[DOP-3640]: Define the Autobuilder Core Construct (#821)

* [DOP-3639]: Create base API construct

* [DOP-3639]: Create ts files to export specific lambda handler

* [DOP-3639]: Create ts files to export specific lambda handler

* [DOP-3639]: Create methods for triggering builds

* [DOP-3639]: Remove the jobQueue as an attribute for the webhooks construct

* [DOP-3639]: Rename construct to better reflect what it represents

* [DOP-3639]: Use correct path

* [DOP-3639]: Retrieve SSM params

* [DOP-3639]: Add DB name

* [DOP-3639]: Add dochub env vars

* [DOP-3639]: Add correct dochub path

* [DOP-3639]: use correct method to retrieve secure strings

* [DOP-3639]: Delete zip script in favor of using NodejsFunction construct

* [DOP-3639]: Update esbuild config for nodejsfunctions

* [DOP-3639]: Remove bundle script and handlers

* [DOP-3639]: Get tests working

* [DOP-3639]: Delete handlers and remove zip script

* [DOP-3639]: refactor so that queues are a separate construct from the api

* [DOP-3639]: add correct identifiers for constructs

* [DOP-3639]: Update comments for bundling

* [DOP-3639]: Update tests

* [DOP-3639]: Clean up some typing

* [DOP-3639]: Add script to bundle lambda config with zip

* [DOP-3639]: Add permission to execute script

* [DOP-3639]: rename file

* [DOP-3639]: Use the regular function construct again and update bundling script

* [DOP-3639]: Add updated script and add snapshot test

* [DOP-3639]: Add updated script

* [DOP-3639]: Prune dev dependencies when deploying lambda

* [DOP-3639]: Add slack auth token

* [DOP-3639]: Add queue urls as env vars

* [DOP-3639]: Grab DB info from ssm

* [DOP-3639]: Update env vars

* [DOP-3639]: Remove cdk.context.json

* [DOP-3639]: Update gitignore and use valueFromLookup

* [DOP-3639]: Refactor code to successfully deploy and use config variables

* [DOP-3639]: Remove unnecessary build command

* [DOP-3639]: Remove unnecessary build script

* [DOP-3639]: Refactor env vars into separate construct

* [DOP-3639]: Remove build.zip from gitignore

* [DOP-3639]: Remove bundle command

* [DOP-3680]: Add v2 handlers

* [DOP-3680]: Use v2 handlers

* [DOP-3680]: Revert slack v1

* [DOP-3639]: Remove additional slash

* [DOP-3639]: Remove unused params

* [DOP-3639]: Remove unused import

* [DOP-3639]: Use esModuleInterop

* [DOP-3640]: Rename to simplify stuff

* [DOP-3640]: Add util to get bucket names

* [DOP-3640]: Add task definition for fargate and create cluster

* [DOP-3640]: Refactor Stack and constructs

* [DOP-3640]: Add CDK infra to docker ignore

* [DOP-3640]: Rename files to be less generic and add task definition for lambdas

* [DOP-3640]: Work on creating bucket constructs

* [DOP-3640]: destroy buckets when tearing down

* [DOP-3640]: Grant ecs task permission to read and write from buckets

* [DOP-3640]: Add VPC endpoint for ECR

* [DOP-3640]: Add custom dockerfile for testing enhanced app

* [DOP-3640]: Refactor path names to take into account the environment

* [DOP-3640]: Add a bunch of env vars

* [DOP-3640]: Add a bunch of env vars for worker

* [DOP-3640]: Remove unused env var

* [DOP-3640]: Refactor object destructure for consistency

* [DOP-3640]: Add first routing rule

* [DOP-3640]: Add routing rules for root bucket

* [DOP-3640]: Refactor container props to be a little nicer

* [DOP-3640]: Add feature branch deploy logic

* [DOP-3640]: Add env to worker

* [DOP-3640]: Move stuff around and work on getting secure strings using aws sdk

* [DOP-3640]: Add SSM client SDK to query secure strings

* [DOP-3640]: Add remaining secure strings and refactor stack to use async ssm client

* [DOP-3640]: Grant permissions to the ECS cluster to read and write to queues

* [DOP-3640]: Add Tag for stack to help debug costs

* [DOP-3640]: Refactor layout to be a bit simpler

* [DOP-3640]: Refactor enhanced job to check for correct job type

* [DOP-3640]: Remove unnecesssary code

* [DOP-3640]: Update readme

* [DOP-3640]: Update prettier to ignore cdk-infra

* [DOP-3640]: Use clustername for task definition family (that's the value that is actually used)

* [DOP-3640]: Update README

* [DOP-3640]: Update readme and rename context variables

* [DOP-3640]: Refactor how environment variables are retrieved to not depend on current scope

* [DOP-3640]: Add routing rule for 1.1.4 of atlas cli

* [DOP-3640]: Call initContextVars

Author: branberry

.dockerignore

@@ -1,2 +1,3 @@
 tests/
 node_modules/
+cdk-infra/

Dockerfile.enhanced

@@ -0,0 +1,120 @@
+# Build the Typescript app
+FROM node:18.16.0-alpine as ts-compiler
+WORKDIR /home/docsworker-xlarge
+COPY  config config/
+COPY package*.json ./
+COPY tsconfig*.json ./
+RUN npm install
+COPY . ./
+RUN npm run build
+
+# install persistence module
+RUN cd ./modules/persistence \
+    && npm install \
+    && npm run build
+
+# Build modules
+# OAS Page Builder
+RUN cd ./modules/oas-page-builder \
+    && npm install \
+    && npm run build
+
+# where repo work will happen
+FROM ubuntu:20.04
+ARG WORK_DIRECTORY=/home/docsworker-xlarge
+ARG SNOOTY_PARSER_VERSION=0.14.0
+ARG SNOOTY_FRONTEND_VERSION=0.14.6
+ARG MUT_VERSION=0.10.3
+ARG REDOC_CLI_VERSION=1.2.0
+ARG NPM_BASE_64_AUTH
+ARG NPM_EMAIL
+ENV DEBIAN_FRONTEND=noninteractive
+
+# install legacy build environment for docs
+RUN apt-get -o Acquire::Check-Valid-Until=false update
+RUN apt-get -y install libpython2.7-dev python2.7 git rsync unzip curl
+RUN curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
+RUN python2.7 get-pip.py
+RUN pip install requests virtualenv virtualenvwrapper py-dateutil
+RUN python2.7 -m pip install python-dateutil
+RUN virtualenv /venv
+RUN /venv/bin/pip install --upgrade --force setuptools
+RUN /venv/bin/pip install -r https://raw.githubusercontent.com/mongodb/docs-tools/master/giza/requirements.txt
+
+# helper libraries for docs builds
+RUN apt-get update && apt-get install -y vim git
+
+
+ENV PATH="${PATH}:/opt/snooty:/opt/mut:/home/docsworker-xlarge/.local/bin:/usr/local/lib/python2.7/dist-packages/virtualenv/bin"
+
+# get node 18
+# https://gist.github.com/RinatMullayanov/89687a102e696b1d4cab
+RUN apt-get install --yes curl
+RUN curl --location https://deb.nodesource.com/setup_18.x | bash -
+RUN apt-get install --yes nodejs
+RUN apt-get install --yes build-essential
+
+# use npm 8.*
+RUN npm install -g npm@8
+
+# install snooty parser
+RUN curl -L -o snooty-parser.zip https://github.com/mongodb/snooty-parser/releases/download/v${SNOOTY_PARSER_VERSION}/snooty-v${SNOOTY_PARSER_VERSION}-linux_x86_64.zip \
+    && unzip -d /opt/ snooty-parser.zip
+
+# install mut
+RUN curl -L -o mut.zip https://github.com/mongodb/mut/releases/download/v${MUT_VERSION}/mut-v${MUT_VERSION}-linux_x86_64.zip \
+    && unzip -d /opt/ mut.zip
+
+# setup user and root directory
+RUN useradd -ms /bin/bash docsworker-xlarge
+RUN chmod 755 -R ${WORK_DIRECTORY}
+RUN chown -Rv docsworker-xlarge ${WORK_DIRECTORY}
+USER docsworker-xlarge
+
+WORKDIR ${WORK_DIRECTORY}
+
+# get shared.mk
+RUN curl https://raw.githubusercontent.com/mongodb/docs-worker-pool/meta/makefiles/shared.mk -o shared.mk
+
+# install snooty frontend and docs-tools
+RUN git clone -b v${SNOOTY_FRONTEND_VERSION} --depth 1 https://github.com/mongodb/snooty.git       \
+    && cd snooty                                                                                   \
+    && npm ci --legacy-peer-deps --omit=dev                                                        \
+    && git clone --depth 1 https://github.com/mongodb/docs-tools.git                               \
+    && mkdir -p ./static/images                                                                    \
+    && mv ./docs-tools/themes/mongodb/static ./static/docs-tools                                   \
+    && mv ./docs-tools/themes/guides/static/images/bg-accent.svg ./static/docs-tools/images/bg-accent.svg
+
+# install redoc fork
+RUN git clone -b @dop/redoc-cli@${REDOC_CLI_VERSION} --depth 1 https://github.com/mongodb-forks/redoc.git redoc \
+    # Install dependencies for Redoc CLI
+    && cd redoc/ \
+    && npm ci --prefix cli/ --omit=dev
+
+COPY --from=ts-compiler --chown=docsworker-xlarge /home/docsworker-xlarge/package*.json ./
+COPY --from=ts-compiler --chown=docsworker-xlarge /home/docsworker-xlarge/config config/
+COPY --from=ts-compiler --chown=docsworker-xlarge /home/docsworker-xlarge/build ./
+RUN npm install
+
+# Persistence module copy
+# Create directory and add permissions to allow node module installation
+RUN mkdir -p modules/persistence && chmod 755 modules/persistence
+COPY --from=ts-compiler --chown=docsworker-xlarge /home/docsworker-xlarge/modules/persistence/package*.json ./modules/persistence/
+COPY --from=ts-compiler --chown=docsworker-xlarge /home/docsworker-xlarge/modules/persistence/dist ./modules/persistence/
+ENV PERSISTENCE_MODULE_PATH=${WORK_DIRECTORY}/modules/persistence/index.js
+RUN cd ./modules/persistence/ && ls && npm install
+
+# OAS Page Builder module copy
+# Create directory and add permissions to allow node module installation
+RUN mkdir -p modules/oas-page-builder && chmod 755 modules/oas-page-builder
+COPY --from=ts-compiler --chown=docsworker-xlarge /home/docsworker-xlarge/modules/oas-page-builder/package*.json ./modules/oas-page-builder/
+COPY --from=ts-compiler --chown=docsworker-xlarge /home/docsworker-xlarge/modules/oas-page-builder/dist ./modules/oas-page-builder/
+RUN cd ./modules/oas-page-builder/ && npm install
+
+# Needed for OAS Page Builder module in shared.mk
+ENV REDOC_PATH=${WORK_DIRECTORY}/redoc/cli/index.js
+ENV OAS_MODULE_PATH=${WORK_DIRECTORY}/modules/oas-page-builder/index.js
+
+RUN mkdir repos && chmod 755 repos
+EXPOSE 3000
+CMD ["node", "enhanced/enhancedApp.js"]

cdk-infra/README.md

@@ -1,4 +1,20 @@
-# Welcome to your CDK TypeScript project
+# Docs Platform
+
+## Tips
+
+To verify the AWS CDK code adequately replicates the current AWS infrastructure, it is helpful to reference the CloudFormation templates that exist within the `infrastructure` directory, as well as understanding the `serverless.yml` files' contents.
+
+## Testing
+
+To verify the CloudFormation is being generated successfully, you can use the `cdk synth` command to generate the CloudFormation. In the `/cdk-infra` directory, execute the following command:
+
+```zsh
+npm run cdk synth -- -c enhanced=true -c customFeatureName=enhancedApp > cdk.out/template.yaml
+```
+
+Make sure to update your `~/.aws/credentials` file. The `enhanced` context variable, if set to true, will use the `Dockerfile.enhanced` dockerfile instead of the standard one. The `featureName` context variable is used to provide a different name for a custom stack other than the branch name. In the future for feature branches, the context variable `isFeature` will be used to use the Git branch name and append that to the stack name.
+
+# Welcome to your CDK TypeScript project (Auto-generated readme below)
 
 This is a blank project for CDK development with TypeScript.
 

cdk-infra/bin/cdk-infra.ts

@@ -2,17 +2,43 @@
 import 'source-map-support/register';
 import * as cdk from 'aws-cdk-lib';
 import { AutoBuilderStack } from '../lib/auto-builder-stack';
+import { getSsmPathPrefix, getWebhookSecureStrings, getWorkerSecureStrings } from '../utils/ssm';
+import { getFeatureName, initContextVars } from '../utils/env';
 
-const app = new cdk.App();
-new AutoBuilderStack(app, 'AutoBuilderStack', {
-  /* If you don't specify 'env', this stack will be environment-agnostic.
-   * Account/Region-dependent features and context lookups will not work,
-   * but a single synthesized template can be deployed anywhere. */
-  /* Uncomment the next line to specialize this stack for the AWS Account
-   * and Region that are implied by the current CLI configuration. */
-  // env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
-  /* Uncomment the next line if you know exactly what Account and Region you
-   * want to deploy the stack to. */
-  env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
-  /* For more information, see https://docs.aws.amazon.com/cdk/latest/guide/environments.html */
-});
+async function main() {
+  const app = new cdk.App();
+
+  // calling this here so that we can call functions like getEnv and getSsmPathPrefix
+  // without having to pass in current construct. More intuitive for developers to look at.
+  // This will grab context variables that we pass in from the CLI and add it to a map.
+  initContextVars(app);
+
+  const ssmPrefix = getSsmPathPrefix();
+
+  // Constructors can't be async, so since I am doing this workaround for the secure strings,
+  // they need to be retrieved before we create the stack.
+  const workerSecureStrings = await getWorkerSecureStrings(ssmPrefix);
+  const webhookSecureStrings = await getWebhookSecureStrings(ssmPrefix);
+
+  const stackName = `auto-builder-stack-${getFeatureName()}`;
+
+  new AutoBuilderStack(app, stackName, {
+    /* If you don't specify 'env', this stack will be environment-agnostic.
+     * Account/Region-dependent features and context lookups will not work,
+     * but a single synthesized template can be deployed anywhere. */
+    /* Uncomment the next line to specialize this stack for the AWS Account
+     * and Region that are implied by the current CLI configuration. */
+    // env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
+    /* Uncomment the next line if you know exactly what Account and Region you
+     * want to deploy the stack to. */
+    env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
+    workerSecureStrings,
+    webhookSecureStrings,
+    tags: {
+      stackName,
+    },
+    /* For more information, see https://docs.aws.amazon.com/cdk/latest/guide/environments.html */
+  });
+}
+
+main();

cdk-infra/lib/auto-builder-stack.ts

@@ -1,16 +1,50 @@
-import * as cdk from 'aws-cdk-lib';
+import { Stack, StackProps } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
-import { AutoBuilderApiConstruct } from './constructs/auto-builder-api-construct';
-import { AutoBuilderQueuesConstruct } from './constructs/auto-builder-queues-construct';
-import { AutoBuilderEnvConstruct } from './constructs/auto-builder-env-construct';
 
-export class AutoBuilderStack extends cdk.Stack {
-  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
+import { WebhookApiConstruct } from './constructs/api/webhook-api-construct';
+import { WebhookEnvConstruct } from './constructs/api/webhook-env-construct';
+import { AutoBuilderQueuesConstruct } from './constructs/queue/queues-construct';
+import { WorkerBucketsConstruct } from './constructs/worker/buckets-construct';
+import { WorkerConstruct } from './constructs/worker/worker-construct';
+import { WorkerEnvConstruct } from './constructs/worker/worker-env-construct';
+
+interface AutoBuilderStackProps extends StackProps {
+  workerSecureStrings: Record<string, string>;
+  webhookSecureStrings: Record<string, string>;
+}
+export class AutoBuilderStack extends Stack {
+  constructor(
+    scope: Construct,
+    id: string,
+    { workerSecureStrings, webhookSecureStrings, ...props }: AutoBuilderStackProps
+  ) {
     super(scope, id, props);
 
     const queues = new AutoBuilderQueuesConstruct(this, 'queues');
-    const { environment } = new AutoBuilderEnvConstruct(this, 'ssmVars', queues);
 
-    new AutoBuilderApiConstruct(this, 'api', { ...queues, environment });
+    const { environment: webhookEnvironment } = new WebhookEnvConstruct(this, 'ssmVars', {
+      ...queues,
+      secureStrings: webhookSecureStrings,
+    });
+    const { environment: workerEnvironment } = new WorkerEnvConstruct(this, 'workerSsmVars', {
+      ...queues,
+      secureStrings: workerSecureStrings,
+    });
+
+    const { clusterName, ecsTaskRole } = new WorkerConstruct(this, 'worker', {
+      environment: workerEnvironment,
+      ...queues,
+    });
+
+    const { buckets } = new WorkerBucketsConstruct(this, 'workerBuckets');
+
+    new WebhookApiConstruct(this, 'api', {
+      ...queues,
+      environment: { ...webhookEnvironment, TASK_DEFINITION_FAMILY: clusterName },
+    });
+
+    buckets.forEach((bucket) => {
+      bucket.grantReadWrite(ecsTaskRole);
+    });
   }
 }

cdk-infra/lib/constructs/auto-builder-api-construct.ts renamed to cdk-infra/lib/constructs/api/webhook-api-construct.ts

@@ -1,11 +1,12 @@
 import { Cors, CorsOptions, LambdaIntegration, LambdaRestApi } from 'aws-cdk-lib/aws-apigateway';
 import { Code, Function, Runtime } from 'aws-cdk-lib/aws-lambda';
+import { SqsEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
 import { BundlingOptions, NodejsFunction } from 'aws-cdk-lib/aws-lambda-nodejs';
 import { IQueue } from 'aws-cdk-lib/aws-sqs';
 import { Construct } from 'constructs';
 import path from 'path';
 
-const HANDLERS_PATH = path.join(__dirname, '/../../../api/controllers/v2');
+const HANDLERS_PATH = path.join(__dirname, '/../../../../api/controllers/v2');
 
 const bundling: BundlingOptions = {
   sourceMap: true,
@@ -24,18 +25,16 @@ const bundling: BundlingOptions = {
 
 const runtime = Runtime.NODEJS_18_X;
 
-interface AutoBuilderApiConstructProps {
+interface WebhookApiConstructProps {
   jobsQueue: IQueue;
   jobUpdatesQueue: IQueue;
   environment: Record<string, string>;
 }
 
-export class AutoBuilderApiConstruct extends Construct {
-  constructor(scope: Construct, id: string, props: AutoBuilderApiConstructProps) {
+export class WebhookApiConstruct extends Construct {
+  constructor(scope: Construct, id: string, { jobsQueue, jobUpdatesQueue, environment }: WebhookApiConstructProps) {
     super(scope, id);
 
-    const { jobsQueue, jobUpdatesQueue, environment } = props;
-
     const slackTriggerLambda = new NodejsFunction(this, 'slackTriggerLambda', {
       entry: `${HANDLERS_PATH}/slack.ts`,
       runtime,
@@ -75,6 +74,14 @@ export class AutoBuilderApiConstruct extends Construct {
       bundling,
     });
 
+    const handleJobsLambda = new NodejsFunction(this, 'handleJobsLambda', {
+      entry: `${HANDLERS_PATH}/jobs.ts`,
+      runtime,
+      handler: 'HandleJobs',
+      environment,
+      bundling,
+    });
+
     // generic handler for the root endpoint
     const rootEndpointLambda = new Function(this, 'RootEndpointLambda', {
       code: Code.fromInline('exports.default = (event) => { console.log("hello, world!!"); }'),
@@ -130,6 +137,15 @@ export class AutoBuilderApiConstruct extends Construct {
     jobsQueue.grantSendMessages(triggerLocalBuildLambda);
 
     // grant permission for lambdas to enqueue messages to the job updates queue
+    jobUpdatesQueue.grantSendMessages(slackTriggerLambda);
+    jobUpdatesQueue.grantSendMessages(githubTriggerLambda);
     jobUpdatesQueue.grantSendMessages(triggerLocalBuildLambda);
+
+    // grant permission to read from jobUpdatesQueue
+    jobUpdatesQueue.grantConsumeMessages(handleJobsLambda);
+
+    const handleJobsQueueSource = new SqsEventSource(jobUpdatesQueue);
+
+    handleJobsLambda.addEventSource(handleJobsQueueSource);
   }
 }

cdk-infra/lib/constructs/api/webhook-env-construct.ts

@@ -0,0 +1,36 @@
+import { IQueue } from 'aws-cdk-lib/aws-sqs';
+import { StringParameter } from 'aws-cdk-lib/aws-ssm';
+import { Construct } from 'constructs';
+import { getSsmPathPrefix } from '../../../utils/ssm';
+
+interface WebhookEnvConstructProps {
+  jobsQueue: IQueue;
+  jobUpdatesQueue: IQueue;
+  secureStrings: Record<string, string>;
+}
+export class WebhookEnvConstruct extends Construct {
+  readonly environment: Record<string, string>;
+
+  constructor(scope: Construct, id: string, { jobsQueue, jobUpdatesQueue, secureStrings }: WebhookEnvConstructProps) {
+    super(scope, id);
+
+    const ssmPrefix = getSsmPathPrefix();
+
+    const dbName = StringParameter.valueFromLookup(this, `${ssmPrefix}/atlas/dbname`);
+    const dbUsername = StringParameter.valueFromLookup(this, `${ssmPrefix}/atlas/username`);
+    const dbHost = StringParameter.valueFromLookup(this, `${ssmPrefix}/atlas/host`);
+
+    const dbPassword = secureStrings[`${ssmPrefix}/atlas/password`];
+    this.environment = {
+      ...secureStrings,
+      MONGO_ATLAS_USERNAME: dbUsername,
+      MONGO_ATLAS_PASSWORD: dbPassword,
+      MONGO_ATLAS_URL: `mongodb+srv://${dbUsername}:${dbPassword}@${dbHost}/admin?retryWrites=true`,
+      DB_NAME: dbName,
+
+      NODE_CONFIG_DIR: './config',
+      JOBS_QUEUE_URL: jobsQueue.queueUrl,
+      JOB_UPDATES_QUEUE_URL: jobUpdatesQueue.queueUrl,
+    };
+  }
+}