Week 2 – Infrastructure Setup

INCS 1008 Software Studio

Repositories to create

All repositories must be created under the github.com/incs1008 organization (private). You will receive access once your Week 1 team selection form is approved and your GitHub handles are added. After creating each repo, invite desoukya with admin permissions.

Backend

  • Repo name: incs1008-<team>-backend
  • Must expose GET /healthcheck returning HTTP 200 with JSON {"status": "ok"}.
  • Recommended stack: Node.js Typescript. However, you can use whatever you want.

Frontend(s)

  • Repo name: incs1008-<team>-<app>-frontend
  • Examples:
    • incs1008-white-airline-frontend
    • incs1008-white-travel-frontend
  • Buckets/CloudFront are created for these names in Week 3; keep naming consistent.

Terraform workflow

  1. Team lead submits the team lead form. Once your IAM Identity Center user is created, add the profile below to ~/.aws/config: 
    [profile incs1008-team-sso]
sso_start_url  = https://d-9967472a40.awsapps.com/start
sso_region     = eu-central-1
sso_account_id = 048844500727
sso_role_name  = INCS1008Team
region         = eu-central-1
output         = json
  2. Clone github.com/incs1008/server-config-iac and update these files in one PR:
    1. infra/terraform/variables.tf – add your team color to the default teams list and list your frontend apps under team_frontend_apps.
    2. infra/terraform/terraform.tfvars – append your backend/frontends to github_oidc_subjects and add your team_frontend_apps entry (keep the AWS account/region values as-is).
    3. services/<color>/ – copy the services/white/ directory and update .env, docker-compose.stage.yml, and docker-compose.prod.yml with your container name, published ports, and any extra services. The deploy script references these files directly.
    4. nginx/<color>.conf – copy nginx/white.conf, update upstream names, server_name values (e.g., stage.blue.incs1008.com), certificate paths, and backend ports so nginx proxies your app correctly.
  3. From infra/terraform/ run: 
    aws sso login --profile incs1008-team-sso
export AWS_PROFILE=incs1008-team-sso
terraform init
terraform plan
terraform apply
  4. In the AWS console, verify the following were created:
    • incs1008-<team>-stage-<app>-frontend buckets
    • CloudFront distributions (stage)
    • incs1008-<team>-stage-queue SQS queue
    • stage.<team>.incs1008.com Route53 records
    • ECR repository team-<team> under Elastic Container Registry

GitHub Actions – Backend

Workflow files

Copy these templates from workflow-examples into .github/workflows/ in your backend repo:

  • pr.yml
  • deploy-stage.yml
  • deploy-prod.yml

After copying, in deploy-{stage}, set ECR_REPO and TEAM env variables (e.g., team-blue).

Git flow & deployments

Branch expectations

After cloning, immediately create a long-lived develop branch from main/master and make all pull requests target develop. Keep a permanent develop branch forked from main. Start every feature from develop using the pattern feature/INCS-<GH_ISSUE_NUMBER> (example: feature/INCS-1), then merge back via pull requests. Only merge develop into main/master after staging is healthy, because that promotion runs the production workflow.

Deployment flow

Staging builds team-<color>:latest, pushes to ECR, then SSHes into the server to run ./scripts/deploy-stage.sh <team>.

Production uses the same repo to execute ./scripts/deploy-prod.sh <team>, promoting the latest image that already lives in ECR. Note that deploy-prod.yml fires exclusively on merges into main/master, so wait for staging to pass its health checks and verify the build in staging before promoting.

After each deploy, hit https://stage.<team>.incs1008.com/healthcheck to confirm the service restarted cleanly. You can do the same for production at: https://<team>.incs1008.com/healthcheck.