@ossy/deployment-tools 0.0.67 → 0.0.69

package/README.md

@@ -37,11 +37,71 @@ npx --yes @ossy/deployment-tools deploy \
   --ossyfile packages/${{ github.event.inputs.packageName }}/ossy.json \
 ```
 
-## Infrastructure
+## Concepts
+
+**Workspace**
+
+A workspace is an umbrella for our services.
+It needs to be associated with at least one billable account.
+The workspace holds information like what tools and services are in use and should
+be billed, and what users have access to these tools and services.
+
+```
+id: string;
+name: string;
+participants: WorkspaceParticipant[];
+services: ServiceDefinition[];
+billingInformation
+
+```
+
+## Our domains
+
+ossy.se
+www.ossy.se
+test.ossy.se
+
+api.ossy.se
+api.test.ossy.se
+
+plexus.ossy.se
+plexus.test.ossy.se
+
+oskarssylwan.se
+www.oskarssylwan.se
+test.oskarssylwan.se
+
+
+## Overview of our infrastructure
 
 We use AWS to host our infrastructure and all of it is defined in JavaScript with the help of
 (AWS CDK)[https://aws.amazon.com/cdk/].
 
+**Static content**
+
+We use a s3 bucket for static content.
+This bucket is used to host websites, images, videos and other static content.
+On root level you'll find directories that represent one workspace each.
+
+/<workspacId>/<service>/
+/<workspacId>/websites/website-id
+
+The bucket have directories for each workspace that is the workspaceID.
+
+The bucket have directories for each workspace that contains a media directory and website directories
+
+- a place to host media files like images, videos, pdf documents etc.
+- a platform to host different docker images to
+- a mongodb database that can ensure data persistance without much effort from our our side
+- an email service
+- an easy way to host multiple single page applications
+
+Stacks
+
+- email service stack per env
+- media bucket stack per env
+- stack for dns records with the account that holds domain names
+
 ### Adding a new AWS account
 We have a different account for each service and environment.
 To add a new account follow the steps below.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ossy/deployment-tools",
-  "version": "0.0.67",
+  "version": "0.0.69",
   "description": "Collection of scripts and tools to aid deployment of containers and static files to Amazon Web Services through GitHub Actions",
   "source": "./src/index.js",
   "main": "./src/index.js",
@@ -21,6 +21,7 @@
     "aws-cdk-lib": "^2.59.0",
     "constructs": "^10.1.211",
     "express": "^4.18.1",
+    "glob": "^9.3.2",
     "nanoid": "^3.3.4",
     "node-fetch": "^2.6.7"
   },

package/src/aws-credentials/cli.js

@@ -29,8 +29,7 @@ const assumeRole = options => {
     '--target-platform': String
   }, { argv: options })
 
-  const stackname = parsedArgs['--target-platform'] || ''
-  const [platformName] = stackname.split('-')
+  const platformName = parsedArgs['--target-platform'] || ''
 
   PlatformTemplateService.readFromFile(parsedArgs['--platforms'] || process.env.PLATFORMS)
     .then(templates => templates.map(PlatformConfigService.from))

package/src/caddy/caddy-config.js

@@ -1,3 +1,6 @@
+const { DeploymentTemplateService } = require('../template')
+const { SupportedEnvironments } = require('../config')
+
 const Matchers = {
   host: host => ({ host: [host] }),
   path: path => ({ path: [path] })
@@ -19,48 +22,43 @@ const Handlers = {
 */
 class CaddyConfigService {
 
-  static getRouteConfig(platformConfig, deploymentRequest) {
-
-    const url = [
-      deploymentRequest.subdomain,
-      platformConfig.activeEnvironment !== 'prod' ? platformConfig.activeEnvironment : undefined,
-      platformConfig.domain
-    ]
-      .filter(x => !!x)
-      .join('.')
+  static createConfig(platformConfig, deploymentTemplates) {
 
-    return {
-      match: [Matchers.host(url)],
-      handle: [Handlers.subroute([{ handle: [Handlers.reverseProxy(deploymentRequest.hostPort)]}])]
-    }
-  }
+    const containerDeployments = DeploymentTemplateService
+      .getContainerDeploymentsForEnvironmentType(platformConfig.environmentType, deploymentTemplates)
 
-  static getDefaultConfig(platformConfig) {
     return {
       apps: {
         http: {
           servers: {
-            [platformConfig.ciServerName]: {
+            'deployment-tools': {
               listen: [':80', ':443'],
-              routes: [
-                {
-                  match: [Matchers.host(`${platformConfig.ciSubDomain}.${platformConfig.activeEnvironment}.${platformConfig.domain}`)],
-                  handle: [Handlers.subroute([{ handle: [Handlers.reverseProxy(platformConfig.ciInternalServerPort)]}])]
-                }
-              ]
+              routes: containerDeployments.map(deploymentTemplate => ({
+                match: [Matchers.host(deploymentRequest.domain)],
+                handle: [Handlers.subroute([{ handle: [Handlers.reverseProxy(deploymentRequest.hostPort)]}])]
+              }))
             }
           }
         },
-        tls: platformConfig.activeEnvironment === 'local-dev' ? undefined : {
+        tls: platformConfig.environmentType === 'local-dev' ? undefined : {
           automation: {
             policies: [
               {
-                subjects:[`*.${platformConfig.activeEnvironment}.${platformConfig.domain}`],
+                subjects: DeploymentTemplateService.groupDeploymentDomainsByRootDomain(containerDeployments).keys().flatMap(rootDomain => {
+                    const environmentSubdomain = platformConfig.environmentType === SupportedEnvironments.PROD
+                      ? ''
+                      : `${platformConfig.environmentType}.`
+
+                    return [
+                      `*.${environmentSubdomain}${rootDomain}`,
+                      `${environmentSubdomain}${rootDomain}`
+                    ]
+                  }),
                 issuers:[
                   {
-                    challenges:{
+                    challenges: {
                       dns:{
-                        provider:{
+                        provider: {
                           'max_retries': 10,
                           name: 'route53',
                           'aws_profile': 'ci-client'

package/src/caddy/caddy.js

@@ -7,55 +7,17 @@ const { logInfo, logError, logDebug } = require('../log')
 */
 class CaddyService {
 
-  static addDeployment(platformConfig, deploymentRequest) {
-    const routeConfig = CaddyConfigService.getRouteConfig(platformConfig, deploymentRequest)
-    const host = routeConfig.match[0].host[0]
-    logInfo({ message: `[CaddyService] Updating caddy config to route ${host} to localhost:${deploymentRequest.hostPort}` })
-
-    return fetch(`http://localhost:2019/config/apps/http/servers/${platformConfig.ciServerName}/routes`, {
+  static applyConfig(config) {
+    return fetch('http://localhost:2019/load', {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify(routeConfig)
+      body: JSON.stringify(config)
     })
-      .then(response => response?.error && logError({ message: `[CaddyService] Could not update caddy config to include ${host}`, error }))
-      .catch(error => logError({ message: `[CaddyService] Could not update caddy config to include ${host}`, error }))
+    .then(response => response?.error && logError({ message: '[CaddyService] Could not apply default caddy config', error }))
+    .catch(error => logError({ message: '[CaddyService] Could not apply default caddy config', error }))
   }
 
-  static applyDefaultConfig(platformConfig) {
-    return CaddyService.fetchServerConfig(platformConfig)
-      .then(caddyConfig => {
-
-        if (caddyConfig) {
-          logInfo({ message: '[CaddyService] Server config already exist, not applying default config' })
-          return
-        }
 
-        logInfo({ message: '[CaddyService] Applying default caddy config' })
-        const defaultConfig = CaddyConfigService.getDefaultConfig(platformConfig)
-        return fetch('http://localhost:2019/load', {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify(defaultConfig)
-        })
-      })
-      .then(response => response?.error && logError({ message: '[CaddyService] Could not apply default caddy config', error }))
-      .catch(error => logError({ message: '[CaddyService] Could not apply default caddy config', error }))
-
-  }
-
-  static fetchServerConfig(platformConfig) {
-    logInfo({ message: '[CaddyService] Fetching server config' })
-    return fetch(`http://localhost:2019/config/apps/http/servers/${platformConfig.ciServerName}`, {
-      method: 'GET',
-      headers: { 'Content-Type': 'application/json' }
-    })
-      .then(x => x.json())
-      .then(response => {
-        if (!response?.error) return response
-        logInfo({ message: '[CaddyService] No server config found' })
-        logDebug({ message: '[CaddyService] Error while fetching server config', data: response.error })
-      })
-  }
 }
 
 module.exports = {

package/src/config/platform-config.js

@@ -1,3 +1,20 @@
+/**
+ * Platform config definition
+ * @typedef {Object} PlatformConfig
+ * @property {string} platformName - Name of platform
+ * @property {string} environmentType - local, test, qa, prod
+ *
+ * @property {string} awsAccountId - Aws account id
+ * @property {string=} awsRegion - ?
+ * @property {string=} awsKeyPairName - ?
+ * @property {string} awsRoleToAssume - ?
+ * @property {string=} awsDeploymentSqsName - ?
+ * @property {string=} awsDeploymentSqsArn - ?
+ *
+ * @property {string=} ciDockerNetworkName - ?
+ * @property {string} ciGithubActionsRepo - organisation/repoName
+ */
+
 const SupportedRegions = {
   North: 'eu-north-1'
 }
@@ -11,16 +28,10 @@ const SupportedEnvironments = {
 }
 
 const SupportedDeploymentTypes = {
-  Container: 'CONTAINER'
-  // Static = 'STATIC'
+  Container: 'CONTAINER',
+  Static: 'STATIC'
 }
 
-// export interface PlatformConfig extends Required<Omit<PlatformTemplate, 'awsRoleToAssume' | 'awsKeyPairName'>> {
-//   activeEnvironment: SupportedEnvironments;
-//   awsRoleToAssume?: string;
-//   awsKeyPairName?: string;
-// }
-
 /**
   * @class
 */
@@ -31,17 +42,17 @@ class PlatformConfigService {
     const withDefaults = {
       platformName: SupportedEnvironments.LOCAL,
       domain: 'localhost',
-      activeEnvironment: SupportedEnvironments.LOCAL,
-      supportedDeploymentTypes: ['CONTAINER'],
-      ciSubDomain: 'ci',
-      ciInternalServerPort: 3000,
-      ciServerName: 'ci-client',
-      ciDockerNetworkName: 'deployment-tools',
+      environmentType: SupportedEnvironments.LOCAL,
       awsRegion: SupportedRegions.North,
-      ...template
+      ...template,
+      // values below should not be overriden by the template properties
+      ciDockerNetworkName: 'deployment-tools',
     }
 
-    const awsDeploymentSqsArn = `https://sqs.${withDefaults.awsRegion}.amazonaws.com/${withDefaults.awsAccountId}/${withDefaults.platformName}-${withDefaults.activeEnvironment}`
+    const awsDeploymentSqsName = `${withDefaults.platformName}-container-deployments-requests`
+
+    const awsDeploymentSqsArn =
+      `https://sqs.${withDefaults.awsRegion}.amazonaws.com/${withDefaults.awsAccountId}/${awsDeploymentSqsName}`
 
     const awsRoleToAssume = process.env.CI
       ? `github-ci-role-${withDefaults.platformName}`
@@ -49,8 +60,9 @@ class PlatformConfigService {
 
     return {
       ...withDefaults,
+      awsDeploymentSqsName,
       awsDeploymentSqsArn,
-      awsRoleToAssume
+      awsRoleToAssume,
     }
 
   }

package/src/deploy/cli.js

@@ -13,22 +13,28 @@ const deploy = options => {
     '--authentication': String,
     '--a': '--authentication',
 
-    '--target-env': String,
-    '-t': '--target-env',
+    '--domain': String,
+    '-d': '--domain',
+
+    '--platform': String,
+    '-p': '--platform',
+
+    '--platforms-path': String,
+    '-pp': '--platforms-path',
+
+    '--ossy-files': String,
+    '-o': '--ossy-files',
 
-    '--ossyfile': String,
-    '-o': '--ossyfile',
 
-    '--platforms': String,
-    '-p': '--platforms'
   }, { argv: options })
 
   PlatformDeploymentService.deploy({
     username: parsedArgs['--username'],
     authentication: parsedArgs['--authentication'],
-    targetEnvironment: parsedArgs['--target-env'],
-    pathToPlatformTemplates: parsedArgs['--platforms'],
-    pathToOssyFile: parsedArgs['--ossyfile']
+    targetDomain: parsedArgs['--domain'],
+    targetPlatform: parsedArgs['--platform'],
+    pathToPlatformTemplates: parsedArgs['--platforms-path'],
+    pathToOssyFile: parsedArgs['--ossy-files']
   })
 }
 

package/src/deploy/index.js

@@ -0,0 +1 @@
+module.exports = require('./platform-deployment.js')

package/src/deploy/platform-deployment.js

@@ -1,37 +1,11 @@
-const { resolve } = require('path')
 const { readFileSync } = require('fs')
-const { PlatformTemplateService } = require('../template')
-const { PlatformConfigService, SupportedDeploymentTypes } = require('../config')
+const { resolve } = require('path')
+const { PlatformTemplateService, DeploymentTemplateService } = require('../template')
+const { PlatformConfigService, SupportedDeploymentTypes, SupportedEnvironments } = require('../config')
 const { DeploymentQueueService } = require('../deployment-queue')
+const { CaddyConfigService } = require('../caddy')
 const { logError } = require('../log')
 
-// export interface DeploymentTemplate {
-//   type: SupportedDeploymentTypes;
-//   targetDeploymentPlatform: string;
-//   subdomain?: string;
-//   env?: {
-//     shared?: { [name: string]: string | number };
-//     prod?: { [name: string]: string | number };
-//     test?: { [name: string]: string | number };
-//     qa?: { [name: string]: string | number };
-//   }
-// }
-
-// export interface ContainerDeploymentTemplate extends DeploymentTemplate {
-//   type: SupportedDeploymentTypes.Container;
-//   dockerFile: string;
-//   dockerContext: string;
-//   image: string;
-//   hostPort: number;
-//   containerPort: number;
-//   registry: string;
-// }
-
-// export interface ContainerDeploymentRequest extends ContainerDeploymentTemplate {
-//   authentication?: string;
-//   username?: string;
-// }
-
 /**
   * @class
 */
@@ -40,63 +14,55 @@ class PlatformDeploymentService {
   static deploy({
     username,
     authentication,
-    targetEnvironment,
+    targetDomain,
+    targetPlatform,
     pathToPlatformTemplates,
-    pathToOssyFile
+    globPatternForOssyFiles
   }) {
 
-    const platformConfigRequest = PlatformTemplateService.readFromFile(pathToPlatformTemplates)
-      .then(templates => templates.map(x => ({ ...x, activeEnvironment: targetEnvironment })))
-      .then(templates => templates.map(x => PlatformConfigService.from(x)))
+    return Promise.all([
+      DeploymentTemplateService.readOssyFiles(globPatternForOssyFiles),
+      PlatformTemplateService.readFromFile(pathToPlatformTemplates)
+        .then(templates => templates.map(PlatformConfigService.from))
+    ])
+      .then(([deploymentTemplates, platformConfigs]) => {
 
-    const deploymentTemplatesRequest = PlatformDeploymentService.getDeploymentTemplates(pathToOssyFile)
+        const platformConfig = platformConfigs.find(({ platformName }) => platformName === targetPlatform)
+        const deploymentTemplatesForTargetPlatform = deploymentTemplates[targetPlatform] || []
+        const deploymentTemplate = deploymentTemplatesForTargetPlatform.find(({ domain }) => domain === targetDomain)
 
-    return Promise.all([platformConfigRequest, deploymentTemplatesRequest])
-      .then(([platformConfigs, deploymentTemplates]) => {
-        deploymentTemplates.map(deploymentTemplate => {
+        if (!platformConfig) {
+          logError({ message: `[PlatformDeploymentService] Could not find a platform named ${targetPlatform}` })
+          return Promise.reject()
+        }
 
-          const platformConfig = platformConfigs.find(config => config.platformName === deploymentTemplate.targetDeploymentPlatform)
+        if (!deploymentTemplate) {
+          logError({ message: `[PlatformDeploymentService] Could not find a deployment template for ${targetDomain} in ${targetPlatform}` })
+          return Promise.reject()
+        }
 
-          if (!platformConfig) {
-            logError({ message: `[PlatformDeploymentService] Could not find a deployment platform with the name ${deploymentTemplate.targetDeploymentPlatform}` })
-            return Promise.reject()
-          }
+        process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
 
-          process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
+        if (deploymentTemplate.type === SupportedDeploymentTypes.Container) {
 
-          if (deploymentTemplate.type !== SupportedDeploymentTypes.Container) {
-            logError({ message: `[PlatformDeploymentService] Unsupported deployment type of ${deploymentTemplate.type}` })
-            return Promise.reject()
-          }
+          const caddyConfig = CaddyConfigService.createConfig(platformConfig, deploymentTemplatesForTargetPlatform)
 
           const deploymentRequest = {
             ...deploymentTemplate,
-            env: PlatformDeploymentService.getEnvironmentVariables(targetEnvironment, deploymentTemplate),
             username: username,
-            authentication: authentication
+            authentication: authentication,
+            caddyConfig
           }
 
           return DeploymentQueueService.sendDeploymentRequest(platformConfig, deploymentRequest)
+        }
 
-        })
+        logError({ message: `[PlatformDeploymentService] Unsupported deployment type of ${deploymentTemplate.type}` })
+        return Promise.reject()
       })
       .catch(error => logError({ message: '[PlatformDeploymentService] Could not send deployment request', error }))
   }
 
-  static getDeploymentTemplates(pathToOssyFile) {
-    if (!pathToOssyFile) return logError({ message: '[PlatformDeploymentService] No path to ossy.json provided' })
-    const ossyfile = JSON.parse(readFileSync(resolve(pathToOssyFile), 'utf8'))
-    return Promise.resolve(ossyfile.deployments || [])
-  }
-
-  static getEnvironmentVariables(targetEnvironment, deploymentRequest) {
-    const envs = deploymentRequest.env || {}
-    return {
-      ...(envs.shared || {}),
-      ...(envs[targetEnvironment] || {})
-    }
-  }
-
 }
 
 module.exports = {

package/src/infrastructure/cli.js

@@ -1,30 +1,41 @@
 #!/usr/bin/env node
 /* eslint-disable no-new */
 const { App } = require('aws-cdk-lib')
-
-const { PlatformStack } = require('./platform-stack')
-const { EstablishTrustStack } = require('./establish-trust-stack')
-
-const { PlatformTemplateService } = require('../template')
+const { TrustCiStack } = require('./trust-ci-stack')
+const { DeploymentTargetStack } = require('./deployment-target-stack')
+const { DnsStack } = require('./dns-stack')
+const { PlatformTemplateService, DeploymentTemplateService } = require('../template')
 const { PlatformConfigService } = require('../config')
-
-PlatformTemplateService
-  .readFromFile(process.env.PLATFORMS)
-  .then(templates => templates.map(PlatformConfigService.from))
-  .then(configs => {
-
+const { PlatformDeploymentService } = require('../deploy')
+
+Promise.all([
+  DeploymentTemplateService.readOssyFiles('../../../**/ossy.json'),
+  PlatformTemplateService
+    .readFromFile(process.env.PLATFORMS)
+    .then(templates => templates.map(PlatformConfigService.from))
+])
+  .then(([deploymentMap, configs]) => {
     const app = new App()
 
     configs.forEach(config => {
-      const env = { account: config.awsAccountId, region: config.awsRegion }
 
-      new EstablishTrustStack(app, `${config.platformName}-establish-trust`, { config, env })
+      const stackProps = {
+        config,
+        env: {
+          account: config.awsAccountId,
+          region: config.awsRegion
+        }
+      }
+
+      new TrustCiStack(app, `${config.platformName}-trust-ci`, stackProps)
+
+      const deploymentTarget = new DeploymentTargetStack(app, `${config.platformName}-deployment-target`, stackProps)
 
-      config.supportedEnvironments
-        .map(activeEnvironment => PlatformConfigService.from({ ...config, activeEnvironment }))
-        .forEach(config => {
-          new PlatformStack(app, `${config.platformName}-${config.activeEnvironment}`, { config, env })
-        })
+      new DnsStack(app, `${config.platformName}-dns`, {
+        ...stackProps,
+        deployments: deploymentMap[config.platformName],
+        containerDeploymentTargetPublicIp: deploymentTarget.containerDeploymentTargetPublicIp
+      })
 
     })
   })

package/src/infrastructure/{container-server/container-server.js → container-deployment-target/container-deployment-target.js}

@@ -1,4 +1,4 @@
-const { CfnOutput } = require('aws-cdk-lib')
+const { CfnOutput, Duration, RemovalPolicy } = require('aws-cdk-lib')
 const { Construct } = require('constructs')
 const {
   Instance,
@@ -12,25 +12,23 @@ const {
   Port,
   UserData
 } = require('aws-cdk-lib/aws-ec2')
-const { HostedZone, ARecord, RecordTarget } = require('aws-cdk-lib/aws-route53')
 const { Role, ServicePrincipal, Policy, PolicyStatement, Effect } = require('aws-cdk-lib/aws-iam')
-const {
-  getInstallNodeJs,
-  getInstallNpm,
-  getInstallDocker
-} = require('./user-data-commands')
+const { Queue } = require('aws-cdk-lib/aws-sqs')
+const { Source, BucketDeployment } = require('aws-cdk-lib/aws-s3-deployment')
+const { getInstallNodeJs, getInstallNpm, getInstallDocker } = require('./user-data-commands')
 const { CaddyService } = require('./caddy.service')
 const { DeploymentToolsService } = require('./deployment-tools.service')
 const { AwsProfile } = require('./aws-profile')
 const { SupportedRegions } = require('../../config')
 
 /**
- * Platform template definition
+ * ContainerServerProps
  * @namespace ContainerServer
  * @typedef {Object} ContainerServerProps
- * @property {PlatformConfig} platformConfig - platform config
- * @property {Bucket} platformConfigBucket - aws bucket
+ * @property {PlatformConfig} config - platform config
+ * @property {Bucket} bucket - s3 bucket
  */
+
 const InstanceImages = {
   UBUNTU: 'ami-092cce4a19b438926'
 }
@@ -38,11 +36,9 @@ const InstanceImages = {
 /**
   * @class
 */
-class ContainerServer extends Construct {
+class ContainerDeploymentTarget extends Construct {
 
   /**
-   * EC2 Instance that docker containers are served on
-   *
    * @param {object} scope - scope
    * @param {string} id - id
    * @param {ContainerServerProps} props - ContainerServerProps
@@ -50,18 +46,8 @@ class ContainerServer extends Construct {
   constructor(scope, id, props) {
     super(scope, id)
 
-    const hostedZone = new HostedZone(this, 'HostedZone', {
-      zoneName: `${props.platformConfig.activeEnvironment}.${props.platformConfig.domain}`
-    })
-
-    const vpc = Vpc.fromLookup(this, 'VPC', {
-      isDefault: true
-    })
-
-    const securityGroup = new SecurityGroup(this, 'SecurityGroup', {
-      vpc,
-      allowAllOutbound: true
-    })
+    const vpc = Vpc.fromLookup(this, 'VPC', { isDefault: true })
+    const securityGroup = new SecurityGroup(this, 'SecurityGroup', { vpc, allowAllOutbound: true })
 
     securityGroup.addIngressRule(
       Peer.anyIpv4(),
@@ -81,6 +67,16 @@ class ContainerServer extends Construct {
       'allow HTTPS traffic from anywhere'
     )
 
+    const deploymentQueue = new Queue(this, 'DeploymentQueue', {
+      queueName: `${props.config.awsDeploymentSqsName}`,
+      receiveMessageWaitTime: Duration.seconds(20)
+    })
+
+    const platformConfigDeployment = new BucketDeployment(this, 'PlatformConfigDeployment', {
+      sources: [Source.jsonData('platform-config.json', props.config)],
+      destinationBucket: props.bucket
+    })
+
     const role = new Role(this, 'role', {
       assumedBy: new ServicePrincipal('ec2.amazonaws.com')
     })
@@ -95,7 +91,7 @@ class ContainerServer extends Construct {
             'route53:ChangeResourceRecordSets'
           ],
           resources: [
-            `arn:aws:route53:::hostedzone/${hostedZone.hostedZoneId}`,
+            `arn:aws:route53:::hostedzone/*`,
             'arn:aws:route53:::change/*'
           ]
         }),
@@ -127,7 +123,7 @@ class ContainerServer extends Construct {
     )
 
     userData.addS3DownloadCommand({
-      bucket: props.platformConfigBucket,
+      bucket: props.bucket,
       bucketKey: 'platform-config.json',
       localFile: '/home/ubuntu/platform-config.json'
     })
@@ -152,25 +148,15 @@ class ContainerServer extends Construct {
       machineImage: new GenericLinuxImage({
         [SupportedRegions.North]: InstanceImages.UBUNTU
       }),
-      keyName: props.platformConfig.awsKeyPairName
+      keyName: props.config.awsKeyPairName
     })
 
-    props.platformConfigBucket.grantRead(ec2Instance, '*')
-    props.deploymentQueue.grant(ec2Instance, '*')
-
-    // const hostedZone = !!props.createNewHostedZone
-    //   ? new PublicHostedZone(this, 'HostedZone', { zoneName: props.domain })
-    //   : HostedZone.fromLookup(this, 'HostedZone', { domainName: props.domain });
+    props.bucket.grantRead(ec2Instance, '*')
+    deploymentQueue.grant(ec2Instance, '*')
 
-    // eslint-disable-next-line no-new
-    new ARecord(this, 'WildcardRecord', {
-      zone: hostedZone,
-      recordName: `*.${props.platformConfig.activeEnvironment}.${props.platformConfig.domain}`,
-      target: RecordTarget.fromIpAddresses(ec2Instance.instancePublicIp)
-    })
+    this.instancePublicIp = ec2Instance.instancePublicIp
 
-    // eslint-disable-next-line no-new
-    new CfnOutput(this, 'Intance Ip', {
+    new CfnOutput(this, 'Instance Ip', {
       value: ec2Instance.instancePublicIp,
       description: 'Public ip of the ec2 instance',
       exportName: 'instanceIp'
@@ -180,5 +166,5 @@ class ContainerServer extends Construct {
 }
 
 module.exports = {
-  ContainerServer
+  ContainerDeploymentTarget
 }

package/src/infrastructure/container-deployment-target/index.js

@@ -0,0 +1,3 @@
+const { ContainerDeploymentTarget } = require('./container-deployment-target')
+
+module.exports = { ContainerDeploymentTarget }

package/src/infrastructure/deployment-target-stack.js

@@ -0,0 +1,46 @@
+/* eslint-disable no-new */
+const { nanoid } = require('nanoid')
+const { Stack, Duration, RemovalPolicy } = require('aws-cdk-lib')
+const { HostedZone, ARecord, RecordTarget } = require('aws-cdk-lib/aws-route53')
+const { Bucket, BucketEncryption, BlockPublicAccess } = require('aws-cdk-lib/aws-s3')
+const { ContainerDeploymentTarget } = require('./container-deployment-target')
+
+/**
+  * @class
+*/
+class DeploymentTargetStack extends Stack {
+  constructor(scope, id, props) {
+    super(scope, id, props)
+
+    if (!props?.config) {
+      throw ('[DeploymentTargetStack] No template provided')
+    }
+
+    const bucketId = nanoid().toLowerCase().replaceAll('_', '').replaceAll('-', '')
+    const bucketName = `${props.config.platformName}-${bucketId}`
+
+    // TODO: this should probably not be destroyed....
+    const staticDeploymentTarget =
+      new Bucket(this, 'StaticDeploymentTarget', {
+        bucketName: bucketName,
+        blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
+        encryption: BucketEncryption.S3_MANAGED,
+        removalPolicy: RemovalPolicy.DESTROY,
+        autoDeleteObjects: true
+      })
+
+    // TODO: add persistant storage
+    const containerDeploymentTarget =
+      new ContainerDeploymentTarget(this, 'ContainerDeploymentTarget', {
+      config: props.config,
+      bucket: staticDeploymentTarget
+    })
+
+    this.containerDeploymentTargetPublicIp = containerDeploymentTarget.instancePublicIp
+
+  }
+}
+
+module.exports = {
+  DeploymentTargetStack
+}

package/src/infrastructure/dns-stack.js

@@ -0,0 +1,61 @@
+const { Stack } = require('aws-cdk-lib')
+const { HostedZone, ARecord, RecordTarget } = require('aws-cdk-lib/aws-route53')
+const { SupportedDeploymentTypes, SupportedEnvironments } = require('../config')
+const { DeploymentTemplateService } = require('../template')
+
+/**
+ * DnsStackProps
+ * @namespace DnsStack
+ * @typedef {Object} DnsStackProps
+ * @property {PlatformConfig} config - platform config
+ * @property {PlatformConfig} deployments - deployment templates[]
+ * @property {string} containerDeploymentTargetPublicIp - public ip address of ec2 instance that hosts our containerss
+ */
+
+const InstanceImages = {
+  UBUNTU: 'ami-092cce4a19b438926'
+}
+
+/**
+  * @class
+*/
+class DnsStack extends Stack {
+
+  /**
+   * @param {object} scope - scope
+   * @param {string} id - id
+   * @param {ContainerServerProps} props - ContainerServerProps
+   */
+  constructor(scope, id, props) {
+    super(scope, id, props)
+
+    if (props.config.environmentType === SupportedEnvironments.PROD) {
+      // const isDomainForCorrectEnvironment = !Object.values(SupportedEnvironments)
+      //   .find(env => deployment.domain.includes(env))
+      return
+    }
+
+    const containerDeployments = DeploymentTemplateService
+      .getContainerDeploymentsForEnvironmentType(props.config.environmentType, props.deployments)
+
+    DeploymentTemplateService
+      .groupDeploymentDomainsByRootDomain(containerDeployments)
+      .forEach((domains, rootDomain) => {
+        const hostedZone = new HostedZone(this, rootDomain, { zoneName: rootDomain })
+
+        domains.forEach(domain => {
+          new ARecord(this, domain, {
+            zone: hostedZone,
+            recordName: domain,
+            target: RecordTarget.fromIpAddresses(props.containerDeploymentTargetPublicIp)
+          })
+        })
+
+      })
+
+  }
+}
+
+module.exports = {
+  DnsStack
+}

package/src/infrastructure/{establish-trust-stack.js → trust-ci-stack.js}

@@ -11,7 +11,7 @@ const {
 /**
   * @class
 */
-class EstablishTrustStack extends Stack {
+class TrustCiStack extends Stack {
   /**
    * Establishes trust between GithHub and Amazon Web Services.
    * This is needed so that we can interact with Amazon Web Services through
@@ -50,7 +50,7 @@ class EstablishTrustStack extends Stack {
           statements: [
             new PolicyStatement({
               effect: Effect.ALLOW,
-              actions: ['sts:AssumeRole'],
+              actions: ['sts:AssumeRole', 'sqs:SendMessage'],
               resources: [
                 `arn:aws:iam::${props.config.awsAccountId}:role/cdk-*`,
                 `arn:aws:sqs:${props.config.awsRegion}:${props.config.awsAccountId}:*`
@@ -64,5 +64,5 @@ class EstablishTrustStack extends Stack {
 }
 
 module.exports = {
-  EstablishTrustStack
+  TrustCiStack
 }

package/src/server/platform-server.js

@@ -1,6 +1,5 @@
 const { CaddyService } = require('../caddy')
 const { DockerService } = require('../docker')
-const { RestApiService } = require('./rest-api')
 
 const { PlatformTemplateService } = require('../template')
 const { PlatformConfigService } = require('../config')
@@ -18,7 +17,6 @@ class PlatformServerService {
     PlatformTemplateService.readFromFile(platformTemplatesFilePath).then(([firstPlatformTemplateFound]) => {
       const platformConfig = PlatformConfigService.from(firstPlatformTemplateFound)
 
-      RestApiService.start(platformConfig)
       DockerService.createDockerNetworkForContainerManagerServer(platformConfig)
         .then(() => DockerService.startDefaultContainers(platformConfig))
       CaddyService.applyDefaultConfig(platformConfig)
@@ -27,7 +25,7 @@ class PlatformServerService {
         platformConfig,
         deploymentRequest => {
           DockerService.deploy(platformConfig, deploymentRequest)
-            .then(() => CaddyService.addDeployment(platformConfig, deploymentRequest))
+            .then(() => CaddyService.applyConfig(deploymentRequest.caddyConfig))
           return Promise.resolve()
         }
       )

package/src/template/deployment-template.js

@@ -0,0 +1,86 @@
+const { glob } = require('glob')
+const { readFileSync } = require('fs')
+const { logError, logInfo } = require('../log')
+const { SupportedDeploymentTypes, SupportedEnvironments } = require('../config')
+
+/**
+ * Deployment template definition
+ * @typedef {Object} DeploymentTemplate
+ * @property {string} type - CONTAINER | STATIC
+ * @property {string} domain - example.com
+ * @property {string} targetDeploymentPlatform - name of platform to deploy to
+ *
+ * @property {string} image - name of image to be deployed
+  * @property {string} registry -  registry where the image is hosted
+ * @property {string=} hostPort - host port
+ * @property {string=} containerPort - port that the container exposes
+ */
+
+/**
+  * Utility class that helps you read and validate platfor templates from file system
+  * @class
+  */
+class DeploymentTemplateService {
+
+  /**
+   *  Read and and group deployments by targetDeploymentPlatform
+   *
+   * @param {string} blob - File path to platform templates json
+   */
+   static readOssyFiles(blob) {
+     return glob(blob, { ignore: 'node_modules/**' })
+       .then(filePaths => filePaths
+           .map(path => readFileSync(path, 'utf-8'))
+           .map(json => JSON.parse(json))
+           .flatMap(ossyFileContent => ossyFileContent.deployments)
+           .reduce((deploymentsMap, deployment) => {
+
+             if (!!deploymentsMap[deployment.targetDeploymentPlatform]) {
+               return {
+                 ...deploymentsMap,
+                 [deployment.targetDeploymentPlatform]: [
+                   ...deploymentsMap[deployment.targetDeploymentPlatform],
+                   deployment
+                 ]
+               }
+             }
+
+             return {
+               ...deploymentsMap,
+               [deployment.targetDeploymentPlatform]: [deployment]
+             }
+
+           }, {})
+       )
+   }
+
+  static getContainerDeploymentsForEnvironmentType(environmentType, deployments) {
+    return deployments
+      .filter(deployment => {
+        const isContainerDeployment = deployment.type === SupportedDeploymentTypes.Container
+        const isDomainForCorrectEnvironment = deployment.domain.includes(environmentType)
+        return isContainerDeployment && isDomainForCorrectEnvironment
+      })
+  }
+
+   static groupDeploymentDomainsByRootDomain(deployments) {
+     return deployments
+       .map(deployment => deployment.domain)
+       .reduce((domainGroups, domain) => {
+         const [topLevelDomain, domainName] = domain.split('.').reverse()
+         const rootDomain = `${domainName}.${topLevelDomain}`
+
+         domainGroups.has(rootDomain)
+           ? domainGroups.set(rootDomain, [...domainGroups.get(rootDomain), domain])
+           : domainGroups.set(rootDomain, [domain])
+
+         return domainGroups
+       }, new Map())
+   }
+
+
+}
+
+module.exports = {
+  DeploymentTemplateService
+}

package/src/template/index.js

@@ -1 +1,4 @@
-module.exports = require('./platform-template')
+module.exports = {
+  ...require('./deployment-template'),
+  ...require('./platform-template')
+}

package/src/template/platform-template.js

@@ -7,8 +7,7 @@ const { logError, logInfo } = require('../log')
  * @typedef {Object} PlatformTemplate
  * @property {string} platformName - Name of platform
  * @property {string} domain - example.com
- * @property {string[]} supportedDeploymentTypes - container
- * @property {string[]} supportedEnvironments - qa
+ * @property {string} environmentType - local, test, qa, prod
  *
  * @property {string} awsAccountId - Aws account id
  * @property {string=} awsRegion - ?
@@ -16,10 +15,6 @@ const { logError, logInfo } = require('../log')
  * @property {string} awsRoleToAssume - ?
  * @property {string=} awsDeploymentSqsArn - ?
  *
- * @property {string=} ciSubDomain - ?
- * @property {string|mumber=} ciInternalServerPort - ? | number;
- * @property {string=} ciServerName - ?
- * @property {string=} ciDockerNetworkName - ?
  * @property {string} ciGithubActionsRepo - organisation/repoName
  */
 

package/src/caddy/caddy.playground.js

@@ -1,21 +0,0 @@
-const { CaddyService } = require('./caddy')
-
-const config = {
-  activeEnvironment: 'prod',
-  domain: 'localhost',
-  ciServerName: 'ossy',
-  ciSubDomain: 'ci',
-  ciInternalServerPort: '3000'
-}
-
-const deploymentRequest = {
-  subdomain: 'cc',
-  hostPort: '3000'
-}
-
-CaddyService.applyDefaultConfig(config)
-
-// CaddyService.addDeployment(config, deploymentRequest)
-
-// CaddyService.fetchServerConfig(config)
-//   .then(console.log)

package/src/infrastructure/container-server/index.js

@@ -1,3 +0,0 @@
-const { ContainerServer } = require('./container-server')
-
-module.exports = { ContainerServer }

package/src/infrastructure/platform-stack.js

@@ -1,58 +0,0 @@
-/* eslint-disable no-new */
-const { Stack, Duration, RemovalPolicy } = require('aws-cdk-lib')
-const { Queue } = require('aws-cdk-lib/aws-sqs')
-const { Bucket, BucketEncryption, BlockPublicAccess } = require('aws-cdk-lib/aws-s3')
-const { Source, BucketDeployment } = require('aws-cdk-lib/aws-s3-deployment')
-const { nanoid } = require('nanoid')
-
-const { ContainerServer } = require('./container-server')
-
-const { SupportedDeploymentTypes } = require('../config')
-
-/**
-  * @class
-*/
-class PlatformStack extends Stack {
-  constructor(scope, id, props) {
-    super(scope, id, props)
-
-    if (!props?.config) {
-      throw ('[PlatformStack] No template config provided')
-    }
-
-    const isContainerDeploymentsEnabled = props.config.supportedDeploymentTypes.includes(SupportedDeploymentTypes.Container)
-
-    if (isContainerDeploymentsEnabled) {
-
-      const deploymentQueue = new Queue(this, 'DeploymentQueue', {
-        queueName: `${props.config.platformName}-${props.config.activeEnvironment}`,
-        receiveMessageWaitTime: Duration.seconds(20)
-      })
-
-      const platformConfigBucket = new Bucket(this, 'PlatformConfig', {
-        bucketName: `${props.config.platformName}-${props.config.activeEnvironment}-${nanoid().toLowerCase().replaceAll('_', '').replaceAll('-', '')}`,
-        blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
-        encryption: BucketEncryption.S3_MANAGED,
-        removalPolicy: RemovalPolicy.DESTROY,
-        autoDeleteObjects: true
-      })
-
-      const platformConfigDeployment = new BucketDeployment(this, 'PlatformConfigDeployment', {
-        sources: [Source.jsonData('platform-config.json', props.config)],
-        destinationBucket: platformConfigBucket
-      })
-
-      new ContainerServer(this, 'ContainerServer', {
-        platformConfig: props.config,
-        platformConfigBucket: platformConfigDeployment.deployedBucket,
-        deploymentQueue: deploymentQueue
-      })
-
-    }
-
-  }
-}
-
-module.exports = {
-  PlatformStack
-}

package/src/server/platform-server.playground.js

@@ -1,10 +0,0 @@
-// const { PlatformServerService } = require('./platform-server')
-const { RestApiService } = require('./rest-api')
-
-// PlatformServerService.start({
-//
-// })
-
-RestApiService.start({
-  ciInternalServerPort: 3000
-})

package/src/server/rest-api.js

@@ -1,31 +0,0 @@
-const express = require('express')
-const { logInfo } = require('../log')
-
-/**
-  * @class
-*/
-class RestApiService {
-
-  static start(platformConfig) {
-    const server = express()
-
-    server.use(express.json())
-
-    server.get('/', (req, res) => {
-      res.redirect('/status')
-    })
-
-    server.get('/status', (req, res) => {
-      res.send('Server is live')
-    })
-
-    server.listen(platformConfig.ciInternalServerPort, () => {
-      logInfo({ message: `[RestApiService] API is live on port ${platformConfig.ciInternalServerPort}`})
-    })
-  }
-
-}
-
-module.exports = {
-  RestApiService
-}