Set up deployment of service (#7)

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @skaplan-dev

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,11 @@
+## Motivation
+
+<!-- Why are you making this change, what problem does it solve? Include links to relevant issues -->
+
+## Changes
+
+<!-- What does this change exactly? Include relevant screenshots, videos, links -->
+
+## Testing Instructions
+
+<!-- How can the reviewer confirm these changes do what you say they do? -->

.github/labeler.yml

@@ -0,0 +1,11 @@
+ci/cd:
+- .github/**/*
+- deploy.sh
+
+dependencies:
+- package.json
+- package-lock.json
+
+documentation:
+- README.md
+- LICENSE

.github/workflows/deploy.yml

@@ -0,0 +1,54 @@
+name: deploy
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: ['20']
+    env:
+      AWS_PROFILE: transitmatters
+      AWS_DEFAULT_REGION: us-east-1
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      TM_LABS_WILDCARD_CERT_ARN: ${{ secrets.TM_LABS_WILDCARD_CERT_ARN }}
+      DD_API_KEY: ${{ secrets.DD_API_KEY }}
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+      - name: Set up Node ${{ matrix.node-version }}.x
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+      - name: Set up CI Cache
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.npm
+            ${{ github.workspace }}/.next/cache
+          key: ${{ runner.os }}-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }}
+          restore-keys: |
+            ${{ runner.os }}-${{ hashFiles('**/package-lock.json') }}-
+      - name: Check if package-lock.json is up to date
+        run: |
+          npx --yes [email protected]
+      - name: Generate AWS profile
+        run: |
+          mkdir ~/.aws
+          cat >> ~/.aws/credentials << EOF
+          [$AWS_PROFILE]
+          aws_access_key_id = $AWS_ACCESS_KEY_ID
+          aws_secret_access_key = $AWS_SECRET_ACCESS_KEY
+          EOF
+      - name: Run deploy shell script
+        run: |
+          npm ci
+          npm run build
+          bash deploy.sh

cloudformation.json

@@ -0,0 +1,145 @@
+{
+  "Parameters": {
+    "TMFrontendHostname": {
+      "Type": "String",
+      "Default": "shutdowns.labs.transitmatters.org",
+      "AllowedValues": ["shutdowns.labs.transitmatters.org"],
+      "Description": "The frontend hostname for the shutdown tracker"
+    },
+    "TMFrontendZone": {
+      "Type": "String",
+      "Default": "labs.transitmatters.org",
+      "AllowedPattern": "^labs\\.transitmatters\\.org$",
+      "Description": "The frontend's DNS zone file name. Most likely labs.transitmatters.org."
+    },
+    "TMFrontendCertArn": {
+      "Type": "String",
+      "Description": "The ACM ARN of the frontend certificate."
+    },
+    "DDApiKey": {
+      "Type": "String",
+      "Description": "Datadog API key."
+    },
+    "DDTags": {
+      "Type": "String",
+      "Description": "Additional Datadog Tags"
+    },
+    "GitVersion": {
+      "Type": "String",
+      "Description": "Current Git Id"
+    }
+  },
+  "Resources": {
+    "FrontendDNSRecordSet": {
+      "Type": "AWS::Route53::RecordSet",
+      "Properties": {
+        "Name": { "Ref": "TMFrontendHostname" },
+        "HostedZoneName": { "Fn::Sub": "${TMFrontendZone}." },
+        "AliasTarget": {
+          "HostedZoneId": "Z2FDTNDATAQYW2",
+          "DNSName": {
+            "Fn::GetAtt": ["FrontendCloudFront", "DomainName"]
+          }
+        },
+        "Type": "A"
+      }
+    },
+    "FrontendBucket": {
+      "Type": "AWS::S3::Bucket",
+      "Properties": {
+        "PublicAccessBlockConfiguration": {
+          "BlockPublicPolicy": false,
+          "RestrictPublicBuckets": false
+        },
+        "BucketName": { "Ref": "TMFrontendHostname" },
+        "WebsiteConfiguration": {
+          "IndexDocument": "index.html"
+        },
+        "Tags": [
+          {
+            "Key": "service",
+            "Value": "shutdown-tracker"
+          }
+        ]
+      }
+    },
+    "FrontendBucketPolicy": {
+      "Type": "AWS::S3::BucketPolicy",
+      "Properties": {
+        "Bucket": { "Ref": "FrontendBucket" },
+        "PolicyDocument": {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Sid": "PublicReadForGetBucketObjects",
+              "Effect": "Allow",
+              "Principal": "*",
+              "Action": "s3:GetObject",
+              "Resource": { "Fn::Join": ["", [{ "Fn::GetAtt": ["FrontendBucket", "Arn"] }, "/*"]] }
+            }
+          ]
+        }
+      }
+    },
+    "FrontendCloudFront": {
+      "Type": "AWS::CloudFront::Distribution",
+      "Properties": {
+        "DistributionConfig": {
+          "Aliases": [{ "Ref": "TMFrontendHostname" }],
+          "Enabled": "true",
+          "DefaultCacheBehavior": {
+            "Compress": true,
+            "ForwardedValues": {
+              "QueryString": "false"
+            },
+            "TargetOriginId": "only-origin",
+            "ViewerProtocolPolicy": "redirect-to-https"
+          },
+          "DefaultRootObject": "index.html",
+          "Origins": [
+            {
+              "CustomOriginConfig": {
+                "HTTPPort": "80",
+                "HTTPSPort": "443",
+                "OriginProtocolPolicy": "http-only"
+              },
+              "DomainName": {
+                "Fn::Join": [
+                  "",
+                  [{ "Ref": "TMFrontendHostname" }, ".s3-website-us-east-1.amazonaws.com"]
+                ]
+              },
+              "Id": "only-origin"
+            }
+          ],
+          "CustomErrorResponses": [
+            {
+              "ErrorCode": "404",
+              "ResponsePagePath": "/404.html",
+              "ResponseCode": "404",
+              "ErrorCachingMinTTL": "86400"
+            }
+          ],
+          "PriceClass": "PriceClass_100",
+          "ViewerCertificate": {
+            "MinimumProtocolVersion": "TLSv1.2_2018",
+            "AcmCertificateArn": { "Ref": "TMFrontendCertArn" },
+            "SslSupportMethod": "sni-only"
+          }
+        },
+        "Tags": [
+          {
+            "Key": "service",
+            "Value": "shutdown-tracker"
+          }
+        ]
+      }
+    }
+  },
+  "Outputs": {
+    "WebsiteURL": {
+      "Value": "FrontendBucket.WebsiteURL",
+      "Description": "URL for website hosted on S3"
+    }
+  }
+}

deploy.sh

@@ -0,0 +1,36 @@
+#!/bin/bash -x
+
+if [[ -z "$DD_API_KEY" || -z "$TM_LABS_WILDCARD_CERT_ARN" ]]; then
+    echo "Must provide DD_API_KEY and TM_LABS_WILDCARD_CERT_ARN in environment" 1>&2
+    exit 1
+fi
+
+STACK_NAME=shutdown-tracker
+FRONTEND_HOSTNAME="shutdowns.labs.transitmatters.org"
+FRONTEND_ZONE="labs.transitmatters.org"
+BUCKET="$FRONTEND_HOSTNAME"
+FRONTEND_CERT_ARN="$TM_LABS_WILDCARD_CERT_ARN" 
+
+# Identify the version and commit of the current deploy
+GIT_VERSION=`git describe --tags --always`
+GIT_SHA=`git rev-parse HEAD`
+echo "Deploying version $GIT_VERSION | $GIT_SHA"
+
+# Adding some datadog tags to get better data
+DD_TAGS="git.commit.sha:$GIT_SHA,git.repository_url:github.com/transitmatters/shutdown-tracker"
+
+npm run build
+
+# Deploy to cloudformation
+aws cloudformation deploy --template-file cloudformation.json --stack-name $STACK_NAME --capabilities CAPABILITY_IAM --no-fail-on-empty-changeset --parameter-overrides \
+    TMFrontendHostname=$FRONTEND_HOSTNAME \
+    TMFrontendZone=$FRONTEND_ZONE \
+    TMFrontendCertArn=$FRONTEND_CERT_ARN \
+    DDApiKey=$DD_API_KEY \
+    GitVersion=$GIT_VERSION \
+    DDTags=$DD_TAGS
+aws s3 sync dist/ s3://$BUCKET
+
+# Grab the cloudfront ID and invalidate its cache
+CLOUDFRONT_ID=$(aws cloudfront list-distributions --query "DistributionList.Items[?Aliases.Items!=null] | [?contains(Aliases.Items, '$FRONTEND_HOSTNAME')].Id | [0]" --output text)
+aws cloudfront create-invalidation --distribution-id $CLOUDFRONT_ID --paths "/*"