1764 Add passport new infrastructure (passportxyz#1853)

* [1764] - clean branch with the new infra * fix(infra): rename dpopp -> passport * fix(infra): stack reference & stack name, region * add passport vc secrets * update logging config * add github actions & updates for new infra * update core infra dependencies & github actions --------- Co-authored-by: Larisa-Roxana Bucur <[email protected]> Co-authored-by: Gerald Iakobinyi-Pich <[email protected]>
clugraphy · Nov 14, 2023 · 6265f90 · 6265f90
1 parent 5c285eb
commit 6265f90
Show file tree

Hide file tree

Showing 8 changed files with 2,917 additions and 8 deletions.
diff --git a/.github/workflows/iam-cd-review.yml b/.github/workflows/iam-cd-review.yml
@@ -1,6 +1,6 @@
 name: Deploy IAM Server to Review
 
-# trigger: on push to `main` branch, AND only on changes to `iam/*` and `infra/review/**` files
+# trigger: on push to `main` branch, AND only on changes to `iam/*` and `infra/aws/**` files
 on:
   push:
     branches: [main]
@@ -39,7 +39,7 @@ jobs:
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_REVIEW }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_REVIEW }}
-          aws-region: us-east-1
+          aws-region: us-west-2
 
       # login to docker for AWS
       - name: Login to Amazon ECR
@@ -71,25 +71,26 @@ jobs:
           cache-dependency-path: infra/package-lock.json
       # Update the pulumi stack with new image
       - run: |
+          cd aws
           npm install
-          cd review
-          pulumi stack select -c gitcoin/dpopp/review
-          pulumi config -s gitcoin/dpopp/review set aws:region us-east-1 --non-interactive
+          pulumi stack select -c gitcoin/passport/review
+          pulumi config -s gitcoin/passport/review set aws:region us-west-2 --non-interactive
         working-directory: infra
         env:
           PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
       - uses: pulumi/actions@v3
         id: pulumi
         with:
           command: up
-          stack-name: gitcoin/dpopp/review
+          stack-name: gitcoin/passport/review
           upsert: false
-          work-dir: infra/review
+          work-dir: infra/aws
         env:
           PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_REVIEW }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_REVIEW }}
           DOCKER_GTC_PASSPORT_IAM_IMAGE: ${{secrets.ECR_URL_REVIEW}}:${{ needs.build-and-test.outputs.dockerTag }}
           ROUTE_53_ZONE: ${{ secrets.ROUTE53_ZONE_ID_REVIEW }}
-          DOMAIN: ${{ secrets.DOMAIN_REVIEW }}
+          ROUTE_53_DOMAIN: ${{ secrets.DOMAIN_REVIEW }}
           IAM_SERVER_SSM_ARN: ${{ secrets.IAM_SERVER_SSM_ARN_REVIEW }}
+          PASSPORT_VC_SECRETS_ARN: ${{ secrets.PASSPORT_VC_SECRETS_ARN_REVIEW }}
diff --git a/infra/aws/.gitignore b/infra/aws/.gitignore
@@ -0,0 +1 @@
+/node_modules/
diff --git a/infra/aws/Pulumi.review.yaml b/infra/aws/Pulumi.review.yaml
@@ -0,0 +1,2 @@
+config:
+  aws:region: us-west-2
diff --git a/infra/aws/Pulumi.yaml b/infra/aws/Pulumi.yaml
@@ -0,0 +1,6 @@
+name: passport
+runtime:
+  name: nodejs
+  options:
+    typescript: true
+description: A minimal AWS JavaScript Pulumi program