feat: #661 Change the deployment to S3 sync

.github/workflows/actions/deploy/action.yml

@@ -26,10 +26,10 @@ runs:
       shell: bash
       run: |
         artifact_name="${{ inputs.environment-name }}-entrypoint.zip"
-        zip -r $artifact_name .
+        zip -r -q $artifact_name .
 
     - name: Send artifact to S3
       shell: bash
       run: |
-        artifact_name="${{ inputs.environment-name }}-entrypoint.zip"
-        aws s3 cp $artifact_name "s3://${{ inputs.artifacts-s3-bucket }}/${artifact_name}"
+        artifact_name="${{ inputs.environment-name }}-entrypoint"
+        aws s3 cp "${artifact_name}.zip" "s3://${{ inputs.artifacts-s3-bucket }}/${artifact_name}"

.github/workflows/deploy-prod.yml

@@ -18,5 +18,4 @@ jobs:
       - uses: ./.github/workflows/actions/deploy
         with:
           environment-name: 'prod'
-          trigger-url: '${{ vars.SB_DEPLOY_TRIGGER_URL }}'
-          trigger-secret: '${{ secrets.SB_DEPLOY_TRIGGER_SECRET }}'
+          artifacts-s3-bucket: '${{ secrets.SB_CI_ARTIFACTS_BUCKET }}'

.github/workflows/deploy-qa.yml

@@ -19,5 +19,9 @@ jobs:
 
       - uses: ./.github/workflows/actions/deploy
         with:
-          environment-name: 'qa'
+          environment-name: 'saas-qa'
           artifacts-s3-bucket: '${{ secrets.SB_CI_ARTIFACTS_BUCKET }}'
+        env:
+            AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+            AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+            AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}

packages/infra/infra-shared/src/stacks/ci/ciEntrypoint.ts

@@ -1,15 +1,14 @@
 import { Construct } from 'constructs';
 import * as s3 from 'aws-cdk-lib/aws-s3';
-import * as codecommit from 'aws-cdk-lib/aws-codecommit';
 import * as codebuild from 'aws-cdk-lib/aws-codebuild';
 import { BuildEnvironmentVariableType } from 'aws-cdk-lib/aws-codebuild';
 import * as cloudtrail from 'aws-cdk-lib/aws-cloudtrail';
 import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';
+import * as iam from 'aws-cdk-lib/aws-iam';
 import { EnvConstructProps, EnvironmentSettings } from '@sb/infra-core';
+import { GlobalResources } from '../global/resources';
 
-export interface CiEntrypointProps extends EnvConstructProps {
-  codeRepository: codecommit.IRepository;
-}
+export interface CiEntrypointProps extends EnvConstructProps {}
 
 export class CiEntrypoint extends Construct {
   public artifactsBucket: s3.Bucket;
@@ -23,13 +22,24 @@ export class CiEntrypoint extends Construct {
     return `${envSettings.projectEnvName}-entrypoint`;
   }
 
+  private retrieveExternalCIUser() {
+    return iam.User.fromUserName(
+      this,
+      'ExternalCiUser',
+      GlobalResources.getExternalCIUserName(),
+    );
+  }
+
   constructor(scope: Construct, id: string, props: CiEntrypointProps) {
     super(scope, id);
 
     this.artifactsBucket = new s3.Bucket(this, 'ArtifactsBucket', {
       versioned: true,
     });
 
+    const externalCiUser = this.retrieveExternalCIUser();
+    this.artifactsBucket.grantWrite(externalCiUser);
+
     const trail = new cloudtrail.Trail(this, 'CloudTrail');
     trail.addS3EventSelector(
       [

packages/infra/infra-shared/src/stacks/ci/ciPipeline.ts

@@ -19,7 +19,6 @@ import { DocsCiConfig } from './ciDocs';
 export interface CiPipelineProps extends EnvConstructProps {
   entrypointArtifactBucket: Bucket;
   backendRepository: ecr.IRepository;
-  codeRepository: cc.IRepository;
 }
 
 export class CiPipeline extends Construct {

packages/infra/infra-shared/src/stacks/ci/stack.ts

@@ -1,10 +1,8 @@
 import { App, Stack, StackProps } from 'aws-cdk-lib';
 import * as ecr from 'aws-cdk-lib/aws-ecr';
-import * as codecommit from 'aws-cdk-lib/aws-codecommit';
 import { EnvConstructProps } from '@sb/infra-core';
 
 import { GlobalECR } from '../global/resources/globalECR';
-import { GlobalCodeCommit } from '../global/resources/globalCodeCommit';
 import { CiPipeline } from './ciPipeline';
 import { CiEntrypoint } from './ciEntrypoint';
 
@@ -15,34 +13,23 @@ export class EnvCiStack extends Stack {
     super(scope, id, props);
 
     const backendRepository = this.retrieveBackendECRRepository(props);
-    const codeRepository = this.retrieveCodeRepository(props);
 
     const entrypoint = new CiEntrypoint(this, 'Entrypoint', {
       envSettings: props.envSettings,
-      codeRepository,
     });
 
     new CiPipeline(this, 'PipelineConfig', {
       envSettings: props.envSettings,
-      codeRepository,
       backendRepository,
       entrypointArtifactBucket: entrypoint.artifactsBucket,
     });
   }
 
-  private retrieveCodeRepository(props: EnvCiStackProps) {
-    return codecommit.Repository.fromRepositoryName(
-      this,
-      'CodeRepository',
-      GlobalCodeCommit.getCodeRepositoryName(props.envSettings)
-    );
-  }
-
   private retrieveBackendECRRepository(props: EnvCiStackProps) {
     return ecr.Repository.fromRepositoryName(
       this,
       'ECRBackendRepository',
-      GlobalECR.getBackendRepositoryName(props.envSettings)
+      GlobalECR.getBackendRepositoryName(props.envSettings),
     );
   }
 }

packages/infra/infra-shared/src/stacks/global/resources/index.ts

@@ -3,23 +3,24 @@ import * as iam from 'aws-cdk-lib/aws-iam';
 import { EnvConstructProps } from '@sb/infra-core';
 
 import { GlobalECR } from './globalECR';
-import { GlobalCodeCommit } from './globalCodeCommit';
 import { GlobalBuildSecrets } from './globalBuildSecrets';
 
 export class GlobalResources extends Construct {
   ecr: GlobalECR;
-  codeCommit: GlobalCodeCommit;
   buildSecrets: GlobalBuildSecrets;
   externalCiUser: iam.User;
 
   constructor(scope: Construct, id: string, props: EnvConstructProps) {
     super(scope, id);
 
     this.ecr = new GlobalECR(this, 'ECRGlobal', props);
-    this.codeCommit = new GlobalCodeCommit(this, 'CodeCommit', props);
     this.buildSecrets = new GlobalBuildSecrets(this, 'GlobalBuildSecrets');
     this.externalCiUser = new iam.User(this, 'ExternalCiUser', {
-      userName: 'external-ci',
+      userName: GlobalResources.getExternalCIUserName(),
     });
   }
+
+  static getExternalCIUserName() {
+    return 'external-ci';
+  }
 }