devopsify

.dockerignore

@@ -0,0 +1 @@
+node_modules

.github/workflows/build-push-deploy.yaml

@@ -0,0 +1,44 @@
+name: Build and Deploy to Google Compute Engine
+
+on:
+ push:
+ branches:
+ - master
+
+env:
+ PROJECT_ID: devops-directive-traversy
+
+jobs:
+ setup-build-publish-deploy:
+ name: Setup, Build, Publish, and Deploy
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+
+ # Setup gcloud CLI
+ - uses: GoogleCloudPlatform/github-actions/setup-gcloud@master
+ with:
+ version: '290.0.1'
+ service_account_key: ${{ secrets.GCE_SA_KEY }}
+ project_id: ${{ env.PROJECT_ID }}
+
+ # Configure Docker to use the gcloud command-line tool as a credential
+ # helper for authentication
+ - run: |-
+ gcloud --quiet auth configure-docker
+
+ # Build the Docker image
+ - name: Build
+ run: |-
+ make build
+
+ # Push the Docker image to Google Container Registry
+ - name: Publish
+ run: |-
+ make push
+
+ - name: Deploy
+ run: |-
+ make deploy

.gitignore

@@ -1,2 +1,4 @@
 node_modules
 config/config.env
+*key.json
+.terraform/

.prettierrc.json

@@ -0,0 +1,6 @@
+{
+ "trailingComma": "all",
+ "tabWidth": 2,
+ "semi": false,
+ "singleQuote": true
+}

Dockerfile

@@ -0,0 +1,15 @@
+FROM node:14-slim
+
+WORKDIR /usr/src/app
+
+COPY ./package*.json ./
+
+RUN npm install
+
+COPY . .
+
+USER node
+
+EXPOSE 3000
+
+CMD ["npm", "start"]

Makefile

@@ -0,0 +1,88 @@
+PROJECT_ID=devops-directive-traversy
+ZONE=us-central1-a
+
+run-local:
+ docker-compose up 
+
+###
+
+create-tf-backend-bucket:
+ gsutil mb -p $(PROJECT_ID) gs:https://$(PROJECT_ID)-terraform
+
+### 
+
+define get-secret
+$(shell gcloud secrets versions access latest --secret=$(1) --project=$(PROJECT_ID))
+endef
+
+###
+
+ENV=staging
+
+terraform-create-workspace: 
+ cd terraform && \
+ terraform workspace new $(ENV)
+
+terraform-init:
+ cd terraform && \
+ terraform workspace select $(ENV) && \
+ terraform init
+
+TF_ACTION?=plan
+terraform-action:
+ @cd terraform && \
+ terraform workspace select $(ENV) && \
+ terraform $(TF_ACTION) \
+ -var-file="./environments/common.tfvars" \
+ -var-file="./environments/$(ENV)/config.tfvars" \
+ -var="mongodbatlas_private_key=$(call get-secret,atlas_private_key)" \
+ -var="atlas_user_password=$(call get-secret,atlas_user_password_$(ENV))" \
+ -var="cloudflare_api_token=$(call get-secret,cloudflare_api_token)"
+
+###
+
+SSH_STRING=palas@storybooks-vm-$(ENV)
+
+GITHUB_SHA?=latest
+LOCAL_TAG=storybooks-app:$(GITHUB_SHA)
+REMOTE_TAG=gcr.io/$(PROJECT_ID)/$(LOCAL_TAG)
+
+CONTAINER_NAME=storybooks-api
+DB_NAME=storybooks
+
+ssh:
+ gcloud compute ssh $(SSH_STRING) \
+ --project=$(PROJECT_ID) \
+ --zone=$(ZONE)
+
+ssh-cmd:
+ @gcloud compute ssh $(SSH_STRING) \
+ --project=$(PROJECT_ID) \
+ --zone=$(ZONE) \
+ --command="$(CMD)"
+
+build:
+ docker build -t $(LOCAL_TAG) .
+
+push:
+ docker tag $(LOCAL_TAG) $(REMOTE_TAG)
+ docker push $(REMOTE_TAG)
+
+deploy:
+ $(MAKE) ssh-cmd CMD='docker-credential-gcr configure-docker'
+ @echo "pulling new container image..."
+ $(MAKE) ssh-cmd CMD='docker pull $(REMOTE_TAG)'
+ @echo "removing old container..."
+ -$(MAKE) ssh-cmd CMD='docker container stop $(CONTAINER_NAME)'
+ -$(MAKE) ssh-cmd CMD='docker container rm $(CONTAINER_NAME)'
+ @echo "starting new container..."
+ @$(MAKE) ssh-cmd CMD='\
+ docker run -d --name=$(CONTAINER_NAME) \
+ --restart=unless-stopped \
+ -p 80:3000 \
+ -e PORT=3000 \
+ -e \"MONGO_URI=mongodb+srv:https://storybooks-user-$(ENV):$(call get-secret,atlas_user_password_$(ENV))@storybooks-$(ENV).kkwmy.gcp.mongodb.net/$(DB_NAME)?retryWrites=true&w=majority\" \
+ -e GOOGLE_CLIENT_ID=622715457982-885mh022l19kdehu68umar8rbq4qgq24.apps.googleusercontent.com \
+ -e GOOGLE_CLIENT_SECRET=$(call get-secret,google_oauth_client_secret) \
+ $(REMOTE_TAG) \
+ '

docker-compose.yml

@@ -0,0 +1,29 @@
+version: '3'
+services:
+ api-server:
+ build: ./
+ env_file: ./config/config.env
+ ports:
+ - '3000:3000'
+ networks:
+ - storybooks-app
+ depends_on:
+ - mongo
+ mongo:
+ image: mongo:3.6-xenial
+ environment:
+ - MONGO_INITDB_DATABASE=storybooks
+ ports:
+ - '27017:27017'
+ networks:
+ - storybooks-app
+ volumes:
+ - mongo-data:/data/db
+
+networks:
+ storybooks-app:
+ driver: bridge
+
+volumes:
+ mongo-data:
+ driver: local

terraform/atlas.tf

@@ -0,0 +1,47 @@
+provider "mongodbatlas" {
+ public_key = var.mongodbatlas_public_key
+ private_key = var.mongodbatlas_private_key
+ version = "~> 0.6"
+}
+
+# cluster
+resource "mongodbatlas_cluster" "mongo_cluster" {
+ project_id = var.atlas_project_id
+ name = "${var.app_name}-${terraform.workspace}"
+ num_shards = 1
+
+ replication_factor = 3
+ provider_backup_enabled = true
+ auto_scaling_disk_gb_enabled = true
+ mongo_db_major_version = "3.6"
+
+ //Provider Settings "block"
+ provider_name = "GCP"
+ disk_size_gb = 10
+ provider_instance_size_name = "M10"
+ provider_region_name = "CENTRAL_US"
+}
+
+# db user
+resource "mongodbatlas_database_user" "mongo_user" {
+ username = "storybooks-user-${terraform.workspace}"
+ password = var.atlas_user_password
+ project_id = var.atlas_project_id
+ auth_database_name = "admin"
+
+ roles {
+ role_name = "readWrite"
+ database_name = "storybooks"
+ }
+
+ roles {
+ role_name = "readAnyDatabase"
+ database_name = "admin"
+ }
+}
+
+# ip whitelist
+resource "mongodbatlas_project_ip_whitelist" "test" {
+ project_id = var.atlas_project_id
+ ip_address = google_compute_address.ip_address.address
+}

terraform/cloudflare.tf

@@ -0,0 +1,20 @@
+provider "cloudflare" {
+ version = "~> 2.0"
+ api_token = var.cloudflare_api_token
+}
+
+# Zone
+data "cloudflare_zones" "cf_zones" {
+ filter {
+ name = var.domain
+ }
+}
+
+# DNS A record
+resource "cloudflare_record" "dns_record" {
+ zone_id = data.cloudflare_zones.cf_zones.zones[0].id
+ name = "storybooks${terraform.workspace == "prod" ? "" : "-${terraform.workspace}"}"
+ value = google_compute_address.ip_address.address
+ type = "A"
+ proxied = true
+}

terraform/environments/common.tfvars

@@ -0,0 +1,6 @@
+app_name="storybooks"
+
+atlas_project_id = "5f5bdb70abbd5840ca911a50"
+mongodbatlas_public_key="cubboskr"
+
+domain="devopsdirective.com"

terraform/environments/staging/config.tfvars

@@ -0,0 +1 @@
+gcp_machine_type = "f1-micro"

terraform/gcp.tf

@@ -0,0 +1,65 @@
+provider "google" {
+ credentials = file("terraform-sa-key.json")
+ project = "devops-directive-traversy"
+ region = "us-central1"
+ zone = "us-central1-c"
+ version = "~> 3.38"
+}
+
+# IP ADDRESS
+resource "google_compute_address" "ip_address" {
+ name = "storybooks-ip-${terraform.workspace}"
+}
+
+# NETWORK
+data "google_compute_network" "default" {
+ name = "default"
+}
+
+# FIREWALL RULE
+resource "google_compute_firewall" "allow_http" {
+ name = "allow-http-${terraform.workspace}"
+ network = data.google_compute_network.default.name
+
+ allow {
+ protocol = "tcp"
+ ports = ["80"]
+ }
+
+ source_ranges = ["0.0.0.0/0"]
+
+ target_tags = ["allow-http-${terraform.workspace}"]
+}
+
+# OS IMAGE
+data "google_compute_image" "cos_image" {
+ family = "cos-81-lts"
+ project = "cos-cloud"
+}
+
+# COMPUTE ENGINE INSTANCE
+resource "google_compute_instance" "instance" {
+ name = "${var.app_name}-vm-${terraform.workspace}"
+ machine_type = var.gcp_machine_type
+ zone = "us-central1-a"
+
+ tags = google_compute_firewall.allow_http.target_tags
+
+ boot_disk {
+ initialize_params {
+ image = data.google_compute_image.cos_image.self_link
+ }
+ }
+
+ network_interface {
+ network = data.google_compute_network.default.name
+
+ access_config {
+ nat_ip = google_compute_address.ip_address.address
+ }
+ }
+
+ service_account {
+ scopes = ["storage-ro"]
+ }
+}

terraform/main.tf

@@ -0,0 +1,6 @@
+terraform {
+ backend "gcs" {
+ bucket = "devops-directive-traversy-terraform"
+ prefix = "/state/storybooks"
+ }
+}

terraform/variables.tf

@@ -0,0 +1,35 @@
+### GENERAL
+variable "app_name" {
+ type = string
+}
+
+### ATLAS
+variable "atlas_project_id" {
+ type = string
+}
+
+variable "mongodbatlas_public_key" {
+ type = string
+}
+
+variable "mongodbatlas_private_key" {
+ type = string
+}
+
+variable "atlas_user_password" {
+ type = string
+}
+
+### GCP
+variable "gcp_machine_type" {
+ type = string
+}
+
+### CLOUDFLARE
+variable "cloudflare_api_token" {
+ type = string
+}
+
+variable "domain" {
+ type = string
+}