CI-CD dejo node

.gitea/workflows/development-cd.yml

@@ -0,0 +1,168 @@
+name: Development | CD
+
+on:
+  push:
+    branches:
+      - feature/ci-cd 
+
+concurrency:
+  group: ${{ github.workflow }}
+
+env:
+  DEJO_NODE_AWS_REGION: us-east-1
+  AWS_ECR_REPOSITORY: dev-dejo/dejo-node
+  KUBE_NAMESPACE: dejo-node
+  KUBE_DEPLOY_NAME: api-app
+  DISABLE_DISCORD_NOTIFY: true 
+  DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
+
+jobs:
+  build_and_push:
+    name: Docker | Build and Push
+    runs-on: [self-hosted]
+    steps:
+      - name: Checkout Branch
+        uses: actions/checkout@v2
+
+      - name: Discord | Notify Início
+        if: ${{ always() && env.DISABLE_DISCORD_NOTIFY != 'true' }}
+        run: |
+          curl -X POST -H "Content-Type: application/json" \
+            -d '{"content": ":arrow_forward: Iniciando deploy no ambiente development..."}' \
+            "${DISCORD_WEBHOOK}"
+
+      - name: Commit Short Hash
+        id: vars
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Copy Env
+        run: cp infrastructure/.env.example infrastructure/.env
+
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-multi-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-multi-buildx
+
+      - name: Docker Login to AWS ECR
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ secrets.DEV_DEJO_AWS_ECR_REGISTRY }}
+          username: ${{ secrets.DEJO_NODE_AWS_ACCESS_KEY }}
+          password: ${{ secrets.DEJO_NODE_AWS_SECRET_KEY }}
+
+      - name: Build and Push Backend
+        uses: docker/build-push-action@v5
+        with:
+          context: infrastructure
+          builder: ${{ steps.buildx.outputs.name }}
+          file: infrastructure/Dockerfile
+          push: true
+          tags: |
+            ${{ secrets.DEV_DEJO_AWS_ECR_REGISTRY }}/${{ env.AWS_ECR_REPOSITORY }}:latest
+            ${{ secrets.DEV_DEJO_AWS_ECR_REGISTRY }}/${{ env.AWS_ECR_REPOSITORY }}:${{ env.sha_short }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new
+
+      - name: Moving Cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+  kustomize_apply:
+    name: Kubernetes | Kustomize Apply
+    runs-on: [self-hosted]
+    needs: build_and_push
+    steps:
+      - name: Checkout Branch
+        uses: actions/checkout@v2
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.DEJO_NODE_AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.DEJO_NODE_AWS_SECRET_KEY }}
+          aws-region: ${{ env.DEJO_NODE_AWS_REGION }}
+
+      - name: Debug | Mostrar estrutura após checkout
+        run: |
+          echo "PWD = $(pwd)"
+          ls -R .
+
+      - name: Kubernetes | Apply Kustomize
+        env:
+          KUBE_CONFIG_DATA: ${{ secrets.DEJO_NODE_KUBE_CONFIG_DATA_DEV }}
+          KUBE_NAMESPACE: ${{ env.KUBE_NAMESPACE }}
+        run: |
+          # Decodifica e grava o kubeconfig
+          echo "${KUBE_CONFIG_DATA}" | base64 -d > kubeconfig
+          export KUBECONFIG=$PWD/kubeconfig
+
+          # Aplica todos os manifests gerados pelo Kustomize
+          kubectl apply -k infrastructure/kubernetes/dev -n "${KUBE_NAMESPACE}"
+
+  deploy_backend:
+    name: 'Kubernetes | Deploy App'
+    needs: kustomize_apply
+    runs-on: [self-hosted]
+    steps:
+      - name: Checkout Branch
+        uses: actions/checkout@v2
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.DEJO_NODE_AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.DEJO_NODE_AWS_SECRET_KEY }}
+          aws-region: ${{ env.DEJO_NODE_AWS_REGION }}
+
+      - name: Commit Short Hash
+        id: vars
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+
+      - name: Kubernetes | Deploy API
+        env:
+          KUBE_CONFIG_DATA: ${{ secrets.DEJO_NODE_KUBE_CONFIG_DATA_DEV }}
+          KUBE_NAMESPACE: ${{ env.KUBE_NAMESPACE }}
+          RELEASE_IMAGE: ${{ secrets.DEV_DEJO_AWS_ECR_REGISTRY }}/${{ env.AWS_ECR_REPOSITORY }}:${{ env.sha_short }}
+        run: |
+          # Decodifica e grava o kubeconfig
+          echo "${KUBE_CONFIG_DATA}" | base64 -d > kubeconfig
+          export KUBECONFIG=$PWD/kubeconfig
+
+          # Atualiza a imagem no Deployment
+          kubectl set image deployment/${{ env.KUBE_DEPLOY_NAME }} \
+            ${{ env.KUBE_DEPLOY_NAME }}="${RELEASE_IMAGE}" --record -n "${KUBE_NAMESPACE}"
+
+      - name: Run | Verify Kubernetes deployment
+        env:
+          KUBE_CONFIG_DATA: ${{ secrets.DEJO_NODE_KUBE_CONFIG_DATA_DEV }}
+          KUBE_NAMESPACE: ${{ env.KUBE_NAMESPACE }}
+        run: |
+          # Decodifica e grava o kubeconfig
+          echo "${KUBE_CONFIG_DATA}" | base64 -d > kubeconfig
+          export KUBECONFIG=$PWD/kubeconfig
+
+          # Aguardar rollout
+          kubectl rollout status deployment/${{ env.KUBE_DEPLOY_NAME }} -n "${KUBE_NAMESPACE}"
+
+      - name: Discord | Notify Error
+        if: ${{ failure() && env.DISABLE_DISCORD_NOTIFY != 'true' }}
+        run: |
+          curl -X POST -H "Content-Type: application/json" \
+            -d '{"content": ":x: Erro durante o deploy! Veja detalhes nos logs do pipeline."}' \
+            "${DISCORD_WEBHOOK}"
+          exit 1
+
+      - name: Discord | Notify Success
+        if: ${{ success() && env.DISABLE_DISCORD_NOTIFY != 'true' }}
+        run: |
+          curl -X POST -H "Content-Type: application/json" \
+            -d '{"content": ":white_check_mark: Deploy concluído com sucesso! :rocket:"}' \
+            "${DISCORD_WEBHOOK}"
+

.gitignore

@@ -0,0 +1,20 @@
+# Local .terraform directories
+### Terraform ###
+**/.terraform/*
+*.tfstate
+*.tfstate.*
+crash.log
+*.tfvars
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+.terraformrc
+terraform.rc
+*.lock
+*.lock.*
+*.DS_Store
+*.txt*
+*/**/builds
+*/**/sealedsecrets_result
+*.zip

Dockerfile

@@ -0,0 +1,22 @@
+# Dockerfile para o DEJO Node
+
+FROM golang:1.20 as builder
+WORKDIR /app
+
+# Copiar arquivos e instalar dependências
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY . .
+RUN go build -o dejo-node ./cmd/main.go
+
+# Criar imagem final
+FROM debian:bullseye-slim
+WORKDIR /root/
+
+COPY --from=builder /app/dejo-node ./dejo-node
+
+# Definir variáveis de ambiente padrão
+ENV CONFIG_PATH="/config/config.yaml"
+
+CMD ["./dejo-node"]

infrastructure/.env.example

@@ -0,0 +1,13 @@
+NODE_ENV=local
+
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_TTL=5
+REDIS_TLS=false
+REDIS_PASSWORD=redis
+
+DATABASE_HOST=localhost
+DATABASE_PORT=5432
+DATABASE_USERNAME=postgres
+DATABASE_NAME=dejo
+DATABASE_SYNCHRONIZE=false

infrastructure/docker/.env.dev

@@ -0,0 +1,14 @@
+NODE_ENV=development
+
+REDIS_HOST=redis
+REDIS_PORT=6379
+REDIS_TTL=5
+REDIS_TLS=false
+REDIS_PASSWORD=redis
+
+DATABASE_HOST=postgres
+DATABASE_PORT=5432
+DATABASE_USERNAME=postgres
+DATABASE_PASSWORD=postgres
+DATABASE_NAME=dejo-node
+DATABASE_SYNCHRONIZE=false

infrastructure/kubernetes/dev/app/health-probes.yml

@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dejo-node
+spec:
+  template:
+    spec:
+      containers:
+      - name: deje-node
+        livenessProbe:
+          httpGet:
+            path: /health/liveness
+            port: 8080
+          initialDelaySeconds: 3
+          periodSeconds: 5
+        readinessProbe:
+          httpGet:
+            path: /health/readiness
+            port: 8080
+          initialDelaySeconds: 10
+          periodSeconds: 10
+        startupProbe:
+          httpGet:
+            path: /health/startup
+            port: 8080
+          failureThreshold: 30
+          periodSeconds: 10
+

infrastructure/kubernetes/dev/app/image-tag.yml

@@ -0,0 +1,10 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dejo-node
+spec:
+  template:
+    spec:
+      containers:
+      - name: dejo-node
+        image: 859024677525.dkr.ecr.us-east-1.amazonaws.com/dev-dejo/dejo-node:latest

infrastructure/kubernetes/dev/app/ingress.yml

@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: dejo-node-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+spec:
+  rules:
+  - host: dev-dejo-node.dejo.digital
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: dejo-node-svc
+            port:
+              number: 8545
+

infrastructure/kubernetes/dev/base/app/configmap.yml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dejo-node-config
+data:
+  # ex.: configuração genérica, se precisar
+  LOG_LEVEL: "info"
+

infrastructure/kubernetes/dev/base/app/deployment.yml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dejo-node
+  labels:
+    app: dejo-node
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: dejo-node
+  template:
+    metadata:
+      labels:
+        app: dejo-node
+    spec:
+      containers:
+      - name: dejo-node
+        image: dejo/node:latest
+        ports:
+        - containerPort: 8545
+        - containerPort: 30303
+        envFrom:
+        - configMapRef:
+            name: dejo-node-config
+        volumeMounts:
+        - name: blockchain-storage
+          mountPath: /data
+      volumes:
+      - name: blockchain-storage
+        persistentVolumeClaim:
+          claimName: dejo-node-pvc
+

infrastructure/kubernetes/dev/base/app/hpa.yml

@@ -0,0 +1,19 @@
+apiVersion: autoscaling/v2beta2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: dejo-node-hpa
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: dejo-node
+  minReplicas: 2
+  maxReplicas: 10
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 70
+

infrastructure/kubernetes/dev/base/app/ingress.yml

@@ -0,0 +1,8 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: dejo-node-ingress
+  labels:
+    app: dejo-node
+spec: {}
+

infrastructure/kubernetes/dev/base/app/pvc.yml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: dejo-node-pvc
+  labels:
+    app: dejo-node
+spec:
+  accessModes: ["ReadWriteOnce"]
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: gp3
+

infrastructure/kubernetes/dev/base/app/service.yml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: dejo-node-svc
+  labels:
+    app: dejo-node
+spec:
+  type: LoadBalancer
+  selector:
+    app: dejo-node
+  ports:
+  - name: rpc
+    port: 8545
+    targetPort: 8545
+  - name: p2p
+    port: 30303
+    targetPort: 30303
+

infrastructure/kubernetes/dev/base/kustomization.yml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./app/deployment.yml
+  - ./app/service.yml
+  - ./app/pvc.yml
+  - ./app/configmap.yml
+    #  - ./app/hpa.yml
+  - ./app/ingress.yml  
+
+commonLabels:
+  app: dejo-node

infrastructure/kubernetes/dev/kustomization.yml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: dejo-node
+resources:
+  - base
+
+patchesStrategicMerge:
+  # se você precisar alterar só a imagem, replicas, ingress, etc:
+  - app/image-tag.yml
+  - app/ingress.yml
+  - app/health-probes.yml
+commonLabels:
+  env: dev
+

infrastructure/terraform/dev/.terraform.lock.hcl

@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "5.99.1"
+  constraints = ">= 5.43.0, >= 5.83.0"
+  hashes = [
+    "h1:967WCGUW/vgrjUMBvC+HCie1DVgOXHwUkhm2ng3twJw=",
+    "zh:00b0a61c6d295300f0aa7a79a7d40e9f836164f1fff816d38324c148cd846887",
+    "zh:1ee9d5ccb67378704642db62113ac6c0d56d69408a9c1afb9a8e14b095fc0733",
+    "zh:2035977ed418dcb18290785c1eeb79b7133b39f718c470346e043ac48887ffc7",
+    "zh:67e3ca1bf7061900f81cf958d5c771a2fd6048c2b185bec7b27978349b173a90",
+    "zh:87fadbe5de7347ede72ad879ff8d8d9334103cd9aa4a321bb086bfac91654944",
+    "zh:901d170c457c2bff244a2282d9de595bdb3ebecc33a2034c5ce8aafbcff66db9",
+    "zh:92c07d6cf530679565b87934f9f98604652d787968cce6a3d24c148479b7e34b",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:a7d4803b4c5ff17f029f8b270c91480442ece27cec7922c38548bcfea2ac2d26",
+    "zh:afda848da7993a07d29018ec25ab6feda652e01d4b22721da570ce4fcc005292",
+    "zh:baaf16c98b81bad070e0908f057a97108ecd6e8c9f754d7a79b18df4c8453279",
+    "zh:c3dd496c5014427599d6b6b1c14c7ebb09a15df78918ae0be935e7bfa83b894c",
+    "zh:e2b84c1d40b3f2c4b1d74bf170b9e932983b61bac0e6dab2e36f5057ddcc997f",
+    "zh:e49c92cb29c53b4573ed4d9c946486e6bcfc1b63f1aee0c79cc7626f3d9add03",
+    "zh:efae8e339c4b13f546e0f96c42eb95bf8347de22e941594849b12688574bf380",
+  ]
+}

infrastructure/terraform/dev/dns.tf

@@ -0,0 +1,15 @@
+#data "aws_route53_zone" "dev-dejo" {
+#  name         = "dev.dejo.digital"
+#  private_zone = false
+#}
+
+#resource "aws_route53_record" "this" {
+#  zone_id = data.aws_route53_zone.dev-dejo-be.zone_id
+#  name    = local.azion.domain.cname
+#  type    = "CNAME"
+#  ttl     = 60
+
+# records = [
+#    module.azion-backend.azion_domain.domain_name
+# ]
+#}

infrastructure/terraform/dev/ecr.tf

@@ -0,0 +1,3 @@
+resource "aws_ecr_repository" "this" {
+  name = "dev-dejo/dejo-node"
+}

infrastructure/terraform/dev/locals.tf

@@ -0,0 +1,48 @@
+locals {
+  region = "us-east-1"
+
+  owner        = "dejo"
+  env          = "dev"
+  maintainer   = "dejo"
+  app          = "dejo-node"
+  tier         = "backend"
+  base_name    = "${local.env}-${local.maintainer}-${local.app}"
+  kms_key_name = "alias/${local.base_name}-terraform-bucket-key"
+
+  eks = {
+    # After change cluster_name, change the the secret: DEV_DEJO_KUBE_CONFIG_DATA 
+    # The value is a base64 from kubeconfig, example: cat ~/.kubeconfig | base64 -w 0
+    cluster_name = "dev-dejo"
+    lb_name      = "a7d3a64e7cd704e17a87740e579df9bc"
+
+    namespace            = "dejo-node"
+    service_account_name = "api-app-sa"
+  }
+
+  s3 = {
+    bucket = "${local.owner}-${local.env}-${local.app}-permanent-storage"
+    acl    = "private"
+
+    versioning = {
+      enabled = true
+    }
+  }
+
+  #  event_bus = {
+  #    name = "dev-dejo-event-bus"
+  #  }
+
+  custom_tags = {
+    App  = upper(local.app)
+    Tier = title(local.tier)
+  }
+
+  default_tags = {
+    Owner      = title(local.owner)
+    Env        = title(local.env)
+    Maintainer = title(local.maintainer)
+    ManagedBy  = "Terraform"
+    BaseName   = local.base_name
+    App        = "${local.maintainer}-${local.app}"
+  }
+}

infrastructure/terraform/dev/output.tf

@@ -0,0 +1,4 @@
+#output "azion_domain_id" {
+#  description = "Azion domain ID"
+#  value       = module.azion-backend.azion_domain.id
+#}

infrastructure/terraform/dev/provider.tf

@@ -0,0 +1,25 @@
+provider "aws" {
+  profile = "dejo-dev"
+  region  = "us-east-1"
+
+  default_tags {
+    tags = local.default_tags
+  }
+}
+
+provider "aws" {
+  alias   = "virginia"
+  profile = "dejo-dev"
+  region  = "us-east-1"
+
+  default_tags {
+    tags = local.default_tags
+  }
+}
+
+#provider "aws" {
+#  alias   = "sao_paulo"
+#  profile = "dejo-prd"
+#  region  = "sa-east-1"
+#}
+

infrastructure/terraform/dev/role.tf

@@ -0,0 +1,15 @@
+module "kubernetes-backend-role" {
+  source = "../../../../iac/aws/dejo-terraform/modules/kubernetes-backend-role/"
+
+  env            = local.env
+  app            = local.app
+
+  eks_cluster_name         = local.eks.cluster_name
+  eks_namespace            = local.eks.namespace
+  eks_service_account_name = local.eks.service_account_name
+
+  allowed_event_names = [
+    "ProductUserPublished"
+  ]
+}
+

infrastructure/terraform/dev/s3.tf

@@ -0,0 +1,41 @@
+# Criação da chave KMS para criptografia do bucket
+resource "aws_kms_key" "dev_dejo_node" {
+  description             = "KMS key to encrypt S3 bucket objects for ${local.base_name}"
+  deletion_window_in_days = 7
+  enable_key_rotation     = true
+
+  tags = merge(
+    local.default_tags,
+    {
+      Name = "${local.base_name}-bucket-key"
+    }
+  )
+}
+
+# Alias para facilitar referência à chave KMS
+resource "aws_kms_alias" "dev_dejo_node" {
+  name          = local.kms_key_name
+  target_key_id = aws_kms_key.dev_dejo_node.key_id
+}
+
+# Bucket S3 criptografado com KMS
+module "s3_bucket" {
+  source  = "terraform-aws-modules/s3-bucket/aws"
+  version = "~> 4.0"
+
+  bucket     = local.s3.bucket
+#  acl        = local.s3.acl
+  versioning = local.s3.versioning
+
+  server_side_encryption_configuration = {
+    rule = {
+      apply_server_side_encryption_by_default = {
+        kms_master_key_id = aws_kms_key.dev_dejo_node.arn
+        sse_algorithm     = "aws:kms"
+      }
+    }
+  }
+
+  tags = local.default_tags
+}
+

infrastructure/terraform/dev/state.tf

@@ -0,0 +1,11 @@
+terraform {
+  backend "s3" {
+    profile        = "dejo-dev"
+    bucket         = "dev-dejo-terraform"
+    key            = "state/dejo-node/infrastructure/dev.tfstate"
+    region         = "us-east-1"
+    encrypt        = true
+    kms_key_id     = "alias/dev-dejo-terraform-bucket-key"
+    use_lockfile   = true
+  }
+}