This directory contains the CI/CD pipeline configurations for the Widget Server.
The main workflow is triggered on pushes to the main branch and handles the build, security scanning, and deployment process.
-
Build Setup
- Uses Ubuntu latest
- Sets up Node.js 20
- Configures pnpm 8
- Installs dependencies
-
AWS Configuration
- Configures AWS credentials
- Logs into Amazon ECR
-
Docker Build & Security
- Sets up Docker Buildx
- Builds test image
- Runs Trivy security scanner
- Scans for CRITICAL and HIGH vulnerabilities
- Checks both OS and library vulnerabilities
- Ignores unfixed issues
-
Deployment
- Builds and pushes final image to ECR
- Updates ECS task definition
- Deploys to Amazon ECS
- Service: widget-server
- Cluster: rocketseat-ecs-ftr-widget-server
- Waits for service stability
The workflow includes a commented configuration for AWS App Runner deployment as an alternative to ECS:
- Service defined by
APP_RUNNER_SERVICE_NAMEvariable - Configured with 1 CPU and 2GB memory
- Uses port 3333
- 180 seconds stability wait time
The ECS deployment uses a Fargate-compatible task definition with the following specifications:
- CPU: 1024 units (1 vCPU)
- Memory: 2048 MB
- Platform: Linux/X86_64
- Network Mode: awsvpc
- Container Configuration:
- CPU: 799 units
- Memory: 1024 MB
- Port: 3333 (HTTP)
- Logging: AWS CloudWatch Logs
- Log Group:
/ecs/rocketseat-widget-server - Region: us-east-2
- Log Group:
The container requires the following Cloudflare-related environment variables:
CLOUDFLARE_PUBLIC_URLCLOUDFLARE_BUCKETCLOUDFLARE_ACCESS_KEY_IDCLOUDFLARE_SECRET_ACCESS_KEYCLOUDFLARE_ACCOUNT_ID
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_ROLE_ARN(for App Runner deployment)
AWS_REGIONECR_REPOSITORYAPP_RUNNER_SERVICE_NAME(for App Runner deployment)
- Uses GitHub Actions cache for Docker builds
- Generates short SHA (7 characters) for image tags
- Container port: 3333