AWS CI/CD Integration

.env.example

@@ -0,0 +1,36 @@
+# Django
+DJANGO_SETTINGS_MODULE=?
+DEBUG=?
+SECRET_KEY=?
+
+ENVIRONMENT=?
+
+# review drive account
+REVIEW_DRIVE_ID=?
+REVIEW_DRIVE_EMAIL=?
+REVIEW_DRIVE_PASSWORD=?
+
+# social-auth-app-django library
+SOCIAL_AUTH_GOOGLE_OAUTH2_KEY=?
+SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET=?
+
+# database
+DB_USER=?
+DB_NAME=?
+DB_PASSWORD=?
+DB_HOST=?
+DB_PORT=?
+sslmode=?
+
+# email
+EMAIL_HOST_USER=?
+EMAIL_HOST_PASSWORD=?
+
+
+# aws
+AWS_ACCESS_KEY_ID=?
+AWS_SECRET_ACCESS_KEY=?
+
+# s3
+AWS_STORAGE_BUCKET_NAME=?
+AWS_S3_REGION_NAME=?

.github/workflows/aws.yml

@@ -0,0 +1,112 @@
+# Based on https://github.com/actions/starter-workflows/blob/main/ci/django.yml
+name: AWS Deployment
+
+on:
+  # CI must pass on the master branch
+  workflow_run:
+    workflows: ["Continuous Integration"]
+    branches: [master]
+    types:
+      - completed
+
+env:
+  PYTHON_TARGET: 3.11
+  # Django
+  DJANGO_SETTINGS_MODULE: tcf_core.settings.prod
+  SECRET_KEY: ${{ secrets.SECRET_KEY }}
+  DEBUG: 0
+  # database
+  DB_NAME: ${{ secrets.DB_NAME }}
+  DB_USER: ${{ secrets.DB_USER }}
+  DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
+  DB_HOST: ${{ secrets.DB_HOST }}
+  DB_PORT: ${{ secrets.DB_PORT }}
+  # social-auth-app-django
+  SOCIAL_AUTH_GOOGLE_OAUTH2_KEY: ${{ secrets.SOCIAL_AUTH_GOOGLE_OAUTH2_KEY }}
+  SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET: ${{ secrets.SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET }}
+  # email for account verification
+  EMAIL_HOST_USER: ${{ secrets.EMAIL_HOST_USER }}
+  EMAIL_HOST_PASSWORD: ${{ secrets.EMAIL_HOST_PASSWORD }}
+  # review drive account information
+  REVIEW_DRIVE_ID: ${{ secrets.REVIEW_DRIVE_ID }}
+  REVIEW_DRIVE_EMAIL: ${{ secrets.REVIEW_DRIVE_EMAIL }}
+  REVIEW_DRIVE_PASSWORD: ${{ secrets.REVIEW_DRIVE_PASSWORD }}
+  # aws ecs image
+  AWS_REGION: us-east-1
+  ECS_SERVICE: barrett-fogle-love-v1
+  ECS_CLUSTER: tcf-fargate-cluster
+  ECR_REPO: tcf/thecourseforum2
+  ECR_CONTAINER_NAME: tcf-container
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+  AWS_STORAGE_BUCKET_NAME: ${{ secrets.AWS_STORAGE_BUCKET_NAME }}
+
+jobs:
+  deploy:
+    # if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout `master`
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.workflow_run.head_sha }}
+
+      - name: Set up Python ${{ env.PYTHON_TARGET }}
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ env.PYTHON_TARGET }}
+
+      - name: Install Python packages, excluding the unnecessary ones
+        run: |
+          python -m pip install --upgrade pip
+          sed -i '/\(coverage\|lint\|types\-tqdm\|mypy\|black\|isort\|gunicorn\|django\-heroku\|django\-stubs\)/d' requirements.txt
+          pip install -r requirements.txt
+
+      - name: Migrations
+        run: |
+          python manage.py migrate
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPO }}:${{github.sha}}
+
+      - name: Get latest task definition
+        run: |
+          aws ecs describe-task-definition \
+            --task-definition tcf-prod-task \
+            --query taskDefinition > task-definition.json
+
+      - name: Add image in ECS task definition
+        id: task-def
+        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        with:
+          task-definition: task-definition.json
+          container-name: ${{ env.ECR_CONTAINER_NAME }}
+          image: ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPO }}:${{github.sha}}     
+
+      - name: Deploy Amazon ECS task definition
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        with:
+            task-definition: ${{ steps.task-def.outputs.task-definition }}
+            service: ${{ env.ECS_SERVICE }}
+            cluster: ${{ env.ECS_CLUSTER }}
+            wait-for-service-stability: true

.github/workflows/continuous-integration.yml → .github/workflows/ci.yml

@@ -30,6 +30,10 @@ env:
   REVIEW_DRIVE_ID: ${{ secrets.REVIEW_DRIVE_ID }}
   REVIEW_DRIVE_EMAIL: ${{ secrets.REVIEW_DRIVE_EMAIL }}
   REVIEW_DRIVE_PASSWORD: ${{ secrets.REVIEW_DRIVE_PASSWORD }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+  AWS_STORAGE_BUCKET_NAME: ${{ secrets.AWS_STORAGE_BUCKET_NAME }}
 
 jobs:
   pylint:
@@ -84,7 +88,7 @@ jobs:
 
       - name: Migrations & Tests
         run: |
-          envsubst < .config/.env.example > .env
+          envsubst < .env.example > .env
           python manage.py migrate
           coverage run manage.py test
 
@@ -108,3 +112,4 @@ jobs:
 
       - name: Run ESLint
         run: npx eslint -c .config/.eslintrc.yml tcf_website/static/
+

requirements.txt

@@ -1,11 +1,13 @@
 Django~=4.2.8
 backoff~=2.2.1
 black~=24.1.1
+boto3~=1.37.4
 coverage~=7.3.3
 django-cachalot~=2.6.1
 django-environ~=0.11.2
 django-filter~=23.5
 django-heroku~=0.3.1
+django-storages~=1.14.5
 django-stubs~=4.2.7
 djangorestframework~=3.14.0
 gunicorn~=21.2.0