Merge pull request #47 from CSSE6400/86

deploys the entire app now. allows auth0 creds to also be pasted into get the frontend working
CSSE6400 · May 6, 2024 · 09f39b8 · 09f39b8
2 parents fd3bbb5 + 471bc1e
commit 09f39b8
Show file tree

Hide file tree

Showing 5 changed files with 257 additions and 22 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -6,6 +6,9 @@ on:
       awsCredentials:
         description: 'AWS Credentials'
         required: true
+      auth0Credentials:
+        description: 'Auth0 Credentials'
+        required: true
 
 jobs:
   deploy:
@@ -19,9 +22,25 @@ jobs:
       uses: actions/setup-node@v3
       with:
         node-version: 20.x
+
     - uses: levibostian/action-hide-sensitive-inputs@v1
+
     - name: Deploy to AWS
       run: |
         eval "${{ github.event.inputs.awsCredentials }}"
+        eval "${{ github.event.inputs.auth0credentials }}"
+        
+        AUTH0_SECRET=$(echo "${{ github.event.inputs.auth0Credentials }}" | jq -r '.AUTH0_SECRET')
+        AUTH0_BASE_URL=$(echo "${{ github.event.inputs.auth0Credentials }}" | jq -r '.AUTH0_BASE_URL')
+        AUTH0_ISSUER_BASE_URL=$(echo "${{ github.event.inputs.auth0Credentials }}" | jq -r '.AUTH0_ISSUER_BASE_URL')
+        AUTH0_CLIENT_ID=$(echo "${{ github.event.inputs.auth0Credentials }}" | jq -r '.AUTH0_CLIENT_ID')
+        AUTH0_CLIENT_SECRET=$(echo "${{ github.event.inputs.auth0Credentials }}" | jq -r '.AUTH0_CLIENT_SECRET')
+        
+        
         terraform init
-        terraform apply -auto-approve
+        terraform apply -auto-approve \
+          -var "auth0_secret=$AUTH0_SECRET" \
+          -var "auth0_base_url=$AUTH0_BASE_URL" \
+          -var "auth0_issuer_base_url=$AUTH0_ISSUER_BASE_URL" \
+          -var "auth0_client_id=$AUTH0_CLIENT_ID" \
+          -var "auth0_client_secret=$AUTH0_CLIENT_SECRET"
diff --git a/.github/workflows/teardown.yml b/.github/workflows/teardown.yml
@@ -6,7 +6,9 @@ on:
       awsCredentials:
         description: 'AWS Credentials'
         required: true
-
+      auth0Credentials:
+        description: 'Auth0 Credentials'
+        required: true
 jobs:
   teardown:
 
@@ -23,5 +25,19 @@ jobs:
     - name: Teardown to AWS
       run: |
         eval "${{ github.event.inputs.awsCredentials }}"
+        eval "${{ github.event.inputs.auth0credentials }}"
+        
+        AUTH0_SECRET=$(echo "${{ github.event.inputs.auth0Credentials }}" | jq -r '.AUTH0_SECRET')
+        AUTH0_BASE_URL=$(echo "${{ github.event.inputs.auth0Credentials }}" | jq -r '.AUTH0_BASE_URL')
+        AUTH0_ISSUER_BASE_URL=$(echo "${{ github.event.inputs.auth0Credentials }}" | jq -r '.AUTH0_ISSUER_BASE_URL')
+        AUTH0_CLIENT_ID=$(echo "${{ github.event.inputs.auth0Credentials }}" | jq -r '.AUTH0_CLIENT_ID')
+        AUTH0_CLIENT_SECRET=$(echo "${{ github.event.inputs.auth0Credentials }}" | jq -r '.AUTH0_CLIENT_SECRET')
+        
+        
         terraform init
-        terraform destroy -auto-approve
+        terraform destroy -auto-approve \
+          -var "auth0_secret=$AUTH0_SECRET" \
+          -var "auth0_base_url=$AUTH0_BASE_URL" \
+          -var "auth0_issuer_base_url=$AUTH0_ISSUER_BASE_URL" \
+          -var "auth0_client_id=$AUTH0_CLIENT_ID" \
+          -var "auth0_client_secret=$AUTH0_CLIENT_SECRET"
diff --git a/.gitignore b/.gitignore
@@ -2,4 +2,5 @@
 *.tfstate*
 *node_modules*
 *__pycache__*
-*report.log*
+*report.log*
+*unibasement.txt*
diff --git a/frontend/Dockerfile b/frontend/Dockerfile
@@ -14,8 +14,5 @@ COPY ./tsconfig.json .
 COPY ./typography.ts .
 COPY ./src ./src
 COPY ./public ./public
-COPY ./.env.local .
-
-ENV NEXT_PUBLIC_API_URL=http://localhost:8080
 
 CMD ["npm", "run", "dev"]
diff --git a/main.tf b/main.tf
@@ -83,13 +83,131 @@ resource "aws_security_group" "unibasement_database" {
 
 
 //////////////////////////////// Frontend //////////////////////////////////////
-resource "aws_security_group" "unibasement" {
-    name = "unibasement"
+resource "docker_image" "unibasement_frontend" {
+  name         = "${aws_ecr_repository.unibasement.repository_url}:frontend_latest"
+  build {
+    context = "frontend"
+    dockerfile = "Dockerfile"
+  }
+}
+
+resource "docker_registry_image" "unibasement_frontend" {
+  name = docker_image.unibasement_frontend.name
+}
+
+resource "aws_ecs_service" "unibasement_frontend" {
+    name            = "unibasement_frontend"
+    cluster         = aws_ecs_cluster.unibasement.id
+    task_definition = aws_ecs_task_definition.unibasement_frontend.arn
+    desired_count   = 1
+    launch_type     = "FARGATE"
+
+    network_configuration {
+      subnets             = data.aws_subnets.private.ids
+      security_groups     = [aws_security_group.unibasement_frontend.id]
+      assign_public_ip    = true
+    }
+    load_balancer {
+      target_group_arn = aws_lb_target_group.unibasement.arn
+      container_name   = "unibasement_frontend"
+      container_port   = 3000
+  }
+}
+
+variable "auth0_secret" {
+  description = "Auth0 Secret"
+}
+
+variable "auth0_base_url" {
+  description = "Auth0 Base URL"
+}
+
+variable "auth0_issuer_base_url" {
+  description = "Auth0 Issuer Base URL"
+}
+
+variable "auth0_client_id" {
+  description = "Auth0 Client ID"
+}
+
+variable "auth0_client_secret" {
+  description = "Auth0 Client Secret"
+}
+
+resource "aws_ecs_task_definition" "unibasement_frontend" {
+    family                   = "unibasement_frontend"
+    network_mode             = "awsvpc"
+    requires_compatibilities = ["FARGATE"]
+    cpu                      = 4096
+    memory                   = 8192
+    execution_role_arn       = data.aws_iam_role.lab.arn
+
+    container_definitions = <<DEFINITION
+  [
+    {
+      "image": "${docker_registry_image.unibasement_frontend.name}",
+      "cpu": 4096,
+      "memory": 8192,
+      "name": "unibasement_frontend",
+      "networkMode": "awsvpc",
+      "portMappings": [
+        {
+          "containerPort": 3000,
+          "hostPort": 3000
+        }
+      ],
+        "environment": [
+        {
+          "name": "NEXT_PUBLIC_API_URL",
+          "value": "http://${data.aws_network_interface.unibasement_backend_ip.association[0].public_ip}:8080"
+        },
+        {
+          "name": "AUTH0_SECRET,
+          "value": var.auth0_secret
+        },
+        {
+          "name": "AUTH0_BASE_URL",
+          "value": var.auth0_base_url
+        },
+        {
+          "name": "AUTH0_ISSUER_BASE_URL",
+          "value": var.auth0_issuer_base_url
+        },
+        {
+          "name": "AUTH0_CLIENT_ID",
+          "value": var.auth0_client_id
+        },
+        {
+          "name": "AUTH0_CLIENT_SECRET",
+          "value": var.auth0_client_secret
+        }
+      ],
+      "logConfiguration": {
+        "logDriver": "awslogs",
+        "options": {
+          "awslogs-group": "/unibasement/unibasement_frontend",
+          "awslogs-region": "us-east-1",
+          "awslogs-stream-prefix": "ecs",
+          "awslogs-create-group": "true"
+        }
+      }
+    }
+  ]
+  DEFINITION
+}
+
+#TODO pass in auth0 variables into the above. 
+
+
+#TODO need scalability stuff for front, back db ?
+
+resource "aws_security_group" "unibasement_frontend" {
+    name = "unibasement_frontend"
     description = "unibasement Security Group"
 
     ingress {
-      from_port = 8080
-      to_port = 8080
+      from_port = 3000
+      to_port = 3000
       protocol = "tcp"
       cidr_blocks = ["0.0.0.0/0"]
     }
@@ -111,14 +229,13 @@ resource "aws_security_group" "unibasement" {
 
 
 
-//////////////////////////////// Frontend //////////////////////////////////////
-
 
+//////////////////////////////// Frontend //////////////////////////////////////
 
 
 //////////////////////////////// Backend ///////////////////////////////////////
 resource "docker_image" "unibasement_backend" {
-  name         = "${aws_ecr_repository.unibasement_backend.repository_url}:latest"
+  name         = "${aws_ecr_repository.unibasement.repository_url}:backend_latest"
   build {
     context = "backend"
     dockerfile = "Dockerfile"
@@ -136,14 +253,31 @@ resource "aws_ecs_service" "unibasement_backend" {
   task_definition = aws_ecs_task_definition.unibasement_backend.arn
   desired_count   = 1
   launch_type     = "FARGATE"
+  enable_ecs_managed_tags = true
+  wait_for_steady_state = true
 
   network_configuration {
     subnets             = data.aws_subnets.private.ids
-    security_groups     = [aws_security_group.unibasement.id]
+    security_groups     = [aws_security_group.unibasement_backend.id]
     assign_public_ip    = true
   }
 }
 
+data "aws_network_interfaces" "unibasement_backend_ip" {
+  tags = {
+    "aws:ecs:serviceName" = aws_ecs_service.unibasement_backend.name
+  }
+}
+
+data "aws_network_interface" "unibasement_backend_ip" {
+  depends_on = [ aws_ecs_service.unibasement_backend ]
+  id = data.aws_network_interfaces.unibasement_backend_ip.ids[0]
+}
+
+output "thebackendip" {
+  value = data.aws_network_interface.unibasement_backend_ip.association[0].public_ip
+}
+
 
 resource "aws_ecs_task_definition" "unibasement_backend" {
   family                   = "unibasement_backend"
@@ -164,7 +298,7 @@ resource "aws_ecs_task_definition" "unibasement_backend" {
       "logConfiguration": {
         "logDriver": "awslogs",
         "options": {
-          "awslogs-group": "/uniBasement/unibasement_backend",
+          "awslogs-group": "/unibasement/unibasement_backend",
           "awslogs-region": "us-east-1",
           "awslogs-stream-prefix": "ecs",
           "awslogs-create-group": "true"
@@ -197,12 +331,6 @@ resource "aws_ecs_task_definition" "unibasement_backend" {
   DEFINITION
 }
 
-
-resource "aws_ecr_repository" "unibasement_backend" {
-  name = "unibasement_backend"
-}
-
-
 resource "aws_security_group" "unibasement_backend" {
     name = "unibasement_backend"
     description = "unibasement Security Group"
@@ -257,4 +385,78 @@ data "aws_subnets" "private" {
         values = [data.aws_vpc.default.id]
     }
 }
+
+resource "aws_ecr_repository" "unibasement" {
+  name = "unibasement"
+}
+
+
+resource "aws_lb_target_group" "unibasement" {
+  name          = "unibasement"
+  port          = 3000
+  protocol      = "HTTP"
+  vpc_id        = aws_security_group.unibasement_frontend.vpc_id
+  target_type   = "ip"
+
+  health_check {
+    path                = "/"
+    protocol            = "HTTP"
+    port                = "3000"
+    interval            = 30
+    timeout             = 5
+    healthy_threshold   = 2
+    unhealthy_threshold = 2
+  }
+}
+
+
+resource "aws_lb" "unibasement" {
+  name               = "unibasement"
+  internal           = false
+  load_balancer_type = "application"
+  subnets            = data.aws_subnets.private.ids
+  security_groups    = [aws_security_group.unibasement_frontend.id]
+}
+
+
+resource "aws_lb_listener" "unibasement" {
+  load_balancer_arn   = aws_lb.unibasement.arn
+  port                = "3000"
+  protocol            = "HTTP"
+
+  default_action {
+    type              = "forward"
+    target_group_arn  = aws_lb_target_group.unibasement.arn
+  }
+}
+
+resource "local_file" "url" {
+    content = "http://${aws_lb.unibasement.dns_name}:3000/" # TODO figure out
+    filename = "./unibasement.txt"
+}
+
+
+#TODO some sort of auth0 setup at somepoint in the future lmao need to get from the workflow env variables.
+# variable "AUTH0_SECRET" {
+#   type = string
+# }
+
+# variable "AUTH0_BASE_URL" {
+#   type = string
+# }
+
+# variable "AUTH0_ISSUER_BASE_URL" {
+#   type = string
+# }
+
+# variable "AUTH0_CLIENT_ID" {
+#   type = string
+# }
+
+# variable "AUTH0_CLIENT_SECRET" {
+#   type = string
+# }
+
+
+
 ////////////////////////////// Miscellaneous ///////////////////////////////////