From beb62e1cc78159d20c6decffb31aa703052bdc8c Mon Sep 17 00:00:00 2001 From: bocklag Date: Sat, 28 Dec 2024 06:53:07 +0000 Subject: [PATCH] feat(infra): rafactor re-server Terraform and Github Actions Files --- .github/workflows/rc-build-image.yml | 90 ++++++++++++++++ .github/workflows/rc-deploy-target.yml | 66 ++++++++++++ .github/workflows/rc-deploy.yml | 133 ++++++++++++++++++++++++ .github/workflows/rc-destroy-target.yml | 60 +++++++++++ .github/workflows/rc-destroy.yml | 74 +++++++++++++ .github/workflows/rc-init-config.yml | 50 +++++++++ apps/infra/rc/codedang/cloudfront.tf | 1 + 7 files changed, 474 insertions(+) create mode 100644 .github/workflows/rc-build-image.yml create mode 100644 .github/workflows/rc-deploy-target.yml create mode 100644 .github/workflows/rc-deploy.yml create mode 100644 .github/workflows/rc-destroy-target.yml create mode 100644 .github/workflows/rc-destroy.yml create mode 100644 .github/workflows/rc-init-config.yml diff --git a/.github/workflows/rc-build-image.yml b/.github/workflows/rc-build-image.yml new file mode 100644 index 0000000000..464ad3ea1a --- /dev/null +++ b/.github/workflows/rc-build-image.yml @@ -0,0 +1,90 @@ +name: RC - CD - Build Images + +on: + workflow_dispatch: + +env: + AWS_REGION: ap-northeast-2 + ECS_CLUSTER: Codedang-Api + +permissions: # permissions to the job (for the OpenID Connection) + id-token: write + contents: read + +jobs: + build-client-api: + name: Build client-api image + runs-on: ubuntu-latest + steps: + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3 + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_FOR_ECR_PUSH_RC }} + aws-region: ${{ env.AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + - name: Build and push image + uses: docker/build-push-action@v6 + with: + file: ./apps/backend/Dockerfile + push: true + build-args: | + target=client + app_env=production + tags: ${{ steps.login-ecr.outputs.registry }}/codedang-client-api:latest + + build-admin-api: + name: Build admin-api image + runs-on: ubuntu-latest + steps: + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3 + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_FOR_ECR_PUSH_RC }} + aws-region: ${{ env.AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + - name: Build and push image + uses: docker/build-push-action@v6 + with: + file: ./apps/backend/Dockerfile + push: true + build-args: | + target=admin + app_env=production + tags: ${{ steps.login-ecr.outputs.registry }}/codedang-admin-api:latest + + build-iris: + name: Build iris Docker image + runs-on: ubuntu-latest + steps: + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3 + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_FOR_ECR_PUSH_RC }} + aws-region: ${{ env.AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + - name: Build and push image (iris) + uses: docker/build-push-action@v6 + with: + push: true + context: '{{defaultContext}}:apps/iris' + build-args: | + app_env=production + tags: ${{ steps.login-ecr.outputs.registry }}/codedang-iris:latest diff --git a/.github/workflows/rc-deploy-target.yml b/.github/workflows/rc-deploy-target.yml new file mode 100644 index 0000000000..e40530fcea --- /dev/null +++ b/.github/workflows/rc-deploy-target.yml @@ -0,0 +1,66 @@ +name: RC - Deploy - Target + +on: + workflow_dispatch: + inputs: + terraform_project: + description: 'Select Terraform Project to Deploy' + required: true + type: choice + options: + - 'network' + - 'storage' + - 'codedang' + +env: + AWS_REGION: ap-northeast-2 + ECS_CLUSTER: Codedang-Api + +permissions: # permissions to the job (for the OpenID Connection) + id-token: write + contents: read + +jobs: + rc-deploy-target-project: + name: RC - Deploy Terraform targeted Project + runs-on: ubuntu-latest + environment: production + defaults: + run: + shell: bash + + steps: + - uses: actions/checkout@v4 + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_FOR_DEPLOY_RC }} + aws-region: ${{ env.AWS_REGION }} + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.5.2 + + - name: Create Terraform variable file + working-directory: ./apps/infra/rc/${{ github.event.inputs.terraform_project }} + run: | + echo "$TFVARS_RC" >> terraform.tfvars + echo "$OAUTH_GITHUB" >> terraform.tfvars + echo "$OAUTH_KAKAO" >> terraform.tfvars + echo 'env = "rc"' >> terraform.tfvars + env: + TFVARS_RC: ${{ secrets.TFVARS_RC }} + OAUTH_GITHUB: ${{ secrets.OAUTH_GITHUB }} + OAUTH_KAKAO: ${{ secrets.OAUTH_KAKAO }} + + - name: Terraform Init + working-directory: ./apps/infra/rc/${{ github.event.inputs.terraform_project }} + run: terraform init -backend-config="bucket=codedang-tf-state-rc" + + - name: Terraform Plan + working-directory: ./apps/infra/rc/${{ github.event.inputs.terraform_project }} + run: terraform plan -input=false -out=plan.out + + - name: Terraform Apply + working-directory: ./apps/infra/rc/${{ github.event.inputs.terraform_project }} + run: terraform apply -input=false plan.out diff --git a/.github/workflows/rc-deploy.yml b/.github/workflows/rc-deploy.yml new file mode 100644 index 0000000000..5b217dbd02 --- /dev/null +++ b/.github/workflows/rc-deploy.yml @@ -0,0 +1,133 @@ +name: RC - Deploy + +on: + workflow_dispatch: + +env: + AWS_REGION: ap-northeast-2 + ECS_CLUSTER: Codedang-Api + +permissions: # permissions to the job (for the OpenID Connection) + id-token: write + contents: read + +jobs: + rc-deploy-network: + name: RC - Deploy Network + runs-on: ubuntu-latest + environment: production + defaults: + run: + shell: bash + + steps: + - uses: actions/checkout@v4 + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_FOR_DEPLOY_RC }} + aws-region: ${{ env.AWS_REGION }} + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.5.2 + + - name: Create Terraform variable file + working-directory: ./apps/infra/rc/network + run: | + echo 'env = "rc"' >> terraform.tfvars + + - name: Terraform Init + working-directory: ./apps/infra/rc/network + run: terraform init -backend-config="bucket=codedang-tf-state-rc" + + - name: Terraform Plan + working-directory: ./apps/infra/rc/network + run: terraform plan -input=false -out=plan.out + + - name: Terraform Apply + working-directory: ./apps/infra/rc/network + run: terraform apply -input=false plan.out + + rc-deploy-storage: + name: RC - Deploy Storage + runs-on: ubuntu-latest + needs: [rc-deploy-network] + environment: production + defaults: + run: + shell: bash + + steps: + - uses: actions/checkout@v4 + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_FOR_DEPLOY_RC }} + aws-region: ${{ env.AWS_REGION }} + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.5.2 + + - name: Create Terraform variable file + working-directory: ./apps/infra/rc/storage + run: | + echo 'env = "rc"' >> terraform.tfvars + + - name: Terraform Init + working-directory: ./apps/infra/rc/storage + run: terraform init -backend-config="bucket=codedang-tf-state-rc" + + - name: Terraform Plan + working-directory: ./apps/infra/rc/storage + run: terraform plan -input=false -out=plan.out + + - name: Terraform Apply + working-directory: ./apps/infra/rc/storage + run: terraform apply -input=false plan.out + + rc-deploy-codedang: + name: RC - Deploy Codedang + runs-on: ubuntu-latest + needs: [rc-deploy-network, rc-deploy-storage] + environment: production + defaults: + run: + shell: bash + + steps: + - uses: actions/checkout@v4 + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_FOR_DEPLOY_RC }} + aws-region: ${{ env.AWS_REGION }} + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.5.2 + + - name: Create Terraform variable file + working-directory: ./apps/infra/rc/codedang + run: | + echo "$TFVARS_RC" >> terraform.tfvars + echo "$OAUTH_GITHUB" >> terraform.tfvars + echo "$OAUTH_KAKAO" >> terraform.tfvars + echo 'env = "rc"' >> terraform.tfvars + env: + TFVARS_RC: ${{ secrets.TFVARS_RC }} + OAUTH_GITHUB: ${{ secrets.OAUTH_GITHUB }} + OAUTH_KAKAO: ${{ secrets.OAUTH_KAKAO }} + + - name: Terraform Init + working-directory: ./apps/infra/rc/codedang + run: terraform init -backend-config="bucket=codedang-tf-state-rc" + + - name: Terraform Plan + working-directory: ./apps/infra/rc/codedang + run: terraform plan -input=false -out=plan.out + + - name: Terraform Apply + working-directory: ./apps/infra/rc/codedang + run: terraform apply -input=false plan.out diff --git a/.github/workflows/rc-destroy-target.yml b/.github/workflows/rc-destroy-target.yml new file mode 100644 index 0000000000..8d1990353a --- /dev/null +++ b/.github/workflows/rc-destroy-target.yml @@ -0,0 +1,60 @@ +name: RC - Destroy - Target + +on: + workflow_dispatch: + inputs: + terraform_project: + description: 'Select Terraform Project to Destroy' + required: true + type: choice + options: + - 'network' + - 'storage' + - 'codedang' + +env: + AWS_REGION: ap-northeast-2 + ECS_CLUSTER: Codedang-Api + +permissions: # permissions to the job (for the OpenID Connection) + id-token: write + contents: read + +jobs: + rc-destroy-terraform-target-project: + name: RC - Destroy Terraform targeted Project + runs-on: ubuntu-latest + environment: production + defaults: + run: + shell: bash + + steps: + - uses: actions/checkout@v4 + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_FOR_DEPLOY_RC }} + aws-region: ${{ env.AWS_REGION }} + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.5.2 + + - name: Create Terraform variable file + working-directory: ./apps/infra/rc/${{ github.event.inputs.terraform_project }} + run: | + echo "$TFVARS_RC" >> terraform.tfvars + echo "$OAUTH_GITHUB" >> terraform.tfvars + echo "$OAUTH_KAKAO" >> terraform.tfvars + echo 'env = "rc"' >> terraform.tfvars + env: + TFVARS_RC: ${{ secrets.TFVARS_RC }} + OAUTH_GITHUB: ${{ secrets.OAUTH_GITHUB }} + OAUTH_KAKAO: ${{ secrets.OAUTH_KAKAO }} + + - name: Destroy + working-directory: ./apps/infra/rc/${{ github.event.inputs.terraform_project }} + run: | + terraform init -backend-config="bucket=codedang-tf-state-rc" + terraform destroy -auto-approve diff --git a/.github/workflows/rc-destroy.yml b/.github/workflows/rc-destroy.yml new file mode 100644 index 0000000000..eef921c579 --- /dev/null +++ b/.github/workflows/rc-destroy.yml @@ -0,0 +1,74 @@ +name: RC - destroy +#Except Terraform-Configuration Project + +on: + workflow_dispatch: + +env: + AWS_REGION: ap-northeast-2 + ECS_CLUSTER: Codedang-Api + +permissions: # permissions to the job (for the OpenID Connection) + id-token: write + contents: read + +jobs: + rc-destroy: + name: Destroy + runs-on: ubuntu-latest + environment: production + defaults: + run: + shell: bash + + steps: + - uses: actions/checkout@v4 + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_FOR_DEPLOY_RC }} + aws-region: ${{ env.AWS_REGION }} + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.5.2 + + - name: Create Terraform variable file (Codedang) + working-directory: ./apps/infra/rc/codedang + run: | + echo "$TFVARS_RC" >> terraform.tfvars + echo "$OAUTH_GITHUB" >> terraform.tfvars + echo "$OAUTH_KAKAO" >> terraform.tfvars + echo 'env = "rc"' >> terraform.tfvars + env: + TFVARS_RC: ${{ secrets.TFVARS_RC }} + OAUTH_GITHUB: ${{ secrets.OAUTH_GITHUB }} + OAUTH_KAKAO: ${{ secrets.OAUTH_KAKAO }} + + - name: Destroy Codedang + working-directory: ./apps/infra/rc/codedang + run: | + terraform init -backend-config="bucket=codedang-tf-state-rc" + terraform destroy -auto-approve + + - name: Create Terraform variable file (Storage) + working-directory: ./apps/infra/rc/storage + run: | + echo 'env = "rc"' >> terraform.tfvars + + - name: Destroy Storage + working-directory: ./apps/infra/rc/storage + run: | + terraform init -backend-config="bucket=codedang-tf-state-rc" + terraform destroy -auto-approve + + - name: Create Terraform variable file (Network) + working-directory: ./apps/infra/rc/network + run: | + echo 'env = "rc"' >> terraform.tfvars + + - name: Destroy Network + working-directory: ./apps/infra/rc/network + run: | + terraform init -backend-config="bucket=codedang-tf-state-rc" + terraform destroy -auto-approve diff --git a/.github/workflows/rc-init-config.yml b/.github/workflows/rc-init-config.yml new file mode 100644 index 0000000000..52504cd02f --- /dev/null +++ b/.github/workflows/rc-init-config.yml @@ -0,0 +1,50 @@ +name: RC - Init + +on: + workflow_dispatch: + +env: + AWS_REGION: ap-northeast-2 + ECS_CLUSTER: Codedang-Api + +permissions: # permissions to the job (for the OpenID Connection) + id-token: write + contents: read + +jobs: + rc-init-config: + name: RC - Init Config + runs-on: ubuntu-latest + environment: production + defaults: + run: + shell: bash + + steps: + - uses: actions/checkout@v4 + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_FOR_DEPLOY_RC }} + aws-region: ${{ env.AWS_REGION }} + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.5.2 + + - name: Create Terraform variable file + working-directory: ./apps/infra/rc/terraform-configuration + run: | + echo 'env = "rc"' >> terraform.tfvars + + - name: Terraform Init + working-directory: ./apps/infra/rc/terraform-configuration + run: terraform init -backend-config="bucket=codedang-tf-state-rc" + + - name: Terraform Plan + working-directory: ./apps/infra/rc/terraform-configuration + run: terraform plan -input=false -out=plan.out + + - name: Terraform Apply + working-directory: ./apps/infra/rc/terraform-configuration + run: terraform apply -input=false plan.out diff --git a/apps/infra/rc/codedang/cloudfront.tf b/apps/infra/rc/codedang/cloudfront.tf index ca256f1bd1..27e0993dcd 100644 --- a/apps/infra/rc/codedang/cloudfront.tf +++ b/apps/infra/rc/codedang/cloudfront.tf @@ -12,6 +12,7 @@ data "aws_cloudfront_origin_request_policy" "exclude_host_header" { resource "aws_cloudfront_distribution" "codedang" { origin { + #TODO : RC서버 Amplify 문제 해결 domain_name = var.env == "production" ? "amplify.codedang.com" : "main.d11kq2upsmcpi9.amplifyapp.com" origin_id = "frontend" # TODO: Add unique ID of Amplify