diff --git a/.github/workflows/aws-deploy-stg.yml b/.github/workflows/aws-deploy-stg.yml index e17d429..957add2 100644 --- a/.github/workflows/aws-deploy-stg.yml +++ b/.github/workflows/aws-deploy-stg.yml @@ -15,14 +15,11 @@ on: - main env: - AWS_REGION: us-east-1 # set this to your preferred AWS region, e.g. us-west-1 - ECR_REPOSITORY: 140023379914.dkr.ecr.us-east-1.amazonaws.com/billiecord_ecr # set this to your Amazon ECR repository name - ECS_SERVICE: ARC_API # set this to your Amazon ECS service name - ECS_CLUSTER: BilleCluster # set this to your Amazon ECS cluster name - ECS_TASK_DEFINITION: ARC_API # set this to the path to your Amazon ECS task definition - # file, e.g. .aws/task-definition.json - CONTAINER_NAME: ARC_API # set this to the name of the container in the - # containerDefinitions section of your task definition + AWS_REGION: us-east-2 # set this to your preferred AWS region, e.g. us-west-1 + ECS_CLUSTER: arc-api-cluster # set this to your Amazon ECS cluster name + CONTAINER_NAME: arc-api + ECS_SERVICE: arc-api-service + ECS_TD: .github/workflows/td.json jobs: deploy: @@ -48,9 +45,27 @@ jobs: - name: Build, tag, and push image to Amazon ECR id: build-image env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REGISTRY: "140023379914.dkr.ecr.us-east-2.amazonaws.com" + ECR_REPOSITORY: "arc_api_repo" IMAGE_TAG: ${{ github.sha }} run: | + # Generate the Environment file + touch .env + + echo PORT=${{ secrets.PORT }} >> .env + echo MONGODB_URI=${{ secrets.MONGODB_URI }} >> .env + echo FULLCHAIN=${{ secrets.FULLCHAIN }} >> .env + echo PRIVKEY=${{ secrets.PRIVKEY }} >> .env + echo DISCORD_CLIENT_ID=${{ secrets.DISCORD_CLIENT_ID }} >> .env + echo DISCORD_CLIENT_SECRET=${{ secrets.DISCORD_CLIENT_SECRET }} >> .env + echo DISCORD_REDIRECT_URI=${{ secrets.DISCORD_REDIRECT_URI }} >> .env + echo JWT_SECRET=${{ secrets.JWT_SECRET }} >> .env + echo CLIENT_REDIRECT_URI=${{ secrets.CLIENT_REDIRECT_URI }} >> .env + echo TOKEN=${{ secrets.TOKEN }} >> .env + echo DIRECT_URL=${{ secrets.DIRECT_URL }} >> .env + ehco HOSTED_URL=${{ secrets.HOSTED_URL }} >> .env + + # Build a docker container and # push it to ECR so that it can # be deployed to ECS. @@ -62,7 +77,7 @@ jobs: id: task-def uses: aws-actions/amazon-ecs-render-task-definition@c804dfbdd57f713b6c079302a4c01db7017a36fc with: - task-definition: ${{ env.ECS_TASK_DEFINITION }} + task-definition: ${{ env.ECS_TD }} container-name: ${{ env.CONTAINER_NAME }} image: ${{ steps.build-image.outputs.image }} diff --git a/.github/workflows/td.json b/.github/workflows/td.json new file mode 100644 index 0000000..31a7398 --- /dev/null +++ b/.github/workflows/td.json @@ -0,0 +1,59 @@ +{ + "taskDefinitionArn": "arn:aws:ecs:us-east-2:140023379914:task-definition/arc-api", + "containerDefinitions": [ + { + "name": "arc-api", + "image": "140023379914.dkr.ecr.us-east-2.amazonaws.com/arc-api-repo", + "cpu": 256, + "memory": 512, + "portMappings": [ + { + "containerPort": 80, + "hostPort": 80, + "protocol": "tcp" + } + ], + "essential": true, + "environment": [], + "mountPoints": [], + "volumesFrom": [], + "systemControls": [] + } + ], + "family": "arc-api", + "taskRoleArn": "arn:aws:iam::140023379914:role/ecsTaskExecutionRole", + "executionRoleArn": "arn:aws:iam::140023379914:role/ecsTaskExecutionRole", + "networkMode": "awsvpc", + "volumes": [], + "status": "ACTIVE", + "requiresAttributes": [ + { + "name": "com.amazonaws.ecs.capability.ecr-auth" + }, + { + "name": "com.amazonaws.ecs.capability.task-iam-role" + }, + { + "name": "ecs.capability.execution-role-ecr-pull" + }, + { + "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18" + }, + { + "name": "ecs.capability.task-eni" + } + ], + "placementConstraints": [], + "compatibilities": [ + "EC2", + "FARGATE" + ], + "requiresCompatibilities": [ + "FARGATE" + ], + "cpu": "256", + "memory": "512", + "registeredAt": "2025-03-03T17:32:35.285Z", + "registeredBy": "arn:aws:iam::140023379914:user/terraform", + "tags": [] +} \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 1979244..9a1cc70 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,15 +4,25 @@ USER node WORKDIR /app -COPY ./package*.json . +COPY --chown=node:node ./package*.json . RUN node --max-old-space-size=1000 $(which npm) ci -COPY ./gen_keyfile.sh . +COPY --chown=node:node ./gen_keyfile.sh . -RUN ./gen_keyfile.sh +RUN chmod u+x ./gen_keyfile.sh + +WORKDIR /keys +RUN openssl rand -base64 756 > ./mongo.keyfile +RUN chmod 400 ./mongo.keyfile +RUN openssl genrsa > ./privkey.pem +RUN openssl req -new -x509 -key ./privkey.pem -out ./fullchain.pem -sha256 -days 3650 -nodes -subj "/C=CA/ST=QC/L=Montreal/O=Billiecord/OU=Engineering/CN=stg.billiecord.com" + +WORKDIR /app COPY ./src ./src -COPY ./bin ./bin +COPY ./bin ./bin +COPY .env .env + ENTRYPOINT [ "node", "--max-old-space-size=1000", "bin/www" ] diff --git a/package.json b/package.json index 7870a0f..b9d9acd 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,7 @@ "description": "arc3 api and dashboard", "main": "bin/www", "scripts": { - "dev": "nodemon bin/www" + "dev": "nodemon bin/www-dev" }, "author": "izzydotexe", "license": "ISC", diff --git a/src/app.js b/src/app.js index 80cbc98..e8c28a6 100644 --- a/src/app.js +++ b/src/app.js @@ -8,8 +8,14 @@ const whitelist = require('./auth/middlewares/whitelist.js'); const v1 = require('./v1/v1.js'); const auth = require('./auth/auth.js'); +let STATIC_FILES; + +try { + STATIC_FILES = fs.readdirSync(process.env.BUILD_PATH); +} catch { + STATIC_FILES = [] +} -const STATIC_FILES = fs.readdirSync(process.env.BUILD_PATH); app.use( helmet({