Merge pull request #82 from passportxyz/2845-fleek-aws

feat: move from fleek to amplify

infra/aws/index.ts

@@ -1,8 +1,6 @@
 import * as pulumi from "@pulumi/pulumi";
-import * as aws from "@pulumi/aws";
-import * as cloudflare from "@pulumi/cloudflare";
 import * as op from "@1password/op-js";
-import { secretsManager } from "infra-libs";
+import { secretsManager, amplify } from "infra-libs";
 
 const stack = pulumi.getStack();
 
@@ -12,173 +10,64 @@ const defaultTags = {
   Project: "id-staking-v2",
 };
 
-const stakingBranches = Object({
+const PASSPORT_APP_GITHUB_URL = op.read.parse(`op://DevOps/passport-${stack}-env/ci-staking/STAKING_APP_GITHUB_URL`);
+const PASSPORT_APP_GITHUB_ACCESS_TOKEN_FOR_AMPLIFY = op.read.parse(
+  `op://DevOps/passport-xyz-${stack}-secrets/ci-staking/STAKING_APP_GITHUB_ACCESS_TOKEN_FOR_AMPLIFY`
+);
+
+const CLOUDFLARE_DOMAIN = stack === "production" ? `passport.xyz` : "";
+// TODO: this should be moved to id-staking-v2-${stack}-env/ci/STAKING_APP_GITHUB_URL
+const CLOUDFLARE_ZONE_ID = op.read.parse(`op://DevOps/passport-${stack}-env/ci/CLOUDFLARE_ZONE_ID`);
+
+// Passport XYZ
+const passportBranches = Object({
   review: "main",
   staging: "staging-app",
   production: "production-app",
 });
 
-const amplifyStage = Object({
-  review: "DEVELOPMENT",
-  staging: "BETA",
-  production: "PRODUCTION",
-});
-const prefix = "stake";
-
-const coreInfraStack = new pulumi.StackReference(
-  `passportxyz/core-infra/${stack}`
-);
-const passportXYZDomain = coreInfraStack.getOutput("newPassportDomain");
-
-// Get STAKING_APP_GITHUB_URL Variables
-const APP_GITHUB_URL = op.read.parse(
-  // TODO: this should be moved to id-staking-v2-${stack}-env/ci/STAKING_APP_GITHUB_URL
-  `op://DevOps/passport-${stack}-env/ci-staking/STAKING_APP_GITHUB_URL`
-);
-
-// CLOUDFLARE_DOMAIN & CLOUDFLARE_ZONE_ID are only required for production
-const CLOUDFLARE_DOMAIN = stack === "production" ? `passport.xyz` : "";
-const CLOUDFLARE_ZONE_ID = op.read.parse(
-  // TODO: this should be moved to id-staking-v2-${stack}-env/ci/CLOUDFLARE_ZONE_ID
-  `op://DevOps/passport-${stack}-env/ci/CLOUDFLARE_ZONE_ID`
-);
+const coreInfraStack = new pulumi.StackReference(`passportxyz/core-infra/${stack}`);
 
-const stakingEnvironment = secretsManager
+const passportXyzAppEnvironment = secretsManager
   .getEnvironmentVars({
     vault: "DevOps",
-    repo: "passport", // TODO: this should be moved to id-staking-v2
+    repo: "passport",  // TODO: this should be moved to id-staking-v2
     env: stack,
-    section: "staking", // TODO: this section should be `app` ?
+    section: "staking",  // TODO: this section should be `app` ?
   })
   .reduce((acc, { name, value }) => {
     acc[name] = value;
     return acc;
   }, {} as Record<string, string | pulumi.Output<any>>);
 
-passportXYZDomain.apply((domainName) => {
-  const name = `${prefix}.${domainName}`;
-
-  const amplifyApp = new aws.amplify.App(
-    name,
-    {
-      name: name,
-      repository: APP_GITHUB_URL,
-      platform: "WEB_COMPUTE",
-      buildSpec: `version: 1
-applications:
-  - frontend:
-      phases:
-        preBuild:
-          commands:
-            - yarn install
-        build:
-          commands:
-            - yarn run build
-      artifacts:
-        baseDirectory: .next
-        files:
-          - '**/*'
-      cache:
-        paths:
-          - .next/cache/**/*
-          - node_modules/**/*
-    appRoot: app
-  `,
-      customRules: [
-        {
-          source: "/<*>",
-          status: "404",
-          target: "/index.html",
-        },
-      ],
-      environmentVariables: {
-        AMPLIFY_DIFF_DEPLOY: "false",
-        AMPLIFY_MONOREPO_APP_ROOT: "app",
-        ...stakingEnvironment,
-      },
-      tags: {
-        Name: name,
-        ...defaultTags,
-      },
-    },
-    { protect: true }
-  );
-
-  const branch = new aws.amplify.Branch(`${name}-${stakingBranches[stack]}`, {
-    appId: amplifyApp.id,
-    branchName: stakingBranches[stack],
-    displayName: stakingBranches[stack],
-    // stage: amplifyStage[stack],
-    ttl: "5",
-  });
-
-  const webHook = new aws.amplify.Webhook(`${name}-${stakingBranches[stack]}`, {
-    appId: amplifyApp.id,
-    branchName: stakingBranches[stack],
-    description: `trigger build from branch ${stakingBranches[stack]}`,
-  });
-
-  const domainAssociation = new aws.amplify.DomainAssociation(name, {
-    appId: amplifyApp.id,
+const amplifyAppInfo = coreInfraStack.getOutput("newPassportDomain").apply((domainName) => {
+  const prefix = "stake";
+  const amplifyAppConfig: amplify.AmplifyAppConfig = {
+    name: `${prefix}.${domainName}`,
+    githubUrl: PASSPORT_APP_GITHUB_URL,
+    githubAccessToken: PASSPORT_APP_GITHUB_ACCESS_TOKEN_FOR_AMPLIFY,
     domainName: domainName,
-    subDomains: [
+    cloudflareDomain: CLOUDFLARE_DOMAIN,
+    cloudflareZoneId: CLOUDFLARE_ZONE_ID,
+    prefix: prefix,
+    branchName: passportBranches[stack],
+    environmentVariables: passportXyzAppEnvironment,
+    tags: { ...defaultTags, Name: `${prefix}.${domainName}` },
+    buildCommand: "yarn build",
+    preBuildCommand: "yarn install",
+    artifactsBaseDirectory: ".next",
+    customRules: [
       {
-        branchName: branch.branchName,
-        prefix: prefix,
+        source: "/<*>",
+        status: "404",
+        target: "/index.html",
       },
     ],
-  });
-
-  if (CLOUDFLARE_DOMAIN != "") {
-    // Handle custom / additional domain assotiation
-    const cloudFlareDomainAssociation = new aws.amplify.DomainAssociation(
-      `cloudflare-${name}`,
-      {
-        appId: amplifyApp.id,
-        domainName: CLOUDFLARE_DOMAIN,
-        waitForVerification: false,
-        subDomains: [
-          {
-            branchName: branch.branchName,
-            prefix: prefix,
-          },
-        ],
-      }
-    );
-    const domainCert =
-      cloudFlareDomainAssociation.certificateVerificationDnsRecord;
+    platform: "WEB_COMPUTE",
+    monorepoAppRoot: "app"
+  };
 
-    // Manage CloudFlare  Records
-    const certRecord = domainCert.apply((_cert) => {
-      const certDetails = _cert.split(" "); // Name Type Value
-      const certRecord = new cloudflare.Record(
-        "cloudflare-certificate-record",
-        {
-          name: certDetails[0].replace(`.${CLOUDFLARE_DOMAIN}.`, ""), // remove the autocomplete domain
-          zoneId: CLOUDFLARE_ZONE_ID,
-          type: certDetails[1],
-          value: certDetails[2],
-          allowOverwrite: true,
-          comment: `Certificate for *.${CLOUDFLARE_DOMAIN}`,
-          // ttl: 3600
-        }
-      );
-      return certRecord;
-    });
-
-    cloudFlareDomainAssociation.subDomains.apply((_subDomains) => {
-      _subDomains.map((_subD) => {
-        const domainDetails = _subD.dnsRecord.split(" "); // Name Type Value
-        const record = new cloudflare.Record(`${domainDetails[0]}-record`, {
-          name: domainDetails[0],
-          zoneId: CLOUDFLARE_ZONE_ID,
-          type: domainDetails[1],
-          value: domainDetails[2],
-          allowOverwrite: true,
-          comment: `Points to AWS Amplify for stake V2 app`,
-        });
-        return record;
-      });
-    });
-  }
+  return amplify.createAmplifyApp(amplifyAppConfig);
 });
+
+export const amplifyAppHookUrl = pulumi.secret(amplifyAppInfo.webHook.url);

infra/package.json

@@ -11,6 +11,6 @@
         "@pulumi/awsx": "^2.0.2",
         "@pulumi/cloudflare": "^5.35.0",
         "@pulumi/pulumi": "^3.113.0",
-        "infra-libs": "passportxyz/infra-libs#semver:^1.0.0"
+        "infra-libs": "passportxyz/infra-libs#semver:^1.1.0"
     }
 }

infra/yarn.lock

@@ -842,6 +842,13 @@
   dependencies:
     "@pulumi/pulumi" "^3.0.0"
 
+"@pulumi/cloudflare@^5.38.0":
+  version "5.38.0"
+  resolved "https://registry.yarnpkg.com/@pulumi/cloudflare/-/cloudflare-5.38.0.tgz#91e2d9b46af648675bbc56bce8a9c719ff900d9a"
+  integrity sha512-dClqItv2ybF2FTgXDI09eKVfVo6J6GKJukeH9Wel9YNoyaZRdEyb1nsY98H0T/T8wQZwug3VcgSlJIZazHnP8w==
+  dependencies:
+    "@pulumi/pulumi" "^3.0.0"
+
 "@pulumi/docker@^4.5.1":
   version "4.5.5"
   resolved "https://registry.yarnpkg.com/@pulumi/docker/-/docker-4.5.5.tgz#67a2a8677eb8bcc16d95067a9ef9d5c355d058c6"
@@ -891,6 +898,13 @@
   resolved "https://registry.yarnpkg.com/@pulumi/query/-/query-0.3.0.tgz#f496608e86a18c3dd31b6c533408e2441c29071d"
   integrity sha512-xfo+yLRM2zVjVEA4p23IjQWzyWl1ZhWOGobsBqRpIarzLvwNH/RAGaoehdxlhx4X92302DrpdIFgTICMN4P38w==
 
+"@pulumi/std@^1.6.2":
+  version "1.7.3"
+  resolved "https://registry.yarnpkg.com/@pulumi/std/-/std-1.7.3.tgz#a3edee28e2dfea704bbe3c96202b3d9462c274bd"
+  integrity sha512-rQnwBjlSQtem7gvfIlAgFwpvC9HXxDuYeu99WifcN+QY+uTRyyq3IMHak7dVgPQmVr/GEHqkugZeAV6cBwL/lQ==
+  dependencies:
+    "@pulumi/pulumi" "^3.0.0"
+
 "@sigstore/bundle@^2.3.2":
   version "2.3.2"
   resolved "https://registry.yarnpkg.com/@sigstore/bundle/-/bundle-2.3.2.tgz#ad4dbb95d665405fd4a7a02c8a073dbd01e4e95e"
@@ -2043,13 +2057,15 @@ indent-string@^4.0.0:
   resolved "https://registry.yarnpkg.com/indent-string/-/indent-string-4.0.0.tgz#624f8f4497d619b2d9768531d58f4122854d7251"
   integrity sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==
 
-"infra-libs@passportxyz/infra-libs#semver:^1.0.0":
+"infra-libs@https://github.com/passportxyz/infra-libs.git#2845-fleek-aws":
   version "1.0.0"
-  resolved "https://codeload.github.com/passportxyz/infra-libs/tar.gz/f3072dc8d547529c5cb7200c02178046d2d47e0e"
+  resolved "https://github.com/passportxyz/infra-libs.git#c824f123e02a1fdb1f31faf6e09524c8617a2605"
   dependencies:
     "@1password/op-js" "^0.1.13"
     "@pulumi/aws" "^6.45.0"
+    "@pulumi/cloudflare" "^5.38.0"
     "@pulumi/pulumi" "^3.126.0"
+    "@pulumi/std" "^1.6.2"
 
 inherits@^2.0.3:
   version "2.0.4"