feat: s3

.circleci/config.yml

@@ -0,0 +1,200 @@
+version: 2.1
+orbs:
+  aws-cli: circleci/aws-cli@4.1.3
+  aws-ecr: circleci/aws-ecr@9.1.0
+  node: circleci/node@5.2.0
+  slack: circleci/slack@4.13.3
+jobs:
+  build-and-push-image:
+    parameters:
+      tag:
+        type: string
+    machine:
+      image: ubuntu-2204:current
+    steps:
+      - checkout
+      - persist_to_workspace:
+          root: .
+          paths:
+            - rushowl-helm
+      - run:
+          name: Generate SSH Key
+          command: |
+            echo $GIT_ACCESS_KEY | base64 -d > ~/.ssh/id_rsa
+            chmod 400 ~/.ssh/id_rsa
+      - run:
+          name: Add SSH Key to SSH Agent
+          command: |
+            eval $(ssh-agent -s)
+            ssh-add ~/.ssh/id_rsa
+      - run:
+          name: Setup git config
+          command: |
+            echo $GIT_CONFIG | base64 -d > ~/.gitconfig
+      - node/install:
+          node-version: v18.18.0
+      - run:
+          name: Build
+          command: |
+            npm install
+            npm run build
+      - aws-ecr/build_and_push_image:
+          account_id: "$AWS_ACCOUNT_ID"
+          auth:
+            - aws-cli/setup:
+                aws_access_key_id: AWS_ACCESS_KEY
+                aws_secret_access_key: AWS_SECRET_ACCESS_KEY
+                region: "$AWS_REGION"
+          create_repo: true
+          checkout: false
+          dockerfile: ./api/Dockerfile
+          public_registry: false
+          push_image: true
+          region: "$AWS_REGION"
+          repo: $CIRCLE_PROJECT_REPONAME
+          tag: "<< parameters.tag >>"
+      - run:
+          name: Cleanup
+          command: |
+            rm -f ~/.ssh/id_rsa
+            rm -f ~/.gitconfig
+      - slack/notify:
+          event: fail
+          template: basic_fail_1
+      - slack/notify:
+          event: pass
+          template: basic_success_1
+  kube-deploy:
+    parameters:
+      namespace:
+        type: string
+      valuePath:
+        type: string
+      tag:
+        type: string
+      kube_context:
+        type: string
+    docker:
+      - image: reynandaptr/alpine:0.0.3
+    resource_class: sznnwvosn2in82bxrhcsj6/kube-eks-rushtrail-prod-sg
+    steps:
+      - run:
+          name: Install kubeconfig
+          command: |
+            if [ -n "${KUBECONFIG_FILE}" ]; then
+              mkdir -p $HOME/.kube
+              echo -n "${KUBECONFIG_FILE}" | base64 -d > $HOME/.kube/config
+            fi
+      - run:
+          name: Fix kubeconfig file permissions
+          command: |
+            chmod 600 $HOME/.kube/config
+      - attach_workspace:
+          at: .
+      - run:
+          name: Helm Install or Upgrade
+          command: |
+            CIRCLE_PROJECT_REPONAME=$CIRCLE_PROJECT_REPONAME
+            NAMESPACE="<< parameters.namespace >>"
+            VALUES_FILE="<< parameters.valuePath >>"
+            IMAGE_URI="$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$CIRCLE_PROJECT_REPONAME"
+            IMAGE_TAG="<< parameters.tag >>"
+            KUBE_CONTEXT="<< parameters.kube_context >>"
+
+            if helm status $CIRCLE_PROJECT_REPONAME --namespace $NAMESPACE --kube-context $KUBE_CONTEXT > /dev/null 2>&1; then
+              echo "Release $CIRCLE_PROJECT_REPONAME exists. Upgrading..."
+              helm upgrade $CIRCLE_PROJECT_REPONAME rushowl-helm --set image.uri=$IMAGE_URI --set image.tag=$IMAGE_TAG --values $VALUES_FILE --namespace $NAMESPACE --kube-context $KUBE_CONTEXT
+            else
+              echo "Release $CIRCLE_PROJECT_REPONAME does not exist. Installing..."
+              helm install $CIRCLE_PROJECT_REPONAME rushowl-helm --set image.uri=$IMAGE_URI --set image.tag=$IMAGE_TAG --values $VALUES_FILE --namespace $NAMESPACE --kube-context $KUBE_CONTEXT
+            fi
+      - run:
+          name: Cleanup
+          command: |
+            rm -f $HOME/.kube/config
+      - slack/notify:
+          event: fail
+          template: basic_fail_1
+      - slack/notify:
+          event: pass
+          template: basic_success_1
+workflows:
+  cicd:
+    jobs:
+      - build-and-push-image:
+          context:
+            - production-github-git-access
+            - production-aws-ecr-read-write
+            - slack
+          name: build-and-push-image-test
+          tag: "${CIRCLE_BRANCH}-${CIRCLE_SHA1}"
+          filters:
+            tags:
+              ignore: /.*/
+            branches:
+              only:
+                - develop
+      - build-and-push-image:
+          context:
+            - production-github-git-access
+            - production-aws-ecr-read-write
+            - slack
+          name: build-and-push-image-production
+          tag: "$CIRCLE_TAG"
+          filters:
+            tags:
+              only: /^v\d+\.\d+\.\d+$/
+            branches:
+              ignore: /.*/
+      - kube-deploy:
+          context:
+            - kubeconfig
+            - production-aws-ecr-read-write
+            - slack
+          name: kube-deploy-non-prod
+          namespace: "sg-test-rushtrail"
+          valuePath: "rushowl-helm/values-test.yaml"
+          tag: "${CIRCLE_BRANCH}-${CIRCLE_SHA1}"
+          kube_context: "rushtrail-non-prod-common"
+          filters:
+            tags:
+              ignore: /.*/
+            branches:
+              only:
+                - develop
+          requires:
+            - build-and-push-image-test
+      - kube-deploy:
+          context:
+            - kubeconfig
+            - production-aws-ecr-read-write
+            - slack
+          name: kube-deploy-prod-sg
+          namespace: "default"
+          valuePath: "rushowl-helm/values-prod-sg.yaml"
+          tag: "$CIRCLE_TAG"
+          kube_context: "rushtrail-prod-sg"
+          filters:
+            tags:
+              only: /^v\d+\.\d+\.\d+$/
+            branches:
+              ignore: /.*/
+          requires:
+            - build-and-push-image-production
+      - kube-deploy:
+          context:
+            - kubeconfig
+            - production-aws-ecr-read-write
+            - slack
+          name: kube-deploy-prod-in
+          namespace: "default"
+          valuePath: "rushowl-helm/values-prod-in.yaml"
+          tag: "$CIRCLE_TAG"
+          kube_context: "rushtrail-prod-in"
+          filters:
+            tags:
+              only: /^v\d+\.\d+\.\d+$/
+            branches:
+              ignore: /.*/
+          requires:
+            - build-and-push-image-production

api/Dockerfile

@@ -0,0 +1,9 @@
+FROM node:18.18.0-alpine3.18
+
+WORKDIR /app
+
+COPY node_modules /app/node_modules
+COPY package.json /app/package.json
+COPY bin /app/bin
+
+CMD [ "npm", "run", "start:env" ]

api/ENVIRONMENT.md

@@ -2,26 +2,26 @@
 
 The CodePush Server is configured using environment variables.
 
-For convenience, we will also load the server environment from any '.env' file in the api directory, and the test environment from any '.test.env' file in the root directory. Use the `.env.example` file as a template for setting up your environment variables.
+Currently, the following environment variables are available. For convenience, we will also load the server environment from any '.env' file in the api directory, and the test environment from any '.test.env' file in the root directory.
 
 ## Mandatory parameters
 
 ### Storage
 
 #### Local
 
-To emulate Azure Blob Storage locally. Azurite needs to be installed and running, more info [here](README.md#local).
-- `EMULATED`: Set to 'true' in order to use the local emulator instead of a hosted instance
+#### S3
 
-#### Azure
-- `AZURE_STORAGE_ACCOUNT`: The name of your hosted Azure storage instance
-- `AZURE_STORAGE_ACCESS_KEY`: The key to your Azure storage instance (if KeyVault credentials are not provided)
+- `AWS_BUCKET_NAME`: The name of your AWS S3 bucket
+- `AWS_ACCESS_KEY_ID`: Your AWS access key ID
+- `AWS_SECRET_ACCESS`: Your AWS secret access key
+- `AWS_REGION`: The AWS region where your S3 bucket is located
 
-### Authentication 
+### Authentication
 
 - `SERVER_URL`: The URL of your server, for local deployment it will be either http://localhost:3000 or https://localhost:8443. For Azure it will be your Azure App URL
 
-#### GitHub OAuth 
+#### GitHub OAuth
 
 - `GITHUB_CLIENT_ID`
 - `GITHUB_CLIENT_SECRET`
@@ -30,38 +30,27 @@ To emulate Azure Blob Storage locally. Azurite needs to be installed and running
 
 - `MICROSOFT_CLIENT_ID`
 - `MICROSOFT_CLIENT_SECRET`
-- `MICROSOFT_TENANT_ID`: Required if application registration is single tenant.
 
 ## Optional parameters
 
 ### HTTPS
+
 - `HTTPS`: Set to 'true' to enable HTTPS for local deployment
 
 ### Debugging
 
 - `LOGGING`: Turn on CodePush-specific logging of API and Storage requests. If this is insufficient, Azure Storage and Express also have their own configurable logging features.
-- `DEBUG_DISABLE_AUTH`: Set to 'true' to skip authentication and impersonate existing user. When set, server uses `DEBUG_USER_ID` as logged in user for all requests requiring authentication.
-- `DEBUG_USER_ID`: Backend id of existing user to impersonate when `DEBUG_DISABLE_AUTH` is set to 'true'. Default value: 'default'. 
+- `DEBUG_DISABLE_AUTH`: Disable the OAuth autentication route, allowing you to make requests as anybody without authorizing. Do not set this without going through the proper channels (see section Disabling Auth)
+- `DEBUG_USER_ID`: Backend id of user to behave as during the debugging session
 
 ### Redis
+
 To enable the Redis caching layer, set:
 
 - `REDIS_HOST`: The IP address where the Redis server is hosted (e.g.: codepush.redis.cache.windows.net)
 - `REDIS_PORT`: The port which Redis is listening on (usually 6379 for HTTP and 6380 for HTTPS). Note that node_redis does not support HTTPS natively.
 - `REDIS_KEY` (If authentication is enabled for Redis): The key used to authenticate requests to the Redis cache.
 
-### Unit testing
-To perform the unit tests against Azure storage:
-
-- `TEST_AZURE_STORAGE`: (For unit tests) Set to 'true' in order to run API unit tests against Azure storage (instead of mocked JSON storage). Note that outside of the test environment, we will always run against Azure storage regardless.
-- `AZURE_STORAGE_ACCOUNT`: (For unit tests) If TEST_AZURE_STORAGE is set to true, set to the account of the storage you would like to test on.
-- `AZURE_STORAGE_ACCESS_KEY`: (For unit tests) If TEST_AZURE_STORAGE is set to true, set to the access key of the storage you would like to test on.
-
-To perform the unit tests against an Azure server:
-
-- `AZURE_MANAGEMENT_URL`: (For unit tests) Set to an Azure url to run management tests against that server. If the server has authentication enabled, also set the TEST_AZURE_STORAGE and AZURE_STORAGE_ACCESS_KEY to the Azure storage used by the server so that the tests can pass authentication.
-- `AZURE_ACQUISITION_URL`: (For unit tests) Set to an Azure url to run acquisition tests against that server. If the server has authentication enabled, also set the TEST_AZURE_STORAGE and AZURE_STORAGE_ACCESS_KEY to the Azure storage used by the server so that the tests can pass authentication.
-
 ### Other
 
 - `DISABLE_ACQUISITION`: Set to 'true' to disable acquisition routes

api/docker-compose.yml

@@ -0,0 +1,17 @@
+version: "3.8"
+
+services:
+  redis:
+    image: redis:latest
+    container_name: redis
+    ports:
+      - "${REDIS_PORT:-6379}:6379"
+    environment:
+      - REDIS_HOST=${REDIS_HOST}
+      - REDIS_PORT=${REDIS_PORT}
+      - REDIS_KEY=${REDIS_KEY}
+    volumes:
+      - redis-data:/data
+
+volumes:
+  redis-data: