console/deployment/utils/cloudflare.ts

import { readFileSync } from 'fs';
import { resolve } from 'path';
import * as cf from '@pulumi/cloudflare';
import * as pulumi from '@pulumi/pulumi';
import { S3 } from '../services/s3';

export class CloudflareCDN {
  constructor(
    private config: {
      envName: string;
      zoneId: string;
      cdnDnsRecord: string;
      sentryDsn: string | pulumi.Output<string>;
      release: string;
      s3: S3;
      s3Mirror: S3;
    },
  ) {}

  deploy() {
    const kvStorage = new cf.WorkersKvNamespace('hive-ha-storage', {
      title: `hive-ha-cdn-${this.config.envName}`,
    });

    const script = new cf.WorkerScript('hive-ha-worker', {
      content: readFileSync(
        // eslint-disable-next-line no-process-env
        process.env.CDN_WORKER_ARTIFACT_PATH ||
          resolve(__dirname, '../../packages/services/cdn-worker/dist/index.worker.mjs'),
        'utf-8',
      ),
      name: `hive-storage-cdn-${this.config.envName}`,
      module: true,
      kvNamespaceBindings: [
        {
          // HIVE_DATA is in use in cdn-script.js as well, its the name of the global variable
          name: 'HIVE_DATA',
          namespaceId: kvStorage.id,
        },
      ],
      analyticsEngineBindings: [
        {
          name: 'USAGE_ANALYTICS',
          dataset: `hive_ha_cdn_usage_${this.config.envName}`,
        },
        {
          name: 'ERROR_ANALYTICS',
          dataset: `hive_ha_cdn_error_${this.config.envName}`,
        },
        {
          name: 'KEY_VALIDATION_ANALYTICS',
          dataset: `hive_ha_cdn_key_validation_${this.config.envName}`,
        },
        {
          name: 'R2_ANALYTICS',
          dataset: `hive_ha_cdn_r2_${this.config.envName}`,
        },
        {
          name: 'S3_ANALYTICS',
          dataset: `hive_ha_cdn_s3_${this.config.envName}`,
        },
        {
          name: 'RESPONSE_ANALYTICS',
          dataset: `hive_ha_cdn_response_${this.config.envName}`,
        },
      ],
      secretTextBindings: [
        {
          name: 'SENTRY_DSN',
          text: this.config.sentryDsn,
        },
        {
          name: 'SENTRY_ENVIRONMENT',
          text: this.config.envName,
        },
        {
          name: 'SENTRY_RELEASE',
          text: this.config.release,
        },
        {
          name: 'S3_ENDPOINT',
          text: this.config.s3.secret.raw.endpoint,
        },
        {
          name: 'S3_ACCESS_KEY_ID',
          text: this.config.s3.secret.raw.accessKeyId,
        },
        {
          name: 'S3_SECRET_ACCESS_KEY',
          text: this.config.s3.secret.raw.secretAccessKey,
        },
        {
          name: 'S3_BUCKET_NAME',
          text: this.config.s3.secret.raw.bucket,
        },
        {
          name: 'S3_MIRROR_ENDPOINT',
          text: this.config.s3Mirror.secret.raw.endpoint,
        },
        {
          name: 'S3_MIRROR_ACCESS_KEY_ID',
          text: this.config.s3Mirror.secret.raw.accessKeyId,
        },
        {
          name: 'S3_MIRROR_SECRET_ACCESS_KEY',
          text: this.config.s3Mirror.secret.raw.secretAccessKey,
        },
        {
          name: 'S3_MIRROR_BUCKET_NAME',
          text: this.config.s3Mirror.secret.raw.bucket,
        },
      ],
    });

    const workerBase = this.config.cdnDnsRecord;
    const workerUrl = `https://${workerBase}`;

    new cf.WorkerRoute('cf-hive-worker', {
      scriptName: script.name,
      pattern: `${workerBase}/*`,
      zoneId: this.config.zoneId,
    });

    return {
      workerBaseUrl: workerUrl,
      cfStorageNamespaceId: kvStorage.id,
    };
  }
}

export class CloudflareBroker {
  constructor(
    private config: {
      envName: string;
      zoneId: string;
      cdnDnsRecord: string;
      secretSignature: pulumi.Output<string>;
      sentryDsn: string | pulumi.Output<string>;
      release: string;
      loki: null | {
        endpoint: string;
        username: string;
        password: pulumi.Output<string>;
      };
    },
  ) {}

  deploy() {
    const secretTextBindings = [
      {
        name: 'SIGNATURE',
        text: this.config.secretSignature,
      },
      {
        name: 'SENTRY_DSN',
        text: this.config.sentryDsn,
      },
      {
        name: 'SENTRY_ENVIRONMENT',
        text: this.config.envName,
      },
      {
        name: 'SENTRY_RELEASE',
        text: this.config.release,
      },
    ];

    if (this.config.loki) {
      secretTextBindings.push(
        {
          name: 'LOKI_PASSWORD',
          text: this.config.loki.password,
        },
        {
          name: 'LOKI_USERNAME',
          text: this.config.loki.username,
        },
        {
          name: 'LOKI_ENDPOINT',
          text: this.config.loki.endpoint,
        },
      );
    }

    const script = new cf.WorkerScript('hive-broker-worker', {
      content: readFileSync(
        // eslint-disable-next-line no-process-env
        process.env.BROKER_WORKER_ARTIFACT_PATH ||
          resolve(__dirname, '../../packages/services/broker-worker/dist/index.worker.mjs'),
        'utf-8',
      ),
      module: true,
      name: `hive-broker-${this.config.envName}`,
      secretTextBindings,
    });

    const workerBase = this.config.cdnDnsRecord;
    const workerUrl = `https://${workerBase}`;

    new cf.WorkerRoute('cf-hive-broker-worker', {
      scriptName: script.name,
      pattern: `${workerBase}/*`,
      zoneId: this.config.zoneId,
    });

    return {
      secretSignature: this.config.secretSignature,
      workerBaseUrl: workerUrl,
    };
  }
}
Hello 2022-05-18 07:26:57 +00:00			`import { readFileSync } from 'fs';`
			`import { resolve } from 'path';`
[🔧 ESLint] import sort (#736) 2022-12-28 19:22:54 +00:00			`import * as cf from '@pulumi/cloudflare';`
			`import * as pulumi from '@pulumi/pulumi';`
Refactor deployment code (#4138) 2024-03-04 12:56:12 +00:00			`import { S3 } from '../services/s3';`
Hello 2022-05-18 07:26:57 +00:00
			`export class CloudflareCDN {`
			`constructor(`
Use Sentry in CF Workers (#460) 2022-10-07 10:08:29 +00:00			`private config: {`
			`envName: string;`
			`zoneId: string;`
			`cdnDnsRecord: string;`
Refactor deployment code (#4138) 2024-03-04 12:56:12 +00:00			`sentryDsn: string \| pulumi.Output<string>;`
Use Sentry in CF Workers (#460) 2022-10-07 10:08:29 +00:00			`release: string;`
Refactor deployment code (#4138) 2024-03-04 12:56:12 +00:00			`s3: S3;`
feat: CDN request retry race from multiple S3 buckets (#5543) Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> 2024-08-28 19:48:57 +00:00			`s3Mirror: S3;`
Update dependency @theguild/prettier-config to v1 (#676) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> 2022-11-24 10:00:41 +00:00			`},`
Hello 2022-05-18 07:26:57 +00:00			`) {}`

			`deploy() {`
			`const kvStorage = new cf.WorkersKvNamespace('hive-ha-storage', {`
Use Sentry in CF Workers (#460) 2022-10-07 10:08:29 +00:00			title: `hive-ha-cdn-${this.config.envName}`,
Hello 2022-05-18 07:26:57 +00:00			`});`

			`const script = new cf.WorkerScript('hive-ha-worker', {`
Update dependency @theguild/prettier-config to v1 (#676) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> 2022-11-24 10:00:41 +00:00			`content: readFileSync(`
Drop `build-local` scripts, build Workers for all targets, adjust turbo cache (#1105) 2023-01-23 15:44:53 +00:00			`// eslint-disable-next-line no-process-env`
			`process.env.CDN_WORKER_ARTIFACT_PATH \|\|`
Optional s3_session_token variable and remove setting region to auto (#2674) Co-authored-by: Saurav Tapader <tapaderster@gmail.com> 2023-07-27 11:34:29 +00:00			`resolve(__dirname, '../../packages/services/cdn-worker/dist/index.worker.mjs'),`
Update dependency @theguild/prettier-config to v1 (#676) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> 2022-11-24 10:00:41 +00:00			`'utf-8',`
			`),`
Use Sentry in CF Workers (#460) 2022-10-07 10:08:29 +00:00			name: `hive-storage-cdn-${this.config.envName}`,
Optional s3_session_token variable and remove setting region to auto (#2674) Co-authored-by: Saurav Tapader <tapaderster@gmail.com> 2023-07-27 11:34:29 +00:00			`module: true,`
Hello 2022-05-18 07:26:57 +00:00			`kvNamespaceBindings: [`
			`{`
			`// HIVE_DATA is in use in cdn-script.js as well, its the name of the global variable`
			`name: 'HIVE_DATA',`
			`namespaceId: kvStorage.id,`
			`},`
			`],`
Use Engine Analytics in CDN Worker (#681) 2022-12-19 09:01:37 +00:00			`analyticsEngineBindings: [`
			`{`
			`name: 'USAGE_ANALYTICS',`
Update cloudflare.ts 2022-12-19 09:34:58 +00:00			dataset: `hive_ha_cdn_usage_${this.config.envName}`,
Use Engine Analytics in CDN Worker (#681) 2022-12-19 09:01:37 +00:00			`},`
			`{`
			`name: 'ERROR_ANALYTICS',`
Update cloudflare.ts 2022-12-19 09:34:58 +00:00			dataset: `hive_ha_cdn_error_${this.config.envName}`,
Use Engine Analytics in CDN Worker (#681) 2022-12-19 09:01:37 +00:00			`},`
add and track new analytics method (#1130) 2023-01-25 12:22:37 +00:00			`{`
			`name: 'KEY_VALIDATION_ANALYTICS',`
			dataset: `hive_ha_cdn_key_validation_${this.config.envName}`,
			`},`
Add worker analytics bindings (#2817) 2023-09-14 10:30:36 +00:00			`{`
			`name: 'R2_ANALYTICS',`
			dataset: `hive_ha_cdn_r2_${this.config.envName}`,
			`},`
feat: CDN request retry race from multiple S3 buckets (#5543) Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> 2024-08-28 19:48:57 +00:00			`{`
			`name: 'S3_ANALYTICS',`
			dataset: `hive_ha_cdn_s3_${this.config.envName}`,
			`},`
Add worker analytics bindings (#2817) 2023-09-14 10:30:36 +00:00			`{`
			`name: 'RESPONSE_ANALYTICS',`
			dataset: `hive_ha_cdn_response_${this.config.envName}`,
			`},`
Use Engine Analytics in CDN Worker (#681) 2022-12-19 09:01:37 +00:00			`],`
Hello 2022-05-18 07:26:57 +00:00			`secretTextBindings: [`
Use Sentry in CF Workers (#460) 2022-10-07 10:08:29 +00:00			`{`
			`name: 'SENTRY_DSN',`
			`text: this.config.sentryDsn,`
			`},`
			`{`
			`name: 'SENTRY_ENVIRONMENT',`
			`text: this.config.envName,`
			`},`
			`{`
			`name: 'SENTRY_RELEASE',`
			`text: this.config.release,`
Hello 2022-05-18 07:26:57 +00:00			`},`
new artifacts API (#692) Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> 2022-12-01 10:08:52 +00:00			`{`
			`name: 'S3_ENDPOINT',`
Refactor deployment code (#4138) 2024-03-04 12:56:12 +00:00			`text: this.config.s3.secret.raw.endpoint,`
new artifacts API (#692) Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> 2022-12-01 10:08:52 +00:00			`},`
			`{`
			`name: 'S3_ACCESS_KEY_ID',`
Refactor deployment code (#4138) 2024-03-04 12:56:12 +00:00			`text: this.config.s3.secret.raw.accessKeyId,`
new artifacts API (#692) Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> 2022-12-01 10:08:52 +00:00			`},`
			`{`
			`name: 'S3_SECRET_ACCESS_KEY',`
Refactor deployment code (#4138) 2024-03-04 12:56:12 +00:00			`text: this.config.s3.secret.raw.secretAccessKey,`
new artifacts API (#692) Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> 2022-12-01 10:08:52 +00:00			`},`
			`{`
			`name: 'S3_BUCKET_NAME',`
Refactor deployment code (#4138) 2024-03-04 12:56:12 +00:00			`text: this.config.s3.secret.raw.bucket,`
new artifacts API (#692) Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> 2022-12-01 10:08:52 +00:00			`},`
feat: CDN request retry race from multiple S3 buckets (#5543) Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> 2024-08-28 19:48:57 +00:00			`{`
			`name: 'S3_MIRROR_ENDPOINT',`
			`text: this.config.s3Mirror.secret.raw.endpoint,`
			`},`
			`{`
			`name: 'S3_MIRROR_ACCESS_KEY_ID',`
			`text: this.config.s3Mirror.secret.raw.accessKeyId,`
			`},`
			`{`
			`name: 'S3_MIRROR_SECRET_ACCESS_KEY',`
			`text: this.config.s3Mirror.secret.raw.secretAccessKey,`
			`},`
			`{`
			`name: 'S3_MIRROR_BUCKET_NAME',`
			`text: this.config.s3Mirror.secret.raw.bucket,`
			`},`
Hello 2022-05-18 07:26:57 +00:00			`],`
			`});`

Use Sentry in CF Workers (#460) 2022-10-07 10:08:29 +00:00			`const workerBase = this.config.cdnDnsRecord;`
Hello 2022-05-18 07:26:57 +00:00			const workerUrl = `https://${workerBase}`;

			`new cf.WorkerRoute('cf-hive-worker', {`
			`scriptName: script.name,`
			pattern: `${workerBase}/*`,
Use Sentry in CF Workers (#460) 2022-10-07 10:08:29 +00:00			`zoneId: this.config.zoneId,`
Hello 2022-05-18 07:26:57 +00:00			`});`

			`return {`
			`workerBaseUrl: workerUrl,`
			`cfStorageNamespaceId: kvStorage.id,`
			`};`
			`}`
			`}`
Request Proxy in CF Worker (#517) 2022-11-07 13:27:19 +00:00
			`export class CloudflareBroker {`
			`constructor(`
			`private config: {`
			`envName: string;`
			`zoneId: string;`
			`cdnDnsRecord: string;`
			`secretSignature: pulumi.Output<string>;`
Refactor deployment code (#4138) 2024-03-04 12:56:12 +00:00			`sentryDsn: string \| pulumi.Output<string>;`
Request Proxy in CF Worker (#517) 2022-11-07 13:27:19 +00:00			`release: string;`
chore(deps): update helm release contour to v11 (#1535) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Dotan Simha <dotansimha@gmail.com> 2023-03-13 01:43:45 +00:00			`loki: null \| {`
Push logs from Broker Worker to our Loki endpoint (#1479) 2023-02-24 14:29:39 +00:00			`endpoint: string;`
			`username: string;`
			`password: pulumi.Output<string>;`
			`};`
Update dependency @theguild/prettier-config to v1 (#676) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Kamil Kisiela <kamil.kisiela@gmail.com> 2022-11-24 10:00:41 +00:00			`},`
Request Proxy in CF Worker (#517) 2022-11-07 13:27:19 +00:00			`) {}`

			`deploy() {`
chore(deps): update helm release contour to v11 (#1535) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Dotan Simha <dotansimha@gmail.com> 2023-03-13 01:43:45 +00:00			`const secretTextBindings = [`
			`{`
			`name: 'SIGNATURE',`
			`text: this.config.secretSignature,`
			`},`
			`{`
			`name: 'SENTRY_DSN',`
			`text: this.config.sentryDsn,`
			`},`
			`{`
			`name: 'SENTRY_ENVIRONMENT',`
			`text: this.config.envName,`
			`},`
			`{`
			`name: 'SENTRY_RELEASE',`
			`text: this.config.release,`
			`},`
			`];`

			`if (this.config.loki) {`
			`secretTextBindings.push(`
Push logs from Broker Worker to our Loki endpoint (#1479) 2023-02-24 14:29:39 +00:00			`{`
			`name: 'LOKI_PASSWORD',`
			`text: this.config.loki.password,`
			`},`
			`{`
			`name: 'LOKI_USERNAME',`
			`text: this.config.loki.username,`
			`},`
			`{`
			`name: 'LOKI_ENDPOINT',`
			`text: this.config.loki.endpoint,`
			`},`
chore(deps): update helm release contour to v11 (#1535) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Dotan Simha <dotansimha@gmail.com> 2023-03-13 01:43:45 +00:00			`);`
			`}`

			`const script = new cf.WorkerScript('hive-broker-worker', {`
			`content: readFileSync(`
			`// eslint-disable-next-line no-process-env`
			`process.env.BROKER_WORKER_ARTIFACT_PATH \|\|`
Convert cf broker to ESM (#2678) 2023-07-27 12:28:10 +00:00			`resolve(__dirname, '../../packages/services/broker-worker/dist/index.worker.mjs'),`
chore(deps): update helm release contour to v11 (#1535) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Dotan Simha <dotansimha@gmail.com> 2023-03-13 01:43:45 +00:00			`'utf-8',`
			`),`
Convert cf broker to ESM (#2678) 2023-07-27 12:28:10 +00:00			`module: true,`
chore(deps): update helm release contour to v11 (#1535) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Dotan Simha <dotansimha@gmail.com> 2023-03-13 01:43:45 +00:00			name: `hive-broker-${this.config.envName}`,
			`secretTextBindings,`
Request Proxy in CF Worker (#517) 2022-11-07 13:27:19 +00:00			`});`

			`const workerBase = this.config.cdnDnsRecord;`
			const workerUrl = `https://${workerBase}`;

			`new cf.WorkerRoute('cf-hive-broker-worker', {`
			`scriptName: script.name,`
			pattern: `${workerBase}/*`,
			`zoneId: this.config.zoneId,`
			`});`

			`return {`
			`secretSignature: this.config.secretSignature,`
			`workerBaseUrl: workerUrl,`
			`};`
			`}`
			`}`