Merge pull request #51 from Maua-Dev/homolog

Implantação do mss em produção

Author: VictorGasperi

.github/workflows/CD.yml

@@ -1,4 +1,3 @@
-
 name: CD
 
 on:
@@ -7,52 +6,83 @@ on:
       - prod
       - dev
       - homolog
+      - fix/githubActions
 
   workflow_dispatch:
 
 jobs:
   DeployToAWS:
     environment:
-        name: ${{ github.ref_name }}
+      name: ${{ github.ref_name }}
     runs-on: ubuntu-latest
     permissions:
       id-token: write
       contents: read
 
     steps:
-        - uses: actions/checkout@v2
-        - name: Setup AWS Credentials
-          uses: aws-actions/configure-aws-credentials@v2
-          with:
-            aws-region: ${{ vars.AWS_REGION }}
-            role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GithubActionsRole
-            role-session-name: github-action
-
-        - name: Setting stage and stack name
-          run: |
-            echo "STAGE=${{ github.ref_name }}" 
-            echo "STACK_NAME=ReservationStackScheduleANDCourts${{github.ref_name}}" >> $GITHUB_ENV
-
-        - uses: actions/checkout@v3
-        - uses: actions/setup-python@v4
-          with:
-            python-version: '3.9'
-
-        - name: Installing Dependencies
-          run: |
-            npm install -g aws-cdk
-            cd iac
-            pip install -r requirements.txt
-
-        - name: DeployWithCDK
-          run: |
-            cd iac
-            cdk synth
-            cdk deploy --require-approval never 
-
-          env:
-              AWS_REGION: ${{ vars.AWS_REGION }}
-              AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
-              STACK_NAME: ${{ env.STACK_NAME }}
-              GITHUB_REF_NAME: ${{ github.ref_name }}
-              GRAPH_MICROSOFT_ENDPOINT: ${{ secrets.GRAPH_MICROSOFT_ENDPOINT }}
+      - uses: actions/checkout@v2
+
+      - name: Set AWS Account ID
+        run: |
+          if [[ "${{ github.ref_name }}" == "dev" ]]; then
+            echo "AWS_ACCOUNT_ID=${{ secrets.AWS_ACCOUNT_ID_DEV }}" >> $GITHUB_ENV
+          elif [[ "${{ github.ref_name }}" == "homolog" ]]; then
+            echo "AWS_ACCOUNT_ID=${{ secrets.AWS_ACCOUNT_ID_HOML }}" >> $GITHUB_ENV
+          elif [[ "${{ github.ref_name }}" == "prod" ]]; then
+            echo "AWS_ACCOUNT_ID=${{ secrets.AWS_ACCOUNT_ID_PROD }}" >> $GITHUB_ENV
+          else
+            echo "Invalid branch name!" && exit 1
+          fi
+
+      - name: Setup AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/GithubActionsRole
+          role-session-name: github-action
+
+      - name: Setting stage and stack name
+        run: |
+          echo "STAGE=${{ github.ref_name }}" 
+          if [[ "${{ github.ref_name }}" == "prod" ]]; then
+            echo "STAGE=prod" >> $GITHUB_ENV
+          elif [[ "${{ github.ref_name }}" == "homolog" ]]; then
+            echo "STAGE=homolog" >> $GITHUB_ENV
+          elif [[ "${{ github.ref_name }}" == "dev" ]]; then
+            echo "STAGE=dev" >> $GITHUB_ENV
+          elif [[ "${{ github.ref_name }}" == "fix/githubActions" ]]; then
+            echo "STAGE=dev" >> $GITHUB_ENV
+          else
+            echo "Invalid branch name!" && exit 1
+          fi
+          echo "STACK_NAME=ReservationStackScheduleANDCourts${{env.STAGE}}" >> $GITHUB_ENV
+
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: "3.13"
+
+      - name: Installing Dependencies
+        run: |
+          npm install -g aws-cdk
+          cd iac
+          pip install -r requirements.txt
+
+      - name: DeployWithCDK
+        run: |
+          cd iac
+          cdk synth
+          cdk deploy --require-approval never
+
+        env:
+          AWS_REGION: ${{ vars.AWS_REGION }}
+          AWS_ACCOUNT_ID: ${{ env.AWS_ACCOUNT_ID }}
+          STACK_NAME: ${{ env.STACK_NAME }}
+          GITHUB_REF_NAME: ${{ github.ref_name }}
+          MSS_NAME: ${{ github.event.repository.name }}
+          S3_ASSETS_CDN: ${{ vars.S3_ASSETS_CDN }}
+          AUTH_DEV_SYSTEM_USERPOOL_ARN_DEV: ${{ secrets.AUTH_DEV_SYSTEM_USERPOOL_ARN_DEV }}
+          FROM_EMAIL: ${{ vars.FROM_EMAIL }}
+          HIDDEN_COPY: ${{ vars.HIDDEN_COPY }}
+          REPLY_TO_EMAIL: ${{ vars.REPLY_TO_EMAIL }}
+          USER_API_URL: ${{ secrets.USER_API_URL }}

.gitignore

@@ -135,5 +135,5 @@ dmypy.json
 /.idea/
 iac/local/docker/dynamodb/shared-local-instance.db
 
-
+# MACOS temp files
 .DS_Store

iac/adjust_layer_directory.py

@@ -1,37 +1,57 @@
 import os
 import shutil
-from pathlib import Path
-import sys
-
-IAC_DIRECTORY_NAME = "iac"
-SOURCE_DIRECTORY_NAME = "src"
-LAMBDA_LAYER_PREFIX = os.path.join("python", "src")
-
-
-def adjust_layer_directory(shared_dir_name: str, destination: str):
-    # Get the root directory of the source directory
-    root_directory = Path(__file__).parent.parent
-    iac_directory = os.path.join(root_directory, IAC_DIRECTORY_NAME)
-
-    print(f"Root directory: {root_directory}")
-    print(f"Root direcotry files: {os.listdir(root_directory)}")
-    print(f"IaC directory: {iac_directory}")
-    print(f"IaC directory files: {os.listdir(iac_directory)}")
-
-
-    # Get the destination and source directory
-    destination_directory = os.path.join(root_directory, IAC_DIRECTORY_NAME, destination)
-    source_directory = os.path.join(root_directory, SOURCE_DIRECTORY_NAME, shared_dir_name)
-
-    # Delete the destination directory if it exists
-    if os.path.exists(destination_directory):
-        shutil.rmtree(destination_directory)
-
-    # Copy the source directory to the destination directory
-    shutil.copytree(source_directory, os.path.join(destination_directory, LAMBDA_LAYER_PREFIX, shared_dir_name))
-    print(
-        f"Copying files from {source_directory} to {os.path.join(destination_directory, LAMBDA_LAYER_PREFIX, shared_dir_name)}")
-
-
+import subprocess
+from pathlib import Path # Importe a biblioteca pathlib
+
+# --- Configurações ---
+BUILD_DIRECTORY = "build"
+PYTHON_TOP_LEVEL_DIR = os.path.join(BUILD_DIRECTORY, "python")
+REQUIREMENTS_FILE = "requirements-layer.txt"
+
+# --- CONSTRUÇÃO CORRETA DO CAMINHO ---
+# Pega o diretório do projeto (a raiz 'reservation_api') subindo um nível a partir do script atual.
+PROJECT_ROOT = Path(__file__).parent.parent 
+# Agora, constrói o caminho para 'src/shared' a partir da raiz do projeto.
+SHARED_CODE_SOURCE = os.path.join(PROJECT_ROOT, "src", "shared")
+
+
+def adjust_layer_directory():
+    """
+    Prepara um diretório 'build' para uma Lambda Layer do AWS CDK.
+    
+    A função junta o código local compartilhado e as dependências externas (pip)
+    na estrutura de pastas que a Lambda espera (/python).
+    """
+
+    # Garante que o build seja sempre limpo, removendo qualquer artefato antigo.
+    if os.path.exists(BUILD_DIRECTORY):
+        shutil.rmtree(BUILD_DIRECTORY)
+    
+    # Cria a estrutura de pastas 'build/python/src/'.
+    # Isso é necessário para que os imports 'from src.shared...' funcionem na Lambda.
+    shared_code_intermediate_dir = os.path.join(PYTHON_TOP_LEVEL_DIR, "src")
+    os.makedirs(shared_code_intermediate_dir)
+
+    # Copia o código compartilhado (de 'src/shared') para dentro da estrutura da Layer.
+    # O resultado final será 'build/python/src/shared'.
+    print(f"Copiando código de: {SHARED_CODE_SOURCE}") # Adicionado para debug
+    shared_code_dest = os.path.join(shared_code_intermediate_dir, os.path.basename(SHARED_CODE_SOURCE))
+    shutil.copytree(SHARED_CODE_SOURCE, shared_code_dest)
+
+    # Se o arquivo de dependências existir, instala todas as bibliotecas.
+    # O arquivo de requirements também precisa ser lido a partir da raiz.
+    requirements_path = os.path.join(PROJECT_ROOT, REQUIREMENTS_FILE)
+    if os.path.exists(requirements_path):
+        # Instala os pacotes diretamente na pasta 'build/python'.
+        # Isso permite que a Lambda importe as bibliotecas de forma padrão (ex: import requests).
+        subprocess.check_call(
+            ["pip", "install", "-r", requirements_path, "-t", PYTHON_TOP_LEVEL_DIR, "--no-cache-dir"]
+        )
+    else:
+        # Apenas um aviso caso o arquivo não seja encontrado.
+        print(f"Aviso: Arquivo '{requirements_path}' não encontrado. Nenhuma dependência externa será instalada.")
+
+
+# Ponto de entrada do script.
 if __name__ == '__main__':
-    adjust_layer_directory(shared_dir_name="shared", destination="copied_shared")
+    adjust_layer_directory()

iac/app.py

@@ -10,7 +10,7 @@
 print("Starting the CDK")
 
 print("Adjusting the layer directory")
-adjust_layer_directory(shared_dir_name="shared", destination="copied_shared")
+adjust_layer_directory()
 print("Finished adjusting the layer directory")
 
 

iac/local/minio/docker-compose-minio.yml

@@ -0,0 +1,41 @@
+version: '3.8' # The top-level 'version' is obsolete but using a more modern one like 3.8 is fine
+
+services:
+  minio:
+    image: minio/minio:latest
+    container_name: minio-reservation
+    # ✅ SET credentials for the MinIO server
+    environment:
+      MINIO_ROOT_USER: root         # If you change any credentials, you have to match it in environments
+      MINIO_ROOT_PASSWORD: root1234
+    ports:
+      - "9000:9000"
+      - "9001:9001"
+    volumes:
+      - minio-data:/data
+    command: server /data --console-address :9001
+
+  create-bucket:
+    image: minio/mc:latest
+    depends_on:
+      - minio
+    entrypoint: >
+      /bin/sh -c "
+      # ✅ Make the script exit on any error
+      set -e;
+      
+      # Wait for MinIO to be ready
+      # Use the more modern 'mc alias set' and provide the credentials
+      /usr/bin/mc alias set s3 http://minio:9000 root root1234;
+      
+      # Create the bucket
+      /usr/bin/mc mb s3/bucket-test;
+      
+      # Set the policy
+      /usr/bin/mc policy set public s3/bucket-test;
+      
+      echo '✅ Bucket created successfully!';
+      "
+
+volumes:
+  minio-data:

iac/stacks/bucket_stack.py

@@ -1,8 +1,9 @@
 from aws_cdk import (
     aws_s3 as s3,
+    aws_cloudfront as cloudfront,
+    aws_cloudfront_origins as origins,
     aws_iam as iam,
     RemovalPolicy,
-    Stack,
 )
 from constructs import Construct
 import os
@@ -24,8 +25,19 @@ def __init__(self, scope: Construct, **kwargs) -> None:
             stage = 'DEV'
 
         self.bucket = s3.Bucket(
-            self, f"BACK_S3_REPORT_BUCKET_{stage}",
-            bucket_name=f"{self.stack_name}-report-bucket{stage}".lower(),
+            self, f"RESERVATION_BACK_S3_BUCKET_{stage}",
+            # TODO remover isso quando voltar pra conta nova ou tentar deletar o bucket criado la com power user
+            bucket_name=f"{self.stack_name}-bucket-{stage}".lower(),
             versioned=True,
             removal_policy=RemovalPolicy.DESTROY if not (stage == 'PROD') else RemovalPolicy.RETAIN,
+            block_public_access=s3.BlockPublicAccess.BLOCK_ALL
+        )
+        
+        self.distribution = cloudfront.Distribution(
+            self, f"ReservationBucketDistribution{stage}",
+            default_behavior=cloudfront.BehaviorOptions(
+                origin=origins.S3Origin(self.bucket),
+                viewer_protocol_policy=cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+            ),
+            default_root_object=None  # não obrigatório, mas evita erro se não tiver index.html
         )

iac/stacks/iac_stack.py

@@ -1,5 +1,5 @@
 from aws_cdk import (
-    Stack,
+    Stack, aws_iam
 )
 from constructs import Construct
 from aws_cdk.aws_apigateway import RestApi, Cors
@@ -19,7 +19,7 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
         stage = ''
         if 'prod' in self.github_ref:
             stage = 'PROD'
-        elif 'homology' in self.github_ref:
+        elif 'homolog' in self.github_ref:
             stage = 'HOMOLOG'
         else:
             stage = 'DEV'
@@ -55,7 +55,11 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
             "DYNAMO_PARTITION_KEY": "PK",
             "DYNAMO_SORT_KEY": "SK",
             "REGION": self.aws_region,
-            "GRAPH_MICROSOFT_ENDPOINT": os.getenv("GRAPH_MICROSOFT_ENDPOINT")
+            "USER_API_URL": os.environ.get("USER_API_URL"),
+            "S3_BUCKET_NAME": self.s3_bucket.bucket.bucket_name,
+            "FROM_EMAIL": os.environ.get("FROM_EMAIL"),
+            "HIDDEN_COPY": os.environ.get("HIDDEN_COPY"),
+            "S3_ASSETS_CDN": os.environ.get("S3_ASSETS_CDN")
         }
 
 
@@ -69,4 +73,23 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
         for function in self.lambda_stack.functions_that_need_s3_permissions:
             self.s3_bucket.bucket.grant_read_write(function)
 
+        ses_admin_policy = aws_iam.PolicyStatement(
+            effect=aws_iam.Effect.ALLOW,
+            actions=[
+                "ses:*",
+            ],
+            resources=[
+                "*"
+            ]
+        )
+
+        functions_that_need_ses_permissions = [
+            self.lambda_stack.delete_booking
+        ]
+
+        for f in functions_that_need_ses_permissions:
+            f.add_environment("HIDDEN_COPY", os.environ.get("HIDDEN_COPY"))
+            f.add_environment("FROM_EMAIL", os.environ.get("FROM_EMAIL"))
+            f.add_environment("REPLY_TO_EMAIL", os.environ.get("REPLY_TO_EMAIL"))
+            f.add_to_role_policy(ses_admin_policy)