From 9f099765ee8bd5b53db05b208a1f80bbe61dd6fc Mon Sep 17 00:00:00 2001 From: Rafael Leite <2132564+leite08@users.noreply.github.com> Date: Sun, 5 May 2024 13:16:29 -0500 Subject: [PATCH] fix(infra): add custom dockerfile for dev vs cloud - add custom dockerfile for dev vs cloud - reenable cicd - sandbo deployed after production Ref. metriport/metriport-internal#626 --- .github/workflows/deploy-production.yml | 21 +++++++++++++----- .github/workflows/deploy-sandbox.yml | 18 --------------- .github/workflows/deploy-staging.yml | 6 ++--- Dockerfile | 2 +- Dockerfile.dev | 29 +++++++++++++++++++++++++ docker-compose.yml | 4 +++- infra/README.md | 15 +++++++++++++ 7 files changed, 67 insertions(+), 28 deletions(-) delete mode 100644 .github/workflows/deploy-sandbox.yml create mode 100644 Dockerfile.dev diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml index d290846c1a4..5e8c5d86c53 100644 --- a/.github/workflows/deploy-production.yml +++ b/.github/workflows/deploy-production.yml @@ -1,13 +1,13 @@ -name: Deploy - Production +name: Deploy - PRODUCTION on: - # push: # a commit to the specified branches, if any - # branches: - # - master + push: # a commit to the specified branches, if any + branches: + - master workflow_dispatch: # manually executed by a user jobs: - deploy: + deploy-prod: uses: ./.github/workflows/_reusable_deploy.yml with: deploy_env: "production" @@ -16,3 +16,14 @@ jobs: AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_REGION: ${{ secrets.REGION_PRODUCTION }} INFRA_CONFIG: ${{ secrets.INFRA_CONFIG_PRODUCTION }} + + deploy-sandbox: + uses: ./.github/workflows/_reusable_deploy.yml + needs: [deploy-prod] + with: + deploy_env: "sandbox" + secrets: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_REGION: ${{ secrets.REGION_SANDBOX }} + INFRA_CONFIG: ${{ secrets.INFRA_CONFIG_SANDBOX }} diff --git a/.github/workflows/deploy-sandbox.yml b/.github/workflows/deploy-sandbox.yml deleted file mode 100644 index 676d2d7ad5d..00000000000 --- a/.github/workflows/deploy-sandbox.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: Deploy - Sandbox - -on: - # push: # a commit to the specified branches, if any - # branches: - # - master - workflow_dispatch: # manually executed by a user - -jobs: - deploy: - uses: ./.github/workflows/_reusable_deploy.yml - with: - deploy_env: "sandbox" - secrets: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: ${{ secrets.REGION_STAGING }} - INFRA_CONFIG: ${{ secrets.INFRA_CONFIG_STAGING }} diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index 42f555a19c7..91f023f2ced 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -1,9 +1,9 @@ name: Deploy - Staging on: - # push: # a commit to the specified branches, if any - # branches: - # - develop + push: # a commit to the specified branches, if any + branches: + - develop workflow_dispatch: # manually executed by a user jobs: diff --git a/Dockerfile b/Dockerfile index 5947974db25..accdf60a3c1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/arm64/v8 maven:3.9-eclipse-temurin-17 as build-fhir +FROM --platform=linux/amd64 maven:3.9-eclipse-temurin-17 as build-fhir WORKDIR /tmp/hapi-fhir-jpaserver-starter ARG OPENTELEMETRY_JAVA_AGENT_VERSION=1.17.0 diff --git a/Dockerfile.dev b/Dockerfile.dev new file mode 100644 index 00000000000..5947974db25 --- /dev/null +++ b/Dockerfile.dev @@ -0,0 +1,29 @@ +FROM --platform=linux/arm64/v8 maven:3.9-eclipse-temurin-17 as build-fhir +WORKDIR /tmp/hapi-fhir-jpaserver-starter + +ARG OPENTELEMETRY_JAVA_AGENT_VERSION=1.17.0 +RUN curl -LSsO https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v${OPENTELEMETRY_JAVA_AGENT_VERSION}/opentelemetry-javaagent.jar + +COPY pom.xml . +COPY server.xml . +RUN mvn -ntp dependency:go-offline + +COPY src/ ./src/ +RUN mvn clean install -DskipTests -Djdk.lang.Process.launchMechanism=vfork + +FROM build-fhir AS build-distroless +RUN mvn package spring-boot:repackage -Pboot +RUN mkdir /app && cp ./target/ROOT.war /app/main.war + +########### distroless brings focus on security and runs on plain spring boot - this is the default image +FROM gcr.io/distroless/java17-debian11:nonroot as default +# 65532 is the nonroot user's uid +# used here instead of the name to allow Kubernetes to easily detect that the container +# is running as a non-root (uid != 0) user. +USER 65532:65532 +WORKDIR /app + +COPY --chown=nonroot:nonroot --from=build-distroless /app /app +COPY --chown=nonroot:nonroot --from=build-fhir /tmp/hapi-fhir-jpaserver-starter/opentelemetry-javaagent.jar /app + +ENTRYPOINT ["java", "--class-path", "/app/main.war", "-Dloader.path=main.war!/WEB-INF/classes/,main.war!/WEB-INF/,/app/extra-classes", "org.springframework.boot.loader.PropertiesLauncher", "app/main.war"] diff --git a/docker-compose.yml b/docker-compose.yml index 7c4a5dce538..5b4943f5006 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,9 @@ version: "3" services: fhir-server: - build: . + build: + context: ./ + dockerfile: ./Dockerfile.dev container_name: fhir-server depends_on: fhir-postgres: diff --git a/infra/README.md b/infra/README.md index 323054a41e4..bc2052e9253 100644 --- a/infra/README.md +++ b/infra/README.md @@ -14,3 +14,18 @@ Run these commands on the terminal from the `./infra` folder of this repository: $ cdk bootstrap -c env= # only needs to be run once $ ./deploy.sh ``` + +### Updating the configuration + +Currently, the configuration is Base64 encoded and stored on GH secrets. + +```shell +$ base64 -i infra/config/staging.ts +$ base64 -i infra/config/production.ts +$ base64 -i infra/config/sandbox.ts +``` + +Copy the resulting strings and update the respective secrets: +- `INFRA_CONFIG_STAGING` +- `INFRA_CONFIG_PRODUCTION` +- `INFRA_CONFIG_SANDBOX` \ No newline at end of file