create-chaaskit 0.1.0

package/dist/templates/infra-aws/lib/chaaskit-stack.ts

@@ -0,0 +1,419 @@
+import * as cdk from 'aws-cdk-lib';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as rds from 'aws-cdk-lib/aws-rds';
+import * as s3 from 'aws-cdk-lib/aws-s3';
+import * as iam from 'aws-cdk-lib/aws-iam';
+import * as elasticbeanstalk from 'aws-cdk-lib/aws-elasticbeanstalk';
+import * as s3assets from 'aws-cdk-lib/aws-s3-assets';
+import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';
+import { Construct } from 'constructs';
+import * as path from 'path';
+import { DeploymentConfig } from '../config/deployment';
+
+export interface ChaaskitStackProps extends cdk.StackProps {
+  stage: string;
+  config: DeploymentConfig;
+}
+
+export class ChaaskitStack extends cdk.Stack {
+  constructor(scope: Construct, id: string, props: ChaaskitStackProps) {
+    super(scope, id, props);
+
+    const { stage, config } = props;
+
+    // Get or create VPC
+    const vpc = this.getOrCreateVpc(config, stage);
+
+    // S3 Bucket for internal storage (file uploads, etc.)
+    const bucket = new s3.Bucket(this, 'InternalBucket', {
+      bucketName: `${config.serviceName}-${stage}-internal`,
+      removalPolicy: stage === 'prod'
+        ? cdk.RemovalPolicy.RETAIN
+        : cdk.RemovalPolicy.DESTROY,
+      autoDeleteObjects: stage !== 'prod',
+      encryption: s3.BucketEncryption.S3_MANAGED,
+      blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
+    });
+
+    // Get or create database
+    const { dbSecretArn, dbSecurityGroup } = this.getOrCreateDatabase(config, stage, vpc);
+
+    // IAM Role for Elastic Beanstalk EC2 instances
+    const ebRole = new iam.Role(this, 'EBInstanceRole', {
+      assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),
+      managedPolicies: [
+        iam.ManagedPolicy.fromAwsManagedPolicyName('AWSElasticBeanstalkWebTier'),
+        iam.ManagedPolicy.fromAwsManagedPolicyName('AWSElasticBeanstalkWorkerTier'),
+      ],
+    });
+
+    // Grant permissions
+    bucket.grantReadWrite(ebRole);
+
+    // Grant access to the database secret
+    if (dbSecretArn) {
+      // Use fromSecretPartialArn to handle secrets without the 6-character suffix
+      const dbSecret = secretsmanager.Secret.fromSecretPartialArn(this, 'DbSecret', dbSecretArn);
+      dbSecret.grantRead(ebRole);
+    }
+
+    // Instance profile for EB
+    const instanceProfile = new iam.CfnInstanceProfile(this, 'EBInstanceProfile', {
+      roles: [ebRole.roleName],
+    });
+
+    // Elastic Beanstalk Application
+    const app = new elasticbeanstalk.CfnApplication(this, 'App', {
+      applicationName: `${config.serviceName}-${stage}`,
+    });
+
+    // Application Version from S3 asset
+    const appAsset = new s3assets.Asset(this, 'AppAsset', {
+      path: path.join(__dirname, `../../app-${config.buildVersion}.zip`),
+    });
+    appAsset.grantRead(ebRole);
+
+    const appVersion = new elasticbeanstalk.CfnApplicationVersion(this, 'AppVersion', {
+      applicationName: app.applicationName!,
+      sourceBundle: {
+        s3Bucket: appAsset.s3BucketName,
+        s3Key: appAsset.s3ObjectKey,
+      },
+    });
+    appVersion.addDependency(app);
+
+    // Build option settings based on configuration
+    const optionSettings = this.buildOptionSettings(config, stage, bucket, dbSecretArn, vpc, instanceProfile, dbSecurityGroup);
+
+    // Elastic Beanstalk Environment
+    const environment = new elasticbeanstalk.CfnEnvironment(this, 'Environment', {
+      applicationName: app.applicationName!,
+      environmentName: `${config.serviceName}-${stage}`,
+      solutionStackName: '64bit Amazon Linux 2023 v6.4.1 running Node.js 22',
+      versionLabel: appVersion.ref,
+      optionSettings,
+    });
+    environment.addDependency(appVersion);
+
+    // Outputs
+    new cdk.CfnOutput(this, 'EnvironmentUrl', {
+      value: config.balancerType === 'shared' && config.sharedAlb
+        ? `https://${config.sharedAlb.hostHeaders[0]}`
+        : `http://${environment.attrEndpointUrl}`,
+      description: 'Application URL',
+    });
+
+    new cdk.CfnOutput(this, 'BucketName', {
+      value: bucket.bucketName,
+      description: 'S3 bucket for internal storage',
+    });
+
+    if (dbSecretArn) {
+      new cdk.CfnOutput(this, 'DatabaseSecretArn', {
+        value: dbSecretArn,
+        description: 'ARN of the database credentials secret',
+      });
+    }
+  }
+
+  private getOrCreateVpc(config: DeploymentConfig, stage: string): ec2.IVpc {
+    if (config.existingVpc) {
+      // Use existing VPC
+      return ec2.Vpc.fromVpcAttributes(this, 'ExistingVpc', {
+        vpcId: config.existingVpc.vpcId,
+        availabilityZones: ['us-west-2a', 'us-west-2b'],
+        privateSubnetIds: config.existingVpc.privateSubnetIds,
+        publicSubnetIds: config.existingVpc.publicSubnetIds,
+      });
+    }
+
+    // Create new VPC
+    return new ec2.Vpc(this, 'Vpc', {
+      maxAzs: 2,
+      natGateways: config.balancerType === 'single_instance' ? 0 : 1,
+      subnetConfiguration: [
+        {
+          cidrMask: 24,
+          name: 'Public',
+          subnetType: ec2.SubnetType.PUBLIC,
+        },
+        {
+          cidrMask: 24,
+          name: 'Private',
+          subnetType: config.balancerType === 'single_instance'
+            ? ec2.SubnetType.PUBLIC
+            : ec2.SubnetType.PRIVATE_WITH_EGRESS,
+        },
+      ],
+    });
+  }
+
+  private getOrCreateDatabase(
+    config: DeploymentConfig,
+    stage: string,
+    vpc: ec2.IVpc
+  ): { dbSecretArn: string | undefined; dbSecurityGroup: ec2.ISecurityGroup | undefined } {
+    if (config.database === 'existing' && config.existingDbSecretArn) {
+      // Use existing database - just return the secret ARN
+      const dbSecurityGroup = config.existingVpc?.dbSecurityGroupId
+        ? ec2.SecurityGroup.fromSecurityGroupId(this, 'ExistingDbSg', config.existingVpc.dbSecurityGroupId)
+        : undefined;
+
+      return {
+        dbSecretArn: config.existingDbSecretArn,
+        dbSecurityGroup,
+      };
+    }
+
+    // Create new database
+    const dbSecurityGroup = new ec2.SecurityGroup(this, 'DbSecurityGroup', {
+      vpc,
+      description: 'Security group for RDS PostgreSQL',
+      allowAllOutbound: false,
+    });
+
+    // Allow connections from within VPC
+    dbSecurityGroup.addIngressRule(
+      ec2.Peer.ipv4(vpc.vpcCidrBlock),
+      ec2.Port.tcp(5432),
+      'Allow PostgreSQL from VPC'
+    );
+
+    const database = new rds.DatabaseInstance(this, 'Database', {
+      engine: rds.DatabaseInstanceEngine.postgres({
+        version: rds.PostgresEngineVersion.VER_16,
+      }),
+      instanceType: ec2.InstanceType.of(
+        ec2.InstanceClass.T4G,
+        config.dbInstanceSize || ec2.InstanceSize.MICRO
+      ),
+      vpc,
+      vpcSubnets: {
+        subnetType: config.balancerType === 'single_instance'
+          ? ec2.SubnetType.PUBLIC
+          : ec2.SubnetType.PRIVATE_WITH_EGRESS,
+      },
+      securityGroups: [dbSecurityGroup],
+      credentials: rds.Credentials.fromGeneratedSecret('chaaskit', {
+        secretName: `${config.serviceName}-${stage}-db-credentials`,
+      }),
+      databaseName: 'chaaskit',
+      allocatedStorage: 20,
+      maxAllocatedStorage: 100,
+      storageEncrypted: true,
+      multiAz: stage === 'prod' && config.balancerType !== 'single_instance',
+      deletionProtection: stage === 'prod',
+      removalPolicy: stage === 'prod'
+        ? cdk.RemovalPolicy.SNAPSHOT
+        : cdk.RemovalPolicy.DESTROY,
+      backupRetention: stage === 'prod' ? cdk.Duration.days(7) : cdk.Duration.days(1),
+    });
+
+    return {
+      dbSecretArn: database.secret?.secretArn,
+      dbSecurityGroup,
+    };
+  }
+
+  private buildOptionSettings(
+    config: DeploymentConfig,
+    stage: string,
+    bucket: s3.Bucket,
+    dbSecretArn: string | undefined,
+    vpc: ec2.IVpc,
+    instanceProfile: iam.CfnInstanceProfile,
+    dbSecurityGroup: ec2.ISecurityGroup | undefined
+  ): elasticbeanstalk.CfnEnvironment.OptionSettingProperty[] {
+    const settings: elasticbeanstalk.CfnEnvironment.OptionSettingProperty[] = [];
+
+    // VPC settings
+    if (config.existingVpc) {
+      settings.push(
+        {
+          namespace: 'aws:ec2:vpc',
+          optionName: 'VPCId',
+          value: config.existingVpc.vpcId,
+        },
+        {
+          namespace: 'aws:ec2:vpc',
+          optionName: 'Subnets',
+          value: config.existingVpc.privateSubnetIds.join(','),
+        },
+        {
+          namespace: 'aws:ec2:vpc',
+          optionName: 'ELBSubnets',
+          value: config.existingVpc.publicSubnetIds.join(','),
+        }
+      );
+    } else {
+      settings.push(
+        {
+          namespace: 'aws:ec2:vpc',
+          optionName: 'VPCId',
+          value: vpc.vpcId,
+        },
+        {
+          namespace: 'aws:ec2:vpc',
+          optionName: 'Subnets',
+          value: vpc.privateSubnets.map(s => s.subnetId).join(','),
+        },
+        {
+          namespace: 'aws:ec2:vpc',
+          optionName: 'ELBSubnets',
+          value: vpc.publicSubnets.map(s => s.subnetId).join(','),
+        }
+      );
+    }
+
+    // Environment type settings based on balancer type
+    if (config.balancerType === 'single_instance') {
+      settings.push({
+        namespace: 'aws:elasticbeanstalk:environment',
+        optionName: 'EnvironmentType',
+        value: 'SingleInstance',
+      });
+    } else {
+      // Both 'load_balancer' and 'shared' are load balanced
+      settings.push(
+        {
+          namespace: 'aws:elasticbeanstalk:environment',
+          optionName: 'EnvironmentType',
+          value: 'LoadBalanced',
+        },
+        {
+          namespace: 'aws:elasticbeanstalk:environment',
+          optionName: 'LoadBalancerType',
+          value: 'application',
+        }
+      );
+
+      // Shared ALB settings
+      if (config.balancerType === 'shared' && config.sharedAlb) {
+        settings.push(
+          {
+            namespace: 'aws:elasticbeanstalk:environment',
+            optionName: 'LoadBalancerIsShared',
+            value: 'true',
+          },
+          {
+            namespace: 'aws:elbv2:loadbalancer',
+            optionName: 'SharedLoadBalancer',
+            value: config.sharedAlb.albArn,
+          },
+          // Listener rule for host-based routing
+          {
+            namespace: 'aws:elbv2:listener:443',
+            optionName: 'Rules',
+            value: 'HostRule',
+          },
+          {
+            namespace: 'aws:elbv2:listenerrule:HostRule',
+            optionName: 'HostHeaders',
+            value: config.sharedAlb.hostHeaders.join(','),
+          },
+          {
+            namespace: 'aws:elbv2:listenerrule:HostRule',
+            optionName: 'Priority',
+            value: String(config.sharedAlb.priority),
+          }
+        );
+      } else if (config.balancerType === 'load_balancer' && config.certificateArn) {
+        // New ALB with HTTPS
+        settings.push(
+          {
+            namespace: 'aws:elbv2:listener:443',
+            optionName: 'Protocol',
+            value: 'HTTPS',
+          },
+          {
+            namespace: 'aws:elbv2:listener:443',
+            optionName: 'SSLCertificateArns',
+            value: config.certificateArn,
+          }
+        );
+      }
+    }
+
+    // Instance settings
+    settings.push(
+      {
+        namespace: 'aws:autoscaling:launchconfiguration',
+        optionName: 'InstanceType',
+        value: config.instanceType || 't4g.small',
+      },
+      {
+        namespace: 'aws:autoscaling:launchconfiguration',
+        optionName: 'IamInstanceProfile',
+        value: instanceProfile.ref,
+      },
+      {
+        namespace: 'aws:autoscaling:asg',
+        optionName: 'MinSize',
+        value: '1',
+      },
+      {
+        namespace: 'aws:autoscaling:asg',
+        optionName: 'MaxSize',
+        value: String(config.maxInstances || 2),
+      }
+    );
+
+    // Security group for RDS access
+    if (dbSecurityGroup) {
+      settings.push({
+        namespace: 'aws:autoscaling:launchconfiguration',
+        optionName: 'SecurityGroups',
+        value: dbSecurityGroup.securityGroupId,
+      });
+    }
+
+    // Health check
+    settings.push(
+      {
+        namespace: 'aws:elasticbeanstalk:environment:process:default',
+        optionName: 'HealthCheckPath',
+        value: '/api/health',
+      },
+      {
+        namespace: 'aws:elasticbeanstalk:healthreporting:system',
+        optionName: 'SystemType',
+        value: 'enhanced',
+      }
+    );
+
+    // Environment variables
+    settings.push(
+      {
+        namespace: 'aws:elasticbeanstalk:application:environment',
+        optionName: 'NODE_ENV',
+        value: 'production',
+      },
+      {
+        namespace: 'aws:elasticbeanstalk:application:environment',
+        optionName: 'PORT',
+        value: '8080',
+      },
+      {
+        namespace: 'aws:elasticbeanstalk:application:environment',
+        optionName: 'INTERNAL_S3_BUCKET',
+        value: bucket.bucketName,
+      },
+      {
+        namespace: 'aws:elasticbeanstalk:application:environment',
+        optionName: 'AWS_REGION',
+        value: config.region,
+      }
+    );
+
+    // Database secret ARN
+    if (dbSecretArn) {
+      settings.push({
+        namespace: 'aws:elasticbeanstalk:application:environment',
+        optionName: 'DB_SECRET_ARN',
+        value: dbSecretArn,
+      });
+    }
+
+    return settings;
+  }
+}

package/dist/templates/infra-aws/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "chaaskit-cdk",
+  "version": "1.0.0",
+  "private": true,
+  "scripts": {
+    "build": "tsc",
+    "watch": "tsc -w",
+    "cdk": "cdk",
+    "synth": "cdk synth",
+    "diff": "cdk diff",
+    "deploy": "./scripts/build-app.sh && cdk deploy --require-approval never",
+    "deploy:staging": "STAGE=staging npm run deploy",
+    "deploy:prod": "STAGE=prod npm run deploy",
+    "destroy": "cdk destroy"
+  },
+  "dependencies": {
+    "aws-cdk-lib": "^2.170.0",
+    "constructs": "^10.4.2",
+    "source-map-support": "^0.5.21"
+  },
+  "devDependencies": {
+    "@types/node": "^20.11.0",
+    "aws-cdk": "^2.170.0",
+    "ts-node": "^10.9.2",
+    "typescript": "~5.4.0"
+  }
+}

package/dist/templates/infra-aws/scripts/build-app.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+set -e
+
+# Build script for packaging ChaasKit app for Elastic Beanstalk deployment
+# Run this from the cdk/ directory
+
+BUILD_VERSION=${BUILD_VERSION:-$(git rev-parse --short HEAD 2>/dev/null || echo "latest")}
+
+echo "========================================"
+echo "Building ChaasKit for Elastic Beanstalk"
+echo "Version: ${BUILD_VERSION}"
+echo "========================================"
+
+# Navigate to project root
+cd ..
+
+# Install dependencies
+echo ""
+echo "Installing dependencies..."
+pnpm install --frozen-lockfile
+
+# Build the application
+echo ""
+echo "Building application..."
+pnpm build
+
+# Generate Prisma client
+echo ""
+echo "Generating Prisma client..."
+pnpm db:generate
+
+# Create deployment package
+echo ""
+echo "Creating deployment package..."
+PACKAGE_NAME="cdk/app-${BUILD_VERSION}.zip"
+
+# Remove old package if exists
+rm -f "${PACKAGE_NAME}"
+
+# Create zip with required files
+# Note: We use --symlinks to preserve symlinks in node_modules
+zip -r "${PACKAGE_NAME}" \
+  build/ \
+  node_modules/ \
+  package.json \
+  server.js \
+  prisma/ \
+  config/ \
+  extensions/ \
+  -x "*.git*" \
+  -x "*node_modules/.cache*" \
+  -x "*.env*" \
+  -x "*cdk/*" \
+  -x "*test*" \
+  -x "*.test.*" \
+  -x "*.spec.*"
+
+echo ""
+echo "========================================"
+echo "Build complete!"
+echo "Package: ${PACKAGE_NAME}"
+echo "Size: $(du -h "${PACKAGE_NAME}" | cut -f1)"
+echo "========================================"

package/dist/templates/infra-aws/tsconfig.json

@@ -0,0 +1,25 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "module": "commonjs",
+    "lib": ["es2020"],
+    "declaration": true,
+    "strict": true,
+    "noImplicitAny": true,
+    "strictNullChecks": true,
+    "noImplicitThis": true,
+    "alwaysStrict": true,
+    "noUnusedLocals": false,
+    "noUnusedParameters": false,
+    "noImplicitReturns": true,
+    "noFallthroughCasesInSwitch": false,
+    "inlineSourceMap": true,
+    "inlineSources": true,
+    "experimentalDecorators": true,
+    "strictPropertyInitialization": false,
+    "typeRoots": ["./node_modules/@types"],
+    "esModuleInterop": true,
+    "skipLibCheck": true
+  },
+  "exclude": ["node_modules", "cdk.out"]
+}

package/dist/templates/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "{{PROJECT_NAME}}",
+  "version": "0.1.0",
+  "private": true,
+  "type": "module",
+  "prisma": {
+    "schema": "prisma/schema"
+  },
+  "scripts": {
+    "dev": "concurrently \"chaaskit-server\" \"react-router dev\"",
+    "build": "react-router build",
+    "start": "NODE_ENV=production node server.js",
+    "typecheck": "react-router typegen && tsc --noEmit",
+    "db:generate": "prisma generate",
+    "db:push": "prisma db push",
+    "db:migrate": "prisma migrate dev",
+    "db:studio": "prisma studio",
+    "db:sync": "chaaskit-server db:sync"
+  },
+  "dependencies": {
+    "@chaaskit/server": "^0.1.0",
+    "@chaaskit/client": "^0.1.0",
+    "@chaaskit/db": "^0.1.0",
+    "@chaaskit/shared": "^0.1.0",
+    "express": "^4.21.0",
+    "@prisma/client": "^6.0.0",
+    "@react-router/express": "^7.1.0",
+    "@react-router/node": "^7.1.0",
+    "concurrently": "^9.2.1",
+    "isbot": "^5.1.0",
+    "react": "^18.2.0",
+    "react-dom": "^18.2.0",
+    "react-router": "^7.1.0"
+  },
+  "devDependencies": {
+    "@react-router/dev": "^7.1.0",
+    "@react-router/fs-routes": "^7.1.0",
+    "@types/node": "^22.0.0",
+    "@types/react": "^18.2.0",
+    "@types/react-dom": "^18.2.0",
+    "prisma": "^6.0.0",
+    "typescript": "^5.6.0",
+    "vite": "^5.4.0",
+    "vite-tsconfig-paths": "^5.0.0"
+  }
+}