-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ref(app): shift support flows into separate folder + ecs service #1269
Changes from all commits
942afd2
d94acfa
1c8ca5e
4863b95
f87479d
34494a3
c8a5ab3
cc3f8e0
5aed04e
5b3a12d
92f9b9d
a7f3159
ac5edd7
857c3d9
c1594da
ae26953
d94e4d9
e6aa6c2
e832729
3e3651e
7406638
e24e5d3
d2f5443
7cd1f73
8dbf034
237c24f
d274644
b409b19
151a33c
3d2c030
8e5c655
eefb76e
3a15a9c
899b810
3fe9569
fdc82c1
b9fc8c7
0a9e741
49d3f3b
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
@@ -0,0 +1,313 @@ | ||||||
{ | ||||||
"containerDefinitions": [ | ||||||
{ | ||||||
"name": "support", | ||||||
"portMappings": [ | ||||||
{ | ||||||
"containerPort": 8082, | ||||||
"hostPort": 8082, | ||||||
"protocol": "tcp" | ||||||
} | ||||||
], | ||||||
"essential": true, | ||||||
"environment": [ | ||||||
{ "name": "ENV_TYPE", "value": "STAGING" }, | ||||||
{ "name": "DD_SERVICE", "value": "isomer-support" }, | ||||||
{ "name": "DD_TAGS", "value": "team:isomer" } | ||||||
], | ||||||
"mountPoints": [ | ||||||
{ | ||||||
"sourceVolume": "ggs-efs", | ||||||
"containerPath": "/efs", | ||||||
"readOnly": false | ||||||
} | ||||||
], | ||||||
"linuxParameters": { | ||||||
"initProcessEnabled": true | ||||||
}, | ||||||
"volumesFrom": [], | ||||||
"secrets": [ | ||||||
{ | ||||||
"name": "AUTH_TOKEN_EXPIRY_DURATION_IN_MILLISECONDS", | ||||||
"valueFrom": "STAGING_AUTH_TOKEN_EXPIRY_DURATION_IN_MILLISECONDS" | ||||||
}, | ||||||
{ | ||||||
"name": "AWS_BACKEND_EB_ENV_NAME", | ||||||
"valueFrom": "STAGING_AWS_BACKEND_EB_ENV_NAME" | ||||||
}, | ||||||
{ "name": "AWS_REGION", "valueFrom": "STAGING_AWS_REGION" }, | ||||||
{ "name": "CLIENT_ID", "valueFrom": "STAGING_CLIENT_ID" }, | ||||||
{ "name": "CLIENT_SECRET", "valueFrom": "STAGING_CLIENT_SECRET" }, | ||||||
{ | ||||||
"name": "CLOUDMERSIVE_API_KEY", | ||||||
"valueFrom": "STAGING_CLOUDMERSIVE_API_KEY" | ||||||
}, | ||||||
{ "name": "COOKIE_DOMAIN", "valueFrom": "STAGING_COOKIE_DOMAIN" }, | ||||||
{ "name": "DB_ACQUIRE", "valueFrom": "STAGING_DB_ACQUIRE" }, | ||||||
{ "name": "DB_MAX_POOL", "valueFrom": "STAGING_DB_MAX_POOL" }, | ||||||
{ "name": "DB_MIN_POOL", "valueFrom": "STAGING_DB_MIN_POOL" }, | ||||||
{ "name": "DB_TIMEOUT", "valueFrom": "STAGING_DB_TIMEOUT" }, | ||||||
{ "name": "DB_URI", "valueFrom": "STAGING_DB_URI" }, | ||||||
{ | ||||||
"name": "DD_AGENT_MAJOR_VERSION", | ||||||
"valueFrom": "STAGING_DD_AGENT_MAJOR_VERSION" | ||||||
}, | ||||||
{ "name": "DD_ENV", "valueFrom": "STAGING_DD_ENV" }, | ||||||
{ | ||||||
"name": "DD_LOGS_INJECTION", | ||||||
"valueFrom": "STAGING_DD_LOGS_INJECTION" | ||||||
}, | ||||||
{ | ||||||
"name": "DD_TRACE_STARTUP_LOGS", | ||||||
"valueFrom": "STAGING_DD_TRACE_STARTUP_LOGS" | ||||||
}, | ||||||
{ | ||||||
"name": "E2E_TEST_GH_TOKEN", | ||||||
"valueFrom": "STAGING_E2E_TEST_GH_TOKEN" | ||||||
}, | ||||||
{ "name": "E2E_TEST_REPO", "valueFrom": "STAGING_E2E_TEST_REPO" }, | ||||||
{ "name": "E2E_TEST_SECRET", "valueFrom": "STAGING_E2E_TEST_SECRET" }, | ||||||
{ "name": "EFS_VOL_PATH", "valueFrom": "STAGING_EFS_VOL_PATH" }, | ||||||
{ | ||||||
"name": "ENCRYPTION_SECRET", | ||||||
"valueFrom": "STAGING_ENCRYPTION_SECRET" | ||||||
}, | ||||||
{ | ||||||
"name": "FF_DEPRECATE_SITE_QUEUES", | ||||||
"valueFrom": "STAGING_FF_DEPRECATE_SITE_QUEUES" | ||||||
}, | ||||||
{ "name": "FRONTEND_URL", "valueFrom": "STAGING_FRONTEND_URL" }, | ||||||
{ | ||||||
"name": "GGS_REPAIR_FORM_KEY", | ||||||
"valueFrom": "STAGING_GGS_REPAIR_FORM_KEY" | ||||||
}, | ||||||
{ | ||||||
"name": "GGS_EXPERIMENTAL_TRACKING_SITES", | ||||||
"valueFrom": "STAGING_GGS_EXPERIMENTAL_TRACKING_SITES" | ||||||
}, | ||||||
{ | ||||||
"name": "GITHUB_BUILD_ORG_NAME", | ||||||
"valueFrom": "STAGING_GITHUB_BUILD_ORG_NAME" | ||||||
}, | ||||||
{ | ||||||
"name": "GITHUB_BUILD_REPO_NAME", | ||||||
"valueFrom": "STAGING_GITHUB_BUILD_REPO_NAME" | ||||||
}, | ||||||
{ "name": "GITHUB_ORG_NAME", "valueFrom": "STAGING_GITHUB_ORG_NAME" }, | ||||||
{ | ||||||
"name": "GROWTHBOOK_CLIENT_KEY", | ||||||
"valueFrom": "STAGING_GROWTHBOOK_CLIENT_KEY" | ||||||
}, | ||||||
{ | ||||||
"name": "INCOMING_QUEUE_URL", | ||||||
"valueFrom": "STAGING_INCOMING_QUEUE_URL" | ||||||
}, | ||||||
{ | ||||||
"name": "ISOMERPAGES_REPO_PAGE_COUNT", | ||||||
"valueFrom": "STAGING_ISOMERPAGES_REPO_PAGE_COUNT" | ||||||
}, | ||||||
{ "name": "JWT_SECRET", "valueFrom": "STAGING_JWT_SECRET" }, | ||||||
{ | ||||||
"name": "MAX_NUM_OTP_ATTEMPTS", | ||||||
"valueFrom": "STAGING_MAX_NUM_OTP_ATTEMPTS" | ||||||
}, | ||||||
{ | ||||||
"name": "MOCK_AMPLIFY_DOMAIN_ASSOCIATION_CALLS", | ||||||
"valueFrom": "STAGING_MOCK_AMPLIFY_DOMAIN_ASSOCIATION_CALLS" | ||||||
}, | ||||||
{ "name": "MUTEX_TABLE_NAME", "valueFrom": "STAGING_MUTEX_TABLE_NAME" }, | ||||||
{ | ||||||
"name": "NETLIFY_ACCESS_TOKEN", | ||||||
"valueFrom": "STAGING_NETLIFY_ACCESS_TOKEN" | ||||||
}, | ||||||
{ "name": "NODE_ENV", "valueFrom": "STAGING_NODE_ENV" }, | ||||||
{ "name": "OTP_EXPIRY", "valueFrom": "STAGING_OTP_EXPIRY" }, | ||||||
{ "name": "OTP_SECRET", "valueFrom": "STAGING_OTP_SECRET" }, | ||||||
Comment on lines
+124
to
+125
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should some of these variables removed from the support container? I assume they are not useful there? I don't have a sense of the full list of what's needed and not, but general principle is to only give the app what it needs. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. i copied it because i didn't want to sift through and manually find out what env vars are/are not used. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Bit painful yes, but we should do it anyway for good hygiene. If the service doesn't need to know of certain secrets or values, we shouldn't pass them in. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. sounds good! you ok if i do this in a follow-up? my immediate priority now is to get functionality up and merged - will address this hygiene issue downstream |
||||||
{ | ||||||
"name": "OUTGOING_QUEUE_URL", | ||||||
"valueFrom": "STAGING_OUTGOING_QUEUE_URL" | ||||||
}, | ||||||
{ "name": "POSTMAN_API_KEY", "valueFrom": "STAGING_POSTMAN_API_KEY" }, | ||||||
{ | ||||||
"name": "POSTMAN_SMS_CRED_NAME", | ||||||
"valueFrom": "STAGING_POSTMAN_SMS_CRED_NAME" | ||||||
}, | ||||||
{ | ||||||
"name": "REDIRECT_URI", | ||||||
"valueFrom": "STAGING_REDIRECT_URI" | ||||||
}, | ||||||
{ | ||||||
"name": "SESSION_SECRET", | ||||||
"valueFrom": "STAGING_SESSION_SECRET" | ||||||
}, | ||||||
{ "name": "SGID_CLIENT_ID", "valueFrom": "STAGING_SGID_CLIENT_ID" }, | ||||||
{ | ||||||
"name": "SGID_CLIENT_SECRET", | ||||||
"valueFrom": "STAGING_SGID_CLIENT_SECRET" | ||||||
}, | ||||||
{ | ||||||
"name": "SGID_REDIRECT_URI", | ||||||
"valueFrom": "STAGING_SGID_REDIRECT_URI" | ||||||
}, | ||||||
{ | ||||||
"name": "SGID_PRIVATE_KEY", | ||||||
"valueFrom": "STAGING_SGID_PRIVATE_KEY" | ||||||
}, | ||||||
{ | ||||||
"name": "SITE_CLONE_FORM_KEY", | ||||||
"valueFrom": "STAGING_SITE_CLONE_FORM_KEY" | ||||||
}, | ||||||
{ | ||||||
"name": "SITE_CREATE_FORM_KEY", | ||||||
"valueFrom": "STAGING_SITE_CREATE_FORM_KEY" | ||||||
}, | ||||||
{ | ||||||
"name": "SITE_LAUNCH_DYNAMO_DB_TABLE_NAME", | ||||||
"valueFrom": "STAGING_SITE_LAUNCH_DYNAMO_DB_TABLE_NAME" | ||||||
}, | ||||||
{ | ||||||
"name": "SITE_LAUNCH_FORM_KEY", | ||||||
"valueFrom": "STAGING_SITE_LAUNCH_FORM_KEY" | ||||||
}, | ||||||
{ | ||||||
"name": "SITE_PASSWORD_SECRET_KEY", | ||||||
"valueFrom": "STAGING_SITE_PASSWORD_SECRET_KEY" | ||||||
}, | ||||||
{ | ||||||
"name": "STAGING_SSH_PUBLIC_KEY", | ||||||
"valueFrom": "STAGING_SSH_PUBLIC_KEY" | ||||||
}, | ||||||
{ | ||||||
"name": "STAGING_SSH_PRIVATE_KEY", | ||||||
"valueFrom": "STAGING_SSH_PRIVATE_KEY" | ||||||
}, | ||||||
{ | ||||||
"name": "STEP_FUNCTIONS_ARN", | ||||||
"valueFrom": "STAGING_STEP_FUNCTIONS_ARN" | ||||||
}, | ||||||
{ | ||||||
"name": "SYSTEM_GITHUB_TOKEN", | ||||||
"valueFrom": "STAGING_SYSTEM_GITHUB_TOKEN" | ||||||
}, | ||||||
{ | ||||||
"name": "UPTIME_ROBOT_API_KEY", | ||||||
"valueFrom": "STAGING_UPTIME_ROBOT_API_KEY" | ||||||
}, | ||||||
{ | ||||||
"name": "SITE_CHECKER_FORM_KEY", | ||||||
"valueFrom": "STAGING_SITE_CHECKER_FORM_KEY" | ||||||
}, | ||||||
{ | ||||||
"name": "SITE_AUDIT_LOGS_FORM_KEY", | ||||||
"valueFrom": "STAGING_SITE_AUDIT_LOGS_FORM_KEY" | ||||||
} | ||||||
], | ||||||
"logConfiguration": { | ||||||
"logDriver": "awslogs", | ||||||
"options": { | ||||||
"awslogs-group": "/aws/elasticbeanstalk/cms-backend-staging-node18/var/log/web.stdout.log", | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. open to creating another log group, nbd There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. +1 to creating another log group Maybe we can drop There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ya can, i think i'll change it to an ecs-prefixed log group post tear down of eb |
||||||
"awslogs-region": "ap-southeast-1", | ||||||
"awslogs-stream-prefix": "ecs" | ||||||
} | ||||||
} | ||||||
}, | ||||||
{ | ||||||
"name": "dd-agent", | ||||||
"image": "public.ecr.aws/datadog/agent:latest", | ||||||
"portMappings": [ | ||||||
{ | ||||||
"containerPort": 8126, | ||||||
"hostPort": 8126, | ||||||
"protocol": "tcp" | ||||||
} | ||||||
], | ||||||
"essential": true, | ||||||
"environment": [ | ||||||
{ | ||||||
"name": "TZ", | ||||||
"value": "Asia/Singapore" | ||||||
}, | ||||||
{ | ||||||
"name": "DD_APM_NON_LOCAL_TRAFFIC", | ||||||
"value": "true" | ||||||
}, | ||||||
{ | ||||||
"name": "ECS_FARGATE", | ||||||
"value": "true" | ||||||
}, | ||||||
{ | ||||||
"name": "DD_APM_ENABLED", | ||||||
"value": "true" | ||||||
}, | ||||||
{ | ||||||
"name": "DD_SITE", | ||||||
"value": "datadoghq.com" | ||||||
}, | ||||||
{ | ||||||
"name": "DD_ENV", | ||||||
"value": "staging" | ||||||
}, | ||||||
{ | ||||||
"name": "DD_SERVICE", | ||||||
"value": "isomer-support" | ||||||
}, | ||||||
{ | ||||||
"name": "DD_TAGS", | ||||||
"value": "team:isomer" | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In case the infra linkage doesn't work (happened in armoury), we might need to set the service here too:
Suggested change
|
||||||
}, | ||||||
{ | ||||||
"name": "DD_AGENT_MAJOR_VERSION", | ||||||
"value": "7" | ||||||
}, | ||||||
{ | ||||||
"name": "DD_LOGS_INJECTION", | ||||||
"value": "true" | ||||||
}, | ||||||
{ | ||||||
"name": "DD_TRACE_STARTUP_LOGS", | ||||||
"value": "true" | ||||||
}, | ||||||
{ | ||||||
"name": "DD_API_KEY", | ||||||
"value": "<DD_API_KEY>" | ||||||
} | ||||||
], | ||||||
"dockerLabels": { | ||||||
"com.datadoghq.tags.env": "staging", | ||||||
"com.datadoghq.tags.service": "isomer-support", | ||||||
"com.datadoghq.tags.version": "7" | ||||||
}, | ||||||
"mountPoints": [], | ||||||
"volumesFrom": [], | ||||||
"secrets": [], | ||||||
"logConfiguration": { | ||||||
"logDriver": "awslogs", | ||||||
"options": { | ||||||
"awslogs-group": "isomer-infra-staging/ecs/dd-agent", | ||||||
"awslogs-region": "ap-southeast-1", | ||||||
"awslogs-stream-prefix": "ecs" | ||||||
} | ||||||
} | ||||||
} | ||||||
], | ||||||
"family": "isomer-infra", | ||||||
"networkMode": "awsvpc", | ||||||
"volumes": [ | ||||||
{ | ||||||
"name": "ggs-efs", | ||||||
"efsVolumeConfiguration": { | ||||||
"fileSystemId": "<EFS_FILE_SYSTEM_ID>", | ||||||
"rootDirectory": "/" | ||||||
} | ||||||
} | ||||||
], | ||||||
"placementConstraints": [], | ||||||
"runtimePlatform": { | ||||||
"operatingSystemFamily": "LINUX" | ||||||
}, | ||||||
"requiresCompatibilities": ["FARGATE"], | ||||||
"taskRoleArn": "arn:aws:iam::<AWS_ACCOUNT_ID>:role/stg-support-ecs-task-role", | ||||||
"executionRoleArn": "arn:aws:iam::<AWS_ACCOUNT_ID>:role/stg-support-ecs-task-exec-role", | ||||||
"cpu": "1024", | ||||||
"memory": "2048" | ||||||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
only change between this and
backend
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm why do we not hahve a stg variant of this ah?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this deploys to
staging
! i think u mean prod? will do in a folloow up PR