0" name = "pycparser" version = "2.21" description = "C parser in Python" -category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" files = [ @@ -965,7 +988,6 @@ files = [ name = "pydantic" version = "1.10.7" description = "Data validation and settings management using python type hints" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1018,7 +1040,6 @@ email = ["email-validator (>=1.0.3)"] name = "pygithub" version = "1.58.2" description = "Use the full Github API v3" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1036,7 +1057,6 @@ requests = ">=2.14.0" name = "pyjwt" version = "2.7.0" description = "JSON Web Token implementation in Python" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1057,7 +1077,6 @@ tests = ["coverage[toml] (==5.0.4)", "pytest (>=6.0.0,<7.0.0)"] name = "pylint" version = "2.17.4" description = "python code static checker" -category = "dev" optional = false python-versions = ">=3.7.2" files = [ @@ -1082,7 +1101,6 @@ testutils = ["gitpython (>3)"] name = "pynacl" version = "1.5.0" description = "Python binding to the Networking and Cryptography (NaCl) library" -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -1109,7 +1127,6 @@ tests = ["hypothesis (>=3.27.0)", "pytest (>=3.2.1,!=3.3.0)"] name = "pyright" version = "1.1.314" description = "Command line wrapper for pyright" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -1128,7 +1145,6 @@ dev = ["twine (>=3.4.1)"] name = "pytest" version = "7.3.1" description = "pytest: simple powerful testing with Python" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -1145,11 +1161,24 @@ pluggy = ">=0.12,<2.0" [package.extras] testing = ["argcomplete", "attrs (>=19.2.0)", "hypothesis (>=3.56)", "mock", "nose", "pygments (>=2.7.2)", "requests", "xmlschema"] +[[package]] +name = "python-dateutil" +version = "2.8.2" +description = "Extensions to the standard Python datetime module" +optional = false +python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7" +files = [ + {file = "python-dateutil-2.8.2.tar.gz", hash = "sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86"}, + {file = "python_dateutil-2.8.2-py2.py3-none-any.whl", hash = "sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9"}, +] + +[package.dependencies] +six = ">=1.5" + [[package]] name = "python-dotenv" version = "1.0.0" description = "Read key-value pairs from a .env file and set them as environment variables" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -1164,7 +1193,6 @@ cli = ["click (>=5.0)"] name = "pyyaml" version = "6.0" description = "YAML parser and emitter for Python" -category = "dev" optional = false python-versions = ">=3.6" files = [ @@ -1214,7 +1242,6 @@ files = [ name = "requests" version = "2.31.0" description = "Python HTTP for Humans." -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1232,11 +1259,27 @@ urllib3 = ">=1.21.1,<3" socks = ["PySocks (>=1.5.6,!=1.5.7)"] use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"] +[[package]] +name = "s3transfer" +version = "0.6.2" +description = "An Amazon S3 Transfer Manager" +optional = false +python-versions = ">= 3.7" +files = [ + {file = "s3transfer-0.6.2-py3-none-any.whl", hash = "sha256:b014be3a8a2aab98cfe1abc7229cc5a9a0cf05eb9c1f2b86b230fd8df3f78084"}, + {file = "s3transfer-0.6.2.tar.gz", hash = "sha256:cab66d3380cca3e70939ef2255d01cd8aece6a4907a9528740f668c4b0611861"}, +] + +[package.dependencies] +botocore = ">=1.12.36,<2.0a.0" + +[package.extras] +crt = ["botocore[crt] (>=1.20.29,<2.0a.0)"] + [[package]] name = "setuptools" version = "67.7.2" description = "Easily download, build, install, upgrade, and uninstall Python packages" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -1253,7 +1296,6 @@ testing-integration = ["build[virtualenv]", "filelock (>=3.4.0)", "jaraco.envs ( name = "six" version = "1.16.0" description = "Python 2 and 3 compatibility utilities" -category = "dev" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*" files = [ @@ -1265,7 +1307,6 @@ files = [ name = "slack-sdk" version = "3.21.3" description = "The Slack API Platform SDK for Python" -category = "main" optional = false python-versions = ">=3.6.0" files = [ @@ -1281,7 +1322,6 @@ testing = ["Flask (>=1,<2)", "Flask-Sockets (>=0.2,<1)", "Jinja2 (==3.0.3)", "We name = "sniffio" version = "1.3.0" description = "Sniff out which async library your code is running under" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1293,7 +1333,6 @@ files = [ name = "sqlalchemy" version = "2.0.13" description = "Database Abstraction Library" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1341,7 +1380,7 @@ files = [ ] [package.dependencies] -greenlet = {version = "!=0.4.17", markers = "platform_machine == \"aarch64\" or platform_machine == \"ppc64le\" or platform_machine == \"x86_64\" or platform_machine == \"amd64\" or platform_machine == \"AMD64\" or platform_machine == \"win32\" or platform_machine == \"WIN32\""} +greenlet = {version = "!=0.4.17", markers = "platform_machine == \"win32\" or platform_machine == \"WIN32\" or platform_machine == \"AMD64\" or platform_machine == \"amd64\" or platform_machine == \"x86_64\" or platform_machine == \"ppc64le\" or platform_machine == \"aarch64\""} typing-extensions = ">=4.2.0" [package.extras] @@ -1371,7 +1410,6 @@ sqlcipher = ["sqlcipher3-binary"] name = "starlette" version = "0.26.1" description = "The little ASGI library that shines." -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1389,7 +1427,6 @@ full = ["httpx (>=0.22.0)", "itsdangerous", "jinja2", "python-multipart", "pyyam name = "tomlkit" version = "0.11.8" description = "Style preserving TOML library" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -1401,7 +1438,6 @@ files = [ name = "typing-extensions" version = "4.5.0" description = "Backported and Experimental Type Hints for Python 3.7+" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1411,27 +1447,24 @@ files = [ [[package]] name = "urllib3" -version = "2.0.3" +version = "1.26.16" description = "HTTP library with thread-safe connection pooling, file post, and more." -category = "main" optional = false -python-versions = ">=3.7" +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*" files = [ - {file = "urllib3-2.0.3-py3-none-any.whl", hash = "sha256:48e7fafa40319d358848e1bc6809b208340fafe2096f1725d05d67443d0483d1"}, - {file = "urllib3-2.0.3.tar.gz", hash = "sha256:bee28b5e56addb8226c96f7f13ac28cb4c301dd5ea8a6ca179c0b9835e032825"}, + {file = "urllib3-1.26.16-py2.py3-none-any.whl", hash = "sha256:8d36afa7616d8ab714608411b4a3b13e58f463aee519024578e062e141dce20f"}, + {file = "urllib3-1.26.16.tar.gz", hash = "sha256:8f135f6502756bde6b2a9b28989df5fbe87c9970cecaa69041edcce7f0589b14"}, ] [package.extras] -brotli = ["brotli (>=1.0.9)", "brotlicffi (>=0.8.0)"] -secure = ["certifi", "cryptography (>=1.9)", "idna (>=2.0.0)", "pyopenssl (>=17.1.0)", "urllib3-secure-extra"] -socks = ["pysocks (>=1.5.6,!=1.5.7,<2.0)"] -zstd = ["zstandard (>=0.18.0)"] +brotli = ["brotli (>=1.0.9)", "brotlicffi (>=0.8.0)", "brotlipy (>=0.6.0)"] +secure = ["certifi", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "ipaddress", "pyOpenSSL (>=0.14)", "urllib3-secure-extra"] +socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"] [[package]] name = "uvicorn" version = "0.22.0" description = "The lightning-fast ASGI server." -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1450,7 +1483,6 @@ standard = ["colorama (>=0.4)", "httptools (>=0.5.0)", "python-dotenv (>=0.13)", name = "virtualenv" version = "20.23.0" description = "Virtual Python Environment builder" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -1471,7 +1503,6 @@ test = ["covdefaults (>=2.3)", "coverage (>=7.2.3)", "coverage-enable-subprocess name = "win32-setctime" version = "1.1.0" description = "A small Python utility to set file creation time on Windows" -category = "main" optional = false python-versions = ">=3.5" files = [ @@ -1486,7 +1517,6 @@ dev = ["black (>=19.3b0)", "pytest (>=4.6.2)"] name = "wrapt" version = "1.15.0" description = "Module for decorators, wrappers and monkey patching." -category = "main" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7" files = [ @@ -1570,4 +1600,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.11" -content-hash = "14502b3d8f79dca42a13d4ae85722a6c4bb4fce2d186f15bb3b38ec51fdc258b" +content-hash = "dee5e5ed35c9585a0727ba4c2b62bb35e853193cb75510418d6dcdca63018b94" diff --git a/pyproject.toml b/pyproject.toml index d1a5938..54e8d38 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -18,6 +18,8 @@ alembic = "^1.11.1" mysqlclient = "^2.1.1" pygithub = "^1.58.2" slack-sdk = "^3.21.3" +aws-secretsmanager-caching = "^1.1.1.5" +boto3 = "^1.28.53" [tool.poetry.group.dev.dependencies] diff --git a/waffledotcom/src/database/config.py b/waffledotcom/src/database/config.py index 7421054..dae2002 100644 --- a/waffledotcom/src/database/config.py +++ b/waffledotcom/src/database/config.py @@ -1,5 +1,8 @@ +from urllib.parse import quote_plus + from pydantic import BaseSettings +from waffledotcom.src.secrets import AWSSecretManager from waffledotcom.src.settings import settings @@ -18,7 +21,19 @@ class Config: @property def url(self) -> str: + aws_secrets = AWSSecretManager() + if aws_secrets.is_available(): + self.username = aws_secrets.get_secret("server_db_username") + self.password = quote_plus(aws_secrets.get_secret("server_db_password")) + self.host = aws_secrets.get_secret("server_db_host") + self.port = int(aws_secrets.get_secret("server_db_port")) + self.name = aws_secrets.get_secret("server_db_name") + return ( f"mysql+mysqldb://{self.username}:{self.password}" f"@{self.host}:{self.port}/{self.name}" + "?charset=utf8mb4" ) + + +db_config = DBConfig() diff --git a/waffledotcom/src/secrets.py b/waffledotcom/src/secrets.py new file mode 100644 index 0000000..5d108f9 --- /dev/null +++ b/waffledotcom/src/secrets.py @@ -0,0 +1,37 @@ +import json + +from aws_secretsmanager_caching import SecretCache +from aws_secretsmanager_caching import SecretCacheConfig +import botocore +import botocore.session + +from waffledotcom.src.settings import settings +from waffledotcom.src.utils.singleton import SingletonMeta + + +class AWSSecretManager(metaclass=SingletonMeta): + def __init__(self) -> None: + client = botocore.session.get_session().create_client( + "secretsmanager", region_name="ap-northeast-2" + ) + cache_config = SecretCacheConfig() + self.cache = SecretCache(config=cache_config, client=client) + self.secret_name = f"{settings.env}/waffledotcom" + + def is_available(self) -> bool: + if settings.env in ["local", "test"]: + return False + try: + self.cache.get_secret_string(secret_id=self.secret_name) + return True + except BaseException as e: + raise ValueError( + f"Secret Manager is not available for {self.secret_name}" + ) from e + + def get_secret(self, key: str) -> str: + assert self.is_available(), "Secret Manager is not available" + secret_data = json.loads( + self.cache.get_secret_string(secret_id=self.secret_name) + ) + return secret_data[key]