From 767c1b39288dbf53ef78ba78ac6fe10208617a51 Mon Sep 17 00:00:00 2001 From: KONFeature Date: Tue, 28 May 2024 22:58:46 +0200 Subject: [PATCH] Add env variable directly to the stack --- .../workflows/deploy-submodule-via-ec2.yml | 76 ------------------- sst.config.ts | 59 ++++++++------ 2 files changed, 34 insertions(+), 101 deletions(-) delete mode 100644 .github/workflows/deploy-submodule-via-ec2.yml diff --git a/.github/workflows/deploy-submodule-via-ec2.yml b/.github/workflows/deploy-submodule-via-ec2.yml deleted file mode 100644 index ce5a6df..0000000 --- a/.github/workflows/deploy-submodule-via-ec2.yml +++ /dev/null @@ -1,76 +0,0 @@ -name: "🚀 Deploy submodule" - -on: - workflow_call: - inputs: - ami-image-id: - required: false - type: string - instance-type: - required: true - type: string - pr-sha: - required: true - type: string - ref: - required: true - type: string - stage-override: - required: false - type: string - -jobs: - start-runner: - name: "🔧 Start EC2 runner" - runs-on: ubuntu-latest - outputs: - label: ${{ steps.start-ec2-runner.outputs.label }} - ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} - steps: - - name: "👥 Configure AWS Credentials" - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::262732185023:role/github-action-deploy-role - aws-region: eu-west-1 - retry-max-attempts: 5 - - name: "🚀 Start EC2 runner" - id: start-ec2-runner - uses: machulav/ec2-github-runner@v2 - env: - GH_PERSONAL_ACCESS_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - with: - mode: start - github-token: ${{ env.GH_PERSONAL_ACCESS_TOKEN }} - ec2-image-id: ${{ inputs.ami-image-id || 'ami-034dddee671b5c88b' }} - ec2-instance-type: ${{ inputs.instance-type }} - subnet-id: subnet-008e0d55cc46af9a2 - security-group-id: sg-07012408d5797f987 - runner-home-dir: "/home/ubuntu/action-runner-2.311.0" - - deploy-module: - needs: start-runner - uses: ./.github/workflows/deploy-submodule.yml - with: - runner-label: ${{ needs.start-runner.outputs.label }} - pr-sha: ${{ inputs.pr-sha }} - ref: ${{ inputs.ref }} - - stop-runner: - name: "🔧 Stop EC2 runner" - runs-on: ubuntu-latest - needs: [start-runner, deploy-module] - if: "success() || failure()" - steps: - - name: "👥 Configure AWS Credentials" - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::262732185023:role/github-action-deploy-role - aws-region: eu-west-1 - retry-max-attempts: 5 - - name: "⚰️ Stop EC2 runner" - uses: machulav/ec2-github-runner@v2 - with: - mode: stop - github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - label: ${{ needs.start-runner.outputs.label }} - ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }} diff --git a/sst.config.ts b/sst.config.ts index cf46dce..38eb7ea 100644 --- a/sst.config.ts +++ b/sst.config.ts @@ -1,6 +1,6 @@ import { Port, SecurityGroup } from "aws-cdk-lib/aws-ec2"; import type { SSTConfig } from "sst"; -import { Service, type StackContext } from "sst/constructs"; +import { Service, type StackContext, Config } from "sst/constructs"; export default { config(_input) { @@ -36,14 +36,19 @@ export default { * @param stack * @constructor */ -function IndexerStack({ app, stack }: StackContext) { - // TODO: Should be bound to the VPC of the postgresql table - // Get the security group for the database - const databaseSecurityGroup = SecurityGroup.fromLookupById( - stack, - "indexer-db-sg", - "sg-0cbbb98322234113f" - ); +function IndexerStack({ stack }: StackContext) { + // All the secrets env variable we will be using (in local you can just use a .env file) + const secrets = [ + // Db url + new Config.Secret(stack, "DATABASE_URL"), + // Mainnet RPCs + new Config.Secret(stack, "PONDER_RPC_URL_ARB"), + new Config.Secret(stack, "PONDER_RPC_URL_OPTIMISM"), + new Config.Secret(stack, "PONDER_RPC_URL_BASE"), + new Config.Secret(stack, "PONDER_RPC_URL_POLYGON"), + // Testnet RPCs + new Config.Secret(stack, "PONDER_RPC_URL_ARB_SEPOLIA"), + ] // The service itself const indexerService = new Service(stack, "IndexerService", { @@ -54,22 +59,15 @@ function IndexerStack({ app, stack }: StackContext) { domainName: "indexer.frak.id", hostedZone: "frak.id", }, - // Setup some build options - build: { - /*cacheTo: { - type: "registry", - params: { - ref: `${app.account}.dkr.ecr.eu-west-1.amazonaws.com/indexer-cache:latest`, - mode: "max" - } - }, - cacheFrom: [{ - type: "registry", - params: { - ref: `${app.account}.dkr.ecr.eu-west-1.amazonaws.com/indexer-cache:latest` - } - }]*/ + // Setup some capacity options + scaling: { + minContainers: 1, + maxContainers: 4, + cpuUtilization: 90, + memoryUtilization: 90, }, + // Bind the secret we will be using + bind: secrets, // Arm architecture (lower cost) architecture: "arm64", // Hardware config @@ -78,11 +76,22 @@ function IndexerStack({ app, stack }: StackContext) { storage: "30 GB", // Log retention logRetention: "one_week", + // Set the right environment variables + environment: { + // Ponder related stuff + PONDER_LOG_LEVEL: "debug", + PONDER_TELEMETRY_DISABLED: "true", + }, }); // Set up connections to database via security groups const cluster = indexerService.cdk?.cluster; if (cluster) { - console.log("Allowing connections from indexer to database"); + // Get the security group for the database and link to it + const databaseSecurityGroup = SecurityGroup.fromLookupById( + stack, + "indexer-db-sg", + "sg-0cbbb98322234113f" + ); databaseSecurityGroup.connections.allowFrom(cluster, Port.tcp(5432)); }