mirror of
https://github.com/SyncrowIOT/backend.git
synced 2025-07-09 22:57:24 +00:00
Compare commits
5 Commits
fbf62fcd66
...
ef21b589c0
Author | SHA1 | Date | |
---|---|---|---|
ef21b589c0 | |||
44f83ea54e | |||
e4694db79c | |||
13064296a7 | |||
a269f833bc |
21
build.sh
Normal file
21
build.sh
Normal file
@ -0,0 +1,21 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
|
||||
REGION=${AWS_DEFAULT_REGION:-me-central-1}
|
||||
|
||||
|
||||
aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin $ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com
|
||||
|
||||
docker build --platform=linux/amd64 -t syncrow-backend .
|
||||
docker tag syncrow-backend:latest $ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/syncrow-backend:latest
|
||||
docker push $ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/syncrow-backend:latest
|
||||
|
||||
SERVICE_ARN=$(aws ecs list-services --cluster syncrow-backend-cluster --query 'serviceArns[0]' --output text --region $REGION 2>/dev/null || echo "")
|
||||
|
||||
if [ "$SERVICE_ARN" != "" ] && [ "$SERVICE_ARN" != "None" ]; then
|
||||
SERVICE_NAME=$(echo $SERVICE_ARN | cut -d'/' -f3)
|
||||
aws ecs update-service --cluster syncrow-backend-cluster --service $SERVICE_NAME --force-new-deployment --region $REGION
|
||||
else
|
||||
npx cdk deploy SyncrowBackendStack --context certificateArn=arn:aws:acm:me-central-1:482311766496:certificate/bea1e2ae-84a1-414e-8dbf-4599397e7ed0 --require-approval never
|
||||
fi
|
@ -100,29 +100,26 @@ export class BackendStack extends cdk.Stack {
|
||||
'Allow HTTPS traffic'
|
||||
);
|
||||
|
||||
// RDS Aurora Serverless v2 PostgreSQL
|
||||
const dbCluster = new rds.DatabaseCluster(this, 'SyncrowDatabase', {
|
||||
const dbCluster = rds.DatabaseCluster.fromDatabaseClusterAttributes(this, 'SyncrowDatabase', {
|
||||
clusterIdentifier: 'syncrow-backend',
|
||||
instanceIdentifiers: ['syncrowdatabase-instance-1'],
|
||||
engine: rds.DatabaseClusterEngine.auroraPostgres({
|
||||
version: rds.AuroraPostgresEngineVersion.VER_15_4,
|
||||
version: rds.AuroraPostgresEngineVersion.VER_16_6,
|
||||
}),
|
||||
vpc: this.vpc,
|
||||
securityGroups: [dbSecurityGroup],
|
||||
serverlessV2MinCapacity: 0.5,
|
||||
serverlessV2MaxCapacity: 4,
|
||||
writer: rds.ClusterInstance.serverlessV2('writer'),
|
||||
defaultDatabaseName: props?.databaseName || 'syncrow',
|
||||
credentials: rds.Credentials.fromGeneratedSecret('syncrowadmin', {
|
||||
secretName: 'syncrow-db-credentials',
|
||||
}),
|
||||
removalPolicy: cdk.RemovalPolicy.DESTROY,
|
||||
port: 5432,
|
||||
securityGroups: [
|
||||
ec2.SecurityGroup.fromSecurityGroupId(this, 'ImportedDbSecurityGroup', 'sg-07e163f588b2bac25')
|
||||
],
|
||||
clusterEndpointAddress: 'syncrow-backend.cluster-criskv1sdkq4.me-central-1.rds.amazonaws.com',
|
||||
});
|
||||
|
||||
// ECR Repository for Docker images - ensure it's in the correct region
|
||||
const ecrRepository = new ecr.Repository(this, 'SyncrowBackendRepo', {
|
||||
repositoryName: 'syncrow-backend',
|
||||
removalPolicy: cdk.RemovalPolicy.DESTROY,
|
||||
emptyOnDelete: true,
|
||||
});
|
||||
// Import the existing database secret separately
|
||||
const dbSecret = rds.DatabaseSecret.fromSecretCompleteArn(this, 'ImportedDbSecret',
|
||||
'arn:aws:secretsmanager:me-central-1:482311766496:secret:rds!cluster-43ec14cd-9301-43e2-aa79-d330a429a126-v0JDQN'
|
||||
);
|
||||
|
||||
// ECR Repository for Docker images - import existing repository
|
||||
const ecrRepository = ecr.Repository.fromRepositoryName(this, 'SyncrowBackendRepo', 'syncrow-backend');
|
||||
|
||||
// Output the correct ECR URI for this region
|
||||
new cdk.CfnOutput(this, 'EcrRepositoryUriRegional', {
|
||||
@ -179,7 +176,7 @@ export class BackendStack extends cdk.Stack {
|
||||
AZURE_POSTGRESQL_HOST: dbCluster.clusterEndpoint.hostname,
|
||||
AZURE_POSTGRESQL_PORT: '5432',
|
||||
AZURE_POSTGRESQL_DATABASE: props?.databaseName || 'syncrow',
|
||||
AZURE_POSTGRESQL_USER: 'syncrowadmin',
|
||||
AZURE_POSTGRESQL_USER: 'postgres',
|
||||
AZURE_POSTGRESQL_SSL: process.env.AZURE_POSTGRESQL_SSL || 'false',
|
||||
AZURE_POSTGRESQL_SYNC: process.env.AZURE_POSTGRESQL_SYNC || 'false',
|
||||
|
||||
@ -256,7 +253,7 @@ export class BackendStack extends cdk.Stack {
|
||||
},
|
||||
secrets: {
|
||||
AZURE_POSTGRESQL_PASSWORD: ecs.Secret.fromSecretsManager(
|
||||
dbCluster.secret!,
|
||||
dbSecret,
|
||||
'password'
|
||||
),
|
||||
},
|
||||
@ -301,9 +298,7 @@ export class BackendStack extends cdk.Stack {
|
||||
});
|
||||
|
||||
// Grant ECS task access to RDS credentials
|
||||
if (dbCluster.secret) {
|
||||
dbCluster.secret.grantRead(fargateService.taskDefinition.taskRole);
|
||||
}
|
||||
dbSecret.grantRead(fargateService.taskDefinition.taskRole);
|
||||
|
||||
this.apiUrl = 'https://api.syncrow.me';
|
||||
this.databaseEndpoint = dbCluster.clusterEndpoint.hostname;
|
||||
|
@ -22,6 +22,7 @@
|
||||
"test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
|
||||
"test:e2e": "jest --config ./apps/backend/test/jest-e2e.json",
|
||||
"deploy": "./deploy.sh",
|
||||
"infra:build": "./build.sh",
|
||||
"infra:deploy": "cdk deploy SyncrowBackendStack",
|
||||
"infra:destroy": "cdk destroy SyncrowBackendStack"
|
||||
},
|
||||
|
Reference in New Issue
Block a user