From 489541d2529b54a5382ed625aea2749151a06b63 Mon Sep 17 00:00:00 2001
From: Simon KP <“simon@techops.services”>
Date: Wed, 15 May 2024 11:37:27 +1000
Subject: [PATCH] Add new prod

---
 .github/workflows/angular-new-prod.yml   |  85 ++++++++++++++++++
 .github/workflows/node.js-new-prod.yml   | 104 +++++++++++++++++++++++
 frontend/src/environments/environment.ts |   2 +-
 helm/prod/backend.yaml                   |  67 +++++++++++++++
 helm/prod/frontend.yaml                  |  63 ++++++++++++++
 5 files changed, 320 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/angular-new-prod.yml
 create mode 100644 .github/workflows/node.js-new-prod.yml
 create mode 100644 helm/prod/backend.yaml
 create mode 100644 helm/prod/frontend.yaml

diff --git a/.github/workflows/angular-new-prod.yml b/.github/workflows/angular-new-prod.yml
new file mode 100644
index 00000000..7bc4cfe9
--- /dev/null
+++ b/.github/workflows/angular-new-prod.yml
@@ -0,0 +1,85 @@
+name: Build Prod Angular - Frontend
+
+on: 
+  push:
+    branches: [ develop ]
+    paths:
+      - "frontend/**"
+      - ".github/workflows/angular-new-prod.yml"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      REGION: eu-central-1
+      CLUSTER_NAME: maker-prod
+      SERVICE_NAME: mips-frontend
+      AWS_ECR_NAME: mips-frontend-prod
+      ENVIRONMENT_TAG: prod
+      HELM_FILE: helm/prod/frontend.yaml
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ env.REGION }}
+
+    - name: Login to AWS ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2
+
+    - name: Extract commit hash
+      id: vars
+      if: ${{ !contains(github.event.head_commit.message , '[skip build]') }}
+      shell: bash
+      run: |
+        echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
+
+    - name: Build, tag, and push image to ECR
+      id: build-image
+      if: ${{ !contains(github.event.head_commit.message , '[skip build]') }}
+      working-directory: frontend
+      env:
+        SHA_TAG: ${{ steps.vars.outputs.sha_short }}
+        LATEST_TAG: latest
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+      run: |
+        # Build Docker containers and push them to ECR ${{ env.AWS_ECR_NAME }}
+        docker pull $ECR_REGISTRY/$AWS_ECR_NAME:$LATEST_TAG || true
+        docker build -t $AWS_ECR_NAME \
+                     -t $ECR_REGISTRY/$AWS_ECR_NAME:$SHA_TAG \
+                     -t $ECR_REGISTRY/$AWS_ECR_NAME:$LATEST_TAG \
+                     -t $ECR_REGISTRY/$AWS_ECR_NAME:$ENVIRONMENT_TAG \
+                     -f Dockerfile \
+                     .
+
+        docker push $ECR_REGISTRY/$AWS_ECR_NAME --all-tags
+
+    - name: Replace variables in the Helm values file
+      id: replace-vars
+      if: ${{ !contains(github.event.head_commit.message , '[skip deploy]') }}
+      env:
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+      run: |
+        sed -i 's/${ECR_REGISTRY}/'$ECR_REGISTRY/ $HELM_FILE
+        sed -i 's/${USERS_LIST}/'$USERS_LIST/ $HELM_FILE
+
+    - name: Deploying Service to Kubernetes with Helm
+      id: deploy
+      if: ${{ !contains(github.event.head_commit.message , '[skip deploy]') }}
+      uses: bitovi/github-actions-deploy-eks-helm@v1.2.8
+      with:
+        values: image.repository=${{ steps.login-ecr.outputs.registry }}/${{ env.AWS_ECR_NAME }},image.tag=${{ steps.vars.outputs.sha_short }}
+        cluster-name: ${{ env.CLUSTER_NAME }}
+        config-files: ${{ env.HELM_FILE }}
+        chart-path: techops-services/common
+        namespace: mips
+        timeout: 5m0s
+        name: ${{ env.SERVICE_NAME }}
+        chart-repository: https://techops-services.github.io/helm-charts
+        version: 0.0.31
+        atomic: true
diff --git a/.github/workflows/node.js-new-prod.yml b/.github/workflows/node.js-new-prod.yml
new file mode 100644
index 00000000..44059590
--- /dev/null
+++ b/.github/workflows/node.js-new-prod.yml
@@ -0,0 +1,104 @@
+name: Node.js Prod CI - Backend
+
+on:
+  push:
+    branches: [ develop ] 
+    paths:
+      - "backend/**"
+      - ".github/workflows/node.js-new-prod.yml"
+
+jobs:
+  build-deploy:
+    runs-on: ubuntu-latest
+    env:
+      REGION: eu-central-1
+      CLUSTER_NAME: maker-prod
+      SERVICE_NAME: mips-backend
+      AWS_ECR_NAME: mips-backend-prod
+      ENVIRONMENT_TAG: prod
+      HELM_FILE: helm/prod/backend.yaml
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Running the Test Suit
+      env:
+        REQUEST_GITHUB_URL_API_ENDPOINT: ${{ secrets.REQUEST_GITHUB_URL_API_ENDPOINT }}
+        GIT_ACCESS_API_TOKEN: ${{ secrets.GIT_ACCESS_API_TOKEN }}
+        MIP_GITHUB_REPOSITORY: ${{ secrets.MIP_GITHUB_REPOSITORY_DEV }}
+        MIP_GITHUB_REPOSITORY_OWNER: ${{ secrets.MIP_GITHUB_REPOSITORY_OWNER_DEV }}
+      run: |
+        cp '.env example' .env
+        npm install
+        npm run pre-start
+        npm test
+      working-directory: backend
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ env.REGION }}
+
+    - name: Login to AWS ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2
+
+    - name: Extract commit hash
+      id: vars
+      if: ${{ !contains(github.event.head_commit.message , '[skip build]') }}
+      shell: bash
+      run: |
+        echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
+
+    - name: Build, tag, and push image to ECR
+      id: build-image
+      if: ${{ !contains(github.event.head_commit.message , '[skip build]') }}
+      working-directory: backend
+      env:
+        SHA_TAG: ${{ steps.vars.outputs.sha_short }}
+        LATEST_TAG: latest
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        REQUEST_GITHUB_URL_API_ENDPOINT: ${{ secrets.REQUEST_GITHUB_URL_API_ENDPOINT }}
+        GIT_ACCESS_API_TOKEN: ${{ secrets.GIT_ACCESS_API_TOKEN }}
+        MIP_GITHUB_REPOSITORY: ${{ secrets.MIP_GITHUB_REPOSITORY_DEV }}
+        MIP_GITHUB_REPOSITORY_OWNER: ${{ secrets.MIP_GITHUB_REPOSITORY_OWNER_DEV }}
+      run: |
+        # Build Docker containers and push them to ECR ${{ env.AWS_ECR_NAME }}
+        docker pull $ECR_REGISTRY/$AWS_ECR_NAME:$LATEST_TAG || true
+        docker build -t $AWS_ECR_NAME \
+                     -t $ECR_REGISTRY/$AWS_ECR_NAME:$SHA_TAG \
+                     -t $ECR_REGISTRY/$AWS_ECR_NAME:$LATEST_TAG \
+                     -t $ECR_REGISTRY/$AWS_ECR_NAME:$ENVIRONMENT_TAG \
+                     --build-arg REQUEST_GITHUB_URL_API_ENDPOINT=$REQUEST_GITHUB_URL_API_ENDPOINT \
+                     --build-arg GIT_ACCESS_API_TOKEN=$GIT_ACCESS_API_TOKEN \
+                     -f Dockerfile \
+                     .
+
+        docker push $ECR_REGISTRY/$AWS_ECR_NAME --all-tags
+
+    - name: Replace variables in the Helm values file
+      id: replace-vars
+      if: ${{ !contains(github.event.head_commit.message , '[skip deploy]') }}
+      env:
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+      run: |
+        sed -i 's/${ECR_REGISTRY}/'$ECR_REGISTRY/ $HELM_FILE
+
+    - name: Deploying Service to Kubernetes with Helm
+      id: deploy
+      if: ${{ !contains(github.event.head_commit.message , '[skip deploy]') }}
+      uses: bitovi/github-actions-deploy-eks-helm@v1.2.8
+      with:
+        values: image.repository=${{ steps.login-ecr.outputs.registry }}/${{ env.AWS_ECR_NAME }},image.tag=${{ steps.vars.outputs.sha_short }}
+        cluster-name: ${{ env.CLUSTER_NAME }}
+        config-files: ${{ env.HELM_FILE }}
+        chart-path: techops-services/common
+        namespace: mips
+        timeout: 5m0s
+        name: ${{ env.SERVICE_NAME }}
+        chart-repository: https://techops-services.github.io/helm-charts
+        version: 0.0.31
+        atomic: true
diff --git a/frontend/src/environments/environment.ts b/frontend/src/environments/environment.ts
index ab301034..db59fc62 100644
--- a/frontend/src/environments/environment.ts
+++ b/frontend/src/environments/environment.ts
@@ -5,7 +5,7 @@
 export const environment = {
   production: false,
   // apiUrl: 'http://backend:3000',
-  apiUrl: "https://mips-api-staging.makerdao.com",
+  apiUrl: "https://mips-api.makerdao.com",
   repoUrl: 'https://github.com/makerdao/mips/blob/master',
   feedBackFormUrl: 'https://formspree.io/f/xzbyjjnb',
   githubURL: 'https://github.com/',
diff --git a/helm/prod/backend.yaml b/helm/prod/backend.yaml
new file mode 100644
index 00000000..98cedb79
--- /dev/null
+++ b/helm/prod/backend.yaml
@@ -0,0 +1,67 @@
+replicaCount: 1
+service:
+  enabled: true
+  name: mips-backend
+  port: 3000
+  type: ClusterIP
+  containerPort: 3000
+  tls:
+    enabled: true
+    issuerName: letsencrypt
+
+image:
+  repository: ${ECR_REGISTRY}/mips-backend-prod
+  pullPolicy: Always
+  tag: latest
+
+serviceAccount:
+  create: false
+
+ingress:
+  enabled: true
+  hosts:
+    - mips-api-prod.makerdao.com
+  annotations:
+    external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
+
+httpBasicAuth:
+  enabled: false
+
+# If enabled will create Traefik Middleware and apply to Ingress
+# to redirect http to https and www to non-www
+httpWwwRedirect:
+  enabled: false
+
+podAnnotations:
+  reloader.stakater.com/auto: "true"
+
+resources:
+  limits:
+    cpu: 1
+    memory: 1Gi
+  requests:
+    cpu: 250m
+    memory: 256Mi
+
+env:
+  NODE_ENV:
+    type: kv
+    value: production
+  WEBHOOKS_SECRET_TOKEN:
+    type: parameterStore
+    name: webhooks-secret-token
+    parameter_name: /eks/maker-prod/mips-backend/webhooks-secret-token
+
+externalSecrets:
+  clusterSecretStoreName: maker-prod
+
+livenessProbe:
+  initialDelaySeconds: 5
+  periodSeconds: 30
+  tcpSocket:
+    port: 3000
+readinessProbe:
+  initialDelaySeconds: 5
+  periodSeconds: 30
+  tcpSocket:
+    port: 3000
diff --git a/helm/prod/frontend.yaml b/helm/prod/frontend.yaml
new file mode 100644
index 00000000..095a7412
--- /dev/null
+++ b/helm/prod/frontend.yaml
@@ -0,0 +1,63 @@
+replicaCount: 1
+service:
+  enabled: true
+  name: mips-frontend
+  port: 8000
+  type: ClusterIP
+  containerPort: 80
+  tls:
+    enabled: true
+    issuerName: letsencrypt
+
+image:
+  repository: ${ECR_REGISTRY}/mips-frontend-prod
+  pullPolicy: Always
+  tag: latest
+
+serviceAccount:
+  create: false
+
+ingress:
+  enabled: true
+  hosts:
+    - mips-prod.makerdao.com
+  annotations:
+    external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
+
+httpBasicAuth:
+  enabled: false
+
+# If enabled will create Traefik Middleware and apply to Ingress
+# to redirect http to https and www to non-www
+httpWwwRedirect:
+  enabled: false
+
+podAnnotations:
+  reloader.stakater.com/auto: "true"
+
+resources:
+  limits:
+    cpu: 1
+    memory: 1Gi
+  requests:
+    cpu: 250m
+    memory: 256Mi
+
+env:
+  NODE_ENV:
+    type: kv
+    value: production
+
+externalSecrets:
+  clusterSecretStoreName: maker-prod
+
+livenessProbe:
+  initialDelaySeconds: 5
+  periodSeconds: 30
+  tcpSocket:
+    port: 80
+readinessProbe:
+  initialDelaySeconds: 5
+  periodSeconds: 30
+  tcpSocket:
+    port: 80