Merge pull request 0xPolygon#20 from 0xPolygon/dev

add deployment files for staging and prod

Author: kmurphypolygon

.github/workflows/dev_deployment.yml

@@ -0,0 +1,74 @@
+name: Docs Dev Deployment
+on:
+  push:
+    branches: ['dev']
+  workflow_dispatch:
+
+jobs:
+  deploy_staging:
+    name: Dev Deployment
+    permissions:
+      id-token: write
+      contents: write
+    environment: dev
+    runs-on: ubuntu-latest
+    env:
+      AWS_REGION: eu-west-1
+      ECR_REPOSITORY: docs-dev-ecr
+      ECS_SERVICE: docs-dev-ecs-service
+      ECS_CLUSTER: frontend-dev-ecs-cluster
+      ECS_TASK_DEFINITION: dev-taskdef.json
+      CONTAINER_NAME: docs-dev
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1-node16
+        with:
+          aws-region: ${{ env.AWS_REGION }}
+          role-to-assume: arn:aws:iam::605436358845:role/docs-dev-GithubActionsRole
+          role-session-name: GithubActionsSession
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Use Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: pip Install
+        run: pip install -r requirements.txt --no-cache-dir
+
+      - name: Build mkdocs
+        run: mkdocs build
+
+      - name: Build, tag, and push image to Amazon ECR
+        id: build-image
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile.nginx .
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+
+      - name: Fill in the new image ID in the Amazon ECS task definition
+        id: task-def
+        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        with:
+          task-definition: ${{ env.ECS_TASK_DEFINITION }}
+          container-name: ${{ env.CONTAINER_NAME }}
+          image: ${{ steps.build-image.outputs.image }}
+
+      - name: Deploy Amazon ECS task definition
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        with:
+          task-definition: ${{ steps.task-def.outputs.task-definition }}
+          service: ${{ env.ECS_SERVICE }}
+          cluster: ${{ env.ECS_CLUSTER }}
+          wait-for-service-stability: true

.github/workflows/main_to_dev_merge.yml

@@ -0,0 +1,21 @@
+name: Merge Main to Dev
+
+on:
+  schedule:
+    - cron: '0 0 * * *'  # Run daily at midnight UTC
+
+jobs:
+  merge:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Merge Main to Dev
+      run: |
+        git checkout dev
+        git pull origin dev
+        git fetch origin main
+        git merge origin/main --no-edit
+        git push origin dev

.github/workflows/prod_deployment.yml

@@ -0,0 +1,82 @@
+name: Prod Deployment
+on:
+  push:
+    branches: ['main']
+  workflow_dispatch:
+    inputs:
+      stage:
+        description: 'Stage to deploy (production)'
+        required: true
+      run_production:
+        description: 'Staging deployment completed (yes, no)'
+        required: true
+
+jobs:
+  deploy_prod:
+    name: Prod Deployment
+    permissions:
+      id-token: write
+      contents: write
+    environment: prod
+    runs-on: ubuntu-latest
+    if: github.event_name == 'workflow_dispatch' && github.event.inputs.stage == 'production' && github.event.inputs.run_production == 'yes'
+    env:
+      AWS_REGION: eu-west-1
+      ECR_REPOSITORY: docs-ecr
+      ECS_SERVICE: docs-ecs-service
+      ECS_CLUSTER: frontend-prod-ecs-cluster
+      ECS_TASK_DEFINITION: prod-taskdef.json
+      CONTAINER_NAME: docs
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1-node16
+        with:
+          aws-region: ${{ env.AWS_REGION }}
+          role-to-assume: arn:aws:iam::042947190491:role/docs-GithubActionsRole
+          role-session-name: GithubActionsSession
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Use Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: pip Install
+        run: pip install -r requirements.txt --no-cache-dir
+
+      - name: Build mkdocs
+        run: mkdocs build
+
+      - name: Build, tag, and push image to Amazon ECR
+        id: build-image
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile.nginx .
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+
+      - name: Fill in the new image ID in the Amazon ECS task definition
+        id: task-def
+        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        with:
+          task-definition: ${{ env.ECS_TASK_DEFINITION }}
+          container-name: ${{ env.CONTAINER_NAME }}
+          image: ${{ steps.build-image.outputs.image }}
+
+      - name: Deploy Amazon ECS task definition
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        with:
+          task-definition: ${{ steps.task-def.outputs.task-definition }}
+          service: ${{ env.ECS_SERVICE }}
+          cluster: ${{ env.ECS_CLUSTER }}
+          wait-for-service-stability: true

.github/workflows/staging_deployment.yml

@@ -0,0 +1,74 @@
+name: Staging Deployment
+on:
+  push:
+    branches: ['main']
+  workflow_dispatch:
+
+jobs:
+  deploy_staging:
+    name: Staging Deployment
+    permissions:
+      id-token: write
+      contents: write
+    environment: staging
+    runs-on: ubuntu-latest
+    env:
+      AWS_REGION: eu-west-1
+      ECR_REPOSITORY: docs-staging-ecr
+      ECS_SERVICE: docs-staging-ecs-service
+      ECS_CLUSTER: frontend-staging-ecs-cluster
+      ECS_TASK_DEFINITION: staging-taskdef.json
+      CONTAINER_NAME: docs-staging
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+          
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1-node16
+        with:
+          aws-region: ${{ env.AWS_REGION }}
+          role-to-assume: arn:aws:iam::070528468658:role/docs-staging-GithubActionsRole
+          role-session-name: GithubActionsSession
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Use Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: pip Install
+        run: pip install -r requirements.txt --no-cache-dir
+
+      - name: Build mkdocs
+        run: mkdocs build
+
+      - name: Build, tag, and push image to Amazon ECR
+        id: build-image
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile.nginx .
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+
+      - name: Fill in the new image ID in the Amazon ECS task definition
+        id: task-def
+        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        with:
+          task-definition: ${{ env.ECS_TASK_DEFINITION }}
+          container-name: ${{ env.CONTAINER_NAME }}
+          image: ${{ steps.build-image.outputs.image }}
+
+      - name: Deploy Amazon ECS task definition
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        with:
+          task-definition: ${{ steps.task-def.outputs.task-definition }}
+          service: ${{ env.ECS_SERVICE }}
+          cluster: ${{ env.ECS_CLUSTER }}
+          wait-for-service-stability: true

Dockerfile.nginx

@@ -0,0 +1,14 @@
+#Serve the app with NGINX
+FROM nginx:alpine
+
+# Copy the build files from the build folder to /usr/share/nginx/html
+COPY site /usr/share/nginx/html
+
+#Replace default nginx.conf with custom configuration
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+
+# Expose the desired port (default is 80 for NGINX)
+EXPOSE 80
+
+# Start NGINX
+CMD ["nginx", "-g", "daemon off;"]

dev-taskdef.json

@@ -0,0 +1,95 @@
+{
+	"requiresCompatibilities": [
+		"FARGATE"
+	],
+	"inferenceAccelerators": [],
+	"containerDefinitions": [{
+		"dnsSearchDomains": null,
+		"environmentFiles": [],
+		"entryPoint": null,
+		"portMappings": [{
+			"hostPort": 80,
+			"protocol": "tcp",
+			"containerPort": 80
+		}],
+		"command": null,
+		"linuxParameters": null,
+		"cpu": 0,
+		"environment": null,
+		"resourceRequirements": null,
+		"ulimits": null,
+		"dnsServers": null,
+		"mountPoints": null,
+		"workingDirectory": null,
+		"secrets": null,
+		"dockerSecurityOptions": null,
+		"memory": null,
+		"memoryReservation": null,
+		"volumesFrom": null,
+		"stopTimeout": null,
+		"image": "test",
+		"startTimeout": null,
+		"firelensConfiguration": null,
+		"dependsOn": null,
+		"disableNetworking": null,
+		"interactive": null,
+		"healthCheck": null,
+		"essential": true,
+		"links": null,
+		"hostname": null,
+		"extraHosts": null,
+		"pseudoTerminal": null,
+		"user": null,
+		"readonlyRootFilesystem": null,
+		"dockerLabels": null,
+		"systemControls": null,
+		"privileged": null,
+		"name": "docs-dev",
+		"repositoryCredentials": {
+			"credentialsParameter": ""
+		}
+	}],
+	"volumes": [],
+	"networkMode": "awsvpc",
+	"memory": "1024",
+	"cpu": "512",
+	"executionRoleArn": "arn:aws:iam::605436358845:role/docs-dev-TaskRole",
+	"family": "docs-dev-taskdefinition",
+	"taskRoleArn": "arn:aws:iam::605436358845:role/docs-dev-TaskRole",
+	"runtimePlatform": {
+		"operatingSystemFamily": "LINUX"
+	},
+	"tags": [{
+			"key": "Role",
+			"value": "frontend-application"
+		},
+		{
+			"key": "ParentService",
+			"value": "docs-dev"
+		},
+		{
+			"key": "Environment",
+			"value": "dev"
+		},
+		{
+			"key": "Service",
+			"value": "docs-dev.polygon.technology"
+		},
+		{
+			"key": "Host",
+			"value": "AWS"
+		},
+		{
+			"key": "IAC",
+			"value": "terraform-workspace-aws-dev-applications-eu-west-1-apps-docs-dev-polygon-technology"
+		},
+		{
+			"key": "Team",
+			"value": "documentation"
+		},
+		{
+			"key": "Name",
+			"value": "docs-dev-taskdefinition"
+		}
+	]
+}

mkdocs.yml

@@ -64,7 +64,7 @@ nav:
           - Validium: cdk/get-started/deploy-validium.md
           - Rollup: cdk/get-started/deploy-rollup.md
       - How to: 
-        - Manage policies - allowlists, denylists, ACLs: cdk/how-to/manage-allowlists.md
+        - Manage policies - allowlists, denylists: cdk/how-to/manage-allowlists.md
       #- Architecture:
       - Specification:
         - Validium vs rollup: cdk/specification/validium-vs-rollup.md

nginx.conf

@@ -0,0 +1,11 @@
+server {
+    listen 0.0.0.0:80;
+    root /usr/share/nginx/html;
+    index index.html;
+
+    error_page 404 /404.html;
+
+    location / {
+        try_files $uri.html $uri $uri/ /index.html;
+    }
+}