Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature/ci-cd #95

Merged
merged 43 commits into from
Jan 5, 2024
Merged

feature/ci-cd #95

merged 43 commits into from
Jan 5, 2024

Conversation

tsaucier-sf
Copy link
Contributor

testing ci cd

@tsaucier-sf
updates for ci / cd configuration for backstage
a2ac241
@tsaucier-sf
adding and ran pre-commit for auto formatting resolution
73e9c96
@tsaucier-sf
adding actions dependency scripts
a851fd1
@tsaucier-sf
update file name
e02f48a
@tsaucier-sf
modify action to current paths
5aaf6e0
@tsaucier-sf
update to use script for init / plan / apply
9eb7ca9
@tsaucier-sf
remove terraform -v
3a37f1e
@tsaucier-sf
rename workflow
595cfe4
@tsaucier-sf
make executable script
feb6519
@tsaucier-sf
fixing to shell script
1c1d2d1
@tsaucier-sf
fixing to shell script environment reference
326dde9
@tsaucier-sf
fixing to shell script to accept environment optarg
e06fe27
@tsaucier-sf
adding error from script
1257536
@tsaucier-sf
adding error from script
45fc446
@tsaucier-sf
removing my branch
ae5fced
@tsaucier-sf
adding overrides
0171312
@tsaucier-sf
clean up title
8ca61a8
@tsaucier-sf
adding support for git tagging, docker build and push.
3760323
@tsaucier-sf
fixing deploy workflow
0486fd4
@tsaucier-sf
adding chaining for workflow
0840a42
@tsaucier-sf
Merge branch 'main' into feature/ci-cd
3059b1b
@tsaucier-sf
adding permission for tag job
b9586bd
@tsaucier-sf
Merge branch 'main' into feature/ci-cd
1ac86cf
@tsaucier-sf
adding content:write for tagging
23aa8b6
@tsaucier-sf
Merge branch 'main' into feature/ci-cd
2ae2001
@tsaucier-sf
update workflows for public repo
91f9b7f
@tsaucier-sf
update workflows for public repo
f62241f
@tsaucier-sf
removing the build on branch push
a6d46aa
@tsaucier-sf
update script
213011f
@tsaucier-sf
testing without ssh keys
26e1937
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 5, 2024

Terraform plan output for prod



Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.backstage.aws_ecs_service.this will be created
  + resource "aws_ecs_service" "this" {
      + cluster                            = (sensitive value)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 2
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "arc-prod-cluster-backstage"
      + platform_version                   = (known after apply)
      + scheduling_strategy                = "REPLICA"
      + tags                               = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Name"        = "arc-prod-cluster-backstage"
          + "Project"     = "arc"
        }
      + tags_all                           = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Name"        = "arc-prod-cluster-backstage"
          + "Project"     = "arc"
        }
      + task_definition                    = (known after apply)
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + load_balancer {
          + container_name   = "arc-prod-cluster-backstage"
          + container_port   = 7007
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = (known after apply)
          + subnets          = [
              + "subnet-06c044cd5a6fbb140",
              + "subnet-0a523ebf5dbcad83c",
            ]
        }
    }

  # module.backstage.aws_ecs_task_definition.this will be created
  + resource "aws_ecs_task_definition" "this" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = jsonencode(
            [
              + {
                  + environment            = [
                      + {
                          + name  = "BASE_URL"
                          + value = "https://dx.arc-prod.link"
                        },
                      + {
                          + name  = "ENVIRONMENT"
                          + value = "production"
                        },
                      + {
                          + name  = "FRONTEND_BASE_URL"
                          + value = "https://dx.arc-prod.link"
                        },
                    ]
                  + essential              = true
                  + image                  = "235465132804.dkr.ecr.us-east-1.amazonaws.com/sourcefuse-backstage:latest"
                  + interactive            = false
                  + logConfiguration       = {
                      + logDriver = "awslogs"
                      + options   = {
                          + awslogs-group         = "/ecs/backstage/arc-prod-cluster-backstage"
                          + awslogs-region        = "us-east-1"
                          + awslogs-stream-prefix = "ecs"
                        }
                    }
                  + name                   = "arc-prod-cluster-backstage"
                  + portMappings           = [
                      + {
                          + containerPort = 7007
                          + hostPort      = 7007
                        },
                    ]
                  + privileged             = false
                  + pseudoTerminal         = false
                  + readonlyRootFilesystem = false
                  + secrets                = [
                      + {
                          + name      = "ENABLE_GITHUB_SYNC"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-SPbnDX:ENABLE_GITHUB_SYNC::"
                        },
                      + {
                          + name      = "POSTGRES_USER"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-SPbnDX:POSTGRES_USER::"
                        },
                      + {
                          + name      = "POSTGRES_PASSWORD"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-SPbnDX:POSTGRES_PASSWORD::"
                        },
                      + {
                          + name      = "GITHUB_TOKEN"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-SPbnDX:GITHUB_TOKEN::"
                        },
                      + {
                          + name      = "AUTH_GITHUB_CLIENT_ID"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-SPbnDX:AUTH_GITHUB_CLIENT_ID::"
                        },
                      + {
                          + name      = "AUTH_GITHUB_CLIENT_SECRET"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-SPbnDX:AUTH_GITHUB_CLIENT_SECRET::"
                        },
                      + {
                          + name      = "POSTGRES_HOST"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-SPbnDX:POSTGRES_HOST::"
                        },
                      + {
                          + name      = "POSTGRES_PORT"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-SPbnDX:POSTGRES_PORT::"
                        },
                      + {
                          + name      = "INTEGRATION_GITHUB_APP_ID"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-SPbnDX:INTEGRATION_GITHUB_APP_ID::"
                        },
                      + {
                          + name      = "INTEGRATION_GITHUB_WEBHOOK_URL"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-SPbnDX:INTEGRATION_GITHUB_WEBHOOK_URL::"
                        },
                      + {
                          + name      = "INTEGRATION_GITHUB_CLIENT_ID"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-SPbnDX:INTEGRATION_GITHUB_CLIENT_ID::"
                        },
                      + {
                          + name      = "INTEGRATION_GITHUB_CLIENT_SECRET"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-SPbnDX:INTEGRATION_GITHUB_CLIENT_SECRET::"
                        },
                      + {
                          + name      = "INTEGRATION_GITHUB_WEBHOOK_SECRET"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-SPbnDX:INTEGRATION_GITHUB_WEBHOOK_SECRET::"
                        },
                      + {
                          + name      = "INTEGRATION_GITHUB_PRIVATE_KEY"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-private-key-B26BqK"
                        },
                    ]
                  + startTimeout           = 30
                  + stopTimeout            = 30
                },
            ]
        )
      + cpu                      = "2048"
      + execution_role_arn       = (known after apply)
      + family                   = "arc-prod-cluster-backstage"
      + id                       = (known after apply)
      + memory                   = "4096"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags                     = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Name"        = "arc-prod-cluster-backstage"
          + "Project"     = "arc"
        }
      + tags_all                 = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Name"        = "arc-prod-cluster-backstage"
          + "Project"     = "arc"
        }
    }

  # module.backstage.aws_iam_policy.secrets_manager_read_policy will be created
  + resource "aws_iam_policy" "secrets_manager_read_policy" {
      + arn         = (known after apply)
      + id          = (known after apply)
      + name        = "backstage-prod-secrets-manager-ro"
      + name_prefix = (known after apply)
      + path        = "/"
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "secretsmanager:GetSecretValue",
                        ]
                      + Effect   = "Allow"
                      + Resource = [
                          + "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-SPbnDX",
                          + "arn:aws:secretsmanager:us-east-1:235465132804:secret:arc/prod/sf-arc-prod-backstage-private-key-B26BqK",
                        ]
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + policy_id   = (known after apply)
      + tags        = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Name"        = "backstage-prod-secrets-manager-ro"
          + "Project"     = "arc"
        }
      + tags_all    = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Name"        = "backstage-prod-secrets-manager-ro"
          + "Project"     = "arc"
        }
    }

  # module.backstage.aws_iam_role.execution will be created
  + resource "aws_iam_role" "execution" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ecs-tasks.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "backstage-prod-execution"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + role_last_used        = (known after apply)
      + tags                  = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Name"        = "backstage-prod-execution"
          + "Project"     = "arc"
        }
      + tags_all              = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Name"        = "backstage-prod-execution"
          + "Project"     = "arc"
        }
      + unique_id             = (known after apply)
    }

  # module.backstage.aws_iam_role_policy_attachment.execution["arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"] will be created
  + resource "aws_iam_role_policy_attachment" "execution" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
      + role       = "backstage-prod-execution"
    }

  # module.backstage.aws_iam_role_policy_attachment.secrets_manager_read will be created
  + resource "aws_iam_role_policy_attachment" "secrets_manager_read" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "backstage-prod-execution"
    }

  # module.backstage.aws_lb_listener_rule.forward will be created
  + resource "aws_lb_listener_rule" "forward" {
      + arn          = (known after apply)
      + id           = (known after apply)
      + listener_arn = (sensitive value)
      + priority     = (known after apply)
      + tags         = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Project"     = "arc"
        }
      + tags_all     = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Project"     = "arc"
        }

      + action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }

      + condition {
          + host_header {
              + values = [
                  + "dx.arc-prod.link",
                ]
            }
        }
    }

  # module.backstage.aws_lb_target_group.this will be created
  + resource "aws_lb_target_group" "this" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = false
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_cross_zone_enabled  = (known after apply)
      + name                               = "arc-prod-cluster-backstage"
      + port                               = 7007
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Name"        = "arc-prod-cluster-backstage"
          + "Project"     = "arc"
        }
      + tags_all                           = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Name"        = "arc-prod-cluster-backstage"
          + "Project"     = "arc"
        }
      + target_type                        = "ip"
      + vpc_id                             = "vpc-08334efe26765767d"

      + health_check {
          + enabled             = true
          + healthy_threshold   = 3
          + interval            = 30
          + matcher             = "200-499"
          + path                = "/healthcheck"
          + port                = "traffic-port"
          + protocol            = "HTTP"
          + timeout             = 3
          + unhealthy_threshold = 2
        }
    }

  # module.backstage.aws_route53_record.this["dx.arc-prod.link"] will be created
  + resource "aws_route53_record" "this" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "dx.arc-prod.link"
      + type            = "A"
      + zone_id         = "Z00714041GXNYJ5LNPZBF"

      + alias {
          + evaluate_target_health = false
          + name                   = (sensitive value)
          + zone_id                = (sensitive value)
        }
    }

  # module.backstage.aws_security_group.this will be created
  + resource "aws_security_group" "this" {
      + arn                    = (known after apply)
      + description            = "Backstage security group for traffic between the ALB and the ECS tasks."
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = []
              + description      = ""
              + from_port        = 7007
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = [
                  + "sg-027dded4462397b99",
                ]
              + self             = false
              + to_port          = 7007
            },
        ]
      + name                   = "arc-prod-cluster-backstage"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Name"        = "arc-prod-cluster-backstage"
          + "Project"     = "arc"
        }
      + tags_all               = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Name"        = "arc-prod-cluster-backstage"
          + "Project"     = "arc"
        }
      + vpc_id                 = "vpc-08334efe26765767d"
    }

  # module.backstage.module.backstage_container_definition.aws_cloudwatch_log_group.this[0] will be created
  + resource "aws_cloudwatch_log_group" "this" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + name              = "/ecs/backstage/arc-prod-cluster-backstage"
      + name_prefix       = (known after apply)
      + retention_in_days = 90
      + skip_destroy      = false
      + tags              = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Project"     = "arc"
        }
      + tags_all          = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Project"     = "arc"
        }
    }

  # module.backstage.module.ecs_service_autoscaling.aws_appautoscaling_policy.scale_down_policy will be created
  + resource "aws_appautoscaling_policy" "scale_down_policy" {
      + alarm_arns         = (known after apply)
      + arn                = (known after apply)
      + id                 = (known after apply)
      + name               = "arc-prod-cluster-backstage-scale-down-policy"
      + policy_type        = "StepScaling"
      + resource_id        = "service/arc-prod-cluster/arc-prod-cluster-backstage"
      + scalable_dimension = "ecs:service:DesiredCount"
      + service_namespace  = "ecs"

      + step_scaling_policy_configuration {
          + adjustment_type         = "ChangeInCapacity"
          + cooldown                = 60
          + metric_aggregation_type = "Maximum"

          + step_adjustment {
              + metric_interval_upper_bound = "0"
              + scaling_adjustment          = -1
            }
        }
    }

  # module.backstage.module.ecs_service_autoscaling.aws_appautoscaling_policy.scale_up_policy will be created
  + resource "aws_appautoscaling_policy" "scale_up_policy" {
      + alarm_arns         = (known after apply)
      + arn                = (known after apply)
      + id                 = (known after apply)
      + name               = "arc-prod-cluster-backstage-scale-up-policy"
      + policy_type        = "StepScaling"
      + resource_id        = "service/arc-prod-cluster/arc-prod-cluster-backstage"
      + scalable_dimension = "ecs:service:DesiredCount"
      + service_namespace  = "ecs"

      + step_scaling_policy_configuration {
          + adjustment_type         = "ChangeInCapacity"
          + cooldown                = 60
          + metric_aggregation_type = "Maximum"

          + step_adjustment {
              + metric_interval_lower_bound = "0"
              + scaling_adjustment          = 1
            }
        }
    }

  # module.backstage.module.ecs_service_autoscaling.aws_appautoscaling_target.scale_target will be created
  + resource "aws_appautoscaling_target" "scale_target" {
      + arn                = (known after apply)
      + id                 = (known after apply)
      + max_capacity       = 6
      + min_capacity       = 1
      + resource_id        = "service/arc-prod-cluster/arc-prod-cluster-backstage"
      + role_arn           = (known after apply)
      + scalable_dimension = "ecs:service:DesiredCount"
      + service_namespace  = "ecs"
      + tags_all           = (known after apply)
    }

  # module.backstage.module.ecs_service_autoscaling.aws_cloudwatch_metric_alarm.cpu_high will be created
  + resource "aws_cloudwatch_metric_alarm" "cpu_high" {
      + actions_enabled                       = true
      + alarm_actions                         = (known after apply)
      + alarm_name                            = "arc-prod-cluster-backstage-cpu-high"
      + arn                                   = (known after apply)
      + comparison_operator                   = "GreaterThanOrEqualToThreshold"
      + dimensions                            = {
          + "ClusterName" = "arc-prod-cluster"
          + "ServiceName" = "arc-prod-cluster-backstage"
        }
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 3
      + id                                    = (known after apply)
      + metric_name                           = "CPUUtilization"
      + namespace                             = "AWS/ECS"
      + period                                = 60
      + statistic                             = "Maximum"
      + tags                                  = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Project"     = "arc"
        }
      + tags_all                              = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Project"     = "arc"
        }
      + threshold                             = 85
      + treat_missing_data                    = "missing"
    }

  # module.backstage.module.ecs_service_autoscaling.aws_cloudwatch_metric_alarm.cpu_low will be created
  + resource "aws_cloudwatch_metric_alarm" "cpu_low" {
      + actions_enabled                       = true
      + alarm_actions                         = (known after apply)
      + alarm_name                            = "arc-prod-cluster-backstage-cpu-low"
      + arn                                   = (known after apply)
      + comparison_operator                   = "LessThanOrEqualToThreshold"
      + dimensions                            = {
          + "ClusterName" = "arc-prod-cluster"
          + "ServiceName" = "arc-prod-cluster-backstage"
        }
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 3
      + id                                    = (known after apply)
      + metric_name                           = "CPUUtilization"
      + namespace                             = "AWS/ECS"
      + period                                = 60
      + statistic                             = "Average"
      + tags                                  = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Project"     = "arc"
        }
      + tags_all                              = {
          + "Environment" = "prod"
          + "MonoRepo"    = "False"
          + "Project"     = "arc"
        }
      + threshold                             = 10
      + treat_missing_data                    = "missing"
    }

Plan: 16 to add, 0 to change, 0 to destroy.

@tsaucier-sf tsaucier-sf merged commit 3b921ad into main Jan 5, 2024
1 of 2 checks passed
@tsaucier-sf tsaucier-sf deleted the feature/ci-cd branch January 5, 2024 20:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jamescrowley321 jamescrowley321 Awaiting requested review from jamescrowley321

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tsaucier-sf