Skip to content

Commit 1fd7c4c

Browse files
amarauzomaamarauzoma
committed
Merge origin/master and resolve workflow/terraform conflicts
2 parents d5d0318 + 81bc02c commit 1fd7c4c

21 files changed

Lines changed: 473 additions & 821 deletions

.github/workflows/deploy-backend.yml

Lines changed: 40 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ on:
99
lambda_build_flags:
1010
description: >
1111
JSON map of lambda_name -> force-build flag.
12-
e.g. {"recordprocessor":true,"ack-backend":false,"mock_pds":false}
12+
e.g. {"backend":true,"recordprocessor":true,"ack-backend":false,"mock_pds":false}
1313
required: false
1414
type: string
1515
default: "{}"
@@ -73,14 +73,14 @@ on:
7373
lambda_build_flags:
7474
description: >
7575
JSON map of lambda_name -> force-build flag.
76-
e.g. {"recordprocessor":true,"ack-backend":false,"mock_pds":false}
76+
e.g. {"backend":true,"recordprocessor":true,"ack-backend":false,"mock_pds":false}
7777
required: false
7878
type: string
7979
default: "{}"
8080
lambda_image_overrides:
8181
description: >
8282
JSON map of lambda_name -> immutable image selector for reuse mode.
83-
e.g. {"recordprocessor":"internal-dev-git-abc123","ack-backend":"123456789012.dkr.ecr.eu-west-2.amazonaws.com/imms-ackbackend-repo@sha256:..."}
83+
e.g. {"backend":"internal-dev-git-abc123","ack-backend":"123456789012.dkr.ecr.eu-west-2.amazonaws.com/imms-ackbackend-repo@sha256:..."}
8484
required: false
8585
type: string
8686
default: "{}"
@@ -118,40 +118,57 @@ jobs:
118118
fail-fast: false
119119
matrix:
120120
include:
121+
- lambda_name: backend
122+
ecr_repository: imms-backend-repo
123+
lambda_dir: backend
124+
- lambda_name: batch_processor_filter
125+
ecr_repository: imms-batch-processor-filter-repo
126+
lambda_dir: batch_processor_filter
127+
- lambda_name: delta_backend
128+
ecr_repository: imms-delta-backend-repo
129+
lambda_dir: delta_backend
130+
- lambda_name: filenameprocessor
131+
ecr_repository: imms-filenameprocessor-repo
132+
lambda_dir: filenameprocessor
133+
- lambda_name: id_sync
134+
ecr_repository: imms-id-sync-repo
135+
lambda_dir: id_sync
136+
- lambda_name: mesh_processor
137+
ecr_repository: imms-mesh-processor-repo
138+
lambda_dir: mesh_processor
139+
- lambda_name: mns_publisher
140+
ecr_repository: imms-mns-publisher-repo
141+
lambda_dir: mns_publisher
142+
- lambda_name: recordforwarder
143+
ecr_repository: imms-recordforwarder-repo
144+
lambda_dir: recordforwarder
145+
- lambda_name: redis_sync
146+
ecr_repository: imms-redis-sync-repo
147+
lambda_dir: redis_sync
121148
- lambda_name: recordprocessor
122-
tf_var_suffix: recordprocessor
123149
ecr_repository: imms-recordprocessor-repo
124-
dockerfile_path: lambdas/recordprocessor/Dockerfile
125-
lambda_paths: |
126-
lambdas/recordprocessor/
150+
lambda_dir: recordprocessor
127151
- lambda_name: ack-backend
128-
tf_var_suffix: ack_backend
129152
ecr_repository: imms-ackbackend-repo
130-
dockerfile_path: lambdas/ack_backend/Dockerfile
131-
lambda_paths: |
132-
lambdas/ack_backend/
153+
lambda_dir: ack_backend
133154
- lambda_name: mock_pds
134-
tf_var_suffix: mock_pds
135155
ecr_repository: imms-mock-pds-repo
136-
dockerfile_path: lambdas/mock_pds/Dockerfile
137-
lambda_paths: |
138-
lambdas/mock_pds/
156+
lambda_dir: mock_pds
139157
uses: ./.github/workflows/deploy-lambda-artifact.yml
140158
with:
141159
lambda_name: ${{ matrix.lambda_name }}
142-
tf_var_suffix: ${{ matrix.tf_var_suffix }}
160+
tf_var_suffix: ${{ matrix.lambda_dir }}
143161
environment: ${{ inputs.environment }}
144162
sub_environment: ${{ inputs.sub_environment }}
145163
build_image: ${{ fromJson(inputs.lambda_build_flags)[matrix.lambda_name] || false }}
146164
image_version: ${{ fromJson(inputs.lambda_image_overrides)[matrix.lambda_name] || '' }}
147165
run_diff_check: ${{ inputs.run_diff_check }}
148166
diff_base_sha: ${{ inputs.diff_base_sha }}
149167
diff_head_sha: ${{ inputs.diff_head_sha }}
150-
lambda_paths: ${{ matrix.lambda_paths }}
151-
shared_paths: |
152-
lambdas/shared/src/common/
168+
lambda_paths: lambdas/${{ matrix.lambda_dir }}/
169+
shared_paths: lambdas/shared/src/common/
153170
docker_context_path: lambdas
154-
dockerfile_path: ${{ matrix.dockerfile_path }}
171+
dockerfile_path: lambdas/${{ matrix.lambda_dir }}/Dockerfile
155172
ecr_repository: ${{ matrix.ecr_repository }}
156173
image_tag_prefix: ${{ inputs.sub_environment }}-
157174
allow_implicit_tag_prefix_reuse: ${{ inputs.sub_environment == 'internal-dev' || startsWith(inputs.sub_environment, 'pr-') }}
@@ -165,7 +182,6 @@ jobs:
165182
if: ${{ !cancelled() && needs.deploy-lambda-images.result == 'success' }}
166183
outputs:
167184
image_uris_json: ${{ steps.lambda-images.outputs.image_uris_json }}
168-
terraform_image_uris_json: ${{ steps.lambda-images.outputs.terraform_image_uris_json }}
169185
runs-on: ubuntu-latest
170186
environment:
171187
name: ${{ inputs.environment }}
@@ -224,17 +240,11 @@ jobs:
224240
"${manifest_files[@]}"
225241
)"
226242
227-
terraform_image_uris_json="$(
228-
jq -cs 'map(select(.tf_var_suffix != null and .tf_var_suffix != "" and .image_uri != null) | {(.tf_var_suffix): .image_uri}) | add' \
229-
"${manifest_files[@]}"
230-
)"
231-
232243
echo "image_uris_json=${image_uris_json}" >> "$GITHUB_OUTPUT"
233-
echo "terraform_image_uris_json=${terraform_image_uris_json}" >> "$GITHUB_OUTPUT"
234244
jq -er '
235-
to_entries[]
236-
| "TF_VAR_\(.key)_image_uri=\(.value)"
237-
' <<< "${terraform_image_uris_json}" >> "$GITHUB_ENV"
245+
select(.tf_var_suffix != null and .tf_var_suffix != "" and .image_uri != null)
246+
| "TF_VAR_\(.tf_var_suffix)_image_uri=\(.image_uri)"
247+
' "${manifest_files[@]}" >> "$GITHUB_ENV"
238248
239249
- name: Terraform Init
240250
working-directory: infrastructure/instance
@@ -276,22 +286,6 @@ jobs:
276286
with:
277287
terraform_version: "1.12.2"
278288

279-
- name: Restore lambda image Terraform vars
280-
env:
281-
TERRAFORM_IMAGE_URIS_JSON: ${{ needs.terraform-plan.outputs.terraform_image_uris_json }}
282-
run: |
283-
set -euo pipefail
284-
285-
if [ -z "${TERRAFORM_IMAGE_URIS_JSON}" ] || [ "${TERRAFORM_IMAGE_URIS_JSON}" = "null" ]; then
286-
echo "terraform-plan did not emit terraform_image_uris_json."
287-
exit 1
288-
fi
289-
290-
jq -er '
291-
to_entries[]
292-
| "TF_VAR_\(.key)_image_uri=\(.value)"
293-
' <<< "${TERRAFORM_IMAGE_URIS_JSON}" >> "$GITHUB_ENV"
294-
295289
- name: Retrieve Terraform Plan
296290
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
297291
with:

.github/workflows/deploy-lambda-artifact.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -244,7 +244,7 @@ jobs:
244244
- name: Build and publish image with layer caching
245245
id: build-image
246246
if: ${{ steps.decide.outputs.deployment_mode == 'build' && !steps.build-check.outputs.existing_image_digest }}
247-
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8
247+
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f
248248
with:
249249
context: ${{ env.DOCKER_CONTEXT_PATH }}
250250
file: ${{ env.DOCKERFILE_PATH }}

.github/workflows/pr-teardown.yml

Lines changed: 21 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,19 @@ jobs:
2020
APIGEE_ENVIRONMENT: internal-dev
2121
BACKEND_ENVIRONMENT: dev
2222
BACKEND_SUB_ENVIRONMENT: pr-${{ github.event_name == 'pull_request' && github.event.pull_request.number || inputs.pr_number }}
23+
LAMBDA_IMAGE_REPOSITORIES: |
24+
backend:imms-backend-repo
25+
batch_processor_filter:imms-batch-processor-filter-repo
26+
delta_backend:imms-delta-backend-repo
27+
filenameprocessor:imms-filenameprocessor-repo
28+
id_sync:imms-id-sync-repo
29+
mesh_processor:imms-mesh-processor-repo
30+
mns_publisher:imms-mns-publisher-repo
31+
recordprocessor:imms-recordprocessor-repo
32+
recordforwarder:imms-recordforwarder-repo
33+
ack_backend:imms-ackbackend-repo
34+
mock_pds:imms-mock-pds-repo
35+
redis_sync:imms-redis-sync-repo
2336
permissions:
2437
id-token: write
2538
contents: read
@@ -53,9 +66,10 @@ jobs:
5366
local uri="$(make -s output "name=$1" 2>/dev/null || true)"
5467
echo "${uri:-placeholder.dkr.ecr.eu-west-2.amazonaws.com/$2@sha256:0000000000000000000000000000000000000000000000000000000000000000}"
5568
}
56-
echo "TF_VAR_recordprocessor_image_uri=$(resolve_or_placeholder recordprocessor_image_uri imms-recordprocessor-repo)" >> $GITHUB_ENV
57-
echo "TF_VAR_ack_backend_image_uri=$(resolve_or_placeholder ack_backend_image_uri imms-ackbackend-repo)" >> $GITHUB_ENV
58-
echo "TF_VAR_mock_pds_image_uri=$(resolve_or_placeholder mock_pds_image_uri imms-mock-pds-repo)" >> $GITHUB_ENV
69+
while IFS=: read -r lambda_name repository_name; do
70+
[ -n "${lambda_name}" ] || continue
71+
echo "TF_VAR_${lambda_name}_image_uri=$(resolve_or_placeholder "${lambda_name}_image_uri" "${repository_name}")" >> $GITHUB_ENV
72+
done <<< "${LAMBDA_IMAGE_REPOSITORIES}"
5973
6074
- name: Install poetry
6175
run: pip install poetry==2.1.4
@@ -130,6 +144,8 @@ jobs:
130144
--output json
131145
}
132146
133-
for repository_name in imms-recordprocessor-repo imms-ackbackend-repo imms-mock-pds-repo; do
147+
while IFS=: read -r lambda_name repository_name; do
148+
[ -n "${lambda_name}" ] || continue
149+
[ -n "${repository_name}" ] || continue
134150
cleanup_repo_by_prefix "${repository_name}"
135-
done
151+
done <<< "${LAMBDA_IMAGE_REPOSITORIES}"

infrastructure/account/ackbackend_ecr_repo.tf

Lines changed: 0 additions & 33 deletions
This file was deleted.

infrastructure/account/lambda_ecr_repos.tf

Lines changed: 143 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,143 @@
1+
locals {
2+
lambda_source_arn_prefix = "arn:aws:lambda:${var.aws_region}:${var.imms_account_id}:function:imms-"
3+
4+
lambda_ecr_repositories = {
5+
operation = {
6+
name = "imms-backend-repo"
7+
lambda_source_names = [
8+
"*_get_status",
9+
"*_not_found",
10+
"*_search_imms",
11+
"*_get_imms",
12+
"*_delete_imms",
13+
"*_create_imms",
14+
"*_update_imms"
15+
]
16+
}
17+
batch_processor_filter = {
18+
name = "imms-batch-processor-filter-repo"
19+
lambda_source_names = ["*-batch-processor-filter-lambda"]
20+
}
21+
delta = {
22+
name = "imms-delta-backend-repo"
23+
lambda_source_names = ["*-delta-lambda"]
24+
}
25+
filenameprocessor = {
26+
name = "imms-filenameprocessor-repo"
27+
lambda_source_names = ["*-filenameproc-lambda"]
28+
}
29+
id_sync = {
30+
name = "imms-id-sync-repo"
31+
lambda_source_names = ["*-id-sync-lambda"]
32+
}
33+
mesh_processor = {
34+
name = "imms-mesh-processor-repo"
35+
lambda_source_names = ["*-mesh-processor-lambda"]
36+
}
37+
mns_publisher = {
38+
name = "imms-mns-publisher-repo"
39+
lambda_source_names = ["*-mns-publisher-lambda"]
40+
}
41+
ack_backend = {
42+
name = "imms-ackbackend-repo"
43+
lambda_source_names = ["*-ack-lambda"]
44+
}
45+
recordforwarder = {
46+
name = "imms-recordforwarder-repo"
47+
lambda_source_names = ["*-forwarding-lambda"]
48+
}
49+
recordprocessor = {
50+
name = "imms-recordprocessor-repo"
51+
lifecycle_policy = jsonencode({
52+
rules = [
53+
{
54+
rulePriority = 1
55+
description = "Keep last 10 images."
56+
selection = {
57+
tagStatus = "any"
58+
countType = "imageCountMoreThan"
59+
countNumber = 10
60+
}
61+
action = {
62+
type = "expire"
63+
}
64+
}
65+
]
66+
})
67+
}
68+
redis_sync = {
69+
name = "imms-redis-sync-repo"
70+
lambda_source_names = ["*-redis-sync-lambda"]
71+
}
72+
}
73+
}
74+
#lambda repo
75+
resource "aws_ecr_repository" "lambda_repository" {
76+
for_each = local.lambda_ecr_repositories
77+
78+
image_scanning_configuration {
79+
scan_on_push = true
80+
}
81+
82+
image_tag_mutability = "IMMUTABLE"
83+
name = each.value.name
84+
}
85+
86+
resource "aws_ecr_repository_policy" "lambda_repository_image_retrieval_policy" {
87+
for_each = {
88+
for key, repo in local.lambda_ecr_repositories : key => repo if try(repo.lambda_source_names, null) != null
89+
}
90+
91+
repository = aws_ecr_repository.lambda_repository[each.key].name
92+
93+
policy = jsonencode({
94+
Version = "2012-10-17"
95+
Statement = [
96+
{
97+
Sid = "LambdaECRImageRetrievalPolicy"
98+
Effect = "Allow"
99+
Principal = {
100+
Service = "lambda.amazonaws.com"
101+
}
102+
Action = [
103+
"ecr:BatchGetImage",
104+
"ecr:GetDownloadUrlForLayer"
105+
]
106+
Condition = {
107+
StringLike = {
108+
"aws:sourceArn" = formatlist("${local.lambda_source_arn_prefix}%s", each.value.lambda_source_names)
109+
}
110+
}
111+
}
112+
]
113+
})
114+
}
115+
116+
resource "aws_ecr_lifecycle_policy" "lambda_repository_lifecycle_policy" {
117+
for_each = {
118+
for key, repo in local.lambda_ecr_repositories : key => repo if try(repo.lifecycle_policy, null) != null
119+
}
120+
121+
repository = aws_ecr_repository.lambda_repository[each.key].name
122+
policy = each.value.lifecycle_policy
123+
}
124+
125+
moved {
126+
from = aws_ecr_repository.ackbackend_repository
127+
to = aws_ecr_repository.lambda_repository["ack_backend"]
128+
}
129+
130+
moved {
131+
from = aws_ecr_repository_policy.ackbackend_repository_lambda_image_retrieval_policy
132+
to = aws_ecr_repository_policy.lambda_repository_image_retrieval_policy["ack_backend"]
133+
}
134+
135+
moved {
136+
from = aws_ecr_repository.recordprocessor_repository
137+
to = aws_ecr_repository.lambda_repository["recordprocessor"]
138+
}
139+
140+
moved {
141+
from = aws_ecr_lifecycle_policy.recordprocessor_repository_lifecycle_policy
142+
to = aws_ecr_lifecycle_policy.lambda_repository_lifecycle_policy["recordprocessor"]
143+
}

infrastructure/account/recordprocessor_ecr_repo.tf

Lines changed: 0 additions & 7 deletions
This file was deleted.

0 commit comments

Comments
 (0)