From 79a5ec11005543c5661fe4d8d9a3698e92dd2055 Mon Sep 17 00:00:00 2001
From: Finlay Birnie <finlay.birnie@jisc.ac.uk>
Date: Mon, 18 Nov 2024 16:03:51 +0000
Subject: [PATCH] serverless v4 locally and in CICD

---
 .github/workflows/api-tests.yml   | 11 ++++++++++-
 .github/workflows/deploy-int.yml  |  2 +-
 .github/workflows/deploy-prod.yml |  1 +
 README.md                         |  2 +-
 api/README.md                     | 21 +++++++++++++--------
 api/docker-compose.yml            |  6 +++++-
 api/package.json                  |  2 +-
 7 files changed, 32 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/api-tests.yml b/.github/workflows/api-tests.yml
index b06522ee7..a89bd5ac4 100644
--- a/.github/workflows/api-tests.yml
+++ b/.github/workflows/api-tests.yml
@@ -13,6 +13,13 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          role-session-name: github-actions-api-tests
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+
       # Note: this step is only required locally when using act since the ubuntu image
       # does not come with docker-compose installed, however the alternative to the reinstall
       # here is you'd have to install a custom docker image locally which includes docker-compose
@@ -29,7 +36,9 @@ jobs:
           DATACITE_PASSWORD: ${{ secrets.DATACITE_PASSWORD }}
           ORCID_ID: ${{ secrets.ORCID_ID }}
           ORCID_SECRET: ${{ secrets.ORCID_SECRET }}
-        run: docker compose -f "docker-compose.yml" up -d --build
+        run: |
+          export SERVERLESS_LICENSE_KEY=`aws ssm get-parameter --name ${{ secrets.SERVERLESS_LICENSE_KEY_SSM_PARAMETER_ARN }} --query "Parameter.Value" --output text`
+          docker compose -f "docker-compose.yml" up -d --build
 
       - name: Wait for API and DB to be ready
         run: docker exec -t api-test dockerize -wait tcp://db:5432 -wait tcp://api-test:4003 -wait tcp://mailpit:8025 -wait tcp://localstack:4566 -timeout 120s
diff --git a/.github/workflows/deploy-int.yml b/.github/workflows/deploy-int.yml
index 9630eb5e2..29ac3389c 100644
--- a/.github/workflows/deploy-int.yml
+++ b/.github/workflows/deploy-int.yml
@@ -5,7 +5,6 @@ on:
   push:
     branches:
       - "int"
-      - "OC-321"
 
 permissions:
   id-token: write # This is required for requesting the JWT
@@ -61,4 +60,5 @@ jobs:
       - name: Deploy serverless app
         working-directory: ./api
         run: |
+          export SERVERLESS_LICENSE_KEY=`aws ssm get-parameter --name ${{ secrets.SERVERLESS_LICENSE_KEY_SSM_PARAMETER_ARN }} --query "Parameter.Value" --output text`
           npm run deploy:int
diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
index b9e8dbfdb..f72f30a0b 100644
--- a/.github/workflows/deploy-prod.yml
+++ b/.github/workflows/deploy-prod.yml
@@ -60,4 +60,5 @@ jobs:
       - name: Deploy serverless app
         working-directory: ./api
         run: |
+          export SERVERLESS_LICENSE_KEY=`aws ssm get-parameter --name ${{ secrets.SERVERLESS_LICENSE_KEY_SSM_PARAMETER_ARN }} --query "Parameter.Value" --output text`
           npm run deploy:prod
diff --git a/README.md b/README.md
index 907dc1496..0ca0c4437 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@ To run this application locally you will need:
 
 - [Node v20](https://nodejs.org/en/about/releases/)
 - [Docker](https://www.docker.com/)
-- [Serverless Framework](https://www.serverless.com/)
+- [Serverless Framework v4](https://www.serverless.com/)
 - [AWS Credentials File](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html)
 
 ## Getting started
diff --git a/api/README.md b/api/README.md
index 9269465c3..322f545c5 100644
--- a/api/README.md
+++ b/api/README.md
@@ -7,7 +7,7 @@ The Octopus API is a [Prisma](https://www.prisma.io/) project, using [PostgreSQL
 -   Install [Node](https://github.com/nodejs/node) `v20`.
 -   Recommended: use [`nvm`](https://github.com/nvm-sh/nvm) for managing Node.js versions.
 -   Install [Docker](https://docs.docker.com/get-docker).
--   Install [Serverless](https://www.serverless.com) `v3`, (`3.37` or higher).
+-   Install [Serverless](https://www.serverless.com) `v4`.
 -   Obtain credentials to allow access to the [ORCID Public/Member API](https://info.orcid.org/documentation/integration-guide/registering-a-public-api-client/).
 -   Obtain credentials to allow access to the [DataCite API](https://support.datacite.org/docs/api).
 -   Create your environment file as described below.
@@ -22,16 +22,21 @@ Make sure to update the values within to match your environment.
 
 When adding a new item to the .env file, make sure to update the environment variables in the docker-compose.yml file so the API tests can access them.
 
-### AWS Credentials File
+### AWS/Serverless credentials setup
 
-You will need an octopus credential profile to run locally. This can be populated with the dummy data below:
+You will need AWS credentials to run the app locally with [serverless-offline](https://www.serverless.com/plugins/serverless-offline). These should be exported as local environment variables, like this:
 
-```bash
-[octopus]
-aws_access_key_id=xxx
-aws_secret_access_key=yyy
-aws_session_token=zxcxczcx
 ```
+export AWS_ACCESS_KEY_ID="..."
+export AWS_SECRET_ACCESS_KEY="..."
+export AWS_SESSION_TOKEN="..."
+```
+
+You will also need to tell the system your serverless license key. This can be done by running (from the api directory) `npx sls login` and following the wizard.
+
+Alternatively you can just set it as an environment variable:
+
+`export SERVERLESS_LICENSE_KEY="..."`
 
 ## Getting started
 
diff --git a/api/docker-compose.yml b/api/docker-compose.yml
index cc31219e9..2334a7c68 100644
--- a/api/docker-compose.yml
+++ b/api/docker-compose.yml
@@ -81,7 +81,11 @@ services:
             - '4005:4003'
         command: sh -c "npm run seed:local && npm run dev"
         environment:
-            - DATACITE_USER # this and next 3 come from calling environment
+            - AWS_ACCESS_KEY_ID
+            - AWS_SECRET_ACCESS_KEY
+            - AWS_REGION
+            - SERVERLESS_LICENSE_KEY
+            - DATACITE_USER
             - DATACITE_PASSWORD
             - ORCID_ID
             - ORCID_SECRET
diff --git a/api/package.json b/api/package.json
index b6db37245..a287646ac 100644
--- a/api/package.json
+++ b/api/package.json
@@ -20,7 +20,7 @@
         "deploy:int": "sls deploy --stage int",
         "deploy:prod": "sls deploy --stage prod",
         "dev": "concurrently npm:dev:start npm:dev:watch npm:dev:type",
-        "dev:start": "sls offline start -c serverless-offline.yml --reloadHandler --httpPort 4003 --host 0.0.0.0 --stage local --aws-profile octopus-dev",
+        "dev:start": "sls offline start -c serverless-offline.yml --reloadHandler --httpPort 4003 --host 0.0.0.0 --stage local",
         "dev:type": "tsc --noEmit -w --preserveWatchOutput",
         "dev:watch": "swc prisma -d dist --copy-files & swc src -d dist --copy-files -w",
         "format:check": "npx prettier --check src/",