feat[infra]: adding deployment for staking app (passportxyz#2303)

Sharkfrk · Mar 14, 2024 · cc5ec93 · cc5ec93
1 parent bb4cd1f
commit cc5ec93
Show file tree

Hide file tree

Showing 9 changed files with 3,033 additions and 2,201 deletions.
diff --git a/.github/workflows/iam-cd-review.yml b/.github/workflows/iam-cd-review.yml
@@ -94,3 +94,11 @@ jobs:
           ROUTE_53_DOMAIN: ${{ secrets.DOMAIN_REVIEW }}
           IAM_SERVER_SSM_ARN: ${{ secrets.IAM_SERVER_SSM_ARN_REVIEW }}
           PASSPORT_VC_SECRETS_ARN: ${{ secrets.PASSPORT_VC_SECRETS_ARN_REVIEW }}
+
+          STAKING_APP_GITHUB_URL: ${{ vars.STAKING_APP_GITHUB_URL_REVIEW }}
+          STAKING_APP_GITHUB_ACCESS_TOKEN_FOR_AMPLIFY: ${{ secrets.STAKING_APP_GITHUB_ACCESS_TOKEN_FOR_AMPLIFY_REVIEW }}
+          STAKING_APP_ENABLE_AUTH: ${{ vars.STAKING_APP_ENABLE_AUTH_REVIEW }}
+          STAKING_APP_BASIC_AUTH_USERNAME: ${{ vars.STAKING_APP_BASIC_AUTH_USERNAME_REVIEW }}
+          STAKING_APP_BASIC_AUTH_PASSWORD: ${{ secrets.STAKING_APP_BASIC_AUTH_PASSWORD_REVIEW }}
+
+
diff --git a/.github/workflows/iam-promote-production.yml b/.github/workflows/iam-promote-production.yml
@@ -114,3 +114,10 @@ jobs:
           ROUTE_53_ZONE: ${{ secrets.ROUTE53_ZONE_ID_PRODUCTION }}
           DOMAIN: passport-iam.gitcoin.co
           IAM_SERVER_SSM_ARN: ${{ secrets.IAM_SERVER_SSM_ARN_PRODUCTION }}
+
+          STAKING_APP_GITHUB_URL: ${{ vars.STAKING_APP_GITHUB_URL_PRODUCTION }}
+          STAKING_APP_GITHUB_ACCESS_TOKEN_FOR_AMPLIFY: ${{ secrets.STAKING_APP_GITHUB_ACCESS_TOKEN_FOR_AMPLIFY_PRODUCTION }}
+          STAKING_APP_ENABLE_AUTH: ${{ vars.STAKING_APP_ENABLE_AUTH_PRODUCTION }}
+          STAKING_APP_BASIC_AUTH_USERNAME: ${{ vars.STAKING_APP_BASIC_AUTH_USERNAME_PRODUCTION }}
+          STAKING_APP_BASIC_AUTH_PASSWORD: ${{ secrets.STAKING_APP_BASIC_AUTH_PASSWORD_PRODUCTION }}
+
diff --git a/.github/workflows/iam-promote-staging.yml b/.github/workflows/iam-promote-staging.yml
@@ -115,3 +115,10 @@ jobs:
           ROUTE_53_DOMAIN: ${{ secrets.DOMAIN_STAGING }}
           IAM_SERVER_SSM_ARN: ${{ secrets.IAM_SERVER_SSM_ARN_STAGING }}
           PASSPORT_VC_SECRETS_ARN: ${{ secrets.PASSPORT_VC_SECRETS_ARN_STAGING }}
+
+          STAKING_APP_GITHUB_URL: ${{ vars.STAKING_APP_GITHUB_URL_STAGING }}
+          STAKING_APP_GITHUB_ACCESS_TOKEN_FOR_AMPLIFY: ${{ secrets.STAKING_APP_GITHUB_ACCESS_TOKEN_FOR_AMPLIFY_STAGING }}
+          STAKING_APP_ENABLE_AUTH: ${{ vars.STAKING_APP_ENABLE_AUTH_STAGING }}
+          STAKING_APP_BASIC_AUTH_USERNAME: ${{ vars.STAKING_APP_BASIC_AUTH_USERNAME_STAGING }}
+          STAKING_APP_BASIC_AUTH_PASSWORD: ${{ secrets.STAKING_APP_BASIC_AUTH_PASSWORD_STAGING }}
+
diff --git a/infra/aws/index.ts b/infra/aws/index.ts
@@ -1,6 +1,7 @@
 import * as pulumi from "@pulumi/pulumi";
 import * as aws from "@pulumi/aws";
 import { getIamSecrets } from "./iam_secrets";
+import { createAmplifyStakingApp } from "../lib/staking/app";
 
 // Secret was created manually in Oregon `us-west-2`
 const IAM_SERVER_SSM_ARN = `${process.env["IAM_SERVER_SSM_ARN"]}`;
@@ -58,6 +59,27 @@ const serviceResources = Object({
   },
 });
 
+const stakingEnvVars = Object({
+  review: {
+    NEXT_PUBLIC_CERAMIC_CACHE_ENDPOINT: "https://api.review.scorer.gitcoin.co/ceramic-cache",
+    NEXT_PUBLIC_SCORER_ENDPOINT: "https://api.review.scorer.gitcoin.co",
+  },
+  staging: {
+    NEXT_PUBLIC_CERAMIC_CACHE_ENDPOINT: "https://api.staging.scorer.gitcoin.co/ceramic-cache",
+    NEXT_PUBLIC_SCORER_ENDPOINT: "https://api.staging.scorer.gitcoin.co",
+  },
+  production: {
+    NEXT_PUBLIC_CERAMIC_CACHE_ENDPOINT: "https://api.scorer.gitcoin.co/ceramic-cache",
+    NEXT_PUBLIC_SCORER_ENDPOINT: "https://api.scorer.gitcoin.co",
+  },
+});
+
+const stakingBranches = Object({
+  review: "main",
+  staging: "app-staging",
+  production: "app-production",
+});
+
 //////////////////////////////////////////////////////////////
 // Service IAM Role
 // can be moved to core infrastructure if it is reused
@@ -449,3 +471,18 @@ const serviceRecord = new aws.route53.Record("passport-record", {
     },
   ],
 });
+
+coreInfraStack.getOutput("newPassportDomain").apply((domainName) => {
+  const stakingApp = createAmplifyStakingApp(
+    `${process.env["STAKING_APP_GITHUB_URL"]}`,
+    `${process.env["STAKING_APP_GITHUB_ACCESS_TOKEN_FOR_AMPLIFY"]}`,
+    domainName,
+    "stake",
+    stakingBranches[stack],
+    stakingEnvVars[stack],
+    { ...defaultTags, Name: "staking-app" },
+    (process.env["STAKING_APP_ENABLE_AUTH"] || "false").toLowerCase() == "true",
+    process.env["STAKING_APP_BASIC_AUTH_USERNAME"],
+    process.env["STAKING_APP_BASIC_AUTH_PASSWORD"]
+  );
+});
diff --git a/infra/aws/package.json b/infra/aws/package.json
diff --git a/infra/lib/staking/app.ts b/infra/lib/staking/app.ts
@@ -0,0 +1,82 @@
+import * as aws from "@pulumi/aws";
+import { Input } from "@pulumi/pulumi";
+import * as std from "@pulumi/std";
+
+export function createAmplifyStakingApp(
+  githubUrl: string,
+  githubAccessToken: string,
+  domainName: string,
+  prefix: string,
+  branchName: string,
+  environmentVariables: Input<{
+    [key: string]: Input<string>;
+  }>,
+  tags: { [key: string]: string },
+  enableBasicAuth: boolean,
+  username?: string,
+  password?: string
+): aws.amplify.App {
+  const name = `${prefix}.${domainName}`;
+  const amplifyApp = new aws.amplify.App(name, {
+    name: name,
+    repository: githubUrl,
+    oauthToken: githubAccessToken,
+    platform: "WEB_COMPUTE",
+    buildSpec: `version: 1
+applications:
+  - frontend:
+      phases:
+        preBuild:
+          commands:
+            - yarn install
+        build:
+          commands:
+            - yarn run build
+      artifacts:
+        baseDirectory: .next
+        files:
+          - '**/*'
+      cache:
+        paths:
+          - .next/cache/**/*
+          - node_modules/**/*
+    appRoot: app
+`,
+    customRules: [
+      {
+        source: "/<*>",
+        status: "404",
+        target: "/index.html",
+      },
+    ],
+    environmentVariables: {
+      AMPLIFY_DIFF_DEPLOY: "false",
+      AMPLIFY_MONOREPO_APP_ROOT: "app",
+      ...environmentVariables,
+    },
+    enableBasicAuth: enableBasicAuth,
+    basicAuthCredentials: std
+      .base64encode({
+        input: `${username}:${password}`,
+      })
+      .then((invoke) => invoke.result),
+    tags: tags,
+  });
+
+  const branch = new aws.amplify.Branch(`${name}-${branchName}`, {
+    appId: amplifyApp.id,
+    branchName: branchName,
+  });
+  const exampleDomainAssociation = new aws.amplify.DomainAssociation(name, {
+    appId: amplifyApp.id,
+    domainName: domainName,
+    subDomains: [
+      {
+        branchName: branch.branchName,
+        prefix: prefix,
+      },
+    ],
+  });
+
+  return amplifyApp;
+}