21f6577592
- Migrate from Vite to Next.js 15 for server-side API support - Add dynamic API route at /api/filaments that fetches from Confluence - Implement security measures: - API credentials only accessible server-side - Security scan script to detect credential leaks - Tests to ensure no sensitive data exposure - Build-time security checks in CI/CD - Update AWS Amplify configuration for Next.js deployment - Update Terraform to use WEB_COMPUTE platform for Next.js - Add Jest tests for API security - Remove static JSON approach in favor of dynamic API This provides real-time data updates while keeping credentials secure on the server. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
128 lines
2.6 KiB
HCL
128 lines
2.6 KiB
HCL
terraform {
|
|
required_providers {
|
|
aws = {
|
|
source = "hashicorp/aws"
|
|
version = "~> 5.0"
|
|
}
|
|
}
|
|
required_version = ">= 1.0"
|
|
}
|
|
|
|
provider "aws" {
|
|
region = "eu-central-1" # Frankfurt
|
|
}
|
|
|
|
resource "aws_amplify_app" "filamenteka" {
|
|
name = "filamenteka"
|
|
repository = var.github_repository
|
|
platform = "WEB_COMPUTE"
|
|
|
|
# GitHub access token for private repos
|
|
access_token = var.github_token
|
|
|
|
# Build settings for Next.js
|
|
build_spec = <<-EOT
|
|
version: 1
|
|
frontend:
|
|
phases:
|
|
preBuild:
|
|
commands:
|
|
- npm ci
|
|
- npm run security:check
|
|
build:
|
|
commands:
|
|
- npm run build
|
|
- npm run test
|
|
artifacts:
|
|
baseDirectory: .next
|
|
files:
|
|
- '**/*'
|
|
cache:
|
|
paths:
|
|
- node_modules/**/*
|
|
- .next/cache/**/*
|
|
EOT
|
|
|
|
# Environment variables
|
|
environment_variables = {
|
|
CONFLUENCE_API_URL = var.confluence_api_url
|
|
CONFLUENCE_TOKEN = var.confluence_token
|
|
CONFLUENCE_PAGE_ID = var.confluence_page_id
|
|
}
|
|
|
|
# Custom rules for single-page app
|
|
custom_rule {
|
|
source = "/<*>"
|
|
status = "404"
|
|
target = "/index.html"
|
|
}
|
|
|
|
# Enable branch auto build
|
|
enable_branch_auto_build = true
|
|
|
|
tags = {
|
|
Name = "Filamenteka"
|
|
Environment = var.environment
|
|
}
|
|
}
|
|
|
|
# Main branch
|
|
resource "aws_amplify_branch" "main" {
|
|
app_id = aws_amplify_app.filamenteka.id
|
|
branch_name = "main"
|
|
|
|
# Enable auto build
|
|
enable_auto_build = true
|
|
|
|
# Environment variables specific to this branch (optional)
|
|
environment_variables = {}
|
|
|
|
stage = "PRODUCTION"
|
|
|
|
tags = {
|
|
Name = "Filamenteka-main"
|
|
Environment = var.environment
|
|
}
|
|
}
|
|
|
|
# Development branch (optional)
|
|
resource "aws_amplify_branch" "dev" {
|
|
app_id = aws_amplify_app.filamenteka.id
|
|
branch_name = "dev"
|
|
|
|
enable_auto_build = true
|
|
|
|
stage = "DEVELOPMENT"
|
|
|
|
tags = {
|
|
Name = "Filamenteka-dev"
|
|
Environment = "development"
|
|
}
|
|
}
|
|
|
|
# Custom domain (optional)
|
|
resource "aws_amplify_domain_association" "filamenteka" {
|
|
count = var.domain_name != "" ? 1 : 0
|
|
|
|
app_id = aws_amplify_app.filamenteka.id
|
|
domain_name = var.domain_name
|
|
wait_for_verification = false
|
|
|
|
# Map main branch to root domain
|
|
sub_domain {
|
|
branch_name = aws_amplify_branch.main.branch_name
|
|
prefix = ""
|
|
}
|
|
|
|
# Map main branch to www subdomain
|
|
sub_domain {
|
|
branch_name = aws_amplify_branch.main.branch_name
|
|
prefix = "www"
|
|
}
|
|
|
|
# Map dev branch to dev subdomain
|
|
sub_domain {
|
|
branch_name = aws_amplify_branch.dev.branch_name
|
|
prefix = "dev"
|
|
}
|
|
} |