Skip to content

Commit 23951d1

Browse files
authored
feat: align infra and ci with tournament (#62)
* feat: align infra and ci with tournament * chore: format terraform and pa11y config * fix(ci): use localhost for accessibility db
1 parent 046c75d commit 23951d1

File tree

14 files changed

+7347
-1662
lines changed

14 files changed

+7347
-1662
lines changed

.env.example

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,3 +13,22 @@ BASIC_AUTH_USER_ID="00000000-0000-7000-8000-000000000000"
1313
# Optional locally (defaults to a development secret) but REQUIRED in production
1414
# Generate with: `openssl rand -base64 32`
1515
BETTER_AUTH_SECRET="GWEDcva6qPMctBu7jLlFbpXiLUFWleQK"
16+
BETTER_AUTH_EMAIL_SENDER="no-reply@example.com"
17+
BETTER_AUTH_URL="http://localhost:3000"
18+
BETTER_AUTH_TRUSTED_ORIGINS="http://localhost:3000,https://mattis.vanvikil.no"
19+
20+
# Amazon SES (emails)
21+
SES_ENABLED="false"
22+
SES_REGION="eu-north-1"
23+
SES_ACCESS_KEY_ID=""
24+
SES_SECRET_ACCESS_KEY=""
25+
SES_SOURCE_EMAIL=""
26+
SES_CONFIGURATION_SET=""
27+
28+
# Base application URL surfaced to the browser
29+
NEXT_PUBLIC_APP_URL="http://localhost:3000"
30+
31+
# AWS Lambda Powertools configuration
32+
POWERTOOLS_SERVICE_NAME="mattis"
33+
POWERTOOLS_LOG_LEVEL="INFO"
34+
POWERTOOLS_METRICS_NAMESPACE="mattis"

.github/workflows/ci-cd-pipeline.yml

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,9 @@ jobs:
3636
- name: Lint (Biome)
3737
command: npm run lint
3838
job-timeout: 15
39+
- name: OpenAPI Lint (Spectral)
40+
command: npm run spectral
41+
job-timeout: 10
3942
steps:
4043
- &node-checkout
4144
name: Checkout repository
@@ -177,6 +180,53 @@ jobs:
177180
if: github.event_name == 'pull_request'
178181
uses: actions/dependency-review-action@v4
179182

183+
accessibility:
184+
name: Accessibility
185+
runs-on: ubuntu-latest
186+
timeout-minutes: 20
187+
services:
188+
postgres:
189+
image: postgres:17
190+
ports:
191+
- 5432:5432
192+
env:
193+
POSTGRES_DB: mattis
194+
POSTGRES_USER: mattis
195+
POSTGRES_PASSWORD: mattis
196+
options: >-
197+
--health-cmd "pg_isready -U mattis -d mattis"
198+
--health-interval 10s
199+
--health-timeout 5s
200+
--health-retries 5
201+
env:
202+
DATABASE_URL: postgresql://mattis:mattis@localhost:5432/mattis
203+
NEXT_PUBLIC_APP_URL: http://127.0.0.1:3000
204+
steps:
205+
- *node-checkout
206+
- *node-setup
207+
- *node-install-dependencies
208+
- *copy-example-env
209+
- name: Seed database
210+
run: npm run seed
211+
- name: Build application
212+
run: npm run build
213+
- name: Start application
214+
run: |
215+
PORT=3000 npm run start > /tmp/next.log 2>&1 &
216+
- name: Wait for application
217+
run: |
218+
for i in {1..30}; do
219+
if curl -fsS http://127.0.0.1:3000/ >/dev/null; then
220+
exit 0
221+
fi
222+
sleep 2
223+
done
224+
echo "Application did not start in time"
225+
cat /tmp/next.log
226+
exit 1
227+
- name: Run accessibility checks
228+
run: npm run test:accessibility
229+
180230
build:
181231
name: Build
182232
runs-on: ubuntu-latest
@@ -233,6 +283,7 @@ jobs:
233283
- unit-tests
234284
- infra
235285
- e2e
286+
- accessibility
236287
- build
237288
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
238289
environment: production

.pa11yci.json

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
{
2+
"defaults": {
3+
"standard": "WCAG2AA",
4+
"wait": 8000,
5+
"timeout": 20000,
6+
"chromeLaunchConfig": {
7+
"args": ["--no-sandbox"]
8+
}
9+
},
10+
"urls": ["http://127.0.0.1:3000/", "http://127.0.0.1:3000/login"]
11+
}

.spectral.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
extends:
2+
- spectral:oas
3+
4+
rules:
5+
operation-operationId: error

iac/locals.tf

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,4 +5,37 @@ locals {
55
Environment = var.environment
66
ManagedBy = "terraform"
77
}, var.tags)
8+
9+
default_email_sender = "no-reply@${var.app_domain}"
10+
11+
app_url_input = var.app_url == null ? "" : trimspace(var.app_url)
12+
better_auth_url_input = var.better_auth_url == null ? "" : trimspace(var.better_auth_url)
13+
better_auth_trusted_origins_input = var.better_auth_trusted_origins == null ? "" : trimspace(var.better_auth_trusted_origins)
14+
15+
better_auth_email_sender_input = var.better_auth_email_sender == null ? "" : trimspace(var.better_auth_email_sender)
16+
ses_source_email_input = var.ses_source_email == null ? "" : trimspace(var.ses_source_email)
17+
ses_region_input = var.ses_region == null ? "" : trimspace(var.ses_region)
18+
ses_domain_input = var.ses_domain == null ? "" : trimspace(var.ses_domain)
19+
ses_mail_from_input = var.ses_mail_from_domain == null ? "" : trimspace(var.ses_mail_from_domain)
20+
ses_configuration_set_input = var.ses_configuration_set == null ? "" : trimspace(var.ses_configuration_set)
21+
ses_event_topic_input = var.ses_event_topic_name == null ? "" : trimspace(var.ses_event_topic_name)
22+
ses_dmarc_rua_input = var.ses_dmarc_rua_email == null ? "" : trimspace(var.ses_dmarc_rua_email)
23+
24+
better_auth_email_sender = local.better_auth_email_sender_input != "" ? local.better_auth_email_sender_input : local.default_email_sender
25+
app_url = local.app_url_input != "" ? local.app_url_input : "https://${var.app_domain}"
26+
better_auth_url = local.better_auth_url_input != "" ? local.better_auth_url_input : local.app_url
27+
better_auth_trusted_origins = local.better_auth_trusted_origins_input != "" ? local.better_auth_trusted_origins_input : join(",", distinct(compact([
28+
local.app_url,
29+
"https://mattis.vanvikil.no",
30+
])))
31+
ses_source_email = local.ses_source_email_input != "" ? local.ses_source_email_input : local.better_auth_email_sender
32+
ses_region = local.ses_region_input != "" ? local.ses_region_input : var.aws_region
33+
ses_domain = local.ses_domain_input != "" ? local.ses_domain_input : var.app_domain
34+
ses_mail_from_domain = local.ses_mail_from_input != "" ? local.ses_mail_from_input : "mail.${local.ses_domain}"
35+
ses_configuration_set_name = local.ses_configuration_set_input != "" ? local.ses_configuration_set_input : (
36+
var.ses_create_configuration_set ? "${local.stack_name}-ses" : ""
37+
)
38+
ses_event_topic_name = local.ses_event_topic_input != "" ? local.ses_event_topic_input : "${local.stack_name}-ses-events"
39+
40+
dmarc_value = local.ses_dmarc_rua_input != "" ? "v=DMARC1; p=${var.ses_dmarc_policy}; rua=mailto:${local.ses_dmarc_rua_input}" : "v=DMARC1; p=${var.ses_dmarc_policy}"
841
}

0 commit comments

Comments
 (0)