Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ref(app): shift support flows into separate folder + ecs service #1269

Merged
merged 39 commits into from
Apr 15, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
942afd2
feat(caddyfile): add initial caddyfile
seaerchin Mar 26, 2024
d94acfa
refactor(infra): shift infra stuff to new folder
seaerchin Mar 26, 2024
1c8ca5e
chore(formsg): shift stuff into sub folder
seaerchin Mar 26, 2024
4863b95
refactor(server): shift infra stuff out
seaerchin Mar 26, 2024
f87479d
refactor(common): shift shared stuff into common folder
seaerchin Mar 26, 2024
34494a3
build(package/tsconfig): update packages + paths
seaerchin Mar 26, 2024
c8a5ab3
refactor(server): swap to ts
seaerchin Mar 26, 2024
cc3f8e0
refactor(request): update type
seaerchin Mar 26, 2024
5aed04e
feat(infra/routes): add new router
seaerchin Mar 26, 2024
5b3a12d
refactor(router): shift initialisation in
seaerchin Mar 26, 2024
92f9b9d
refactor(middleware): shift shared stuff out
seaerchin Mar 26, 2024
a7f3159
chore(exports): add exports from indexs
seaerchin Mar 26, 2024
ac5edd7
chore(featureflag): disable single export
seaerchin Mar 26, 2024
857c3d9
feat(docker): add containers in docker-compose for infra
seaerchin Mar 26, 2024
c1594da
feat(deploy): update deploy stuff
seaerchin Mar 26, 2024
ae26953
chore(cleanup): remove unused/extra code in infra/server
seaerchin Mar 26, 2024
d94e4d9
fix(aws_deploy): update deploy file
seaerchin Mar 26, 2024
e6aa6c2
fix(task def): removed portmappings
seaerchin Mar 26, 2024
e832729
fix(dockerfile): copy src files over
seaerchin Mar 26, 2024
3e3651e
fix(docker): update port mappings as ecs uses same network
seaerchin Mar 26, 2024
7406638
fix(caddy): update to use local dockerfile
seaerchin Mar 27, 2024
e24e5d3
fix(caddyfile): upate proxies
seaerchin Mar 27, 2024
d2f5443
fix(caddyfile): try to netweork via loopback
seaerchin Mar 27, 2024
7cd1f73
revert(aws_deploy): revert previous changes
seaerchin Mar 28, 2024
8dbf034
revert(deploy_staging): revert
seaerchin Mar 28, 2024
237c24f
revert(task def): revert be task def
seaerchin Mar 28, 2024
d274644
revert(src): revert files that were used for sidecar
seaerchin Mar 28, 2024
b409b19
refactor(support): shift into new container
seaerchin Mar 28, 2024
151a33c
fix(docker): update dockerfile + add health check
seaerchin Mar 28, 2024
3d2c030
fix(aws_deploy): update tag
seaerchin Mar 28, 2024
8e5c655
refactor(index): remove unsnued
seaerchin Mar 28, 2024
eefb76e
fix(app spec): do replacement for container name and port
seaerchin Mar 28, 2024
3a15a9c
fix(ci): update image names
seaerchin Mar 28, 2024
899b810
feat(support): connect db
seaerchin Apr 4, 2024
3fe9569
chore(request): remove unused import
seaerchin Apr 8, 2024
fdc82c1
refactor(dockerfile): update to explicitly copy
seaerchin Apr 9, 2024
b9fc8c7
chore(index): add a line space
seaerchin Apr 9, 2024
0a9e741
refactor(support task def): update so that dd-service is `isomer-supp…
seaerchin Apr 9, 2024
49d3f3b
chore(formsg tests): shift tests from `src` -> `support`
seaerchin Apr 9, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .aws/deploy/appspec.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
"Properties": {
"TaskDefinition": "arn:aws:ecs:ap-southeast-1:<AWS_ACCOUNT_ID>:task-definition/isomer-<SHORTENV>-ecs:1",
"LoadBalancerInfo": {
"ContainerName": "backend",
"ContainerPort": 8081
"ContainerName": "<CONTAINER_NAME>",
"ContainerPort": "<CONTAINER_PORT>"
}
}
}
Expand Down
12 changes: 1 addition & 11 deletions .aws/deploy/backend-task-definition.staging.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,17 +10,7 @@
}
],
"essential": true,
"environment": [
{ "name": "ENV_TYPE", "value": "STAGING" },
{
"name": "DD_GIT_COMMIT_SHA",
"value": "<DD_COMMIT_SHA>"
},
{
"name": "DD_GIT_REPOSITORY_URL",
"value": "github.com/isomerpages/isomercms-backend"
}
],
"environment": [{ "name": "ENV_TYPE", "value": "STAGING" }],
"mountPoints": [
{
"sourceVolume": "ggs-efs",
Expand Down
313 changes: 313 additions & 0 deletions .aws/deploy/support-task-definition.staging.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,313 @@
{
"containerDefinitions": [
{
"name": "support",
"portMappings": [
{
"containerPort": 8082,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

only change between this and backend

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm why do we not hahve a stg variant of this ah?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this deploys to staging! i think u mean prod? will do in a folloow up PR

"hostPort": 8082,
"protocol": "tcp"
}
],
"essential": true,
"environment": [
{ "name": "ENV_TYPE", "value": "STAGING" },
{ "name": "DD_SERVICE", "value": "isomer-support" },
{ "name": "DD_TAGS", "value": "team:isomer" }
],
"mountPoints": [
{
"sourceVolume": "ggs-efs",
"containerPath": "/efs",
"readOnly": false
}
],
"linuxParameters": {
"initProcessEnabled": true
},
"volumesFrom": [],
"secrets": [
{
"name": "AUTH_TOKEN_EXPIRY_DURATION_IN_MILLISECONDS",
"valueFrom": "STAGING_AUTH_TOKEN_EXPIRY_DURATION_IN_MILLISECONDS"
},
{
"name": "AWS_BACKEND_EB_ENV_NAME",
"valueFrom": "STAGING_AWS_BACKEND_EB_ENV_NAME"
},
{ "name": "AWS_REGION", "valueFrom": "STAGING_AWS_REGION" },
{ "name": "CLIENT_ID", "valueFrom": "STAGING_CLIENT_ID" },
{ "name": "CLIENT_SECRET", "valueFrom": "STAGING_CLIENT_SECRET" },
{
"name": "CLOUDMERSIVE_API_KEY",
"valueFrom": "STAGING_CLOUDMERSIVE_API_KEY"
},
{ "name": "COOKIE_DOMAIN", "valueFrom": "STAGING_COOKIE_DOMAIN" },
{ "name": "DB_ACQUIRE", "valueFrom": "STAGING_DB_ACQUIRE" },
{ "name": "DB_MAX_POOL", "valueFrom": "STAGING_DB_MAX_POOL" },
{ "name": "DB_MIN_POOL", "valueFrom": "STAGING_DB_MIN_POOL" },
{ "name": "DB_TIMEOUT", "valueFrom": "STAGING_DB_TIMEOUT" },
{ "name": "DB_URI", "valueFrom": "STAGING_DB_URI" },
{
"name": "DD_AGENT_MAJOR_VERSION",
"valueFrom": "STAGING_DD_AGENT_MAJOR_VERSION"
},
{ "name": "DD_ENV", "valueFrom": "STAGING_DD_ENV" },
{
"name": "DD_LOGS_INJECTION",
"valueFrom": "STAGING_DD_LOGS_INJECTION"
},
{
"name": "DD_TRACE_STARTUP_LOGS",
"valueFrom": "STAGING_DD_TRACE_STARTUP_LOGS"
},
{
"name": "E2E_TEST_GH_TOKEN",
"valueFrom": "STAGING_E2E_TEST_GH_TOKEN"
},
{ "name": "E2E_TEST_REPO", "valueFrom": "STAGING_E2E_TEST_REPO" },
{ "name": "E2E_TEST_SECRET", "valueFrom": "STAGING_E2E_TEST_SECRET" },
{ "name": "EFS_VOL_PATH", "valueFrom": "STAGING_EFS_VOL_PATH" },
{
"name": "ENCRYPTION_SECRET",
"valueFrom": "STAGING_ENCRYPTION_SECRET"
},
{
"name": "FF_DEPRECATE_SITE_QUEUES",
"valueFrom": "STAGING_FF_DEPRECATE_SITE_QUEUES"
},
{ "name": "FRONTEND_URL", "valueFrom": "STAGING_FRONTEND_URL" },
{
"name": "GGS_REPAIR_FORM_KEY",
"valueFrom": "STAGING_GGS_REPAIR_FORM_KEY"
},
{
"name": "GGS_EXPERIMENTAL_TRACKING_SITES",
"valueFrom": "STAGING_GGS_EXPERIMENTAL_TRACKING_SITES"
},
{
"name": "GITHUB_BUILD_ORG_NAME",
"valueFrom": "STAGING_GITHUB_BUILD_ORG_NAME"
},
{
"name": "GITHUB_BUILD_REPO_NAME",
"valueFrom": "STAGING_GITHUB_BUILD_REPO_NAME"
},
{ "name": "GITHUB_ORG_NAME", "valueFrom": "STAGING_GITHUB_ORG_NAME" },
{
"name": "GROWTHBOOK_CLIENT_KEY",
"valueFrom": "STAGING_GROWTHBOOK_CLIENT_KEY"
},
{
"name": "INCOMING_QUEUE_URL",
"valueFrom": "STAGING_INCOMING_QUEUE_URL"
},
{
"name": "ISOMERPAGES_REPO_PAGE_COUNT",
"valueFrom": "STAGING_ISOMERPAGES_REPO_PAGE_COUNT"
},
{ "name": "JWT_SECRET", "valueFrom": "STAGING_JWT_SECRET" },
{
"name": "MAX_NUM_OTP_ATTEMPTS",
"valueFrom": "STAGING_MAX_NUM_OTP_ATTEMPTS"
},
{
"name": "MOCK_AMPLIFY_DOMAIN_ASSOCIATION_CALLS",
"valueFrom": "STAGING_MOCK_AMPLIFY_DOMAIN_ASSOCIATION_CALLS"
},
{ "name": "MUTEX_TABLE_NAME", "valueFrom": "STAGING_MUTEX_TABLE_NAME" },
{
"name": "NETLIFY_ACCESS_TOKEN",
"valueFrom": "STAGING_NETLIFY_ACCESS_TOKEN"
},
{ "name": "NODE_ENV", "valueFrom": "STAGING_NODE_ENV" },
{ "name": "OTP_EXPIRY", "valueFrom": "STAGING_OTP_EXPIRY" },
{ "name": "OTP_SECRET", "valueFrom": "STAGING_OTP_SECRET" },
Comment on lines +124 to +125
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should some of these variables removed from the support container? I assume they are not useful there? I don't have a sense of the full list of what's needed and not, but general principle is to only give the app what it needs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i copied it because i didn't want to sift through and manually find out what env vars are/are not used.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bit painful yes, but we should do it anyway for good hygiene. If the service doesn't need to know of certain secrets or values, we shouldn't pass them in.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sounds good! you ok if i do this in a follow-up? my immediate priority now is to get functionality up and merged - will address this hygiene issue downstream

{
"name": "OUTGOING_QUEUE_URL",
"valueFrom": "STAGING_OUTGOING_QUEUE_URL"
},
{ "name": "POSTMAN_API_KEY", "valueFrom": "STAGING_POSTMAN_API_KEY" },
{
"name": "POSTMAN_SMS_CRED_NAME",
"valueFrom": "STAGING_POSTMAN_SMS_CRED_NAME"
},
{
"name": "REDIRECT_URI",
"valueFrom": "STAGING_REDIRECT_URI"
},
{
"name": "SESSION_SECRET",
"valueFrom": "STAGING_SESSION_SECRET"
},
{ "name": "SGID_CLIENT_ID", "valueFrom": "STAGING_SGID_CLIENT_ID" },
{
"name": "SGID_CLIENT_SECRET",
"valueFrom": "STAGING_SGID_CLIENT_SECRET"
},
{
"name": "SGID_REDIRECT_URI",
"valueFrom": "STAGING_SGID_REDIRECT_URI"
},
{
"name": "SGID_PRIVATE_KEY",
"valueFrom": "STAGING_SGID_PRIVATE_KEY"
},
{
"name": "SITE_CLONE_FORM_KEY",
"valueFrom": "STAGING_SITE_CLONE_FORM_KEY"
},
{
"name": "SITE_CREATE_FORM_KEY",
"valueFrom": "STAGING_SITE_CREATE_FORM_KEY"
},
{
"name": "SITE_LAUNCH_DYNAMO_DB_TABLE_NAME",
"valueFrom": "STAGING_SITE_LAUNCH_DYNAMO_DB_TABLE_NAME"
},
{
"name": "SITE_LAUNCH_FORM_KEY",
"valueFrom": "STAGING_SITE_LAUNCH_FORM_KEY"
},
{
"name": "SITE_PASSWORD_SECRET_KEY",
"valueFrom": "STAGING_SITE_PASSWORD_SECRET_KEY"
},
{
"name": "STAGING_SSH_PUBLIC_KEY",
"valueFrom": "STAGING_SSH_PUBLIC_KEY"
},
{
"name": "STAGING_SSH_PRIVATE_KEY",
"valueFrom": "STAGING_SSH_PRIVATE_KEY"
},
{
"name": "STEP_FUNCTIONS_ARN",
"valueFrom": "STAGING_STEP_FUNCTIONS_ARN"
},
{
"name": "SYSTEM_GITHUB_TOKEN",
"valueFrom": "STAGING_SYSTEM_GITHUB_TOKEN"
},
{
"name": "UPTIME_ROBOT_API_KEY",
"valueFrom": "STAGING_UPTIME_ROBOT_API_KEY"
},
{
"name": "SITE_CHECKER_FORM_KEY",
"valueFrom": "STAGING_SITE_CHECKER_FORM_KEY"
},
{
"name": "SITE_AUDIT_LOGS_FORM_KEY",
"valueFrom": "STAGING_SITE_AUDIT_LOGS_FORM_KEY"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/aws/elasticbeanstalk/cms-backend-staging-node18/var/log/web.stdout.log",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

open to creating another log group, nbd

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 to creating another log group

Maybe we can drop elasticbeanstalk from the name too...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ya can, i think i'll change it to an ecs-prefixed log group post tear down of eb

"awslogs-region": "ap-southeast-1",
"awslogs-stream-prefix": "ecs"
}
}
},
{
"name": "dd-agent",
"image": "public.ecr.aws/datadog/agent:latest",
"portMappings": [
{
"containerPort": 8126,
"hostPort": 8126,
"protocol": "tcp"
}
],
"essential": true,
"environment": [
{
"name": "TZ",
"value": "Asia/Singapore"
},
{
"name": "DD_APM_NON_LOCAL_TRAFFIC",
"value": "true"
},
{
"name": "ECS_FARGATE",
"value": "true"
},
{
"name": "DD_APM_ENABLED",
"value": "true"
},
{
"name": "DD_SITE",
"value": "datadoghq.com"
},
{
"name": "DD_ENV",
"value": "staging"
},
{
"name": "DD_SERVICE",
"value": "isomer-support"
},
{
"name": "DD_TAGS",
"value": "team:isomer"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In case the infra linkage doesn't work (happened in armoury), we might need to set the service here too:

Suggested change
"value": "team:isomer"
"value": "team:isomer,service:isomer-support"

},
{
"name": "DD_AGENT_MAJOR_VERSION",
"value": "7"
},
{
"name": "DD_LOGS_INJECTION",
"value": "true"
},
{
"name": "DD_TRACE_STARTUP_LOGS",
"value": "true"
},
{
"name": "DD_API_KEY",
"value": "<DD_API_KEY>"
}
],
"dockerLabels": {
"com.datadoghq.tags.env": "staging",
"com.datadoghq.tags.service": "isomer-support",
"com.datadoghq.tags.version": "7"
},
"mountPoints": [],
"volumesFrom": [],
"secrets": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "isomer-infra-staging/ecs/dd-agent",
"awslogs-region": "ap-southeast-1",
"awslogs-stream-prefix": "ecs"
}
}
}
],
"family": "isomer-infra",
"networkMode": "awsvpc",
"volumes": [
{
"name": "ggs-efs",
"efsVolumeConfiguration": {
"fileSystemId": "<EFS_FILE_SYSTEM_ID>",
"rootDirectory": "/"
}
}
],
"placementConstraints": [],
"runtimePlatform": {
"operatingSystemFamily": "LINUX"
},
"requiresCompatibilities": ["FARGATE"],
"taskRoleArn": "arn:aws:iam::<AWS_ACCOUNT_ID>:role/stg-support-ecs-task-role",
"executionRoleArn": "arn:aws:iam::<AWS_ACCOUNT_ID>:role/stg-support-ecs-task-exec-role",
"cpu": "1024",
"memory": "2048"
}
17 changes: 14 additions & 3 deletions .github/workflows/aws_deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ on:
description: "Name of container in ECS task definition"
required: true
type: string
ecs-container-port:
description: "Container port number in ECS task definition"
required: true
type: number
environment:
description: "Environment to deploy to"
required: true
Expand All @@ -47,6 +51,10 @@ on:
description: 'CodeDeploy deployment group to use'
required: true
type: string
path-to-dockerfile:
description: 'path to the dockerfile to use'
required: true
type: string

secrets:
AWS_ACCOUNT_ID:
Expand Down Expand Up @@ -85,8 +93,9 @@ jobs:
- name: Build and push image to ECR
uses: docker/build-push-action@v4
with:
file: ${{inputs.path-to-dockerfile}}
push: true
tags: ${{ steps.login-ecr.outputs.registry }}/${{ inputs.ecr-repository }}:${{ github.sha }}
tags: ${{ steps.login-ecr.outputs.registry }}/${{ inputs.ecr-repository }}:${{inputs.ecs-web-service-name}}-${{ github.sha }}

deploy:
needs: build
Expand Down Expand Up @@ -119,15 +128,17 @@ jobs:
- name: Replace variables in appspec
run: |
sed -i 's/<AWS_ACCOUNT_ID>/${{ secrets.AWS_ACCOUNT_ID }}/g' .aws/deploy/appspec.json
sed -i 's/<ENVIRONMENT>/${{ inputs.shortEnv }}/g' .aws/deploy/appspec.json
sed -i 's/<SHORTENV>/${{ inputs.shortEnv }}/g' .aws/deploy/appspec.json
sed -i 's/<CONTAINER_NAME>/${{ inputs.ecs-container-name }}/g' .aws/deploy/appspec.json
sed -i 's/<CONTAINER_PORT>/${{ inputs.ecs-container-port }}/g' .aws/deploy/appspec.json

- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ${{ inputs.task-definition-path }}
container-name: ${{ inputs.ecs-container-name }}
image: ${{ steps.login-ecr.outputs.registry }}/${{ inputs.ecr-repository }}:${{ github.sha }}
image: ${{ steps.login-ecr.outputs.registry }}/${{ inputs.ecr-repository }}:${{inputs.ecs-web-service-name}}-${{ github.sha }}

- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
Expand Down
Loading