Tf tg cleanup

.github/workflows/deploy-production.yml

@@ -6,8 +6,8 @@ on:
         - published
 
 permissions:
-  id-token: write   # This is required for requesting the JWT
-  contents: read    # This is required for actions/checkout
+  id-token: write
+  contents: read
 
 jobs:
   production_deploy_plan:
@@ -59,10 +59,6 @@ jobs:
           TF_IN_AUTOMATION: true
           # get the image digest from the build job with optional override from vars context
           TF_VAR_image: ${{ vars.IMAGE || steps.set_image_digest.outputs.image_digest }}
-          # set the parameter name variables
-          TF_VAR_alb_parameter_name: ${{ env.ALB_PARAMETER_NAME }}
-          TF_VAR_ecr_parameter_name: ${{ vars.ECR_REPOSITORY }}
-          TF_VAR_rds_parameter_name: ${{ env.RDS_PARAMETER_NAME }}
 
   production_deploy_apply:
     runs-on: ubuntu-latest
@@ -114,7 +110,3 @@ jobs:
           TF_IN_AUTOMATION: true
           # get the image digest from the build job with optional override from vars context
           TF_VAR_image: ${{ vars.IMAGE || steps.set_image_digest.outputs.image_digest }}
-          # set the parameter name variables
-          TF_VAR_alb_parameter_name: ${{ env.ALB_PARAMETER_NAME }}
-          TF_VAR_ecr_parameter_name: ${{ vars.ECR_REPOSITORY }}
-          TF_VAR_rds_parameter_name: ${{ env.RDS_PARAMETER_NAME }}

.github/workflows/deploy-staging.yml

@@ -6,8 +6,8 @@ on:
       - master
 
 permissions:
-  id-token: write   # This is required for requesting the JWT
-  contents: read    # This is required for actions/checkout
+  id-token: write
+  contents: read
 
 jobs:
   build_test_push:
@@ -26,13 +26,6 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Setup Docker Structure Test
-        run: >
-          curl -LO
-          https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64
-          && chmod +x container-structure-test-linux-amd64 && sudo mv container-structure-test-linux-amd64
-          /usr/local/bin/container-structure-test
-
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
@@ -45,17 +38,6 @@ jobs:
         with:
           registry: ${{ vars.ECR_REGISTRY }}
 
-      - name: Build Docker Image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          load: true
-          tags: ${{ vars.ECR_REPOSITORY }}:latest
-
-      - name: Test Docker Image
-        run: |
-          container-structure-test test --image ${{ vars.ECR_REPOSITORY }}:latest --config tests/config.yaml
-
       - name: Build and Push Docker Image
         id: build_and_push
         uses: docker/build-push-action@v5
@@ -104,10 +86,6 @@ jobs:
           TF_IN_AUTOMATION: true
           # get the image digest from the build job with optional override from vars context
           TF_VAR_image: ${{ vars.IMAGE || needs.build_test_push.outputs.image_digest }}
-          # set the parameter name variables
-          TF_VAR_alb_parameter_name: ${{ env.ALB_PARAMETER_NAME }}
-          TF_VAR_ecr_parameter_name: ${{ vars.ECR_REPOSITORY }}
-          TF_VAR_rds_parameter_name: ${{ env.RDS_PARAMETER_NAME }}
 
   staging_deploy_apply:
     runs-on: ubuntu-latest
@@ -147,10 +125,6 @@ jobs:
           TF_IN_AUTOMATION: true
           # get the image digest from the build job with optional override from vars context
           TF_VAR_image: ${{ vars.IMAGE || needs.build_test_push.outputs.image_digest }}
-          # set the parameter name variables
-          TF_VAR_alb_parameter_name: ${{ env.ALB_PARAMETER_NAME }}
-          TF_VAR_ecr_parameter_name: ${{ vars.ECR_REPOSITORY }}
-          TF_VAR_rds_parameter_name: ${{ env.RDS_PARAMETER_NAME }}
 
   create_draft_release:
     name: Create Release

deploy/tf/ecs/ecs.tf

@@ -1,17 +1,27 @@
 locals {
   # set container definition variables with default fallback values from ssm if available
-  allowed_hosts            = var.allowed_hosts
-  allowed_cidr_nets        = coalesce(var.allowed_cidr_nets, local.private_subnet_cidrs)
-  django_secret_key        = var.django_secret_key
-  db_host                  = coalesce(var.db_host, local.rds_url)
-  db_name                  = var.db_name
-  db_user                  = var.db_user
-  db_secret_name           = var.db_secret_name
-  db_secret_region         = var.db_secret_region
-  s3_storage_bucket_name   = var.s3_storage_bucket_name
-  s3_storage_bucket_region = var.s3_storage_bucket_region
-
-  ecr_registry = split("/", local.ecr_repository_url)[0]
+  app_vars = {
+    allowed_hosts            = var.allowed_hosts
+    allowed_cidr_nets        = coalesce(var.allowed_cidr_nets, local.private_subnet_cidrs)
+    django_secret_key        = var.django_secret_key
+    db_host                  = coalesce(var.db_host, local.rds_url)
+    db_name                  = var.db_name
+    db_user                  = var.db_user
+    db_secret_name           = var.db_secret_name
+    db_secret_region         = var.db_secret_region
+    s3_storage_bucket_name   = var.s3_storage_bucket_name
+    s3_storage_bucket_region = var.s3_storage_bucket_region
+  }
+
+  nginx_vars = {
+    app_host    = "127.0.0.1"
+    app_port    = 9000
+    listen_port = var.container_port
+  }
+
+  app_container_vars   = [for k, v in local.app_vars : { name = upper(k), value = v }]
+  nginx_container_vars = [for k, v in local.nginx_vars : { name = upper(k), value = v }]
+  ecr_registry         = split("/", local.ecr_repository_url)[0]
 }
 
 module "ecs" {
@@ -67,30 +77,19 @@ module "ecs" {
 
       # Container definition(s)
       container_definitions = {
-        api = {
-          name  = "api"
+        app = {
+          name  = var.container_name
           image = startswith(var.image, "sha256") ? "${local.ecr_repository_url}@${var.image}" : "${local.ecr_repository_url}:${var.image}"
           health_check = {
             command = ["CMD-SHELL", "uwsgi-is-ready --stats-socket /tmp/statsock > /dev/null 2>&1 || exit 1"]
           }
           readonly_root_filesystem = false
           essential                = true
           memory_reservation       = 256
-          environment = [
-            { name = "ALLOWED_HOSTS", value = local.allowed_hosts },
-            { name = "ALLOWED_CIDR_NETS", value = local.allowed_cidr_nets },
-            { name = "DJANGO_SECRET_KEY", value = local.django_secret_key },
-            { name = "DB_HOST", value = local.db_host },
-            { name = "DB_NAME", value = local.db_name },
-            { name = "DB_USER", value = local.db_user },
-            { name = "DB_SECRET_NAME", value = local.db_secret_name },
-            { name = "DB_SECRET_REGION", value = local.db_secret_region },
-            { name = "S3_STORAGE_BUCKET_NAME", value = local.s3_storage_bucket_name },
-            { name = "S3_STORAGE_BUCKET_REGION", value = local.s3_storage_bucket_region }
-          ]
+          environment              = local.app_container_vars
           port_mappings = [
             {
-              name          = "api"
+              name          = var.container_name
               containerPort = 9000
               hostPort      = 9000
             }
@@ -103,20 +102,16 @@ module "ecs" {
             }
           ]
         }
-        proxy = {
-          name  = "proxy"
+        nginx = {
+          name  = "nginx"
           image = "${local.ecr_registry}/nginx-proxy:latest"
           health_check = {
             command = ["CMD-SHELL", "curl -so /dev/null http://localhost/health || exit 1"]
           }
           readonly_root_filesystem = false
           essential                = true
           memory_reservation       = 256
-          environment = [
-            { name = "APP_HOST", value = "127.0.0.1" },
-            { name = "APP_PORT", value = 9000 },
-            { name = "LISTEN_PORT", value = var.container_port }
-          ]
+          environment              = local.nginx_container_vars
           port_mappings = [
             {
               name          = "nginx"
@@ -142,7 +137,7 @@ module "ecs" {
       load_balancer = {
         service = {
           target_group_arn = aws_lb_target_group.app.arn
-          container_name   = "proxy"
+          container_name   = "nginx"
           container_port   = var.container_port
         }
       }

deploy/tf/ecs/vars-shared.tf

@@ -25,6 +25,12 @@ variable "app_hostnames" {
   type        = list(string)
 }
 
+variable "container_name" {
+  description = "The name of the primary application container"
+  type        = string
+  default     = "app"
+}
+
 variable "container_port" {
   description = "The port to expose to the load balancer on the container"
   type        = number

deploy/tg/ecs/terragrunt.hcl

@@ -20,6 +20,11 @@ inputs = {
   app_name    = get_env("APP_NAME")
   environment = local.global.environment
 
+  # fetch the ssm parameter names
+  alb_parameter_name = get_env("ALB_PARAMETER_NAME")
+  ecr_parameter_name = get_env("ECR_PARAMETER_NAME")
+  rds_parameter_name = get_env("RDS_PARAMETER_NAME")
+
   # DNS hostnames to associate with the container
   app_hostnames = ["api-${local.global.environment}"]
 

deploy/tg/terragrunt.hcl

@@ -3,7 +3,6 @@ locals {
   aws_region   = get_env("AWS_REGION")
   environment  = get_env("ENVIRONMENT")
   project_name = "sample-django-app"
-  repo_url     = run_cmd("--terragrunt-quiet", "sh", "-c", "git config --get remote.origin.url")
   state_bucket = "tfstate-${local.aws_account}-${local.aws_region}"
   state_key    = "apps/${local.project_name}/${local.environment}/${basename(get_terragrunt_dir())}.tfstate"
 }
@@ -21,7 +20,7 @@ provider "aws" {
       "ManagedBy" = "Apps - ${local.state_bucket}/${local.state_key}"
       "Owner" = "Platform Engineering"
       "Project" = "AODN Applications"
-      "Repository" = "${local.repo_url}"
+      "Repository" = "aodn/sample-django-app"
     }
   }
 }