Merge pull request #130 from com-pas/refactor_aws_gh_actions

Refactor aws gh actions

Author: pascalwilbrink

.github/workflows/auto-alignment-aws.yml

@@ -0,0 +1,49 @@
+# SPDX-FileCopyrightText: 2023 Alliander N.V.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: Deploy CoMPAS SCL Auto Alignment on AWS
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deployment:
+    runs-on: ubuntu-latest
+    environment: aws
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-west-1
+
+      - name: read-docker-compose
+        id: read_docker_compose
+        uses: jbutcher5/read-yaml@main
+        with:
+          file: './compas/docker-compose-postgresql.yml'
+          key-path: '["services", "scl-auto-alignment", "image"]'
+      - name: Render CoMPAS OpenSCD Container
+        id: render-auto-alignment
+        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        with:
+          task-definition: ${{ github.workspace }}/aws/task-definitions/compas-auto-alignment.json
+          container-name: CoMPAS-Scl-Auto-Alignment
+          image: ${{ steps.read_docker_compose.outputs.data }}
+          environment-variables: |
+            JWT_VERIFY_KEY=${{ secrets.JWT_VERIFY_KEY }}
+            JWT_VERIFY_ISSUER=${{ secrets.JWT_VERIFY_ISSUER }}
+
+      - name: Deploy to Amazon ECS service
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        with:
+          task-definition: ${{ steps.render-auto-alignment.outputs.task-definition }}
+          service: scl-auto-alignment
+          cluster: ${{ secrets.AWS_CLUSTER }}

.github/workflows/aws.yml

@@ -0,0 +1,49 @@
+# SPDX-FileCopyrightText: 2023 Alliander N.V.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: Deploy CoMPAS Cim Mapping on AWS
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deployment:
+    runs-on: ubuntu-latest
+    environment: aws
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-west-1
+
+      - name: read-docker-compose
+        id: read_docker_compose
+        uses: jbutcher5/read-yaml@main
+        with:
+          file: './compas/docker-compose-postgresql.yml'
+          key-path: '["services", "cim-mapping", "image"]'
+      - name: Render CoMPAS OpenSCD Container
+        id: render-cim-mapping
+        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        with:
+          task-definition: ${{ github.workspace }}/aws/task-definitions/compas-cim-mapping.json
+          container-name: CoMPAS-Cim-Mapping
+          image: ${{ steps.read_docker_compose.outputs.data }}
+          environment-variables: |
+            JWT_VERIFY_KEY=${{ secrets.JWT_VERIFY_KEY }}
+            JWT_VERIFY_ISSUER=${{ secrets.JWT_VERIFY_ISSUER }}
+
+      - name: Deploy to Amazon ECS service
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        with:
+          task-definition: ${{ steps.render-cim-mapping.outputs.task-definition }}
+          service: Compas-Cim-Mapping
+          cluster: ${{ secrets.AWS_CLUSTER }}

.github/workflows/cim-mapping-aws.yml

@@ -0,0 +1,46 @@
+# SPDX-FileCopyrightText: 2023 Alliander N.V.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: Deploy CoMPAS OpenSCD on AWS
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deployment:
+    runs-on: ubuntu-latest
+    environment: aws
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-west-1
+
+      - name: read-docker-compose
+        id: read_docker_compose
+        uses: jbutcher5/read-yaml@main
+        with:
+          file: './compas/docker-compose-postgresql.yml'
+          key-path: '["services", "open-scd", "image"]'
+      - name: Render CoMPAS OpenSCD Container
+        id: render-compas-openscd
+        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        with:
+          task-definition: ${{ github.workspace }}/aws/task-definitions/compas-openscd.json
+          container-name: CoMPAS-OpenSCD
+          image: ${{ steps.read_docker_compose.outputs.data }}
+
+      - name: Deploy to Amazon ECS service
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        with:
+          task-definition: ${{ steps.render-compas-openscd.outputs.task-definition }}
+          service: CoMPAS-OpenSCD
+          cluster: ${{ secrets.AWS_CLUSTER }}

.github/workflows/compas-openscd-aws.yml

@@ -0,0 +1,66 @@
+# SPDX-FileCopyrightText: 2023 Alliander N.V.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: Deploy SCL Data Service on AWS
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deployment:
+    runs-on: ubuntu-latest
+    environment: aws
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3 
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-west-1
+          
+      - name: read-docker-compose
+        id: read_docker_compose
+        uses: jbutcher5/read-yaml@main 
+        with:
+          file: './compas/docker-compose-postgresql.yml'
+          key-path: '["services", "scl-data-service", "image"]'
+      - name: Render CoMPAS SCL Data Service Container
+        id: render-scl-data-service
+        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        with:
+          task-definition: ${{ github.workspace }}/aws/task-definitions/compas-scl-data-service.json
+          container-name: CoMPAS-Scl-Data-Service
+          image: ${{ steps.read_docker_compose.outputs.data }}
+          environment-variables: |
+            POSTGRESQL_PASSWORD=${{ secrets.POSTGRESQL_PASSWORD }}
+            POSTGRESQL_USERNAME=${{ secrets.POSTGRESQL_USERNAME }}
+            POSTGRESQL_HOST=${{ secrets.POSTGRESQL_HOST }}
+            POSTGRESQL_DB=${{ secrets.POSTGRESQL_DB }}
+            JWT_VERIFY_KEY=${{ secrets.JWT_VERIFY_KEY }}
+            JWT_VERIFY_ISSUER=${{ secrets.JWT_VERIFY_ISSUER }}
+
+      - name: Modify Amazon ECS task definition with postgres container
+        id: render-postgres
+        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        with:
+          task-definition: ${{ steps.render-scl-data-service.outputs.task-definition }}
+          container-name: Postgresql
+          image: postgres:14.5
+          environment-variables: |
+            POSTGRES_USER=${{ secrets.POSTGRESQL_USERNAME }}
+            POSTGRES_PASSWORD=${{ secrets.POSTGRESQL_PASSWORD }}
+            POSTGRES_DB=${{ secrets.POSTGRESQL_DB }}
+            PG_USER=${{ secrets.POSTGRESQL_USERNAME }}
+
+      - name: Deploy to Amazon ECS service
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        with:
+          task-definition: ${{ steps.render-postgres.outputs.task-definition }}
+          service: Scl-Data-Service
+          cluster: ${{ secrets.AWS_CLUSTER }}

.github/workflows/data-service-aws.yml

@@ -36,11 +36,11 @@ Now change the executionRoleArn to something like this:
 
 Change the executionRoleArn in the following files:
 
-* [task-executions/compas-auto-alignment.json](./task-executions/compas-auto-alignment.json)
-* [task-executions/compas-cim-mapping.json](./task-executions/compas-cim-mapping.json)
-* [task-executions/compas-openscd.json](./task-executions/compas-openscd.json)
-* [task-executions/compas-scl-data-service.json](./task-executions/compas-scl-data-service.json)
-* [task-executions/compas-scl-validator.json](./task-executions/compas-scl-validator.json)
+* [task-definitions/compas-auto-alignment.json](task-definitions/compas-auto-alignment.json)
+* [task-definitions/compas-cim-mapping.json](task-definitions/compas-cim-mapping.json)
+* [task-definitions/compas-openscd.json](task-definitions/compas-openscd.json)
+* [task-definitions/compas-scl-data-service.json](task-definitions/compas-scl-data-service.json)
+* [task-definitions/compas-scl-validator.json](task-definitions/compas-scl-validator.json)
 
 Go to the `Elastic Container Service` in the AWS console.
 Here you can create a new cluster.

aws/README.md

@@ -29,8 +29,7 @@
                     "value": "true"
                 },
                 {
-                    "name": "JWT_VERIFY_KEY",
-                    "value": "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_sAuHe0PnO/.well-known/jwks.json"
+                    "name": "JWT_VERIFY_KEY"
                 },
                 {
                     "name": "QUARKUS_LOG_LEVEL",
@@ -45,8 +44,7 @@
                     "value": "long"
                 },
                 {
-                    "name": "JWT_VERIFY_ISSUER",
-                    "value": "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_sAuHe0PnO"
+                    "name": "JWT_VERIFY_ISSUER"
                 },
                 {
                     "name": "USERINFO_WHO_CLAIMNAME",