Github action: container -> ECR

.github/workflows/build-deploy.yml

@@ -3,44 +3,72 @@ run-name: drive-gooder deploy ${{ github.actor }}
 
 on:
   push:
-    branches: [ "prod" ]
+    branches: ["prod"]
   pull_request:
-    branches: [ "prod" ]
+    branches: ["prod"]
 concurrency:
   group: ${{ github.workflow }}
   cancel-in-progress: true
 
 jobs:
+  build-frontend:
+    name: Build Frontend
+    runs-on: ubuntu-latest
+    environment: prod
+    steps:
+      - name: Checkout branch
+        uses: actions/checkout@v4
+
+      - name: Build FE
+        run: |
+          cd web
+          npm install
+
+      - name: Build FE
+        run: |
+          cd web
+          npm run build
+          # FE build will be in build
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: frontend-${{ github.sha }}
+          path: web/build
 
   build-deploy:
     name: Build and Deploy
     runs-on: ubuntu-latest
     environment: prod
+    needs: [build-frontend]
     steps:
-    - name: Checkout branch
-      uses: actions/checkout@v3
-
-    - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v4
-      with:
-        aws-access-key-id: ${{ vars.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        aws-region: ${{ vars.AWS_REGION }}
-
-    - name: Login to AWS ECR
-      id: login-ecr
-      uses: aws-actions/amazon-ecr-login@v2
-
-    - name: Build, tag, and push image to Amazon ECR
-      id: build-image
-      env:
-        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-        ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
-        IMAGE_TAG: ${{ github.sha }}
-      run: |
-        # Build a docker container and
-        # push it to ECR so that it can
-        # be deployed to ECS.
-        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -t $ECR_REGISTRY/$ECR_REPOSITORY:latest .
-        docker push $ECR_REGISTRY/$ECR_REPOSITORY --all-tags
-        echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+      - name: Checkout branch
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ vars.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ vars.AWS_REGION }}
+
+      - name: Login to AWS ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Download Frontend Build
+        uses: actions/download-artifact@v4
+        with:
+          name: frontend-${{ github.sha }}
+          path: api/build
+
+      - name: Build, tag, and push image to Amazon ECR
+        id: build-image
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          cd api && docker build . -f cloud/Final.Dockerfile -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+          docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest 
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY --all-tags
+          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT

_infrastructure/scripts/pushDockerImageAWS.sh

@@ -1,23 +1,11 @@
 #!/bin/bash
 
-tag=$1
+TAG=$1
 AWS_SSO_PROFILE=lee-solo
 ECR_URI=310753928788.dkr.ecr.us-east-2.amazonaws.com
 
-docker tag drive-gooder-base:"$tag" "$ECR_URI"/drive-gooder-base:"$tag"
-docker tag drive-gooder-base:"$tag" "$ECR_URI"/drive-gooder-base:latest
-
 aws ecr get-login-password --region us-east-2 --profile "$AWS_SSO_PROFILE" | docker login --username AWS --password-stdin "$ECR_URI"
-# docker push "$ECR_URI"/drive-gooder-container-repository -a
-docker push "$ECR_URI"/drive-gooder-final -a
-
-
-# build amd image from macbook and push to ECR
-# docker buildx build . -f cloud/Final.Dockerfile --platform=linux/amd64 --push -t "$ECR_URI"/drive-gooder-final:latest
-
-
-
-
-docker buildx build . -f cloud/Test.Dockerfile --platform=linux/amd64  --push -t "$ECR_URI"/drive-gooder-final:test-nginx
 
-docker buildx build . -f cloud/lite.Dockerfile --platform=linux/amd64  --push -t "$ECR_URI"/drive-gooder-final:nginx-lite
+docker buildx build . -f cloud/Final.Dockerfile --platform=linux/amd64  --push      \
+-t 310753928788.dkr.ecr.us-east-2.amazonaws.com/drive-gooder-final:latest           \
+-t 310753928788.dkr.ecr.us-east-2.amazonaws.com/drive-gooder-final:"$TAG"

_infrastructure/scripts/pushDockerImageDockerHub.sh

@@ -5,4 +5,7 @@ tag=$1
 docker tag drive-gooder-base:"$tag" halzinnia/drive-gooder-base:"$tag"
 # docker tag drive-gooder-base:"$tag" "$ECR_URI"/drive-gooder-base:latest
 
-docker push halzinnia/drive-gooder-base:"$tag"
+docker push halzinnia/drive-gooder-base:"$tag"
+
+docker buildx build . -f cloud/Base.Dockerfile --platform=linux/amd64  --push -t halzinnia/drive-gooder-base:v0.0.6amd
+docker buildx build . -f cloud/Final.Dockerfile --platform=linux/amd64  --push -t halzinnia/drive-gooder-final:v0.0.6amd

api/cloud/Base.Dockerfile → api/cloud/Dockerfile

@@ -4,10 +4,10 @@ FROM python:3.10-slim-bullseye AS base
 RUN apt clean \
     && apt -y update
 
-RUN apt install -y --no-install-recommends nginx                  \
-    && apt install -y --no-install-recommends python3-dev         \
-    && apt install -y --no-install-recommends build-essential     \
-    && apt install -y --no-install-recommends sudo 
+RUN apt-get install -y --no-install-recommends nginx                  \
+    && apt-get install -y --no-install-recommends python3-dev         \
+    && apt-get install -y --no-install-recommends build-essential     \
+    && apt-get install -y --no-install-recommends sudo 
     # need sudo to securely switch to appUser
 
 # Don't buffer `stdout`:
@@ -30,14 +30,7 @@ RUN groupadd --gid 1010 socketWriters
 # set HOME on non-login user changes for appUser:
     && sed -i '1s;^;export HOME="/home/appUser"\n;' /home/appUser/.bashrc       \
     && sed -i '1s;^;echo "running bashrc for appUser"\n;' /home/appUser/.bashrc \
-    && sed -i '1s;^;source ./.venv/bin/activate\n;' /home/appUser/.bashrc     &&\
-# Create the .local and share directories if useradd does not make them 
-    if [ ! -d "/home/appUser/.local" ]; then                                    \
-        mkdir -p "/home/appUser/.local/share/tts"                               \
-# coqui seems to use both tts and tts-caches
-        && mkdir -p "/home/appUser/.local/share/tts-cache"                      \
-        && chown -R appUser "/home/appUser/";                                   \
-    fi                                                                          \
+    && sed -i '1s;^;source ./.venv/bin/activate\n;' /home/appUser/.bashrc       \
     && chown -R appUser /app
 
 USER appUser
@@ -48,4 +41,30 @@ RUN pip install --upgrade pip \
 COPY poetry.lock pyproject.toml ./
 
 RUN poetry install --no-interaction --no-root 
-USER root
+USER root
+
+
+# create ssl cert to encrypt requests between FE and BE
+# too careful? maybe.
+RUN mkdir /etc/nginx/certs \
+    && cd /etc/nginx/certs \ 
+    && openssl req -x509 -newkey \
+    rsa:4096 -keyout key.pem -out cert.pem \
+    -sha256 -days 365 -nodes -subj "/C=US/ST=IN/L=Indianapolis/O=BTYT/OU=clowns/CN=drive-gooder"
+
+COPY ./cloud/nginx.conf /etc/nginx/nginx.conf
+
+COPY --chown=1007:1010 backend backend
+COPY --chown=1007:1010 /build frontend
+COPY --chown=1007:1010 cloud/uwsgi.ini cloud/start.sh cloud/appUserStart.sh ./
+RUN chmod +x start.sh appUserStart.sh
+
+# add a dev ssh key
+# RUN mkdir /home/appUser/.ssh
+# RUN chmod 700 /home/appUser/.ssh
+# COPY id_rsa.pub /appUser/.ssh/authorized_keys
+# RUN chmod 600 /home/appUser/.ssh
+
+EXPOSE 80
+EXPOSE 443
+CMD ["./start.sh"]

api/cloud/appUserStart.sh

@@ -2,4 +2,6 @@
 set -e
 
 source ./.venv/bin/activate
-uwsgi --ini uwsgi.ini -l 4096
+uwsgi --ini uwsgi.ini #-l 4096
+                        # need to learn how to run the below in the App Runner environment
+                        # echo 4096 > /proc/sys/net/core/somaxconn