feat: tuotantoasennus

.husky/pre-push

@@ -1,6 +1,8 @@
 #!/bin/sh
 . "$(dirname "$0")/_/husky.sh"
 
-export ENVIRONMENT=feature
-npm run lint
-npm run husky:test
+if [ "$(git rev-parse --abbrev-ref HEAD)" != "prod" ]; then
+  export ENVIRONMENT=feature
+  npm run lint
+  npm run husky:test
+fi

deployment/bin/pushECRImagesToProd.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account)
+
+aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin $ACCOUNT_ID.dkr.ecr.eu-west-1.amazonaws.com
+
+LOCALSTACK_VERSION=0.14.1
+aws ecr create-repository --repository-name localstack || true
+docker tag localstack/localstack:$LOCALSTACK_VERSION $ACCOUNT_ID.dkr.ecr.eu-west-1.amazonaws.com/localstack:$LOCALSTACK_VERSION
+docker push $ACCOUNT_ID.dkr.ecr.eu-west-1.amazonaws.com/localstack:$LOCALSTACK_VERSION
+
+# Create buildimage to provide faster builds
+BUILD_IMAGE_VERSION=1.0.3
+REPO_TAG=$ACCOUNT_ID.dkr.ecr.eu-west-1.amazonaws.com/hassu-buildimage:$BUILD_IMAGE_VERSION
+aws ecr create-repository --repository-name hassu-buildimage || true
+docker tag hassu-buildimage:$BUILD_IMAGE_VERSION $REPO_TAG
+docker push $REPO_TAG

deployment/lib/buildspec/buildspec-prod.yml

@@ -0,0 +1,41 @@
+version: 0.2
+
+env:
+  parameter-store:
+    ROCKET_CHAT_TOKEN: /RocketChatToken
+    ROCKET_CHAT_USER_ID: /RocketChatUserId
+  secrets-manager:
+    GITHUB_TOKEN: github-token
+
+phases:
+  install:
+    runtime-versions:
+      java: corretto11
+      nodejs: 14
+    commands:
+      - ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account)
+      - aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin "$ACCOUNT_ID.dkr.ecr.eu-west-1.amazonaws.com"
+
+      - nohup docker pull "$ACCOUNT_ID.dkr.ecr.eu-west-1.amazonaws.com/hassu-buildimage:1.0.3" &
+
+      - npm install -g npm@8.1.3
+      - npm ci
+
+      - touch .env.test
+      - npm run generate
+  build:
+    commands:
+      - npm run get-next-version
+      - npm run deploy:database
+      - npm run deploy:backend
+      - npm run deploy:frontend
+      - npm run release
+  post_build:
+    on-failure: ABORT
+    commands:
+      - ./deployment/bin/reportBuildStatus.sh -t "$ROCKET_CHAT_TOKEN" -u "$ROCKET_CHAT_USER_ID" -r "$CODEBUILD_BUILD_SUCCEEDING" -m "$ENVIRONMENT build" -d "CodeBuild $CODEBUILD_BUILD_URL"
+cache:
+  paths:
+    - "/root/.cache/**/*"
+    - "/root/.npm/**/*"
+    - "/root/.gradle/**/*"

deployment/lib/config.ts

@@ -48,7 +48,7 @@ export class Config extends BaseConfig {
 
     this.scope = scope;
     const env = Config.env;
-    if (Config.isPermanentEnvironment()) {
+    if (Config.isPermanentEnvironment() && !Config.isProdAccount()) { // TODO remove "&& !Config.isProdAccount()" after getting the cert for prod
       this.cloudfrontCertificateArn = this.getParameter(`/${env}/CloudfrontCertificateArn`);
     }
     this.dmzProxyEndpoint = this.getInfraParameter("DMZProxyEndpoint");
@@ -76,10 +76,7 @@ export class Config extends BaseConfig {
     if (Config.env === "localstack") {
       return "";
     }
-    return ssm.StringParameter.valueForStringParameter(
-      this.scope,
-      this.getInfraParameterPath(parameterName, infraEnvironment)
-    );
+    return ssm.StringParameter.valueForStringParameter(this.scope, this.getInfraParameterPath(parameterName, infraEnvironment));
   }
 
   public getInfraParameterPath(parameterName: string, infraEnvironment?: string) {
@@ -90,18 +87,11 @@ export class Config extends BaseConfig {
     return Config.getSecureInfraParameterInternal({ parameterName, infraEnvironment, ssm: ssmProvider });
   }
 
-  public async getGlobalSecureInfraParameter(
-    parameterName: string,
-    infraEnvironment: string = BaseConfig.infraEnvironment
-  ) {
+  public async getGlobalSecureInfraParameter(parameterName: string, infraEnvironment: string = BaseConfig.infraEnvironment) {
     return Config.getSecureInfraParameterInternal({ parameterName, infraEnvironment, ssm: globalSsmProvider });
   }
 
-  private static async getSecureInfraParameterInternal(params: {
-    parameterName: string;
-    infraEnvironment: string;
-    ssm: SSM;
-  }) {
+  private static async getSecureInfraParameterInternal(params: { parameterName: string; infraEnvironment: string; ssm: SSM }) {
     // Skip AWS API calls if running locally with localstack and cdklocal
     if (Config.env === "localstack") {
       return "dummy";
@@ -128,15 +118,15 @@ export class Config extends BaseConfig {
   }
 
   private init = async () => {
-    this.branch = process.env.BUILD_BRANCH
-      ? process.env.BUILD_BRANCH
-      : await execShellCommand("git rev-parse --abbrev-ref HEAD");
+    this.branch = process.env.BUILD_BRANCH ? process.env.BUILD_BRANCH : await execShellCommand("git rev-parse --abbrev-ref HEAD");
 
     if (Config.isDeveloperEnvironment()) {
-      this.frontendDomainName =
-        (await readFrontendStackOutputs()).CloudfrontPrivateDNSName || "please-re-run-backend-deployment";
+      this.frontendDomainName = (await readFrontendStackOutputs()).CloudfrontPrivateDNSName || "please-re-run-backend-deployment";
     } else {
       this.frontendDomainName = await this.getSecureInfraParameter("FrontendDomainName");
+      if (!this.frontendDomainName) {
+        throw new Error("/" + Config.env + "/FrontendDomainName SSM Parameter not found! Maybe logged in to wrong account?");
+      }
     }
     log.info("frontendDomainName", this.frontendDomainName);
   };

deployment/lib/hassu-account.ts

@@ -34,7 +34,7 @@ export class HassuAccountStack extends cdk.Stack {
       enableVersionUpgrade: true,
       capacity: {
         masterNodes: 0,
-        dataNodes: 1,
+        dataNodes: 2,
         dataNodeInstanceType: "t3.small.search",
       },
       removalPolicy: RemovalPolicy.RETAIN,

deployment/lib/hassu-database.ts

@@ -10,7 +10,6 @@ import * as backup from "@aws-cdk/aws-backup";
 import * as events from "@aws-cdk/aws-events";
 import { Effect, PolicyStatement } from "@aws-cdk/aws-iam";
 import { IConstruct } from "@aws-cdk/core/lib/construct-compat";
-import { BackupPlanRuleProps } from "@aws-cdk/aws-backup/lib/rule";
 
 // These should correspond to CfnOutputs produced by this stack
 export type DatabaseStackOutputs = {
@@ -111,6 +110,12 @@ export class HassuDatabaseStack extends cdk.Stack {
   }
 
   private createUploadBucket() {
+    let allowedOrigins: string[];
+    if (Config.isDeveloperEnvironment()) {
+      allowedOrigins = ["http://localhost:3000", "https://" + this.config.frontendDomainName];
+    } else {
+      allowedOrigins = ["https://" + this.config.frontendDomainName];
+    }
     return new Bucket(this, "UploadBucket", {
       bucketName: Config.uploadBucketName,
       blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
@@ -119,7 +124,7 @@ export class HassuDatabaseStack extends cdk.Stack {
       cors: [
         {
           allowedMethods: [HttpMethods.PUT],
-          allowedOrigins: ["http://localhost:3000", "https://" + this.config.frontendDomainName],
+          allowedOrigins: allowedOrigins,
           allowedHeaders: ["*"],
         },
       ],
@@ -191,24 +196,12 @@ export class HassuDatabaseStack extends cdk.Stack {
       const backupPlanName = "Plan-" + Config.env;
       const backupVaultName = "Vault-" + Config.env;
 
-      let backupPlanRuleProps: BackupPlanRuleProps;
-      if (Config.isProductionEnvironment()) {
-        backupPlanRuleProps = {
-          moveToColdStorageAfter: Duration.days(35),
-          deleteAfter: Duration.days(365),
-        };
-      } else {
-        backupPlanRuleProps = {
-          deleteAfter: Duration.days(35),
-        };
-      }
-
       const plan = new backup.BackupPlan(this, backupPlanName, {
         backupPlanName,
         backupVault: new backup.BackupVault(this, backupVaultName, { backupVaultName }),
         backupPlanRules: [
           new backup.BackupPlanRule({
-            ...backupPlanRuleProps,
+            deleteAfter: Duration.days(35),
             ruleName: "Daily",
             startWindow: Duration.hours(1),
             completionWindow: Duration.hours(2),