Feature/deploy new version

.github/workflows/pipeline.yml

@@ -2,9 +2,9 @@ name: Docker Image CI
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [ "feature/deploy-new-version" ]
   pull_request:
-    branches: [ "main" ]
+    branches: [ "feature/deploy-new-version" ]
 
 permissions:
   id-token: write # This is required for requesting the JWT
@@ -16,13 +16,16 @@ jobs:
     steps:
     - uses: actions/checkout@v4
 
-    - name: Build the Docker image
-      run: docker build . --tag 256696114092.dkr.ecr.us-east-1.amazonaws.com/omniscope/app:${{ github.run_id }} --tag 256696114092.dkr.ecr.us-east-1.amazonaws.com/omniscope/app:latest
+    - name: Build the Docker image - Frontend
+      run: docker build ./frontend --tag 339713015367.dkr.ecr.us-east-1.amazonaws.com/omniscope/frontend:${{ github.run_id }} --tag 339713015367.dkr.ecr.us-east-1.amazonaws.com/omniscope/frontend:latest
+
+    - name: Build the Docker image - Backend
+      run: docker build ./backend --tag 339713015367.dkr.ecr.us-east-1.amazonaws.com/omniscope/backend:${{ github.run_id }} --tag 339713015367.dkr.ecr.us-east-1.amazonaws.com/omniscope/backend:latest
 
     - name: configure aws credentials
       uses: aws-actions/configure-aws-credentials@v3
       with:
-        role-to-assume: arn:aws:iam::256696114092:role/GithubDeploymentRole
+        role-to-assume: arn:aws:iam::339713015367:role/GithubIdentityProviderRole
         role-session-name: GithubSession
         aws-region: us-east-1
 
@@ -31,32 +34,29 @@ jobs:
 
     - name: Push Docker images
       run: |
-        docker image push 256696114092.dkr.ecr.us-east-1.amazonaws.com/omniscope/app:${{ github.run_id }}
-        docker image push 256696114092.dkr.ecr.us-east-1.amazonaws.com/omniscope/app:latest
+        docker image push 339713015367.dkr.ecr.us-east-1.amazonaws.com/omniscope/frontend:${{ github.run_id }}
+        docker image push 339713015367.dkr.ecr.us-east-1.amazonaws.com/omniscope/frontend:latest
+        docker image push 339713015367.dkr.ecr.us-east-1.amazonaws.com/omniscope/backend:${{ github.run_id }}
+        docker image push 339713015367.dkr.ecr.us-east-1.amazonaws.com/omniscope/backend:latest
 
   deploy:
     runs-on: ubuntu-latest
     needs: build
     steps:
+    - uses: actions/checkout@v4
     - name: configure aws credentials
       uses: aws-actions/configure-aws-credentials@v3
       with:
-        role-to-assume: arn:aws:iam::256696114092:role/GithubDeploymentRole
+        role-to-assume: arn:aws:iam::339713015367:role/GithubIdentityProviderRole
         role-session-name: GithubSession
         aws-region: us-east-1
 
-      #TODO: Atualizar a task definition e o service
-    - name: ECS Restart Service      
-      run: aws ecs update-service --cluster arn:aws:ecs:us-east-1:256696114092:cluster/fargate-spot-stack-ecscluster7830E7B5-5A2jZtnQeSlV --service omniscope-app --region us-east-1 --force-new-deployment
+    - name: Deploy Backend
+      run: |
+        aws eks update-kubeconfig --name ia-factory-cluster --region us-east-1
+        helm upgrade --install backend ./deploy/chart/omniscope --namespace omniscope -f ./deploy/values-backend.yml --set image.tag=${{ github.run_id }} --wait
+        helm upgrade --install frontend ./deploy/chart/omniscope --namespace omniscope -f ./deploy/values-frontend.yml --set image.tag=${{ github.run_id }} --wait
 
-    #   aws ecs update-service --cluster <nome_do_cluster> --service <nome_do_serviço> --force-new-deployment
-    # - name: ECS Restart Service      
-    #   uses: apideck-libraries/ecs-restart-service@v1
-    #   with:        
-    #     service: ominiscope-app
-    #     # The short name or full Amazon Resource Name (ARN) of the cluster that your service runs on. If you do not specify a cluster, the default cluster is assumed.
-    #     cluster: arn:aws:ecs:us-east-1:256696114092:cluster/fargate-spot-stack-ecscluster7830E7B5-5A2jZtnQeSlV
-
 
 
 

backend/Dockerfile

@@ -0,0 +1,15 @@
+FROM python:3.12-slim
+
+WORKDIR /code
+
+COPY ./requirements.txt /code/requirements.txt
+
+RUN pip install --no-cache-dir --upgrade -r ./requirements.txt
+
+COPY . .
+
+EXPOSE 80
+
+CMD ["python", "src/app.py"]
+
+RUN mkdir /.cache && chmod 777 /.cache

backend/requirements.txt

@@ -1,5 +1,7 @@
+requests
 Flask
 Flask-CORS
+flask_httpauth
 ariadne
 
 google-auth
@@ -8,3 +10,10 @@ pytest-cov
 pytest-mock
 pytest-parametrize
 
+
+pydantic
+pytz
+python-dotenv
+validators
+pandas
+jwt

backend/src/app.py

@@ -12,15 +12,15 @@
 from api.mutations import mutation
 import logging
 import argparse
-
+import sys
 from api.execution_stats import ExecutionStatsExtension
 import globals
 
 def verify_token(token):
     try:
         # Use the client_id from your settings
         idinfo = id_token.verify_oauth2_token(token, requests.Request(), auth_settings["client_id"])
-
+        print(idinfo, file=sys.stderr)
         if idinfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']:
             raise ValueError('Wrong issuer.')
 
@@ -54,7 +54,7 @@ def decorated(*args, **kwargs):
 app = Flask(__name__)
 CORS(app)
 
-type_defs = load_schema_from_path("api/schema.graphql")
+type_defs = load_schema_from_path("src/api/schema.graphql")
 schema = make_executable_schema(
     type_defs, 
     query,
@@ -97,5 +97,5 @@ def graphql_server():
 
     app.logger.info("Starting the application")
     globals.update()
-    app.run(debug=args.verbose)
+    app.run(debug=args.verbose,host="0.0.0.0")
 

deploy/cert/issuer.yml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:  
+  name: letsencrypt
+spec:
+  acme:
+    email: [email protected]
+    privateKeySecretRef:
+      name: letsencrypt-private-key
+    server: https://acme-v02.api.letsencrypt.org/directory
+    solvers:
+    - http01:
+        ingress:
+          ingressClassName: nginx

deploy/chart/omniscope/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

deploy/chart/omniscope/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: omniscope
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

deploy/chart/omniscope/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "omniscope.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "omniscope.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "omniscope.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "omniscope.labels" -}}
+helm.sh/chart: {{ include "omniscope.chart" . }}
+{{ include "omniscope.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "omniscope.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "omniscope.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "omniscope.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "omniscope.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

deploy/chart/omniscope/templates/deployment.yaml

@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "omniscope.fullname" . }}
+  labels:
+    {{- include "omniscope.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "omniscope.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+    {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      labels:
+        {{- include "omniscope.labels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+          env:
+            {{- toYaml .Values.envVars | nindent 12 }}
+
+          livenessProbe:
+            {{- toYaml .Values.livenessProbe | nindent 12 }}
+          readinessProbe:
+            {{- toYaml .Values.readinessProbe | nindent 12 }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}

deploy/chart/omniscope/templates/ingress.yaml

@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "omniscope.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "omniscope.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
+            backend:
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+          {{- end }}
+    {{- end }}
+{{- end }}

deploy/chart/omniscope/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "omniscope.fullname" . }}
+  labels:
+    {{- include "omniscope.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "omniscope.selectorLabels" . | nindent 4 }}