WFPREV-30

Initial updates for deploying UI into an s3 bucket. Will need further changes to support with github actions
bcgov · Nov 13, 2024 · a671af9 · a671af9
1 parent 2bbbe82
commit a671af9
Show file tree

Hide file tree

Showing 12 changed files with 196 additions and 349 deletions.
diff --git a/.github/workflows/client-build.yml b/.github/workflows/client-build.yml
@@ -0,0 +1,52 @@
+name: Deploy Angular App to S3 and CloudFront
+
+on:
+  push:
+    branches:
+      - main  # Adjust to your deployment branch
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v3
+
+    - name: Set up Node.js
+      uses: actions/setup-node@v3
+      with:
+        node-version: '16'  # Adjust as needed
+
+    - name: Install dependencies
+      run: npm install
+
+    - name: Build Angular App
+      run: npm run build --prod
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: "ca-central-1"  # Adjust to match your AWS region
+
+    # this will require the bucket to exist
+    # so terraform step will need to run first
+    - name: Sync files to S3
+      run: |
+        aws s3 sync ./dist/your-angular-app s3://wfprev_site_bucket \
+          --delete \
+          --cache-control max-age=31536000,public \
+          --exclude index.html
+        aws s3 cp ./dist/your-angular-app/index.html s3://wfprev_site_bucket/index.html \
+          --cache-control max-age=0,no-cache,no-store,must-revalidate
+
+    - name: Invalidate CloudFront Cache
+      run: |
+        aws cloudfront create-invalidation \
+          --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} \
+          --paths "/*"
+      # see distribution ID section in terraform scripts
+      # Like the sync, this means we need to run terraform first, then
+      # trigger this action with the returned distribution ID
diff --git a/.github/workflows/mvn-build.yml b/.github/workflows/mvn-build.yml
@@ -24,7 +24,6 @@ on:
         type: choice
         options: 
           - server
-          - client
           - libs
   workflow_call:
     inputs:
@@ -65,29 +64,6 @@ jobs:
 
       - name: Add .npmrc file
         run: echo -e $NPMRC > ~/.npmrc
-
-
-      - name: Install dependencies for Angular project
-        if: ${{ inputs.COMPONENT_TYPE == 'client' }}
-        run: |
-          cd ${{ inputs.COMPONENT_TYPE }}/wfprev-war/src/main/angular
-          npm install
-      - name: Build Angular app
-        if: ${{ inputs.COMPONENT_TYPE == 'client' }}
-        run: |
-          cd ${{ inputs.COMPONENT_TYPE }}/wfprev-war/src/main/angular
-          npm run build -- --configuration=production --base-href=/pub/wfprev/
-  
-      - name: Copy client built files to necessary folder
-        if: ${{ inputs.COMPONENT_TYPE == 'client' }}
-        run: mkdir -p staging-client && cp -r ${{ inputs.COMPONENT_TYPE }}/wfprev-war/src/main/angular/dist/wfprev/* staging-client/
-
-      - name: Upload client artifact
-        if: ${{ inputs.COMPONENT_TYPE == 'client' }}
-        uses: actions/upload-artifact@v3
-        with:
-          name: ${{ inputs.COMPONENT_NAME }}-package
-          path: staging-client
 
       - name: Build API with Maven
         if: ${{ inputs.COMPONENT_TYPE == 'server' }}
@@ -136,15 +112,6 @@ jobs:
       #   with:
       #     ref: ${{ inputs.BRANCH }}
 
-
-          # Download client artifact
-      - name: download client artifact
-        uses: actions/download-artifact@v3
-        if: ${{ inputs.COMPONENT_TYPE == 'client' }}
-        with:
-          name: wfprev-war-package
-          path: client/wfprev-war/dist/wfprev
-
       - name: download server artifact
         uses: actions/download-artifact@v3
         with:
@@ -180,17 +147,6 @@ jobs:
             type=ref,event=tag
             type=raw,value=${{ inputs.TAG }}
 
-      - name: Build and push Client Docker image
-        if: ${{ inputs.COMPONENT_TYPE == 'client' }}
-        uses: docker/build-push-action@v6
-        with:
-          context: client/wfprev-war
-          build-args: |
-            CONTAINER_NAME=wfprev-war
-          push: true
-          tags: ${{ steps.meta_pr.outputs.tags }}
-          labels: ${{ steps.meta_pr.outputs.labels }}
-
       - name: Build and push Docker image
         uses: docker/build-push-action@v6
         with:

diff --git a/.github/workflows/terragrunt-deploy.yml b/.github/workflows/terragrunt-deploy.yml
@@ -149,8 +149,6 @@ jobs:
           # WFPREV UI
           CLIENT_IMAGE: ${{ steps.getDigestUI.outputs.IMAGE_UI_BY_DIGEST }}
           WEBADE_OAUTH2_WFPREV_UI_CLIENT_SECRET: ${{ secrets.WEBADE_OAUTH2_WFPREV_UI_CLIENT_SECRET }}
-          WFPREV_CLIENT_MEMORY: ${{vars.WFPREV_CLIENT_MEMORY}}
-          WFPREV_CLIENT_CPU_UNITS : ${{vars.WFPREV_CLIENT_CPU_UNITS}}
 
           # DB
           WFPREV_USERNAME: ${{secrets.WFPREV_USERNAME}}

diff --git a/terraform/alb.tf b/terraform/alb.tf
@@ -70,21 +70,6 @@ resource "aws_lb_listener_rule" "wfprev-api" {
   }
 }
 
-resource "aws_lb_listener_rule" "wfprev-ui" {
-  listener_arn = aws_lb_listener.wfprev_main.arn
-
-  action {
-    type = "forward"
-    target_group_arn = aws_alb_target_group.wfprev_ui.arn
-  }
-
-  condition {
-    path_pattern  {
-      values = [for sn in var.PREVENTION_WAR_NAMES : "/${aws_apigatewayv2_stage.wfprev_stage.name}/${sn}"]
-    }
-  }
-}
-
 //////////////////////////////
 /// TARGET GROUP RESOURCES ///
 //////////////////////////////
@@ -108,22 +93,3 @@ resource "aws_alb_target_group" "wfprev_api" {
 
 #  tags = local.
 }
-
-resource "aws_alb_target_group" "wfprev_ui" {
-  name = "wfprev-ui-${var.TARGET_ENV}"
-  port = var.WFPREV_CLIENT_PORT
-  protocol = "HTTP"
-  vpc_id = module.network.aws_vpc.id
-  target_type = "ip"
-  deregistration_delay = 30
-
-  health_check {
-    healthy_threshold   = "2"
-    interval            = "300"
-    protocol            = "HTTP"
-    matcher             = "200"
-    timeout             = "3"
-    path                = "/${aws_apigatewayv2_stage.wfprev_stage.name}/${var.PREVENTION_WAR_NAMES[0]}/"
-    unhealthy_threshold = "2"
-  }
-}
diff --git a/terraform/autoscaling.tf b/terraform/autoscaling.tf
@@ -94,99 +94,3 @@ resource "aws_cloudwatch_metric_alarm" "wfprev_service_cpu_low" {
      Environment = "${var.TARGET_ENV}"
    }
 }
-
-resource "aws_appautoscaling_target" "wfprev_client_target" {
-   service_namespace  = "ecs"
-   resource_id        = "service/${aws_ecs_cluster.wfprev_main.name}/${aws_ecs_service.client.name}"
-   scalable_dimension = "ecs:service:DesiredCount"
-   min_capacity       = 1
-   max_capacity       = 10
-}
-
-# Automatically scale capacity up by one
-resource "aws_appautoscaling_policy" "wfprev_client_up" {
-   name               = "wfprev_client_scale_up"
-   service_namespace  = "ecs"
-   resource_id        = "service/${aws_ecs_cluster.wfprev_main.name}/${aws_ecs_service.client.name}"
-   scalable_dimension = "ecs:service:DesiredCount"
-
-   step_scaling_policy_configuration {
-     adjustment_type         = "ChangeInCapacity"
-     cooldown                = 60
-     metric_aggregation_type = "Maximum"
-
-     step_adjustment {
-       metric_interval_lower_bound = 0
-       scaling_adjustment          = 1
-     }
-   }
-
-   depends_on = [aws_appautoscaling_target.wfprev_client_target]
- }
-
-# Automatically scale capacity down by one
-resource "aws_appautoscaling_policy" "wfprev_client_down" {
-   name               = "wfprev_client_scale_down"
-   service_namespace  = "ecs"
-   resource_id        = "service/${aws_ecs_cluster.wfprev_main.name}/${aws_ecs_service.client.name}"
-   scalable_dimension = "ecs:service:DesiredCount"
-
-   step_scaling_policy_configuration {
-     adjustment_type         = "ChangeInCapacity"
-     cooldown                = 60
-     metric_aggregation_type = "Maximum"
-
-     step_adjustment {
-       metric_interval_upper_bound = 0
-       scaling_adjustment          = -1
-     }
-   }
-
-   depends_on = [aws_appautoscaling_target.wfprev_client_target]
- }
-
-# CloudWatch alarm that triggers the autoscaling down policy
-resource "aws_cloudwatch_metric_alarm" "wfprev_client_service_cpu_low" {
-   alarm_name          = "wfprev_client_cpu_utilization_low"
-   comparison_operator = "LessThanOrEqualToThreshold"
-   evaluation_periods  = "2"
-   metric_name         = "CPUUtilization"
-   namespace           = "AWS/ECS"
-   period              = "60"
-   statistic           = "Average"
-   threshold           = "10"
-
-   dimensions = {
-     ClusterName = aws_ecs_cluster.wfprev_main.name
-     ServiceName = aws_ecs_service.client.name
-   }
-
-   alarm_actions = [aws_appautoscaling_policy.wfprev_client_down.arn]
-
-   tags = {
-     Environment = "${var.TARGET_ENV}"
-   }
- }
-
-#  CloudWatch alarm that triggers the autoscaling up policy
-resource "aws_cloudwatch_metric_alarm" "wfprev_client_service_cpu_high" {
-   alarm_name          = "wfprev_client_cpu_utilization_high"
-   comparison_operator = "GreaterThanOrEqualToThreshold"
-   evaluation_periods  = "1"
-   metric_name         = "CPUUtilization"
-   namespace           = "AWS/ECS"
-   period              = "60"
-   statistic           = "Average"
-   threshold           = "50"
-
-   dimensions = {
-     ClusterName = aws_ecs_cluster.wfprev_main.name
-     ServiceName = aws_ecs_service.client.name
-   }
-
-   alarm_actions = [aws_appautoscaling_policy.wfprev_client_up.arn]
-
-   tags = {
-     Environment = "${var.TARGET_ENV}"
-   }
- }
diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf
@@ -0,0 +1,55 @@
+# CloudFront Origin Access Identity (OAI) for secure access to S3
+resource "aws_cloudfront_origin_access_identity"."oai" {
+  comment = "OAI for wfprev UI"
+}
+
+# CloudFront Distribution
+resource "aws_cloudfront_distribution" "wfprev_app_distribution" {
+  origin {
+    domain_name = aws_s3_bucket.wfprev_site_bucket.bucket_regional_domain_name
+    origin_id   = "S3-${aws_s3_bucket.wfprev_site_bucket.id}"
+
+    s3_origin_config {
+      origin_access_identity = aws_cloudfront_origin_access_identity.oai.cloudfront_access_identity_path
+    }
+  }
+
+  enabled             = true
+  is_ipv6_enabled     = true
+  default_root_object = "index.html"
+
+  # Configure cache behaviors
+  default_cache_behavior {
+    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = "S3-${aws_s3_bucket.wfprev_site_bucket.id}"
+    viewer_protocol_policy = "redirect-to-https"
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    min_ttl     = 0
+    default_ttl = 86400
+    max_ttl     = 31536000
+  }
+
+  # Viewer Certificate
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+}
+
+output "cloudfront_distribution_id" {
+  value = aws_cloudfront_distribution.wfprev_app_distribution.id
+}