Skip to content

Aws architecture upates #104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ekremarmagankarakas wants to merge 18 commits into
base: main
Choose a base branch
from
Open

Aws architecture upates #104

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
7fdfc15
vpc added to terraform
ekremarmagankarakas Feb 15, 2026
40c6cfc
Migrate to OIDC auth and Secrets Manager for credentials
ekremarmagankarakas Apr 1, 2026
8e6be1f
Fix HTTP to HTTPS redirect on ALB and correct FRONTEND_URL fallback p…
ekremarmagankarakas Apr 1, 2026
570eea3
RDS encryption added
ekremarmagankarakas Apr 1, 2026
803cef5
Add /health endpoint and disable Swagger docs in production
ekremarmagankarakas Apr 1, 2026
ca00ce0
Add vpc endpoint for secrets manager
ekremarmagankarakas Apr 1, 2026
f58eac2
Restructure Terraform into reusable module with per-environment roots
ekremarmagankarakas Apr 1, 2026
f963e67
Add Route53 hosted zone and ALB alias record per environment
ekremarmagankarakas Apr 1, 2026
18767a9
Scope OIDC per branch, automate ACM via Route53, remove dead data sou…
ekremarmagankarakas Apr 1, 2026
e46cb9d
actions updated for new infrastructure
ekremarmagankarakas Apr 8, 2026
2406e09
Removed aws credentials from backend app
ekremarmagankarakas Apr 8, 2026
36c0db8
AWS documentation updated
ekremarmagankarakas Apr 8, 2026
19b11c3
AWS rds database url is built from secrets
ekremarmagankarakas Apr 8, 2026
9567617
Merge branch 'main' into aws-architecture-upates
ekremarmagankarakas Apr 8, 2026
0b16227
fix: CICD references root package-lock and start tracking uv.lock
ekremarmagankarakas Apr 8, 2026
dd93e4d
NPM package updates
ekremarmagankarakas Apr 8, 2026
5b8fa70
CICD e2e tests added
ekremarmagankarakas Apr 9, 2026
cecadb0
CICD Add path limits
ekremarmagankarakas Apr 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions .github/workflows/backend-lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: Backend Lint

on:
push:
branches: [main, staging]
paths:
- 'backend/**'
pull_request:
branches: [main, staging]
paths:
- 'backend/**'

jobs:
lint:
name: Ruff Lint & Format Check
runs-on: ubuntu-latest
timeout-minutes: 5
defaults:
run:
working-directory: backend

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"

- name: Install uv
uses: astral-sh/setup-uv@v4

- name: Install dependencies
run: uv sync --extra dev

- name: Run Ruff lint check
run: uv run ruff check .

- name: Run Ruff format check
run: uv run ruff format --check .
46 changes: 46 additions & 0 deletions .github/workflows/backend-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: Backend Tests

on:
push:
branches: [main, staging]
paths:
- 'backend/**'
pull_request:
branches: [main, staging]
paths:
- 'backend/**'

jobs:
tests:
name: Pytest
runs-on: ubuntu-latest
timeout-minutes: 10
defaults:
run:
working-directory: backend

# Tests are domain-level (pure DataFrames) — no real DB or AWS needed.
# These env vars satisfy pydantic-settings validation at import time.
env:
DATABASE_URL: postgresql://postgres:postgres@localhost/test
SECRET_KEY: test-secret-key-for-ci
AWS_REGION: us-east-1
AWS_S3_BUCKET: test-bucket

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"

- name: Install uv
uses: astral-sh/setup-uv@v4

- name: Install dependencies
run: uv sync --extra dev

- name: Run tests
run: uv run python -m pytest tests/ --no-cov -x -q
101 changes: 0 additions & 101 deletions .github/workflows/build-push-ecr.yml
View file
Open in desktop

This file was deleted.

92 changes: 92 additions & 0 deletions .github/workflows/deploy-prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
name: Deploy to Production

on:
push:
branches: [main]

env:
AWS_REGION: us-east-1
ENVIRONMENT: prod
APP_NAME: examengine

permissions:
id-token: write
contents: read

jobs:
deploy:
name: Build, Push & Deploy
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Configure AWS credentials via OIDC
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_GITHUB_ACTIONS_ROLE_ARN_PROD }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ env.AWS_REGION }}

- name: Log in to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Get configuration from SSM
id: config
run: |
get() { aws ssm get-parameter --name "/${APP_NAME}/${ENVIRONMENT}/$1" --query 'Parameter.Value' --output text; }
echo "cluster=$(get cluster-name)" >> $GITHUB_OUTPUT
echo "backend-service=$(get backend-service)" >> $GITHUB_OUTPUT
echo "frontend-service=$(get frontend-service)" >> $GITHUB_OUTPUT
echo "backend-uri=$(get backend-repo-uri)" >> $GITHUB_OUTPUT
echo "frontend-uri=$(get frontend-repo-uri)" >> $GITHUB_OUTPUT
echo "domain=$(get domain-name)" >> $GITHUB_OUTPUT

- name: Build and push backend image
uses: docker/build-push-action@v6
with:
context: .
file: ./backend/Dockerfile
platforms: linux/amd64
push: true
tags: |
${{ steps.config.outputs.backend-uri }}:latest
${{ steps.config.outputs.backend-uri }}:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Build and push frontend image
uses: docker/build-push-action@v6
with:
context: .
file: ./frontend/Dockerfile
platforms: linux/amd64
push: true
tags: |
${{ steps.config.outputs.frontend-uri }}:latest
${{ steps.config.outputs.frontend-uri }}:${{ github.sha }}
build-args: |
NEXT_PUBLIC_API_URL=https://${{ steps.config.outputs.domain }}
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Deploy backend service
run: |
aws ecs update-service \
--cluster ${{ steps.config.outputs.cluster }} \
--service ${{ steps.config.outputs.backend-service }} \
--force-new-deployment \
--region ${{ env.AWS_REGION }}

- name: Deploy frontend service
run: |
aws ecs update-service \
--cluster ${{ steps.config.outputs.cluster }} \
--service ${{ steps.config.outputs.frontend-service }} \
--force-new-deployment \
--region ${{ env.AWS_REGION }}
92 changes: 92 additions & 0 deletions .github/workflows/deploy-staging.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
name: Deploy to Staging

on:
push:
branches: [staging]

env:
AWS_REGION: us-east-1
ENVIRONMENT: staging
APP_NAME: examengine

permissions:
id-token: write
contents: read

jobs:
deploy:
name: Build, Push & Deploy
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Configure AWS credentials via OIDC
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_GITHUB_ACTIONS_ROLE_ARN_STAGING }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ env.AWS_REGION }}

- name: Log in to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Get configuration from SSM
id: config
run: |
get() { aws ssm get-parameter --name "/${APP_NAME}/${ENVIRONMENT}/$1" --query 'Parameter.Value' --output text; }
echo "cluster=$(get cluster-name)" >> $GITHUB_OUTPUT
echo "backend-service=$(get backend-service)" >> $GITHUB_OUTPUT
echo "frontend-service=$(get frontend-service)" >> $GITHUB_OUTPUT
echo "backend-uri=$(get backend-repo-uri)" >> $GITHUB_OUTPUT
echo "frontend-uri=$(get frontend-repo-uri)" >> $GITHUB_OUTPUT
echo "domain=$(get domain-name)" >> $GITHUB_OUTPUT

- name: Build and push backend image
uses: docker/build-push-action@v6
with:
context: .
file: ./backend/Dockerfile
platforms: linux/amd64
push: true
tags: |
${{ steps.config.outputs.backend-uri }}:latest
${{ steps.config.outputs.backend-uri }}:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Build and push frontend image
uses: docker/build-push-action@v6
with:
context: .
file: ./frontend/Dockerfile
platforms: linux/amd64
push: true
tags: |
${{ steps.config.outputs.frontend-uri }}:latest
${{ steps.config.outputs.frontend-uri }}:${{ github.sha }}
build-args: |
NEXT_PUBLIC_API_URL=https://${{ steps.config.outputs.domain }}
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Deploy backend service
run: |
aws ecs update-service \
--cluster ${{ steps.config.outputs.cluster }} \
--service ${{ steps.config.outputs.backend-service }} \
--force-new-deployment \
--region ${{ env.AWS_REGION }}

- name: Deploy frontend service
run: |
aws ecs update-service \
--cluster ${{ steps.config.outputs.cluster }} \
--service ${{ steps.config.outputs.frontend-service }} \
--force-new-deployment \
--region ${{ env.AWS_REGION }}
Loading
Loading