MISW-4104-Web · juanmanuelgg · Oct 29, 2023 · Nov 1, 2023 · Nov 1, 2023 · Nov 1, 2023
diff --git a/.github/workflows/publish_image.yml b/.github/workflows/publish_image.yml
@@ -0,0 +1,35 @@
+name: publish_image
+
+on:
+  push:
+    branches:
+      - "master"
+
+jobs:
+  docker-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: downcase GITHUB_REPOSITORY
+        run: |
+          echo "GITHUB_REPOSITORY_LOWERCASE=${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV}
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: ./
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ghcr.io/${{ env.GITHUB_REPOSITORY_LOWERCASE }}:latest
+            ghcr.io/${{ env.GITHUB_REPOSITORY_LOWERCASE }}:1.0.1
diff --git a/.gitignore b/.gitignore
@@ -390,3 +390,38 @@ Temporary Items
 docker-compose.yml
 .env
 dist
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
@@ -0,0 +1,7 @@
+{
+    "recommendations": [
+        "hashicorp.terraform",
+        "pkief.material-icon-theme"
+    ]
+}
+
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,15 @@
+{
+    "files.eol": "\n",
+    "[terraform]": {
+      "editor.defaultFormatter": "hashicorp.terraform",
+      "editor.formatOnSave": true,
+      "editor.formatOnPaste": true,
+    },
+    "[terraform-vars]": {
+      "editor.defaultFormatter": "hashicorp.terraform",
+      "editor.formatOnSave": true,
+      "editor.formatOnPaste": true,
+    },
+    "workbench.iconTheme": "material-icon-theme"
+  }
+
diff --git a/Dockerfile b/Dockerfile
@@ -1,11 +1,27 @@
-FROM node:12-alpine
+# Build stage
+FROM node:12-alpine AS builder
 
 WORKDIR /usr/src/app
 
-COPY package.json .
+COPY package*.json ./
 
 RUN npm install --quiet
 
 COPY . .
 
-CMD ["npm", "run", "start"]
+RUN npm run build
+
+# Production stage
+FROM node:12-alpine
+
+WORKDIR /usr/src/app
+
+COPY package*.json ./
+
+# Install only production dependencies
+RUN npm ci --only=production
+
+# Copy built app from the previous stage
+COPY --from=builder /usr/src/app/dist ./dist
+
+CMD ["npm", "run", "start:prod"]
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
@@ -0,0 +1,31 @@
+version: "3.8"
+
+services:
+  web:
+    image: ghcr.io/juanmanuelgg/backvynils:latest
+    environment:
+      DB_HOST: "db"
+    ports:
+      - "3000:3000"
+    depends_on:
+      - db
+    links:
+      - db
+    networks:
+      - default
+
+  db:
+    image: postgres
+    environment:
+      - POSTGRES_DB=vinyls
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=postgres
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    ports:
+      - "5432:5432"
+    networks:
+      - default
+
+volumes:
+  pgdata:
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -3,9 +3,6 @@ version: "3.8"
 services:
   web:
     build: .
-    command: npm run start
-    volumes:
-      - /usr/src/app
     environment:
       DB_HOST: "db"
     ports:
@@ -23,7 +20,12 @@ services:
       - POSTGRES_DB=vinyls
       - POSTGRES_USER=postgres
       - POSTGRES_PASSWORD=postgres
+    volumes:
+      - pgdata:/var/lib/postgresql/data
     ports:
       - "5432:5432"
     networks:
       - default
+
+volumes:
+  pgdata:
diff --git a/src/app.module.ts b/src/app.module.ts
@@ -42,7 +42,7 @@ import { AlbumMusicianModule } from './albummusician/albummusician.module';
       password: 'postgres',
       database: 'vinyls',
       entities: [Album, CollectorAlbum, Band, Collector, Comment, Musician, Performer, PerformerPrize, Prize, Track,],
-      dropSchema: true,
+      dropSchema: false,
       synchronize: true,
       keepConnectionAlive: true,
       migrations: [__dirname + '/migration/**/*{.ts,.js}'],

diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
diff --git a/terraform/main.sh b/terraform/main.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# This script is used to run terraform commands
+terraform init
+terraform destroy
+terraform apply
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -0,0 +1,24 @@
+module "foundation" {
+  source              = "./modules/foundation"
+  do_token            = var.do_token
+  region              = var.region
+  domain              = var.domain
+  do_ssh_pub_key_file = var.do_ssh_pub_key_file
+}
+
+module "vm" {
+  source                  = "./modules/vm"
+  do_token                = var.do_token
+  region                  = var.region
+  digitalocean_ssh_key_id = module.foundation.digitalocean_ssh_key_id
+  vpc_uuid                = module.foundation.vpc_uuid
+  ip_address              = module.foundation.ip_address
+  proyect_id              = module.foundation.proyect_id
+}
+
+
+module "firewall" {
+  source     = "./modules/firewall"
+  do_token   = var.do_token
+  droplet_id = module.vm.droplet_id
+}
diff --git a/terraform/modules/firewall/main.tf b/terraform/modules/firewall/main.tf
@@ -0,0 +1,57 @@
+resource "digitalocean_firewall" "web" {
+  name = "web-22-53-80-443"
+
+  droplet_ids = [var.droplet_id]
+
+  inbound_rule {
+    protocol         = "tcp"
+    port_range       = "22"
+    source_addresses = ["0.0.0.0/0", "::/0"]
+  }
+  /* La idea es quitar http cuando ya se tiene https.
+  inbound_rule {
+    protocol         = "tcp"
+    port_range       = "80"
+    source_addresses = ["0.0.0.0/0", "::/0"]
+  }
+  */
+  inbound_rule {
+    protocol         = "tcp"
+    port_range       = "443"
+    source_addresses = ["0.0.0.0/0", "::/0"]
+  }
+  /* Solo para pruebas
+  inbound_rule {
+    protocol         = "tcp"
+    port_range       = "3000"
+    source_addresses = ["0.0.0.0/0", "::/0"]
+  }
+  */
+  outbound_rule {
+    protocol              = "tcp"
+    port_range            = "53"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+  outbound_rule {
+    protocol              = "udp"
+    port_range            = "53"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+  outbound_rule {
+    protocol              = "tcp"
+    port_range            = "80"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+  outbound_rule {
+    protocol              = "tcp"
+    port_range            = "443"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+  /* Solo para pruebas
+  outbound_rule {
+    protocol              = "tcp"
+    port_range            = "3000"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+  */
+}
diff --git a/terraform/modules/firewall/provider.tf b/terraform/modules/firewall/provider.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "~> 2.0"
+    }
+  }
+}
+
+provider "digitalocean" {
+  token = var.do_token
+}
diff --git a/terraform/modules/firewall/variables.tf b/terraform/modules/firewall/variables.tf
@@ -0,0 +1,9 @@
+variable "do_token" {
+  description = "DigitalOcean API token"
+  type        = string
+}
+
+variable "droplet_id" {
+  description = "The ID of the droplet to apply the firewall to"
+  type        = number
+}
diff --git a/terraform/modules/foundation/main.tf b/terraform/modules/foundation/main.tf
@@ -0,0 +1,34 @@
+resource "digitalocean_ssh_key" "default" {
+  name       = "SSH-DigitalOcean-key"
+  public_key = file(var.do_ssh_pub_key_file)
+}
+
+resource "digitalocean_vpc" "default" {
+  name     = "my-network"
+  region   = var.region
+  ip_range = "10.10.11.0/24"
+}
+
+resource "digitalocean_reserved_ip" "default" {
+  region = var.region
+}
+
+resource "digitalocean_domain" "default" {
+  name       = var.domain
+  ip_address = digitalocean_reserved_ip.default.ip_address
+}
+
+resource "digitalocean_record" "www" {
+  domain = digitalocean_domain.default.id
+  type   = "A"
+  name   = "www"
+  value  = digitalocean_reserved_ip.default.ip_address
+}
+
+resource "digitalocean_project" "default" {
+  name        = "AppBajoPruebas"
+  description = "Un proyecto web del curso: Ingenieria de software para aplicaciones moviles."
+  purpose     = "Web Application"
+  environment = "Development"
+  resources   = [digitalocean_domain.default.urn]
+}
diff --git a/terraform/modules/foundation/outputs.tf b/terraform/modules/foundation/outputs.tf
@@ -0,0 +1,15 @@
+output "digitalocean_ssh_key_id" {
+  value = digitalocean_ssh_key.default.id
+}
+
+output "vpc_uuid" {
+  value = digitalocean_vpc.default.id
+}
+
+output "ip_address" {
+  value = digitalocean_reserved_ip.default.ip_address
+}
+
+output "proyect_id" {
+  value = digitalocean_project.default.id
+}