Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3 from Datawheel/canon-cms
Canon cms
- Loading branch information
Showing
18 changed files
with
17,301 additions
and
116 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,9 @@ | ||
*.md | ||
*.env | ||
*.env.local | ||
*.gcp.json | ||
*.gcp.encoded | ||
.github | ||
node_modules | ||
Dockerfile | ||
index.js | ||
npm-debug.log | ||
npm-debug.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,148 @@ | ||
# This workflow build and push a Docker container to Google Artifact Registry and deploy it on Cloud Run when a commit is pushed to the "develop" branch | ||
# | ||
# To configure this workflow: | ||
# | ||
# 1. Ensure the required Google Cloud APIs are enabled in the project: | ||
# | ||
# Cloud Build cloudbuild.googleapis.com | ||
# Cloud Run run.googleapis.com | ||
# Artifact Registry artifactregistry.googleapis.com | ||
# | ||
# 2. Create a service account (if you don't have one) with the following fields: | ||
# | ||
# Service Account Name <PROJECT-NAME>-github-actions | ||
# Service Account ID <PROJECT-NAME>-github-actions | ||
# | ||
# 3. Ensure the service account have the required IAM permissions granted: | ||
# | ||
# Cloud Build | ||
# roles/cloudbuild.builds.editor (cloud build editor) | ||
# roles/cloudbuild.builds.builder (cloud build service account) | ||
# | ||
# Cloud Run | ||
# roles/run.admin (cloud run admin) | ||
# | ||
# Artifact Registry | ||
# roles/artifactregistry.repoAdmin (artifact registry repository administrator) | ||
# roles/artifactregistry.admin (artifact registry administrator) | ||
# | ||
# Service Account | ||
# roles/iam.serviceAccountUser (act as the Cloud Run runtime service account) | ||
# | ||
# Basic Roles | ||
# roles/viewer (viewer) | ||
# | ||
# NOTE: You should always follow the principle of least privilege when assigning IAM roles | ||
# | ||
# 4. Ensure you have the following GitHub Secrets and Variables: | ||
# | ||
# GitHub Secrets | ||
# GCP_SA_KEY (Google Cloud Project Service Account Key) ref visit https://github.com/Datawheel/company/wiki/Setting-Up-a-Service-Account-for-Workflows#use-the-service-account-on-github-secrets | ||
# | ||
# GitHub Variables | ||
# GCP_PROJECT_ID (Google Cloud Project ID) | ||
# GCP_ARTIFACT_REGISTRY_NAME (Google Cloud Articaft Registry Repository Name) | ||
# GCP_ARTIFACT_REGISTRY_LOCATION (Google Cloud Artifact Registry Reposotiry Location) | ||
# | ||
# 5. Ensure you have the following GitHub Vatiables for each environment that you will set up: | ||
# | ||
# GitHub Secrets | ||
# CANON_CMS_DB (Canon CMD DB String) | ||
# FLICKR_API_KEY (Flickr API Key) | ||
# GOOGLE_APPLICATION_CREDENTIALS (Google Credential) | ||
# | ||
# GitHub Variables | ||
# GCP_CLOUDRUN_SERVICE (CloudRun Service Name of the environment) | ||
# GCP_CLOUDRUN_REGION (CloudRun Service Region of the environment) | ||
# CANON_API (Canon API Endpoint) | ||
# CANON_CMS_CUBES (Canon Tesseract API Cubes Endpoint) | ||
# CANON_CMS_ENABLE (Canon CMS Enable CMS) | ||
# CANON_CMS_FORCE_HTTPS (Canon CMS Force HTTPS) | ||
# CANON_CMS_LOGGING (Canon CMS Logging) | ||
# CANON_CONST_STORAGE_BUCKET (Google Storage Bucket) | ||
# CANON_GOOGLE_ANALYTICS (Google Analytics Code) | ||
# CANON_LANGUAGES (Canon Languages) | ||
# CANON_LANGUAGE_DEFAULT (Canon Language Default) | ||
# CANON_LOGINS (Canon CMS Logins) | ||
# | ||
# Further reading: | ||
# Cloud Run IAM permissions - https://cloud.google.com/run/docs/deploying | ||
# Artifact Registry IAM permissions - https://cloud.google.com/artifact-registry/docs/access-control#roles | ||
# Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry | ||
# Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege | ||
# Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun | ||
name: Build to Artifact Registry and Deploy to GKE | ||
|
||
on: | ||
push: | ||
branches: [ "develop" ] | ||
|
||
env: | ||
GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }} | ||
GCP_ARTIFACT_REGISTRY_NAME: ${{ vars.GCP_ARTIFACT_REGISTRY_NAME }} | ||
GCP_ARTIFACT_REGISTRY_LOCATION: ${{ vars.GCP_ARTIFACT_REGISTRY_LOCATION }} | ||
GCP_CLOUDRUN_SERVICE: ${{ vars.GCP_CLOUDRUN_SERVICE }} | ||
GCP_CLOUDRUN_REGION: ${{ vars.GCP_CLOUDRUN_REGION }} | ||
GKE_APP_NAME: ${{ vars.GKE_APP_NAME }} | ||
GKE_APP_NAMESPACE: ${{ vars.GKE_APP_NAMESPACE }} | ||
GKE_CLUSTER: ${{ vars.GKE_CLUSTER }} | ||
GKE_ZONE: ${{ vars.GKE_ZONE }} | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
environment: develop | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
# Authentication via credentials json | ||
- name: Google Auth | ||
id: auth | ||
uses: 'google-github-actions/auth@v0' | ||
with: | ||
project_id: '${{ env.GCP_PROJECT_ID }}' | ||
credentials_json: '${{ secrets.GCP_SA_KEY }}' | ||
|
||
# Build image on Google Cloud Artifact Registry | ||
- name: Build Docker Image | ||
run: |- | ||
gcloud builds submit \ | ||
--quiet \ | ||
--timeout=20m \ | ||
--tag ${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_CLOUDRUN_SERVICE }}:${{ github.sha }} | ||
# Uncomment for adding the latest tag to the latest image created | ||
- name: Add 'Latest' Tag to Development Environments | ||
run: |- | ||
gcloud beta artifacts docker tags add \ | ||
--quiet \ | ||
${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_CLOUDRUN_SERVICE }}:${{ github.sha }} \ | ||
${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_CLOUDRUN_SERVICE }}:latest | ||
deploy: | ||
needs: build | ||
runs-on: ubuntu-latest | ||
environment: develop | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
# Authentication via credentials json | ||
- name: Google Auth | ||
id: auth | ||
uses: 'google-github-actions/auth@v0' | ||
with: | ||
project_id: '${{ vars.GCP_PROJECT_ID }}' | ||
credentials_json: '${{ secrets.GCP_SA_KEY }}' | ||
|
||
# Get google kubernetes engine credentials | ||
- name: Get GKE Credentials | ||
uses: google-github-actions/get-gke-credentials@v0 | ||
with: | ||
cluster_name: ${{ env.GKE_CLUSTER }} | ||
location: ${{ env.GKE_ZONE }} | ||
|
||
# Restart deployment by deleting old pod | ||
- name: Restart Deployment | ||
run: kubectl delete pod -n ${{ env.GKE_APP_NAMESPACE }} -l app=${{ env.GKE_APP_NAME }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,148 @@ | ||
# This workflow build and push a Docker container to Google Artifact Registry and deploy it on Cloud Run when a commit is pushed to the "main" branch | ||
# | ||
# To configure this workflow: | ||
# | ||
# 1. Ensure the required Google Cloud APIs are enabled in the project: | ||
# | ||
# Cloud Build cloudbuild.googleapis.com | ||
# Cloud Run run.googleapis.com | ||
# Artifact Registry artifactregistry.googleapis.com | ||
# | ||
# 2. Create a service account (if you don't have one) with the following fields: | ||
# | ||
# Service Account Name <PROJECT-NAME>-github-actions | ||
# Service Account ID <PROJECT-NAME>-github-actions | ||
# | ||
# 3. Ensure the service account have the required IAM permissions granted: | ||
# | ||
# Cloud Build | ||
# roles/cloudbuild.builds.editor (cloud build editor) | ||
# roles/cloudbuild.builds.builder (cloud build service account) | ||
# | ||
# Cloud Run | ||
# roles/run.admin (cloud run admin) | ||
# | ||
# Artifact Registry | ||
# roles/artifactregistry.repoAdmin (artifact registry repository administrator) | ||
# roles/artifactregistry.admin (artifact registry administrator) | ||
# | ||
# Service Account | ||
# roles/iam.serviceAccountUser (act as the Cloud Run runtime service account) | ||
# | ||
# Basic Roles | ||
# roles/viewer (viewer) | ||
# | ||
# NOTE: You should always follow the principle of least privilege when assigning IAM roles | ||
# | ||
# 4. Ensure you have the following GitHub Secrets and Variables: | ||
# | ||
# GitHub Secrets | ||
# GCP_SA_KEY (Google Cloud Project Service Account Key) ref visit https://github.com/Datawheel/company/wiki/Setting-Up-a-Service-Account-for-Workflows#use-the-service-account-on-github-secrets | ||
# | ||
# GitHub Variables | ||
# GCP_PROJECT_ID (Google Cloud Project ID) | ||
# GCP_ARTIFACT_REGISTRY_NAME (Google Cloud Articaft Registry Repository Name) | ||
# GCP_ARTIFACT_REGISTRY_LOCATION (Google Cloud Artifact Registry Reposotiry Location) | ||
# | ||
# 5. Ensure you have the following GitHub Vatiables for each environment that you will set up: | ||
# | ||
# GitHub Secrets | ||
# CANON_CMS_DB (Canon CMD DB String) | ||
# FLICKR_API_KEY (Flickr API Key) | ||
# GOOGLE_APPLICATION_CREDENTIALS (Google Credential) | ||
# | ||
# GitHub Variables | ||
# GCP_CLOUDRUN_SERVICE (CloudRun Service Name of the environment) | ||
# GCP_CLOUDRUN_REGION (CloudRun Service Region of the environment) | ||
# CANON_API (Canon API Endpoint) | ||
# CANON_CMS_CUBES (Canon Tesseract API Cubes Endpoint) | ||
# CANON_CMS_ENABLE (Canon CMS Enable CMS) | ||
# CANON_CMS_FORCE_HTTPS (Canon CMS Force HTTPS) | ||
# CANON_CMS_LOGGING (Canon CMS Logging) | ||
# CANON_CONST_STORAGE_BUCKET (Google Storage Bucket) | ||
# CANON_GOOGLE_ANALYTICS (Google Analytics Code) | ||
# CANON_LANGUAGES (Canon Languages) | ||
# CANON_LANGUAGE_DEFAULT (Canon Language Default) | ||
# CANON_LOGINS (Canon CMS Logins) | ||
# | ||
# Further reading: | ||
# Cloud Run IAM permissions - https://cloud.google.com/run/docs/deploying | ||
# Artifact Registry IAM permissions - https://cloud.google.com/artifact-registry/docs/access-control#roles | ||
# Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry | ||
# Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege | ||
# Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun | ||
name: Build to Artifact Registry and Deploy to GKE | ||
|
||
on: | ||
push: | ||
branches: [ "main" ] | ||
|
||
env: | ||
GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }} | ||
GCP_ARTIFACT_REGISTRY_NAME: ${{ vars.GCP_ARTIFACT_REGISTRY_NAME }} | ||
GCP_ARTIFACT_REGISTRY_LOCATION: ${{ vars.GCP_ARTIFACT_REGISTRY_LOCATION }} | ||
GCP_CLOUDRUN_SERVICE: ${{ vars.GCP_CLOUDRUN_SERVICE }} | ||
GCP_CLOUDRUN_REGION: ${{ vars.GCP_CLOUDRUN_REGION }} | ||
GKE_APP_NAME: ${{ vars.GKE_APP_NAME }} | ||
GKE_APP_NAMESPACE: ${{ vars.GKE_APP_NAMESPACE }} | ||
GKE_CLUSTER: ${{ vars.GKE_CLUSTER }} | ||
GKE_ZONE: ${{ vars.GKE_ZONE }} | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
environment: staging | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
# Authentication via credentials json | ||
- name: Google Auth | ||
id: auth | ||
uses: 'google-github-actions/auth@v0' | ||
with: | ||
project_id: '${{ env.GCP_PROJECT_ID }}' | ||
credentials_json: '${{ secrets.GCP_SA_KEY }}' | ||
|
||
# Build image on Google Cloud Artifact Registry | ||
- name: Build Docker Image | ||
run: |- | ||
gcloud builds submit \ | ||
--quiet \ | ||
--timeout=20m \ | ||
--tag ${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_CLOUDRUN_SERVICE }}:${{ github.sha }} | ||
# Uncomment for adding the latest tag to the latest image created | ||
- name: Add 'Latest' Tag to Development Environments | ||
run: |- | ||
gcloud beta artifacts docker tags add \ | ||
--quiet \ | ||
${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_CLOUDRUN_SERVICE }}:${{ github.sha }} \ | ||
${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_CLOUDRUN_SERVICE }}:latest | ||
deploy: | ||
needs: build | ||
runs-on: ubuntu-latest | ||
environment: staging | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
# Authentication via credentials json | ||
- name: Google Auth | ||
id: auth | ||
uses: 'google-github-actions/auth@v0' | ||
with: | ||
project_id: '${{ vars.GCP_PROJECT_ID }}' | ||
credentials_json: '${{ secrets.GCP_SA_KEY }}' | ||
|
||
# Get google kubernetes engine credentials | ||
- name: Get GKE Credentials | ||
uses: google-github-actions/get-gke-credentials@v0 | ||
with: | ||
cluster_name: ${{ env.GKE_CLUSTER }} | ||
location: ${{ env.GKE_ZONE }} | ||
|
||
# Restart deployment by deleting old pod | ||
- name: Restart Deployment | ||
run: kubectl delete pod -n ${{ env.GKE_APP_NAMESPACE }} -l app=${{ env.GKE_APP_NAME }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,24 +1,22 @@ | ||
# starting point: an image of node-12 | ||
FROM node:12-alpine | ||
|
||
# create the app directory inside the image and use it as working directory | ||
# create the app directory inside the image and use it as root from now on | ||
WORKDIR /usr/src/app | ||
COPY --chown=node:node . /usr/src/app | ||
|
||
# copy package files on the image | ||
# install app dependencies from the files package.json and package-lock.json | ||
# installing before transfering the app files allows us to take advantage of cached Docker layers | ||
COPY package*.json ./ | ||
# RUN npm install | ||
|
||
# install node packages. if you are building a production image, uncomment the ci installation | ||
RUN npm install | ||
#RUN npm ci --only=production | ||
# If you are building your code for production | ||
RUN npm ci --only=production | ||
|
||
# transfer the app files | ||
# transfer the app codebase files to the root directory of the app | ||
COPY ./ ./ | ||
|
||
# build the app | ||
RUN npm run build | ||
|
||
# change user to node | ||
USER node | ||
|
||
# start the app on image startup | ||
CMD ["npm", "run", "start"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
const {CANON_CMS_CUBES} = process.env; | ||
|
||
module.exports = function(app) { | ||
|
||
app.post("/api/cms/customAttributes/:pid", async(req, res) => { | ||
|
||
return res.json({ | ||
tesseract: CANON_CMS_CUBES | ||
}); | ||
|
||
}); | ||
}; |
Oops, something went wrong.