From 7dac7f4785d7b3705e69a413346389d72f7bc6f8 Mon Sep 17 00:00:00 2001 From: Robert Kibble Date: Wed, 16 Aug 2023 08:42:17 +0100 Subject: [PATCH 1/2] FS-3315 First pass of adding copilot configs --- .../dluhc-build-and-deploy-with-forms.yml | 67 ++++++++++++++++++- README.md | 19 ++++++ copilot/environments/test/manifest.yml | 29 ++++++++ copilot/fsd-form-runner/manifest.yml | 66 ++++++++++++++++++ 4 files changed, 178 insertions(+), 3 deletions(-) create mode 100644 copilot/environments/test/manifest.yml create mode 100644 copilot/fsd-form-runner/manifest.yml diff --git a/.github/workflows/dluhc-build-and-deploy-with-forms.yml b/.github/workflows/dluhc-build-and-deploy-with-forms.yml index 03a430e94c..9ee33d8c23 100644 --- a/.github/workflows/dluhc-build-and-deploy-with-forms.yml +++ b/.github/workflows/dluhc-build-and-deploy-with-forms.yml @@ -5,6 +5,21 @@ permissions: on: workflow_dispatch: + inputs: + environment: + description: Which AWS Account to use + type: choice + required: true + options: + - test + - uat + default: test + copilot: + description: Whether to deploy to AWS? + type: boolean + required: false + default: false + env: DOCKER_REGISTRY: ghcr.io @@ -47,6 +62,7 @@ jobs: COMMIT_SHA=:${{ github.sha }} deploy-and-test-dev: + if: ${{ !github.event.inputs.copilot }} needs: docker-build runs-on: ubuntu-latest steps: @@ -89,7 +105,7 @@ jobs: run-shared-tests_dev: needs: deploy-and-test-dev - if: ${{ github.actor != 'dependabot[bot]'}} + if: ${{ github.actor != 'dependabot[bot]'}} && ${{ !github.event.inputs.copilot }} uses: communitiesuk/funding-design-service-workflows/.github/workflows/run-shared-tests.yml@main with: perf_test_target_url_application_store: https://funding-service-design-application-store-dev.london.cloudapps.digital @@ -106,7 +122,7 @@ jobs: deploy-to-test: needs: deploy-and-test-dev - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && ${{ !github.event.inputs.copilot }} runs-on: ubuntu-latest steps: - name: checkout code @@ -125,7 +141,7 @@ jobs: run-shared-tests_test: needs: deploy-to-test - if: ${{ github.actor != 'dependabot[bot]' }} + if: ${{ github.actor != 'dependabot[bot]' }} && ${{ !github.event.inputs.copilot }} uses: communitiesuk/funding-design-service-workflows/.github/workflows/run-shared-tests.yml@main with: perf_test_target_url_application_store: https://funding-service-design-application-store-test.london.cloudapps.digital @@ -139,3 +155,48 @@ jobs: run_e2e_tests: true secrets: E2E_PAT: ${{secrets.E2E_PAT}} + + deploy-aws: + if: ${{ github.event.inputs.copilot }} + needs: docker-build + runs-on: ubuntu-latest + steps: + concurrency: deploy-${{ inputs.environment || 'test' }} + permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + runs-on: ubuntu-latest + environment: ${{ inputs.environment || 'test' }} + steps: + - name: Git clone the repository + uses: actions/checkout@v3 + + - name: Get current date + id: currentdatetime + run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT + + - name: configure aws credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GithubCopilotDeploy + role-session-name: FORMS_COPILOT_${{ steps.currentdatetime.outputs.datetime }} + aws-region: eu-west-2 + + - name: Install AWS Copilot CLI + run: | + curl -Lo aws-copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x aws-copilot && sudo mv aws-copilot /usr/local/bin/copilot + + - name: Inject Git SHA into manifest + run: | + yq -i '.variables.GITHUB_SHA = "${{ github.sha }}"' copilot/fsd-forms/manifest.yml + + - name: Inject replacement image into manifest + run: | + yq -i '.image.location = "${{env.IMAGE_REPO_PATH}}/${{env.IMAGE_NAME}}:sha-${{ github.sha }}"' copilot/fsd-forms/manifest.yml + +# - name: Run database migrations +# run: scripts/migration-task-script.py ${{ inputs.environment || 'test' }} + + - name: Copilot deploy + run: | + copilot deploy --env ${{ inputs.environment || 'test' }} diff --git a/README.md b/README.md index 1e34f3bb7c..cc39290656 100644 --- a/README.md +++ b/README.md @@ -135,3 +135,22 @@ Pre-requite for running smoke test are: 5. yarn install More details are on [Smoke Tests](./smoke-tests/README.md) + +## Copilot Initialisation + +Copilot is the deployment of the infrastructure configuration, which is all stored under the copilot folder. The manifest files have been pre-generated by running through various initialisation steps that create the manifest files by prompting a series of questions, but do not _deploy_ the infrastructure. + +For each AWS account, these commands will need to be run _once_ to initialise the environment: + +`copilot app init pre-award` - this links the pre-award app with the current service, and associates the next commands with the service. Essentially, this provides context for the service to run under + +``` +copilot init \ + --name fsd-form-runner \ + --app pre-award \ + --type 'Load Balanced Web Service' \ + --image "ghcr.io/${{github.repository_owner}}"/runner \ + --port 80 +``` + +This will initalise this service, using the current created image diff --git a/copilot/environments/test/manifest.yml b/copilot/environments/test/manifest.yml new file mode 100644 index 0000000000..e37b3697b2 --- /dev/null +++ b/copilot/environments/test/manifest.yml @@ -0,0 +1,29 @@ +# The manifest for the "test" environment. +# Read the full specification for the "Environment" type at: +# https://aws.github.io/copilot-cli/docs/manifest/environment/ + +# Your environment name will be used in naming your resources like VPC, cluster, etc. +name: test +type: Environment + +# Import your own VPC and subnets or configure how they should be created. +# Run this in uat/production only - in the test environments, these should be ad-hoc per deployment +network: + vpc: + id: 'vpc-0ca7bdd50d5dba428' + subnets: + public: + - id: 'subnet-0f1f40929bdabbcdd' + - id: 'subnet-0e686586655747458' + private: + - id: 'subnet-07f5736fe61f32266' + - id: 'subnet-054d3a0257e2c809d' + +# Configure the load balancers in your environment, once created. +# http: +# public: +# private: + +# Configure observability for your environment resources. +observability: + container_insights: false diff --git a/copilot/fsd-form-runner/manifest.yml b/copilot/fsd-form-runner/manifest.yml new file mode 100644 index 0000000000..e9eb8e8df8 --- /dev/null +++ b/copilot/fsd-form-runner/manifest.yml @@ -0,0 +1,66 @@ +# The manifest for the "form-runner" service. +# Read the full specification for the "Load Balanced Web Service" type at: +# https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/ +name: 'fsd-form-runner' +type: 'Load Balanced Web Service' + +# Distribute traffic to your service. +http: + # Requests to this path will be forwarded to your service. + # To match all requests you can use the "/" path. + path: '/' + # You can specify a custom health check path. The default is "/". + healthcheck: '/healthcheck' + +# Configuration for your containers and service. +image: + # Docker build arguments. For additional overrides: https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/#image-build + location: ghcr.io/communitiesuk/digital-form-builder-dluhc-runner:latest + # Port exposed through your container to route traffic to it. + port: 8080 + +# Valid values: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html +# Number of CPU units for the task. +cpu: 256 +# Amount of memory in MiB used by the task. +memory: 512 + +# See https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/#platform +platform: linux/x86_64 + +# Number of tasks that should be running in your service. +count: 1 + +# Enable running commands in your container. +exec: true + +network: + connect: true # Enable Service Connect for intra-environment traffic between services. + + # Override the network configuration with the public/private/data subnets built using terraform + # notification should be private (internal) + # vpc: + # placement: + # subnets: ["subnet-04851bdddcd8f5bbc", "subnet-0178ac1212c96b6c4"] + +# storage: + # readonly_fs: true # Limit to read-only access to mounted root filesystems. + +# Optional fields for more advanced use-cases. +# +# Pass environment variables as key value pairs. +variables: + # SENTRY_DSN: "https://8092c54bdc3a4b4ba124dea42b836504@o1432034.ingest.sentry.io/4503918903820288" + FLASK_ENV: ${COPILOT_ENVIRONMENT_NAME} + PORT: 8080 + +# You can override any of the values defined above by environment. +# environments: +# production: +# count: 2 # Number of tasks to run for the "prod" environment. +# variables: +# http: +# alias: funding-service-design-form-runner-production.apps.internal +# image: +# location: ghcr.io/communitiesuk/digital-form-builder-dluhc-runner:prod + From 9e4f06e5ccb79c8c36030d304ad4192d00dc96b4 Mon Sep 17 00:00:00 2001 From: Robert Kibble Date: Wed, 16 Aug 2023 08:52:33 +0100 Subject: [PATCH 2/2] Add correct alias --- copilot/fsd-form-runner/manifest.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/copilot/fsd-form-runner/manifest.yml b/copilot/fsd-form-runner/manifest.yml index e9eb8e8df8..9782e1f708 100644 --- a/copilot/fsd-form-runner/manifest.yml +++ b/copilot/fsd-form-runner/manifest.yml @@ -11,6 +11,7 @@ http: path: '/' # You can specify a custom health check path. The default is "/". healthcheck: '/healthcheck' + alias: form-runner.test.access-funding.test.levellingup.gov.uk # Configuration for your containers and service. image: