# Deploy

This app deploys on AWS using [terraform](https://www.terraform.io/), and is built using [`cdktf`](https://www.terraform.io/cdktf).

This app is setup to deploy the API in a docker container inside a cluster, setup the database and manages secrets for much of the service. If additional secrets are needed, there is an object with the name `overrides.env` that can changed that this deployment will automatically pickup.

# Developing Infra

The code in this folder requires `yarn infra:gen` to have been run from the root of this directory. It brings in (gitignored) files that are read from the main script in `terraform.ts`.

## DNS

This app is deployed on AWS, which allows us to provision AWS SSL certificates for free. However, it is setup to deploy as a subdomain on createinc.co.

In order to account for that, you must add the `CNAME` and `NS` records to the [createinc.co Google Domains](https://domains.google.com/registrar/createinc.co/dns) records during the first deploy. Otherwise, it may fail as the ACM certificate will not be certified.

## Debugging

This setup shares state via a [RemoteBackend](https://www.terraform.io/language/settings/backends/configuration), which is how Terraform keeps state around how each run progresed in updating the cloud serivces. Ocassionally, this state will become locked (especially if a build fails).
To unlock it, go to either the [staging Terraform instance](https://app.terraform.io/app/Create-Inc/workspaces/provider-dash-staging) or the [production Terraform instance](https://app.terraform.io/app/Create-Inc/workspaces/provider-dash) and unlock it. NOTE: this is dangerous if another instance is currently running.

## A note on M1 macs (building locally):

If running this script locally, you may need to use [docker buildx](https://docs.docker.com/buildx/working-with-buildx/) as this is being compiled with a flag that specifies the correct architecture