Merge pull request #47 from developmentseed/feature/add-action-for-veda-deploy

Feature/add action for veda deploy

Author: abarciauskas-bgse

.github/actions/cdk-deploy/action.yml

@@ -0,0 +1,92 @@
+name: Deploy
+
+inputs:
+  env_aws_secret_name:
+    required: false
+    type: string
+    default: ''
+  dir:
+    required: false
+    type: string
+    default: "."
+  script_path:
+    required: true
+    type: string
+    default: ''
+  skip_deploy:
+    required: false
+    type: string
+    default: 'false'
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install node and related deps
+      uses: actions/setup-node@v4
+      with:
+        node-version: 20
+
+    - uses: actions/cache@v3
+      with:
+        path: ~/.npm
+        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+
+    - name: Install AWS CDK
+      shell: bash
+      run: npm install -g aws-cdk@2
+
+    - name: Install uv
+      uses: astral-sh/setup-uv@v3
+      with:
+        version: "0.5.*" 
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.12'
+
+    - name: Install dependencies
+      shell: bash
+      working-directory: ${{ inputs.dir }}
+      run: |
+        uv sync --only-group deployment
+        uv run npm install
+        uv pip install boto3 # for the generate_env_file.py script
+
+    - name: Get relevant environment configuration from aws secrets
+      if: inputs.env_aws_secret_name != ''
+      shell: bash
+      env:
+        AWS_DEFAULT_REGION: us-west-2
+      run: python ${{ inputs.script_path }} --secret-id ${{ inputs.env_aws_secret_name }} --env-file ${{ inputs.dir }}/.env
+
+    - name: CDK Synth
+      shell: bash
+      working-directory: ${{ inputs.dir }}
+      run: uv run --only-group deployment npm run cdk -- synth
+
+    - name: Check Asset Sizes
+      shell: bash
+      working-directory: ${{ inputs.dir }}
+      run: |
+        MAX_SIZE_BYTES=262144000  # 262 MB in bytes
+        for dir in cdk.out/asset.*; do
+          if [ -d "$dir" ]; then
+            size=$(du -sb "$dir" | cut -f1)
+            if [ "$size" -gt $MAX_SIZE_BYTES ]; then
+              echo "Directory $dir exceeds 262 MB with size $size bytes (max: $MAX_SIZE_BYTES bytes)."
+              exit 1
+            fi
+            echo "Asset directory $dir size: $size bytes"
+          fi
+        done
+        echo "All asset directories are within size limits."
+
+    - name: Deploy Test
+      if: ${{ inputs.skip_deploy == 'false' }}
+      id: deploy_titiler_cmr_stack
+      working-directory: ${{ inputs.dir }}
+      run: uv run cdk deploy --all --require-approval never --outputs-file ${HOME}/cdk-outputs.json
+      shell: bash
+      env:
+        TITILER_CMR_ADDITIONAL_ENV: '{"TITILER_CMR_S3_AUTH_STRATEGY":"iam"}'

.github/workflows/ci.yml

@@ -1,4 +1,4 @@
-name: Test and Deploy
+name: Test
 
 # Triggers on pushes to main, dev and tags.
 on:
@@ -56,60 +56,3 @@ jobs:
 
       - name: Run tests
         run: uv run pytest
-
-  deploy:
-    needs: [tests]
-    runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/tags/v')
-
-    defaults:
-      run:
-        working-directory: infrastructure/aws
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v2
-        with:
-          role-to-assume: ${{ secrets.deploy_role_arn }}
-          role-session-name: samplerolesession
-          aws-region: us-west-2
-
-      - name: Set up node
-        uses: actions/setup-node@v4
-        with:
-          node-version: '14.x'
-
-      - name: Install cdk
-        run: npm install -g
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.12'
-
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          python -m pip install -r requirements-cdk.txt
-
-      # Build and deploy to the development environment whenever there is a push to main or dev
-      - name: Build & Deploy Development
-        if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
-        run: npm run cdk -- deploy titiler-cmr-staging --require-approval never
-        env:
-          # STACK_ALARM_EMAIL: ${{ secrets.ALARM_EMAIL }}
-          STACK_ROLE_ARN: ${{ secrets.lambda_role_arn }}
-          STACK_STAGE: staging
-          STACK_ADDITIONAL_ENV: '{"TITILER_CMR_S3_AUTH_STRATEGY":"iam", "TITILER_CMR_API_DEBUG":"TRUE"}'
-
-      # Build and deploy to production deployment whenever there a new tag is pushed
-      - name: Build & Deploy Production
-        if: startsWith(github.ref, 'refs/tags/v')
-        run: npm run cdk -- deploy titiler-cmr-production --require-approval never
-        env:
-          # STACK_ALARM_EMAIL: ${{ secrets.ALARM_EMAIL }}
-          STACK_ROLE_ARN: ${{ secrets.lambda_role_arn }}
-          STACK_STAGE: production
-          STACK_ADDITIONAL_ENV: '{"TITILER_CMR_S3_AUTH_STRATEGY":"iam"}'

README.md

@@ -95,6 +95,10 @@ TITILER_CMR_S3_AUTH_ACCESS=external uvicorn titiler.cmr.main:app --reload
 
 The application will be available at this address: [http://localhost:8000/api.html](http://localhost:8000/api.html)
 
+## Deployment to AWS
+
+Deployment to AWS is currently triggered using [veda-deploy](https://github.com/NASA-IMPACT/veda-deploy). veda-deploy checks out this repo as a submodule and then executes [.github/actions/cdk-deploy/action.yml](.github/actions/cdk-deploy/action.yml) (see also: [veda-deploy/.github/workflows/deploy.yml](https://github.com/NASA-IMPACT/veda-deploy/blob/dev/.github/workflows/deploy.yml)). For more details, please review the [veda-deploy README section on adding new components](https://github.com/NASA-IMPACT/veda-deploy/tree/dev?tab=readme-ov-file#add-new-components).
+
 ## Contribution & Development
 
 See [CONTRIBUTING.md](https://github.com/developmentseed/titiler-cmr/blob/develop/CONTRIBUTING.md)

infrastructure/aws/cdk/app.py

@@ -3,16 +3,15 @@
 import os
 from typing import Any, Dict, List, Optional
 
-from aws_cdk import App, CfnOutput, Duration, Stack, Tags
-from aws_cdk import aws_apigatewayv2_alpha as apigw
+from aws_cdk import App, CfnOutput, Duration, Stack, Tags, aws_lambda
+from aws_cdk import aws_apigatewayv2 as apigw
 from aws_cdk import aws_cloudwatch as cloudwatch
 from aws_cdk import aws_cloudwatch_actions as cloudwatch_actions
 from aws_cdk import aws_iam as iam
-from aws_cdk import aws_lambda
 from aws_cdk import aws_logs as logs
 from aws_cdk import aws_sns as sns
 from aws_cdk import aws_sns_subscriptions as subscriptions
-from aws_cdk.aws_apigatewayv2_integrations_alpha import HttpLambdaIntegration
+from aws_cdk.aws_apigatewayv2_integrations import HttpLambdaIntegration
 from config import StackSettings
 from constructs import Construct
 

infrastructure/aws/cdk/config.py

@@ -37,5 +37,5 @@ class StackSettings(BaseSettings):
     alarm_email: Optional[str] = None
 
     model_config = SettingsConfigDict(
-        env_prefix="STACK_", env_file=".env", extra="ignore"
+        env_prefix="TITILER_CMR_", env_file=".env", extra="ignore"
     )

infrastructure/aws/lambda/Dockerfile

@@ -30,6 +30,12 @@ RUN rm -rdf /asset/numpy/doc/ /asset/bin /asset/geos_license /asset/Misc
 RUN rm -rdf /asset/boto3*
 RUN rm -rdf /asset/botocore*
 
+# Strip debug symbols from compiled C/C++ code (except for numpy.libs!)
+RUN cd /asset && \
+  find . -type f -name '*.so*' \
+  -not -path "./numpy.libs/*" \
+  -exec strip --strip-unneeded {} \;
+
 COPY infrastructure/aws/lambda/handler.py /asset/handler.py
 
 CMD ["echo", "hello world"]

infrastructure/aws/package.json

@@ -5,7 +5,7 @@
   "license": "MIT",
   "private": true,
   "dependencies": {
-    "cdk": "2.94.0"
+    "cdk": "^2.177.0"
   },
   "scripts": {
     "cdk": "cdk"

pyproject.toml

@@ -75,6 +75,12 @@ dev = [
     "pytest-benchmark>=5.1.0",
     "seaborn>=0.13.2",
 ]
+deployment = [
+    "aws-cdk-lib~=2.177.0",
+    "constructs>=10.4.2",
+    "pydantic-settings~=2.0",
+    "python-dotenv>=1.0.1"
+]
 
 [project.urls]
 Homepage = 'https://developmentseed.org/titiler-cmr/'

titiler/cmr/backend.py

@@ -37,7 +37,7 @@
 
 @cached(  # type: ignore
     TTLCache(maxsize=100, ttl=60),
-    key=lambda auth, daac: hashkey(auth.tokens[0]["access_token"], daac),
+    key=lambda auth, daac: hashkey(auth.token["access_token"], daac),
 )
 def aws_s3_credential(auth: Auth, provider: str) -> Dict:
     """Get AWS S3 credential through earthaccess."""