KMS-510: cdk infrastructure code for deploying rdf4j (#2)

* KMS-510: cdk infrastructure code for deploying rdf4j --------- Co-authored-by: Christopher Gokey <christopher.d.gokey@nasa.gov>
nasa · Jan 31, 2025 · b7408c0 · b7408c0
1 parent 790666b
commit b7408c0
Show file tree

Hide file tree

Showing 18 changed files with 1,137 additions and 29 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,99 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request: {}
+
+jobs:
+  eslint:
+    runs-on: ubuntu-latest
+    strategy:
+        matrix:
+          node-version: ['lts/hydrogen']
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ matrix.node-version }}
+    - name: Cache node modules
+      uses: actions/cache@v4
+      env:
+        cache-name: cache-node-modules
+      with:
+        # npm cache files are stored in `~/.npm` on Linux/macOS
+        # not caching node_modules because `npm ci` removes it
+        path: ~/.npm
+        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-build-${{ env.cache-name }}-
+          ${{ runner.os }}-build-
+          ${{ runner.os }}-
+    - name: Install dependencies
+      run: npm ci
+    - name: Run eslint
+      run: npm run lint
+  vitest:
+    needs: [eslint]
+    runs-on: ubuntu-latest
+    strategy:
+        matrix:
+          node-version: ['lts/hydrogen']
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ matrix.node-version }}
+    - name: Cache node modules
+      uses: actions/cache@v4
+      env:
+        cache-name: cache-node-modules
+      with:
+        # npm cache files are stored in `~/.npm` on Linux/macOS
+        # not caching node_modules because `npm ci` removes it
+        path: ~/.npm
+        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-build-${{ env.cache-name }}-
+          ${{ runner.os }}-build-
+          ${{ runner.os }}-
+    - name: Install dependencies
+      run: npm ci
+    - name: Run Vitest tests
+      run: npm run test
+    - name: Upload coverage to codecov
+      uses: codecov/codecov-action@v4
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
+  tests-passed:
+    needs: [vitest]
+    runs-on: ubuntu-latest
+    steps:
+    - name: All Tests Have Passed
+      run: 'echo true'
+
+  sync:
+    if: success() && github.ref == 'refs/heads/main' # only run on main success
+    needs: [tests-passed] # only run after vitest and cypress jobs complete
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    - name: Install SSH key
+      uses: shimataro/ssh-key-action@v2
+      with:
+        key: ${{ secrets.SSH_KEY }}
+        known_hosts: ${{ secrets.KNOWN_HOSTS }}
+    - name: Push to ECC
+      run: |
+        git remote add ecc ssh://git@git.earthdata.nasa.gov:7999/kms/kms.git
+        git fetch ecc "+refs/heads/*:refs/remotes/origin/*"
+
+        git fetch --unshallow || true
+        echo "GITHUB_COMMIT=$GITHUB_SHA"
+        git push ecc $GITHUB_SHA:refs/heads/main
diff --git a/.gitignore b/.gitignore
@@ -7,7 +7,6 @@
 coverage
 dist
 doc
-Dockerfile
 node_modules
 secret.config.json
 tmp
@@ -20,3 +19,5 @@ tmp
 junit.xml
 
 cmr
+cdk.context.json
+infrastructure/rdfdb/cdk/cdk.context.json
diff --git a/README.md b/README.md
@@ -39,3 +39,31 @@ To run the test suite, run:
     npm run test
 ```
 
+## Deploying RDF Database
+### Prerequisites
+#### Copy your AWS credentials and set these up as env variables
+```export AWS_ACCESS_KEY_ID=[your access key id]
+export AWS_SECRET_ACCESS_KEY=[your access secret access key]
+export AWS_SESSION_TOKEN=[your session token]
+```
+#### Retrieve the VPC_ID from AWS
+```export VPC_ID=[your vpc id]
+```
+#### Set the RDFDB user name and password
+```export RDFDB_USER_NAME=[your rdfdb user name]
+export RDFDB_PASSWORD=[your rdfdb password]
+```
+
+### Deploy Docker Container to Registry
+```cd infrastructure/rdfdb/cdk/bin
+export 
+./deploy_to_ecr.sh
+```
+
+### Deploy ECS Service to AWS
+```cd infrastructure/rdfdb/cdk
+cdk deploy rdf4jIamStack
+cdk deploy rdf4jEfsStack
+cdk deploy rdf4jEcsStack
+```
+One thing to note is if you destroy the rdf4jEfsStack and redeploy, this will create a new EFS file system.  You will need to copy the data from the old EFS file system to the new one.  This can be done by mounting the old EFS file system to an EC2 instance and copying the data to the new EFS file system.
diff --git a/bin/Dockerfile b/bin/Dockerfile
@@ -0,0 +1,4 @@
+FROM node:18-bullseye
+COPY . /build
+WORKDIR /build
+RUN npm ci --omit=dev && npm run build
diff --git a/infrastructure/rdfdb/cdk/bin/deploy_to_ecr.sh b/infrastructure/rdfdb/cdk/bin/deploy_to_ecr.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# Set variables
+REPO_NAME="rdf4j"
+REGION="us-east-1"
+DOCKER_FILE_PATH="../../docker"
+
+# Create ECR repository
+aws ecr create-repository --repository-name $REPO_NAME --region "us-east-1"
+
+# Get the repository URI
+REPO_URI=$(aws ecr describe-repositories --repository-names $REPO_NAME --region $REGION --query 'repositories[0].repositoryUri' --output text)
+
+# Authenticate Docker to ECR
+aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin $REPO_URI
+
+# Build Docker image
+docker build -t $REPO_NAME $DOCKER_FILE_PATH
+
+# Tag the image
+docker tag $REPO_NAME:latest $REPO_URI:latest
+
+# Push the image to ECR
+docker push $REPO_URI:latest
+
+echo "Docker image pushed to $REPO_URI:latest"
diff --git a/infrastructure/rdfdb/cdk/bin/rdf4j-aws-deployment.js b/infrastructure/rdfdb/cdk/bin/rdf4j-aws-deployment.js
@@ -0,0 +1,44 @@
+#!/usr/bin/env node
+const cdk = require('aws-cdk-lib')
+const { EcsStack } = require('../lib/ecs-stack')
+const { EfsStack } = require('../lib/efs-stack')
+const { IamStack } = require('../lib/iam-stack')
+
+async function main() {
+  const app = new cdk.App()
+
+  const env = {
+    account: process.env.CDK_DEFAULT_ACCOUNT,
+    region: process.env.CDK_DEFAULT_REGION
+  }
+
+  const vpcId = process.env.VPC_ID
+
+  const iamStack = new IamStack(app, 'rdf4jIamStack', {
+    env,
+    vpcId
+  })
+  const efsStack = new EfsStack(app, 'rdf4jEfsStack', {
+    env,
+    vpcId,
+    efsTaskSecurityGroup: iamStack.efsTaskSecurityGroup
+  })
+
+  const ecsStack = new EcsStack(app, 'rdf4jEcsStack', {
+    env,
+    vpcId,
+    role: iamStack.role,
+    ecsTasksSecurityGroup: efsStack.ecsTasksSecurityGroup,
+    fileSystem: efsStack.fileSystem,
+    accessPoint: efsStack.accessPoint
+  })
+
+  // Add dependencies
+  efsStack.addDependency(iamStack)
+  ecsStack.addDependency(iamStack)
+  ecsStack.addDependency(efsStack)
+
+  app.synth()
+}
+
+main()
diff --git a/infrastructure/rdfdb/cdk/cdk.json b/infrastructure/rdfdb/cdk/cdk.json
@@ -0,0 +1,3 @@
+{
+  "app": "node bin/rdf4j-aws-deployment.js"
+}