Actual Merge Portal Prod (anomalyco#149)

Author: raphaeltm

.devcontainer/Dockerfile

@@ -1,4 +1,12 @@
 FROM mcr.microsoft.com/devcontainers/typescript-node:1-22-bookworm
 
+RUN git clone https://github.com/git/git.git /tmp/git && \
+    cd /tmp/git/contrib/subtree && \
+    make && \
+    make install prefix=/usr/local && \
+    rm -rf /tmp/git
+
+RUN curl -fsSL https://bun.sh/install | bash
+
 # Install Hasura CLI
 RUN curl -L https://github.com/hasura/graphql-engine/raw/stable/cli/get.sh | bash

.devcontainer/devcontainer.json

@@ -17,7 +17,12 @@
 				"bpruitt-goddard.mermaid-markdown-syntax-highlighting",
 				"GitHub.copilot",
 				"github.vscode-github-actions",
-				"styled-components.vscode-styled-components"
+				"styled-components.vscode-styled-components",
+				"mtxr.sqltools",
+				"mtxr.sqltools-driver-pg",
+				"oven.bun-vscode",
+				"WallabyJs.console-ninja",
+				"ms-azuretools.vscode-docker"
 			]
 		}
 	}

.env.dev

@@ -0,0 +1,8 @@
+POSTGRES_PASSWORD=password
+JWKS_ENDPOINT=http://auth:3001/.well-known/jwks.json
+STRIPE_SECRET_KEY=rk_test_51QJ1i6GzPK2DOcG5XJxzf6GmkKbCESzOfThaVkGxMzVMS7p6UQOycxMuNQG7lPbEJkAvxGwEEvfcsLObiGpNyIX200fxhtNlJG
+NEXT_PUBLIC_STRIPE_PRICING_TABLE_ID=prctbl_1QJhTcGzPK2DOcG53lZoMKCm
+HASURA_GRAPHQL_ADMIN_SECRET=password
+GITHUB_CLIENT_ID=Ov23liYz3ENoXL1dBaf1
+GITHUB_CLIENT_SECRET=114f46ccc688e05d0e9b12e9ec7f0c52de4afac0
+SEGMENT_WRITE_KEY=t7ho50oiP4r0PF4QQkq2NaHKDiGrZu6x

.env.sample

@@ -0,0 +1,12 @@
+POSTGRES_PASSWORD=password
+JWKS_ENDPOINT=http://host.docker.internal:3001/.well-known/jwks.json
+STRIPE_SECRET_KEY=rk_test_51QJ1i6GzPK2DOcG5XJxzf6GmkKbCESzOfThaVkGxMzVMS7p6UQOycxMuNQG7lPbEJkAvxGwEEvfcsLObiGpNyIX200fxhtNlJG
+HASURA_GRAPHQL_ADMIN_SECRET=password
+GITHUB_CLIENT_ID=sample-id
+GITHUB_CLIENT_SECRET=sample-secret
+SEGMENT_WRITE_KEY=sample-key
+# Frontend - Sample of stuff that needs to be set with `defang config set`
+NEXT_PUBLIC_AUTH_URL=http://localhost:3001
+NEXT_PUBLIC_GRAPHQL_URL=http://localhost:3002/v1/graphql
+NEXT_PUBLIC_FN_URL=http://localhost:3003
+NEXT_PUBLIC_FABRIC=https://fabric-prod1.defang.dev:443

.github/actions/deploy/action.yml

@@ -0,0 +1,103 @@
+name: Deploy to AWS
+description: Deploy application to AWS environment
+
+inputs:
+  aws_account_id:
+    description: 'AWS Account ID'
+    required: true
+  aws_region:
+    description: 'AWS Region'
+    required: false
+    default: 'us-west-2'
+  project_name:
+    description: 'Project name'
+    required: true
+  domain_name:
+    description: 'Domain Name'
+    required: true
+  github_client_id:
+    description: 'GitHub Client ID'
+    required: true
+  github_client_secret:
+    description: 'GitHub Client Secret'
+    required: true
+  hasura_graphql_admin_secret:
+    description: 'Hasura GraphQL Admin Secret'
+    required: true
+  next_public_segment_write_key:
+    description: 'Next Public Segment Write Key'
+    required: true
+  next_public_stripe_pricing_table_id:
+    description: 'Next Public Stripe Pricing Table ID'
+    required: true
+  next_public_stripe_publishable_key:
+    description: 'Next Public Stripe Publishable Key'
+    required: true
+  next_public_version:
+    description: 'Next Public Version'
+    required: true
+  postgres_password:
+    description: 'Postgres Password'
+    required: true
+  segment_write_key:
+    description: 'Segment Write Key'
+    required: true
+  stripe_secret_key:
+    description: 'Stripe Secret Key'
+    required: true
+  next_public_fabric:
+    description: 'Next Public Fabric'
+    required: false
+    default: ''
+  compose_file:
+    description: 'Compose file'
+    required: true
+  mode:
+    description: 'Deployment mode (development | staging | production)'
+    default: development
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Configure AWS Credentials for CI
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: us-west-2
+        role-to-assume: arn:aws:iam::488659951590:role/ci-role-d4fe904 # ciRoleArn from defang-io/infrastructure stack
+    - name: Configure AWS Credentials for Corp Website Account
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: ${{ inputs.aws_region }}
+        role-chaining: true
+        role-duration-seconds: 1200
+        role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/admin
+    - name: Create dotenv file
+      shell: bash
+      run: |
+        echo "DOMAIN_NAME=${{ inputs.domain_name }}" >> .env
+        echo "NEXT_PUBLIC_FABRIC=${{ inputs.next_public_fabric }}" >> .env
+        echo "NEXT_PUBLIC_SEGMENT_WRITE_KEY=${{ inputs.next_public_segment_write_key }}" >> .env
+        echo "NEXT_PUBLIC_VERSION=${{ inputs.next_public_version }}" >> .env
+        echo "NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=${{ inputs.next_public_stripe_publishable_key }}" >> .env
+        echo "NEXT_PUBLIC_STRIPE_PRICING_TABLE_ID=${{ inputs.next_public_stripe_pricing_table_id }}" >> .env
+    - name: Deploy
+      uses: DefangLabs/defang-github-action@v1.2.0
+      with:
+        mode: ${{ inputs.mode }}
+        compose-files: ${{ inputs.compose_file }}
+        config-env-vars: DOMAIN_NAME GITHUB_CLIENT_ID GITHUB_CLIENT_SECRET HASURA_GRAPHQL_ADMIN_SECRET NEXT_PUBLIC_SEGMENT_WRITE_KEY NEXT_PUBLIC_STRIPE_PRICING_TABLE_ID NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY NEXT_PUBLIC_VERSION POSTGRES_PASSWORD SEGMENT_WRITE_KEY STRIPE_SECRET_KEY
+      env:
+        DEFANG_PROVIDER: aws
+        DOMAIN_NAME: ${{ inputs.domain_name }}
+        GITHUB_CLIENT_ID: ${{ inputs.github_client_id }}
+        GITHUB_CLIENT_SECRET: ${{ inputs.github_client_secret }}
+        HASURA_GRAPHQL_ADMIN_SECRET: ${{ inputs.hasura_graphql_admin_secret }}
+        NEXT_PUBLIC_SEGMENT_WRITE_KEY: ${{ inputs.next_public_segment_write_key }}
+        NEXT_PUBLIC_STRIPE_PRICING_TABLE_ID: ${{ inputs.next_public_stripe_pricing_table_id }}
+        NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY: ${{ inputs.next_public_stripe_publishable_key }}
+        NEXT_PUBLIC_VERSION: ${{ inputs.next_public_version }}
+        POSTGRES_PASSWORD: ${{ inputs.postgres_password }}
+        SEGMENT_WRITE_KEY: ${{ inputs.segment_write_key }}
+        STRIPE_SECRET_KEY: ${{ inputs.stripe_secret_key }}
+        NEXT_PUBLIC_FABRIC: ${{ inputs.next_public_fabric }}

.github/workflows/deploy.yml

@@ -0,0 +1,113 @@
+name: Deploy
+on:
+  push:
+    branches:
+      - main
+      - staging
+    tags:
+      - v*
+  pull_request:
+    branches: [main, intermediate-auth]
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  deploy-dev:
+    if: github.event_name == 'pull_request'
+    environment: dev
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v4
+
+      # create a short sha and make it available to the next steps
+      - name: Set short sha
+        id: vars
+        run: echo "SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV
+
+      - uses: ./.github/actions/deploy
+        with:
+          mode: development
+          compose_file: compose.portal.dev.gnafed.click.yaml
+          aws_account_id: 532501343364
+          aws_region: us-west-2
+          domain_name: ${{ vars.DOMAIN_NAME }}
+          github_client_id: ${{ secrets.AUTH_GITHUB_CLIENT_ID }}
+          github_client_secret: ${{ secrets.AUTH_GITHUB_CLIENT_SECRET }}
+          hasura_graphql_admin_secret: ${{ secrets.HASURA_GRAPHQL_ADMIN_SECRET }}
+          next_public_segment_write_key: ${{ secrets.NEXT_PUBLIC_SEGMENT_WRITE_KEY }}
+          next_public_stripe_pricing_table_id: ${{ secrets.NEXT_PUBLIC_STRIPE_PRICING_TABLE_ID }}
+          next_public_stripe_publishable_key: ${{ secrets.NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY }}
+          next_public_version: ${{ env.SHORT_SHA }}
+          postgres_password: ${{ secrets.POSTGRES_PASSWORD }}
+          segment_write_key: ${{ secrets.SEGMENT_WRITE_KEY }}
+          stripe_secret_key: ${{ secrets.STRIPE_SECRET_KEY }}
+          next_public_fabric: ${{ vars.NEXT_PUBLIC_FABRIC }}
+  
+  deploy-staging:
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging')
+    environment: staging
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v4
+
+      # create a short sha and make it available to the next steps
+      - name: Set short sha
+        id: vars
+        run: echo "SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV
+
+      - uses: ./.github/actions/deploy
+        with:
+          mode: staging
+          compose_file: compose.portal.staging.defang.dev.yaml
+          aws_account_id: 426819183542
+          aws_region: us-west-2
+          domain_name: ${{ vars.DOMAIN_NAME }}
+          github_client_id: ${{ secrets.AUTH_GITHUB_CLIENT_ID }}
+          github_client_secret: ${{ secrets.AUTH_GITHUB_CLIENT_SECRET }}
+          hasura_graphql_admin_secret: ${{ secrets.HASURA_GRAPHQL_ADMIN_SECRET }}
+          next_public_segment_write_key: ${{ secrets.NEXT_PUBLIC_SEGMENT_WRITE_KEY }}
+          next_public_stripe_pricing_table_id: ${{ secrets.NEXT_PUBLIC_STRIPE_PRICING_TABLE_ID }}
+          next_public_stripe_publishable_key: ${{ secrets.NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY }}
+          next_public_version: ${{ env.SHORT_SHA }}
+          postgres_password: ${{ secrets.POSTGRES_PASSWORD }}
+          segment_write_key: ${{ secrets.SEGMENT_WRITE_KEY }}
+          stripe_secret_key: ${{ secrets.STRIPE_SECRET_KEY }}
+          next_public_fabric: ${{ vars.NEXT_PUBLIC_FABRIC }}
+
+  
+  deploy-production:
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
+    environment: production
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v4
+
+      # create a short sha and make it available to the next steps
+      - name: Set short sha
+        id: vars
+        run: echo "SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV
+
+      - uses: ./.github/actions/deploy
+        with:
+          mode: production
+          compose_file: compose.portal.defang.io.yaml
+          # TODO: Update the AWS account ID to the corp account when ready
+          aws_account_id: 407839483216 
+          aws_region: us-west-2
+          domain_name: ${{ vars.DOMAIN_NAME }}
+          github_client_id: ${{ secrets.AUTH_GITHUB_CLIENT_ID }}
+          github_client_secret: ${{ secrets.AUTH_GITHUB_CLIENT_SECRET }}
+          hasura_graphql_admin_secret: ${{ secrets.HASURA_GRAPHQL_ADMIN_SECRET }}
+          next_public_segment_write_key: ${{ secrets.NEXT_PUBLIC_SEGMENT_WRITE_KEY }}
+          next_public_stripe_pricing_table_id: ${{ secrets.NEXT_PUBLIC_STRIPE_PRICING_TABLE_ID }}
+          next_public_stripe_publishable_key: ${{ secrets.NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY }}
+          next_public_version: ${{ env.SHORT_SHA }}
+          postgres_password: ${{ secrets.POSTGRES_PASSWORD }}
+          segment_write_key: ${{ secrets.SEGMENT_WRITE_KEY }}
+          stripe_secret_key: ${{ secrets.STRIPE_SECRET_KEY }}
+          next_public_fabric: ${{ vars.NEXT_PUBLIC_FABRIC }}

.github/workflows/pr-compose-build.yml

@@ -0,0 +1,20 @@
+name: PR Compose Build
+
+on:
+  pull_request:
+    branches:
+      - '**'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Build Docker Compose
+        run: docker compose --profile=defang build 

.github/workflows/pulumi-preview.yml

@@ -3,3 +3,4 @@ node_modules
 .data
 .DS_Store
 .direnv
+.env