added ci-cd workflows

.github/workflows/ecr-ci.yml

@@ -0,0 +1,89 @@
+# Required secrets
+# AWS_REGION
+# AWS_ACCESS_KEY_ID
+# AWS_SECRET_ACCESS_KEY
+# PERSONAL_ACCESS_TOKEN
+# ENV_FILE_BUCKET_PATH
+
+name: Continuous Integration with ECR
+
+on:
+  push:
+    branches:
+      - develop
+  # workflow_run:
+  #   workflows:
+  #     - GitGuardian Secrets Scan
+  #   types:
+  #     - completed
+  workflow_dispatch:
+    inputs:
+      trigger_cd:
+        description: 'Trigger CD workflow (true/false)'
+        required: true
+        default: 'false'
+
+env:
+  ECR_REPOSITORY_NAME: forms-service
+  ECR_IMAGE_TAG: ${{ github.sha }}
+  TRIGGER_WORKFLOW_URL: https://api.github.com/repos/inflection-zone/forms-service/actions/workflows/server-cd.yml/dispatches
+
+jobs:
+  build:
+    name: Build and push the docker image to ECR
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout the repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1  # required to scan only latest commit
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          # role-to-assume: ROLE_TO_ASSUME
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+      - name: Login to Amazon ECR
+        id: ecr-login
+        uses: aws-actions/amazon-ecr-login@v2
+        # with:
+        #   registry-type: public
+
+      - name: Build and push the image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.ecr-login.outputs.registry }}/${{ env.ECR_REPOSITORY_NAME }}:${{ env.ECR_IMAGE_TAG }}
+
+      - name: Show ECR image tag
+        run: echo "Pushed image tag- ${{ env.ECR_IMAGE_TAG }}"
+
+      - name: Trigger server-cd workflow
+        # if: ${{ github.event.inputs.trigger_cd == 'true' }}
+        run: |
+          RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.PERSONAL_ACCESS_TOKEN }}" \
+            ${{ env.TRIGGER_WORKFLOW_URL }} \
+            -d "{
+                  \"ref\": \"develop\",
+                  \"inputs\": {
+                    \"service\": \"forms-service\",
+                    \"ecr_registry_uri\": \"${{ steps.ecr-login.outputs.registry }}\",
+                    \"ecr_repository_name\": \"${{ env.ECR_REPOSITORY_NAME }}\",
+                    \"ecr_image_tag\": \"${{ env.ECR_IMAGE_TAG }}\"
+                  }
+                }"
+              )
+
+          if [ "$RESPONSE" -eq 204 ]; then
+            echo "CD workflow triggered successfully."
+          else
+            echo "Failed to trigger CD workflow. HTTP status: $RESPONSE"
+            exit 1
+          fi

.github/workflows/server-cd.yml

@@ -0,0 +1,64 @@
+# Required secrets
+# SERVER_HOST
+# SERVER_PORT
+# SERVER_USER
+# SERVER_SSH_KEY
+# SERVER_PASSPHRASE
+
+name: Continuous Deployment to Server
+
+on:
+  workflow_dispatch:
+    inputs:
+      service:
+        description: 'Service to deploy'
+        required: true
+      ecr_registry_uri:
+        description: 'ECR registry URI'
+        required: true
+      ecr_repository_name:
+        description: 'ECR repository name'
+        required: true
+      ecr_image_tag:
+        description: 'Image tag to deploy'
+        required: true
+
+jobs:
+  deploy:
+    name: Deploy to Server
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repo
+      uses: actions/checkout@v4
+
+    - name: Deploy to Server via SSH
+      uses: appleboy/ssh-action@v1.2.0
+      with:
+        host: ${{ secrets.SERVER_HOST }}
+        username: ${{ secrets.SERVER_USER }}
+        key: ${{ secrets.SERVER_SSH_KEY }}
+        port: ${{ secrets.SERVER_PORT }}
+        passphrase: ${{ secrets.SERVER_PASSPHRASE }}
+        script: |
+          set -e
+          SERVICE_NAME="${{ github.event.inputs.service }}"
+          ECR_REGISTRY_URI="${{ github.event.inputs.ecr_registry_uri }}"
+          ECR_REPOSITORY_NAME="${{ github.event.inputs.ecr_repository_name }}"
+          ECR_IMAGE_TAG="${{ github.event.inputs.ecr_image_tag }}"
+
+          ECR_IMAGE=${ECR_REGISTRY_URI}/${ECR_REPOSITORY_NAME}:${ECR_IMAGE_TAG}
+
+          echo "Pulling latest image $ECR_IMAGE..."
+          docker pull $ECR_IMAGE
+
+          COMPOSE_FILE="./webservices/forms-dev/compose/docker-compose.yml"
+
+          echo "Updating image for $SERVICE_NAME in $COMPOSE_FILE..."
+          # Replace image line under the selected service
+          sed -i "/^[[:space:]]*$SERVICE_NAME:/,/^[[:space:]]*[a-zA-Z]/s|^[[:space:]]*image:.*|    image: $ECR_IMAGE|" $COMPOSE_FILE
+
+          echo "Redeploying $SERVICE_NAME..."
+          docker compose -f $COMPOSE_FILE up -d $SERVICE_NAME
+
+          echo "Deployment successful"

Dockerfile

@@ -1,12 +1,12 @@
-FROM node:18.18-alpine3.18 AS builder
+FROM node:24.8-alpine3.21 AS builder
 COPY . /app
 RUN apk add bash
 RUN apk add --no-cache \
         python3 \
         py3-pip \
-    && pip3 install --upgrade pip \
-    && pip3 install \
-        awscli \
+    # && pip3 install --upgrade pip \
+    # && pip3 install \
+    #     awscli \
     && rm -rf /var/cache/apk/*
 RUN apk add --update alpine-sdk
 
@@ -16,19 +16,16 @@ RUN npm install -g typescript
 RUN npm install
 COPY src ./src
 COPY tsconfig.json ./
-RUN npx prisma generate
 RUN npm run build
 
 ##
-
-FROM node:18.18-alpine3.18
+FROM node:24.8-alpine3.21
 RUN apk add bash
 RUN apk add --no-cache \
         python3 \
         py3-pip \
-    && pip3 install --upgrade pip \
-    && pip3 install \
-        awscli \
+    # && pip3 install --upgrade pip \
+    && pip3 install --break-system-packages awscli \
     && rm -rf /var/cache/apk/*
 RUN apk add --update alpine-sdk
 RUN apk update
@@ -39,15 +36,14 @@ WORKDIR /app
 COPY package*.json /app/
 RUN npm install pm2 -g
 RUN npm install
-COPY --from=builder /app/dist /app/dist
+COPY --from=builder /app/dist/ .
 
 RUN chmod +x /app/entrypoint.sh
+RUN dos2unix /app/entrypoint.sh
 
 EXPOSE 5555
 
-CMD ["sh", "-c", "npx prisma migrate deploy"]
-
-ENTRYPOINT ["/bin/sh", "./entrypoint.sh"]
+ENTRYPOINT ["/bin/bash", "-c", "/app/entrypoint.sh"]
 
 
 

entrypoint.sh

@@ -8,4 +8,4 @@ cd /app
 # Add any other scripts here...
 # Start the service
 # npm run start
-pm2-runtime dist/index.js
+pm2-runtime src/index.js