From 4dcd60a9216f450d7b8be0c390424e31f5e168aa Mon Sep 17 00:00:00 2001 From: wickstargazer Date: Sat, 14 Sep 2024 14:13:54 +0700 Subject: [PATCH 01/12] (workshop): test pipeline --- .github/workflows/example-build-docker.yml | 46 ++++++++++++++++++++++ apps/api/flowaccount-workshop/project.json | 1 + dockerfile | 14 +++++++ 3 files changed, 61 insertions(+) create mode 100644 .github/workflows/example-build-docker.yml create mode 100644 dockerfile diff --git a/.github/workflows/example-build-docker.yml b/.github/workflows/example-build-docker.yml new file mode 100644 index 0000000..8f133dd --- /dev/null +++ b/.github/workflows/example-build-docker.yml @@ -0,0 +1,46 @@ +name: Build and Push Docker Image to ECR + +on: + push: + branches: + - example/pipeline # or specify any branch you want to trigger this workflow on + +jobs: + build-and-push: + runs-on: ubuntu-latest + + steps: + - name: Checkout the code + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + - name: Configure AWS credentials with session token + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # Use the session token + aws-region: us-east-1 # Change to your AWS region + + - name: Build, tag, and push Docker image + env: + ECR_URI: "778529894665.dkr.ecr.us-east-1.amazonaws.com/web-app" + IMAGE_TAG: ${{ github.sha }} + run: | + yarn nx build api-flowaccount-workshop + docker build -t $ECR_URI:$IMAGE_TAG . + docker push $ECR_URI:$IMAGE_TAG + + - name: Image digest + run: | + IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ env.REPO_URI }}:${{ github.sha }}) + echo "Docker image pushed: $IMAGE_DIGEST" diff --git a/apps/api/flowaccount-workshop/project.json b/apps/api/flowaccount-workshop/project.json index c24da65..97cc6bf 100644 --- a/apps/api/flowaccount-workshop/project.json +++ b/apps/api/flowaccount-workshop/project.json @@ -11,6 +11,7 @@ "outputPath": "dist/apps/api/flowaccount-workshop", "main": "apps/api/flowaccount-workshop/src/main.ts", "tsConfig": "apps/api/flowaccount-workshop/tsconfig.app.json", + "isolatedConfig": false, "assets": [ "apps/api/flowaccount-workshop/src/assets", "apps/api/flowaccount-workshop/src/README.md" diff --git a/dockerfile b/dockerfile new file mode 100644 index 0000000..d776754 --- /dev/null +++ b/dockerfile @@ -0,0 +1,14 @@ +FROM node:fermium + +ARG GITCOMMIT="" +ENV GIT_COMMIT_HASH=${GITCOMMIT} + +WORKDIR /app + +COPY . . + +RUN npm install + +CMD ["node", "main.js"] + +EXPOSE 8081 From 3fb7d0557b1c5d0452cc8ccad4a47dd8a2233816 Mon Sep 17 00:00:00 2001 From: wickstargazer Date: Sat, 14 Sep 2024 14:16:28 +0700 Subject: [PATCH 02/12] (workshop): test pipeline --- .github/workflows/example-build-docker.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/example-build-docker.yml b/.github/workflows/example-build-docker.yml index 8f133dd..034d7dd 100644 --- a/.github/workflows/example-build-docker.yml +++ b/.github/workflows/example-build-docker.yml @@ -19,9 +19,11 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - - name: Log in to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 + # - name: Log in to Amazon ECR + # id: login-ecr + # uses: aws-actions/amazon-ecr-login@v2 + # with: + # aws-region: us-east-1 - name: Configure AWS credentials with session token uses: aws-actions/configure-aws-credentials@v2 From b43ac4c36471ea3a42ec04769f1be174ae884196 Mon Sep 17 00:00:00 2001 From: wickstargazer Date: Sat, 14 Sep 2024 14:17:54 +0700 Subject: [PATCH 03/12] (workshop): test pipeline --- .github/workflows/example-build-docker.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/example-build-docker.yml b/.github/workflows/example-build-docker.yml index 034d7dd..bcbd475 100644 --- a/.github/workflows/example-build-docker.yml +++ b/.github/workflows/example-build-docker.yml @@ -38,6 +38,7 @@ jobs: ECR_URI: "778529894665.dkr.ecr.us-east-1.amazonaws.com/web-app" IMAGE_TAG: ${{ github.sha }} run: | + yarn --frozen-lockfile yarn nx build api-flowaccount-workshop docker build -t $ECR_URI:$IMAGE_TAG . docker push $ECR_URI:$IMAGE_TAG From 48c2f2d5a084fe383b0dd049b0fabcfa3d9aed3e Mon Sep 17 00:00:00 2001 From: wickstargazer Date: Sat, 14 Sep 2024 14:43:56 +0700 Subject: [PATCH 04/12] (workshop): test pipeline --- .github/workflows/example-build-docker.yml | 10 ++++------ apps/api/flowaccount-workshop/project.json | 2 +- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/example-build-docker.yml b/.github/workflows/example-build-docker.yml index bcbd475..6efb48d 100644 --- a/.github/workflows/example-build-docker.yml +++ b/.github/workflows/example-build-docker.yml @@ -19,12 +19,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - # - name: Log in to Amazon ECR - # id: login-ecr - # uses: aws-actions/amazon-ecr-login@v2 - # with: - # aws-region: us-east-1 - - name: Configure AWS credentials with session token uses: aws-actions/configure-aws-credentials@v2 with: @@ -33,6 +27,10 @@ jobs: aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # Use the session token aws-region: us-east-1 # Change to your AWS region + - name: Log in to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + - name: Build, tag, and push Docker image env: ECR_URI: "778529894665.dkr.ecr.us-east-1.amazonaws.com/web-app" diff --git a/apps/api/flowaccount-workshop/project.json b/apps/api/flowaccount-workshop/project.json index 97cc6bf..18ed6bb 100644 --- a/apps/api/flowaccount-workshop/project.json +++ b/apps/api/flowaccount-workshop/project.json @@ -11,7 +11,7 @@ "outputPath": "dist/apps/api/flowaccount-workshop", "main": "apps/api/flowaccount-workshop/src/main.ts", "tsConfig": "apps/api/flowaccount-workshop/tsconfig.app.json", - "isolatedConfig": false, + "webpackConfig": "apps/api/flowaccount-workshop/webpack.config.ts", "assets": [ "apps/api/flowaccount-workshop/src/assets", "apps/api/flowaccount-workshop/src/README.md" From 3df65c3e388cee0d63c2b7f7edcd52aab957fb72 Mon Sep 17 00:00:00 2001 From: wickstargazer Date: Sat, 14 Sep 2024 14:49:27 +0700 Subject: [PATCH 05/12] (workshop): test pipeline --- .../flowaccount-workshop/webpack.config.ts | 42 +++++++++++++++++++ .../flowaccount-workshop/with-externals.ts | 29 +++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 apps/api/flowaccount-workshop/webpack.config.ts create mode 100644 apps/api/flowaccount-workshop/with-externals.ts diff --git a/apps/api/flowaccount-workshop/webpack.config.ts b/apps/api/flowaccount-workshop/webpack.config.ts new file mode 100644 index 0000000..483c6a0 --- /dev/null +++ b/apps/api/flowaccount-workshop/webpack.config.ts @@ -0,0 +1,42 @@ +const { NxWebpackPlugin } = require('@nx/webpack'); +const nodeExternals = require('webpack-node-externals'); +const { withExternals } = require('./with-externals'); +const { composePlugins } = require('@nx/webpack'); + +module.exports = composePlugins( + (config, { options, context }) => { + return { + target: 'node', + node: { + __dirname: true + }, + module: { + rules: [ + { + test: /\.(json)$/, + type: 'src/config', + } + ], + }, + output: { + globalObject: 'this', + }, + plugins: [ + new NxWebpackPlugin({ + tsConfig: options.tsConfig, + compiler: 'swc', + main: options.main, + outputHashing: false, + ssr: true, + sourceMap: true, + generatePackageJson: options.generatePackageJson, + assets: options.assets, + outputPath: options.outputPath + }), + ], + + externals: [withExternals([/^aws-cdk-lib\//,/aws-cdk-stack\//,/^aws-cdk-core\//,/^nx-aws-cdk\//]),] + } + }); + + diff --git a/apps/api/flowaccount-workshop/with-externals.ts b/apps/api/flowaccount-workshop/with-externals.ts new file mode 100644 index 0000000..0e7630f --- /dev/null +++ b/apps/api/flowaccount-workshop/with-externals.ts @@ -0,0 +1,29 @@ +import { NxComposableWebpackPlugin } from '@nx/webpack'; +import type { Configuration } from 'webpack'; + +// @example withExternals([/^@aws-sdk\//, /^@aws-lambda-powertools\//]) +export function withExternals(externals: RegExp[]): NxComposableWebpackPlugin { + return function configure(config: Configuration): Configuration { + config.externals = Array.isArray(config.externals) + ? config.externals + : config.externals + ? [config.externals] + : []; + config.externals.push(function ( + ctx, + callback: ( + err?: null | Error, + result?: string | boolean | string[] | { [index: string]: any }, + ) => void, + ) { + if (externals.some((e) => e.test(ctx.request))) { + // not bundled + return callback(null, `commonjs ${ctx.request}`); + } + // bundled + callback(); + }); + + return config; + }; +} \ No newline at end of file From f0eabfd0cebcd37a2a64773e8e3c7ddff9bf7728 Mon Sep 17 00:00:00 2001 From: wickstargazer Date: Sat, 14 Sep 2024 15:06:09 +0700 Subject: [PATCH 06/12] (workshop): test pipeline --- .github/workflows/example-build-docker.yml | 8 ++++---- dockerfile | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/example-build-docker.yml b/.github/workflows/example-build-docker.yml index 6efb48d..0eaa451 100644 --- a/.github/workflows/example-build-docker.yml +++ b/.github/workflows/example-build-docker.yml @@ -41,7 +41,7 @@ jobs: docker build -t $ECR_URI:$IMAGE_TAG . docker push $ECR_URI:$IMAGE_TAG - - name: Image digest - run: | - IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ env.REPO_URI }}:${{ github.sha }}) - echo "Docker image pushed: $IMAGE_DIGEST" + # - name: Image digest + # run: | + # IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ env.REPO_URI }}:${{ github.sha }}) + # echo "Docker image pushed: $IMAGE_DIGEST" diff --git a/dockerfile b/dockerfile index d776754..ec8e668 100644 --- a/dockerfile +++ b/dockerfile @@ -5,9 +5,9 @@ ENV GIT_COMMIT_HASH=${GITCOMMIT} WORKDIR /app -COPY . . +COPY dist/apps/api/flowaccount-workshop/. . -RUN npm install +#RUN npm install CMD ["node", "main.js"] From 32a6c2f4e7a749843065496d091884a469289fad Mon Sep 17 00:00:00 2001 From: wickstargazer Date: Sat, 14 Sep 2024 15:09:42 +0700 Subject: [PATCH 07/12] (workshop): test pipeline --- .github/workflows/example-build-docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/example-build-docker.yml b/.github/workflows/example-build-docker.yml index 0eaa451..e848fe7 100644 --- a/.github/workflows/example-build-docker.yml +++ b/.github/workflows/example-build-docker.yml @@ -34,7 +34,7 @@ jobs: - name: Build, tag, and push Docker image env: ECR_URI: "778529894665.dkr.ecr.us-east-1.amazonaws.com/web-app" - IMAGE_TAG: ${{ github.sha }} + IMAGE_TAG: latest,${{ github.sha }} run: | yarn --frozen-lockfile yarn nx build api-flowaccount-workshop From c90f7fc11733d77eb43e38844ce1c4a504982e4f Mon Sep 17 00:00:00 2001 From: wickstargazer Date: Sat, 14 Sep 2024 15:40:35 +0700 Subject: [PATCH 08/12] (workshop): test pipeline --- .github/workflows/example-build-docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/example-build-docker.yml b/.github/workflows/example-build-docker.yml index e848fe7..ea8fc74 100644 --- a/.github/workflows/example-build-docker.yml +++ b/.github/workflows/example-build-docker.yml @@ -34,7 +34,7 @@ jobs: - name: Build, tag, and push Docker image env: ECR_URI: "778529894665.dkr.ecr.us-east-1.amazonaws.com/web-app" - IMAGE_TAG: latest,${{ github.sha }} + IMAGE_TAG: latest run: | yarn --frozen-lockfile yarn nx build api-flowaccount-workshop From e5ddad45d01eaf1760f6d13df29cd0be7a3904c5 Mon Sep 17 00:00:00 2001 From: wickstargazer Date: Sat, 14 Sep 2024 15:59:33 +0700 Subject: [PATCH 09/12] (workshop): test pipeline --- apps/api/flowaccount-workshop/project.json | 2 +- apps/api/flowaccount-workshop/src/main.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/api/flowaccount-workshop/project.json b/apps/api/flowaccount-workshop/project.json index 18ed6bb..b0ca6eb 100644 --- a/apps/api/flowaccount-workshop/project.json +++ b/apps/api/flowaccount-workshop/project.json @@ -20,7 +20,7 @@ "configurations": {} }, "serve": { - "executor": "@nx/node:node", + "executor": "@nx/js:node", "options": { "buildTarget": "api-flowaccount-workshop:build" } diff --git a/apps/api/flowaccount-workshop/src/main.ts b/apps/api/flowaccount-workshop/src/main.ts index 8011986..9a654a7 100644 --- a/apps/api/flowaccount-workshop/src/main.ts +++ b/apps/api/flowaccount-workshop/src/main.ts @@ -37,4 +37,4 @@ app.use(function (err, req, res, next) { res.render('error'); }); -app.listen(process.env.SERVER_PORT || 3000, () => { console.log('listening!')}); \ No newline at end of file +app.listen(process.env.SERVER_PORT || 8081, () => { console.log('listening!')}); \ No newline at end of file From e5300e103ca82404a9b3dcd90c9e9df48ee493e2 Mon Sep 17 00:00:00 2001 From: Umaporn Rawisettapat Date: Fri, 20 Sep 2024 17:06:46 +0700 Subject: [PATCH 10/12] cherry-push-image-test --- .github/workflows/example-build-docker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/example-build-docker.yml b/.github/workflows/example-build-docker.yml index ea8fc74..3296eee 100644 --- a/.github/workflows/example-build-docker.yml +++ b/.github/workflows/example-build-docker.yml @@ -3,7 +3,7 @@ name: Build and Push Docker Image to ECR on: push: branches: - - example/pipeline # or specify any branch you want to trigger this workflow on + - 'example/pipeline-cherry' # or specify any branch you want to trigger this workflow on jobs: build-and-push: @@ -33,7 +33,7 @@ jobs: - name: Build, tag, and push Docker image env: - ECR_URI: "778529894665.dkr.ecr.us-east-1.amazonaws.com/web-app" + ECR_URI: "697698820969.dkr.ecr.us-east-1.amazonaws.com/web-app" IMAGE_TAG: latest run: | yarn --frozen-lockfile From baf76458df7d275e281f3bd31c87a63c93d71985 Mon Sep 17 00:00:00 2001 From: Umaporn Rawisettapat Date: Fri, 20 Sep 2024 17:09:32 +0700 Subject: [PATCH 11/12] update aws creds --- .github/workflows/example-build-docker.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/example-build-docker.yml b/.github/workflows/example-build-docker.yml index 3296eee..29a11ee 100644 --- a/.github/workflows/example-build-docker.yml +++ b/.github/workflows/example-build-docker.yml @@ -19,13 +19,11 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - - name: Configure AWS credentials with session token - uses: aws-actions/configure-aws-credentials@v2 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v3 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # Use the session token - aws-region: us-east-1 # Change to your AWS region + role-to-assume: arn:aws:iam::697698820969:role/GithubActionAssumeRole + aws-region: us-east-1 - name: Log in to Amazon ECR id: login-ecr From bcaa440c9be6eaffd2860084b451fd47b93b94f5 Mon Sep 17 00:00:00 2001 From: Umaporn Rawisettapat Date: Fri, 20 Sep 2024 17:18:21 +0700 Subject: [PATCH 12/12] update permissions --- .github/workflows/example-build-docker.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/example-build-docker.yml b/.github/workflows/example-build-docker.yml index 29a11ee..69390d3 100644 --- a/.github/workflows/example-build-docker.yml +++ b/.github/workflows/example-build-docker.yml @@ -5,6 +5,10 @@ on: branches: - 'example/pipeline-cherry' # or specify any branch you want to trigger this workflow on +permissions: + id-token: write + contents: read + jobs: build-and-push: runs-on: ubuntu-latest @@ -32,7 +36,7 @@ jobs: - name: Build, tag, and push Docker image env: ECR_URI: "697698820969.dkr.ecr.us-east-1.amazonaws.com/web-app" - IMAGE_TAG: latest + IMAGE_TAG: latest-cherry-ecr run: | yarn --frozen-lockfile yarn nx build api-flowaccount-workshop