This document should describe the deployment. The dev information you can find in the GitHub README of the Loono Backend repository.
Used tools
AWS and Kubernetes services
Docker
Terraform
...
The backend server is an application running on JVM written in Kotlin a and built by Gradle.
Versions:
Kotlin 1.5.20
JVM 11+ (compatibility with 11)
Gradle 7.1
The server uses the PostgreSQL as a data storage.
...
Docker image creation with Dockerfile
Building the application by Gradle build to create a bootable JAR file
Creation a final docker image with the application JAR
Upload the Docker image to the Docker repository (ECR)
Deployment of the new server version to the AWS
Startup of the new version
If the startup succeeds then the new version replaces the old one
Pipelines and configurations
The AWS configuration and deployment is managed by Terraform. It is located in the GitHub repository.
The infrastructure definitions are owned by Martin Wenisch and any changes have to be reviewed by him.
The deployment pipelines (GitHub Actions)
Terraform Apply on Push - triggers the Terraform init
Deploy backend to ECS - uploading the new server version to the Docker repository and trigger a redeploy
GitHub Secrets
We use GitHub Secrets to hide access keys and passwords in our public repository. The GitHub Secrets are use in the Actions where provides secret values for the deployment process (access to AWS) or secrets needed by a pod.
Flow: Github Actions Secret → GitHub Actions → Terraform environment variable → Pod template with predefined system environment variables
AWS connection and deployment secrets
AWS_ACCESS_KEY_ID
AWS_REGION
AWS_REPOSITORY
AWS_SECRET_ACCESS_KEY
CERTIFICATE_ARN
Application secrets
DATABASE_PASSWORD
The password to the PostgreSQL database.
GOOGLE_APPLICATION_CREDENTIALS
The Firebase credentials for the Firebase Admin SDK. The secret contains the content of the JSON file downloaded from the Admin console.
Access to logs
We can get a read-only access the AWS CloudWatch. If you need the access please ask Martin Wenisch .
Logs
We can access the logs in the AWS CloudWatch:
...
Pod parameters
Hardware configuration:
...
The build - we cover main functionality by unit tests (code coverage is available by jacoco plugin in the project)
We have the CI pipeline in the Github Actions executing the project build on each commit.
The tests are part of docker image building, too.
The deployment
The deployment succeeds if the health check passed 3-times.
We have post-deploy tests which validate health check and the API documentation after the deployment itself.