Fix error CICD pipeline

.github/workflows/cloudformations/server.yml

@@ -146,32 +146,37 @@ Resources:
       GatewayId: !Ref InternetGateway
 
   # Security Resources
-  SecurityGroup:
+  SSHSecurityGroup:
     Type: AWS::EC2::SecurityGroup
     Properties:
-      GroupName: !Sub ${AWS::StackName}-sg
-      GroupDescription: Security group for web server
+      GroupName: !Sub ${AWS::StackName}-ssh-sg
+      GroupDescription: Security group for SSH access
       VpcId: !Ref VPC
       SecurityGroupIngress:
-        - IpProtocol: tcp
-          FromPort: 80
-          ToPort: 80
-          CidrIp: 0.0.0.0/0
-        - IpProtocol: tcp
-          FromPort: 443
-          ToPort: 443
-          CidrIp: 0.0.0.0/0
         - IpProtocol: tcp
           FromPort: 22
           ToPort: 22
           CidrIp: 0.0.0.0/0
+      Tags:
+        - Key: Name
+          Value: !Sub ${AWS::StackName}-ssh-sg
+        - Key: Environment
+          Value: !Ref Environment
+
+  WebSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupName: !Sub ${AWS::StackName}-web-sg
+      GroupDescription: Security group for web traffic
+      VpcId: !Ref VPC
+      SecurityGroupIngress:
         - IpProtocol: tcp
-          FromPort: 5000
-          ToPort: 5000
+          FromPort: 80
+          ToPort: 80
           CidrIp: 0.0.0.0/0
         - IpProtocol: tcp
-          FromPort: 3000
-          ToPort: 3000
+          FromPort: 443
+          ToPort: 443
           CidrIp: 0.0.0.0/0
       SecurityGroupEgress:
         - IpProtocol: "-1"
@@ -180,7 +185,7 @@ Resources:
           CidrIp: 0.0.0.0/0
       Tags:
         - Key: Name
-          Value: !Sub ${AWS::StackName}-sg
+          Value: !Sub ${AWS::StackName}-web-sg
         - Key: Environment
           Value: !Ref Environment
 
@@ -195,7 +200,8 @@ Resources:
         - AssociatePublicIpAddress: true
           DeviceIndex: "0"
           GroupSet:
-            - !Ref SecurityGroup
+            - !Ref SSHSecurityGroup
+            - !Ref WebSecurityGroup
           SubnetId: !Ref PublicSubnet1
       BlockDeviceMappings:
         - DeviceName: "/dev/sda1"
@@ -216,7 +222,7 @@ Resources:
         - !Ref PublicSubnet1
         - !Ref PublicSubnet2
       SecurityGroups:
-        - !Ref SecurityGroup
+        - !Ref WebSecurityGroup
       Scheme: internet-facing
       LoadBalancerAttributes:
         - Key: idle_timeout.timeout_seconds

backend/Dockerfile

@@ -1,28 +1,42 @@
-FROM python:3.10.9-slim-buster
+# Use a base image for building the dependencies
+FROM python:3.10-slim AS builder
 
+WORKDIR /app
+
+# Update the package lists and install dependencies in a single RUN command to reduce the number of layers
 RUN apt-get update && \
-    apt-get install -y gcc libpq-dev && \
-    apt clean && \
-    rm -rf /var/cache/apt/* && \
-    apt-get install -y postgresql-client
+    apt-get install -y curl gcc python3-dev && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* /var/cache/apt/*
+
+# Upgrade pip to the latest version and install certifi to handle SSL certificates
+RUN pip install --upgrade pip certifi
+
+COPY requirements.txt ./
+
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Use a minimal base image for the final stage
+FROM python:3.10-slim
+
+WORKDIR /app
+
+# Copy the installed dependencies from the builder stage
+COPY --from=builder /usr/local/lib/python3.10 /usr/local/lib/python3.10
+COPY --from=builder /usr/local/bin /usr/local/bin
 
 ENV PYTHONDONTWRITEBYTECODE=1 \
     PYTHONUNBUFFERED=1 \
     PYTHONIOENCODING=utf-8
 
-COPY requirements.txt /tmp
-
-RUN pip install -U pip && \
-    pip install --no-cache-dir -r /tmp/requirements.txt
-
 COPY . /app
-ENV PATH "$PATH:/app/scripts"
 
-RUN useradd -m -d /app -s /bin/bash app \
-    && chown -R app:app /app/* && chmod +x /app/scripts/* \
-    && chmod +x /app/entrypoint.sh
+# Chmod to entrypoint.sh
+RUN chmod +x /app/scripts/*
+RUN chmod +x ./entrypoint.sh
 
-WORKDIR /app
-USER app
+# Set SSL_CERT_FILE environment variable to use certifi's certificate bundle
+ENV SSL_CERT_FILE=/usr/local/lib/python3.11/site-packages/certifi/cacert.pem
 
+# Run entrypoint.sh
 ENTRYPOINT ["/app/entrypoint.sh"]

backend/entrypoint.sh

@@ -2,16 +2,6 @@
 
 echo "Start run entrypoint script..."
 
-echo "Waiting for postgres..."
-
-while ! psql -h $POSTGRES_HOST -U $POSTGRES_USER -d $POSTGRES_DB
-do
-    echo "Waiting for PostgreSQL..."
-    sleep 0.5
-done
-
-echo "PostgreSQL started"
-
 echo "Migrate database"
 alembic revision -m "initial" --autogenerate
 alembic upgrade head

docker-compose.yaml

@@ -106,6 +106,13 @@ services:
       - postgresql_data:/var/lib/postgresql/data/
       - postgresql_data_backups:/backups
       - ./backend/scripts/postgres:/scripts
+    restart: always
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U db_user -d db_dev"]
+      interval: 10s
+      retries: 5
+      start_period: 30s
+      timeout: 10s
 
   backend_service:
     container_name: backend_container
@@ -120,7 +127,9 @@ services:
     volumes:
       - ./backend/logs:/app/logs
     depends_on:
-      - postgres_db
+      postgres_db:
+        condition: service_healthy
+        restart: true
 
   frontend_service:
     container_name: frontend_container