diff --git a/.circleci/account-data-deleter.yml b/.circleci/account-data-deleter.yml deleted file mode 100644 index 69597e7c3..000000000 --- a/.circleci/account-data-deleter.yml +++ /dev/null @@ -1,299 +0,0 @@ - -workflows: - account-data-deleter: - jobs: - - - test_integrations: - <<: *not_dev_main - for: account_data_deleter - context: pocket - name: account-data-deleter_test_integrations - scope: account-data-deleter - - - test_integrations: - <<: *not_dev_main - for: account_data_deleter - context: pocket - name: account-data-deleter_batch-delete_test_integrations - scope: account-data-deleter-batch-delete - - - # Try building the ECS docker image on each branch - - build_image: - <<: *not_dev_main - context: pocket - for: account_data_deleter - name: account-data-deleter_build_docker - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: accountdatadeleter-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=account-data-deleter --build-arg APP_PATH=servers/account-data-deleter --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=account-data-deleter --build-arg PORT=4015 - - ###### - # Every PR Jobs - ###### - - build_lambda: - <<: *not_dev_main - context: pocket - for: account_data_deleter - name: account-data-deleter_build_events - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: account-data-deleter-events - sentry_project_name: account-data-deleter - sentry_env: development - sentry_org: pocket - - - build_lambda: - <<: *not_dev_main - context: pocket - for: account_data_deleter - name: account-data-deleter_build_batch-delete - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: account-data-deleter-batch-delete - sentry_project_name: account-data-deleter - sentry_env: development - sentry_org: pocket - - - infrastructure: - <<: *not_dev_main - context: pocket - for: account_data_deleter - name: account-data-deleter_infrastructure_plan_prod - scope: account-data-deleter-cdk - stack-output-path: infrastructure/account-data-deleter/cdktf.out/stacks/account-data-deleter - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: account_data_deleter - name: account-data-deleter_infrastructure_apply_dev - scope: account-data-deleter-cdk - stack-output-path: infrastructure/account-data-deleter/cdktf.out/stacks/account-data-deleter - resource-class: pocket/default-dev - apply: true - dev: true - - # Build & Deploy the Dev Docker Image - - build_image: - <<: *only_dev - context: pocket - for: account_data_deleter - name: account-data-deleter_build_docker_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: accountdatadeleter-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=account-data-deleter --build-arg APP_PATH=servers/account-data-deleter --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=account-data-deleter --build-arg PORT=4015 - requires: - - account-data-deleter_infrastructure_apply_dev - - - code_deploy_ecs: - <<: *only_dev - context: pocket - for: account_data_deleter - name: account-data-deleter_code_deploy_ecs_dev - resource-class: pocket/default-dev - requires: - - account-data-deleter_build_docker_dev - - - build_lambda: - <<: *only_dev - context: pocket - for: account_data_deleter - name: account-data-deleter_events_build_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: account-data-deleter-events - sentry_project_name: account-data-deleter - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-accountdatadeleter-dev-sqs-event-consumer - requires: - - account-data-deleter_infrastructure_apply_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: account_data_deleter - name: account-data-deleter_events_code_deploy_dev - resource-class: pocket/default-dev - codedeploy-app-name: AccountDataDeleter-Dev-Sqs-Event-Consumer-Lambda - codedeploy-group-name: AccountDataDeleter-Dev-Sqs-Event-Consumer-Lambda - function-name: AccountDataDeleter-Dev-Sqs-Event-Consumer-Function - s3-bucket: pocket-accountdatadeleter-dev-sqs-event-consumer - requires: - - account-data-deleter_events_build_dev - - - build_lambda: - <<: *only_dev - context: pocket - for: account_data_deleter - name: account-data-deleter_batch-delete_build_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: account-data-deleter-batch-delete - sentry_project_name: account-data-deleter - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-accountdatadeleter-dev-batchdeletelambda - requires: - - account-data-deleter_infrastructure_apply_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: account_data_deleter - name: account-data-deleter_batch-delete_code_deploy_dev - resource-class: pocket/default-dev - codedeploy-app-name: AccountDataDeleter-Dev-BatchDeleteLambda-Lambda - codedeploy-group-name: AccountDataDeleter-Dev-BatchDeleteLambda-Lambda - function-name: AccountDataDeleter-Dev-BatchDeleteLambda-Function - s3-bucket: pocket-accountdatadeleter-dev-batchdeletelambda - requires: - - account-data-deleter_batch-delete_build_dev - - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: account-data-deleter_sentry-release-notification-dev - context: pocket - for: account_data_deleter - sentry_project_name: account-data-deleter - sentry_env: development - sentry_org: pocket - requires: - - account-data-deleter_events_code_deploy_dev - - account-data-deleter_batch-delete_code_deploy_dev - - account-data-deleter_code_deploy_ecs_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: account_data_deleter - name: account-data-deleter_infrastructure_apply_prod - scope: account-data-deleter-cdk - stack-output-path: infrastructure/account-data-deleter/cdktf.out/stacks/account-data-deleter - resource-class: pocket/default-prod - apply: true - dev: false - - # Build & Deploy the Prod Docker Image - - build_image: - <<: *only_main - context: pocket - for: account_data_deleter - name: account-data-deleter_build_docker_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - repo-name: accountdatadeleter-prod-app - ecr-url: 996905175585.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=account-data-deleter --build-arg APP_PATH=servers/account-data-deleter --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=account-data-deleter --build-arg PORT=4015 - requires: - - account-data-deleter_infrastructure_apply_prod - - - code_deploy_ecs: - <<: *only_main - context: pocket - for: account_data_deleter - name: account-data-deleter_code_deploy_ecs_prod - resource-class: pocket/default-prod - requires: - - account-data-deleter_build_docker_prod - - - build_lambda: - <<: *only_main - context: pocket - for: account_data_deleter - name: account-data-deleter_events_build_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - scope: account-data-deleter-events - sentry_project_name: account-data-deleter - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-accountdatadeleter-prod-sqs-event-consumer - requires: - - account-data-deleter_infrastructure_apply_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: account_data_deleter - name: account-data-deleter_events_code_deploy_prod - resource-class: pocket/default-prod - codedeploy-app-name: AccountDataDeleter-Prod-Sqs-Event-Consumer-Lambda - codedeploy-group-name: AccountDataDeleter-Prod-Sqs-Event-Consumer-Lambda - function-name: AccountDataDeleter-Prod-Sqs-Event-Consumer-Function - s3-bucket: pocket-accountdatadeleter-prod-sqs-event-consumer - requires: - - account-data-deleter_events_build_prod - - - build_lambda: - <<: *only_main - context: pocket - for: account_data_deleter - name: account-data-deleter_batch-delete_build_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - scope: account-data-deleter-batch-delete - sentry_project_name: account-data-deleter - sentry_env: prodelopment - sentry_org: pocket - s3-bucket: pocket-accountdatadeleter-prod-batchdeletelambda - requires: - - account-data-deleter_infrastructure_apply_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: account_data_deleter - name: account-data-deleter_batch-delete_code_deploy_prod - resource-class: pocket/default-prod - codedeploy-app-name: AccountDataDeleter-Prod-BatchDeleteLambda-Lambda - codedeploy-group-name: AccountDataDeleter-Prod-BatchDeleteLambda-Lambda - function-name: AccountDataDeleter-Prod-BatchDeleteLambda-Function - s3-bucket: pocket-accountdatadeleter-prod-batchdeletelambda - requires: - - account-data-deleter_batch-delete_build_prod - - - # Notify sentry of prod deployment - - sentry_release_notification: - <<: *only_main - name: account-data-deleter_sentry-release-notification-prod - context: pocket - for: account_data_deleter - sentry_project_name: account-data-deleter - sentry_env: prodelopment - sentry_org: pocket - requires: - - account-data-deleter_events_code_deploy_prod - - account-data-deleter_batch-delete_code_deploy_prod - - account-data-deleter_code_deploy_ecs_prod - diff --git a/.circleci/account-delete-monitor.yml b/.circleci/account-delete-monitor.yml deleted file mode 100644 index a70bc6efc..000000000 --- a/.circleci/account-delete-monitor.yml +++ /dev/null @@ -1,149 +0,0 @@ - -workflows: - account-delete-monitor: - jobs: - - ###### - # Every PR Jobs - ###### - - test_integrations: - <<: *not_dev_main - for: account_delete_monitor - context: pocket - name: account-delete-monitor_test_integrations - scope: account-delete-monitor - - - build_lambda: - <<: *not_dev_main - context: pocket - for: account_delete_monitor - name: account-delete-monitor_build_lambda - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: account-delete-monitor - sentry_project_name: account-delete-monitor - sentry_env: development - sentry_org: pocket - - - infrastructure: - <<: *not_dev_main - context: pocket - for: account_delete_monitor - name: account-delete-monitor_infrastructure_plan_prod - scope: account-delete-monitor-cdk - stack-output-path: infrastructure/account-delete-monitor/cdktf.out/stacks/account-delete-monitor - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: account_delete_monitor - name: account-delete-monitor_infrastructure_apply_dev - scope: account-delete-monitor-cdk - stack-output-path: infrastructure/account-delete-monitor/cdktf.out/stacks/account-delete-monitor - resource-class: pocket/default-dev - apply: true - dev: true - - - build_lambda: - <<: *only_dev - context: pocket - for: account_delete_monitor - name: account-delete-monitor_build_lambda_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: account-delete-monitor - sentry_project_name: account-delete-monitor - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-accountdeletemonitor-dev-eventtracker - requires: - - account-delete-monitor_infrastructure_apply_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: account_delete_monitor - name: account-delete-monitor_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: AccountDeleteMonitor-Dev-EventTracker-Lambda - codedeploy-group-name: AccountDeleteMonitor-Dev-EventTracker-Lambda - function-name: AccountDeleteMonitor-Dev-EventTracker-Function - s3-bucket: pocket-accountdeletemonitor-dev-eventtracker - requires: - - account-delete-monitor_build_lambda_dev - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: account-delete-monitor_sentry-release-notification-dev - context: pocket - for: account_delete_monitor - sentry_project_name: account-delete-monitor - sentry_env: development - sentry_org: pocket - requires: - - account-delete-monitor_code_deploy_lambda_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: account_delete_monitor - name: account-delete-monitor_infrastructure_apply_prod - scope: account-delete-monitor-cdk - stack-output-path: infrastructure/account-delete-monitor/cdktf.out/stacks/account-delete-monitor - resource-class: pocket/default-prod - apply: true - dev: false - - - build_lambda: - <<: *only_main - context: pocket - for: account_delete_monitor - name: account-delete-monitor_build_lambda_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - scope: account-delete-monitor - sentry_project_name: account-delete-monitor - sentry_env: production - sentry_org: pocket - s3-bucket: pocket-accountdeletemonitor-prod-eventtracker - requires: - - account-delete-monitor_infrastructure_apply_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: account_delete_monitor - name: account-delete-monitor_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: AccountDeleteMonitor-Prod-EventTracker-Lambda - codedeploy-group-name: AccountDeleteMonitor-Prod-EventTracker-Lambda - function-name: AccountDeleteMonitor-Prod-EventTracker-Function - s3-bucket: pocket-accountdeletemonitor-prod-eventtracker - requires: - - account-delete-monitor_build_lambda_prod - - # Notify sentry of main deployment - - sentry_release_notification: - <<: *only_main - name: account-delete-monitor_sentry-release-notification-prod - context: pocket - for: account_delete_monitor - sentry_project_name: account-delete-monitor - sentry_env: production - sentry_org: pocket - requires: - - account-delete-monitor_code_deploy_lambda_prod diff --git a/.circleci/annotations-api.yml b/.circleci/annotations-api.yml deleted file mode 100644 index 5d0131fad..000000000 --- a/.circleci/annotations-api.yml +++ /dev/null @@ -1,225 +0,0 @@ - -workflows: - annotations-api: - jobs: - - ###### - # Every PR Jobs - ###### - - apollo: - name: annotations-api_apollo - fed_graph_name: pocket-client-api - graph_name: annotations-api - schema_file_path: servers/annotations-api/dist/schema-generated.graphql - prod_graph_url: https://annotations-api.readitlater.com - dev_graph_url: https://annotations-api.getpocket.dev - build_command: pnpm run build --filter=annotations-api... - scope: annotations-api - - - test_integrations: - <<: *not_dev_main - for: annotations_api - context: pocket - name: annotations-api_test_integrations - scope: annotations-api - - # Try building the ECS docker image on each branch - - build_image: - <<: *not_dev_main - context: pocket - for: annotations_api - name: annotations-api_build_docker - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: annotationsapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=annotations-api --build-arg APP_PATH=servers/annotations-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=annotations-api --build-arg PORT=4008 - - - build_lambda: - <<: *not_dev_main - context: pocket - for: annotations_api - name: annotations-api_build_lambda - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: annotations-api-events-lambda - sentry_project_name: annotations-api - sentry_env: development - sentry_org: pocket - - - infrastructure: - <<: *not_dev_main - context: pocket - for: annotations_api - name: annotations-api_infrastructure_plan_prod - scope: annotations-api-cdk - stack-output-path: infrastructure/annotations-api/cdktf.out/stacks/annotations-api - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: annotations_api - name: annotations-api_infrastructure_apply_dev - scope: annotations-api-cdk - stack-output-path: infrastructure/annotations-api/cdktf.out/stacks/annotations-api - resource-class: pocket/default-dev - apply: true - dev: true - - # Build & Deploy the Dev Docker Image - - build_image: - <<: *only_dev - context: pocket - for: annotations_api - name: annotations-api_build_docker_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: annotationsapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=annotations-api --build-arg APP_PATH=servers/annotations-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=annotations-api --build-arg PORT=4008 - requires: - - annotations-api_infrastructure_apply_dev - - - code_deploy_ecs: - <<: *only_dev - context: pocket - for: annotations_api - name: annotations-api_code_deploy_ecs_dev - resource-class: pocket/default-dev - requires: - - annotations-api_build_docker_dev - - - build_lambda: - <<: *only_dev - context: pocket - for: annotations_api - name: annotations-api_events_build_lambda_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: annotations-api-events-lambda - sentry_project_name: annotations-api - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-annotationsapi-dev-sqs-event-consumer - requires: - - annotations-api_infrastructure_apply_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: annotations_api - name: annotations-api_events_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: AnnotationsAPI-Dev-Sqs-Event-Consumer-Lambda - codedeploy-group-name: AnnotationsAPI-Dev-Sqs-Event-Consumer-Lambda - function-name: AnnotationsAPI-Dev-Sqs-Event-Consumer-Function - s3-bucket: pocket-annotationsapi-dev-sqs-event-consumer - requires: - - annotations-api_events_build_lambda_dev - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: annotations-api_sentry-release-notification-dev - context: pocket - for: annotations_api - sentry_project_name: annotations-api - sentry_env: development - sentry_org: pocket - requires: - - annotations-api_code_deploy_ecs_dev - - annotations-api_events_code_deploy_lambda_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: annotations_api - name: annotations-api_infrastructure_apply_prod - scope: annotations-api-cdk - stack-output-path: infrastructure/annotations-api/cdktf.out/stacks/annotations-api - resource-class: pocket/default-prod - apply: true - dev: false - - # Build & Deploy the Prod Docker Image - - build_image: - <<: *only_main - context: pocket - for: annotations_api - name: annotations-api_build_docker_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - repo-name: annotationsapi-prod-app - ecr-url: 996905175585.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=annotations-api --build-arg APP_PATH=servers/annotations-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=annotations-api --build-arg PORT=4008 - requires: - - annotations-api_infrastructure_apply_prod - - - code_deploy_ecs: - <<: *only_main - context: pocket - for: annotations_api - name: annotations-api_code_deploy_ecs_prod - resource-class: pocket/default-prod - requires: - - annotations-api_build_docker_prod - - - build_lambda: - <<: *only_main - context: pocket - for: annotations_api - name: annotations-api_events_build_lambda_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - scope: annotations-api-events-lambda - sentry_project_name: annotations-api - sentry_env: production - sentry_org: pocket - s3-bucket: pocket-annotationsapi-prod-sqs-event-consumer - requires: - - annotations-api_infrastructure_apply_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: annotations_api - name: annotations-api_events_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: AnnotationsAPI-Prod-Sqs-Event-Consumer-Lambda - codedeploy-group-name: AnnotationsAPI-Prod-Sqs-Event-Consumer-Lambda - function-name: AnnotationsAPI-Prod-Sqs-Event-Consumer-Function - s3-bucket: pocket-annotationsapi-prod-sqs-event-consumer - requires: - - annotations-api_events_build_lambda_prod - - # Notify sentry of main deployment - - sentry_release_notification: - <<: *only_main - name: annotations-api_sentry-release-notification-prod - context: pocket - for: annotations_api - sentry_project_name: annotations-api - sentry_env: production - sentry_org: pocket - requires: - - annotations-api_code_deploy_ecs_prod - - annotations-api_events_code_deploy_lambda_prod diff --git a/.circleci/braze.yml b/.circleci/braze.yml deleted file mode 100644 index c7d9f88c1..000000000 --- a/.circleci/braze.yml +++ /dev/null @@ -1,49 +0,0 @@ - -workflows: - braze: - jobs: - - ###### - # Every PR Jobs - ###### - - - infrastructure: - <<: *not_dev_main - context: pocket - for: braze - name: braze_infrastructure_plan_prod - scope: braze-cdk - stack-output-path: infrastructure/braze/cdktf.out/stacks/braze - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: braze - name: braze_infrastructure_apply_dev - scope: braze-cdk - stack-output-path: infrastructure/braze/cdktf.out/stacks/braze - resource-class: pocket/default-dev - apply: true - dev: true - - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: braze - name: braze_infrastructure_apply_prod - scope: braze-cdk - stack-output-path: infrastructure/braze/cdktf.out/stacks/braze - resource-class: pocket/default-prod - apply: true - dev: false diff --git a/.circleci/client-api.yml b/.circleci/client-api.yml deleted file mode 100644 index 245e8cfd0..000000000 --- a/.circleci/client-api.yml +++ /dev/null @@ -1,113 +0,0 @@ - -workflows: - client-api: - jobs: - # Try building the ECS docker image on each branch - - build_image: - <<: *not_dev_main - context: pocket - for: client_api - name: client-api_build_docker - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: clientapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: false - app_path: 'servers/client-api' - layer_caching: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} - - - infrastructure: - <<: *not_dev_main - context: pocket - for: client_api - name: client-api_infrastructure_plan_prod - scope: client-api-cdk - stack-output-path: infrastructure/client-api/cdktf.out/stacks/client-api - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: client_api - name: client-api_infrastructure_apply_dev - scope: client-api-cdk - stack-output-path: infrastructure/client-api/cdktf.out/stacks/client-api - resource-class: pocket/default-dev - apply: true - dev: true - - # Build & Deploy the Dev Docker Image - - build_image: - <<: *only_dev - context: pocket - for: client_api - name: client-api_build_docker_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: clientapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: true - app_path: 'servers/client-api' - layer_caching: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} - requires: - - client-api_infrastructure_apply_dev - - - code_deploy_ecs: - <<: *only_dev - context: pocket - for: client_api - name: client-api_code_deploy_ecs_dev - resource-class: pocket/default-dev - requires: - - client-api_build_docker_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: client_api - name: client-api_infrastructure_apply_prod - scope: client-api-cdk - stack-output-path: infrastructure/client-api/cdktf.out/stacks/client-api - resource-class: pocket/default-prod - apply: true - dev: false - - # Build & Deploy the Prod Docker Image - - build_image: - <<: *only_main - context: pocket - for: client_api - name: client-api_build_docker_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - repo-name: clientapi-prod-app - ecr-url: 996905175585.dkr.ecr.us-east-1.amazonaws.com - push: true - app_path: 'servers/client-api' - layer_caching: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} - requires: - - client-api_infrastructure_apply_prod - - - code_deploy_ecs: - <<: *only_main - context: pocket - for: client_api - name: client-api_code_deploy_ecs_prod - resource-class: pocket/default-prod - requires: - - client-api_build_docker_prod diff --git a/.circleci/common.yml b/.circleci/common.yml deleted file mode 100644 index 29487f6ec..000000000 --- a/.circleci/common.yml +++ /dev/null @@ -1,944 +0,0 @@ -version: 2.1 - -orbs: - aws-cli: circleci/aws-cli@4.1.3 - aws-ecr: circleci/aws-ecr@7.3.0 - aws-code-deploy: circleci/aws-code-deploy@3.0.0 - aws-ecs: circleci/aws-ecs@4.0.0 - -# This is an enum that is used within all our jobs and our exit early job. -# As a new "service/deployment" is added you should add to the enum. -# Then each job you pass a "for" to, so that we can determine if this job is for this "commit" -repo_for_enum: &repo_for_enum - for: - description: which repo this job is relevant for - type: enum - enum: - - image_api - - annotations_api - - shared_snowplow_consumer - - parser_graphql_wrapper - - transactional_emails - - fxa_webhook_proxy - - user_api - - list_api - - client_api - - feature_flags - - sendgrid_data - - account_data_deleter - - account_delete_monitor - - shareable_lists_api - - pocket_event_bridge - - user_list_search - - braze - - v3_proxy_api - - push_server - - instant_sync_events - - shares_api - -resource_class_enmum: &resource_class_enmum - resource-class: - description: The self hosted runnner to run on - type: enum - enum: - - pocket/default-dev - - pocket/default-prod - - -parameters: - image_api: - type: boolean - default: false - annotations_api: - type: boolean - default: false - shared_snowplow_consumer: - type: boolean - default: false - parser_graphql_wrapper: - type: boolean - default: false - transactional_emails: - type: boolean - default: false - fxa_webhook_proxy: - type: boolean - default: false - user_api: - type: boolean - default: false - client_api: - type: boolean - default: false - list_api: - type: boolean - default: false - feature_flags: - type: boolean - default: false - sendgrid_data: - type: boolean - default: false - account_data_deleter: - type: boolean - default: false - account_delete_monitor: - type: boolean - default: false - shareable_lists_api: - type: boolean - default: false - pocket_event_bridge: - type: boolean - default: false - user_list_search: - type: boolean - default: false - braze: - type: boolean - default: false - v3_proxy_api: - type: boolean - default: false - push_server: - type: boolean - default: false - instant_sync_events: - type: boolean - default: false - shares_api: - type: boolean - default: false - -commands: - # Refrenced from https://github.com/kelvintaywl-cci/dynamic-config-showcase/blob/main/.circleci/next.yml - exit-early-if-irrelevant: - parameters: - <<: *repo_for_enum - steps: - - run: - name: stop early unless relevant - command: | - # looks up the relevant pipeline parameter via the env var - export RELEVANT=$(eval echo "\$<< parameters.for >>") - - # NOTE: env var values are strings (not boolean) - if [ "${RELEVANT}" = "1" ]; then - echo "continuing, since job is for << parameters.for >>" - else - echo "stopping early!" - circleci-agent step halt - fi - environment: - image_api: << pipeline.parameters.image_api >> - annotations_api: << pipeline.parameters.annotations_api >> - shared_snowplow_consumer: << pipeline.parameters.shared_snowplow_consumer >> - parser_graphql_wrapper: << pipeline.parameters.parser_graphql_wrapper >> - transactional_emails: << pipeline.parameters.transactional_emails >> - fxa_webhook_proxy: << pipeline.parameters.fxa_webhook_proxy >> - user_api: << pipeline.parameters.user_api >> - list_api: << pipeline.parameters.list_api >> - client_api: << pipeline.parameters.client_api >> - feature_flags: << pipeline.parameters.feature_flags >> - sendgrid_data: << pipeline.parameters.sendgrid_data >> - account_data_deleter: << pipeline.parameters.account_data_deleter >> - account_delete_monitor: << pipeline.parameters.account_delete_monitor >> - shareable_lists_api: << pipeline.parameters.shareable_lists_api >> - pocket_event_bridge: << pipeline.parameters.pocket_event_bridge >> - user_list_search: << pipeline.parameters.user_list_search >> - braze: << pipeline.parameters.braze >> - v3_proxy_api: << pipeline.parameters.v3_proxy_api >> - push_server: << pipeline.parameters.push_server >> - instant_sync_events: << pipeline.parameters.instant_sync_events >> - shares_api: << pipeline.parameters.shares_api >> - - install_pnpm: - parameters: - scope: - description: The pnpm scope to build for - type: string - default: "" - steps: - - run: - name: Install pnpm package manager - command: | - corepack prepare pnpm@9.1.4 --activate - corepack pnpm config set store-dir .pnpm-store - - when: - # Only compile if we do not use raw hcl - condition: <> - steps: - - restore_cache: - name: Restore pnpm Package Cache - keys: - - pnpm-packages-<< parameters.scope >>-{{ checksum "pnpm-lock.yaml" }} - - run: - # Need to set peer-deps to false for pnpmv8 https://github.com/pnpm/pnpm/issues/6300 - name: Install Dependencies - command: | - corepack pnpm install --filter=<< parameters.scope >>... --frozen-lockfile - - save_cache: - name: Save pnpm Package Cache - key: pnpm-packages-<< parameters.scope >>-{{ checksum "pnpm-lock.yaml" }} - paths: - - .pnpm-store - - unless: - # Only compile if we do not use raw hcl - condition: <> - steps: - - restore_cache: - name: Restore pnpm Package Cache - keys: - - pnpm-packages-{{ checksum "pnpm-lock.yaml" }} - - run: - # Need to set peer-deps to false for pnpmv8 https://github.com/pnpm/pnpm/issues/6300 - name: Install Dependencies - command: | - corepack pnpm install - - save_cache: - name: Save pnpm Package Cache - key: pnpm-packages-{{ checksum "pnpm-lock.yaml" }} - paths: - - .pnpm-store - install_infrastructure_pnpm: - parameters: - scope: - description: The pnpm scope to build for - type: string - steps: - - run: - name: Install and setup node - command: | - nvm install - nvm use - npm install -g pnpm@9.1.4 - pnpm config set store-dir .pnpm-store - pnpm install --filter=<< parameters.scope >>... --frozen-lockfile - install_codebuild_secrets: - steps: - - run: - name: Setup our secrets from AWS Secret Manager - command: | - echo 'export SECRET_VALUE="$(aws secretsmanager get-secret-value --secret-id CodeBuild/Default --query SecretString --output text)"' >> "$BASH_ENV" - echo 'export TERRAFORM_TOKEN="$(echo $SECRET_VALUE | jq -r '.terraform_token')"' >> "$BASH_ENV" - echo 'export PAGERDUTY_TOKEN="$(echo $SECRET_VALUE | jq -r '.mozilla_pagerduty_token')"' >> "$BASH_ENV" - - run: - name: Save off terraform token - command: | - echo Setting Up Terraform Token - rc="credentials \"app.terraform.io\" { " - rc="${rc} token=\"$TERRAFORM_TOKEN\" " - rc="${rc}}" - echo "$rc" > ~/.terraformrc - - setup_github_bot: - steps: - - run: - name: Get Github Bot Token - command: | - app_id=$GITHUB_APP_ID - pem="$(echo "$GITHUB_APP_PRIVATE_KEY" | base64 -d)" - installation_id=$GITHUB_INSTALLATION_APP_ID - - now=$(date +%s) - iat=$((${now} - 60)) # Issues 60 seconds in the past - exp=$((${now} + 600)) # Expires 15 minutes in the future - - b64enc() { openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n'; } - - header_json='{ - "typ":"JWT", - "alg":"RS256" - }' - # Header encode - header=$( echo -n "${header_json}" | b64enc ) - - payload_json='{ - "iat":'"${iat}"', - "exp":'"${exp}"', - "iss":'"${app_id}"' - }' - # Payload encode - payload=$( echo -n "${payload_json}" | b64enc ) - - # Signature - header_payload="${header}"."${payload}" - signature=$( - openssl dgst -sha256 -sign <(echo -n "${pem}") \ - <(echo -n "${header_payload}") | b64enc - ) - - # Create JWT - JWT="${header_payload}"."${signature}" - - # Make a POST request to GitHub API to get the installation token - response=$(curl -s -X POST \ - -H "Accept: application/vnd.github.v3+json" \ - -H "Authorization: Bearer $JWT" \ - -d "{}" \ - "https://api.github.com/app/installations/$installation_id/access_tokens") - - # Extract the token from the response - token=$(echo "$response" | jq -r '.token') - echo "export GITHUB_TOKEN=$token" >> $BASH_ENV - echo "export GH_TOKEN=$token" >> $BASH_ENV - echo "export GITHUB_ACCESS_TOKEN=$token" >> $BASH_ENV - - -jobs: - - infrastructure: - description: Build and optionally deploy the infratructure - parameters: - scope: - description: The pnpm scope to build for - type: string - default: '' - stack-output-path: - description: The pnpm output path - type: string - apply: - description: If you should apply - type: boolean - default: false - dev: - description: Whether or not its a dev build - type: boolean - default: false - uses_raw_hcl: - description: Signals that we do not need to compile the app code - type: boolean - default: false - <<: [*repo_for_enum, *resource_class_enmum] - # Our self hosted runners dont support docker images, cause its not deployed in kubernetes, so we have some special steps - machine: true - shell: /bin/bash --login -eo pipefail - resource_class: << parameters.resource-class >> - steps: - - exit-early-if-irrelevant: - for: << parameters.for >> - - checkout - - run: - name: Install tfcmt - command: | - if ! command -v tfcmt &> /dev/null; then - echo "tfcmt does not exist, installing" - curl -L https://github.com/suzuki-shunsuke/tfcmt/releases/download/v4.9.1/tfcmt_linux_amd64.tar.gz | tar xvzf - tfcmt - mv tfcmt /home/circleci/tfcmt - chmod a+x /home/circleci/tfcmt - fi - - install_codebuild_secrets - - setup_github_bot - - unless: - # Only compile if we do not use raw hcl - condition: <> - steps: - - install_infrastructure_pnpm: - scope: << parameters.scope >> - - when: - condition: <> - steps: - - run: - name: Build Dev Infra - command: | - nvm use - export NODE_ENV=development - pnpm run synth --filter=<< parameters.scope >>... - - unless: - condition: <> - steps: - - run: - name: Build Prod Infra - command: | - nvm use - export NODE_ENV=production - pnpm run synth --filter=<< parameters.scope >>... - - when: - condition: <> - steps: - - when: - condition: <> - steps: - - run: - name: Copy Dev tfvars - command: | - cd << parameters.stack-output-path >> - cp dev_backend.tfvars backend.tf - - unless: - condition: <> - steps: - - run: - name: Copy Prod tfvars - command: | - cd << parameters.stack-output-path >> - cp prod_backend.tfvars backend.tf - - run: - name: Setup terraform - command: | - cd << parameters.stack-output-path >> - tfenv use - terraform init - - when: - condition: <> - steps: - - run: - name: Terraform apply - # Re-add this when tfcmt supports ignoring no change applies - # https://github.com/suzuki-shunsuke/tfcmt/issues/1184 - # /home/circleci/tfcmt --var target:<< parameters.scope >><<#parameters.dev>>-dev<> apply -- terraform apply -auto-approve -lock-timeout=10m - command: | - cd << parameters.stack-output-path >> - terraform apply -auto-approve -lock-timeout=10m - mkdir -p /tmp/workspace - echo "$(terraform output -json)" > /tmp/workspace/tf_output.json - # Persist TF_OUTPUT using workspace - - persist_to_workspace: - root: /tmp/workspace - paths: - - tf_output.json - - unless: - condition: <> - steps: - - run: - name: Terraform plan - command: | - cd << parameters.stack-output-path >> - tfcmt --var target:<< parameters.scope >><<#parameters.dev>>-dev<> plan --skip-no-changes --patch -- terraform plan -lock-timeout=10m - - code_deploy_ecs: - parameters: - <<: [*repo_for_enum, *resource_class_enmum] - # Our self hosted runners dont support docker images, cause its not deployed in kubernetes, so we have some special steps - machine: true - shell: /bin/bash --login -eo pipefail - resource_class: << parameters.resource-class >> - steps: - - exit-early-if-irrelevant: - for: << parameters.for >> - # Restore TF_OUTPUT from workspace - - attach_workspace: - at: /tmp/workspace - - run: - # Pulls out the terraform params needed for CodeDeploy and then re-saves them to be used in the CodeDeploy ORB - name: CodeDeploy Load Env - command: | - TF_OUTPUT=$(cat /tmp/workspace/tf_output.json) - ECS_TASK_ARN=$(echo "$TF_OUTPUT" | jq -r '.["ecs-task-arn"].value') - ECS_TASK_CONTAINER_NAME=$(echo "$TF_OUTPUT" | jq -r '.["ecs-task-containerName"].value') - ECS_TASK_CONTAINER_PORT=$(echo "$TF_OUTPUT" | jq -r '.["ecs-task-containerPort"].value') - ECS_TASK_FAMILY=$(echo "$TF_OUTPUT" | jq -r '.["ecs-task-family"].value') - ECS_CODEDEPLOY_GROUP=$(echo "$TF_OUTPUT" | jq -r '.["ecs-codedeploy-group"].value') - ECS_CODEDEPLOY_APP=$(echo "$TF_OUTPUT" | jq -r '.["ecs-codedeploy-app"].value') - - echo "export ECS_TASK_ARN=$ECS_TASK_ARN" >> $BASH_ENV - echo "export ECS_TASK_CONTAINER_NAME=$ECS_TASK_CONTAINER_NAME" >> $BASH_ENV - echo "export ECS_TASK_CONTAINER_PORT=$ECS_TASK_CONTAINER_PORT" >> $BASH_ENV - echo "export ECS_TASK_FAMILY=$ECS_TASK_FAMILY" >> $BASH_ENV - echo "export ECS_CODEDEPLOY_GROUP=$ECS_CODEDEPLOY_GROUP" >> $BASH_ENV - echo "export ECS_CODEDEPLOY_APP=$ECS_CODEDEPLOY_APP" >> $BASH_ENV - - ## All the following steps are copied from https://github.com/CircleCI-Public/aws-ecs-orb/blob/master/src/commands/update_service.yml but we manually run them so we can pass env variables that we otherwise couldn't since it relies on parameter steps. - ## See open issue to clean up when we can. https://github.com/CircleCI-Public/aws-ecs-orb/issues/211 - ## Once the above issue is fixed we can remove the included script and these commands and replace it with the below. - # - aws-ecs/update_service: - # name: Deploy ECS Service - # codedeploy_application_name: ${ECS_CODEDEPLOY_APP} - # codedeploy_deployment_group_name: ${ECS_CODEDEPLOY_GROUP} - # codedeploy_load_balanced_container_name: ${ECS_TASK_CONTAINER_NAME} - # codedeploy_load_balanced_container_port: ${ECS_TASK_CONTAINER_PORT} - # family: ${ECS_TASK_FAMILY} - # container_image_name_updates: tag=${CIRCLE_SHA1}, container=${ECS_TASK_CONTAINER_NAME} - # deployment_controller: CODE_DEPLOY - # verify_revision_is_deployed: true - - - aws-cli/install - ## Set the AWS CLI to use the Ecs Container credentials since this is in a hosted runner on AWS. - - run: - name: Setup AWS Auth - command: | - aws configure set profile.default.credential_source EcsContainer - - ## This will use the last revision in AWS to create a new task definition with the container image pointed to the sha of this commit - ## If the task def was changed in terraform, that will be the latest revision that this will then over - - aws-ecs/update_task_definition: - family: ${ECS_TASK_FAMILY} - container_image_name_updates: container=${ECS_TASK_CONTAINER_NAME},tag=${CIRCLE_SHA1} - ## We need to checkout the code, because that contains our copied script from the aws-ecs orb repo. - - checkout - - run: - name: Update ECS Blue/Green service with registered task definition. - command: | - .circleci/scripts/update_bluegreen_service_via_task_def.sh - no_output_timeout: 10m - environment: - DEPLOYMENT_CONTROLLER: CODE_DEPLOY - ORB_STR_CD_APP_NAME: ${ECS_CODEDEPLOY_APP} - ORB_STR_CD_DEPLOY_GROUP_NAME: ${ECS_CODEDEPLOY_GROUP} - ORB_STR_CD_LOAD_BALANCED_CONTAINER_NAME: ${ECS_TASK_CONTAINER_NAME} - ORB_INT_CD_LOAD_BALANCED_CONTAINER_PORT: ${ECS_TASK_CONTAINER_PORT} - # Dont wait for a successful deploy, we will get alerts in slack for those. - ORB_BOOL_VERIFY_REV_DEPLOY: false - ORB_STR_PROFILE_NAME: default - ORB_BOOL_ENABLE_CIRCUIT_BREAKER: false - ORB_STR_CD_CAPACITY_PROVIDER_NAME: - ORB_STR_CD_CAPACITY_PROVIDER_WEIGHT: - ORB_STR_CD_CAPACITY_PROVIDER_BASE: - ORB_STR_CD_DEPLOYMENT_CONFIG_NAME: - - code_deploy_lambda: - parameters: - codedeploy-app-name: - description: CodeDeploy app name - type: string - codedeploy-group-name: - description: CodeDeploy group name - type: string - function-name: - description: > - The name of the Lambda Function to deploy to - type: string - s3-bucket: - type: string - description: The name of the bucket to deploy from - s3-key: - type: string - description: The name of the s3 key that contains the code to deploy - default: "" - function-alias: - type: string - description: The name of the lambda alias to use - default: DEPLOYED - <<: [*repo_for_enum, *resource_class_enmum] - # Our self hosted runners dont support docker images, cause its not deployed in kubernetes, so we have some special steps - machine: true - shell: /bin/bash --login -eo pipefail - resource_class: << parameters.resource-class >> - steps: - - exit-early-if-irrelevant: - for: << parameters.for >> - - run: - name: Deploy Lambda - command: | - export AWS_PAGER="" - aws lambda wait function-updated --function-name '<< parameters.function-name >>' - - s3Key="<< parameters.s3-key >>" - if [[ -z $s3Key ]]; then - s3Key="$CIRCLE_SHA1.zip" - fi - - aws lambda update-function-code \ - --function-name '<< parameters.function-name >>' \ - --s3-bucket '<< parameters.s3-bucket >>' \ - --s3-key "$s3Key" - - aws lambda wait function-updated --function-name '<< parameters.function-name >>' - - NEW_ENVVARS=$(aws lambda get-function-configuration --function-name '<< parameters.function-name >>' --query "Environment.Variables | merge(@, \`{\"GIT_SHA\":\"$CIRCLE_SHA1\"}\`)") - aws lambda update-function-configuration --function-name '<< parameters.function-name >>' --environment "{ \"Variables\": $NEW_ENVVARS }" - aws lambda wait function-updated --function-name '<< parameters.function-name >>' - - versionId=$(aws lambda publish-version \ - --function-name '<< parameters.function-name >>' | jq -r .Version) - - currentVersion=$(aws lambda get-alias \ - --function-name '<< parameters.function-name >>' \ - --name DEPLOYED | jq -r .FunctionVersion) - - app_spec_content_string="{'version':0.0,'Resources':[{'<< parameters.function-name >>':{'Type':'AWS::Lambda::Function','Properties':{'Name':'<< parameters.function-name >>','Alias':'<< parameters.function-alias >>','TargetVersion':'$versionId', 'CurrentVersion': '$currentVersion'}}}]}" - echo "$app_spec_content_string" - app_spec_content_sha256=$(echo -n "$app_spec_content_string" | shasum -a 256 | sed 's/ .*$//') - revision="revisionType=AppSpecContent,appSpecContent={content=\"$app_spec_content_string\",sha256=$app_spec_content_sha256}" - - aws lambda wait function-updated --function-name '<< parameters.function-name >>' - - aws deploy create-deployment \ - --application-name="<< parameters.codedeploy-app-name >>" \ - --deployment-group-name="<< parameters.codedeploy-group-name >>" \ - --description="Triggered build $CIRCLE_SHA1 from CircleCI" \ - --revision="$revision" - - test_integrations: - description: Run integration tests against external services, e.g. MySQL - parameters: - scope: - description: The pnpm scope to run tests for - type: string - <<: *repo_for_enum - docker: - - image: *node_image - auth: - username: $DOCKERHUB_USERNAME - password: $DOCKERHUB_PASSWORD - environment: - AWS_XRAY_LOG_LEVEL: silent - AWS_XRAY_CONTEXT_MISSING: LOG_ERROR - - image: redis:latest@sha256:d6ecc832969a4827645a083da38345327b3447772fe907e7d4311c79b4e3a06e - auth: - username: $DOCKERHUB_USERNAME - password: $DOCKERHUB_PASSWORD - - image: mysql:8.0.36@sha256:ce628295ff5aa269e4d0241e0552476fa0de3af263daedf196ccb6fc0834fa6b - auth: - username: $DOCKERHUB_USERNAME - password: $DOCKERHUB_PASSWORD - environment: - - MYSQL_ALLOW_EMPTY_PASSWORD=yes - - TZ=UTC - command: --default_authentication_plugin=mysql_native_password --sql-mode="NO_ENGINE_SUBSTITUTION" --character-set-server=UTF8MB3 --collation-server=utf8_unicode_ci - - image: localstack/localstack:3.2.0@sha256:167eb023e07eef65f1e490d7a77cf45124e7a24395e4736dd2582e8ea0618ecb - auth: - username: $DOCKERHUB_USERNAME - password: $DOCKERHUB_PASSWORD - environment: - SERVICES: s3,kinesis,sqs,dynamodb,sts,events,firehose,es - - image: pocket/snowplow-micro:prod - auth: - username: $DOCKERHUB_USERNAME - password: $DOCKERHUB_PASSWORD - steps: - - exit-early-if-irrelevant: - for: << parameters.for >> - - checkout - - install_pnpm: - scope: << parameters.scope >> - - run: - name: run setup.sh - command: | - export $(egrep -v '^#' .docker/local.env | xargs -0) && ./.circleci/scripts/setup.sh --db --aws=<< parameters.scope >> - - run: - # Note there is a bug in turbo repo requiring a build https://github.com/vercel/turbo/issues/1609 - name: run tests - command: | - export $(egrep -v '^#' .docker/local.env | xargs -0) - corepack pnpm run test-integrations --filter=<< parameters.scope >>... - - build_image: - description: Build and/or push docker image to ECR. - - parameters: - aws-access-key-id: - description: 'AWS access key id environment variable' - type: string - aws-region: - description: 'AWS region value' - type: string - aws-secret-access-key: - description: 'AWS secret access key environment variable' - type: string - ecr-url: - description: 'The ecr url' - type: string - extra-build-args: - description: 'Extra flags to pass to docker build. For examples, see https://docs.docker.com/engine/reference/commandline/build' - type: string - default: --build-arg GIT_SHA=${CIRCLE_SHA1} - push: - description: 'Whether or not to push the code' - type: boolean - default: false - repo-name: - description: 'The ecr repo name' - type: string - tag: - description: 'The docker tag name' - type: string - default: latest,$CIRCLE_SHA1 - app_path: - description: 'The path needed for building the Docker image' - type: string - default: '.' - layer_caching: - description: 'Whether to use docker layer caching' - type: boolean - default: true - <<: *repo_for_enum - executor: aws-cli/default - - steps: - - exit-early-if-irrelevant: - for: << parameters.for >> - - checkout - - aws-cli/setup: - aws_access_key_id: << parameters.aws-access-key-id >> - aws_secret_access_key: << parameters.aws-secret-access-key >> - region: << parameters.aws-region >> - - run: - name: Setup common environment variables - command: | - { \ - echo 'export AWS_ECR_ACCOUNT_URL="<< parameters.ecr-url >>"'; \ - echo 'export REPO_NAME="<< parameters.repo-name >>"'; \ - } >> "$BASH_ENV" - - when: - condition: <> - steps: - - aws-ecr/build-and-push-image: - checkout: false - repo: << parameters.repo-name >> - path: << parameters.app_path >> - setup-remote-docker: true - remote-docker-layer-caching: << parameters.layer_caching >> - aws-access-key-id: << parameters.aws-access-key-id >> - aws-secret-access-key: << parameters.aws-secret-access-key >> - tag: << parameters.tag >> - remote-docker-version: default - extra-build-args: << parameters.extra-build-args >> - - unless: - condition: <> - steps: - - setup_remote_docker: - version: default - docker-layer-caching: << parameters.layer_caching >> - - aws-ecr/build-image: - repo: << parameters.repo-name >> - tag: << parameters.tag >> - path: << parameters.app_path >> - extra-build-args: << parameters.extra-build-args >> - - build_lambda: - description: Build and/or push lambda function. - parameters: - aws-access-key-id: - description: 'AWS access key id environment variable' - type: string - aws-region: - description: 'AWS region value' - type: string - aws-secret-access-key: - description: 'AWS secret access key environment variable' - type: string - s3-bucket: - description: 'The s3 bucket name' - type: string - default: "" - scope: - description: The pnpm scope to build for - type: string - sentry_project_name: - type: string - description: the Sentry project name - default: "" - sentry_env: - type: string - default: Prod - description: Which environment the release is going to - sentry_org: - type: string - description: The sentry org to upload source maps to - s3-key: - type: string - description: The name of the s3 key that contains the code to deploy - default: "" - <<: *repo_for_enum - docker: - - image: *node_image - auth: - username: $DOCKERHUB_USERNAME - password: $DOCKERHUB_PASSWORD - steps: - - exit-early-if-irrelevant: - for: << parameters.for >> - - run: - name: Setup Environment variables - command: | - echo "export SENTRY_AUTH_TOKEN="$SENTRY_BEARER"" >> "$BASH_ENV" - - checkout - - install_pnpm: - scope: << parameters.scope >> - - run: - # Theres a really annoying bug in PNPM deploy command that will try and create a folder at /home/pruned which we are not allowed to do, - # so we move it under 1 directory to let it do its thing. - # https://github.com/pnpm/pnpm/issues/5086 - name: Build lambda - command: | - corepack pnpm run build --filter=<< parameters.scope >>... - mkdir -p ~/bug/project - cp -R . ~/bug/project/ - cd ~/bug/project/ - corepack pnpm deploy --filter=<< parameters.scope >> --prod pruned - - when: - condition: << parameters.sentry_project_name >> - steps: - - run: - name: Inject Sentry & Upload Sourcemaps - command: | - cd ~/bug/project/ - corepack pnpx @sentry/cli sourcemaps inject pruned/dist - corepack pnpx @sentry/cli sourcemaps upload pruned/dist --release ${CIRCLE_SHA1} --auth-token ${SENTRY_AUTH_TOKEN} --org << parameters.sentry_org >> --project << parameters.sentry_project_name >> - - run: - name: Package Lambda - command: | - cd ~/bug/project/pruned - cp -r package.json dist/ - cp -r node_modules/ dist/node_modules/ - - cd dist - zip --symlinks -r9 ~/project/${CIRCLE_SHA1}.zip . - mkdir /tmp/artifacts - cp ~/project/${CIRCLE_SHA1}.zip /tmp/artifacts/ - cd .. - maxFileSize=256000 # Get the size of the directory in kilobytes - export dirSize=$(du -s dist | cut -f1) - echo "Size is: $dirSize" - if ((dirSize > maxFileSize)); then - echo "Directory size is equal to or larger than $maxFileSize KB. which is the lambda limit" - exit 1 - fi - - when: - condition: << parameters.s3-bucket >> - steps: - - aws-cli/setup: - aws_access_key_id: << parameters.aws-access-key-id >> - aws_secret_access_key: << parameters.aws-secret-access-key >> - region: << parameters.aws-region >> - - run: - name: Upload Package - command: | - s3Key="<< parameters.s3-key >>" - if [[ -z $s3Key ]]; then - s3Key="$CIRCLE_SHA1.zip" - fi - aws s3 cp $CIRCLE_SHA1.zip s3://<< parameters.s3-bucket >>/${s3Key} - - store_artifacts: - path: /tmp/artifacts - - apollo: - description: > - Runs Apollo rover schema check on the production graphql federated schema. - If it is the production branch will deploy the subgraph to the production federated graph. - If the branch is the development branch, will deploy the subgraph to the development federated graph. - - parameters: - fed_graph_name: - type: string - description: The name of federated graph to check - graph_name: - type: string - description: The name of this subgraph - schema_file_path: - type: string - description: The patht to the schema file - default: ./schema.graphql - prod_graph_url: - type: string - description: The production subgraph url - dev_graph_url: - type: string - description: The development subgraph url - prod_graph_variant_name: - type: string - description: The production variant graph name - default: "current" - dev_graph_variant_name: - type: string - description: The development variant graph name - default: "development" - prod_branch: - type: string - description: The production git branch - default: "main" - dev_branch: - type: string - description: The development git branch - default: "dev" - apollo_key_env: - type: env_var_name - default: APOLLO_KEY - description: The environment variable name of the apollo key to user - build_command: - description: 'build command to use if we need to' - type: string - default: "" - scope: - description: The pnpm scope to build for - type: string - docker: - - image: *node_image - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - - steps: - - checkout - - run: - name: install rover - command: | - # download and install Rover - curl -sSL https://rover.apollo.dev/nix/latest | sh - - # This allows the PATH changes to persist to the next `run` step - echo "export PATH=$HOME/.rover/bin:$PATH" >> "$BASH_ENV" - - when: - condition: << parameters.build_command >> - steps: - - install_pnpm: - scope: << parameters.scope >> - - run: - name: build schema - command: | - corepack << parameters.build_command >> - - run: - name: check service - command: | - export APOLLO_KEY=$<< parameters.apollo_key_env >> - rover subgraph check << parameters.fed_graph_name >>@<< parameters.prod_graph_variant_name >> --schema << parameters.schema_file_path >> --name=<< parameters.graph_name >> - - when: - condition: - equal: [<< parameters.prod_branch >>, << pipeline.git.branch >>] - steps: - - run: - name: push service to prod - command: | - export APOLLO_KEY=$<< parameters.apollo_key_env >> - rover subgraph publish << parameters.fed_graph_name >>@<< parameters.prod_graph_variant_name >> --schema << parameters.schema_file_path >> --routing-url << parameters.prod_graph_url >> --name=<< parameters.graph_name >> - - when: - condition: - equal: [<< parameters.dev_branch >>, << pipeline.git.branch >>] - steps: - - run: - name: push service to dev - command: | - export APOLLO_KEY=$<< parameters.apollo_key_env >> - rover subgraph publish << parameters.fed_graph_name >>@<< parameters.dev_graph_variant_name >> --schema << parameters.schema_file_path >> --routing-url << parameters.dev_graph_url >> --name=<< parameters.graph_name >> - - sentry_release_notification: - description: Create new release in Sentry - resource_class: small - parameters: - sentry_project_name: - type: string - description: the Sentry project name - sentry_env: - type: string - default: Prod - description: Which environment the release is going to - sentry_org: - type: string - description: The sentry org - <<: *repo_for_enum - docker: - - image: getsentry/sentry-cli@sha256:67e30136fc6c4b38c7b93df802d03507f5afbcf6307ddfbaa4ebf98a640c6d02 - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - exit-early-if-irrelevant: - for: << parameters.for >> - - run: - name: Setup Environment variables - command: | - echo "export SENTRY_AUTH_TOKEN="$SENTRY_BEARER"" >> "$BASH_ENV" - echo "export SENTRY_ORG=<< parameters.sentry_org >>" >> "$BASH_ENV" - echo "export SENTRY_PROJECT=<< parameters.sentry_project_name >>" >> "$BASH_ENV" - - run: - name: Sentry Release Notification - command: | - source "$BASH_ENV" - sentry-cli releases new "$CIRCLE_SHA1" - sentry-cli releases set-commits "$CIRCLE_SHA1" --commit "Pocket/pocket-monorepo@$CIRCLE_SHA1" - sentry-cli releases finalize "$CIRCLE_SHA1" - - run: - name: Sentry Deploy Notification - command: | - source "$BASH_ENV" - sentry-cli releases deploys "$CIRCLE_SHA1" new -e "<< parameters.sentry_env >>" \ No newline at end of file diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 7efd4a5b0..000000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,104 +0,0 @@ -version: 2.1 - -# this allows you to use CircleCI's dynamic configuration feature -setup: true - -orbs: - path-filtering: circleci/path-filtering@1.0.0 - continuation: circleci/continuation@1.0.0 - -# our defined job, and its steps -jobs: - setup: - executor: path-filtering/default - steps: - - checkout # checkout code - - run: - name: Generate List of Configs to Merge - command: | - # Generate a list of all the circleci configs we want to run - file_list=( - ".circleci/common.yml" - ".circleci/repo-jobs.yml" - ".circleci/image-api.yml" - ".circleci/annotations-api.yml" - ".circleci/shared-snowplow-consumer.yml" - ".circleci/parser-graphql-wrapper.yml" - ".circleci/transactional-emails.yml" - ".circleci/fxa-webhook-proxy.yml" - ".circleci/user-api.yml" - ".circleci/client-api.yml" - ".circleci/list-api.yml" - ".circleci/feature-flags.yml" - ".circleci/sendgrid-data.yml" - ".circleci/account-data-deleter.yml" - ".circleci/account-delete-monitor.yml" - ".circleci/shareable-lists-api.yml" - ".circleci/pocket-event-bridge.yml" - ".circleci/user-list-search.yml" - ".circleci/braze.yml" - ".circleci/v3-proxy-api.yml" - ".circleci/push-server.yml" - ".circleci/instant-sync-events.yml" - ".circleci/shares-api.yml" - ) - touch /tmp/configs.txt - - # Add file header to each file and dump it to the config list - for file in "${file_list[@]}"; do - echo "$file" >> /tmp/configs.txt - awk -v new_content="$(cat .circleci/header.yml)" 'BEGIN {print new_content} {print}' "$file" > temp_file && mv temp_file "$file" - done - - path-filtering/generate-config: - config-list-path: /tmp/configs.txt - generated-config-path: /tmp/generated-config.yml - - run: - name: Reset Git - command: | - git reset --hard - # Set up path mapping, in the future we should generate this as a conf file, and pass it to the option. - # We will need to set this to true when ever the packages folder changes as well. - # Right now though, we will only deploy if the actual servers/infra change, - # as its likely any change in the packages will change the underlying code. - # Worst case, bump the version in package.json to triger a deploy - # - # The router is just rhai scripts and yaml files without dependencies on node or any other - # packages, so we don't trigger it unless a change occurs specifically in the subfolder - # - # NOTE: we use _ for the parameters to the pipeline because - # circleci uses it as an ENV down the pipe and ENV vars can't be used with a - - - path-filtering/set-parameters: - config-path: /tmp/generated-config.yml - output-path: /tmp/pipeline-parameters.json - mapping: | - ((servers|infrastructure)/image-api/.*)|(packages/.*)|(pnpm-lock\.yaml)|(Dockerfile)|(.circleci/common.yml) image_api true - ((servers|infrastructure|lambdas)/annotations-api.*)|(packages/.*)|(pnpm-lock\.yaml)|(Dockerfile)|(.circleci/common.yml) annotations_api true - ((servers|infrastructure)/shared-snowplow-consumer/.*)|(packages/.*)|(pnpm-lock\.yaml)|(Dockerfile)|(.circleci/common.yml) shared_snowplow_consumer true - ((servers|infrastructure)/parser-graphql-wrapper/.*)|(packages/.*)|(pnpm-lock\.yaml)|(Dockerfile)|(.circleci/common.yml) parser_graphql_wrapper true - ((lambdas|infrastructure)/transactional-emails.*)|(packages/.*)|(pnpm-lock\.yaml)|(.circleci/common.yml) transactional_emails true - ((lambdas|infrastructure)/fxa-webhook-proxy-.*)|(packages/.*)|(pnpm-lock\.yaml)|(.circleci/common.yml) fxa_webhook_proxy true - ((servers|infrastructure)/user-api/.*)|(packages/.*)|(pnpm-lock\.yaml)|(Dockerfile)|(.circleci/common.yml) user_api true - ((servers|infrastructure)/list-api/.*)|(packages/.*)|(pnpm-lock\.yaml)|(Dockerfile)|(.circleci/common.yml) list_api true - ((servers|infrastructure)/client-api/.*)|(.circleci/common.yml) client_api true - ((servers|infrastructure)/feature-flags/.*)|(packages/.*)|(pnpm-lock\.yaml)|(Dockerfile)|(.circleci/common.yml) feature_flags true - ((lambdas|infrastructure)/sendgrid-data/.*)|(.circleci/common.yml) sendgrid_data true - ((lambdas|infrastructure|servers)/account-data-deleter/.*)|(packages/.*)|(pnpm-lock\.yaml)|(.circleci/account-data-deleter.yml)|(.circleci/common.yml) account_data_deleter true - ((lambdas|infrastructure)/account-delete-monitor/.*)|(packages/.*)|(pnpm-lock\.yaml)|(.circleci/account-delete-monitor.yml)|(.circleci/common.yml) account_delete_monitor true - ((servers|infrastructure|lambdas)/shareable-lists-api/.*)|(packages/.*)|(pnpm-lock\.yaml)|(Dockerfile)|(.circleci/common.yml) shareable_lists_api true - ((infrastructure)/pocket-event-bridge/.*)|(packages/.*)|(pnpm-lock\.yaml)|(.circleci/pocket-event-bridge.yml)|(.circleci/common.yml) pocket_event_bridge true - ((servers|infrastructure|lambdas)/user-list-search.*)|(packages/.*)|(pnpm-lock\.yaml)|(Dockerfile)|(.circleci/user-list-search.yml)|(.circleci/common.yml) user_list_search true - ((infrastructure)/braze/.*)|(packages/.*)|(pnpm-lock\.yaml)|(.circleci/braze.yml)|(.circleci/common.yml) braze true - ((servers|infrastructure)/v3-proxy-api/.*)|(packages/.*)|(pnpm-lock\.yaml)|(.circleci/v3-proxy-api.yml)|(.circleci/common.yml) v3_proxy_api true - ((servers|infrastructure)/push-server/.*)|(packages/.*)|(pnpm-lock\.yaml)|(Dockerfile)|(.circleci/push-server.yml)|(.circleci/common.yml) push_server true - ((lambda|infrastructure)/instant-sync-events/.*)|(packages/.*)|(pnpm-lock\.yaml)|(.circleci/instant-sync-events.yml)|(.circleci/common.yml) instant_sync_events true - ((servers|infrastructure)/shares-api.*)|(packages/.*)|(pnpm-lock\.yaml)|(Dockerfile)|(.circleci/common.yml) shares_api true - - - continuation/continue: - configuration_path: /tmp/generated-config.yml - parameters: /tmp/pipeline-parameters.json - -# our single workflow, that triggers the setup job defined above -workflows: - setup: - jobs: - - setup diff --git a/.circleci/feature-flags.yml b/.circleci/feature-flags.yml deleted file mode 100644 index feb330962..000000000 --- a/.circleci/feature-flags.yml +++ /dev/null @@ -1,144 +0,0 @@ - -workflows: - feature-flags: - jobs: - - ###### - # Every PR Jobs - ###### - - apollo: - name: feature-flags_apollo - fed_graph_name: pocket-client-api - graph_name: featureflags - schema_file_path: servers/feature-flags/schema.graphql - prod_graph_url: https://featureflags.readitlater.com/graphql - dev_graph_url: https://featureflags.getpocket.dev/graphql - scope: feature-flags - - # Try building the ECS docker image on each branch - - build_image: - <<: *not_dev_main - context: pocket - for: feature_flags - name: feature-flags_build_docker - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: featureflags-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=feature-flags --build-arg APP_PATH=servers/feature-flags --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=feature-flags --build-arg PORT=4242 - - - infrastructure: - <<: *not_dev_main - context: pocket - for: feature_flags - name: feature-flags_infrastructure_plan_prod - scope: feature-flags-cdk - stack-output-path: infrastructure/feature-flags/cdktf.out/stacks/feature-flags - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: feature_flags - name: feature-flags_infrastructure_apply_dev - scope: feature-flags-cdk - stack-output-path: infrastructure/feature-flags/cdktf.out/stacks/feature-flags - resource-class: pocket/default-dev - apply: true - dev: true - - # Build & Deploy the Dev Docker Image - - build_image: - <<: *only_dev - context: pocket - for: feature_flags - name: feature-flags_build_docker_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: featureflags-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=feature-flags --build-arg APP_PATH=servers/feature-flags --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=feature-flags --build-arg PORT=4242 - requires: - - feature-flags_infrastructure_apply_dev - - - code_deploy_ecs: - <<: *only_dev - context: pocket - for: feature_flags - name: feature-flags_code_deploy_ecs_dev - resource-class: pocket/default-dev - requires: - - feature-flags_build_docker_dev - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: feature-flags_sentry-release-notification-dev - context: pocket - for: feature_flags - sentry_project_name: feature-flags - sentry_env: development - sentry_org: pocket - requires: - - feature-flags_code_deploy_ecs_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: feature_flags - name: feature-flags_infrastructure_apply_prod - scope: feature-flags-cdk - stack-output-path: infrastructure/feature-flags/cdktf.out/stacks/feature-flags - resource-class: pocket/default-prod - apply: true - dev: false - - # Build & Deploy the Prod Docker Image - - build_image: - <<: *only_main - context: pocket - for: feature_flags - name: feature-flags_build_docker_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - repo-name: featureflags-prod-app - ecr-url: 996905175585.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=feature-flags --build-arg APP_PATH=servers/feature-flags --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=feature-flags --build-arg PORT=4242 - requires: - - feature-flags_infrastructure_apply_prod - - - code_deploy_ecs: - <<: *only_main - context: pocket - for: feature_flags - name: feature-flags_code_deploy_ecs_prod - resource-class: pocket/default-prod - requires: - - feature-flags_build_docker_prod - - # Notify sentry of main deployment - - sentry_release_notification: - <<: *only_main - name: feature-flags_sentry-release-notification-prod - context: pocket - for: feature_flags - sentry_project_name: feature-flags - sentry_env: production - sentry_org: pocket - requires: - - feature-flags_code_deploy_ecs_prod diff --git a/.circleci/fxa-webhook-proxy.yml b/.circleci/fxa-webhook-proxy.yml deleted file mode 100644 index 073753c7d..000000000 --- a/.circleci/fxa-webhook-proxy.yml +++ /dev/null @@ -1,217 +0,0 @@ - -workflows: - fxa-webhook-proxy: - jobs: - - ###### - # Every PR Jobs - ###### - - build_lambda: - <<: *not_dev_main - context: pocket - for: fxa_webhook_proxy - name: fxa-webhook-proxy_build_sqs_lambda - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: fxa-webhook-proxy-sqs - sentry_project_name: fxa-webhook-proxy - sentry_env: development - sentry_org: pocket - - - build_lambda: - <<: *not_dev_main - context: pocket - for: fxa_webhook_proxy - name: fxa-webhook-proxy_build_gateway_lambda - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: fxa-webhook-proxy-gateway - sentry_project_name: fxa-webhook-proxy - sentry_env: development - sentry_org: pocket - - - infrastructure: - <<: *not_dev_main - context: pocket - for: fxa_webhook_proxy - name: fxa-webhook-proxy_infrastructure_plan_prod - scope: fxa-webhook-proxy-cdk - stack-output-path: infrastructure/fxa-webhook-proxy/cdktf.out/stacks/fxa-webhook-proxy - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: fxa_webhook_proxy - name: fxa-webhook-proxy_infrastructure_apply_dev - scope: fxa-webhook-proxy-cdk - stack-output-path: infrastructure/fxa-webhook-proxy/cdktf.out/stacks/fxa-webhook-proxy - resource-class: pocket/default-dev - apply: true - dev: true - - - build_lambda: - <<: *only_dev - context: pocket - for: fxa_webhook_proxy - name: fxa-webhook-proxy_events_build_gateway_lambda_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: fxa-webhook-proxy-gateway - sentry_project_name: fxa-webhook-proxy - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-fxawebhookproxy-dev-apigateway-fxa-events - requires: - - fxa-webhook-proxy_infrastructure_apply_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: fxa_webhook_proxy - name: fxa-webhook-proxy_gateway_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: FxAWebhookProxy-Dev-ApiGateway-FxA-Events-Lambda - codedeploy-group-name: FxAWebhookProxy-Dev-ApiGateway-FxA-Events-Lambda - function-name: FxAWebhookProxy-Dev-ApiGateway-FxA-Events-Function - s3-bucket: pocket-fxawebhookproxy-dev-apigateway-fxa-events - requires: - - fxa-webhook-proxy_events_build_gateway_lambda_dev - - - build_lambda: - <<: *only_dev - context: pocket - for: fxa_webhook_proxy - name: fxa-webhook-proxy_events_build_sqs_lambda_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: fxa-webhook-proxy-sqs - sentry_project_name: fxa-webhook-proxy - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-fxawebhookproxy-dev-sqs-fxa-events - requires: - - fxa-webhook-proxy_infrastructure_apply_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: fxa_webhook_proxy - name: fxa-webhook-proxy_sqs_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: FxAWebhookProxy-Dev-Sqs-FxA-Events-Lambda - codedeploy-group-name: FxAWebhookProxy-Dev-Sqs-FxA-Events-Lambda - function-name: FxAWebhookProxy-Dev-Sqs-FxA-Events-Function - s3-bucket: pocket-fxawebhookproxy-dev-sqs-fxa-events - requires: - - fxa-webhook-proxy_events_build_sqs_lambda_dev - - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: fxa-webhook-proxy_sentry-release-notification-dev - context: pocket - for: fxa_webhook_proxy - sentry_project_name: fxa-webhook-proxy - sentry_env: development - sentry_org: pocket - requires: - - fxa-webhook-proxy_sqs_code_deploy_lambda_dev - - fxa-webhook-proxy_gateway_code_deploy_lambda_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: fxa_webhook_proxy - name: fxa-webhook-proxy_infrastructure_apply_prod - scope: fxa-webhook-proxy-cdk - stack-output-path: infrastructure/fxa-webhook-proxy/cdktf.out/stacks/fxa-webhook-proxy - resource-class: pocket/default-prod - apply: true - dev: false - - - build_lambda: - <<: *only_main - context: pocket - for: fxa_webhook_proxy - name: fxa-webhook-proxy_events_build_gateway_lambda_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - scope: fxa-webhook-proxy-gateway - sentry_project_name: fxa-webhook-proxy - sentry_env: prodelopment - sentry_org: pocket - s3-bucket: pocket-fxawebhookproxy-prod-apigateway-fxa-events - requires: - - fxa-webhook-proxy_infrastructure_apply_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: fxa_webhook_proxy - name: fxa-webhook-proxy_gateway_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: FxAWebhookProxy-Prod-ApiGateway-FxA-Events-Lambda - codedeploy-group-name: FxAWebhookProxy-Prod-ApiGateway-FxA-Events-Lambda - function-name: FxAWebhookProxy-Prod-ApiGateway-FxA-Events-Function - s3-bucket: pocket-fxawebhookproxy-prod-apigateway-fxa-events - requires: - - fxa-webhook-proxy_events_build_gateway_lambda_prod - - - build_lambda: - <<: *only_main - context: pocket - for: fxa_webhook_proxy - name: fxa-webhook-proxy_events_build_sqs_lambda_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - scope: fxa-webhook-proxy-sqs - sentry_project_name: fxa-webhook-proxy - sentry_env: prodelopment - sentry_org: pocket - s3-bucket: pocket-fxawebhookproxy-prod-sqs-fxa-events - requires: - - fxa-webhook-proxy_infrastructure_apply_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: fxa_webhook_proxy - name: fxa-webhook-proxy_sqs_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: FxAWebhookProxy-Prod-Sqs-FxA-Events-Lambda - codedeploy-group-name: FxAWebhookProxy-Prod-Sqs-FxA-Events-Lambda - function-name: FxAWebhookProxy-Prod-Sqs-FxA-Events-Function - s3-bucket: pocket-fxawebhookproxy-prod-sqs-fxa-events - requires: - - fxa-webhook-proxy_events_build_sqs_lambda_prod - - - # Notify sentry of prod deployment - - sentry_release_notification: - <<: *only_main - name: fxa-webhook-proxy_sentry-release-notification-prod - context: pocket - for: fxa_webhook_proxy - sentry_project_name: fxa-webhook-proxy - sentry_env: prodelopment - sentry_org: pocket - requires: - - fxa-webhook-proxy_sqs_code_deploy_lambda_prod - - fxa-webhook-proxy_gateway_code_deploy_lambda_prod diff --git a/.circleci/header.yml b/.circleci/header.yml deleted file mode 100644 index 40f89030d..000000000 --- a/.circleci/header.yml +++ /dev/null @@ -1,45 +0,0 @@ -# Workflow shortcuts -# Anything in this file will be added to all the yaml files, before CircleCI merges them. -# This is because yaml files need to be valid before merge and that means things like anchors must be defined in each file. - -node_image: &node_image cimg/node:20.16 -node_version: &node_version 20.16 -base_image: &base_image cimg/base:2024.08 - -not_main: ¬_main - filters: - branches: - ignore: - - main - -only_main: &only_main - filters: - branches: - only: - - main - -not_dev: ¬_dev - filters: - branches: - ignore: - - dev - -only_dev_main: &only_dev_main - filters: - branches: - only: - - dev - - main - -not_dev_main: ¬_dev_main - filters: - branches: - ignore: - - dev - - main - -only_dev: &only_dev - filters: - branches: - only: - - dev \ No newline at end of file diff --git a/.circleci/image-api.yml b/.circleci/image-api.yml deleted file mode 100644 index 7c4f295dc..000000000 --- a/.circleci/image-api.yml +++ /dev/null @@ -1,161 +0,0 @@ - -workflows: - image-api: - jobs: - - ###### - # Every PR Jobs - ###### - - apollo: - name: image-api_apollo - fed_graph_name: pocket-client-api - graph_name: image-api - schema_file_path: servers/image-api/schema.graphql - prod_graph_url: https://image-api.readitlater.com - dev_graph_url: https://image-api.getpocket.dev - scope: image-api - - - apollo: - name: image-api_apollo_admin - fed_graph_name: pocket-admin-api - schema_file_path: servers/image-api/schema.graphql - graph_name: image-api - prod_graph_url: https://image-api.readitlater.com - dev_graph_url: https://image-api.getpocket.dev - apollo_key_env: APOLLO_ADMIN_KEY - scope: image-api - - - test_integrations: - <<: *not_dev_main - for: image_api - context: pocket - name: image-api_test_integrations - scope: image-api - - # Try building the ECS docker image on each branch - - build_image: - <<: *not_dev_main - context: pocket - for: image_api - name: image-api_build_docker - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: imageapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=image-api --build-arg APP_PATH=servers/image-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=image-api --build-arg PORT=4867 - - - infrastructure: - <<: *not_dev_main - context: pocket - for: image_api - name: image-api_infrastructure_plan_prod - scope: image-api-cdk - stack-output-path: infrastructure/image-api/cdktf.out/stacks/image-api - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: image_api - name: image-api_infrastructure_apply_dev - scope: image-api-cdk - stack-output-path: infrastructure/image-api/cdktf.out/stacks/image-api - resource-class: pocket/default-dev - apply: true - dev: true - - # Build & Deploy the Dev Docker Image - - build_image: - <<: *only_dev - context: pocket - for: image_api - name: image-api_build_docker_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: imageapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=image-api --build-arg APP_PATH=servers/image-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=image-api --build-arg PORT=4867 - requires: - - image-api_infrastructure_apply_dev - - - code_deploy_ecs: - <<: *only_dev - context: pocket - for: image_api - name: image-api_code_deploy_ecs_dev - resource-class: pocket/default-dev - requires: - - image-api_build_docker_dev - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: image-api_sentry-release-notification-dev - context: pocket - for: image_api - sentry_project_name: image-api - sentry_env: development - sentry_org: pocket - requires: - - image-api_code_deploy_ecs_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: image_api - name: image-api_infrastructure_apply_prod - scope: image-api-cdk - stack-output-path: infrastructure/image-api/cdktf.out/stacks/image-api - resource-class: pocket/default-prod - apply: true - dev: false - - # Build & Deploy the Prod Docker Image - - build_image: - <<: *only_main - context: pocket - for: image_api - name: image-api_build_docker_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - repo-name: imageapi-prod-app - ecr-url: 996905175585.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=image-api --build-arg APP_PATH=servers/image-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=image-api --build-arg PORT=4867 - requires: - - image-api_infrastructure_apply_prod - - - code_deploy_ecs: - <<: *only_main - context: pocket - for: image_api - name: image-api_code_deploy_ecs_prod - resource-class: pocket/default-prod - requires: - - image-api_build_docker_prod - - # Notify sentry of main deployment - - sentry_release_notification: - <<: *only_main - name: image-api_sentry-release-notification-prod - context: pocket - for: image_api - sentry_project_name: image-api - sentry_env: production - sentry_org: pocket - requires: - - image-api_code_deploy_ecs_prod diff --git a/.circleci/instant-sync-events.yml b/.circleci/instant-sync-events.yml deleted file mode 100644 index eb0576ab9..000000000 --- a/.circleci/instant-sync-events.yml +++ /dev/null @@ -1,149 +0,0 @@ - -workflows: - instant-sync-events: - jobs: - - ###### - # Every PR Jobs - ###### - - test_integrations: - <<: *not_dev_main - for: instant_sync_events - context: pocket - name: instant-sync-events_test_integrations - scope: instant-sync-events - - - build_lambda: - <<: *not_dev_main - context: pocket - for: instant_sync_events - name: instant-sync-events_build_lambda - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: instant-sync-events - sentry_project_name: instant-sync-events - sentry_env: development - sentry_org: pocket - - - infrastructure: - <<: *not_dev_main - context: pocket - for: instant_sync_events - name: instant-sync-events_infrastructure_plan_prod - scope: instant-sync-events-cdk - stack-output-path: infrastructure/instant-sync-events/cdktf.out/stacks/instant-sync-events - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: instant_sync_events - name: instant-sync-events_infrastructure_apply_dev - scope: instant-sync-events-cdk - stack-output-path: infrastructure/instant-sync-events/cdktf.out/stacks/instant-sync-events - resource-class: pocket/default-dev - apply: true - dev: true - - - build_lambda: - <<: *only_dev - context: pocket - for: instant_sync_events - name: instant-sync-events_build_lambda_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: instant-sync-events - sentry_project_name: instant-sync-events - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-instantsyncevents-dev-eventtracker - requires: - - instant-sync-events_infrastructure_apply_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: instant_sync_events - name: instant-sync-events_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: InstantSyncEvents-Dev-EventTracker-Lambda - codedeploy-group-name: InstantSyncEvents-Dev-EventTracker-Lambda - function-name: InstantSyncEvents-Dev-EventTracker-Function - s3-bucket: pocket-instantsyncevents-dev-eventtracker - requires: - - instant-sync-events_build_lambda_dev - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: instant-sync-events_sentry-release-notification-dev - context: pocket - for: instant_sync_events - sentry_project_name: instant-sync-events - sentry_env: development - sentry_org: pocket - requires: - - instant-sync-events_code_deploy_lambda_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: instant_sync_events - name: instant-sync-events_infrastructure_apply_prod - scope: instant-sync-events-cdk - stack-output-path: infrastructure/instant-sync-events/cdktf.out/stacks/instant-sync-events - resource-class: pocket/default-prod - apply: true - dev: false - - - build_lambda: - <<: *only_main - context: pocket - for: instant_sync_events - name: instant-sync-events_build_lambda_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - scope: instant-sync-events - sentry_project_name: instant-sync-events - sentry_env: production - sentry_org: pocket - s3-bucket: pocket-instantsyncevents-prod-eventtracker - requires: - - instant-sync-events_infrastructure_apply_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: instant_sync_events - name: instant-sync-events_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: InstantSyncEvents-Prod-EventTracker-Lambda - codedeploy-group-name: InstantSyncEvents-Prod-EventTracker-Lambda - function-name: InstantSyncEvents-Prod-EventTracker-Function - s3-bucket: pocket-instantsyncevents-prod-eventtracker - requires: - - instant-sync-events_build_lambda_prod - - # Notify sentry of main deployment - - sentry_release_notification: - <<: *only_main - name: instant-sync-events_sentry-release-notification-prod - context: pocket - for: instant_sync_events - sentry_project_name: instant-sync-events - sentry_env: production - sentry_org: pocket - requires: - - instant-sync-events_code_deploy_lambda_prod diff --git a/.circleci/list-api.yml b/.circleci/list-api.yml deleted file mode 100644 index a3445b72b..000000000 --- a/.circleci/list-api.yml +++ /dev/null @@ -1,152 +0,0 @@ - -workflows: - list-api: - jobs: - - ###### - # Every PR Jobs - ###### - - apollo: - name: list-api_apollo - fed_graph_name: pocket-client-api - graph_name: list - schema_file_path: servers/list-api/dist/schema-generated.graphql - prod_graph_url: https://list-api.readitlater.com - dev_graph_url: https://list-api.getpocket.dev - build_command: pnpm run build --filter=list-api... - scope: list-api - - - test_integrations: - <<: *not_dev_main - for: list_api - context: pocket - name: list-api_test_integrations - scope: list-api - - # Try building the ECS docker image on each branch - - build_image: - <<: *not_dev_main - context: pocket - for: list_api - name: list-api_build_docker - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: listapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=list-api --build-arg APP_PATH=servers/list-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=list-api --build-arg PORT=4005 - - - infrastructure: - <<: *not_dev_main - context: pocket - for: list_api - name: list-api_infrastructure_plan_prod - scope: list-api-cdk - stack-output-path: infrastructure/list-api/cdktf.out/stacks/list-api - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: list_api - name: list-api_infrastructure_apply_dev - scope: list-api-cdk - stack-output-path: infrastructure/list-api/cdktf.out/stacks/list-api - resource-class: pocket/default-dev - apply: true - dev: true - - # Build & Deploy the Dev Docker Image - - build_image: - <<: *only_dev - context: pocket - for: list_api - name: list-api_build_docker_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: listapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=list-api --build-arg APP_PATH=servers/list-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=list-api --build-arg PORT=4005 - requires: - - list-api_infrastructure_apply_dev - - - code_deploy_ecs: - <<: *only_dev - context: pocket - for: list_api - name: list-api_code_deploy_ecs_dev - resource-class: pocket/default-dev - requires: - - list-api_build_docker_dev - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: list-api_sentry-release-notification-dev - context: pocket - for: list_api - sentry_project_name: list-api - sentry_env: development - sentry_org: pocket - requires: - - list-api_code_deploy_ecs_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: list_api - name: list-api_infrastructure_apply_prod - scope: list-api-cdk - stack-output-path: infrastructure/list-api/cdktf.out/stacks/list-api - resource-class: pocket/default-prod - apply: true - dev: false - - # Build & Deploy the Prod Docker Image - - build_image: - <<: *only_main - context: pocket - for: list_api - name: list-api_build_docker_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - repo-name: listapi-prod-app - ecr-url: 996905175585.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=list-api --build-arg APP_PATH=servers/list-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=list-api --build-arg PORT=4005 - requires: - - list-api_infrastructure_apply_prod - - - code_deploy_ecs: - <<: *only_main - context: pocket - for: list_api - name: list-api_code_deploy_ecs_prod - resource-class: pocket/default-prod - requires: - - list-api_build_docker_prod - - # Notify sentry of main deployment - - sentry_release_notification: - <<: *only_main - name: list-api_sentry-release-notification-prod - context: pocket - for: list_api - sentry_project_name: list-api - sentry_env: production - sentry_org: pocket - requires: - - list-api_code_deploy_ecs_prod diff --git a/.circleci/parser-graphql-wrapper.yml b/.circleci/parser-graphql-wrapper.yml deleted file mode 100644 index 547d9d690..000000000 --- a/.circleci/parser-graphql-wrapper.yml +++ /dev/null @@ -1,161 +0,0 @@ - -workflows: - parser-graphql-wrapper: - jobs: - - ###### - # Every PR Jobs - ###### - - apollo: - name: parser-graphql-wrapper_apollo - fed_graph_name: pocket-client-api - graph_name: parser - schema_file_path: servers/parser-graphql-wrapper/schema.graphql - prod_graph_url: https://parser-graphql-wrapper.readitlater.com - dev_graph_url: https://parser-graphql-wrapper.getpocket.dev - scope: parser-graphql-wrapper - - - apollo: - name: parser-graphql-wrapper_apollo_admin - fed_graph_name: pocket-admin-api - schema_file_path: servers/parser-graphql-wrapper/schema.graphql - graph_name: parser - prod_graph_url: https://parser-graphql-wrapper.readitlater.com - dev_graph_url: https://parser-graphql-wrapper.getpocket.dev - apollo_key_env: APOLLO_ADMIN_KEY - scope: parser-graphql-wrapper - - - test_integrations: - <<: *not_dev_main - for: parser_graphql_wrapper - context: pocket - name: parser-graphql-wrapper_test_integrations - scope: parser-graphql-wrapper - - # Try building the ECS docker image on each branch - - build_image: - <<: *not_dev_main - context: pocket - for: parser_graphql_wrapper - name: parser-graphql-wrapper_build_docker - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: parsergraphqlwrapper-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=parser-graphql-wrapper --build-arg APP_PATH=servers/parser-graphql-wrapper --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=parser-graphql-wrapper --build-arg PORT=4001 - - - infrastructure: - <<: *not_dev_main - context: pocket - for: parser_graphql_wrapper - name: parser-graphql-wrapper_infrastructure_plan_prod - scope: parser-graphql-wrapper-cdk - stack-output-path: infrastructure/parser-graphql-wrapper/cdktf.out/stacks/parser-graphql-wrapper - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: parser_graphql_wrapper - name: parser-graphql-wrapper_infrastructure_apply_dev - scope: parser-graphql-wrapper-cdk - stack-output-path: infrastructure/parser-graphql-wrapper/cdktf.out/stacks/parser-graphql-wrapper - resource-class: pocket/default-dev - apply: true - dev: true - - # Build & Deploy the Dev Docker Image - - build_image: - <<: *only_dev - context: pocket - for: parser_graphql_wrapper - name: parser-graphql-wrapper_build_docker_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: parsergraphqlwrapper-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=parser-graphql-wrapper --build-arg APP_PATH=servers/parser-graphql-wrapper --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=parser-graphql-wrapper --build-arg PORT=4001 - requires: - - parser-graphql-wrapper_infrastructure_apply_dev - - - code_deploy_ecs: - <<: *only_dev - context: pocket - for: parser_graphql_wrapper - name: parser-graphql-wrapper_code_deploy_ecs_dev - resource-class: pocket/default-dev - requires: - - parser-graphql-wrapper_build_docker_dev - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: parser-graphql-wrapper_sentry-release-notification-dev - context: pocket - for: parser_graphql_wrapper - sentry_project_name: parser-graphql-wrapper - sentry_env: development - sentry_org: pocket - requires: - - parser-graphql-wrapper_code_deploy_ecs_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: parser_graphql_wrapper - name: parser-graphql-wrapper_infrastructure_apply_prod - scope: parser-graphql-wrapper-cdk - stack-output-path: infrastructure/parser-graphql-wrapper/cdktf.out/stacks/parser-graphql-wrapper - resource-class: pocket/default-prod - apply: true - dev: false - - # Build & Deploy the Prod Docker Image - - build_image: - <<: *only_main - context: pocket - for: parser_graphql_wrapper - name: parser-graphql-wrapper_build_docker_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - repo-name: parsergraphqlwrapper-prod-app - ecr-url: 996905175585.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=parser-graphql-wrapper --build-arg APP_PATH=servers/parser-graphql-wrapper --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=parser-graphql-wrapper --build-arg PORT=4001 - requires: - - parser-graphql-wrapper_infrastructure_apply_prod - - - code_deploy_ecs: - <<: *only_main - context: pocket - for: parser_graphql_wrapper - name: parser-graphql-wrapper_code_deploy_ecs_prod - resource-class: pocket/default-prod - requires: - - parser-graphql-wrapper_build_docker_prod - - # Notify sentry of main deployment - - sentry_release_notification: - <<: *only_main - name: parser-graphql-wrapper_sentry-release-notification-prod - context: pocket - for: parser_graphql_wrapper - sentry_project_name: parser-graphql-wrapper - sentry_env: production - sentry_org: pocket - requires: - - parser-graphql-wrapper_code_deploy_ecs_prod diff --git a/.circleci/pocket-event-bridge.yml b/.circleci/pocket-event-bridge.yml deleted file mode 100644 index b5d954b36..000000000 --- a/.circleci/pocket-event-bridge.yml +++ /dev/null @@ -1,49 +0,0 @@ - -workflows: - pocket-event-bridge: - jobs: - - ###### - # Every PR Jobs - ###### - - - infrastructure: - <<: *not_dev_main - context: pocket - for: pocket_event_bridge - name: pocket-event-bridge_infrastructure_plan_prod - scope: pocket-event-bridge-cdk - stack-output-path: infrastructure/pocket-event-bridge/cdktf.out/stacks/pocket-event-bridge - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: pocket_event_bridge - name: pocket-event-bridge_infrastructure_apply_dev - scope: pocket-event-bridge-cdk - stack-output-path: infrastructure/pocket-event-bridge/cdktf.out/stacks/pocket-event-bridge - resource-class: pocket/default-dev - apply: true - dev: true - - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: pocket_event_bridge - name: pocket-event-bridge_infrastructure_apply_prod - scope: pocket-event-bridge-cdk - stack-output-path: infrastructure/pocket-event-bridge/cdktf.out/stacks/pocket-event-bridge - resource-class: pocket/default-prod - apply: true - dev: false diff --git a/.circleci/push-server.yml b/.circleci/push-server.yml deleted file mode 100644 index b724841be..000000000 --- a/.circleci/push-server.yml +++ /dev/null @@ -1,124 +0,0 @@ - -workflows: - push-server: - jobs: - - ###### - # Every PR Jobs - ###### - - test_integrations: - <<: *not_dev_main - for: push_server - context: pocket - name: push-server_test_integrations - scope: push-server - - # Try building the ECS docker image on each branch - - build_image: - <<: *not_dev_main - context: pocket - for: push_server - name: push-server_build_docker - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: push-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=push-server --build-arg APP_PATH=servers/push-server --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=push-server - - - infrastructure: - <<: *not_dev_main - context: pocket - for: push_server - name: push-server_infrastructure_plan_prod - scope: push-server-cdk - stack-output-path: infrastructure/push-server/cdktf.out/stacks/push-server - resource-class: pocket/default-prod - dev: false - apply: false - - # ###### - # # Dev Branch Deployment (Dev Environment) - # ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: push_server - name: push-server_infrastructure_apply_dev - scope: push-server-cdk - stack-output-path: infrastructure/push-server/cdktf.out/stacks/push-server - resource-class: pocket/default-dev - apply: true - dev: true - - # Build & Deploy the Dev Docker Image - - build_image: - <<: *only_dev - context: pocket - for: push_server - name: push-server_build_docker_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: push-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=push-server --build-arg APP_PATH=servers/push-server --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=push-server - requires: - - push-server_infrastructure_apply_dev - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: push-server_sentry-release-notification-dev - context: pocket - for: push_server - sentry_project_name: push-server - sentry_env: development - sentry_org: pocket - requires: - - push-server_infrastructure_apply_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: push_server - name: push-server_infrastructure_apply_prod - scope: push-server-cdk - stack-output-path: infrastructure/push-server/cdktf.out/stacks/push-server - resource-class: pocket/default-prod - apply: true - dev: false - - # Build & Deploy the Prod Docker Image - - build_image: - <<: *only_main - context: pocket - for: push_server - name: push-server_build_docker_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - repo-name: push-prod-app - ecr-url: 996905175585.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=push-server --build-arg APP_PATH=servers/push-server --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=push-server - requires: - - push-server_infrastructure_apply_prod - - # Notify sentry of main deployment - - sentry_release_notification: - <<: *only_main - name: push-server_sentry-release-notification-prod - context: pocket - for: push_server - sentry_project_name: push-server - sentry_env: production - sentry_org: pocket - requires: - - push-server_infrastructure_apply_prod diff --git a/.circleci/repo-jobs.yml b/.circleci/repo-jobs.yml deleted file mode 100644 index d53984dec..000000000 --- a/.circleci/repo-jobs.yml +++ /dev/null @@ -1,48 +0,0 @@ -jobs: - lint: - docker: - - image: *node_image - steps: - - checkout - - install_pnpm - - run: - name: Lint - command: | - corepack pnpm run lint - - mismatched_versions: - docker: - - image: *node_image - steps: - - checkout - - install_pnpm - - run: - name: Check for Mismatch - command: | - corepack pnpm list-mismatches - - test: - docker: - - image: *node_image - resource_class: xlarge - steps: - - checkout - - install_pnpm - - run: - name: Test - # Following uses a 2 concurrency because terraform modules seems to fail with an OOM error on CI if we do more. - command: | - corepack pnpm run test --concurrency=2 - -workflows: - repo: - jobs: - - lint: - <<: *not_dev_main - context: pocket - - test: - <<: *not_dev_main - context: pocket - - mismatched_versions: - <<: *not_dev_main - context: pocket \ No newline at end of file diff --git a/.circleci/scripts/setup.sh b/.circleci/scripts/setup.sh deleted file mode 100755 index a730ec0fd..000000000 --- a/.circleci/scripts/setup.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -e - -dir=$(dirname "$0") -while [[ "$1" ]]; do - case "$1" in - --db) - "${dir}"/setup_db.sh - ;; - --aws=*) - # Extract the value after '=' - "${dir}"/setup_aws.sh --scope="${1#*=}" - ;; - esac - shift -done diff --git a/.circleci/scripts/setup_aws.sh b/.circleci/scripts/setup_aws.sh deleted file mode 100755 index cd393ea8d..000000000 --- a/.circleci/scripts/setup_aws.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -set -e - -sudo apt-get update && sudo apt-get install -y python3-pip -pip3 install boto3 awscli-local awscli --no-build-isolation - -# Default value for scope -scope="" -# Loop through the arguments -while [ "$#" -gt 0 ]; do - case $1 in - --scope=*) - # Extract the value after '=' - scope="${1#*=}" - ;; - esac - shift -done - -script=".docker/aws-resources/${scope}.sh" - -# Check if the script exists -if [ -f "$script" ]; then - echo "Executing script: $script" - # Execute the script - bash "$script" -fi diff --git a/.circleci/scripts/setup_db.sh b/.circleci/scripts/setup_db.sh deleted file mode 100755 index 963580e0e..000000000 --- a/.circleci/scripts/setup_db.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# shellcheck disable=SC1090 - -echo "Setting up database" - -sudo apt-get update && sudo apt-get install -y default-mysql-client - -set -e -mysql=( mysql -uroot -h127.0.0.1 ) - -# Wait for mysql to respond -for _ in {30..0}; do - if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then - break - fi - echo 'MySQL init process in progress...' - sleep 1 -done - -for f in .docker/mysql-8-resources/schema/*; do - echo "$f" - case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; - *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo -done \ No newline at end of file diff --git a/.circleci/scripts/update_bluegreen_service_via_task_def.sh b/.circleci/scripts/update_bluegreen_service_via_task_def.sh deleted file mode 100755 index 662285d8e..000000000 --- a/.circleci/scripts/update_bluegreen_service_via_task_def.sh +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/bash -# From https://github.com/CircleCI-Public/aws-ecs-orb/blob/master/src/scripts/update_bluegreen_service_via_task_def.sh -set -o noglob - -# These variables are evaluated so the config file may contain and pass in environment variables to the parameters. -ORB_STR_CD_APP_NAME="$(circleci env subst "$ORB_STR_CD_APP_NAME")" -ORB_STR_CD_DEPLOY_GROUP_NAME="$(circleci env subst "$ORB_STR_CD_DEPLOY_GROUP_NAME")" -ORB_STR_CD_LOAD_BALANCED_CONTAINER_NAME="$(circleci env subst "$ORB_STR_CD_LOAD_BALANCED_CONTAINER_NAME")" -ORB_STR_CD_CAPACITY_PROVIDER_WEIGHT="$(circleci env subst "$ORB_STR_CD_CAPACITY_PROVIDER_WEIGHT")" -ORB_STR_CD_CAPACITY_PROVIDER_BASE="$(circleci env subst "$ORB_STR_CD_CAPACITY_PROVIDER_BASE")" -ORB_STR_CD_DEPLOYMENT_CONFIG_NAME="$(circleci env subst "$ORB_STR_CD_DEPLOYMENT_CONFIG_NAME")" -ORB_STR_PROFILE_NAME="$(circleci env subst "$ORB_STR_PROFILE_NAME")" -ORB_INT_CD_LOAD_BALANCED_CONTAINER_PORT="$(circleci env subst "$ORB_INT_CD_LOAD_BALANCED_CONTAINER_PORT")" - -DEPLOYED_REVISION="${CCI_ORB_AWS_ECS_REGISTERED_TASK_DFN}" - -if [ "$ORB_BOOL_ENABLE_CIRCUIT_BREAKER" == "1" ] && [ "$ORB_BOOL_VERIFY_REV_DEPLOY" == "0" ]; then - echo "enable-circuit-breaker is set to true, but verify-revision-deploy is set to false. verfiy-revision-deploy must be set to true to use enable-circuit-breaker." - exit 1 -fi - -if [ -n "$ORB_STR_CD_CAPACITY_PROVIDER_NAME" ]; then - if [ -z "$ORB_STR_CD_CAPACITY_PROVIDER_WEIGHT" ] || [ -z "$ORB_STR_CD_CAPACITY_PROVIDER_BASE" ]; then - echo "Capacity Provider base and weight parameter must all be provided. Please try again" - exit 1 - else - REVISION="{\"revisionType\": \"AppSpecContent\", \"appSpecContent\": {\"content\": \"{\\\"version\\\": 1, \\\"Resources\\\": [{\\\"TargetService\\\": {\\\"Type\\\": \\\"AWS::ECS::Service\\\", \\\"Properties\\\": {\\\"TaskDefinition\\\": \\\"${CCI_ORB_AWS_ECS_REGISTERED_TASK_DFN}\\\", \\\"LoadBalancerInfo\\\": {\\\"ContainerName\\\": \\\"$ORB_STR_CD_LOAD_BALANCED_CONTAINER_NAME\\\", \\\"ContainerPort\\\": $ORB_INT_CD_LOAD_BALANCED_CONTAINER_PORT},\\\"CapacityProviderStrategy\\\":[{\\\"CapacityProvider\\\":\\\"$ORB_STR_CD_CAPACITY_PROVIDER_NAME\\\", \\\"Base\\\":${ORB_STR_CD_CAPACITY_PROVIDER_BASE}, \\\"Weight\\\":${ORB_STR_CD_CAPACITY_PROVIDER_WEIGHT}}]}}}]}\"}}" - fi -else - REVISION="{\"revisionType\": \"AppSpecContent\", \"appSpecContent\": {\"content\": \"{\\\"version\\\": 1, \\\"Resources\\\": [{\\\"TargetService\\\": {\\\"Type\\\": \\\"AWS::ECS::Service\\\", \\\"Properties\\\": {\\\"TaskDefinition\\\": \\\"${CCI_ORB_AWS_ECS_REGISTERED_TASK_DFN}\\\", \\\"LoadBalancerInfo\\\": {\\\"ContainerName\\\": \\\"$ORB_STR_CD_LOAD_BALANCED_CONTAINER_NAME\\\", \\\"ContainerPort\\\": $ORB_INT_CD_LOAD_BALANCED_CONTAINER_PORT}}}}]}\"}}" -fi - -if [ -n "$ORB_STR_CD_DEPLOYMENT_CONFIG_NAME" ]; then - set -- "$@" --deployment-config-name "${ORB_STR_CD_DEPLOYMENT_CONFIG_NAME}" -fi - -DEPLOYMENT_ID=$(aws deploy create-deployment \ - --application-name "$ORB_STR_CD_APP_NAME" \ - --deployment-group-name "$ORB_STR_CD_DEPLOY_GROUP_NAME" \ - --profile "$ORB_STR_PROFILE_NAME" \ - --query deploymentId \ - --revision "${REVISION}" \ - "$@" \ - --output text) - -echo "Created CodeDeploy deployment: $DEPLOYMENT_ID" - -if [ "$ORB_BOOL_VERIFY_REV_DEPLOY" == "1" ]; then - echo "Waiting for deployment to succeed." - if aws deploy wait deployment-successful --deployment-id "${DEPLOYMENT_ID}" --profile "${ORB_STR_PROFILE_NAME}"; then - echo "Deployment succeeded." - elif [ "$ORB_BOOL_ENABLE_CIRCUIT_BREAKER" == "1" ]; then - echo "Deployment failed. Rolling back." - aws deploy stop-deployment --deployment-id "${DEPLOYMENT_ID}" --auto-rollback-enabled --profile "${ORB_STR_PROFILE_NAME}" - else - echo "Deployment failed. Exiting." - exit 1 - fi -fi - -echo "export CCI_ORB_AWS_ECS_DEPLOYED_REVISION='${DEPLOYED_REVISION}'" >> "$BASH_ENV" \ No newline at end of file diff --git a/.circleci/sendgrid-data.yml b/.circleci/sendgrid-data.yml deleted file mode 100644 index ee28dc46b..000000000 --- a/.circleci/sendgrid-data.yml +++ /dev/null @@ -1,143 +0,0 @@ - -workflows: - sendgrid-data: - jobs: - - ###### - # Every PR Jobs - ###### - - build_lambda: - <<: *not_dev_main - context: pocket - for: sendgrid_data - name: sendgrid-data_build_lambda - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: sendgrid-data - sentry_project_name: sendgrid-data - sentry_env: development - sentry_org: pocket - - - infrastructure: - <<: *not_dev_main - context: pocket - for: sendgrid_data - name: sendgrid-data_infrastructure_plan_prod - scope: sendgrid-data-cdk - stack-output-path: infrastructure/sendgrid-data/cdktf.out/stacks/sendgrid-data - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: sendgrid_data - name: sendgrid-data_infrastructure_apply_dev - scope: sendgrid-data-cdk - stack-output-path: infrastructure/sendgrid-data/cdktf.out/stacks/sendgrid-data - resource-class: pocket/default-dev - apply: true - dev: true - - - build_lambda: - <<: *only_dev - context: pocket - for: sendgrid_data - name: sendgrid-data_build_lambda_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: sendgrid-data - sentry_project_name: sendgrid-data - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-sendgriddata-dev-apigateway - requires: - - sendgrid-data_infrastructure_apply_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: sendgrid_data - name: sendgrid-data_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: SendGridData-Dev-ApiGateway-Lambda - codedeploy-group-name: SendGridData-Dev-ApiGateway-Lambda - function-name: SendGridData-Dev-ApiGateway-Function - s3-bucket: pocket-sendgriddata-dev-apigateway - requires: - - sendgrid-data_build_lambda_dev - - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: sendgrid-data_sentry-release-notification-dev - context: pocket - for: sendgrid_data - sentry_project_name: sendgrid-data - sentry_env: development - sentry_org: pocket - requires: - - sendgrid-data_code_deploy_lambda_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: sendgrid_data - name: sendgrid-data_infrastructure_apply_prod - scope: sendgrid-data-cdk - stack-output-path: infrastructure/sendgrid-data/cdktf.out/stacks/sendgrid-data - resource-class: pocket/default-prod - apply: true - dev: false - - build_lambda: - <<: *only_main - context: pocket - for: sendgrid_data - name: sendgrid-data_build_lambda_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - scope: sendgrid-data - sentry_project_name: sendgrid-data - sentry_env: prodelopment - sentry_org: pocket - s3-bucket: pocket-sendgriddata-prod-apigateway - requires: - - sendgrid-data_infrastructure_apply_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: sendgrid_data - name: sendgrid-data_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: SendGridData-Prod-ApiGateway-Lambda - codedeploy-group-name: SendGridData-Prod-ApiGateway-Lambda - function-name: SendGridData-Prod-ApiGateway-Function - s3-bucket: pocket-sendgriddata-prod-apigateway - requires: - - sendgrid-data_build_lambda_prod - - - # Notify sentry of prod deployment - - sentry_release_notification: - <<: *only_main - name: sendgrid-data_sentry-release-notification-prod - context: pocket - for: sendgrid_data - sentry_project_name: sendgrid-data - sentry_env: prodelopment - sentry_org: pocket - requires: - - sendgrid-data_code_deploy_lambda_prod diff --git a/.circleci/shareable-lists-api.yml b/.circleci/shareable-lists-api.yml deleted file mode 100644 index 5b918caa6..000000000 --- a/.circleci/shareable-lists-api.yml +++ /dev/null @@ -1,236 +0,0 @@ - -workflows: - shareable-lists-api: - jobs: - - ###### - # Every PR Jobs - ###### - - apollo: - name: shareable-lists-api_apollo - fed_graph_name: pocket-client-api - graph_name: shareable-lists-api - schema_file_path: servers/shareable-lists-api/schema-client-api.graphql - prod_graph_url: https://shareablelistsapi.readitlater.com - dev_graph_url: https://shareablelistsapi.getpocket.dev - build_command: pnpm run build --filter=shareable-lists-api... - scope: shareable-lists-api - - - apollo: - name: shareable-lists-api_apollo_admin - fed_graph_name: pocket-admin-api - graph_name: shareable-lists-api - schema_file_path: servers/shareable-lists-api/schema-admin-api.graphql - prod_graph_url: https://shareablelistsapi.readitlater.com/admin - dev_graph_url: https://shareablelistsapi.getpocket.dev/admin - build_command: pnpm run build --filter=shareable-lists-api... - apollo_key_env: APOLLO_ADMIN_KEY - scope: shareable-lists-api - - - test_integrations: - <<: *not_dev_main - for: shareable_lists_api - context: pocket - name: shareable-lists-api_test_integrations - scope: shareable-lists-api - - # Try building the ECS docker image on each branch - - build_image: - <<: *not_dev_main - context: pocket - for: shareable_lists_api - name: shareable-lists-api_build_docker - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: shareablelistsapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=shareable-lists-api --build-arg APP_PATH=servers/shareable-lists-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=shareable-lists-api --build-arg PORT=4029 - - - build_lambda: - <<: *not_dev_main - context: pocket - for: shareable_lists_api - name: shareable-lists-api_build_lambda - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: shareable-lists-api-events-lambda - sentry_project_name: shareable-lists-api - sentry_env: development - sentry_org: pocket - - - infrastructure: - <<: *not_dev_main - context: pocket - for: shareable_lists_api - name: shareable-lists-api_infrastructure_plan_prod - scope: shareable-lists-api-cdk - stack-output-path: infrastructure/shareable-lists-api/cdktf.out/stacks/shareable-lists-api - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: shareable_lists_api - name: shareable-lists-api_infrastructure_apply_dev - scope: shareable-lists-api-cdk - stack-output-path: infrastructure/shareable-lists-api/cdktf.out/stacks/shareable-lists-api - resource-class: pocket/default-dev - apply: true - dev: true - - # Build & Deploy the Dev Docker Image - - build_image: - <<: *only_dev - context: pocket - for: shareable_lists_api - name: shareable-lists-api_build_docker_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: shareablelistsapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=shareable-lists-api --build-arg APP_PATH=servers/shareable-lists-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=shareable-lists-api --build-arg PORT=4029 - requires: - - shareable-lists-api_infrastructure_apply_dev - - - code_deploy_ecs: - <<: *only_dev - context: pocket - for: shareable_lists_api - name: shareable-lists-api_code_deploy_ecs_dev - resource-class: pocket/default-dev - requires: - - shareable-lists-api_build_docker_dev - - - build_lambda: - <<: *only_dev - context: pocket - for: shareable_lists_api - name: shareable-lists-api_events_build_lambda_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: shareable-lists-api-events-lambda - sentry_project_name: shareable-lists-api - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-shareablelistsapi-dev-sqs-event-consumer - requires: - - shareable-lists-api_infrastructure_apply_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: shareable_lists_api - name: shareable-lists-api_events_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: ShareableListsApi-Dev-Sqs-Event-Consumer-Lambda - codedeploy-group-name: ShareableListsApi-Dev-Sqs-Event-Consumer-Lambda - function-name: ShareableListsApi-Dev-Sqs-Event-Consumer-Function - s3-bucket: pocket-shareablelistsapi-dev-sqs-event-consumer - requires: - - shareable-lists-api_events_build_lambda_dev - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: shareable-lists-api_sentry-release-notification-dev - context: pocket - for: shareable_lists_api - sentry_project_name: shareable-lists-api - sentry_env: development - sentry_org: pocket - requires: - - shareable-lists-api_code_deploy_ecs_dev - - shareable-lists-api_events_code_deploy_lambda_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: shareable_lists_api - name: shareable-lists-api_infrastructure_apply_prod - scope: shareable-lists-api-cdk - stack-output-path: infrastructure/shareable-lists-api/cdktf.out/stacks/shareable-lists-api - resource-class: pocket/default-prod - apply: true - dev: false - - # Build & Deploy the Prod Docker Image - - build_image: - <<: *only_main - context: pocket - for: shareable_lists_api - name: shareable-lists-api_build_docker_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - repo-name: shareablelistsapi-prod-app - ecr-url: 996905175585.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=shareable-lists-api --build-arg APP_PATH=servers/shareable-lists-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=shareable-lists-api --build-arg PORT=4029 - requires: - - shareable-lists-api_infrastructure_apply_prod - - - code_deploy_ecs: - <<: *only_main - context: pocket - for: shareable_lists_api - name: shareable-lists-api_code_deploy_ecs_prod - resource-class: pocket/default-prod - requires: - - shareable-lists-api_build_docker_prod - - - build_lambda: - <<: *only_main - context: pocket - for: shareable_lists_api - name: shareable-lists-api_events_build_lambda_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - scope: shareable-lists-api-events-lambda - sentry_project_name: shareable-lists-api - sentry_env: production - sentry_org: pocket - s3-bucket: pocket-shareablelistsapi-prod-sqs-event-consumer - requires: - - shareable-lists-api_infrastructure_apply_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: shareable_lists_api - name: shareable-lists-api_events_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: ShareableListsApi-Prod-Sqs-Event-Consumer-Lambda - codedeploy-group-name: ShareableListsApi-Prod-Sqs-Event-Consumer-Lambda - function-name: ShareableListsApi-Prod-Sqs-Event-Consumer-Function - s3-bucket: pocket-shareablelistsapi-prod-sqs-event-consumer - requires: - - shareable-lists-api_events_build_lambda_prod - - # Notify sentry of main deployment - - sentry_release_notification: - <<: *only_main - name: shareable-lists-api_sentry-release-notification-prod - context: pocket - for: shareable_lists_api - sentry_project_name: shareable-lists-api - sentry_env: production - sentry_org: pocket - requires: - - shareable-lists-api_code_deploy_ecs_prod - - shareable-lists-api_events_code_deploy_lambda_prod diff --git a/.circleci/shared-snowplow-consumer.yml b/.circleci/shared-snowplow-consumer.yml deleted file mode 100644 index 981153701..000000000 --- a/.circleci/shared-snowplow-consumer.yml +++ /dev/null @@ -1,143 +0,0 @@ - -workflows: - shared-snowplow-consumer: - jobs: - - ###### - # Every PR Jobs - ###### - - - test_integrations: - <<: *not_dev_main - for: shared_snowplow_consumer - context: pocket - name: shared-snowplow-consumer_test_integrations - scope: shared-snowplow-consumer - - # Try building the ECS docker image on each branch - - build_image: - <<: *not_dev_main - context: pocket - for: shared_snowplow_consumer - name: shared-snowplow-consumer_build_docker - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: sharedsnowplowconsumer-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=shared-snowplow-consumer --build-arg APP_PATH=servers/shared-snowplow-consumer --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=shared-snowplow-consumer --build-arg PORT=4015 - - - infrastructure: - <<: *not_dev_main - context: pocket - for: shared_snowplow_consumer - name: shared-snowplow-consumer_infrastructure_plan_prod - scope: shared-snowplow-consumer-cdk - stack-output-path: infrastructure/shared-snowplow-consumer/cdktf.out/stacks/shared-snowplow-consumer - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: shared_snowplow_consumer - name: shared-snowplow-consumer_infrastructure_apply_dev - scope: shared-snowplow-consumer-cdk - stack-output-path: infrastructure/shared-snowplow-consumer/cdktf.out/stacks/shared-snowplow-consumer - resource-class: pocket/default-dev - apply: true - dev: true - - # Build & Deploy the Dev Docker Image - - build_image: - <<: *only_dev - context: pocket - for: shared_snowplow_consumer - name: shared-snowplow-consumer_build_docker_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: sharedsnowplowconsumer-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=shared-snowplow-consumer --build-arg APP_PATH=servers/shared-snowplow-consumer --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=shared-snowplow-consumer --build-arg PORT=4015 - requires: - - shared-snowplow-consumer_infrastructure_apply_dev - - - code_deploy_ecs: - <<: *only_dev - context: pocket - for: shared_snowplow_consumer - name: shared-snowplow-consumer_code_deploy_ecs_dev - resource-class: pocket/default-dev - requires: - - shared-snowplow-consumer_build_docker_dev - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: shared-snowplow-consumer_sentry-release-notification-dev - context: pocket - for: shared_snowplow_consumer - sentry_project_name: shared-snowplow-consumer - sentry_env: development - sentry_org: pocket - requires: - - shared-snowplow-consumer_code_deploy_ecs_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: shared_snowplow_consumer - name: shared-snowplow-consumer_infrastructure_apply_prod - scope: shared-snowplow-consumer-cdk - stack-output-path: infrastructure/shared-snowplow-consumer/cdktf.out/stacks/shared-snowplow-consumer - resource-class: pocket/default-prod - apply: true - dev: false - - # Build & Deploy the Prod Docker Image - - build_image: - <<: *only_main - context: pocket - for: shared_snowplow_consumer - name: shared-snowplow-consumer_build_docker_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - repo-name: sharedsnowplowconsumer-prod-app - ecr-url: 996905175585.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=shared-snowplow-consumer --build-arg APP_PATH=servers/shared-snowplow-consumer --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=shared-snowplow-consumer --build-arg PORT=4015 - requires: - - shared-snowplow-consumer_infrastructure_apply_prod - - - code_deploy_ecs: - <<: *only_main - context: pocket - for: shared_snowplow_consumer - name: shared-snowplow-consumer_code_deploy_ecs_prod - resource-class: pocket/default-prod - requires: - - shared-snowplow-consumer_build_docker_prod - - # Notify sentry of main deployment - - sentry_release_notification: - <<: *only_main - name: shared-snowplow-consumer_sentry-release-notification-prod - context: pocket - for: shared_snowplow_consumer - sentry_project_name: shared-snowplow-consumer - sentry_env: production - sentry_org: pocket - requires: - - shared-snowplow-consumer_code_deploy_ecs_prod diff --git a/.circleci/shares-api.yml b/.circleci/shares-api.yml deleted file mode 100644 index e53a12d21..000000000 --- a/.circleci/shares-api.yml +++ /dev/null @@ -1,152 +0,0 @@ - -workflows: - shares-api: - jobs: - - ###### - # Every PR Jobs - ###### - - apollo: - name: shares-api_apollo - fed_graph_name: pocket-client-api - graph_name: shares-api - schema_file_path: servers/shares-api/dist/schema-generated.graphql - prod_graph_url: https://shares-api.readitlater.com - dev_graph_url: https://shares-api.getpocket.dev - build_command: pnpm run build --filter=shares-api... - scope: shares-api - - - test_integrations: - <<: *not_dev_main - for: shares_api - context: pocket - name: shares-api_test_integrations - scope: shares-api - - # Try building the ECS docker image on each branch - - build_image: - <<: *not_dev_main - context: pocket - for: shares_api - name: shares-api_build_docker - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: sharesapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=shares-api --build-arg APP_PATH=servers/shares-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=shares-api --build-arg PORT=4031 - - - infrastructure: - <<: *not_dev_main - context: pocket - for: shares_api - name: shares-api_infrastructure_plan_prod - scope: shares-api-cdk - stack-output-path: infrastructure/shares-api/cdktf.out/stacks/shares-api - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: shares_api - name: shares-api_infrastructure_apply_dev - scope: shares-api-cdk - stack-output-path: infrastructure/shares-api/cdktf.out/stacks/shares-api - resource-class: pocket/default-dev - apply: true - dev: true - - # Build & Deploy the Dev Docker Image - - build_image: - <<: *only_dev - context: pocket - for: shares_api - name: shares-api_build_docker_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: sharesapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=shares-api --build-arg APP_PATH=servers/shares-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=shares-api --build-arg PORT=4031 - requires: - - shares-api_infrastructure_apply_dev - - - code_deploy_ecs: - <<: *only_dev - context: pocket - for: shares_api - name: shares-api_code_deploy_ecs_dev - resource-class: pocket/default-dev - requires: - - shares-api_build_docker_dev - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: shares-api_sentry-release-notification-dev - context: pocket - for: shares_api - sentry_project_name: shares-api - sentry_env: development - sentry_org: pocket - requires: - - shares-api_code_deploy_ecs_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: shares_api - name: shares-api_infrastructure_apply_prod - scope: shares-api-cdk - stack-output-path: infrastructure/shares-api/cdktf.out/stacks/shares-api - resource-class: pocket/default-prod - apply: true - dev: false - - # Build & Deploy the Prod Docker Image - - build_image: - <<: *only_main - context: pocket - for: shares_api - name: shares-api_build_docker_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - repo-name: sharesapi-prod-app - ecr-url: 996905175585.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=shares-api --build-arg APP_PATH=servers/shares-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=shares-api --build-arg PORT=4031 - requires: - - shares-api_infrastructure_apply_prod - - - code_deploy_ecs: - <<: *only_main - context: pocket - for: shares_api - name: shares-api_code_deploy_ecs_prod - resource-class: pocket/default-prod - requires: - - shares-api_build_docker_prod - - # Notify sentry of main deployment - - sentry_release_notification: - <<: *only_main - name: shares-api_sentry-release-notification-prod - context: pocket - for: shares_api - sentry_project_name: shares-api - sentry_env: production - sentry_org: pocket - requires: - - shares-api_code_deploy_ecs_prod diff --git a/.circleci/transactional-emails.yml b/.circleci/transactional-emails.yml deleted file mode 100644 index b293f18a5..000000000 --- a/.circleci/transactional-emails.yml +++ /dev/null @@ -1,142 +0,0 @@ - -workflows: - transactional-emails: - jobs: - - ###### - # Every PR Jobs - ###### - - build_lambda: - <<: *not_dev_main - context: pocket - for: transactional_emails - name: transactional-emails_build_lambda - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: transactional-emails - sentry_project_name: transactional-emails - sentry_env: development - sentry_org: pocket - - - infrastructure: - <<: *not_dev_main - context: pocket - for: transactional_emails - name: transactional-emails_infrastructure_plan_prod - scope: transactional-emails-cdk - stack-output-path: infrastructure/transactional-emails/cdktf.out/stacks/transactional-emails - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: transactional_emails - name: transactional-emails_infrastructure_apply_dev - scope: transactional-emails-cdk - stack-output-path: infrastructure/transactional-emails/cdktf.out/stacks/transactional-emails - resource-class: pocket/default-dev - apply: true - dev: true - - - build_lambda: - <<: *only_dev - context: pocket - for: transactional_emails - name: transactional-emails_events_build_lambda_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: transactional-emails - sentry_project_name: transactional-emails - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-transactionalemails-dev-sqs-event-consumer - requires: - - transactional-emails_infrastructure_apply_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: transactional_emails - name: transactional-emails_events_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: TransactionalEmails-Dev-Sqs-Event-Consumer-Lambda - codedeploy-group-name: TransactionalEmails-Dev-Sqs-Event-Consumer-Lambda - function-name: TransactionalEmails-Dev-Sqs-Event-Consumer-Function - s3-bucket: pocket-transactionalemails-dev-sqs-event-consumer - requires: - - transactional-emails_events_build_lambda_dev - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: transactional-emails_sentry-release-notification-dev - context: pocket - for: transactional_emails - sentry_project_name: transactional-emails - sentry_env: development - sentry_org: pocket - requires: - - transactional-emails_events_code_deploy_lambda_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: transactional_emails - name: transactional-emails_infrastructure_apply_prod - scope: transactional-emails-cdk - stack-output-path: infrastructure/transactional-emails/cdktf.out/stacks/transactional-emails - resource-class: pocket/default-prod - apply: true - dev: false - - - build_lambda: - <<: *only_main - context: pocket - for: transactional_emails - name: transactional-emails_events_build_lambda_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - scope: transactional-emails - sentry_project_name: transactional-emails - sentry_env: production - sentry_org: pocket - s3-bucket: pocket-transactionalemails-prod-sqs-event-consumer - requires: - - transactional-emails_infrastructure_apply_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: transactional_emails - name: transactional-emails_events_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: TransactionalEmails-Prod-Sqs-Event-Consumer-Lambda - codedeploy-group-name: TransactionalEmails-Prod-Sqs-Event-Consumer-Lambda - function-name: TransactionalEmails-Prod-Sqs-Event-Consumer-Function - s3-bucket: pocket-transactionalemails-prod-sqs-event-consumer - requires: - - transactional-emails_events_build_lambda_prod - - # Notify sentry of main deployment - - sentry_release_notification: - <<: *only_main - name: transactional-emails_sentry-release-notification-prod - context: pocket - for: transactional_emails - sentry_project_name: transactional-emails - sentry_env: production - sentry_org: pocket - requires: - - transactional-emails_events_code_deploy_lambda_prod diff --git a/.circleci/user-api.yml b/.circleci/user-api.yml deleted file mode 100644 index 4e2c17dec..000000000 --- a/.circleci/user-api.yml +++ /dev/null @@ -1,151 +0,0 @@ - -workflows: - user-api: - jobs: - - ###### - # Every PR Jobs - ###### - - apollo: - name: user-api_apollo - fed_graph_name: pocket-client-api - graph_name: user - schema_file_path: servers/user-api/schema.graphql - prod_graph_url: https://user-api.readitlater.com - dev_graph_url: https://user-api.getpocket.dev - scope: user-api - - - test_integrations: - <<: *not_dev_main - for: user_api - context: pocket - name: user-api_test_integrations - scope: user-api - - # Try building the ECS docker image on each branch - - build_image: - <<: *not_dev_main - context: pocket - for: user_api - name: user-api_build_docker - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: userapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=user-api --build-arg APP_PATH=servers/user-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=user-api --build-arg PORT=4006 - - - infrastructure: - <<: *not_dev_main - context: pocket - for: user_api - name: user-api_infrastructure_plan_prod - scope: user-api-cdk - stack-output-path: infrastructure/user-api/cdktf.out/stacks/user-api - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: user_api - name: user-api_infrastructure_apply_dev - scope: user-api-cdk - stack-output-path: infrastructure/user-api/cdktf.out/stacks/user-api - resource-class: pocket/default-dev - apply: true - dev: true - - # Build & Deploy the Dev Docker Image - - build_image: - <<: *only_dev - context: pocket - for: user_api - name: user-api_build_docker_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: userapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=user-api --build-arg APP_PATH=servers/user-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=user-api --build-arg PORT=4006 - requires: - - user-api_infrastructure_apply_dev - - - code_deploy_ecs: - <<: *only_dev - context: pocket - for: user_api - name: user-api_code_deploy_ecs_dev - resource-class: pocket/default-dev - requires: - - user-api_build_docker_dev - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: user-api_sentry-release-notification-dev - context: pocket - for: user_api - sentry_project_name: user-api - sentry_env: development - sentry_org: pocket - requires: - - user-api_code_deploy_ecs_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: user_api - name: user-api_infrastructure_apply_prod - scope: user-api-cdk - stack-output-path: infrastructure/user-api/cdktf.out/stacks/user-api - resource-class: pocket/default-prod - apply: true - dev: false - - # Build & Deploy the Prod Docker Image - - build_image: - <<: *only_main - context: pocket - for: user_api - name: user-api_build_docker_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - repo-name: userapi-prod-app - ecr-url: 996905175585.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=user-api --build-arg APP_PATH=servers/user-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=user-api --build-arg PORT=4006 - requires: - - user-api_infrastructure_apply_prod - - - code_deploy_ecs: - <<: *only_main - context: pocket - for: user_api - name: user-api_code_deploy_ecs_prod - resource-class: pocket/default-prod - requires: - - user-api_build_docker_prod - - # Notify sentry of main deployment - - sentry_release_notification: - <<: *only_main - name: user-api_sentry-release-notification-prod - context: pocket - for: user_api - sentry_project_name: user-api - sentry_env: production - sentry_org: pocket - requires: - - user-api_code_deploy_ecs_prod diff --git a/.circleci/user-list-search.yml b/.circleci/user-list-search.yml deleted file mode 100644 index 18bded6d0..000000000 --- a/.circleci/user-list-search.yml +++ /dev/null @@ -1,635 +0,0 @@ -workflows: - user-list-search: - jobs: - - ###### - # Every PR Jobs - ###### - - apollo: - name: user-list-search_apollo - fed_graph_name: pocket-client-api - graph_name: user-list-search - schema_file_path: servers/user-list-search/dist/schema-generated.graphql - prod_graph_url: https://user-list-search.readitlater.com/graphql - dev_graph_url: https://user-list-search.getpocket.dev/graphql - build_command: pnpm run build --filter=user-list-search... - scope: user-list-search - - - - test_integrations: - <<: *not_dev_main - for: user_list_search - context: pocket - name: user-list-search_test_integrations - scope: user-list-search - - - build_lambda: - <<: *not_dev_main - context: pocket - for: user_list_search - name: user-list-search_events_build_lambda - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: user-list-search-events - sentry_project_name: user-list-search - sentry_env: development - sentry_org: pocket - - - build_lambda: - <<: *not_dev_main - context: pocket - for: user_list_search - name: user-list-search_kinesis_to_sqs_build_lambda - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: user-list-search-kinesis-to-sqs - sentry_project_name: user-list-search - sentry_env: development - sentry_org: pocket - - - build_lambda: - <<: *not_dev_main - context: pocket - for: user_list_search - name: user-list-search_indexing_build_lambda - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: user-list-search-indexing - sentry_project_name: user-list-search - sentry_env: development - sentry_org: pocket - - # Try building the ECS docker image on each branch - - build_image: - <<: *not_dev_main - context: pocket - for: user_list_search - name: user-list-search_build_docker - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: userlistsearch-dev - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=user-list-search --build-arg APP_PATH=servers/user-list-search --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=user-list-search --build-arg PORT=4000 - - - infrastructure: - <<: *not_dev_main - context: pocket - for: user_list_search - name: user-list-search_infrastructure_plan_prod - stack-output-path: infrastructure/user-list-search - scope: user-list-search-cdk - resource-class: pocket/default-prod - dev: false - apply: false - uses_raw_hcl: true - - # ###### - # # Dev Branch Deployment (Dev Environment) - # ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_infrastructure_apply_dev - stack-output-path: infrastructure/user-list-search - scope: user-list-search-cdk - resource-class: pocket/default-dev - apply: true - dev: true - uses_raw_hcl: true - - # Build & Deploy the Dev Docker Image - - build_image: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_build_docker_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: userlistsearch-dev - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=user-list-search --build-arg APP_PATH=servers/user-list-search --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=user-list-search --build-arg PORT=4000 - requires: - - user-list-search_infrastructure_apply_dev - - - build_lambda: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_events_build_lambda_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: user-list-search-events - sentry_project_name: user-list-search - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-userlistsearch-dev-kinesis-consumer - s3-key: events-$CIRCLE_SHA1.zip - requires: - - user-list-search_infrastructure_apply_dev - - - build_lambda: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_kinesis_build_lambda_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: user-list-search-kinesis-to-sqs - sentry_project_name: user-list-search - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-userlistsearch-dev-kinesis-consumer - s3-key: kinesis-$CIRCLE_SHA1.zip - requires: - - user-list-search_infrastructure_apply_dev - - - build_lambda: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_indexing_build_lambda_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: user-list-search-indexing - sentry_project_name: user-list-search - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-userlistsearch-dev-kinesis-consumer - s3-key: indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_infrastructure_apply_dev - - - build_lambda: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_corpus-indexing_build_lambda_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: user-list-search-corpus-indexing - sentry_project_name: user-list-search - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-userlistsearch-dev-kinesis-consumer - s3-key: corpus-indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_infrastructure_apply_dev - - - build_lambda: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_corpus-parser-hydration_build_lambda_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - scope: user-list-search-corpus-parser-hydration - sentry_project_name: user-list-search - sentry_env: development - sentry_org: pocket - s3-bucket: pocket-userlistsearch-dev-kinesis-consumer - s3-key: corpus-parser-hydration-$CIRCLE_SHA1.zip - requires: - - user-list-search_infrastructure_apply_dev - - - code_deploy_ecs: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_code_deploy_ecs_dev - resource-class: pocket/default-dev - requires: - - user-list-search_build_docker_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_events_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: UserListSearch-Dev-EventHandler - codedeploy-group-name: UserListSearch-Dev-EventHandler - function-name: UserListSearch-Dev-EventHandler - s3-bucket: pocket-userlistsearch-dev-kinesis-consumer - s3-key: events-$CIRCLE_SHA1.zip - requires: - - user-list-search_events_build_lambda_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_kinesis_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: UserListSearch-Dev-UnifiedEventsConsumer - codedeploy-group-name: UserListSearch-Dev-UnifiedEventsConsumer - function-name: UserListSearch-Dev-UnifiedEventsConsumer - s3-bucket: pocket-userlistsearch-dev-kinesis-consumer - s3-key: kinesis-$CIRCLE_SHA1.zip - requires: - - user-list-search_kinesis_build_lambda_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_item-update_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: UserListSearch-Dev-ItemUpdate - codedeploy-group-name: UserListSearch-Dev-ItemUpdate - function-name: UserListSearch-Dev-ItemUpdate - s3-bucket: pocket-userlistsearch-dev-kinesis-consumer - s3-key: indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_indexing_build_lambda_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_item-delete_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: UserListSearch-Dev-ItemDelete - codedeploy-group-name: UserListSearch-Dev-ItemDelete - function-name: UserListSearch-Dev-ItemDelete - s3-bucket: pocket-userlistsearch-dev-kinesis-consumer - s3-key: indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_indexing_build_lambda_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_item-update-backfill_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: UserListSearch-Dev-ItemUpdateBackfill - codedeploy-group-name: UserListSearch-Dev-ItemUpdateBackfill - function-name: UserListSearch-Dev-ItemUpdateBackfill - s3-bucket: pocket-userlistsearch-dev-kinesis-consumer - s3-key: indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_indexing_build_lambda_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_user-list-import_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: UserListSearch-Dev-UserListImport - codedeploy-group-name: UserListSearch-Dev-UserListImport - function-name: UserListSearch-Dev-UserListImport - s3-bucket: pocket-userlistsearch-dev-kinesis-consumer - s3-key: indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_indexing_build_lambda_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_user-list-import-backfill_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: UserListSearch-Dev-UserListImportBackfill - codedeploy-group-name: UserListSearch-Dev-UserListImportBackfill - function-name: UserListSearch-Dev-UserListImportBackfill - s3-bucket: pocket-userlistsearch-dev-kinesis-consumer - s3-key: indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_indexing_build_lambda_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_corpus-indexing_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: UserListSearch-Dev-CorpusIndexer - codedeploy-group-name: UserListSearch-Dev-CorpusIndexer - function-name: UserListSearch-Dev-CorpusIndexer - s3-bucket: pocket-userlistsearch-dev-kinesis-consumer - s3-key: corpus-indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_corpus-indexing_build_lambda_dev - - - code_deploy_lambda: - <<: *only_dev - context: pocket - for: user_list_search - name: user-list-search_corpus-parser-hydration_code_deploy_lambda_dev - resource-class: pocket/default-dev - codedeploy-app-name: UserListSearch-Dev-CorpusParserHydrator - codedeploy-group-name: UserListSearch-Dev-CorpusParserHydrator - function-name: UserListSearch-Dev-CorpusParserHydrator - s3-bucket: pocket-userlistsearch-dev-kinesis-consumer - s3-key: corpus-parser-hydration-$CIRCLE_SHA1.zip - requires: - - user-list-search_corpus-parser-hydration_build_lambda_dev - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: user-list-search_sentry-release-notification-dev - context: pocket - for: user_list_search - sentry_project_name: user-list-search - sentry_env: development - sentry_org: pocket - requires: - - user-list-search_code_deploy_ecs_dev - - user-list-search_events_code_deploy_lambda_dev - - user-list-search_kinesis_code_deploy_lambda_dev - - user-list-search_item-update_code_deploy_lambda_dev - - user-list-search_item-delete_code_deploy_lambda_dev - - user-list-search_item-update-backfill_code_deploy_lambda_dev - - user-list-search_user-list-import_code_deploy_lambda_dev - - user-list-search_user-list-import-backfill_code_deploy_lambda_dev - - user-list-search_corpus-indexing_code_deploy_lambda_dev - - user-list-search_corpus-parser-hydration_code_deploy_lambda_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_infrastructure_apply_prod - scope: user-list-search-cdk - stack-output-path: infrastructure/user-list-search - resource-class: pocket/default-prod - apply: true - dev: false - uses_raw_hcl: true - - # Build & Deploy the Prod Docker Image - - build_image: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_build_docker_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - repo-name: userlistsearch-prod - ecr-url: 996905175585.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=user-list-search --build-arg APP_PATH=servers/user-list-search --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=user-list-search --build-arg PORT=4000 - requires: - - user-list-search_infrastructure_apply_prod - - - build_lambda: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_events_build_lambda_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - scope: user-list-search-events - sentry_project_name: user-list-search - sentry_env: production - sentry_org: pocket - s3-bucket: pocket-userlistsearch-prod-kinesis-consumer - s3-key: events-$CIRCLE_SHA1.zip - requires: - - user-list-search_infrastructure_apply_prod - - - build_lambda: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_kinesis_build_lambda_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - scope: user-list-search-kinesis-to-sqs - sentry_project_name: user-list-search - sentry_env: production - sentry_org: pocket - s3-bucket: pocket-userlistsearch-prod-kinesis-consumer - s3-key: kinesis-$CIRCLE_SHA1.zip - requires: - - user-list-search_infrastructure_apply_prod - - - build_lambda: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_indexing_build_lambda_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - scope: user-list-search-indexing - sentry_project_name: user-list-search - sentry_env: production - sentry_org: pocket - s3-bucket: pocket-userlistsearch-prod-kinesis-consumer - s3-key: indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_infrastructure_apply_prod - - - - build_lambda: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_corpus-indexing_build_lambda_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - scope: user-list-search-corpus-indexing - sentry_project_name: user-list-search - sentry_env: production - sentry_org: pocket - s3-bucket: pocket-userlistsearch-prod-kinesis-consumer - s3-key: corpus-indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_infrastructure_apply_prod - - - build_lambda: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_corpus-parser-hydration_build_lambda_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - scope: user-list-search-corpus-parser-hydration - sentry_project_name: user-list-search - sentry_env: production - sentry_org: pocket - s3-bucket: pocket-userlistsearch-prod-kinesis-consumer - s3-key: corpus-parser-hydration-$CIRCLE_SHA1.zip - requires: - - user-list-search_infrastructure_apply_prod - - - code_deploy_ecs: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_code_deploy_ecs_prod - resource-class: pocket/default-prod - requires: - - user-list-search_build_docker_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_events_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: UserListSearch-Prod-EventHandler - codedeploy-group-name: UserListSearch-Prod-EventHandler - function-name: UserListSearch-Prod-EventHandler - s3-bucket: pocket-userlistsearch-prod-kinesis-consumer - s3-key: events-$CIRCLE_SHA1.zip - requires: - - user-list-search_events_build_lambda_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_kinesis_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: UserListSearch-Prod-UnifiedEventsConsumer - codedeploy-group-name: UserListSearch-Prod-UnifiedEventsConsumer - function-name: UserListSearch-Prod-UnifiedEventsConsumer - s3-bucket: pocket-userlistsearch-prod-kinesis-consumer - s3-key: kinesis-$CIRCLE_SHA1.zip - requires: - - user-list-search_kinesis_build_lambda_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_item-update_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: UserListSearch-Prod-ItemUpdate - codedeploy-group-name: UserListSearch-Prod-ItemUpdate - function-name: UserListSearch-Prod-ItemUpdate - s3-bucket: pocket-userlistsearch-prod-kinesis-consumer - s3-key: indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_indexing_build_lambda_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_item-delete_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: UserListSearch-Prod-ItemDelete - codedeploy-group-name: UserListSearch-Prod-ItemDelete - function-name: UserListSearch-Prod-ItemDelete - s3-bucket: pocket-userlistsearch-prod-kinesis-consumer - s3-key: indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_indexing_build_lambda_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_item-update-backfill_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: UserListSearch-Prod-ItemUpdateBackfill - codedeploy-group-name: UserListSearch-Prod-ItemUpdateBackfill - function-name: UserListSearch-Prod-ItemUpdateBackfill - s3-bucket: pocket-userlistsearch-prod-kinesis-consumer - s3-key: indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_indexing_build_lambda_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_user-list-import_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: UserListSearch-Prod-UserListImport - codedeploy-group-name: UserListSearch-Prod-UserListImport - function-name: UserListSearch-Prod-UserListImport - s3-bucket: pocket-userlistsearch-prod-kinesis-consumer - s3-key: indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_indexing_build_lambda_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_user-list-import-backfill_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: UserListSearch-Prod-UserListImportBackfill - codedeploy-group-name: UserListSearch-Prod-UserListImportBackfill - function-name: UserListSearch-Prod-UserListImportBackfill - s3-bucket: pocket-userlistsearch-prod-kinesis-consumer - s3-key: indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_indexing_build_lambda_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_corpus-indexing_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: UserListSearch-Prod-CorpusIndexer - codedeploy-group-name: UserListSearch-Prod-CorpusIndexer - function-name: UserListSearch-Prod-CorpusIndexer - s3-bucket: pocket-userlistsearch-prod-kinesis-consumer - s3-key: corpus-indexing-$CIRCLE_SHA1.zip - requires: - - user-list-search_corpus-indexing_build_lambda_prod - - - code_deploy_lambda: - <<: *only_main - context: pocket - for: user_list_search - name: user-list-search_corpus-parser-hydration_code_deploy_lambda_prod - resource-class: pocket/default-prod - codedeploy-app-name: UserListSearch-Prod-CorpusParserHydrator - codedeploy-group-name: UserListSearch-Prod-CorpusParserHydrator - function-name: UserListSearch-Prod-CorpusParserHydrator - s3-bucket: pocket-userlistsearch-prod-kinesis-consumer - s3-key: corpus-parser-hydration-$CIRCLE_SHA1.zip - requires: - - user-list-search_corpus-parser-hydration_build_lambda_prod - - # Notify sentry of main deployment - - sentry_release_notification: - <<: *only_main - name: user-list-search_sentry-release-notification-prod - context: pocket - for: user_list_search - sentry_project_name: user-list-search - sentry_env: production - sentry_org: pocket - requires: - - user-list-search_code_deploy_ecs_prod - - user-list-search_events_code_deploy_lambda_prod - - user-list-search_kinesis_code_deploy_lambda_prod - - user-list-search_item-update_code_deploy_lambda_prod - - user-list-search_item-delete_code_deploy_lambda_prod - - user-list-search_item-update-backfill_code_deploy_lambda_prod - - user-list-search_user-list-import_code_deploy_lambda_prod - - user-list-search_user-list-import-backfill_code_deploy_lambda_prod - - user-list-search_corpus-indexing_code_deploy_lambda_prod - - user-list-search_corpus-parser-hydration_code_deploy_lambda_prod diff --git a/.circleci/v3-proxy-api.yml b/.circleci/v3-proxy-api.yml deleted file mode 100644 index e7e69ab97..000000000 --- a/.circleci/v3-proxy-api.yml +++ /dev/null @@ -1,142 +0,0 @@ - -workflows: - v3-proxy-api: - jobs: - - ###### - # Every PR Jobs - ###### - - test_integrations: - <<: *not_dev_main - for: v3_proxy_api - context: pocket - name: v3-proxy-api_test_integrations - scope: v3-proxy-api - - # Try building the ECS docker image on each branch - - build_image: - <<: *not_dev_main - context: pocket - for: v3_proxy_api - name: v3-proxy-api_build_docker - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: v3proxyapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: false - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=v3-proxy-api --build-arg APP_PATH=servers/v3-proxy-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=v3-proxy-api --build-arg PORT=4030 - - - infrastructure: - <<: *not_dev_main - context: pocket - for: v3_proxy_api - name: v3-proxy-api_infrastructure_plan_prod - scope: v3-proxy-api-cdk - stack-output-path: infrastructure/v3-proxy-api/cdktf.out/stacks/v3-proxy-api - resource-class: pocket/default-prod - dev: false - apply: false - - ###### - # Dev Branch Deployment (Dev Environment) - ###### - - - infrastructure: - <<: *only_dev - context: pocket - for: v3_proxy_api - name: v3-proxy-api_infrastructure_apply_dev - scope: v3-proxy-api-cdk - stack-output-path: infrastructure/v3-proxy-api/cdktf.out/stacks/v3-proxy-api - resource-class: pocket/default-dev - apply: true - dev: true - - # Build & Deploy the Dev Docker Image - - build_image: - <<: *only_dev - context: pocket - for: v3_proxy_api - name: v3-proxy-api_build_docker_dev - aws-access-key-id: Dev_AWS_ACCESS_KEY - aws-secret-access-key: Dev_AWS_SECRET_ACCESS_KEY - aws-region: Dev_AWS_DEFAULT_REGION - repo-name: v3proxyapi-dev-app - ecr-url: 410318598490.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=v3-proxy-api --build-arg APP_PATH=servers/v3-proxy-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=v3-proxy-api --build-arg PORT=4030 - requires: - - v3-proxy-api_infrastructure_apply_dev - - - code_deploy_ecs: - <<: *only_dev - context: pocket - for: v3_proxy_api - name: v3-proxy-api_code_deploy_ecs_dev - resource-class: pocket/default-dev - requires: - - v3-proxy-api_build_docker_dev - - # Notify sentry of dev deployment - - sentry_release_notification: - <<: *only_dev - name: v3-proxy-api_sentry-release-notification-dev - context: pocket - for: v3_proxy_api - sentry_project_name: v3-proxy-api - sentry_env: development - sentry_org: pocket - requires: - - v3-proxy-api_code_deploy_ecs_dev - - ###### - # Main Branch Deployment (Prod Environment) - ###### - - infrastructure: - <<: *only_main - context: pocket - for: v3_proxy_api - name: v3-proxy-api_infrastructure_apply_prod - scope: v3-proxy-api-cdk - stack-output-path: infrastructure/v3-proxy-api/cdktf.out/stacks/v3-proxy-api - resource-class: pocket/default-prod - apply: true - dev: false - - # Build & Deploy the Prod Docker Image - - build_image: - <<: *only_main - context: pocket - for: v3_proxy_api - name: v3-proxy-api_build_docker_prod - aws-access-key-id: Prod_AWS_ACCESS_KEY - aws-secret-access-key: Prod_AWS_SECRET_ACCESS_KEY - aws-region: Prod_AWS_DEFAULT_REGION - repo-name: v3proxyapi-prod-app - ecr-url: 996905175585.dkr.ecr.us-east-1.amazonaws.com - push: true - extra-build-args: --build-arg GIT_SHA=${CIRCLE_SHA1} --build-arg SCOPE=v3-proxy-api --build-arg APP_PATH=servers/v3-proxy-api --build-arg SENTRY_AUTH_TOKEN=${SENTRY_BEARER} --build-arg SENTRY_ORG=pocket --build-arg SENTRY_PROJECT=v3-proxy-api --build-arg PORT=4030 - requires: - - v3-proxy-api_infrastructure_apply_prod - - - code_deploy_ecs: - <<: *only_main - context: pocket - for: v3_proxy_api - name: v3-proxy-api_code_deploy_ecs_prod - resource-class: pocket/default-prod - requires: - - v3-proxy-api_build_docker_prod - - # Notify sentry of main deployment - - sentry_release_notification: - <<: *only_main - name: v3-proxy-api_sentry-release-notification-prod - context: pocket - for: v3_proxy_api - sentry_project_name: v3-proxy-api - sentry_env: production - sentry_org: pocket - requires: - - v3-proxy-api_code_deploy_ecs_prod diff --git a/.github/actions/build-lambda/action.yml b/.github/actions/build-lambda/action.yml new file mode 100644 index 000000000..399c7ad39 --- /dev/null +++ b/.github/actions/build-lambda/action.yml @@ -0,0 +1,86 @@ +name: 'Re-usable Lambda Build and Upload Flow' +description: 'Used to setup and build a docker image' +inputs: + scope: + description: 'Turbo Repo scope to run the build for' + required: true + sentry-org: + description: 'The org name used in sentry. Used to upload source maps' + required: false + default: pocket + sentry-project: + description: 'The project name used in sentry. Used to upload source maps' + required: false + default: '' + sentry-token: + description: 'The token used for sentry. Used to upload source maps' + required: true + s3-bucket: + description: 'The s3 bucket to upload to' + required: false + default: '' + s3-key: + description: 'The s3 bucket key to upload to' + required: false + default: '' +runs: + using: 'composite' + steps: + - name: Install pnpm & node + uses: pocket/pocket-monorepo/.github/actions/install-pnpm-and-node@main + with: + scope: ${{ inputs['scope'] }} + # Theres a really annoying bug in PNPM deploy command that will try and create a folder at /home/pruned which we are not allowed to do, + # so we move it under 1 directory to let it do its thing. + # https://github.com/pnpm/pnpm/issues/5086 + - name: Build lambda + shell: bash + run: | + pnpm run build --filter=${{inputs.scope}}... + mkdir -p ~/bug/project + cp -R . ~/bug/project/ + cd ~/bug/project/ + pnpm deploy --filter=${{inputs.scope}} --prod pruned + - name: Upload Sentry Source maps + if: inputs.sentry-project != '' + shell: bash + run: | + cd ~/bug/project/ + pnpx @sentry/cli sourcemaps inject pruned/dist + pnpx @sentry/cli sourcemaps upload pruned/dist --release ${{ github.sha }} --auth-token ${{ inputs.sentry-token }} --org ${{ inputs.sentry-org }} --project ${{ inputs.sentry-project }} + - name: Package Lambda + shell: bash + run: | + cd ~/bug/project/pruned + cp -r package.json dist/ + cp -r node_modules/ dist/node_modules/ + + cd dist + zip --symlinks -r9 ~/${{ github.sha }}.zip . + cd .. + maxFileSize=256000 # Get the size of the directory in kilobytes + export dirSize=$(du -s dist | cut -f1) + echo "Size is: $dirSize" + if ((dirSize > maxFileSize)); then + echo "Directory size is equal to or larger than $maxFileSize KB. which is the lambda limit" + exit 1 + fi + - name: Upload to S3 + if: inputs.s3-bucket != '' + shell: bash + run: | + s3Key="${{inputs.s3-key}}" + if [[ -z $s3Key ]]; then + s3Key="${{ github.sha }}.zip" + fi + aws s3 cp ~/${{ github.sha }}.zip s3://${{inputs.s3-bucket}}/${s3Key} + - uses: actions/upload-artifact@v4 + if: inputs.s3-key == '' + with: + name: ${{inputs.scope}} + path: ~/${{ github.sha }}.zip + - uses: actions/upload-artifact@v4 + if: inputs.s3-key != '' + with: + name: ${{ inputs.s3-key }} + path: ~/${{ github.sha }}.zip \ No newline at end of file diff --git a/.github/actions/cdktf/action.yml b/.github/actions/cdktf/action.yml new file mode 100644 index 000000000..52c6fb973 --- /dev/null +++ b/.github/actions/cdktf/action.yml @@ -0,0 +1,95 @@ +name: 'Execute CDKTF' +description: 'Builds and either plans or applies a CDKTF environment' +inputs: + scope: + description: 'Turbo Repo scope to run the build for' + required: true + stack-output-path: + description: 'The path where CDKTF outputs the terraform json' + required: true + environment: + description: 'The node environment to build for' + required: true + default: 'development' + behavior: + description: The behavior that Terraform should use, either plan or apply + required: true + pagerduty-token: + description: Pagerduty Token to use in terraform + required: true + terraform-token: + description: Terraform Token to use in terraform + required: true + github-token: + description: Github Token to use for terraform comment + required: true + +runs: + using: 'composite' + steps: + - name: Install tfenv + shell: bash + run: | + git clone --depth=1 https://github.com/tfutils/tfenv.git ~/.tfenv + echo "PATH=$HOME/.tfenv/bin:$PATH" >> $GITHUB_ENV + + # Setup Terraform Comment + - uses: shmokmt/actions-setup-tfcmt@v2 + + # Let's tell github actions we want to cache all the terraform verisons we install. + # We do this to speed up terraform installing, as the cache will cache the terraform versions we download. + - name: Cache tfenv installations + uses: actions/cache@v4 + with: + path: | + ~/.tfenv/versions + key: ${{ runner.os }}-tfenv-${{ hashFiles('**/.terraform-version') }} + restore-keys: | + ${{ runner.os }}-tfenv- + + - name: Install pnpm & node + uses: pocket/pocket-monorepo/.github/actions/install-pnpm-and-node@main + with: + scope: ${{ inputs['scope'] }} + + - name: Build CDKTF + shell: bash + run: | + export NODE_ENV=${{ inputs['environment'] }} + pnpm run synth --filter=${{ inputs['scope'] }}... + + - name: Init Terraform + shell: bash + run: | + cd ${{ inputs['stack-output-path'] }} + tfenv install + tfenv use + terraform init + - name: Save off terraform token + shell: bash + env: + TERRAFORM_TOKEN: ${{ inputs.terraform-token }} + run: | + rc="credentials \"app.terraform.io\" { " + rc="${rc} token=\"$TERRAFORM_TOKEN\" " + rc="${rc}}" + echo "$rc" > ~/.terraformrc + + # Once TFCMT supports no change applies, change terraform apply to + # tfcmt --var target:${{ inputs.scope }}-${{ inputs.environment }} apply -- terraform apply -auto-approve -lock-timeout=10m + # https://github.com/suzuki-shunsuke/tfcmt/issues/1184 + - name: Plan/Apply CDKTF + shell: bash + env: + TERRAFORM_TOKEN: ${{ inputs.pagerduty-token }} + GITHUB_TOKEN: ${{ inputs.github-token }} + PAGERDUTY_TOKEN: ${{ inputs.pagerduty-token }} + run: | + cd ${{ inputs.stack-output-path }} + if [ "${{ inputs.behavior }}" = "apply" ]; then + echo "Apply behavior specified, applying terraform configuration in ${{ inputs.environment }}." + terraform apply --auto-approve + else + echo "Plan behavior specified, planning terraform configuration in ${{ inputs.environment }}." + tfcmt --var target:${{ inputs.scope }}-${{ inputs.environment }} plan --skip-no-changes --patch -- terraform plan -lock-timeout=10m + fi diff --git a/.github/actions/containerize/action.yml b/.github/actions/containerize/action.yml new file mode 100644 index 000000000..52a2ff08b --- /dev/null +++ b/.github/actions/containerize/action.yml @@ -0,0 +1,88 @@ +name: 'Re-usable Docker Build Flow' +description: 'Used to setup and build a docker image' +inputs: + scope: + description: 'Turbo Repo scope to run the build for' + required: true + docker-repo-name: + description: 'Docker name of the repo .dkr.ecr.us-east-1.amazonaws.com/' + required: true + app-path: + description: 'The path of where the application is located in the monorepo ie servers/' + required: true + context: + description: 'The path of where to build from' + required: true + default: '.' + app-port: + description: 'The port the application runs on ie 4006' + required: true + sentry-org: + description: 'The org name used in sentry. Used to upload source maps' + required: false + default: pocket + sentry-project: + description: 'The project name used in sentry. Used to upload source maps' + required: true + sentry-token: + description: 'The token used for sentry. Used to upload source maps' + required: true + push: + description: Whether or not to push the image + required: true + default: 'false' + dockerhub-username: + description: Docker hub username + required: true + dockerhub-token: + description: Dockerhub Token + required: true + +outputs: + docker-image-name: + description: The full name with registry of the built docker image + value: ${{ steps.get-build-name.outputs.docker-image-name }} + +runs: + using: 'composite' + steps: + # can be useful if you want to add emulation support with QEMU to be able to build against more platforms. + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + # action will create and boot a builder using by default the docker-container driver. + # This is not required but recommended using it to be able to build multi-platform images, export cache, etc. + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ inputs.dockerhub-username }} + password: ${{ inputs.dockerhub-token }} + + - name: Login to Amazon ECR + if: inputs.push == 'true' + uses: aws-actions/amazon-ecr-login@v2 + + - name: Build docker image + id: docker-build-push + uses: docker/build-push-action@v6 + with: + push: ${{inputs.push}} + tags: ${{inputs.docker-repo-name}}:${{ github.sha }} + context: ${{ inputs.context }} + build-args: | + GIT_SHA=${{ github.sha }} + SCOPE=${{inputs.scope}} + APP_PATH=${{inputs.app-path}} + SENTRY_ORG=${{inputs.sentry-org}} + SENTRY_PROJECT=${{inputs.sentry-project}} + PORT=${{inputs.app-port}} + secrets: | + sentry_token=${{ inputs.sentry-token }} + - name: Output Build Name + id: get-build-name + shell: bash + run: | + echo "docker-image-name=${{inputs.docker-repo-name}}:${{ github.sha }}" >> $GITHUB_OUTPUT \ No newline at end of file diff --git a/.github/actions/ecs-codedeploy/action.yml b/.github/actions/ecs-codedeploy/action.yml new file mode 100644 index 000000000..7123363ee --- /dev/null +++ b/.github/actions/ecs-codedeploy/action.yml @@ -0,0 +1,102 @@ +name: 'Re-usable ECS Codedeploy Flow' +description: 'Used to code deploy a docker image' +inputs: + terraform-output: + description: 'Output from Terraform in previous step used to get the ECS Service, Task Defintion' + required: true + docker-image-name: + required: true + description: Docker path/name of the image to deploy + name: + required: true + description: The name of the service to use with Github Deployments + +runs: + using: 'composite' + steps: + - name: Render Amazon ECS task definition + id: task-def + uses: aws-actions/amazon-ecs-render-task-definition@v1 + with: + task-definition-family: ${{ fromJSON(inputs.terraform-output).ecs-task-family.value }} + container-name: ${{ fromJSON(inputs.terraform-output).ecs-task-containerName.value }} + image: ${{ inputs.docker-image-name }} + - name: Render Amazon ECS App Spec + shell: bash + run: | + cat <> appspec.json + { + "version": 0.0, + "Resources": [ + { + "TargetService": { + "Type": "AWS::ECS::Service", + "Properties": { + "TaskDefinition": "", + "LoadBalancerInfo": { + "ContainerName": "${{ fromJSON(inputs.terraform-output).ecs-task-containerName.value }}", + "ContainerPort": ${{ fromJSON(inputs.terraform-output).ecs-task-containerPort.value }} + } + } + } + } + ] + } + EOT + # Create the Deployment within Github for Status Monitoring + - uses: chrnorm/deployment-action@v2 + name: Create GitHub deployment + id: deployment + with: + token: ${{ github.token }} + environment-url: https://${{ fromJSON(inputs.terraform-output).ecs-application-url.value }} + environment: ${{ inputs.name }}${{ github.ref == 'refs/heads/dev' && '-dev' }} + transient-environment: ${{ github.ref == 'refs/heads/main' && 'false' || 'true' }} + production-environment: ${{ github.ref == 'refs/heads/main' && 'true' || 'false' }} + initial-status: pending + + # Trigger CodeDeploy to start deploying + - name: Deploy to Amazon ECS + id: deploy-ecs + uses: aws-actions/amazon-ecs-deploy-task-definition@v2 + with: + task-definition: ${{ steps.task-def.outputs.task-definition }} + service: ${{ fromJSON(inputs.terraform-output).ecs-serviceName.value }} + cluster: ${{ fromJSON(inputs.terraform-output).ecs-clusterName.value }} + wait-for-service-stability: false + codedeploy-appspec: appspec.json + codedeploy-application: ${{ fromJSON(inputs.terraform-output).ecs-codedeploy-app.value }} + codedeploy-deployment-group: ${{ fromJSON(inputs.terraform-output).ecs-codedeploy-group.value }} + + # Now that we have our Deployment ID, lets use it to add the logs to the Github Deployment + - name: Add logs to deployment status + uses: chrnorm/deployment-status@v2 + with: + token: ${{ github.token }} + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + state: 'in_progress' + ## NOTE: Hard coded to us-east 1 for now. + log-url: https://console.aws.amazon.com/codesuite/codedeploy/deployments/${{ steps.deploy-ecs.outputs.codedeploy-deployment-id }}?region=us-east-1 + + # Now lets Wait for ECS Blue/Green Deployment, so we can report on the status to Github after + # TODO: Discuss with @kschelonka if we want to have CI wait for codedeploy to finish, and if so should it still be 5 minute termination??? + # - name: Wait for blue instances to be ready + # uses: geekcell/github-action-aws-codedeploy-wait@v1.0.0 + # with: + # codedeploy-deployment-id: ${{ steps.deploy-ecs.outputs.codedeploy-deployment-id }} + + - name: Update deployment status (success) + if: success() + uses: chrnorm/deployment-status@v2 + with: + token: ${{ github.token }} + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + state: 'success' + + - name: Update deployment status (failure) + if: failure() + uses: chrnorm/deployment-status@v2 + with: + token: ${{ github.token }} + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + state: 'failure' \ No newline at end of file diff --git a/.github/actions/install-pnpm-and-node/action.yml b/.github/actions/install-pnpm-and-node/action.yml new file mode 100644 index 000000000..de239a555 --- /dev/null +++ b/.github/actions/install-pnpm-and-node/action.yml @@ -0,0 +1,33 @@ +name: 'Checkout & Install pnpm and node' +description: 'Install dependencies using pnpm' +inputs: + scope: + description: 'Package scope to use from turbo repo' + default: '' # Empty string as default value + required: false + +runs: + using: 'composite' + steps: + - uses: pnpm/action-setup@v4 + name: Install pnpm + with: + # Don't specify a pnpm version, to use the one defined in the top level package.json + run_install: false + - name: Install Node.js + uses: actions/setup-node@v4 + with: + # Use .nvmrc to determine our Node Version + node-version-file: '.nvmrc' + cache: 'pnpm' + + - name: Install dependencies + shell: bash + run: | + if [ -z "${{ inputs.scope }}" ]; then + echo "No scope provided. Using default behavior." + pnpm install --frozen-lockfile + else + echo "Scope provided: ${{ inputs.scope }}, only installing packages needed for it." + pnpm install --filter=${{inputs.scope}}... --frozen-lockfile + fi \ No newline at end of file diff --git a/.github/actions/lambda-codedeploy/action.yml b/.github/actions/lambda-codedeploy/action.yml new file mode 100644 index 000000000..503ece99e --- /dev/null +++ b/.github/actions/lambda-codedeploy/action.yml @@ -0,0 +1,67 @@ +name: 'Re-usable Lambda Codedeploy Flow' +description: 'Used to code deploy a lambda' +inputs: + codedeploy-app-name: + description: CodeDeploy app name + required: true + codedeploy-group-name: + description: CodeDeploy group name + required: true + function-name: + description: The name of the Lambda Function to deploy to + required: true + s3-bucket: + description: The name of the bucket to deploy from + required: true + s3-key: + description: The name of the s3 key that contains the code to deploy + default: "" + required: false + function-alias: + description: The name of the lambda alias to use + required: false + default: DEPLOYED + +runs: + using: 'composite' + steps: + - name: Codedeploy AWS Lambda + shell: bash + run: | + aws lambda wait function-updated --function-name '${{ inputs.function-name }}' + + s3Key="${{ inputs.s3-key }}" + if [[ -z $s3Key ]]; then + s3Key="${{ github.sha }}.zip" + fi + + aws lambda update-function-code \ + --function-name '${{ inputs.function-name }}' \ + --s3-bucket '${{ inputs.s3-bucket }}' \ + --s3-key "$s3Key" + + aws lambda wait function-updated --function-name '${{ inputs.function-name }}' + + NEW_ENVVARS=$(aws lambda get-function-configuration --function-name '${{ inputs.function-name }}' --query "Environment.Variables | merge(@, \`{\"GIT_SHA\":\"${{ github.sha }}\"}\`)") + aws lambda update-function-configuration --function-name '${{ inputs.function-name }}' --environment "{ \"Variables\": $NEW_ENVVARS }" + aws lambda wait function-updated --function-name '${{ inputs.function-name }}' + + versionId=$(aws lambda publish-version \ + --function-name '${{ inputs.function-name }}' | jq -r .Version) + + currentVersion=$(aws lambda get-alias \ + --function-name '${{ inputs.function-name }}' \ + --name DEPLOYED | jq -r .FunctionVersion) + + app_spec_content_string="{'version':0.0,'Resources':[{'${{ inputs.function-name }}':{'Type':'AWS::Lambda::Function','Properties':{'Name':'${{ inputs.function-name }}','Alias':'${{ inputs.function-alias }}','TargetVersion':'$versionId', 'CurrentVersion': '$currentVersion'}}}]}" + echo "$app_spec_content_string" + app_spec_content_sha256=$(echo -n "$app_spec_content_string" | shasum -a 256 | sed 's/ .*$//') + revision="revisionType=AppSpecContent,appSpecContent={content=\"$app_spec_content_string\",sha256=$app_spec_content_sha256}" + + aws lambda wait function-updated --function-name '${{ inputs.function-name }}' + + aws deploy create-deployment \ + --application-name="${{ inputs.codedeploy-app-name }}" \ + --deployment-group-name="${{ inputs.codedeploy-group-name }}" \ + --description="Triggered build ${{ github.sha }} from Github Actions" \ + --revision="$revision" \ No newline at end of file diff --git a/.github/actions/raw-terraform/action.yml b/.github/actions/raw-terraform/action.yml new file mode 100644 index 000000000..a69aea5ee --- /dev/null +++ b/.github/actions/raw-terraform/action.yml @@ -0,0 +1,96 @@ +name: 'Execute Raw Terraform' +description: 'Builds and either plans or applies a terraform environment' +inputs: + scope: + description: 'Turbo Repo scope to run the build for' + required: true + stack-output-path: + description: 'The path where CDKTF outputs the terraform json' + required: true + environment: + description: 'The node environment to build for' + required: true + default: 'development' + behavior: + description: The behavior that Terraform should use, either plan or apply + required: true + pagerduty-token: + description: Pagerduty Token to use in terraform + required: true + terraform-token: + description: Terraform Token to use in terraform + required: true + github-token: + description: Github Token to use for terraform comment + required: true + +runs: + using: 'composite' + steps: + - name: Install tfenv + shell: bash + run: | + git clone --depth=1 https://github.com/tfutils/tfenv.git ~/.tfenv + echo "PATH=$HOME/.tfenv/bin:$PATH" >> $GITHUB_ENV + + # Setup Terraform Comment + - uses: shmokmt/actions-setup-tfcmt@v2 + + # Let's tell github actions we want to cache all the terraform verisons we install. + # We do this to speed up terraform installing, as the cache will cache the terraform versions we download. + - name: Cache tfenv installations + uses: actions/cache@v4 + with: + path: | + ~/.tfenv/versions + key: ${{ runner.os }}-tfenv-${{ hashFiles('**/.terraform-version') }} + restore-keys: | + ${{ runner.os }}-tfenv- + + - name: Copy Terraform Vars + shell: bash + run: | + cd ${{ inputs.stack-output-path }} + if [ "${{ inputs.environment }}" = "development" ]; then + echo "Development environment specified, copying development tf vars" + cp dev_backend.tfvars backend.tf + else + echo "Production environment specified, copying production tf vars" + cp prod_backend.tfvars backend.tf + fi + + - name: Init Terraform + shell: bash + run: | + cd ${{ inputs['stack-output-path'] }} + tfenv install + tfenv use + terraform init + - name: Save off terraform token + shell: bash + env: + TERRAFORM_TOKEN: ${{ inputs.terraform-token }} + run: | + rc="credentials \"app.terraform.io\" { " + rc="${rc} token=\"$TERRAFORM_TOKEN\" " + rc="${rc}}" + echo "$rc" > ~/.terraformrc + + # Once TFCMT supports no change applies, change terraform apply to + # tfcmt --var target:${{ inputs.scope }}-${{ inputs.environment }} apply -- terraform apply -auto-approve -lock-timeout=10m + # https://github.com/suzuki-shunsuke/tfcmt/issues/1184 + - name: Plan/Apply CDKTF + shell: bash + env: + TERRAFORM_TOKEN: ${{ inputs.pagerduty-token }} + GITHUB_TOKEN: ${{ inputs.github-token }} + PAGERDUTY_TOKEN: ${{ inputs.pagerduty-token }} + run: | + cd ${{ inputs.stack-output-path }} + if [ "${{ inputs.behavior }}" = "apply" ]; then + echo "Apply behavior specified, applying terraform configuration in ${{ inputs.environment }}." + terraform apply --auto-approve + else + echo "Plan behavior specified, planning terraform configuration in ${{ inputs.environment }}." + tfcmt --var target:${{ inputs.scope }}-${{ inputs.environment }} plan --skip-no-changes --patch -- terraform plan -lock-timeout=10m + fi diff --git a/.github/workflows/README.md b/.github/workflows/README.md new file mode 100644 index 000000000..9b3b9ffe5 --- /dev/null +++ b/.github/workflows/README.md @@ -0,0 +1,19 @@ +## Workflows + +This repository consists of the following workflows: + +* `pull-request.yml` - Ran on every single Pull Request and performs basic checks of the whole repo like Linting and Unit Tests +* `status-checks.yml` - Triggered on completion of other workflows and is used as the singluar Github Required Status check, since Github does not support Requiring Workflows that are skipped based on path filtering. Note: IF you add a new workflow it must be added to this array to be part of the Github Checks +* `.yml` - A workflow represnting a singluar service in the monorepo. + +There are also the following re-usable workflows: + +* `build-and-push-image.yml` - Used to either build & push a docker image to production/development or to just build on pull request +* `test-integrations.yml` - Used to run tests of a service against the `docker-compose.yml` environment. + +And then there are composite Github Actions: + +* `containerize` - Used to build a microservice into a docker image from our monorepo +* `install-pnpm-and-node` - Used to install PNPM and Node, and dependencies based on our `.nvmrc` and pnpm version in `package.json` + +All of the re-usable workflows and actions can be used by other repositories in the Pocket organization. diff --git a/.github/workflows/account-data-deleter.yml b/.github/workflows/account-data-deleter.yml new file mode 100644 index 000000000..afec087a9 --- /dev/null +++ b/.github/workflows/account-data-deleter.yml @@ -0,0 +1,77 @@ +name: Account Data Deleter +on: + pull_request: + paths: + - 'infrastructure/account-data-deleter/**' + - 'packages/**' + - 'servers/account-data-deleter/**' + - 'lambdas/account-data-deleter-batch-delete/**' + - 'lambdas/account-data-deleter-events/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/account-data-deleter.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + test-integrations: + if: github.event_name == 'pull_request' + uses: ./.github/workflows/reuse-test-integrations.yml + with: + scope: account-data-deleter + secrets: inherit + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: account-data-deleter-cdk + stack-output-path: infrastructure/account-data-deleter/cdktf.out/stacks/account-data-deleter + secrets: inherit + + api: + uses: ./.github/workflows/reuse-build-and-push-image.yml + needs: [infrastructure] + with: + scope: account-data-deleter + app-path: servers/account-data-deleter + app-port: 4015 + sentry-project: account-data-deleter + docker-repo-name-pattern: accountdatadeleter-{0}-app + terraform-output: ${{needs.infrastructure.outputs.terraform-output}} + secrets: inherit + + events-lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: account-data-deleter-events + sentry-project: account-data-deleter + s3-bucket-pattern: pocket-accountdatadeleter-{0}-sqs-event-consumer + codedeploy-app-name-pattern: AccountDataDeleter-{0}-Sqs-Event-Consumer-Lambda + codedeploy-group-name-pattern: AccountDataDeleter-{0}-Sqs-Event-Consumer-Lambda + function-name-pattern: AccountDataDeleter-{0}-Sqs-Event-Consumer-Function + secrets: inherit + + batch-delete-lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: account-data-deleter-batch-delete + sentry-project: account-data-deleter + s3-bucket-pattern: pocket-accountdatadeleter-{0}-batchdeletelambda + codedeploy-app-name-pattern: AccountDataDeleter-{0}-BatchDeleteLambda-Lambda + codedeploy-group-name-pattern: AccountDataDeleter-{0}-BatchDeleteLambda-Lambda + function-name-pattern: AccountDataDeleter-{0}-BatchDeleteLambda-Function + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [api, events-lambda, batch-delete-lambda] + with: + sentry-project: account-data-deleter + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit diff --git a/.github/workflows/account-delete-monitor.yml b/.github/workflows/account-delete-monitor.yml new file mode 100644 index 000000000..bcf35b48d --- /dev/null +++ b/.github/workflows/account-delete-monitor.yml @@ -0,0 +1,53 @@ +name: Account Delete Monitor +on: + # Only run the tests for this service when any of the following file paths change + pull_request: + paths: + - 'infrastructure/account-delete-monitor/**' + - 'packages/**' + - 'lambdas/account-delete-monitor/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/account-delete-monitor.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + test-integrations: + if: github.event_name == 'pull_request' + uses: ./.github/workflows/reuse-test-integrations.yml + with: + scope: account-delete-monitor + secrets: inherit + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: account-delete-monitor-cdk + stack-output-path: infrastructure/account-delete-monitor/cdktf.out/stacks/account-delete-monitor + secrets: inherit + + + lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: account-delete-monitor + sentry-project: account-delete-monitor + s3-bucket-pattern: pocket-accountdeletemonitor-{0}-eventtracker + codedeploy-app-name-pattern: AccountDeleteMonitor-{0}-EventTracker-Lambda + codedeploy-group-name-pattern: AccountDeleteMonitor-{0}-EventTracker-Lambda + function-name-pattern: AccountDeleteMonitor-{0}-EventTracker-Function + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [lambda] + with: + sentry-project: account-delete-monitor + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit diff --git a/.github/workflows/annotations-api.yml b/.github/workflows/annotations-api.yml new file mode 100644 index 000000000..102903cf7 --- /dev/null +++ b/.github/workflows/annotations-api.yml @@ -0,0 +1,77 @@ +name: Annotations API +on: + # Only run the tests for this service when any of the following file paths change + pull_request: + paths: + - 'infrastructure/annotations-api/**' + - 'packages/**' + - 'servers/annotations-api/**' + - 'lambdas/annotations-api-events/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/annotations-api.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + test-integrations: + if: github.event_name == 'pull_request' + uses: ./.github/workflows/reuse-test-integrations.yml + with: + scope: annotations-api + secrets: inherit + + apollo: + uses: ./.github/workflows/reuse-apollo-federation.yml + with: + federated-graph-name: pocket-client-api + graph-name: annotations-api + schema-file-path: servers/annotations-api/dist/schema-generated.graphql + prod-graph-url: https://annotations-api.readitlater.com + dev-graph-url: https://annotations-api.getpocket.dev + scope: annotations-api + secrets: + apollo-key: ${{ secrets.APOLLO_CLIENT_API_KEY }} + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: annotations-api-cdk + stack-output-path: infrastructure/annotations-api/cdktf.out/stacks/annotations-api + secrets: inherit + + api: + uses: ./.github/workflows/reuse-build-and-push-image.yml + needs: [infrastructure] + with: + scope: annotations-api + app-path: servers/annotations-api + app-port: 4008 + sentry-project: annotations-api + docker-repo-name-pattern: annotationsapi-{0}-app + terraform-output: ${{needs.infrastructure.outputs.terraform-output}} + secrets: inherit + + events-lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: annotations-api-events-lambda + sentry-project: annotations-api + s3-bucket-pattern: pocket-annotationsapi-{0}-sqs-event-consumer + codedeploy-app-name-pattern: AnnotationsAPI-{0}-Sqs-Event-Consumer-Lambda + codedeploy-group-name-pattern: AnnotationsAPI-{0}-Sqs-Event-Consumer-Lambda + function-name-pattern: AnnotationsAPI-{0}-Sqs-Event-Consumer-Function + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [api, events-lambda] + with: + sentry-project: annotations-api + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit diff --git a/.github/workflows/braze.yml b/.github/workflows/braze.yml new file mode 100644 index 000000000..97a52194c --- /dev/null +++ b/.github/workflows/braze.yml @@ -0,0 +1,23 @@ +name: Braze +on: + pull_request: + paths: + - 'infrastructure/braze/**' + - 'packages/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/braze.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: braze-cdk + stack-output-path: infrastructure/braze/cdktf.out/stacks/braze + secrets: inherit diff --git a/.github/workflows/client-api.yml b/.github/workflows/client-api.yml new file mode 100644 index 000000000..e2f928648 --- /dev/null +++ b/.github/workflows/client-api.yml @@ -0,0 +1,35 @@ +name: Client API +on: + pull_request: + paths: + - 'infrastructure/client-api/**' + - 'packages/**' + - 'servers/client-api/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/client-api.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: client-api-cdk + stack-output-path: infrastructure/client-api/cdktf.out/stacks/client-api + secrets: inherit + + api: + uses: ./.github/workflows/reuse-build-and-push-image.yml + needs: [infrastructure] + with: + scope: client-api + docker-repo-name-pattern: clientapi-{0}-app + context: servers/client-api + app-path: servers/client-api + terraform-output: ${{needs.infrastructure.outputs.terraform-output}} + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/feature-flags.yml b/.github/workflows/feature-flags.yml new file mode 100644 index 000000000..3c4d11d63 --- /dev/null +++ b/.github/workflows/feature-flags.yml @@ -0,0 +1,55 @@ +name: Feature Flags +on: + pull_request: + paths: + - 'infrastructure/feature-flags/**' + - 'packages/**' + - 'servers/feature-flags/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/feature-flags.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + apollo: + uses: ./.github/workflows/reuse-apollo-federation.yml + with: + federated-graph-name: pocket-client-api + graph-name: featureflags + schema-file-path: servers/feature-flags/schema.graphql + prod-graph-url: https://featureflags.readitlater.com/graphql + dev-graph-url: https://featureflags.getpocket.dev/graphql + secrets: + apollo-key: ${{ secrets.APOLLO_CLIENT_API_KEY }} + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: feature-flags-cdk + stack-output-path: infrastructure/feature-flags/cdktf.out/stacks/feature-flags + secrets: inherit + + api: + uses: ./.github/workflows/reuse-build-and-push-image.yml + needs: [infrastructure] + with: + scope: feature-flags + app-path: servers/feature-flags + app-port: 4242 + sentry-project: feature-flags + docker-repo-name-pattern: featureflags-{0}-app + terraform-output: ${{needs.infrastructure.outputs.terraform-output}} + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [api] + with: + sentry-project: feature-flags + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/fxa-webhook-proxy.yml b/.github/workflows/fxa-webhook-proxy.yml new file mode 100644 index 000000000..02ee0215c --- /dev/null +++ b/.github/workflows/fxa-webhook-proxy.yml @@ -0,0 +1,59 @@ +name: FxA Webhook Proxy +on: + pull_request: + paths: + - 'infrastructure/fxa-webhook-proxy/**' + - 'packages/**' + - 'lambdas/fxa-webhook-proxy-gateway/**' + - 'lambdas/fxa-webhook-proxy-sqs/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/fxa-webhook-proxy.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: fxa-webhook-proxy-cdk + stack-output-path: infrastructure/fxa-webhook-proxy/cdktf.out/stacks/fxa-webhook-proxy + secrets: inherit + + sqs-lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: fxa-webhook-proxy-sqs + sentry-project: fxa-webhook-proxy + s3-bucket-pattern: pocket-fxawebhookproxy-{0}-sqs-fxa-events + codedeploy-app-name-pattern: FxAWebhookProxy-{0}-Sqs-FxA-Events-Lambda + codedeploy-group-name-pattern: FxAWebhookProxy-{0}-Sqs-FxA-Events-Lambda + function-name-pattern: FxAWebhookProxy-{0}-Sqs-FxA-Events-Function + secrets: inherit + + gateway-lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: fxa-webhook-proxy-gateway + sentry-project: fxa-webhook-proxy + s3-bucket-pattern: pocket-fxawebhookproxy-{0}-apigateway-fxa-events + codedeploy-app-name-pattern: FxAWebhookProxy-{0}-ApiGateway-FxA-Events-Lambda + codedeploy-group-name-pattern: FxAWebhookProxy-{0}-ApiGateway-FxA-Events-Lambda + function-name-pattern: FxAWebhookProxy-{0}-ApiGateway-FxA-Events-Function + secrets: inherit + + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [sqs-lambda, gateway-lambda] + with: + sentry-project: annotations-api + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit diff --git a/.github/workflows/image-api.yml b/.github/workflows/image-api.yml new file mode 100644 index 000000000..ef4284c3a --- /dev/null +++ b/.github/workflows/image-api.yml @@ -0,0 +1,73 @@ +name: Image API +on: + pull_request: + paths: + - 'infrastructure/image-api/**' + - 'packages/**' + - 'servers/image-api/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/image-api.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + test-integrations: + if: github.event_name == 'pull_request' + uses: ./.github/workflows/reuse-test-integrations.yml + with: + scope: image-api + secrets: inherit + + apollo: + uses: ./.github/workflows/reuse-apollo-federation.yml + with: + federated-graph-name: pocket-client-api + graph-name: image-api + schema-file-path: servers/image-api/schema.graphql + prod-graph-url: https://image-api.readitlater.com + dev-graph-url: https://image-api.getpocket.dev + secrets: + apollo-key: ${{ secrets.APOLLO_CLIENT_API_KEY }} + + apollo-admin: + uses: ./.github/workflows/reuse-apollo-federation.yml + with: + federated-graph-name: pocket-admin-api + graph-name: image-api + schema-file-path: servers/image-api/schema.graphql + prod-graph-url: https://image-api.readitlater.com + dev-graph-url: https://image-api.getpocket.dev + secrets: + apollo-key: ${{ secrets.APOLLO_ADMIN_API_KEY }} + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: image-api-cdk + stack-output-path: infrastructure/image-api/cdktf.out/stacks/image-api + secrets: inherit + + api: + uses: ./.github/workflows/reuse-build-and-push-image.yml + needs: [infrastructure] + with: + scope: image-api + app-path: servers/image-api + app-port: 4867 + sentry-project: image-api + docker-repo-name-pattern: imageapi-{0}-app + terraform-output: ${{needs.infrastructure.outputs.terraform-output}} + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [api] + with: + sentry-project: image-api + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/instant-sync-events.yml b/.github/workflows/instant-sync-events.yml new file mode 100644 index 000000000..8ceda94c7 --- /dev/null +++ b/.github/workflows/instant-sync-events.yml @@ -0,0 +1,45 @@ +name: Instant Sync Events +on: + pull_request: + paths: + - 'infrastructure/instant-sync-events/**' + - 'packages/**' + - 'lambdas/instant-sync-events/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/instant-sync-events.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: instant-sync-events-cdk + stack-output-path: infrastructure/instant-sync-events/cdktf.out/stacks/instant-sync-events + secrets: inherit + + lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: instant-sync-events + sentry-project: instant-sync-events + s3-bucket-pattern: pocket-instantsyncevents-{0}-eventtracker + codedeploy-app-name-pattern: InstantSyncEvents-{0}-EventTracker-Lambda + codedeploy-group-name-pattern: InstantSyncEvents-{0}-EventTracker-Lambda + function-name-pattern: InstantSyncEvents-{0}-EventTracker-Function + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [lambda] + with: + sentry-project: annotations-api + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit diff --git a/.github/workflows/list-api.yml b/.github/workflows/list-api.yml new file mode 100644 index 000000000..fcaad8727 --- /dev/null +++ b/.github/workflows/list-api.yml @@ -0,0 +1,63 @@ +name: List API +on: + pull_request: + paths: + - 'infrastructure/list-api/**' + - 'packages/**' + - 'servers/list-api/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/list-api.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + test-integrations: + if: github.event_name == 'pull_request' + uses: ./.github/workflows/reuse-test-integrations.yml + with: + scope: list-api + secrets: inherit + + apollo: + uses: ./.github/workflows/reuse-apollo-federation.yml + with: + federated-graph-name: pocket-client-api + graph-name: list + schema-file-path: servers/list-api/dist/schema-generated.graphql + prod-graph-url: https://list-api.readitlater.com + dev-graph-url: https://list-api.getpocket.dev + scope: list-api + secrets: + apollo-key: ${{ secrets.APOLLO_CLIENT_API_KEY }} + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: list-api-cdk + stack-output-path: infrastructure/list-api/cdktf.out/stacks/list-api + secrets: inherit + + api: + uses: ./.github/workflows/reuse-build-and-push-image.yml + needs: [infrastructure] + with: + scope: list-api + app-path: servers/list-api + app-port: 4005 + sentry-project: list-api + docker-repo-name-pattern: listapi-{0}-app + terraform-output: ${{needs.infrastructure.outputs.terraform-output}} + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [api] + with: + sentry-project: list-api + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/parser-graphql-wrapper.yml b/.github/workflows/parser-graphql-wrapper.yml new file mode 100644 index 000000000..f1c125a35 --- /dev/null +++ b/.github/workflows/parser-graphql-wrapper.yml @@ -0,0 +1,73 @@ +name: Parser GraphQL Wrapper +on: + pull_request: + paths: + - 'infrastructure/parser-graphql-wrapper/**' + - 'packages/**' + - 'servers/parser-graphql-wrapper/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/parser-graphql-wrapper.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + test-integrations: + if: github.event_name == 'pull_request' + uses: ./.github/workflows/reuse-test-integrations.yml + with: + scope: parser-graphql-wrapper + secrets: inherit + + apollo: + uses: ./.github/workflows/reuse-apollo-federation.yml + with: + federated-graph-name: pocket-client-api + graph-name: parser + schema-file-path: servers/parser-graphql-wrapper/schema.graphql + prod-graph-url: https://parser-graphql-wrapper.readitlater.com + dev-graph-url: https://parser-graphql-wrapper.getpocket.dev + secrets: + apollo-key: ${{ secrets.APOLLO_CLIENT_API_KEY }} + + apollo-admin: + uses: ./.github/workflows/reuse-apollo-federation.yml + with: + federated-graph-name: pocket-admin-api + graph-name: parser + schema-file-path: servers/parser-graphql-wrapper/schema.graphql + prod-graph-url: https://parser-graphql-wrapper.readitlater.com + dev-graph-url: https://parser-graphql-wrapper.getpocket.dev + secrets: + apollo-key: ${{ secrets.APOLLO_ADMIN_API_KEY }} + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: parser-graphql-wrapper-cdk + stack-output-path: infrastructure/parser-graphql-wrapper/cdktf.out/stacks/parser-graphql-wrapper + secrets: inherit + + api: + uses: ./.github/workflows/reuse-build-and-push-image.yml + needs: [infrastructure] + with: + scope: parser-graphql-wrapper + app-path: servers/parser-graphql-wrapper + app-port: 4001 + sentry-project: parser-graphql-wrapper + docker-repo-name-pattern: parsergraphqlwrapper-{0}-app + terraform-output: ${{needs.infrastructure.outputs.terraform-output}} + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [api] + with: + sentry-project: parser-graphql-wrapper + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/pocket-event-bridge.yml b/.github/workflows/pocket-event-bridge.yml new file mode 100644 index 000000000..053ff38ed --- /dev/null +++ b/.github/workflows/pocket-event-bridge.yml @@ -0,0 +1,23 @@ +name: Pocket Event Bridge +on: + pull_request: + paths: + - 'infrastructure/pocket-event-bridge/**' + - 'packages/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/pocket-event-bridge.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: pocket-event-bridge-cdk + stack-output-path: infrastructure/pocket-event-bridge/cdktf.out/stacks/pocket-event-bridge + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 91993fcf5..46f9686a6 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -27,22 +27,9 @@ jobs: with: fetch-depth: 2 - - name: Setup Node.js environment - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4 - with: - node-version: 20.14 - registry-url: 'https://registry.npmjs.org' - - - name: PNPM Setup - uses: pnpm/action-setup@v4 - with: - version: 9.1.4 + - name: Install pnpm & node + uses: pocket/pocket-monorepo/.github/actions/install-pnpm-and-node@main - - name: Install dependencies - run: pnpm i - # Need to update sendgrid to enable this - # - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies - # run: pnpm audit signatures - name: Semantic Release run: pnpm run semantic-release env: diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml new file mode 100644 index 000000000..d64aeb07a --- /dev/null +++ b/.github/workflows/pull-request.yml @@ -0,0 +1,43 @@ +# A set of jobs that should always run no matter what on all Pull Requests in this repo +name: Pull Request +on: + pull_request: + +jobs: + check-packages: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install pnpm & node + uses: pocket/pocket-monorepo/.github/actions/install-pnpm-and-node@main + + - name: Check for mismatched dependencies + run: pnpm run list-mismatches + + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install pnpm & node + uses: pocket/pocket-monorepo/.github/actions/install-pnpm-and-node@main + + - name: Lint code + run: pnpm run lint + + unit-test: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install pnpm & node + uses: pocket/pocket-monorepo/.github/actions/install-pnpm-and-node@main + + - name: Unit tests + # Following uses a 2 concurrency because terraform modules seems to fail with an OOM error on CI if we do more. + run: pnpm run test --concurrency=2 \ No newline at end of file diff --git a/.github/workflows/push-server.yml b/.github/workflows/push-server.yml new file mode 100644 index 000000000..4d2f435cd --- /dev/null +++ b/.github/workflows/push-server.yml @@ -0,0 +1,50 @@ +name: Push Server +on: + pull_request: + paths: + - 'infrastructure/push-server/**' + - 'packages/**' + - 'servers/push-server/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/push-server.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + test-integrations: + if: github.event_name == 'pull_request' + uses: ./.github/workflows/reuse-test-integrations.yml + with: + scope: push-server + secrets: inherit + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: push-server-cdk + stack-output-path: infrastructure/push-server/cdktf.out/stacks/push-server + secrets: inherit + + api: + uses: ./.github/workflows/reuse-build-and-push-image.yml + needs: [infrastructure] + with: + scope: push-server + app-path: servers/push-server + sentry-project: push-server + docker-repo-name-pattern: push-{0}-app + terraform-output: ${{needs.infrastructure.outputs.terraform-output}} + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [api] + with: + sentry-project: push-server + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/reuse-apollo-federation.yml b/.github/workflows/reuse-apollo-federation.yml new file mode 100644 index 000000000..63d8f83eb --- /dev/null +++ b/.github/workflows/reuse-apollo-federation.yml @@ -0,0 +1,79 @@ +# Runs Apollo rover schema check on the production graphql federated schema. +# If it is the production branch will deploy the subgraph to the production federated graph. +# If the branch is the development branch, will deploy the subgraph to the development federated graph. +name: 'Re-usable Apollo Studio Schema Workflow' +on: + workflow_call: + inputs: + federated-graph-name: + type: string + description: The name of federated graph to check + graph-name: + type: string + description: The name of this subgraph + schema-file-path: + type: string + description: The path to the schema file + default: ./schema.graphql + prod-graph-url: + type: string + description: The production subgraph url + dev-graph-url: + type: string + description: The development subgraph url + prod-graph-variant-name: + type: string + description: The production variant graph name + default: "current" + dev-graph-variant-name: + type: string + required: false + description: The development variant graph name + default: "development" + scope: + description: The pnpm scope to build for if we need to build before we push a schema + type: string + default: "" + secrets: + apollo-key: + description: The apollo studio key to use + required: true +jobs: + check-or-publish: + runs-on: ubuntu-latest + steps: + - name: Install rover + shell: bash + run: | + # download and install Rover + curl -sSL https://rover.apollo.dev/nix/latest | sh + + # This allows the PATH changes to persist to the next `run` step + echo "PATH=$HOME/.rover/bin:$PATH" >> "$GITHUB_ENV" + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Install pnpm & node + if: ${{ inputs.scope != '' }} + uses: pocket/pocket-monorepo/.github/actions/install-pnpm-and-node@main + with: + scope: ${{ inputs['scope'] }} + - name: Build schema + if: ${{ inputs.scope != '' }} + shell: bash + run: pnpm run build --filter=${{ inputs.scope }}... + - name: Check Schema + if: github.event_name == 'pull_request' + shell: bash + run: | + rover subgraph check ${{ inputs.federated-graph-name }}@${{ inputs.prod-graph-variant-name }} --schema ${{ inputs.schema-file-path }} --name=${{ inputs.graph-name }} + env: + APOLLO_KEY: ${{ secrets.apollo-key }} + - name: Publish Schema + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + shell: bash + run: | + rover subgraph publish ${{ inputs.federated-graph-name }}@${{ github.ref == 'refs/heads/main' && inputs.prod-graph-variant-name || inputs.dev-graph-variant-name }} --schema ${{ inputs.schema-file-path }} --routing-url ${{ github.ref == 'refs/heads/main' && inputs.prod-graph-url || inputs.dev-graph-url }} --name=${{ inputs.graph-name }} + env: + APOLLO_KEY: ${{ secrets.apollo-key }} \ No newline at end of file diff --git a/.github/workflows/reuse-build-and-push-image.yml b/.github/workflows/reuse-build-and-push-image.yml new file mode 100644 index 000000000..c90deeef1 --- /dev/null +++ b/.github/workflows/reuse-build-and-push-image.yml @@ -0,0 +1,171 @@ +name: 'Re-usable Docker Build Flow' +on: + workflow_call: + inputs: + scope: + description: 'Turbo Repo scope to run the build for' + required: false + default: '' + type: string + docker-repo-name-pattern: + description: 'Docker name of the repo, usually: servicename-{0}-app. {0} is replaced with dev or prod' + required: true + type: string + development-aws-registry: + description: 'AWS Development Account Id' + type: string + default: 410318598490.dkr.ecr.us-east-1.amazonaws.com + production-aws-registry: + description: 'AWS Development Account Id' + type: string + default: 996905175585.dkr.ecr.us-east-1.amazonaws.com + context: + description: 'The path of where the application should be built from' + required: false + default: '.' + type: string + app-path: + description: 'The path of where the application is located in the monorepo ie servers/' + required: false + default: '' + type: string + app-port: + description: 'The port the application runs on ie 4006' + required: false + default: 80 + type: number + sentry-org: + description: 'The org name used in sentry. Used to upload source maps' + required: false + type: string + default: pocket + sentry-project: + description: 'The project name used in sentry. Used to upload source maps' + required: false + default: '' + type: string + terraform-output: + description: 'The terraform output which is used to get the ECS_Service and Task Defintion arns for codedeploy' + required: false + type: string + archive-download-name: + description: 'If specified, download this archive instead of checkout' + required: false + type: string + default: '' + +permissions: + contents: read # This is required for actions/checkout + id-token: write # Access the Github JWT for AWS access + deployments: write + +jobs: + # Let's build the image on every pull request just like we would on production + pull-request: + # Only run this job on a pull request event + if: github.event_name == 'pull_request' + runs-on: ubuntu-latest + steps: + - name: Checkout + if: inputs.archive-download-name == '' + uses: actions/checkout@v4 + - name: Archive download + if: inputs.archive-download-name != '' + uses: actions/download-artifact@v4 + with: + name: ${{inputs.archive-download-name}} + - name: Build Docker Image + uses: pocket/pocket-monorepo/.github/actions/containerize@main + with: + docker-repo-name: "${{inputs.development-aws-registry }}/${{ format(inputs.docker-repo-name-pattern, 'dev') }}" + app-path: ${{inputs.app-path}} + app-port: ${{inputs.app-port}} + context: ${{inputs.context}} + sentry-project: ${{inputs.sentry-project}} + sentry-org: ${{inputs.sentry-org}} + sentry-token: ${{secrets.SENTRY_BEARER}} + dockerhub-username: ${{secrets.DOCKERHUB_USERNAME}} + dockerhub-token: ${{secrets.DOCKERHUB_TOKEN}} + scope: ${{inputs.scope}} + + + development: + if: github.ref == 'refs/heads/dev' + runs-on: ubuntu-latest + steps: + - name: Checkout + if: inputs.archive-download-name == '' + uses: actions/checkout@v4 + - name: Archive download + if: inputs.archive-download-name != '' + uses: actions/download-artifact@v4 + with: + name: ${{inputs.archive-download-name}} + # Get the AWS credentials + - name: AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-east-1 + role-to-assume: arn:aws:iam::410318598490:role/PocketGHARole + - name: Build and Push Development Docker Image + id: dev-docker-build + uses: pocket/pocket-monorepo/.github/actions/containerize@main + with: + docker-repo-name: "${{inputs.development-aws-registry }}/${{ format(inputs.docker-repo-name-pattern, 'dev') }}" + app-path: ${{inputs.app-path}} + app-port: ${{inputs.app-port}} + context: ${{inputs.context}} + sentry-project: ${{inputs.sentry-project}} + sentry-org: ${{inputs.sentry-org}} + sentry-token: ${{secrets.SENTRY_BEARER}} + dockerhub-username: ${{secrets.DOCKERHUB_USERNAME}} + dockerhub-token: ${{secrets.DOCKERHUB_TOKEN}} + scope: ${{inputs.scope}} + push: true + - name: Code Deploy Docker Image + uses: pocket/pocket-monorepo/.github/actions/ecs-codedeploy@main + if: fromJSON(inputs.terraform-output).ecs-task-containerName.value != '' + with: + docker-image-name: ${{steps.dev-docker-build.outputs.docker-image-name}} + terraform-output: ${{ inputs.terraform-output }} + name: ${{inputs.scope}} + + production: + if: github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + steps: + - name: Checkout + if: inputs.archive-download-name == '' + uses: actions/checkout@v4 + - name: Archive download + if: inputs.archive-download-name != '' + uses: actions/download-artifact@v4 + with: + name: ${{inputs.archive-download-name}} + - name: AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-east-1 + role-to-assume: arn:aws:iam::996905175585:role/PocketGHARole + - name: Build and Push Production Docker Image + id: prod-docker-build + uses: pocket/pocket-monorepo/.github/actions/containerize@main + with: + docker-repo-name: "${{inputs.production-aws-registry }}/${{ format(inputs.docker-repo-name-pattern, 'prod') }}" + app-path: ${{inputs.app-path}} + app-port: ${{inputs.app-port}} + context: ${{inputs.context}} + sentry-project: ${{inputs.sentry-project}} + sentry-org: ${{inputs.sentry-org}} + sentry-token: ${{secrets.SENTRY_BEARER}} + dockerhub-username: ${{secrets.DOCKERHUB_USERNAME}} + dockerhub-token: ${{secrets.DOCKERHUB_TOKEN}} + scope: ${{inputs.scope}} + push: true + - name: Code Deploy Docker Image + uses: pocket/pocket-monorepo/.github/actions/ecs-codedeploy@main + if: fromJSON(inputs.terraform-output).ecs-task-containerName.value != '' + with: + docker-image-name: ${{steps.prod-docker-build.outputs.docker-image-name}} + terraform-output: ${{ inputs.terraform-output }} + name: ${{inputs.scope}} \ No newline at end of file diff --git a/.github/workflows/reuse-build-and-push-lambda.yml b/.github/workflows/reuse-build-and-push-lambda.yml new file mode 100644 index 000000000..8a3722cfb --- /dev/null +++ b/.github/workflows/reuse-build-and-push-lambda.yml @@ -0,0 +1,119 @@ +name: 'Re-usable Lambda Build Flow' +on: + workflow_call: + inputs: + scope: + description: 'Turbo Repo scope to run the build for' + required: true + type: string + s3-bucket-pattern: + description: 'Lambda S3 bucket pattern to use. {0} will be replaced with either dev or prod' + required: true + type: string + s3-key: + description: 'Lambda S3 key to use. Defaults to git sha' + required: false + default: '' + type: string + codedeploy-app-name-pattern: + description: CodeDeploy app name pattern to use. {0} will be replaced with either Dev or Prod' + required: true + type: string + codedeploy-group-name-pattern: + description: CodeDeploy group name pattern to use. {0} will be replaced with either Dev or Prod' + required: true + type: string + function-name-pattern: + description: The name pattern of the Lambda Function to deploy t. {0} will be replaced with either Dev or Prod' + required: true + type: string + sentry-org: + description: 'The org name used in sentry. Used to upload source maps' + required: false + type: string + default: pocket + sentry-project: + description: 'The project name used in sentry. Used to upload source maps' + required: true + type: string + +permissions: + contents: read # This is required for actions/checkout + id-token: write # Access the Github JWT for AWS access + + +jobs: + # Let's build the image on every pull request just like we would on production + pull-request: + # Only run this job on a pull request event + if: github.event_name == 'pull_request' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Build Lambda + uses: pocket/pocket-monorepo/.github/actions/build-lambda@main + with: + sentry-project: ${{inputs['sentry-project']}} + sentry-org: ${{inputs['sentry-org']}} + sentry-token: ${{secrets.SENTRY_BEARER}} + scope: ${{inputs['scope']}} + s3-key: ${{ inputs.s3-key }} + + development: + if: github.ref == 'refs/heads/dev' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-east-1 + role-to-assume: arn:aws:iam::410318598490:role/PocketGHARole + - name: Build Lambda + uses: pocket/pocket-monorepo/.github/actions/build-lambda@main + with: + sentry-project: ${{inputs['sentry-project']}} + sentry-org: ${{inputs['sentry-org']}} + sentry-token: ${{secrets.SENTRY_BEARER}} + scope: ${{inputs['scope']}} + s3-bucket: ${{ format(inputs.s3-bucket-pattern, 'dev') }} + s3-key: ${{ inputs.s3-key }} + - name: CodeDeploy Lambda + uses: pocket/pocket-monorepo/.github/actions/lambda-codedeploy@main + with: + s3-bucket: ${{ format(inputs.s3-bucket-pattern, 'dev') }} + s3-key: ${{ inputs.s3-key }} + codedeploy-app-name: ${{ format(inputs.codedeploy-app-name-pattern, 'Dev') }} + codedeploy-group-name: ${{ format(inputs.codedeploy-group-name-pattern, 'Dev') }} + function-name: ${{ format(inputs.function-name-pattern, 'Dev') }} + + production: + if: github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-east-1 + role-to-assume: arn:aws:iam::996905175585:role/PocketGHARole + - name: Build Lambda + uses: pocket/pocket-monorepo/.github/actions/build-lambda@main + with: + sentry-project: ${{inputs['sentry-project']}} + sentry-org: ${{inputs['sentry-org']}} + sentry-token: ${{secrets.SENTRY_BEARER}} + scope: ${{inputs['scope']}} + s3-bucket: ${{ format(inputs.s3-bucket-pattern, 'prod') }} + s3-key: ${{ inputs.s3-key }} + - name: CodeDeploy Lambda + uses: pocket/pocket-monorepo/.github/actions/lambda-codedeploy@main + with: + s3-bucket: ${{ format(inputs.s3-bucket-pattern, 'prod') }} + s3-key: ${{ inputs.s3-key }} + codedeploy-app-name: ${{ format(inputs.codedeploy-app-name-pattern, 'Prod') }} + codedeploy-group-name: ${{ format(inputs.codedeploy-group-name-pattern, 'Prod') }} + function-name: ${{ format(inputs.function-name-pattern, 'Prod') }} \ No newline at end of file diff --git a/.github/workflows/reuse-infrastructure.yml b/.github/workflows/reuse-infrastructure.yml new file mode 100644 index 000000000..8c3948417 --- /dev/null +++ b/.github/workflows/reuse-infrastructure.yml @@ -0,0 +1,142 @@ +name: 'Re-usable Infrastructure Workflow' +on: + workflow_call: + inputs: + scope: + description: 'Turbo Repo scope to run the build for' + required: false + type: string + stack-output-path: + description: 'The path where CDKTF outputs the terraform json' + required: false + type: string + raw-terraform: + description: 'Whether or not this service uses raw terraform' + required: false + default: false + type: boolean + outputs: + terraform-output: + description: "The output of terraform apply" + value: ${{ jobs.apply.outputs.terraform-output }} + +permissions: + pull-requests: write # Allow Terraform Comment to write to PRs + contents: read # This is required for actions/checkout + id-token: write # Access the Github JWT for AWS access + +jobs: + + plan: + # Only run this job on a pull request event + if: github.event_name == 'pull_request' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Checkout Actions + uses: actions/checkout@v4 + # Get the AWS credentials + - name: AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-east-1 + role-to-assume: arn:aws:iam::996905175585:role/PocketGHARole + - name: Execute CDKTF + if: inputs.raw-terraform == false + uses: pocket/pocket-monorepo/.github/actions/cdktf@main + with: + stack-output-path: ${{inputs['stack-output-path']}} + scope: ${{inputs['scope']}} + environment: production + behavior: plan + github-token: ${{ secrets.GITHUB_TOKEN }} + pagerduty-token: ${{ secrets.PAGERDUTY_TOKEN }} + terraform-token: ${{ secrets.TERRAFORM_TOKEN }} + + - name: Execute Raw Terraform + if: inputs.raw-terraform == true + uses: pocket/pocket-monorepo/.github/actions/raw-terraform@main + with: + stack-output-path: ${{inputs['stack-output-path']}} + scope: ${{inputs['scope']}} + environment: production + behavior: plan + github-token: ${{ secrets.GITHUB_TOKEN }} + pagerduty-token: ${{ secrets.PAGERDUTY_TOKEN }} + terraform-token: ${{ secrets.TERRAFORM_TOKEN }} + + apply: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + outputs: + terraform-output: ${{ steps.set_output.outputs.terraform-output }} + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Development AWS Credentials + if: github.ref == 'refs/heads/dev' + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-east-1 + role-to-assume: arn:aws:iam::410318598490:role/PocketGHARole + - name: Production AWS Credentials + if: github.ref == 'refs/heads/main' + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-east-1 + role-to-assume: arn:aws:iam::996905175585:role/PocketGHARole + - name: Execute Development CDKTF + if: inputs.raw-terraform == false && github.ref == 'refs/heads/dev' + uses: pocket/pocket-monorepo/.github/actions/cdktf@main + with: + stack-output-path: ${{inputs['stack-output-path']}} + scope: ${{inputs['scope']}} + environment: development + behavior: apply + github-token: ${{ secrets.GITHUB_TOKEN }} + pagerduty-token: ${{ secrets.PAGERDUTY_TOKEN }} + terraform-token: ${{ secrets.TERRAFORM_TOKEN }} + - name: Execute Developement Raw Terraform + if: inputs.raw-terraform == true && github.ref == 'refs/heads/dev' + uses: pocket/pocket-monorepo/.github/actions/raw-terraform@main + with: + stack-output-path: ${{inputs['stack-output-path']}} + scope: ${{inputs['scope']}} + environment: development + behavior: apply + github-token: ${{ secrets.GITHUB_TOKEN }} + pagerduty-token: ${{ secrets.PAGERDUTY_TOKEN }} + terraform-token: ${{ secrets.TERRAFORM_TOKEN }} + + - name: Execute Production CDKTF + if: inputs.raw-terraform == false && github.ref == 'refs/heads/main' + uses: pocket/pocket-monorepo/.github/actions/cdktf@main + with: + stack-output-path: ${{inputs['stack-output-path']}} + scope: ${{inputs['scope']}} + environment: production + behavior: apply + github-token: ${{ secrets.GITHUB_TOKEN }} + pagerduty-token: ${{ secrets.PAGERDUTY_TOKEN }} + terraform-token: ${{ secrets.TERRAFORM_TOKEN }} + + - name: Execute Production Raw Terraform + if: inputs.raw-terraform == true && github.ref == 'refs/heads/main' + uses: pocket/pocket-monorepo/.github/actions/raw-terraform@main + with: + stack-output-path: ${{inputs['stack-output-path']}} + scope: ${{inputs['scope']}} + environment: production + behavior: apply + github-token: ${{ secrets.GITHUB_TOKEN }} + pagerduty-token: ${{ secrets.PAGERDUTY_TOKEN }} + terraform-token: ${{ secrets.TERRAFORM_TOKEN }} + + - name: Set terraform output + id: set_output + run: | + echo "Grabbing Terraform Output" + cd ${{inputs['stack-output-path']}} + echo "terraform-output=$(terraform output -json | jq -c)" >> $GITHUB_OUTPUT + \ No newline at end of file diff --git a/.github/workflows/reuse-sentry-release.yml b/.github/workflows/reuse-sentry-release.yml new file mode 100644 index 000000000..4447587c8 --- /dev/null +++ b/.github/workflows/reuse-sentry-release.yml @@ -0,0 +1,35 @@ +name: 'Re-usable Sentry Release Workflow' +on: + workflow_call: + inputs: + sentry-project: + description: 'The sentry project name' + required: true + type: string + sentry-organization: + description: 'The sentry organization' + required: false + default: pocket + type: string + sentry-environment: + description: 'The sentry environment to release on' + required: false + default: pocket + type: string +jobs: + + release: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Create Sentry Release + uses: getsentry/action-release@v1 + env: + SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_BEARER }} + SENTRY_ORG: ${{ inputs.sentry-organization }} + SENTRY_PROJECT: ${{ inputs.sentry-project }} + with: + environment: ${{ inputs.sentry-environment }} \ No newline at end of file diff --git a/.github/workflows/reuse-test-integrations.yml b/.github/workflows/reuse-test-integrations.yml new file mode 100644 index 000000000..1e5090dd7 --- /dev/null +++ b/.github/workflows/reuse-test-integrations.yml @@ -0,0 +1,45 @@ +name: 'Re-usable Test Integrations' +on: + workflow_call: + inputs: + scope: + description: 'Turbo Repo scope to run tests for' + required: true + type: string + +jobs: + # naming this main, so that when this is called in Github Actions UI it shows up as: + # Service/test-integrations/main + main: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + # Log into Docker Hub so we bypass any rate limits and can pull our private Snowplow Micro Image + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + # Kick off starting docker compose first, since it can take a bit and can run in the background + - name: Start Docker Compose services + run: docker compose up -d + + # While we wait for docker compose to be healthy we install node and needed packages for this service + - name: Install pnpm & node + uses: pocket/pocket-monorepo/.github/actions/install-pnpm-and-node@main + with: + scope: ${{ inputs['scope'] }} + + # Wait for the docker services we started earlier to all be healthy + # TODO: In the future, we should figure out how to pass a scope to the Localstack startup routine via docker compose (perhaps a docker env..), + # because right now this will init and wait for all the localstack services in use in this repo. + # in circleci, we had to do it all manually so we passed it in then. + - name: Wait for services to be healthy + run: docker compose up --wait + + # Let's run those integration tests! + - name: Run service integration tests + run: pnpm run test-integrations --filter=${{ inputs['scope'] }} \ No newline at end of file diff --git a/.github/workflows/sendgrid-data.yml b/.github/workflows/sendgrid-data.yml new file mode 100644 index 000000000..7d73fd4b4 --- /dev/null +++ b/.github/workflows/sendgrid-data.yml @@ -0,0 +1,45 @@ +name: Sendgrid Data +on: + pull_request: + paths: + - 'infrastructure/sendgrid-data/**' + - 'packages/**' + - 'lambdas/sendgrid-data/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/sendgrid-data.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: sendgrid-data-cdk + stack-output-path: infrastructure/sendgrid-data/cdktf.out/stacks/sendgrid-data + secrets: inherit + + + lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: sendgrid-data + sentry-project: sendgrid-data + s3-bucket-pattern: pocket-sendgriddata-{0}-apigateway + codedeploy-app-name-pattern: SendGridData-{0}-ApiGateway-Lambda + codedeploy-group-name-pattern: SendGridData-{0}-ApiGateway-Lambda + function-name-pattern: SendGridData-{0}-ApiGateway-Function + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [lambda] + with: + sentry-project: sendgrid-data + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit diff --git a/.github/workflows/shareable-lists-api.yml b/.github/workflows/shareable-lists-api.yml new file mode 100644 index 000000000..4e4609792 --- /dev/null +++ b/.github/workflows/shareable-lists-api.yml @@ -0,0 +1,88 @@ +name: Shareable Lists API +on: + pull_request: + paths: + - 'infrastructure/shareable-lists-api/**' + - 'packages/**' + - 'servers/shareable-lists-api/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/shareable-lists-api.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + test-integrations: + if: github.event_name == 'pull_request' + uses: ./.github/workflows/reuse-test-integrations.yml + with: + scope: shareable-lists-api + secrets: inherit + + apollo: + uses: ./.github/workflows/reuse-apollo-federation.yml + with: + federated-graph-name: pocket-client-api + graph-name: shareable-lists-api + schema-file-path: servers/shareable-lists-api/schema-client-api.graphql + prod-graph-url: https://shareablelistsapi.readitlater.com + dev-graph-url: https://shareablelistsapi.getpocket.dev + scope: shareable-lists-api + secrets: + apollo-key: ${{ secrets.APOLLO_CLIENT_API_KEY }} + + apollo-admin: + uses: ./.github/workflows/reuse-apollo-federation.yml + with: + federated-graph-name: pocket-admin-api + graph-name: shareable-lists-api + schema-file-path: servers/shareable-lists-api/schema-admin-api.graphql + prod-graph-url: https://shareablelistsapi.readitlater.com/admin + dev-graph-url: https://shareablelistsapi.getpocket.dev/admin + scope: shareable-lists-api + secrets: + apollo-key: ${{ secrets.APOLLO_ADMIN_API_KEY }} + + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: shareable-lists-api-cdk + stack-output-path: infrastructure/shareable-lists-api/cdktf.out/stacks/shareable-lists-api + secrets: inherit + + api: + uses: ./.github/workflows/reuse-build-and-push-image.yml + needs: [infrastructure] + with: + scope: shareable-lists-api + app-path: servers/shareable-lists-api + app-port: 4029 + sentry-project: shareable-lists-api + docker-repo-name-pattern: shareablelistsapi-{0}-app + terraform-output: ${{needs.infrastructure.outputs.terraform-output}} + secrets: inherit + + events-lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: shareable-lists-api-events-lambda + sentry-project: shareable-lists-api + s3-bucket-pattern: pocket-shareablelistsapi-{0}-sqs-event-consumer + codedeploy-app-name-pattern: ShareableListsApi-{0}-Sqs-Event-Consumer-Lambda + codedeploy-group-name-pattern: ShareableListsApi-{0}-Sqs-Event-Consumer-Lambda + function-name-pattern: ShareableListsApi-{0}-Sqs-Event-Consumer-Function + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [api, events-lambda] + with: + sentry-project: shareable-lists-api + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/shared-snowplow-consumer.yml b/.github/workflows/shared-snowplow-consumer.yml new file mode 100644 index 000000000..ae4032bdf --- /dev/null +++ b/.github/workflows/shared-snowplow-consumer.yml @@ -0,0 +1,51 @@ +name: Shared Snowplow Consumer +on: + pull_request: + paths: + - 'infrastructure/shared-snowplow-consumer/**' + - 'packages/**' + - 'servers/shared-snowplow-consumer/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/shared-snowplow-consumer.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + test-integrations: + if: github.event_name == 'pull_request' + uses: ./.github/workflows/reuse-test-integrations.yml + with: + scope: shared-snowplow-consumer + secrets: inherit + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: shared-snowplow-consumer-cdk + stack-output-path: infrastructure/shared-snowplow-consumer/cdktf.out/stacks/shared-snowplow-consumer + secrets: inherit + + api: + uses: ./.github/workflows/reuse-build-and-push-image.yml + needs: [infrastructure] + with: + scope: shared-snowplow-consumer + app-path: servers/shared-snowplow-consumer + app-port: 4015 + sentry-project: shared-snowplow-consumer + docker-repo-name-pattern: sharedsnowplowconsumer-{0}-app + terraform-output: ${{needs.infrastructure.outputs.terraform-output}} + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [api] + with: + sentry-project: shareable-lists-api + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/shares-api.yml b/.github/workflows/shares-api.yml new file mode 100644 index 000000000..aaacdd8cf --- /dev/null +++ b/.github/workflows/shares-api.yml @@ -0,0 +1,63 @@ +name: Shares API +on: + pull_request: + paths: + - 'infrastructure/shares-api/**' + - 'packages/**' + - 'servers/list-api/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/list-api.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + test-integrations: + if: github.event_name == 'pull_request' + uses: ./.github/workflows/reuse-test-integrations.yml + with: + scope: shares-api + secrets: inherit + + apollo: + uses: ./.github/workflows/reuse-apollo-federation.yml + with: + federated-graph-name: pocket-client-api + graph-name: shares-api + schema-file-path: servers/shares-api/dist/schema-generated.graphql + prod-graph-url: https://shares-api.readitlater.com + dev-graph-url: https://shares-api.getpocket.dev + scope: shares-api + secrets: + apollo-key: ${{ secrets.APOLLO_CLIENT_API_KEY }} + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: shares-api-cdk + stack-output-path: infrastructure/shares-api/cdktf.out/stacks/shares-api + secrets: inherit + + api: + uses: ./.github/workflows/reuse-build-and-push-image.yml + needs: [infrastructure] + with: + scope: shares-api + app-path: servers/shares-api + app-port: 4031 + sentry-project: shares-api + docker-repo-name-pattern: sharesapi-{0}-app + terraform-output: ${{needs.infrastructure.outputs.terraform-output}} + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [api] + with: + sentry-project: shares-api + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/status-checks.yml b/.github/workflows/status-checks.yml new file mode 100644 index 000000000..19e35c130 --- /dev/null +++ b/.github/workflows/status-checks.yml @@ -0,0 +1,53 @@ +## Note that since this workflow uses Workflow Run changes will only be reflected once it is on the default branch + +# Because we use conditional path filtering on all our workflows, but want to Require status checks to pass on Github, +# we use a special status check job that we can require and will do the checking for us. +# We also use this because re-usable workflows can not be targeted for Github Required Status Checks as of 8/15/2024 +name: Status Checks +on: + workflow_run: + workflows: + - Pull Request + - User API + - List API + - Account Delete Monitor + - Annotations API + - Braze + - Client API + - Feature Flags + - FxA Webhook Proxy + - Image API + - Instant Sync Events + - Parser GraphQL Wrapper + - Pocket Event Bridge + - Push Server + - Sendgrid Data + - Shareable Lists API + - Shared Snowplow Consumer + - Shares API + - Transactional Emails + - V3 Proxy API + - User List Search + types: [ completed ] + +jobs: + status-check: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + - uses: ahmadnassri/action-workflow-run-wait@v1 + + # Note: If the workflow_run trigger does not work out, this can be used instead with a pull_request event to trigger a long polling job. + # status-check: + # runs-on: ubuntu-latest + # steps: + # - name: Wait for workflows + # id: wait + # uses: smartcontractkit/chainlink-github-actions/utils/wait-for-workflows@main + # with: + # max-timeout: "900" + # polling-interval: "15" + # exclude-workflow-names: "" + # exclude-workflow-ids: "" + # github-token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/transactional-emails.yml b/.github/workflows/transactional-emails.yml new file mode 100644 index 000000000..a38554e12 --- /dev/null +++ b/.github/workflows/transactional-emails.yml @@ -0,0 +1,44 @@ +name: Transactional Emails +on: + pull_request: + paths: + - 'infrastructure/transactional-emails/**' + - 'packages/**' + - 'lambdas/transactional-emails/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/transactional-emails.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: transactional-emails-cdk + stack-output-path: infrastructure/transactional-emails/cdktf.out/stacks/transactional-emails + secrets: inherit + + lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: transactional-emails + sentry-project: transactional-emails + s3-bucket-pattern: pocket-transactionalemails-{0}-sqs-event-consumer + codedeploy-app-name-pattern: TransactionalEmails-{0}-Sqs-Event-Consumer-Lambda + codedeploy-group-name-pattern: TransactionalEmails-{0}-Sqs-Event-Consumer-Lambda + function-name-pattern: TransactionalEmails-{0}-Sqs-Event-Consumer-Function + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [lambda] + with: + sentry-project: transactional-emails + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit diff --git a/.github/workflows/user-api.yml b/.github/workflows/user-api.yml new file mode 100644 index 000000000..7c32a846c --- /dev/null +++ b/.github/workflows/user-api.yml @@ -0,0 +1,72 @@ +name: User API +on: + # Only run the tests for this service when any of the following file paths change + pull_request: + paths: + - 'infrastructure/user-api/**' + - 'packages/**' + - 'servers/user-api/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/user-api.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + # Let's test the service against some real life and mocked docker services. + test-integrations: + # Only run this job on a pull request event + if: github.event_name == 'pull_request' + # Use our re-usable test integrations workflow which will use our docker compose file + uses: ./.github/workflows/reuse-test-integrations.yml + with: + # Only run the tests for our service + scope: user-api + # Ensure the re-usable workflow is allowed to access the secrets + secrets: inherit + + apollo: + uses: ./.github/workflows/reuse-apollo-federation.yml + with: + federated-graph-name: pocket-client-api + graph-name: user + schema-file-path: servers/user-api/schema.graphql + prod-graph-url: https://user-api.readitlater.com + dev-graph-url: https://user-api.getpocket.dev + secrets: + apollo-key: ${{ secrets.APOLLO_CLIENT_API_KEY }} + + # It's infrastructure time, run the infrastructure update commands + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: user-api-cdk + stack-output-path: infrastructure/user-api/cdktf.out/stacks/user-api + # Ensure the re-usable workflow is allowed to access the secrets + secrets: inherit + + # Let's try building and conidtionally pushing our docker image to the necessary account. + api: + uses: ./.github/workflows/reuse-build-and-push-image.yml + needs: [infrastructure] + with: + scope: user-api + app-path: servers/user-api + app-port: 4006 + sentry-project: user-api + docker-repo-name-pattern: userapi-{0}-app + terraform-output: ${{needs.infrastructure.outputs.terraform-output}} + # Ensure the re-usable workflow is allowed to access the secrets + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [api] + with: + sentry-project: user-api + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/user-list-search.yml b/.github/workflows/user-list-search.yml new file mode 100644 index 000000000..ae8aa6e38 --- /dev/null +++ b/.github/workflows/user-list-search.yml @@ -0,0 +1,192 @@ +name: User List Search +on: + pull_request: + paths: + - 'infrastructure/user-list-search/**' + - 'packages/**' + - 'servers/user-list-search/**' + - 'lambdas/user-list-search-*/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/user-list-search.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + test-integrations: + if: github.event_name == 'pull_request' + uses: ./.github/workflows/reuse-test-integrations.yml + with: + scope: user-list-search + secrets: inherit + + apollo: + uses: ./.github/workflows/reuse-apollo-federation.yml + with: + federated-graph-name: pocket-client-api + graph-name: user-list-search + schema-file-path: servers/user-list-search/dist/schema-generated.graphql + prod-graph-url: https://user-list-search.readitlater.com/graphql + dev-graph-url: https://user-list-search.getpocket.dev/graphql + scope: user-list-search + secrets: + apollo-key: ${{ secrets.APOLLO_CLIENT_API_KEY }} + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + raw-terraform: true + stack-output-path: infrastructure/user-list-search + scope: user-list-search + secrets: inherit + + api: + uses: ./.github/workflows/reuse-build-and-push-image.yml + needs: [infrastructure] + with: + scope: user-list-search + app-path: servers/user-list-search + app-port: 4000 + sentry-project: user-list-search + docker-repo-name-pattern: userlistsearch-{0} + terraform-output: ${{needs.infrastructure.outputs.terraform-output}} + secrets: inherit + + events-lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: user-list-search-events + sentry-project: user-list-search + s3-bucket-pattern: pocket-userlistsearch-{0}-kinesis-consumer + s3-key: events-${{ github.sha }}.zip + codedeploy-app-name-pattern: UserListSearch-{0}-EventHandler + codedeploy-group-name-pattern: UserListSearch-{0}-EventHandler + function-name-pattern: UserListSearch-{0}-EventHandler + secrets: inherit + + kinesis-lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: user-list-search-kinesis-to-sqs + sentry-project: user-list-search + s3-bucket-pattern: pocket-userlistsearch-{0}-kinesis-consumer + s3-key: kinesis-${{ github.sha }}.zip + codedeploy-app-name-pattern: UserListSearch-{0}-UnifiedEventsConsumer + codedeploy-group-name-pattern: UserListSearch-{0}-UnifiedEventsConsumer + function-name-pattern: UserListSearch-{0}-UnifiedEventsConsumer + secrets: inherit + + item-update-lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: user-list-search-indexing + sentry-project: user-list-search + s3-bucket-pattern: pocket-userlistsearch-{0}-kinesis-consumer + s3-key: item-update-${{ github.sha }}.zip + codedeploy-app-name-pattern: UserListSearch-{0}-ItemUpdate + codedeploy-group-name-pattern: UserListSearch-{0}-ItemUpdate + function-name-pattern: UserListSearch-{0}-ItemUpdate + secrets: inherit + + item-delete-lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: user-list-search-indexing + sentry-project: user-list-search + s3-bucket-pattern: pocket-userlistsearch-{0}-kinesis-consumer + s3-key: item-delete-${{ github.sha }}.zip + codedeploy-app-name-pattern: UserListSearch-{0}-ItemDelete + codedeploy-group-name-pattern: UserListSearch-{0}-ItemDelete + function-name-pattern: UserListSearch-{0}-ItemDelete + secrets: inherit + + item-update-backfill-lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: user-list-search-indexing + sentry-project: user-list-search + s3-bucket-pattern: pocket-userlistsearch-{0}-kinesis-consumer + s3-key: item-update-backfill-${{ github.sha }}.zip + codedeploy-app-name-pattern: UserListSearch-{0}-ItemUpdateBackfill + codedeploy-group-name-pattern: UserListSearch-{0}-ItemUpdateBackfill + function-name-pattern: UserListSearch-{0}-ItemUpdateBackfill + secrets: inherit + + user-list-import-lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: user-list-search-indexing + sentry-project: user-list-search + s3-bucket-pattern: pocket-userlistsearch-{0}-kinesis-consumer + s3-key: user-list-import-${{ github.sha }}.zip + codedeploy-app-name-pattern: UserListSearch-{0}-UserListImport + codedeploy-group-name-pattern: UserListSearch-{0}-UserListImport + function-name-pattern: UserListSearch-{0}-UserListImport + secrets: inherit + + user-list-import-backfill-lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: user-list-search-indexing + sentry-project: user-list-search + s3-bucket-pattern: pocket-userlistsearch-{0}-kinesis-consumer + s3-key: user-list-import-backfill-${{ github.sha }}.zip + codedeploy-app-name-pattern: UserListSearch-{0}-UserListImportBackfill + codedeploy-group-name-pattern: UserListSearch-{0}-UserListImportBackfill + function-name-pattern: UserListSearch-{0}-UserListImportBackfill + secrets: inherit + + corpus-indexing-lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: user-list-search-corpus-indexing + sentry-project: user-list-search + s3-bucket-pattern: pocket-userlistsearch-{0}-kinesis-consumer + s3-key: corpus-indexing-${{ github.sha }}.zip + codedeploy-app-name-pattern: UserListSearch-{0}-CorpusIndexer + codedeploy-group-name-pattern: UserListSearch-{0}-CorpusIndexer + function-name-pattern: UserListSearch-{0}-CorpusIndexer + secrets: inherit + + corpus-parser-hydration-lambda: + uses: ./.github/workflows/reuse-build-and-push-lambda.yml + needs: [infrastructure] + with: + scope: user-list-search-corpus-parser-hydration + sentry-project: user-list-search + s3-bucket-pattern: pocket-userlistsearch-{0}-kinesis-consumer + s3-key: corpus-parser-hydration-${{ github.sha }}.zip + codedeploy-app-name-pattern: UserListSearch-{0}-CorpusParserHydrator + codedeploy-group-name-pattern: UserListSearch-{0}-CorpusParserHydrator + function-name-pattern: UserListSearch-{0}-CorpusParserHydrator + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: + - api + - events-lambda + - kinesis-lambda + - item-update-lambda + - item-delete-lambda + - item-update-backfill-lambda + - user-list-import-lambda + - user-list-import-backfill-lambda + - corpus-indexing-lambda + - corpus-parser-hydration-lambda + with: + sentry-project: user-list-search + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit diff --git a/.github/workflows/v3-proxy-api.yml b/.github/workflows/v3-proxy-api.yml new file mode 100644 index 000000000..a1c31c89a --- /dev/null +++ b/.github/workflows/v3-proxy-api.yml @@ -0,0 +1,51 @@ +name: V3 Proxy API +on: + pull_request: + paths: + - 'infrastructure/v3-proxy-api/**' + - 'packages/**' + - 'servers/v3-proxy-api/**' + - 'pnpm-lock.yaml' + - '.github/actions/**' + - '.github/workflows/v3-proxy-api.yml' + - '.github/workflows/reuse-*.yml' + push: + branches: + - main + - dev + +jobs: + test-integrations: + if: github.event_name == 'pull_request' + uses: ./.github/workflows/reuse-test-integrations.yml + with: + scope: v3-proxy-api + secrets: inherit + + infrastructure: + uses: ./.github/workflows/reuse-infrastructure.yml + with: + scope: v3-proxy-api-cdk + stack-output-path: infrastructure/v3-proxy-api/cdktf.out/stacks/v3-proxy-api + secrets: inherit + + api: + uses: ./.github/workflows/reuse-build-and-push-image.yml + needs: [infrastructure] + with: + scope: v3-proxy-api + app-path: servers/v3-proxy-api + app-port: 4030 + sentry-project: v3-proxy-api + docker-repo-name-pattern: v3proxyapi-{0}-app + terraform-output: ${{needs.infrastructure.outputs.terraform-output}} + secrets: inherit + + sentry: + if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' + uses: ./.github/workflows/reuse-sentry-release.yml + needs: [api] + with: + sentry-project: v3-proxy-api + sentry-environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + secrets: inherit \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 046906da4..be3c8ba00 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,7 +11,6 @@ ARG SCOPE ARG APP_PATH ARG PORT ARG GIT_SHA -ARG SENTRY_AUTH_TOKEN ARG SENTRY_ORG ARG SENTRY_PROJECT @@ -36,7 +35,6 @@ ARG SCOPE ARG APP_PATH ARG PORT ARG GIT_SHA -ARG SENTRY_AUTH_TOKEN ARG SENTRY_ORG ARG SENTRY_PROJECT @@ -60,7 +58,6 @@ ARG SCOPE ARG APP_PATH ARG PORT ARG GIT_SHA -ARG SENTRY_AUTH_TOKEN ARG SENTRY_ORG ARG SENTRY_PROJECT @@ -95,7 +92,8 @@ RUN pnpx @sentry/cli sourcemaps inject pruned/dist RUN mv ./.prisma.tmp pruned/node_modules/.prisma | true # If sentry project was passed, upload the source maps -RUN if [ -n "$SENTRY_PROJECT" ] ; then pnpx @sentry/cli sourcemaps upload pruned/dist --release ${GIT_SHA} --auth-token ${SENTRY_AUTH_TOKEN} --org ${SENTRY_ORG} --project ${SENTRY_PROJECT} ; fi +RUN --mount=type=secret,id=sentry_token \ + if [ -n "$SENTRY_PROJECT" ] ; then pnpx @sentry/cli sourcemaps upload pruned/dist --release ${GIT_SHA} --auth-token $(cat /run/secrets/sentry_token) --org ${SENTRY_ORG} --project ${SENTRY_PROJECT} ; fi #---------------------------------------- # Docker build step that: @@ -118,9 +116,9 @@ RUN chown -R nodejs:nodejs /app USER nodejs ENV NODE_ENV=production -ENV PORT $PORT +ENV PORT=${PORT} ENV GIT_SHA=${GIT_SHA} ENV RELEASE_SHA=${GIT_SHA} EXPOSE $PORT -CMD npm run start +CMD [ "npm", "run", "start" ] diff --git a/README.md b/README.md index 097c654bb..d342a4af2 100644 --- a/README.md +++ b/README.md @@ -127,3 +127,27 @@ Learn more about the power of Turborepo: - [Filtering](https://turbo.build/repo/docs/core-concepts/monorepos/filtering) - [Configuration Options](https://turbo.build/repo/docs/reference/configuration) - [CLI Usage](https://turbo.build/repo/docs/reference/command-line-reference) + +## Service CI Status + +[![Account Data Deleter](https://github.com/Pocket/pocket-monorepo/actions/workflows/account-data-deleter.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/account-data-deleter.yml) +[![Account Delete Monitor](https://github.com/Pocket/pocket-monorepo/actions/workflows/account-delete-monitor.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/account-delete-monitor.yml) +[![Annotations API](https://github.com/Pocket/pocket-monorepo/actions/workflows/annotations-api.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/annotations-api.yml) +[![Braze](https://github.com/Pocket/pocket-monorepo/actions/workflows/braze.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/braze.yml) +[![Client API](https://github.com/Pocket/pocket-monorepo/actions/workflows/client-api.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/client-api.yml) +[![Feature Flags](https://github.com/Pocket/pocket-monorepo/actions/workflows/feature-flags.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/feature-flags.yml) +[![FxA Webhook Proxy](https://github.com/Pocket/pocket-monorepo/actions/workflows/fxa-webhook-proxy.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/fxa-webhook-proxy.yml) +[![Image API](https://github.com/Pocket/pocket-monorepo/actions/workflows/image-api.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/image-api.yml) +[![Instant Sync Events](https://github.com/Pocket/pocket-monorepo/actions/workflows/instant-sync-events.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/instant-sync-events.yml) +[![List API](https://github.com/Pocket/pocket-monorepo/actions/workflows/list-api.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/list-api.yml) +[![Parser GraphQL Wrapper](https://github.com/Pocket/pocket-monorepo/actions/workflows/parser-graphql-wrapper.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/parser-graphql-wrapper.yml) +[![Pocket Event Bridge](https://github.com/Pocket/pocket-monorepo/actions/workflows/pocket-event-bridge.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/pocket-event-bridge.yml) +[![Push Server](https://github.com/Pocket/pocket-monorepo/actions/workflows/push-server.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/push-server.yml) +[![Sendgrid Data](https://github.com/Pocket/pocket-monorepo/actions/workflows/sendgrid-data.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/sendgrid-data.yml) +[![Shareable Lists API](https://github.com/Pocket/pocket-monorepo/actions/workflows/shareable-lists-api.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/shareable-lists-api.yml) +[![Shared Snowplow Consumer](https://github.com/Pocket/pocket-monorepo/actions/workflows/shared-snowplow-consumer.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/shared-snowplow-consumer.yml) +[![Shares API](https://github.com/Pocket/pocket-monorepo/actions/workflows/shares-api.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/shares-api.yml) +[![Transactional Emails](https://github.com/Pocket/pocket-monorepo/actions/workflows/transactional-emails.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/transactional-emails.yml) +[![User API](https://github.com/Pocket/pocket-monorepo/actions/workflows/user-api.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/user-api.yml) +[![User List Search](https://github.com/Pocket/pocket-monorepo/actions/workflows/user-list-search.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/user-list-search.yml) +[![V3 Proxy API](https://github.com/Pocket/pocket-monorepo/actions/workflows/v3-proxy-api.yml/badge.svg)](https://github.com/Pocket/pocket-monorepo/actions/workflows/v3-proxy-api.yml) diff --git a/docker-compose.yml b/docker-compose.yml index 3c689e609..3f96ef7ee 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,17 +1,6 @@ -version: '3' services: ## Start Common Processes Config - # Note this is not the collector we use in Prod, but works for local testing - otlpcollector: - image: grafana/otel-lgtm - platform: linux/amd64 - environment: - OTEL_METRIC_EXPORT_INTERVAL: 1 - ports: - - 4317:4317 # OTLP gRPC receiver - - 4318:4318 # OTLP http receiver - - 3000:3000 # Grafana UI admin:admin, use localhost:3000 to view traces - + # Note this is not the collector we use in Prod, but works for local testing & github actions memcached: image: memcached:latest ports: @@ -90,10 +79,12 @@ services: - CMD - bash - -c - - curl --write-out '%{http_code}' --silent --output /dev/null http://localhost:4566/_localstack/health + # Wait for Localstack to have init'd all of our services: https://docs.localstack.cloud/references/init-hooks/ + - curl --silent --fail /dev/null http://localhost:4566/_localstack/init/ready | jq -e '.completed == true' > /dev/null || exit 1 interval: 5s timeout: 10s start_period: 10s + retries: 60 snowplow: image: pocket/snowplow-micro:dev diff --git a/infrastructure/user-list-search/apollo_ecs.tf b/infrastructure/user-list-search/apollo_ecs.tf index 1d3d46e02..806f7fb24 100644 --- a/infrastructure/user-list-search/apollo_ecs.tf +++ b/infrastructure/user-list-search/apollo_ecs.tf @@ -141,6 +141,20 @@ output "ecs-task-arn" { value = aws_ecs_task_definition.apollo.arn } +output "ecs-serviceName" { + description = "ECS Service Name" + value = aws_ecs_service.apollo.name +} +output "ecs-clusterName" { + description = "ECS Cluster Name" + value = aws_ecs_cluster.ecs_cluster.name +} + +output "ecs-application-url" { + description = "ECS Application URL" + value = local.workspace.domain +} + resource "aws_ecs_service" "apollo" { name = "Apollo" task_definition = aws_ecs_task_definition.apollo.arn diff --git a/infrastructure/v3-proxy-api/src/main.ts b/infrastructure/v3-proxy-api/src/main.ts index 2e6178813..087aaf2a8 100644 --- a/infrastructure/v3-proxy-api/src/main.ts +++ b/infrastructure/v3-proxy-api/src/main.ts @@ -8,10 +8,6 @@ import { } from '@cdktf/provider-aws'; import { provider as localProvider } from '@cdktf/provider-local'; import { provider as nullProvider } from '@cdktf/provider-null'; -import { - provider as pagerdutyProvider, - dataPagerdutyEscalationPolicy, -} from '@cdktf/provider-pagerduty'; import { PocketALBApplication, PocketPagerDuty, @@ -29,9 +25,6 @@ class Stack extends TerraformStack { region: 'us-east-1', defaultTags: [{ tags: config.tags }], }); - new pagerdutyProvider.PagerdutyProvider(this, 'pagerduty_provider', { - token: undefined, - }); new localProvider.LocalProvider(this, 'local_provider'); new nullProvider.NullProvider(this, 'null_provider'); @@ -87,23 +80,7 @@ class Stack extends TerraformStack { return undefined; } - const nonCriticalEscalationPolicyId = - new dataPagerdutyEscalationPolicy.DataPagerdutyEscalationPolicy( - this, - 'non_critical_escalation_policy', - { - name: 'Pocket On-Call: Default Non-Critical - Tier 2+ (Former Backend Temporary Holder)', - }, - ).id; - - return new PocketPagerDuty(this, 'pagerduty', { - prefix: config.prefix, - service: { - // This is a Tier 2 service and as such only raises non-critical alarms. - criticalEscalationPolicyId: nonCriticalEscalationPolicyId, - nonCriticalEscalationPolicyId: nonCriticalEscalationPolicyId, - }, - }); + return undefined; } /** diff --git a/packages/terraform-modules/src/base/ApplicationECSService.ts b/packages/terraform-modules/src/base/ApplicationECSService.ts index a6f1d4a2b..b2b499542 100644 --- a/packages/terraform-modules/src/base/ApplicationECSService.ts +++ b/packages/terraform-modules/src/base/ApplicationECSService.ts @@ -368,6 +368,18 @@ export class ApplicationECSService extends Construct { value: taskDef.family, staticId: true, }); + + new TerraformOutput(this, 'ecs-clusterName', { + description: 'ECS Cluster Name', + value: config.ecsClusterName, + staticId: true, + }); + + new TerraformOutput(this, 'ecs-serviceName', { + description: 'ECS Service Name', + value: this.service.name, + staticId: true, + }); } /** diff --git a/packages/terraform-modules/src/pocket/PocketALBApplication.ts b/packages/terraform-modules/src/pocket/PocketALBApplication.ts index 087b88016..b45dd61a1 100644 --- a/packages/terraform-modules/src/pocket/PocketALBApplication.ts +++ b/packages/terraform-modules/src/pocket/PocketALBApplication.ts @@ -8,7 +8,7 @@ import { route53Record, wafv2WebAclAssociation, } from '@cdktf/provider-aws'; -import { TerraformMetaArguments } from 'cdktf'; +import { TerraformMetaArguments, TerraformOutput } from 'cdktf'; import { Construct } from 'constructs'; import { ApplicationAutoscaling, @@ -276,6 +276,12 @@ export class PocketALBApplication extends Construct { ); this.createCloudwatchAlarms(); + + new TerraformOutput(this, 'ecs-application-url', { + description: 'ECS Application URL', + value: this.config.domain, + staticId: true, + }); } /** diff --git a/packages/terraform-modules/src/pocket/__snapshots__/PocketALBApplication.spec.ts.snap b/packages/terraform-modules/src/pocket/__snapshots__/PocketALBApplication.spec.ts.snap index 0bde784fc..07314a46f 100644 --- a/packages/terraform-modules/src/pocket/__snapshots__/PocketALBApplication.spec.ts.snap +++ b/packages/terraform-modules/src/pocket/__snapshots__/PocketALBApplication.spec.ts.snap @@ -130,6 +130,12 @@ exports[`PocketALBApplication renders a Pocket App with attached persistent stor } } }, + "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + } + }, "resource": { "aws_acm_certificate": { "testPocketApp_alb_certificate_417C14FF": { @@ -815,6 +821,12 @@ exports[`PocketALBApplication renders a Pocket App with attached waf 1`] = ` } } }, + "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + } + }, "resource": { "aws_acm_certificate": { "testPocketApp_alb_certificate_417C14FF": { @@ -1418,6 +1430,14 @@ exports[`PocketALBApplication renders an Pocket App with code deploy 1`] = ` } }, "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + }, + "ecs-clusterName": { + "description": "ECS Cluster Name", + "value": "\${aws_ecs_cluster.testPocketApp_ecs_cluster_C3960066.name}" + }, "ecs-codedeploy-app": { "description": "ECS Code Deploy App", "value": "\${aws_codedeploy_app.testPocketApp_ecs_service_ecs_codedeploy_ecs_code_deploy_480D0565.name}" @@ -1426,6 +1446,10 @@ exports[`PocketALBApplication renders an Pocket App with code deploy 1`] = ` "description": "ECS Code Deploy Group", "value": "\${aws_codedeploy_deployment_group.testPocketApp_ecs_service_ecs_codedeploy_ecs_codedeploy_deployment_group_44B006D1.deployment_group_name}" }, + "ecs-serviceName": { + "description": "ECS Service Name", + "value": "\${aws_ecs_service.testPocketApp_ecs_service_ecs-service_182DEA4C.name}" + }, "ecs-task-arn": { "description": "ECS Task Definition ARN", "value": "\${aws_ecs_task_definition.testPocketApp_ecs_service_ecs-task_A7E74E45.arn}" @@ -2152,6 +2176,14 @@ exports[`PocketALBApplication renders an Pocket App with code deploy and creates } }, "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + }, + "ecs-clusterName": { + "description": "ECS Cluster Name", + "value": "\${aws_ecs_cluster.testPocketApp_ecs_cluster_C3960066.name}" + }, "ecs-codedeploy-app": { "description": "ECS Code Deploy App", "value": "\${aws_codedeploy_app.testPocketApp_ecs_service_ecs_codedeploy_ecs_code_deploy_480D0565.name}" @@ -2160,6 +2192,10 @@ exports[`PocketALBApplication renders an Pocket App with code deploy and creates "description": "ECS Code Deploy Group", "value": "\${aws_codedeploy_deployment_group.testPocketApp_ecs_service_ecs_codedeploy_ecs_codedeploy_deployment_group_44B006D1.deployment_group_name}" }, + "ecs-serviceName": { + "description": "ECS Service Name", + "value": "\${aws_ecs_service.testPocketApp_ecs_service_ecs-service_182DEA4C.name}" + }, "ecs-task-arn": { "description": "ECS Task Definition ARN", "value": "\${aws_ecs_task_definition.testPocketApp_ecs_service_ecs-task_A7E74E45.arn}" @@ -2884,6 +2920,14 @@ exports[`PocketALBApplication renders an Pocket App with code deploy notificatio } }, "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + }, + "ecs-clusterName": { + "description": "ECS Cluster Name", + "value": "\${aws_ecs_cluster.testPocketApp_ecs_cluster_C3960066.name}" + }, "ecs-codedeploy-app": { "description": "ECS Code Deploy App", "value": "\${aws_codedeploy_app.testPocketApp_ecs_service_ecs_codedeploy_ecs_code_deploy_480D0565.name}" @@ -2892,6 +2936,10 @@ exports[`PocketALBApplication renders an Pocket App with code deploy notificatio "description": "ECS Code Deploy Group", "value": "\${aws_codedeploy_deployment_group.testPocketApp_ecs_service_ecs_codedeploy_ecs_codedeploy_deployment_group_44B006D1.deployment_group_name}" }, + "ecs-serviceName": { + "description": "ECS Service Name", + "value": "\${aws_ecs_service.testPocketApp_ecs_service_ecs-service_182DEA4C.name}" + }, "ecs-task-arn": { "description": "ECS Task Definition ARN", "value": "\${aws_ecs_task_definition.testPocketApp_ecs_service_ecs-task_A7E74E45.arn}" @@ -3599,6 +3647,12 @@ exports[`PocketALBApplication renders an Pocket App with custom Alarm Descriptio } } }, + "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + } + }, "resource": { "aws_acm_certificate": { "testPocketApp_alb_certificate_417C14FF": { @@ -4246,6 +4300,12 @@ exports[`PocketALBApplication renders an Pocket App with logs and dashboard in a } } }, + "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + } + }, "resource": { "aws_acm_certificate": { "testPocketApp_alb_certificate_417C14FF": { @@ -4824,6 +4884,12 @@ exports[`PocketALBApplication renders an application alarms 1`] = ` } } }, + "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + } + }, "resource": { "aws_acm_certificate": { "testPocketApp_alb_certificate_417C14FF": { @@ -5425,6 +5491,12 @@ exports[`PocketALBApplication renders an application custom default alarms 1`] = } } }, + "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + } + }, "resource": { "aws_acm_certificate": { "testPocketApp_alb_certificate_417C14FF": { @@ -6016,6 +6088,12 @@ exports[`PocketALBApplication renders an application with autoscaling group and } } }, + "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + } + }, "resource": { "aws_acm_certificate": { "testPocketApp_alb_certificate_417C14FF": { @@ -6654,6 +6732,12 @@ exports[`PocketALBApplication renders an application with custom task sizes 1`] } } }, + "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + } + }, "resource": { "aws_acm_certificate": { "testPocketApp_alb_certificate_417C14FF": { @@ -7232,6 +7316,12 @@ exports[`PocketALBApplication renders an application with default autoscaling gr } } }, + "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + } + }, "resource": { "aws_acm_certificate": { "testPocketApp_alb_certificate_417C14FF": { @@ -7870,6 +7960,12 @@ exports[`PocketALBApplication renders an application with minimal config 1`] = ` } } }, + "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + } + }, "resource": { "aws_acm_certificate": { "testPocketApp_alb_certificate_417C14FF": { @@ -8448,6 +8544,12 @@ exports[`PocketALBApplication renders an application with modified container def } } }, + "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + } + }, "resource": { "aws_acm_certificate": { "testPocketApp_alb_certificate_417C14FF": { @@ -9051,6 +9153,12 @@ exports[`PocketALBApplication renders an external application 1`] = ` } } }, + "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + } + }, "resource": { "aws_acm_certificate": { "testPocketApp_alb_certificate_417C14FF": { @@ -9745,6 +9853,12 @@ exports[`PocketALBApplication renders an internal application 1`] = ` } } }, + "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + } + }, "resource": { "aws_acm_certificate": { "testPocketApp_alb_certificate_417C14FF": { @@ -10323,6 +10437,12 @@ exports[`PocketALBApplication renders an internal application with tags 1`] = ` } } }, + "output": { + "ecs-application-url": { + "description": "ECS Application URL", + "value": "testing.bowling.gov" + } + }, "resource": { "aws_acm_certificate": { "testPocketApp_alb_certificate_417C14FF": {