Documentation website (#69)

* doc-site: initial setup

* doc-site: static assets and doc files

* doc-site: build and deploy via GHA

* doc-site: using packaged common elements

* doc-site: update common elements

* doc-site: sidebar target self

* doc-site: update docusaurus version

Author: davidcheung

.github/workflows/doc-site.yml

@@ -0,0 +1,68 @@
+name: "Build Documentation Site"
+on:
+  push:
+    branches:
+      - main
+      - doc-site
+    paths:
+      - doc-site/**
+
+env:
+  region: us-west-2
+  s3_sync_path: /docs/modules/backend-go
+  BUILD_DOMAIN: ${{ secrets.ZERO_DOC_SITE_DOMAIN_NAME }}
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+      - name: Install Dependencies
+        working-directory: doc-site
+        run: npm install
+      - name: Build website
+        working-directory: doc-site
+        run: |
+          npm run build
+          ls -la
+      - name: Upload build artifact to Github
+        uses: actions/upload-artifact@v2
+        with:
+          name: build-artifact
+          path: doc-site/build
+
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    needs: build
+
+    steps:
+    # Once github action supports nested composite actions (anything `uses` is a composite action)
+    # Therefore we cannot reuse the code as a separate composite action until it supports it,
+    # current the deploy logic is in this file twice because of it
+    ## https://github.com/actions/runner/issues/862
+    - uses: actions/checkout@v2
+    - name: Configure AWS credentials for S3 sync
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.ZERO_DOC_SITE_AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.ZERO_DOC_SITE_AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ env.region }}
+    - name: Download build artifact from Github
+      uses: actions/download-artifact@v1
+      with:
+        name: build-artifact
+        path: build/
+    - name: Sync with S3
+      shell: bash
+      run: |
+        cd build
+        aws s3 sync . "s3://${{ secrets.ZERO_DOC_SITE_BUCKET_NAME }}${{ env.s3_sync_path }}" --delete
+    - name: Invalidate Cloudfront
+      shell: bash
+      run: |
+        export DIST_ID=$(aws cloudfront list-distributions --query "DistributionList.Items[?Aliases.Items[?@=='${{ secrets.ZERO_DOC_SITE_BUCKET_NAME }}']].Id | [0]" | tr -d '"')
+        aws cloudfront create-invalidation --distribution-id ${DIST_ID} --paths "${{ env.s3_sync_path }}*"

doc-site/.gitignore

@@ -0,0 +1,24 @@
+# Dependencies
+/node_modules
+
+# Production
+/build
+
+# Generated files
+.docusaurus
+.cache-loader
+
+# Misc
+.DS_Store
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# This is downloaded during build time
+# to sync with zero core styles
+src/css/zero-downloaded-global-custom.css

doc-site/README.md

@@ -0,0 +1,33 @@
+# Website
+
+This website is built using [Docusaurus 2](https://docusaurus.io/), a modern static website generator.
+
+## Installation
+
+```console
+yarn install
+```
+
+## Local Development
+
+```console
+yarn start
+```
+
+This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.
+
+## Build
+
+```console
+yarn build
+```
+
+This command generates static content into the `build` directory and can be served using any static contents hosting service.
+
+## Deployment
+
+```console
+GIT_USER=<Your GitHub username> USE_SSH=true yarn deploy
+```
+
+If you are using GitHub pages for hosting, this command is a convenient way to build the website and push to the `gh-pages` branch.

doc-site/babel.config.js

@@ -0,0 +1,3 @@
+module.exports = {
+  presets: [require.resolve('@docusaurus/core/lib/babel/preset')],
+};

doc-site/docs/about/module-life-cycle.md

@@ -0,0 +1,33 @@
+---
+title: Module Life cycle
+sidebar_label: Module Life cycle
+sidebar_position: 4
+---
+
+
+## Prerequisites
+The CI/CD pipeline of the module requires AWS EKS cluster to be available as the deployment destination, it setups a namespace / ingress / service / deployment during the pipeline.
+
+## Scaffold
+Based on Parameters in Project definition(`zero-project.yml`), module will be scaffolded and templated out during Zero create
+
+Options that alter the templated repository
+- `database`: whether to include `mysql`/`postgresql` database driver
+- `userAuth`: Determines whether user auth provider is included in your repository
+- `CIVendor`: Scaffolds one of CircleCI / Github actions deployment pipeline
+- `billingEnabled`: Includes billing page to load products and api calls to communicated with backend service, and API key in `config.json`
+
+
+## Module Initialize phase
+_Run once only during `zero apply`_
+- Sets up CI pipeline with `env-vars` and secrets containing CI-user's AWS Credentials
+- Github Actions will rerun the initial commit since it was first ran without the credentials (during `zero create`)
+
+## On-going
+### Pull request
+- Unit test
+### Push to master branch
+- Unit test
+- Build docker image
+- Deploy image to Staging cluster using Kustomize
+- Deploy image to Production cluster using Kustomize

doc-site/docs/about/module-parameters.md

@@ -0,0 +1,49 @@
+---
+title: Module Parameters
+sidebar_label: Module Parameters
+sidebar_position: 2
+---
+
+## Parameters
+
+| Parameter | Label | Env-var(apply) | Default |
+|--|---|---|---|
+| useExistingAwsProfile | Use credentials from an existing AWS profile? | n/a | null |
+| profilePicker | n/a | n/a | null |
+| accessKeyId | AWS AccessKeyId | AWS_ACCESS_KEY_ID | null |
+| secretAccessKey | AWS SecretAccessKey | AWS_SECRET_ACCESS_KEY | null |
+| githubAccessToken | Github API Key to setup your repository and optionally CI/CD | GITHUB_ACCESS_TOKEN | null |
+| region | Select AWS Region | n/a | null |
+| productionHostRoot | Production Root Host Name (e.g. mydomain.com) - this must be the root of the chosen domain, not a subdomain. | n/a | null |
+| productionFrontendSubdomain | Production Frontend Host Name (e.g. app.) | n/a | app. |
+| productionBackendSubdomain | Production Backend Host Name (e.g. api.) | n/a | api. |
+| stagingHostRoot | Staging Root Host Name (e.g. mydomain-staging.com) - this must be the root of the chosen domain, not a subdomain. | n/a | null |
+| stagingFrontendSubdomain | Staging Frontend Host Name (e.g. app.) | n/a | app. |
+| stagingBackendSubdomain | Staging Backend Host Name (e.g. api.) | n/a | api. |
+| database | Database engine to use (postgres) | n/a | null |
+| cacheStore | Cache store to use (default: no cache) | n/a | null |
+| accountId | AWS Account ID | n/a | null |
+| randomSeed | Random seed that will be shared between projects to come up with deterministic resource names | n/a | null |
+| databaseName | n/a | n/a | null |
+| fileUploads | Enable file uploads using S3 and Cloudfront signed URLs? (Will require manual creation of a Cloudfront keypair in AWS) | n/a | true |
+| userAuth | Enable user management using Kratos and authentication using the Oathkeeper access proxy? | n/a | true |
+| CIVendor | Using either circleCI or github Actions to build / test your repository | n/a | circleci |
+| circleciApiKey | Circle CI API Key to setup your CI/CD for repositories | CIRCLECI_API_KEY | null |
+| billingEnabled | Provides a subscription example using stripe in backend and frontend repository, this includes the checkout feature so you must have a verified(with bank account setup) Stripe account to use these features | n/a | null |
+| stagingStripePublicApiKey | Staging Stripe public api key, used for frontend repository (Recommended: using sandbox key while setting up) | n/a | null |
+| stagingStripeSecretApiKey | Staging Stripe secret api key, used for backend repository (Recommended: using sandbox key while setting up) | n/a | null |
+| productionStripePublicApiKey | Production Stripe public api key, used for frontend repository (Recommended: using sandbox key while setting up) | n/a | null |
+| productionStripeSecretApiKey | Production Stripe secret api key, used for backend repository (Recommended: using sandbox key while setting up) | n/a | null |
+
+:::info
+Content generated by
+```shell
+## requires binary: `yq`
+which yqq >/dev/null || echo "Please install yq"
+cat <<EOF
+| Parameter | Label | Env-var(apply) | Default |
+|--|---|---|---|
+EOF
+cat zero-module.yml | yq -r '.parameters[] | "| " + .field + " | " + (.label//"n/a") + " | " +  (.envVarName //"n/a") + " | " +  ((.default)|tostring //"n/a") + " | "'
+```
+:::

doc-site/docs/about/overview.md

@@ -0,0 +1,31 @@
+---
+title: Overview
+sidebar_label: Overview
+sidebar_position: 1
+---
+
+This is a [Zero][zero] module which sets up a
+service which can be deployed to the environment set up with [zero-aws-eks-stack][zero-infra].
+
+The `/templates` folder is meant to be filled in via [Zero][zero] and results in Simple Go Service with a status endpoint. It also contains a simple CircleCI pipeline which defines how to build and deploy the service.
+
+This repository is language/business-logic agnostic; mainly showcasing some universal best practices:
+- Built in containerization with docker
+- Deployment flow with kubernetes
+- Out of the box CI/CD flow CircleCi
+  - testing
+  - building docker image
+  - uploading docker image to private registry (ECR)
+  - deploy with kustomize
+  - manual approval step for production environment
+
+
+### Frontend Repo
+
+The corresponding frontend for this app is [zero-deployable-react-frontend][zero-frontend].
+
+
+<!-- Links -->
+[zero]: https://github.com/commitdev/zero
+[zero-infra]: https://github.com/commitdev/zero-aws-eks-stack
+[zero-frontend]: https://github.com/commitdev/zero-deployable-react-frontend

doc-site/docs/components/billing.md

@@ -0,0 +1,35 @@
+---
+title: Billing using Stripe
+sidebar_label: Stripe
+sidebar_position: 3
+---
+
+## Billing example
+If you have enabled Billing from Zero, a subscription and checkout example using [Stripe](https://stripe.com), coupled with the backend repository to provide an end-to-end checkout example for you to customize. We also setup a webhook and an endpoint in the backend to receive webhook when events occur.
+
+### Requirements
+This billing example requires the following backend API endpoints:
+```
+GET /billing/products
+POST /billing/success
+POST /billing/cancel
+POST /billing/checkout
+```
+
+### Initialization
+`zero apply` will run a script adding your Stripe API keys to external secret, allowing your kubernetes deployment to access it.
+
+
+### Setup
+The following example content has been set up in Stripe:
+- 1 product
+- 3 prices(subscriptions) [annual, monthly, daily]
+- 1 webhook [`charge.failed`, `charge.succeeded`, `customer.created`, `subscription_schedule.created`]
+See link for available webhooks: https://stripe.com/docs/api/webhook_endpoints/create?lang=curl#create_webhook_endpoint-enabled_events
+
+this is setup using the script [scripts/stripe-example-setup.sh][backend-stripe-setup-script]
+
+### Deployment
+The initialization step already added your Stripe API key to AWS secret manager hooked up with External Secrets, if you need to update the API Key you can simply edit the value in AWS Secret Manager (this will mean you have to update the frontend publishable key as well)
+
+[backend-stripe-setup-script]: https://github.com/commitdev/zero-deployable-backend/blob/main/templates/scripts/stripe-example-setup.sh

doc-site/docs/components/user-auth.md

@@ -0,0 +1,36 @@
+---
+title: User Auth
+sidebar_label: User Auth
+sidebar_position: 1
+---
+
+## Authentication
+If you enabled `user_auth` from Project definition. An authentication setup would be templated out along side your frontend application. 
+With examples of:
+- Authenticated and Unauthenticated navigation bar
+- Auth-provider implemented with user status checking
+- Home page with 2 blocks of data from backend, one requiring authentication
+- Signup/Login/Password reset forms secured with CSRF token
+- Example of backend API calls authenticated via https only cookie using signed JWT tokens
+
+## Concept
+This example is built with backend components [ORY Oathkeepr][oathkeeper] as an access identity proxy and [ORY Kratos][kratos] as user-management system.
+
+### Ingress
+When user-auth is enabled, instead of routing your request straight to your service, it will go through the access proxy - Oathkeeper, then if it satisfies the rules it will then continue en-route to your application service. This comes with multiple rules (Based on regexp)
+- 
+
+### Forms
+Forms on the frontend are secured with [CSRF tokens][csrf], they are a nonce that ensure the request cannot be repeatedly executed. Each form request(signup/login/password reset) are initiated and identifiable.
+
+### API calls to the backend
+API calls to the backend are authenticated via the Oathkeeper proxy, they are made to the backend with `credentials: include`
+```javascript
+fetch(uri,{ credentials : "include" });
+```
+This will pass along `same-origin`'s cookie along with the request, and through Oathkeeper Proxy will inspect the Cookie against Kratos for authenticity and expiry, and upon unauthenticated request it will return `401 Unauthorized` and request **will not** make it to the backend service.
+
+
+[kratos]: https://github.com/ory/kratos
+[oathkeeper]: https://github.com/ory/oathkeeper
+[csrf]:https://owasp.org/www-community/attacks/csrf

doc-site/docs/guides/ci-cd-pipeline.md

@@ -0,0 +1,42 @@
+---
+title: Continuous Integration and Delivery
+sidebar_label: CI/CD
+sidebar_position: 2
+---
+
+## Circle CI
+Your repository comes with a end-to-end CI/CD pipeline, which includes the following steps:
+1. Checkout
+2. Unit Tests
+3. Build and Push Image
+4. Deploy Staging
+5. Integration Tests
+6. Approval to Deploy to production
+7. Deploy Production
+
+
+[See details on CircleCi][circleci-details]
+
+## Github actions
+Your repository comes with a end-to-end CI/CD pipeline, which includes the following steps:
+1. Checkout
+2. Unit Tests
+3. Build Image
+4. Upload Image to ECR
+4. Deploy image to Staging cluster
+5. Integration tests
+6. Deploy image to Production cluster
+
+**Note**: you can add a approval step using Github Environments(Available for Public repos/Github pro), you can configure an environment in the Settings tab then simply add the follow to your ci manifest (`./.github/workflows/ci.yml`)
+```yml
+deploy-production: # or any step you would like to require Explicit approval
+  enviroments:
+    name: <env-name>
+```
+### Branch Protection
+Your repository comes with a protected branch `master` and you can edit Branch protection in **Branches** tab of Github settings. This ensures code passes tests before getting merged into your default branch.
+By default it requires `[lint, unit-test]` to be passing to allow Pull requests to merge.
+<% end %>
+
+[circleci-details]: https://github.com/commitdev/zero-deployable-node-backend/tree/main/templates/.circleci/README.md
+[github-actions]: https://github.com/commitdev/zero-deployable-node-backend/tree/main/templates/.github/workflows/ci.yml