fix(infra): adding in infrastruicture and docs

.github/actions/cdktf/action.yml

@@ -0,0 +1,43 @@
+name: 'Execute CDKTF'
+description: 'Builds and either plans or applies a CDKTF environment'
+inputs:
+  scope:
+    description: 'Turbo Repo scope to run the build for'
+    required: true
+  stack-output-path:
+    description: 'The path where CDKTF outputs the terraform json'
+    required: true
+  environment:
+    description: 'The node environment to build for'
+    required: true
+    default: 'development'
+
+runs:
+  using: 'composite'
+  steps:
+  # TODO: These need to request AWS credentials to run terraform
+  # Since this is a composite step, it may be easier to request these in the calling workflow
+    - name: Install tfenv
+      shell: bash
+      run: |
+        git clone https://github.com/tfutils/tfenv.git ~/.tfenv
+        echo "export PATH=$HOME/.tfenv/bin:$PATH" >> $GITHUB_ENV
+
+    - name: Install pnpm & node
+      uses: ./.github/actions/install-pnpm-and-node
+      with:
+        scope: ${{ inputs['scope'] }}
+
+    - name: Build CDKTF
+      shell: bash
+      run: |
+          export NODE_ENV=${{ inputs['environment'] }}
+          pnpm run synth --filter==${{ inputs['scope'] }}
+
+    - name: Plan CDKTF
+      shell: bash
+      run: |
+          cd ${{ inputs['stack-output-path'] }}
+          tfenv install
+          tfenv use
+          terraform init

.github/actions/install-pnpm-and-node/action.yml

@@ -26,8 +26,8 @@ runs:
       run: |
         if [ -z "${{ inputs.scope }}" ]; then
           echo "No scope provided. Using default behavior."
-          pnpm install
+          pnpm install --frozen-lockfile
         else
           echo "Scope provided: ${{ inputs.scope }}, only installing packages needed for it."
-          pnpm install --filter=${{inputs.scope}}...
+          pnpm install --filter=${{inputs.scope}}... --frozen-lockfile
         fi

.github/workflows/README.md

@@ -0,0 +1,19 @@
+## Workflows
+
+This repository consists of the following workflows:
+
+* `pull-request.yml` - Ran on every single Pull Request and performs basic checks of the whole repo like Linting and Unit Tests
+* `status-checks.yml` - Triggered on completion of other workflows and is used as the singluar Github Required Status check, since Github does not support Requiring Workflows that are skipped based on path filtering. Note: IF you add a new workflow it must be added to this array to be part of the Github Checks
+* `<service-name>.yml` - A workflow represnting a singluar service in the monorepo.
+
+There are also the following re-usable workflows:
+
+* `build-and-push-image.yml` - Used to either build & push a docker image to production/development or to just build on pull request
+* `test-integrations.yml` - Used to run tests of a service against the `docker-compose.yml` environment.
+
+And then there are composite Github Actions:
+
+* `containerize` - Used to build a microservice into a docker image from our monorepo
+* `install-pnpm-and-node` - Used to install PNPM and Node, and dependencies based on our `.nvmrc` and pnpm version in `package.json`
+
+All of the re-usable workflows and actions can be used by other repositories in the Pocket organization.

.github/workflows/build-and-push-image.yml

@@ -17,7 +17,7 @@ on:
       production-aws-registry:
         description: 'AWS Development Account Id'
         type: string
-        default: 410318598490.dkr.ecr.us-east-1.amazonaws.com
+        default: 996905175585.dkr.ecr.us-east-1.amazonaws.com
       app-path:
         description: 'The path of where the application is located in the monorepo ie servers/<app-name>'
         required: true
@@ -58,7 +58,8 @@ jobs:
             dockerhub-username: ${{secrets.DOCKERHUB_USERNAME}}
             dockerhub-token: ${{secrets.DOCKERHUB_TOKEN}}
             scope: ${{inputs['scope']}}
-
+
+# TODO: These need to request AWS ECR Credentials to push the Docker Image
     development:
       if: github.ref == 'refs/heads/dev'
       runs-on: ubuntu-latest

.github/workflows/infrastructure.yml

@@ -0,0 +1,61 @@
+name: 'Re-usable Docker Build Flow'
+on:
+  workflow_call:
+    inputs:
+      scope:
+        description: 'Turbo Repo scope to run the build for'
+        required: true
+        type: string
+      stack-output-path:
+        description: 'The path where CDKTF outputs the terraform json'
+        required: true
+        type: string
+
+
+jobs:
+
+  # TODO: These need to request AWS credentials to run terraform
+    pull-request:
+      # Only run this job on a pull request event
+      if: github.event_name == 'pull_request'
+      runs-on: ubuntu-latest
+      steps:
+        - name: Checkout
+          uses: actions/checkout@v4
+
+        - name: Execute CDKTF
+          uses: ./.github/actions/cdktf
+          with:
+            stack-output-path: ${{inputs['stack-output-path']}}
+            scope: ${{inputs['scope']}}
+            environment: production
+
+
+    development:
+      if: github.ref == 'refs/heads/dev'
+      runs-on: ubuntu-latest
+      steps:        
+        - name: Checkout
+          uses: actions/checkout@v4
+        - name: Execute CDKTF
+          uses: ./.github/actions/cdktf
+          with:
+            stack-output-path: ${{inputs['stack-output-path']}}
+            scope: ${{inputs['scope']}}
+            environment: development
+
+
+
+    production:
+      if: github.ref == 'refs/heads/main'
+      runs-on: ubuntu-latest
+      steps:
+        - name: Checkout
+          uses: actions/checkout@v4
+
+        - name: Execute CDKTF
+          uses: ./.github/actions/cdktf
+          with:
+            stack-output-path: ${{inputs['stack-output-path']}}
+            scope: ${{inputs['scope']}}
+            environment: production

.github/workflows/list-api.yml

@@ -33,4 +33,13 @@ jobs:
       sentry-project: list-api
       docker-repo-name-short-hand: listapi
     # Ensure the re-usable workflow is allowed to access the secrets
+    secrets: inherit
+
+  # It's infrastructure time, run the infrastructure update commands
+  infrastructure:
+    uses: ./.github/workflows/infrastructure.yml
+    with:
+      scope: user-api
+      stack-output-path: infrastructure/list-api/cdktf.out/stacks/list-api
+    # Ensure the re-usable workflow is allowed to access the secrets
     secrets: inherit

.github/workflows/pull-request.yml

@@ -2,7 +2,6 @@
 name: Pull Request
 on:
   pull_request:
-  merge_group:
 
 jobs:
   check-packages:
@@ -41,18 +40,4 @@ jobs:
 
       - name: Unit tests
         # Following uses a 2 concurrency because terraform modules seems to fail with an OOM error on CI if we do more.
-        run: pnpm run test --concurrency=2 
-
-
-  # workflow-checks:
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - name: Wait for workflows
-  #       id: wait
-  #       uses: smartcontractkit/chainlink-github-actions/utils/wait-for-workflows@main
-  #       with:
-  #         max-timeout: "900"
-  #         polling-interval: "15"
-  #         exclude-workflow-names: ""
-  #         exclude-workflow-ids: ""
-  #         github-token: ${{ secrets.GITHUB_TOKEN }}
+        run: pnpm run test --concurrency=2 

.github/workflows/status-checks.yml

@@ -1,15 +1,32 @@
+## Note that since this workflow uses Workflow Run changes will only be reflected once it is on the default branch
+
 # Because we use conditional path filtering on all our workflows, but want to Require status checks to pass on Github, 
 # we use a special status check job that we can require and will do the checking for us.
+# We also use this because re-usable workflows can not be targeted for Github Required Status Checks as of 8/15/2024 
 name: Status Checks
 on:
   workflow_run:
     workflows: [ Pull Request, User API, List API ]
     types: [ completed ]
 
 jobs:
-  xyz:
+  status-check:
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v2
-      - uses: ahmadnassri/action-workflow-run-wait@v1
+      - uses: ahmadnassri/action-workflow-run-wait@v1
+
+  # Note: If the workflow_run trigger does not work out, this can be used instead with a pull_request event to trigger a long polling job.
+  # status-check:
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Wait for workflows
+  #       id: wait
+  #       uses: smartcontractkit/chainlink-github-actions/utils/wait-for-workflows@main
+  #       with:
+  #         max-timeout: "900"
+  #         polling-interval: "15"
+  #         exclude-workflow-names: ""
+  #         exclude-workflow-ids: ""
+  #         github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/user-api.yml

@@ -27,7 +27,7 @@ jobs:
     # Ensure the re-usable workflow is allowed to access the secrets
     secrets: inherit
 
-  # Let's test the service against some real life and mocked docker services.
+  # Let's try building and conidtionally pushing our docker image to the necessary account.
   build-and-push-image:
     uses: ./.github/workflows/build-and-push-image.yml
     with:
@@ -37,4 +37,17 @@ jobs:
       sentry-project: user-api
       docker-repo-name-short-hand: userapi
     # Ensure the re-usable workflow is allowed to access the secrets
-    secrets: inherit
+    secrets: inherit
+
+  # It's infrastructure time, run the infrastructure update commands
+  infrastructure:
+    uses: ./.github/workflows/infrastructure.yml
+    with:
+      scope: user-api
+      stack-output-path: infrastructure/user-api/cdktf.out/stacks/user-api
+    # Ensure the re-usable workflow is allowed to access the secrets
+    secrets: inherit
+
+  # deploy:
+  #  needs: [infrastructure]
+

docker-compose.yml

@@ -1,4 +1,3 @@
-version: '3'
 services:
   ## Start Common Processes Config
   # Note this is not the collector we use in Prod, but works for local testing & github actions