terraform updates

.gitignore

@@ -42,5 +42,6 @@ yarn-error.log*
 
 .terraform
 .terraform.lock.hcl
+terraform.tfstate.d/
 
 frontend/public/

Dockerfile

@@ -8,9 +8,9 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bytegolf-backend
 FROM alpine:latest
 COPY --from=build /bytegolf/bytegolf-backend .
 
-ARG ENV=staging
-ARG FRONTEND_URL=https://staging.byte.golf
-ARG BACKEND_URL=https://staging.api.byte.golf
+ARG ENV=prod
+ARG FRONTEND_URL=https://byte.golf
+ARG BACKEND_URL=https://api.byte.golf
 
 ENV GCP_PROJECT_ID=squid-cloud
 ENV BG_ENV=${ENV}

frontend/.dockerignore

@@ -0,0 +1,4 @@
+dist/
+build/
+node_modules/
+*.md

frontend/Dockerfile

@@ -0,0 +1,19 @@
+FROM node:18.12.1-alpine3.15 as build
+
+COPY . .
+
+# TODO: Remove this line after updating deps
+ENV NODE_OPTIONS --openssl-legacy-provider 
+RUN npm install
+RUN npm run build:master
+
+FROM nginx:alpine
+COPY --from=build nginx.conf /etc/nginx/conf.d/default.conf
+
+RUN rm -rf /usr/share/nginx/html/*
+COPY --from=build /build/ /usr/share/nginx/html
+
+ENV PORT 8080
+EXPOSE ${PORT}
+
+CMD ["nginx", "-g", "daemon off;"]

frontend/nginx.conf

@@ -0,0 +1,14 @@
+server {
+    listen       8080;
+    server_name  localhost;
+    #charset koi8-r;
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+        try_files $uri /index.html;                 
+    }
+
+    #error_page  404              /404.html;
+}

frontend/package.json

@@ -30,6 +30,7 @@
     "start": "PORT=3000 env-cmd -f .env.local react-scripts start",
     "build:master": "env-cmd -f .env.prod react-scripts build",
     "build:stage": "env-cmd -f .env.dev react-scripts build",
+    "build:local": "env-cmd -f .env.local react-scripts build",
     "test": "react-scripts test",
     "eject": "react-scripts eject"
   },

frontend/src/Globals.ts

@@ -3,7 +3,7 @@ export const SecondaryColor = '#de5353';
 export const ThirdColor = '#414141';
 export const LightTextColor = '#e6e6e6';
 
-const backend = process.env.REACT_APP_BACKEND_URI ? process.env.REACT_APP_BACKEND_URI : 'http://192.168.0.21:9999';
+const backend = process.env.REACT_APP_BACKEND_URI ? process.env.REACT_APP_BACKEND_URI : 'http://dev.box:8080';
 export const readme = process.env.REACT_APP_README_URI ? process.env.REACT_APP_README_URI : 'https://raw.githubusercontent.com/Squwid/bytegolf/master/README.md';
 
 

terraform/cloud_run.tf → terraform/backend_cloud_run.tf

@@ -4,7 +4,7 @@ resource "google_cloud_run_service" "backend_service" {
 
   metadata {
     annotations = {
-      "run.googleapis.com/ingress" : "internal-and-cloud-load-balancing"
+      "run.googleapis.com/ingress" : "all"
     }
   }
 
@@ -18,9 +18,11 @@ resource "google_cloud_run_service" "backend_service" {
 
     spec {
       service_account_name = google_service_account.backend.email
+      container_concurrency = 20
+      timeout_seconds = 30
 
       containers {
-        image = local.backend_container
+        image = local.backend_image
 
         resources {
           # requests = {
@@ -29,7 +31,7 @@ resource "google_cloud_run_service" "backend_service" {
           # }
 
           limits = {
-            memory = "256Mi"
+            memory = "128Mi"
             cpu    = "1000m"
           }
         }
@@ -139,46 +141,39 @@ resource "google_cloud_run_service" "backend_service" {
   ]
 }
 
-data "google_iam_policy" "noauth" {
+data "google_iam_policy" "noauth_backend" {
   binding {
     role    = "roles/run.invoker"
     members = ["allUsers"]
   }
 }
 
-resource "google_cloud_run_service_iam_policy" "noauth" {
+resource "google_cloud_run_service_iam_policy" "backend_noauth" {
   location = google_cloud_run_service.backend_service.location
   project  = google_cloud_run_service.backend_service.project
   service  = google_cloud_run_service.backend_service.name
 
-  policy_data = data.google_iam_policy.noauth.policy_data
+  policy_data = data.google_iam_policy.noauth_backend.policy_data
 }
 
-#################################################
-#                      NEG                      #
-#################################################
-
-resource "google_compute_backend_service" "backend_service" {
-  provider    = google
-  name        = "${local.env}-bytegolf-backend-service"
-  description = "Backend service for Bytegolf Backend ${local.env}"
-  enable_cdn  = false
+resource "google_cloud_run_domain_mapping" "backend" {
+  location = "us-central1"
+  name     = local.backend_url
 
-  backend {
-    group = google_compute_region_network_endpoint_group.backend_neg.id
+  metadata {
+    namespace = local.project
   }
-}
 
-resource "google_compute_region_network_endpoint_group" "backend_neg" {
-  name                  = "${local.env}-backend-neg"
-  network_endpoint_type = "SERVERLESS"
-  region                = "us-central1"
-
-  cloud_run {
-    service = google_cloud_run_service.backend_service.name
+  spec {
+    route_name = google_cloud_run_service.backend_service.name
   }
+
+  depends_on = [
+    google_cloud_run_service.backend_service
+  ]
 }
 
+
 #################################################
 #                SERVICE ACCOUNT                #
 #################################################
@@ -188,14 +183,16 @@ resource "google_service_account" "backend" {
   display_name = "Backend Service Account - ${local.env}"
 }
 
+# TODO: Find a better way to limit access to specific secrets that should be unaccessable 
+# between environments
 resource "google_project_iam_member" "backend_secret_accessor" {
   project = local.project
-  role = "roles/secretmanager.secretAccessor"
-  member = "serviceAccount:${resource.google_service_account.backend.email}"
+  role    = "roles/secretmanager.secretAccessor"
+  member  = "serviceAccount:${resource.google_service_account.backend.email}"
 }
 
 resource "google_project_iam_member" "backend_firebase_admin" {
   project = local.project
-  role = "roles/firebase.admin"
-  member = "serviceAccount:${resource.google_service_account.backend.email}"
+  role    = "roles/firebase.admin"
+  member  = "serviceAccount:${resource.google_service_account.backend.email}"
 }

terraform/firestore.tf

@@ -1,5 +1,4 @@
 resource "google_firestore_index" "active_holes" {
-  # collection = "bytegolf_ActiveHoles_${local.env}"
   collection = "bg_${local.env}_Hole"
 
   fields {
@@ -82,7 +81,6 @@ resource "google_firestore_index" "user_submissions" {
 }
 
 resource "google_firestore_index" "best_hole_submissions_lang" {
-  # collection = "bytegolf_BestHoleLangSubs_${local.env}"
   collection = "bg_${local.env}_Submission"
 
   fields {
@@ -109,10 +107,13 @@ resource "google_firestore_index" "best_hole_submissions_lang" {
     field_path = "SubmittedTime"
     order      = "ASCENDING"
   }
+
+  depends_on = [
+    google_firestore_index.active_test_cases
+  ]
 }
 
 resource "google_firestore_index" "best_hole_submissions" {
-  # collection = "bytegolf_BestHoleSubs_${local.env}"
   collection = "bg_${local.env}_Submission"
 
   fields {
@@ -137,7 +138,6 @@ resource "google_firestore_index" "best_hole_submissions" {
 }
 
 resource "google_firestore_index" "active_test_cases" {
-  # collection = "bytegolf_ActiveHoleTests_${local.env}"
   collection = "bg_${local.env}_Test"
 
   fields {

terraform/frontend_cloud_run.tf

@@ -0,0 +1,93 @@
+resource "google_cloud_run_service" "frontend_service" {
+  name     = "${local.env}-bytegolf-frontend"
+  location = "us-central1"
+
+  metadata {
+    annotations = {
+      "run.googleapis.com/ingress" : "all"
+    }
+  }
+
+  template {
+    metadata {
+      annotations = {
+        "autoscaling.knative.dev/minScale" = "0"
+        "autoscaling.knative.dev/maxScale" = "3"
+      }
+    }
+
+    spec {
+      service_account_name = google_service_account.frontend.email
+      container_concurrency = 20
+      timeout_seconds = 30
+
+
+      containers {
+        image = local.frontend_image
+
+        resources {
+          limits = {
+            memory = "128Mi"
+            cpu    = "1000m"
+          }
+        }
+      }
+    }
+  }
+
+
+  traffic {
+    percent         = 100
+    latest_revision = true
+  }
+  autogenerate_revision_name = true
+}
+
+data "google_iam_policy" "noauth_frontend" {
+  binding {
+    role    = "roles/run.invoker"
+    members = ["allUsers"]
+  }
+}
+
+resource "google_cloud_run_service_iam_policy" "frontend_noauth" {
+  location = google_cloud_run_service.frontend_service.location
+  project  = google_cloud_run_service.frontend_service.project
+  service  = google_cloud_run_service.frontend_service.name
+
+  policy_data = data.google_iam_policy.noauth_frontend.policy_data
+}
+
+resource "google_cloud_run_domain_mapping" "frontend" {
+  location = "us-central1"
+  name     = local.frontend_url
+
+  metadata {
+    namespace = local.project
+  }
+
+  spec {
+    route_name = google_cloud_run_service.frontend_service.name
+  }
+
+  depends_on = [
+    google_cloud_run_service.frontend_service
+  ]
+}
+
+#################################################
+#                SERVICE ACCOUNT                #
+#################################################
+
+resource "google_service_account" "frontend" {
+  account_id   = "bg-frontend-${local.env}"
+  display_name = "Frontend Service Account - ${local.env}"
+}
+
+# TODO: Find a better way to limit access to specific secrets that should be unaccessable 
+# between environments
+resource "google_project_iam_member" "frontend_secret_accessor" {
+  project = local.project
+  role    = "roles/secretmanager.secretAccessor"
+  member  = "serviceAccount:${resource.google_service_account.frontend.email}"
+}

terraform/holes.tf

@@ -0,0 +1,6 @@
+# resource "google_firestore_document" "hello_world" {
+#   project = local.project
+#   collection = google_firestore_index.active_holes.collection
+#   document_id = "testing_hello_world"
+#   fields = "{\"Active\": {\"booleanValue\": true},\"Difficulty\": {\"stringValue\": \"EASY\"}, \"ID\":{\"stringValue\": \"testing_hello_world\"},\"Name\":{\"stringValue\": \"Testing Hello, World!\"},\"Question\": {\"stringValue\": \"Print \\\"Hello, World!\\\" to console.\"}}"
+# }