diff --git a/.github/workflows/build_containers.yml b/.github/workflows/build_containers.yml index 72cc196..285d3a7 100644 --- a/.github/workflows/build_containers.yml +++ b/.github/workflows/build_containers.yml @@ -58,8 +58,12 @@ jobs: uses: actions/checkout@v4 - name: Extract branch name - shell: bash - run: echo "##[set-output name=branch;]$(echo ${GITHUB_HEAD_REF#refs/heads/})" + run: | + if [ "${{ github.head_ref }}" == "" ]; then + echo BRANCH_NAME=main >> $GITHUB_ENV + else + echo BRANCH_NAME=$(echo ${{ github.head_ref }} | sed 's/\//-/g') >> $GITHUB_ENV + fi id: extract_branch - name: Bump version and push tag @@ -69,7 +73,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} INITIAL_VERSION: 1.0.0 DEFAULT_BUMP: minor - PRERELEASE_SUFFIX: ${{ steps.extract_branch.outputs.branch }} + PRERELEASE: true + PRERELEASE_SUFFIX: ${{ env.BRANCH_NAME }} RELEASE_BRANCHES: main WITH_V: true diff --git a/opgincidentresponse/settings/aws-dev.py b/opgincidentresponse/settings/aws-dev.py new file mode 100644 index 0000000..f4f80e7 --- /dev/null +++ b/opgincidentresponse/settings/aws-dev.py @@ -0,0 +1,21 @@ +import os + +from .base import * # noqa: F401, F403 + +SITE_URL = os.environ.get("SITE_URL") + +DEBUG = False + +DATABASES = { + "default": { + "ENGINE": "django.db.backends.postgresql", + "HOST": os.environ.get("DB_HOST"), + "PORT": os.environ.get("DB_PORT"), + "USER": os.environ.get("DB_USER"), + "NAME": os.environ.get("DB_NAME"), + "PASSWORD": os.environ.get("DB_PASSWORD"), + "OPTIONS": {"sslmode": os.getenv("DB_SSL_MODE", "disable")}, + } +} + +RESPONSE_LOGIN_REQUIRED = False diff --git a/terraform/access_logs.tf b/terraform/access_logs.tf index 9223158..a6cc616 100644 --- a/terraform/access_logs.tf +++ b/terraform/access_logs.tf @@ -23,7 +23,7 @@ data "aws_iam_policy_document" "loadbalancer" { } resource "aws_s3_bucket" "access_log" { - bucket = "incident-response-${terraform.workspace}-lb-access-log" + bucket = "incident-response-${local.environment}-lb-access-log" force_destroy = true } diff --git a/terraform/aurora.tf b/terraform/aurora.tf index bd8b38f..ae68ec3 100644 --- a/terraform/aurora.tf +++ b/terraform/aurora.tf @@ -1,5 +1,5 @@ resource "aws_rds_cluster" "db" { - cluster_identifier = "response-${terraform.workspace}" + cluster_identifier = "response-${local.environment}" apply_immediately = true availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] backup_retention_period = 14 @@ -8,7 +8,7 @@ resource "aws_rds_cluster" "db" { deletion_protection = true engine = "aurora-postgresql" engine_mode = "serverless" - final_snapshot_identifier = "response-${terraform.workspace}-final-snapshot" + final_snapshot_identifier = "response-${local.environment}-final-snapshot" kms_key_id = data.aws_kms_key.rds.arn master_username = "response" master_password = data.aws_secretsmanager_secret_version.database_password.secret_string @@ -27,10 +27,10 @@ resource "aws_rds_cluster" "db" { } resource "aws_security_group" "response_rds" { - name = "response-rds-${terraform.workspace}" + name = "response-rds-${local.environment}" description = "response rds access" vpc_id = data.aws_vpc.default.id - tags = { "Name" = "response-api-${terraform.workspace}" } + tags = { "Name" = "response-api-${local.environment}" } } resource "aws_security_group_rule" "response_rds_ecs_task" { diff --git a/terraform/data_sources.tf b/terraform/data_sources.tf index 0db74a7..db028e2 100644 --- a/terraform/data_sources.tf +++ b/terraform/data_sources.tf @@ -33,5 +33,5 @@ data "aws_kms_key" "rds" { } data "aws_db_subnet_group" "data_persitance_subnet_group" { - name = "data-persitance-subnet-${terraform.workspace}" + name = "data-persitance-subnet-${local.environment}" } diff --git a/terraform/dns.tf b/terraform/dns.tf index 2372a2c..996e695 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -1,5 +1,5 @@ locals { - dns_prefix = lookup(local.dns_prefixes, terraform.workspace, "incident") + dns_prefix = lookup(local.dns_prefixes, local.environment, "incident") dns_suffix = "opg.service.justice.gov.uk" dns_name = "${local.dns_prefix}.${local.dns_suffix}" } diff --git a/terraform/ecs-task-definition.tf b/terraform/ecs-task-definition.tf index f51318e..6095df7 100644 --- a/terraform/ecs-task-definition.tf +++ b/terraform/ecs-task-definition.tf @@ -1,4 +1,21 @@ - +locals { + config = { + development = { + django_settings = "opgincidentresponse.settings.aws-dev" + incident_bot_id = "A070M293JRY" + incident_bot_name = "opg-incident-response-development" + incident_channel_name = "incident-response" + number_of_tasks = 0 + } + production = { + django_settings = "opgincidentresponse.settings.prod" + incident_bot_id = "A01CXL45ZE1" + incident_bot_name = "opgincidentresponse" + incident_channel_name = "opg-incident" + number_of_tasks = 1 + } + } +} resource "aws_ecs_task_definition" "response" { family = "response" requires_compatibilities = ["FARGATE"] @@ -77,24 +94,23 @@ locals { }], environment = [{ name = "DJANGO_SETTINGS_MODULE", - value = "opgincidentresponse.settings.prod" + value = local.config[local.environment]["django_settings"] }, { name = "INCIDENT_BOT_NAME", - value = "opgincidentresponse" + value = local.config[local.environment]["incident_bot_name"] }, - { name = "INCIDENT_BOT_ID", - value = "A01CXL45ZE1" + value = local.config[local.environment]["incident_bot_id"] }, { name = "INCIDENT_CHANNEL_NAME", - value = "opg-incident" + value = local.config[local.environment]["incident_channel_name"] }, { name = "INCIDENT_REPORT_CHANNEL_NAME", - value = "opg-incident" + value = local.config[local.environment]["incident_channel_name"] }, { name = "DB_HOST", diff --git a/terraform/ecs.tf b/terraform/ecs.tf index 3d68a63..e23655b 100644 --- a/terraform/ecs.tf +++ b/terraform/ecs.tf @@ -6,7 +6,7 @@ resource "aws_ecs_service" "service" { name = "response" cluster = aws_ecs_cluster.cluster.id task_definition = aws_ecs_task_definition.response.arn - desired_count = 1 + desired_count = local.config[local.environment]["number_of_tasks"] launch_type = "FARGATE" platform_version = "1.4.0" depends_on = [aws_lb.loadbalancer] diff --git a/terraform/loadbalancer.tf b/terraform/loadbalancer.tf index 401190e..417296b 100644 --- a/terraform/loadbalancer.tf +++ b/terraform/loadbalancer.tf @@ -1,5 +1,5 @@ resource "aws_lb" "loadbalancer" { - name = "incident-response-${terraform.workspace}" + name = "incident-response-${local.environment}" internal = false load_balancer_type = "application" subnets = data.aws_subnets.public.ids diff --git a/terraform/secrets.tf b/terraform/secrets.tf index ad9f2b0..5cb4475 100644 --- a/terraform/secrets.tf +++ b/terraform/secrets.tf @@ -1,17 +1,17 @@ resource "aws_secretsmanager_secret" "slack_token" { - name = "response/${terraform.workspace}/slack-token" + name = "response/${local.environment}/slack-token" } resource "aws_secretsmanager_secret" "slack_signing_key" { - name = "response/${terraform.workspace}/slack-signing-key" + name = "response/${local.environment}/slack-signing-key" } resource "aws_secretsmanager_secret" "slack_team_id" { - name = "response/${terraform.workspace}/slack-team-id" + name = "response/${local.environment}/slack-team-id" } resource "aws_secretsmanager_secret" "database_password" { - name = "response/${terraform.workspace}/rds-password" + name = "response/${local.environment}/rds-password" } data "aws_secretsmanager_secret_version" "database_password" { @@ -19,25 +19,25 @@ data "aws_secretsmanager_secret_version" "database_password" { } resource "aws_secretsmanager_secret" "django_secret_key" { - name = "response/${terraform.workspace}/django-secret-key" + name = "response/${local.environment}/django-secret-key" } resource "aws_secretsmanager_secret" "github_client_id" { - name = "response/${terraform.workspace}/github-client-id" + name = "response/${local.environment}/github-client-id" } resource "aws_secretsmanager_secret" "github_client_secret" { - name = "response/${terraform.workspace}/github-client-secret" + name = "response/${local.environment}/github-client-secret" } resource "aws_secretsmanager_secret" "statuspage_io_page_id" { - name = "response/${terraform.workspace}/statuspageio-page-id" + name = "response/${local.environment}/statuspageio-page-id" } resource "aws_secretsmanager_secret" "statuspage_io_api_key" { - name = "response/${terraform.workspace}/statuspageio-api-key" + name = "response/${local.environment}/statuspageio-api-key" } resource "aws_secretsmanager_secret" "pagerduty_api_key" { - name = "response/${terraform.workspace}/pagerduty-api-key" + name = "response/${local.environment}/pagerduty-api-key" } diff --git a/terraform/variables.tf b/terraform/variables.tf index a5eee4a..5a6812a 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -9,11 +9,13 @@ locals { "production" = "incident" } + environment = terraform.workspace == "production" ? "production" : "development" + mandatory_moj_tags = { business-unit = "OPG" application = "opg-incident-response" - environment-name = terraform.workspace - is-production = tostring(terraform.workspace == "production" ? true : false) + environment-name = local.environment + is-production = tostring(local.environment == "production" ? true : false) owner = "OPG Webops: opgteam@digital.justice.gov.uk" } diff --git a/terraform/versions.tf b/terraform/versions.tf index 61ba4b2..aff3dc4 100644 --- a/terraform/versions.tf +++ b/terraform/versions.tf @@ -21,7 +21,7 @@ provider "aws" { region = "eu-west-1" assume_role { - role_arn = "arn:aws:iam::${lookup(local.accounts, terraform.workspace, local.accounts["development"])}:role/${var.default_role}" + role_arn = "arn:aws:iam::${lookup(local.accounts, local.environment, local.accounts["development"])}:role/${var.default_role}" session_name = "terraform-session" }