-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
504506c
commit df8f539
Showing
8 changed files
with
325 additions
and
27 deletions.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
* @skaplan-dev |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
## Motivation | ||
|
||
<!-- Why are you making this change, what problem does it solve? Include links to relevant issues --> | ||
|
||
## Changes | ||
|
||
<!-- What does this change exactly? Include relevant screenshots, videos, links --> | ||
|
||
## Testing Instructions | ||
|
||
<!-- How can the reviewer confirm these changes do what you say they do? --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
ci/cd: | ||
- .github/**/* | ||
- deploy.sh | ||
|
||
dependencies: | ||
- package.json | ||
- package-lock.json | ||
|
||
documentation: | ||
- README.md | ||
- LICENSE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
name: deploy | ||
|
||
on: | ||
workflow_dispatch: | ||
push: | ||
branches: | ||
- main | ||
|
||
jobs: | ||
deploy: | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
node-version: ['20'] | ||
env: | ||
AWS_PROFILE: transitmatters | ||
AWS_DEFAULT_REGION: us-east-1 | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
TM_LABS_WILDCARD_CERT_ARN: ${{ secrets.TM_LABS_WILDCARD_CERT_ARN }} | ||
DD_API_KEY: ${{ secrets.DD_API_KEY }} | ||
|
||
steps: | ||
- name: Checkout repo | ||
uses: actions/checkout@v3 | ||
- name: Set up Node ${{ matrix.node-version }}.x | ||
uses: actions/setup-node@v3 | ||
with: | ||
node-version: ${{ matrix.node-version }} | ||
- name: Set up CI Cache | ||
uses: actions/cache@v3 | ||
with: | ||
path: | | ||
~/.npm | ||
${{ github.workspace }}/.next/cache | ||
key: ${{ runner.os }}-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }} | ||
restore-keys: | | ||
${{ runner.os }}-${{ hashFiles('**/package-lock.json') }}- | ||
- name: Check if package-lock.json is up to date | ||
run: | | ||
npx --yes [email protected] | ||
- name: Generate AWS profile | ||
run: | | ||
mkdir ~/.aws | ||
cat >> ~/.aws/credentials << EOF | ||
[$AWS_PROFILE] | ||
aws_access_key_id = $AWS_ACCESS_KEY_ID | ||
aws_secret_access_key = $AWS_SECRET_ACCESS_KEY | ||
EOF | ||
- name: Run deploy shell script | ||
run: | | ||
npm ci | ||
npm run build | ||
bash deploy.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,145 @@ | ||
{ | ||
"Parameters": { | ||
"TMFrontendHostname": { | ||
"Type": "String", | ||
"Default": "shutdowns.labs.transitmatters.org", | ||
"AllowedValues": ["shutdowns.labs.transitmatters.org"], | ||
"Description": "The frontend hostname for the shutdown tracker" | ||
}, | ||
"TMFrontendZone": { | ||
"Type": "String", | ||
"Default": "labs.transitmatters.org", | ||
"AllowedPattern": "^labs\\.transitmatters\\.org$", | ||
"Description": "The frontend's DNS zone file name. Most likely labs.transitmatters.org." | ||
}, | ||
"TMFrontendCertArn": { | ||
"Type": "String", | ||
"Description": "The ACM ARN of the frontend certificate." | ||
}, | ||
"DDApiKey": { | ||
"Type": "String", | ||
"Description": "Datadog API key." | ||
}, | ||
"DDTags": { | ||
"Type": "String", | ||
"Description": "Additional Datadog Tags" | ||
}, | ||
"GitVersion": { | ||
"Type": "String", | ||
"Description": "Current Git Id" | ||
} | ||
}, | ||
"Resources": { | ||
"FrontendDNSRecordSet": { | ||
"Type": "AWS::Route53::RecordSet", | ||
"Properties": { | ||
"Name": { "Ref": "TMFrontendHostname" }, | ||
"HostedZoneName": { "Fn::Sub": "${TMFrontendZone}." }, | ||
"AliasTarget": { | ||
"HostedZoneId": "Z2FDTNDATAQYW2", | ||
"DNSName": { | ||
"Fn::GetAtt": ["FrontendCloudFront", "DomainName"] | ||
} | ||
}, | ||
"Type": "A" | ||
} | ||
}, | ||
"FrontendBucket": { | ||
"Type": "AWS::S3::Bucket", | ||
"Properties": { | ||
"PublicAccessBlockConfiguration": { | ||
"BlockPublicPolicy": false, | ||
"RestrictPublicBuckets": false | ||
}, | ||
"BucketName": { "Ref": "TMFrontendHostname" }, | ||
"WebsiteConfiguration": { | ||
"IndexDocument": "index.html" | ||
}, | ||
"Tags": [ | ||
{ | ||
"Key": "service", | ||
"Value": "shutdown-tracker" | ||
} | ||
] | ||
} | ||
}, | ||
"FrontendBucketPolicy": { | ||
"Type": "AWS::S3::BucketPolicy", | ||
"Properties": { | ||
"Bucket": { "Ref": "FrontendBucket" }, | ||
"PolicyDocument": { | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Sid": "PublicReadForGetBucketObjects", | ||
"Effect": "Allow", | ||
"Principal": "*", | ||
"Action": "s3:GetObject", | ||
"Resource": { "Fn::Join": ["", [{ "Fn::GetAtt": ["FrontendBucket", "Arn"] }, "/*"]] } | ||
} | ||
] | ||
} | ||
} | ||
}, | ||
"FrontendCloudFront": { | ||
"Type": "AWS::CloudFront::Distribution", | ||
"Properties": { | ||
"DistributionConfig": { | ||
"Aliases": [{ "Ref": "TMFrontendHostname" }], | ||
"Enabled": "true", | ||
"DefaultCacheBehavior": { | ||
"Compress": true, | ||
"ForwardedValues": { | ||
"QueryString": "false" | ||
}, | ||
"TargetOriginId": "only-origin", | ||
"ViewerProtocolPolicy": "redirect-to-https" | ||
}, | ||
"DefaultRootObject": "index.html", | ||
"Origins": [ | ||
{ | ||
"CustomOriginConfig": { | ||
"HTTPPort": "80", | ||
"HTTPSPort": "443", | ||
"OriginProtocolPolicy": "http-only" | ||
}, | ||
"DomainName": { | ||
"Fn::Join": [ | ||
"", | ||
[{ "Ref": "TMFrontendHostname" }, ".s3-website-us-east-1.amazonaws.com"] | ||
] | ||
}, | ||
"Id": "only-origin" | ||
} | ||
], | ||
"CustomErrorResponses": [ | ||
{ | ||
"ErrorCode": "404", | ||
"ResponsePagePath": "/404.html", | ||
"ResponseCode": "404", | ||
"ErrorCachingMinTTL": "86400" | ||
} | ||
], | ||
"PriceClass": "PriceClass_100", | ||
"ViewerCertificate": { | ||
"MinimumProtocolVersion": "TLSv1.2_2018", | ||
"AcmCertificateArn": { "Ref": "TMFrontendCertArn" }, | ||
"SslSupportMethod": "sni-only" | ||
} | ||
}, | ||
"Tags": [ | ||
{ | ||
"Key": "service", | ||
"Value": "shutdown-tracker" | ||
} | ||
] | ||
} | ||
} | ||
}, | ||
"Outputs": { | ||
"WebsiteURL": { | ||
"Value": "FrontendBucket.WebsiteURL", | ||
"Description": "URL for website hosted on S3" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
#!/bin/bash -x | ||
|
||
if [[ -z "$DD_API_KEY" || -z "$TM_LABS_WILDCARD_CERT_ARN" ]]; then | ||
echo "Must provide DD_API_KEY and TM_LABS_WILDCARD_CERT_ARN in environment" 1>&2 | ||
exit 1 | ||
fi | ||
|
||
STACK_NAME=shutdown-tracker | ||
FRONTEND_HOSTNAME="shutdowns.labs.transitmatters.org" | ||
FRONTEND_ZONE="labs.transitmatters.org" | ||
BUCKET="$FRONTEND_HOSTNAME" | ||
FRONTEND_CERT_ARN="$TM_LABS_WILDCARD_CERT_ARN" | ||
|
||
# Identify the version and commit of the current deploy | ||
GIT_VERSION=`git describe --tags --always` | ||
GIT_SHA=`git rev-parse HEAD` | ||
echo "Deploying version $GIT_VERSION | $GIT_SHA" | ||
|
||
# Adding some datadog tags to get better data | ||
DD_TAGS="git.commit.sha:$GIT_SHA,git.repository_url:github.com/transitmatters/shutdown-tracker" | ||
|
||
npm run build | ||
|
||
# Deploy to cloudformation | ||
aws cloudformation deploy --template-file cloudformation.json --stack-name $STACK_NAME --capabilities CAPABILITY_IAM --no-fail-on-empty-changeset --parameter-overrides \ | ||
TMFrontendHostname=$FRONTEND_HOSTNAME \ | ||
TMFrontendZone=$FRONTEND_ZONE \ | ||
TMFrontendCertArn=$FRONTEND_CERT_ARN \ | ||
DDApiKey=$DD_API_KEY \ | ||
GitVersion=$GIT_VERSION \ | ||
DDTags=$DD_TAGS | ||
aws s3 sync dist/ s3://$BUCKET | ||
|
||
# Grab the cloudfront ID and invalidate its cache | ||
CLOUDFRONT_ID=$(aws cloudfront list-distributions --query "DistributionList.Items[?Aliases.Items!=null] | [?contains(Aliases.Items, '$FRONTEND_HOSTNAME')].Id | [0]" --output text) | ||
aws cloudfront create-invalidation --distribution-id $CLOUDFRONT_ID --paths "/*" |
Oops, something went wrong.