speedandfunction · killev · May 24, 2025 · May 24, 2025 · May 24, 2025 · May 24, 2025
@@ -2,6 +2,10 @@
 .git
 .gitignore
 
+# Submodules (not needed in container)
+.cursor/
+website-pages/
+
 # Node.js dependencies
 node_modules
 coverage

@@ -22,30 +22,175 @@ permissions:
 jobs:
   destroy-plan:
     runs-on: ubuntu-latest
-    environment: ${{ inputs.environment }}
+    environment: Development
     steps:
-    - name: Placeholder - Destroy plan step
-      run: |
-        echo "This step is empty - destroy plan functionality not implemented on main branch"
-        echo "Environment: ${{ inputs.environment }}"
-        echo "Plan only: ${{ inputs.plan_only }}"
+      - name: Get Environment Name for ${{ vars.ENV_NAME }}
+        id: get_env_name
+        uses: Entepotenz/change-string-case-action-min-dependencies@v1
+        with:
+          string: ${{ vars.ENV_NAME }}
+
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Checkout config repository
+        uses: actions/checkout@v4
+        with:
+          repository: 'speedandfunction/website-ci-secret'
+          path: 'terraform-config'
+          token: ${{ secrets.PAT }}
+
+      - name: Copy tfvars for ${{ vars.ENV_NAME }}
+        run: |
+          cat "terraform-config/${{ vars.ENV_NAME }}.tfvars"  "deployment/environments/${{ vars.ENV_NAME }}.tfvars"  > "deployment/terraform.tfvars"
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.12.0
+          terraform_wrapper: false
+
+      - name: Terraform Destroy Plan for ${{ vars.ENV_NAME }}
+        run: |
+          cd deployment
+          terraform init -backend-config="environments/backend-${{ vars.ENV_NAME }}.hcl"
+          terraform plan -destroy -out="${{ vars.ENV_NAME }}-destroy.tfplan"
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+
-          cd deployment
-          terraform init -backend-config="environments/backend-${{ vars.ENV_NAME }}.hcl"
-          terraform plan -destroy -out="${{ vars.ENV_NAME }}-destroy.tfplan"
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
-          AWS_DEFAULT_REGION: "us-east-1"
+          cd deployment
+          terraform init -backend-config="environments/backend-${{ inputs.environment }}.hcl"
+          terraform plan -destroy -out="${{ inputs.environment }}-destroy.tfplan"
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
-          cd deployment
-          terraform init -backend-config="environments/backend-${{ vars.ENV_NAME }}.hcl"
-          terraform plan -destroy -out="${{ vars.ENV_NAME }}-destroy.tfplan"
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
-          AWS_DEFAULT_REGION: "us-east-1"
+          cd deployment
+          terraform init -backend-config="environments/backend-${{ inputs.environment }}.hcl"
+          terraform plan -destroy -out="${{ inputs.environment }}-destroy.tfplan"
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+      - name: Show Destroy Plan Summary
+        run: |
+          cd deployment
+          echo "## 🚨 DESTROY PLAN SUMMARY FOR ${{ vars.ENV_NAME }} 🚨" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "The following resources will be **DESTROYED**:" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          terraform show -no-color "${{ vars.ENV_NAME }}-destroy.tfplan" | head -50 >> $GITHUB_STEP_SUMMARY
-      - name: Show Destroy Plan Summary
-        run: |
-          cd deployment
-          echo "## 🚨 DESTROY PLAN SUMMARY FOR ${{ vars.ENV_NAME }} 🚨" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "The following resources will be **DESTROYED**:" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          terraform show -no-color "${{ vars.ENV_NAME }}-destroy.tfplan" | head -50 >> $GITHUB_STEP_SUMMARY
+      - name: Show Destroy Plan Summary
+        run: |
+          cd deployment
+          echo "## 🚨 DESTROY PLAN SUMMARY FOR ${{ inputs.environment }} 🚨" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "The following resources will be **DESTROYED**:" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          terraform show -no-color "${{ vars.ENV_NAME }}-destroy.tfplan" | head -50 >> $GITHUB_STEP_SUMMARY
-      - name: Show Destroy Plan Summary
-        run: |
-          cd deployment
-          echo "## 🚨 DESTROY PLAN SUMMARY FOR ${{ vars.ENV_NAME }} 🚨" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "The following resources will be **DESTROYED**:" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          terraform show -no-color "${{ vars.ENV_NAME }}-destroy.tfplan" | head -50 >> $GITHUB_STEP_SUMMARY
+      - name: Show Destroy Plan Summary
+        run: |
+          cd deployment
+          echo "## 🚨 DESTROY PLAN SUMMARY FOR ${{ inputs.environment }} 🚨" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "The following resources will be **DESTROYED**:" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          terraform show -no-color "${{ vars.ENV_NAME }}-destroy.tfplan" | head -50 >> $GITHUB_STEP_SUMMARY
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+
+      - name: Copy destroy plan to S3 bucket for ${{ vars.ENV_NAME }}
+        if: ${{ inputs.plan_only == false }}
+        run: aws s3 cp "deployment/${{ vars.ENV_NAME }}-destroy.tfplan" "s3://${{ env.SETTINGS_BUCKET }}/destroy-plans/${{ vars.ENV_NAME }}-destroy.tfplan"
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
+          SETTINGS_BUCKET: sf-website-infrastructure
+          AWS_DEFAULT_REGION: "us-east-1"
+
+      - name: Copy lock file to S3 bucket for ${{ vars.ENV_NAME }}
+        if: ${{ !inputs.plan_only }}
+        run: aws s3 cp "deployment/.terraform.lock.hcl" "s3://${{ env.SETTINGS_BUCKET }}/destroy-plans/${{ vars.ENV_NAME }}.terraform.lock.hcl"
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
+          SETTINGS_BUCKET: sf-website-infrastructure
+          AWS_DEFAULT_REGION: "us-east-1"
 
   manual-approval:
     needs: [destroy-plan]
     runs-on: ubuntu-latest
+    environment: Development
     if: ${{ !inputs.plan_only }}
     steps:
-    - name: Placeholder - Manual approval step
-      run: |
-        echo "This step is empty - manual approval functionality not implemented on main branch"
-        echo "Would wait for approval to destroy ${{ inputs.environment }}"
+      - name: Wait for approval to destroy ${{ vars.ENV_NAME }}
+        if: ${{ inputs.environment != 'Development' }}
+        uses: trstringer/manual-approval@v1
+        with:
+          secret: ${{ github.TOKEN }}
+          approvers: killev
+          minimum-approvals: 1
+          issue-title: "🚨 DESTROY ${{ vars.ENV_NAME }} AWS Environment 🚨"
+          issue-body: |
+            ## ⚠️ CRITICAL: Infrastructure Destruction Request ⚠️
+
+            **Environment**: ${{ vars.ENV_NAME }}
+            **Requested by**: @${{ github.actor }}
+            **Workflow run**: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+
+            ### 🚨 WARNING: This action will PERMANENTLY DESTROY the following infrastructure:
+            - VPC and all networking components
+            - ECS cluster and services
+            - DocumentDB cluster and all data
+            - ElastiCache Redis cluster and all data
+            - Application Load Balancer
+            - CloudFront distribution
+            - S3 buckets and all stored files
+            - ECR repository and all images
+            - IAM roles and policies
+            - CloudWatch logs and metrics
+            - Parameter Store secrets
+
+            ### 📋 Before approving, please verify:
+            - [ ] This is the correct environment to destroy
+            - [ ] All important data has been backed up
+            - [ ] Team has been notified of the destruction
+            - [ ] No critical services depend on this infrastructure
+
+            **To approve**: Comment "approve" or "approved"
+            **To deny**: Comment "deny" or "denied"
+
+            **⚠️ THIS ACTION CANNOT BE UNDONE ⚠️**
 
   destroy-apply:
     needs: [manual-approval]
     runs-on: ubuntu-latest
-    if: ${{ !inputs.plan_only }}
+    environment: Development
+    if: ${{ inputs.plan_only == false && (inputs.environment == 'Development' || needs.manual-approval.result == 'success') }}
     steps:
-    - name: Placeholder - Destroy apply step
-      run: |
-        echo "This step is empty - destroy apply functionality not implemented on main branch"
-        echo "Would destroy infrastructure for ${{ inputs.environment }}"
+      - name: Get Environment Name for ${{ vars.ENV_NAME }}
+        id: get_env_name
+        uses: Entepotenz/change-string-case-action-min-dependencies@v1
+        with:
+          string: ${{ vars.ENV_NAME }}
+
-    if: ${{ inputs.plan_only == false && (inputs.environment == 'Development' || needs.manual-approval.result == 'success') }}
-    steps:
-    - name: Placeholder - Destroy apply step
-      run: |
-        echo "This step is empty - destroy apply functionality not implemented on main branch"
-        echo "Would destroy infrastructure for ${{ inputs.environment }}"
-      - name: Get Environment Name for ${{ vars.ENV_NAME }}
-        id: get_env_name
-        uses: Entepotenz/change-string-case-action-min-dependencies@v1
-        with:
-          string: ${{ vars.ENV_NAME }}
+    if: ${{ inputs.plan_only == false && (inputs.environment == 'Development' || needs.manual-approval.result == 'success') }}
+    steps:
+      - name: Normalize environment name
+        id: get_env_name
+        uses: Entepotenz/change-string-case-action-min-dependencies@v1
+        with:
+          string: ${{ inputs.environment }}
-    if: ${{ inputs.plan_only == false && (inputs.environment == 'Development' || needs.manual-approval.result == 'success') }}
-    steps:
-    - name: Placeholder - Destroy apply step
-      run: |
-        echo "This step is empty - destroy apply functionality not implemented on main branch"
-        echo "Would destroy infrastructure for ${{ inputs.environment }}"
-      - name: Get Environment Name for ${{ vars.ENV_NAME }}
-        id: get_env_name
-        uses: Entepotenz/change-string-case-action-min-dependencies@v1
-        with:
-          string: ${{ vars.ENV_NAME }}
+    if: ${{ inputs.plan_only == false && (inputs.environment == 'Development' || needs.manual-approval.result == 'success') }}
+    steps:
+      - name: Normalize environment name
+        id: get_env_name
+        uses: Entepotenz/change-string-case-action-min-dependencies@v1
+        with:
+          string: ${{ inputs.environment }}
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.12.0
+          terraform_wrapper: false
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Get destroy plan from S3 bucket for ${{ vars.ENV_NAME }}
+        run: aws s3 cp "s3://${{ env.SETTINGS_BUCKET }}/destroy-plans/${{ vars.ENV_NAME }}-destroy.tfplan" "deployment/${{ vars.ENV_NAME }}-destroy.tfplan"
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
+          SETTINGS_BUCKET: sf-website-infrastructure
+          AWS_DEFAULT_REGION: "us-east-1"
+
+      - name: Get lock file from S3 bucket for ${{ vars.ENV_NAME }}
+        run: aws s3 cp "s3://${{ env.SETTINGS_BUCKET }}/destroy-plans/${{ vars.ENV_NAME }}.terraform.lock.hcl" "deployment/.terraform.lock.hcl"
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
+          SETTINGS_BUCKET: sf-website-infrastructure
+          AWS_DEFAULT_REGION: "us-east-1"
+
+      - name: 🚨 DESTROY Infrastructure for ${{ vars.ENV_NAME }} 🚨
+        run: |
+          cd deployment
+          terraform init -backend-config="environments/backend-${{ vars.ENV_NAME }}.hcl"
+          echo "🚨 DESTROYING INFRASTRUCTURE FOR ${{ vars.ENV_NAME }} - THIS CANNOT BE UNDONE! 🚨"
+          terraform apply "${{ vars.ENV_NAME }}-destroy.tfplan"
+          echo "✅ Infrastructure for ${{ vars.ENV_NAME }} has been destroyed"
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+
+      - name: Clean up destroy plan files
+        run: |
+          aws s3 rm "s3://${{ env.SETTINGS_BUCKET }}/destroy-plans/${{ vars.ENV_NAME }}-destroy.tfplan" || true
+          aws s3 rm "s3://${{ env.SETTINGS_BUCKET }}/destroy-plans/${{ vars.ENV_NAME }}.terraform.lock.hcl" || true
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
+          SETTINGS_BUCKET: sf-website-infrastructure
+          AWS_DEFAULT_REGION: "us-east-1"
-      - name: Clean up destroy plan files
-        run: |
-          aws s3 rm "s3://${{ env.SETTINGS_BUCKET }}/destroy-plans/${{ vars.ENV_NAME }}-destroy.tfplan" || true
-          aws s3 rm "s3://${{ env.SETTINGS_BUCKET }}/destroy-plans/${{ vars.ENV_NAME }}.terraform.lock.hcl" || true
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
-          SETTINGS_BUCKET: sf-website-infrastructure
-          AWS_DEFAULT_REGION: "us-east-1"
+      - name: Clean up destroy plan files
+        run: |
+          aws s3 rm "s3://${{ env.SETTINGS_BUCKET }}/destroy-plans/${{ inputs.environment }}-destroy.tfplan" || true
+          aws s3 rm "s3://${{ env.SETTINGS_BUCKET }}/destroy-plans/${{ inputs.environment }}.terraform.lock.hcl" || true
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
+          SETTINGS_BUCKET: sf-website-infrastructure
+          AWS_DEFAULT_REGION: "us-east-1"
-      - name: Clean up destroy plan files
-        run: |
-          aws s3 rm "s3://${{ env.SETTINGS_BUCKET }}/destroy-plans/${{ vars.ENV_NAME }}-destroy.tfplan" || true
-          aws s3 rm "s3://${{ env.SETTINGS_BUCKET }}/destroy-plans/${{ vars.ENV_NAME }}.terraform.lock.hcl" || true
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
-          SETTINGS_BUCKET: sf-website-infrastructure
-          AWS_DEFAULT_REGION: "us-east-1"
+      - name: Clean up destroy plan files
+        run: |
+          aws s3 rm "s3://${{ env.SETTINGS_BUCKET }}/destroy-plans/${{ inputs.environment }}-destroy.tfplan" || true
+          aws s3 rm "s3://${{ env.SETTINGS_BUCKET }}/destroy-plans/${{ inputs.environment }}.terraform.lock.hcl" || true
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.TF_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_AWS_SECRET_ACCESS_KEY }}
+          SETTINGS_BUCKET: sf-website-infrastructure
+          AWS_DEFAULT_REGION: "us-east-1"
@@ -144,3 +144,10 @@ website/public/apos-frontend
 dump.archive
 .prettierrc
 aposUsersSafe.json
+terraform.tfvars
+deployment/.terraform
+*.tfplan
+plan.out.txt
+.cursor/tmp
+.terraform.lock.hcl
+*.pem
@@ -5,6 +5,9 @@
 
 # Install dependencies needed for health checks with pinned version
  RUN apk add --no-cache wget=1.25.0-r1
+
+ RUN wget https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem
+ RUN chmod 600 global-bundle.pem
 
  # Create a non-root user and group 
  RUN addgroup -S appgroup && adduser -S appuser -G appgroup

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+# ECS Deployment Script
+# This script rebuilds the Docker image, pushes it to ECR, and restarts the ECS service
+
+set -e  # Exit on any error
+
+# Configuration
+AWS_PROFILE="tf-sf-website"
+AWS_REGION="us-east-1"
+ECR_REPOSITORY="695912022152.dkr.ecr.us-east-1.amazonaws.com/sf-website-development"
+ECS_CLUSTER="sf-website-dev-cluster"
+ECS_SERVICE="sf-website-dev-service"
+IMAGE_TAG="latest"
+
+echo "🚀 Starting ECS deployment process..."
+
+# Step 1: Login to ECR
+echo "📝 Logging into ECR..."
+AWS_PROFILE=$AWS_PROFILE aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $ECR_REPOSITORY
+
+# Step 2: Build the Docker image
+echo "🔨 Building Docker image for linux/amd64 platform..."
+docker build --platform linux/amd64 -t $ECR_REPOSITORY:$IMAGE_TAG .
+
+# Step 3: Push the image to ECR
+echo "📤 Pushing image to ECR..."
+docker push $ECR_REPOSITORY:$IMAGE_TAG
+
+# Step 4: Force ECS service to restart with new image
+echo "🔄 Restarting ECS service..."
+AWS_PROFILE=$AWS_PROFILE aws ecs update-service \
+  --cluster $ECS_CLUSTER \
+  --service $ECS_SERVICE \
+  --force-new-deployment \
+  --region $AWS_REGION
+
+# Step 5: Wait for deployment to complete
+echo "⏳ Waiting for deployment to complete..."
+AWS_PROFILE=$AWS_PROFILE aws ecs wait services-stable \
+  --cluster $ECS_CLUSTER \
+  --services $ECS_SERVICE \
+  --region $AWS_REGION
+
+echo "✅ Deployment completed successfully!"
+echo "🌐 Your application should be available at: https://sf-website-dev.sandbox-prettyclear.com"