SP-2064 - Integrate with Dev Slack Workspace #minor (#263)

* SP-2064 - Add AWS Dev Config for Django #minor * SP-2064 - Make Dev/Prod individually configurable #minor * SP-2064 - Fix Branch Versions #patch * SP-2064 - Make dev the default config #patch
ministryofjustice · Apr 25, 2024 · afb55df · afb55df
1 parent 2bfef79
commit afb55df
Show file tree

Hide file tree

Showing 12 changed files with 76 additions and 32 deletions.
diff --git a/.github/workflows/build_containers.yml b/.github/workflows/build_containers.yml
@@ -58,8 +58,12 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Extract branch name
-        shell: bash
-        run: echo "##[set-output name=branch;]$(echo ${GITHUB_HEAD_REF#refs/heads/})"
+        run: |
+          if [ "${{ github.head_ref }}" == "" ]; then
+            echo BRANCH_NAME=main >> $GITHUB_ENV
+          else
+            echo BRANCH_NAME=$(echo ${{ github.head_ref }} | sed 's/\//-/g') >> $GITHUB_ENV
+          fi
         id: extract_branch
 
       - name: Bump version and push tag
@@ -69,7 +73,8 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           INITIAL_VERSION: 1.0.0
           DEFAULT_BUMP: minor
-          PRERELEASE_SUFFIX: ${{ steps.extract_branch.outputs.branch }}
+          PRERELEASE: true
+          PRERELEASE_SUFFIX: ${{ env.BRANCH_NAME }}
           RELEASE_BRANCHES: main
           WITH_V: true
 

diff --git a/opgincidentresponse/settings/aws-dev.py b/opgincidentresponse/settings/aws-dev.py
@@ -0,0 +1,21 @@
+import os
+
+from .base import *  # noqa: F401, F403
+
+SITE_URL = os.environ.get("SITE_URL")
+
+DEBUG = False
+
+DATABASES = {
+    "default": {
+        "ENGINE": "django.db.backends.postgresql",
+        "HOST": os.environ.get("DB_HOST"),
+        "PORT": os.environ.get("DB_PORT"),
+        "USER": os.environ.get("DB_USER"),
+        "NAME": os.environ.get("DB_NAME"),
+        "PASSWORD": os.environ.get("DB_PASSWORD"),
+        "OPTIONS": {"sslmode": os.getenv("DB_SSL_MODE", "disable")},
+    }
+}
+
+RESPONSE_LOGIN_REQUIRED = False
diff --git a/terraform/access_logs.tf b/terraform/access_logs.tf
@@ -23,7 +23,7 @@ data "aws_iam_policy_document" "loadbalancer" {
 }
 
 resource "aws_s3_bucket" "access_log" {
-  bucket        = "incident-response-${terraform.workspace}-lb-access-log"
+  bucket        = "incident-response-${local.environment}-lb-access-log"
   force_destroy = true
 }
 

diff --git a/terraform/aurora.tf b/terraform/aurora.tf
@@ -1,5 +1,5 @@
 resource "aws_rds_cluster" "db" {
-  cluster_identifier           = "response-${terraform.workspace}"
+  cluster_identifier           = "response-${local.environment}"
   apply_immediately            = true
   availability_zones           = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
   backup_retention_period      = 14
@@ -8,7 +8,7 @@ resource "aws_rds_cluster" "db" {
   deletion_protection          = true
   engine                       = "aurora-postgresql"
   engine_mode                  = "serverless"
-  final_snapshot_identifier    = "response-${terraform.workspace}-final-snapshot"
+  final_snapshot_identifier    = "response-${local.environment}-final-snapshot"
   kms_key_id                   = data.aws_kms_key.rds.arn
   master_username              = "response"
   master_password              = data.aws_secretsmanager_secret_version.database_password.secret_string
@@ -27,10 +27,10 @@ resource "aws_rds_cluster" "db" {
 }
 
 resource "aws_security_group" "response_rds" {
-  name        = "response-rds-${terraform.workspace}"
+  name        = "response-rds-${local.environment}"
   description = "response rds access"
   vpc_id      = data.aws_vpc.default.id
-  tags        = { "Name" = "response-api-${terraform.workspace}" }
+  tags        = { "Name" = "response-api-${local.environment}" }
 }
 
 resource "aws_security_group_rule" "response_rds_ecs_task" {

diff --git a/terraform/data_sources.tf b/terraform/data_sources.tf
@@ -33,5 +33,5 @@ data "aws_kms_key" "rds" {
 }
 
 data "aws_db_subnet_group" "data_persitance_subnet_group" {
-  name = "data-persitance-subnet-${terraform.workspace}"
+  name = "data-persitance-subnet-${local.environment}"
 }
diff --git a/terraform/dns.tf b/terraform/dns.tf
@@ -1,5 +1,5 @@
 locals {
-  dns_prefix = lookup(local.dns_prefixes, terraform.workspace, "incident")
+  dns_prefix = lookup(local.dns_prefixes, local.environment, "incident")
   dns_suffix = "opg.service.justice.gov.uk"
   dns_name   = "${local.dns_prefix}.${local.dns_suffix}"
 }

diff --git a/terraform/ecs-task-definition.tf b/terraform/ecs-task-definition.tf
@@ -1,4 +1,21 @@
-
+locals {
+  config = {
+    development = {
+      django_settings       = "opgincidentresponse.settings.aws-dev"
+      incident_bot_id       = "A070M293JRY"
+      incident_bot_name     = "opg-incident-response-development"
+      incident_channel_name = "incident-response"
+      number_of_tasks       = 0
+    }
+    production = {
+      django_settings       = "opgincidentresponse.settings.prod"
+      incident_bot_id       = "A01CXL45ZE1"
+      incident_bot_name     = "opgincidentresponse"
+      incident_channel_name = "opg-incident"
+      number_of_tasks       = 1
+    }
+  }
+}
 resource "aws_ecs_task_definition" "response" {
   family                   = "response"
   requires_compatibilities = ["FARGATE"]
@@ -77,24 +94,23 @@ locals {
     }],
     environment = [{
       name  = "DJANGO_SETTINGS_MODULE",
-      value = "opgincidentresponse.settings.prod"
+      value = local.config[local.environment]["django_settings"]
       },
       {
         name  = "INCIDENT_BOT_NAME",
-        value = "opgincidentresponse"
+        value = local.config[local.environment]["incident_bot_name"]
       },
-
       {
         name  = "INCIDENT_BOT_ID",
-        value = "A01CXL45ZE1"
+        value = local.config[local.environment]["incident_bot_id"]
       },
       {
         name  = "INCIDENT_CHANNEL_NAME",
-        value = "opg-incident"
+        value = local.config[local.environment]["incident_channel_name"]
       },
       {
         name  = "INCIDENT_REPORT_CHANNEL_NAME",
-        value = "opg-incident"
+        value = local.config[local.environment]["incident_channel_name"]
       },
       {
         name  = "DB_HOST",

diff --git a/terraform/ecs.tf b/terraform/ecs.tf
@@ -6,7 +6,7 @@ resource "aws_ecs_service" "service" {
   name                  = "response"
   cluster               = aws_ecs_cluster.cluster.id
   task_definition       = aws_ecs_task_definition.response.arn
-  desired_count         = 1
+  desired_count         = local.config[local.environment]["number_of_tasks"]
   launch_type           = "FARGATE"
   platform_version      = "1.4.0"
   depends_on            = [aws_lb.loadbalancer]

diff --git a/terraform/loadbalancer.tf b/terraform/loadbalancer.tf
@@ -1,5 +1,5 @@
 resource "aws_lb" "loadbalancer" {
-  name               = "incident-response-${terraform.workspace}"
+  name               = "incident-response-${local.environment}"
   internal           = false
   load_balancer_type = "application"
   subnets            = data.aws_subnets.public.ids

diff --git a/terraform/secrets.tf b/terraform/secrets.tf
@@ -1,43 +1,43 @@
 resource "aws_secretsmanager_secret" "slack_token" {
-  name = "response/${terraform.workspace}/slack-token"
+  name = "response/${local.environment}/slack-token"
 }
 
 resource "aws_secretsmanager_secret" "slack_signing_key" {
-  name = "response/${terraform.workspace}/slack-signing-key"
+  name = "response/${local.environment}/slack-signing-key"
 }
 
 resource "aws_secretsmanager_secret" "slack_team_id" {
-  name = "response/${terraform.workspace}/slack-team-id"
+  name = "response/${local.environment}/slack-team-id"
 }
 
 resource "aws_secretsmanager_secret" "database_password" {
-  name = "response/${terraform.workspace}/rds-password"
+  name = "response/${local.environment}/rds-password"
 }
 
 data "aws_secretsmanager_secret_version" "database_password" {
   secret_id = aws_secretsmanager_secret.database_password.id
 }
 
 resource "aws_secretsmanager_secret" "django_secret_key" {
-  name = "response/${terraform.workspace}/django-secret-key"
+  name = "response/${local.environment}/django-secret-key"
 }
 
 resource "aws_secretsmanager_secret" "github_client_id" {
-  name = "response/${terraform.workspace}/github-client-id"
+  name = "response/${local.environment}/github-client-id"
 }
 
 resource "aws_secretsmanager_secret" "github_client_secret" {
-  name = "response/${terraform.workspace}/github-client-secret"
+  name = "response/${local.environment}/github-client-secret"
 }
 
 resource "aws_secretsmanager_secret" "statuspage_io_page_id" {
-  name = "response/${terraform.workspace}/statuspageio-page-id"
+  name = "response/${local.environment}/statuspageio-page-id"
 }
 
 resource "aws_secretsmanager_secret" "statuspage_io_api_key" {
-  name = "response/${terraform.workspace}/statuspageio-api-key"
+  name = "response/${local.environment}/statuspageio-api-key"
 }
 
 resource "aws_secretsmanager_secret" "pagerduty_api_key" {
-  name = "response/${terraform.workspace}/pagerduty-api-key"
+  name = "response/${local.environment}/pagerduty-api-key"
 }
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -9,11 +9,13 @@ locals {
     "production"  = "incident"
   }
 
+  environment = terraform.workspace == "production" ? "production" : "development"
+
   mandatory_moj_tags = {
     business-unit    = "OPG"
     application      = "opg-incident-response"
-    environment-name = terraform.workspace
-    is-production    = tostring(terraform.workspace == "production" ? true : false)
+    environment-name = local.environment
+    is-production    = tostring(local.environment == "production" ? true : false)
     owner            = "OPG Webops: [email protected]"
   }
 

diff --git a/terraform/versions.tf b/terraform/versions.tf
@@ -21,7 +21,7 @@ provider "aws" {
   region = "eu-west-1"
 
   assume_role {
-    role_arn     = "arn:aws:iam::${lookup(local.accounts, terraform.workspace, local.accounts["development"])}:role/${var.default_role}"
+    role_arn     = "arn:aws:iam::${lookup(local.accounts, local.environment, local.accounts["development"])}:role/${var.default_role}"
     session_name = "terraform-session"
   }