build and deploy api container

lbernhard95 · Oct 30, 2024 · 5fc8a84 · 5fc8a84
1 parent 9a20e0a
commit 5fc8a84
Show file tree

Hide file tree

Showing 9 changed files with 77 additions and 19 deletions.
diff --git a/.github/workflows/scheduler.yml b/.github/workflows/scheduler.yml
@@ -13,14 +13,14 @@ jobs:
   build-web:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: arn:aws:iam::082113759242:role/github_oidc_role
           aws-region: eu-central-1
       - name: Set up Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: '22.11.0'
 
@@ -39,10 +39,26 @@ jobs:
         working-directory: web
         run: |
           aws s3 sync ./build s3://schafkopf-web-082113759242 --delete
+  build-api:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::082113759242:role/github_oidc_role
+          aws-region: eu-central-1
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+      - name: Build, tag, and push docker image to Amazon ECR
+        run: |
+          docker build -f ./schafkopf/api/Dockerfile -t 082113759242.dkr.ecr.eu-central-1.amazonaws.com/schafkopf-api-lambda:latest .
+          docker push 082113759242.dkr.ecr.eu-central-1.amazonaws.com/schafkopf-api-lambda:latest
   build-scheduler:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
@@ -59,7 +75,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: build-scheduler
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:

diff --git a/infrastructure/api/acm.tf b/infrastructure/api/acm.tf
@@ -0,0 +1,30 @@
+resource "aws_acm_certificate" "certs" {
+  domain_name       = local.api_sub_domain
+  validation_method = "DNS"
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_acm_certificate_validation" "cert-validation" {
+  certificate_arn         = aws_acm_certificate.certs.arn
+  validation_record_fqdns = [for record in aws_route53_record.cert-validation-record : record.fqdn]
+}
+
+
+resource "aws_route53_record" "cert-validation-record" {
+  for_each = {
+    for dvo in aws_acm_certificate.certs.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    }
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 60
+  type            = each.value.type
+  zone_id         = data.aws_route53_zone.domain.zone_id
+}
diff --git a/infrastructure/api/apigw.tf b/infrastructure/api/apigw.tf
@@ -9,17 +9,17 @@ resource "aws_api_gateway_rest_api" "api" {
 
 resource "aws_api_gateway_domain_name" "api" {
   domain_name      = local.api_sub_domain
-  regional_certificate_arn = data.aws_acm_certificate.cert.arn
+  regional_certificate_arn = aws_acm_certificate.certs.arn
   endpoint_configuration {
     types = ["REGIONAL"]
   }
 }
-
+/*
 resource "aws_api_gateway_base_path_mapping" "api" {
   domain_name = aws_api_gateway_domain_name.api.domain_name
   stage_name  = aws_api_gateway_stage.api.stage_name
   api_id      = aws_api_gateway_rest_api.api.id
-}
+}*/
 
 
 resource "aws_api_gateway_rest_api_policy" "api_policy" {
@@ -39,7 +39,7 @@ resource "aws_api_gateway_rest_api_policy" "api_policy" {
 }
 
 
-resource "aws_api_gateway_deployment" "api" {
+/*resource "aws_api_gateway_deployment" "api" {
   rest_api_id       = aws_api_gateway_rest_api.api.id
   triggers = {
     # NOTE: The configuration below will satisfy ordering considerations,
@@ -66,7 +66,7 @@ resource "aws_api_gateway_stage" "api" {
   deployment_id = aws_api_gateway_deployment.api.id
   rest_api_id   = aws_api_gateway_rest_api.api.id
   stage_name    = "v1"
-}
+}*/
 
 resource "aws_api_gateway_resource" "api" {
   rest_api_id = aws_api_gateway_rest_api.api.id
@@ -84,7 +84,7 @@ resource "aws_api_gateway_method" "api" {
     "method.request.path.proxy" = true
   }
 }
-
+/*
 resource "aws_api_gateway_integration" "api" {
   rest_api_id             = aws_api_gateway_rest_api.api.id
   resource_id             = aws_api_gateway_resource.api.id
@@ -93,3 +93,4 @@ resource "aws_api_gateway_integration" "api" {
   type                    = "AWS_PROXY"
   uri                     = aws_lambda_function.api.invoke_arn
 }
+*/
diff --git a/infrastructure/api/cloudwatch.tf b/infrastructure/api/cloudwatch.tf
@@ -0,0 +1,4 @@
+resource "aws_cloudwatch_log_group" "tasks_service" {
+  name              = "/aws/lambda/schafkopf_api"
+  retention_in_days = 30
+}
diff --git a/infrastructure/api/data.tf b/infrastructure/api/data.tf
@@ -1,7 +1,3 @@
 data "aws_route53_zone" "domain" {
   name = "lukas-bernhard.de"
 }
-
-data "aws_acm_certificate" "cert" {
-  domain = "*.lukas-bernhard.de"
-}
diff --git a/infrastructure/api/ecr.tf b/infrastructure/api/ecr.tf
@@ -24,8 +24,8 @@ resource "aws_ecr_lifecycle_policy" "api" {
   })
 }
 
-
+/*
 data "aws_ecr_image" "api" {
   repository_name = aws_ecr_repository.api.name
   image_tag       = "latest"
-}
+}*/
diff --git a/infrastructure/api/lambda.tf b/infrastructure/api/lambda.tf
@@ -1,4 +1,4 @@
-resource "aws_lambda_function" "api" {
+/*resource "aws_lambda_function" "api" {
   function_name    = "schafkopf_api"
   package_type     = "Image"
   image_uri        = "${aws_ecr_repository.api.repository_url}:latest"
@@ -8,7 +8,7 @@ resource "aws_lambda_function" "api" {
 
   role = aws_iam_role.api.arn
 }
-
+*/
 resource "aws_iam_role" "api" {
   name = "schafkopf_api"
   assume_role_policy = jsonencode({
@@ -57,11 +57,12 @@ resource "aws_iam_role_policy_attachment" "api" {
   policy_arn = aws_iam_policy.api.arn
 }
 
-
+/*
 resource "aws_lambda_permission" "wheatley-api" {
   statement_id  = "AllowExecutionFromAPIGateway"
   action        = "lambda:InvokeFunction"
   function_name = aws_lambda_function.api.function_name
   principal     = "apigateway.amazonaws.com"
   source_arn    = "${aws_api_gateway_rest_api.api.execution_arn}/*"
 }
+*/
diff --git a/infrastructure/api/route53.tf b/infrastructure/api/route53.tf
@@ -2,4 +2,10 @@ resource "aws_route53_record" "api" {
   zone_id = data.aws_route53_zone.domain.id
   name    = aws_api_gateway_domain_name.api.domain_name
   type    = "A"
+
+  alias {
+    name = aws_api_gateway_domain_name.api.domain_name
+    zone_id = aws_api_gateway_domain_name.api.regional_zone_id
+    evaluate_target_health = false
+  }
 }
diff --git a/infrastructure/modules.tf b/infrastructure/modules.tf
@@ -5,4 +5,8 @@ module "web" {
     aws        = aws
     aws.us-east = aws.us-east
   }
+}
+
+module "api" {
+  source = "./api"
 }