Move off lambda and to ECS

.github/workflows/deploy.yml

@@ -50,26 +50,17 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: eu-central-1
 
-  build-and-push-service:
-    runs-on: ubuntu-latest
-    permissions:
-      packages: write
-      contents: read
-
-    strategy:
-      fail-fast: false
-      matrix:
-        service:
-          - name: pycon-backend
-            dir: backend
-          - name: pretix
-            dir: pretix
-
+  build-pretix:
+    runs-on: [self-hosted]
     steps:
       - uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
-          fetch-depth: 0
+      - uses: actions/checkout@v4
+        with:
+          repository: pretix/pretix
+          ref: v2024.8.0
+          path: ./pretix-clone
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
@@ -79,56 +70,56 @@ jobs:
       - name: Get service githash
         id: git
         run: |
-          hash=$(git rev-list -1 HEAD -- ${{ matrix.service.dir }})
+          hash=$(git rev-list -1 HEAD -- pretix)
           echo "githash=$hash" >> $GITHUB_OUTPUT
       - name: Check if commit is already on ECR
         id: image
         run: |
           set +e
-          aws ecr describe-images --repository-name=pythonit/${{ matrix.service.name }} --image-ids=imageTag=${{ steps.git.outputs.githash }}
+          aws ecr describe-images --repository-name=pythonit/pretix --image-ids=imageTag=arm-${{ steps.git.outputs.githash }}
           if [[ $? == 0 ]]; then
             echo "image_exists=1" >> $GITHUB_OUTPUT
           else
             echo "image_exists=0" >> $GITHUB_OUTPUT
           fi
-      - name: Set up QEMU dependency
-        if: ${{ steps.image.outputs.image_exists == 0 }}
-        uses: docker/setup-qemu-action@v3
-      - name: Login to GitHub Packages
-        if: ${{ steps.image.outputs.image_exists == 0 }}
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Login to Amazon ECR
         if: ${{ steps.image.outputs.image_exists == 0 }}
         uses: aws-actions/amazon-ecr-login@v2
       - name: Set up Docker Buildx
         id: buildx
         if: ${{ steps.image.outputs.image_exists == 0 }}
         uses: docker/setup-buildx-action@v3
-      - name: Cache Docker layers
+      - name: Build pretix base
         if: ${{ steps.image.outputs.image_exists == 0 }}
-        uses: actions/cache@v4
+        uses: docker/build-push-action@v6
+        id: build-pretix-base
         with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ matrix.service.name }}
-      - name: Build and push
+          context: ./pretix-clone
+          file: ./pretix-clone/Dockerfile
+          builder: ${{ steps.buildx.outputs.name }}
+          provenance: false
+          push: true
+          tags: |
+            ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pretix:pretix-base-${{ steps.git.outputs.githash }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          platforms: linux/arm64
+      - name: Build and push pretix
         if: ${{ steps.image.outputs.image_exists == 0 }}
         uses: docker/build-push-action@v6
         with:
-          context: ./${{ matrix.service.dir }}
-          file: ./${{ matrix.service.dir }}/Dockerfile
+          context: ./pretix
+          file: ./pretix/Dockerfile
           builder: ${{ steps.buildx.outputs.name }}
           provenance: false
           push: true
           tags: |
-            ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/${{ matrix.service.name }}:${{ steps.git.outputs.githash }}
-            ghcr.io/pythonitalia/pycon/${{ matrix.service.name }}:${{ steps.git.outputs.githash }}
+            ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pretix:arm-${{ steps.git.outputs.githash }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
-          platforms: linux/amd64
+          platforms: linux/arm64
+          build-args: |
+            PRETIX_IMAGE=${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pretix:pretix-base-${{ steps.git.outputs.githash }}
 
   build-and-push-arm-service:
     runs-on: [self-hosted]
@@ -226,7 +217,7 @@ jobs:
 
   terraform:
     runs-on: ubuntu-latest
-    needs: [build-emails, build-and-push-service, build-and-push-arm-service, create-db]
+    needs: [build-emails, build-and-push-arm-service, build-pretix, create-db]
     environment:
       name: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}
     defaults:

backend/Dockerfile

@@ -140,6 +140,8 @@ ARG FUNCTION_DIR
 
 WORKDIR ${FUNCTION_DIR}
 
+RUN apt-get update -y && apt install -y curl
+
 COPY --from=js-stage ${FUNCTION_DIR}/dist/*.html ${FUNCTION_DIR}/custom_admin/templates/astro/
 COPY --from=js-stage ${FUNCTION_DIR}/dist/_astro ${FUNCTION_DIR}/custom_admin/static/_astro/
 

backend/custom_admin/admin.py

@@ -6,7 +6,7 @@
 from django.contrib import admin
 from django.urls import path
 
-SITE_NAME = "PyCon Italia"
+SITE_NAME = "Change Test PyCon Italia"
 
 admin.site.site_header = SITE_NAME
 admin.site.site_title = SITE_NAME

infrastructure/applications/applications.tf

@@ -50,3 +50,18 @@ module "emails" {
     aws.us = aws.us
   }
 }
+
+module "server" {
+  source      = "./server"
+  ecs_arm_ami = local.ecs_arm_ami
+
+  providers = {
+    aws    = aws
+    aws.us = aws.us
+  }
+}
+
+module "pretix_arm" {
+  source = "./pretix_arm"
+  ecs_arm_ami = local.ecs_arm_ami
+}

infrastructure/applications/config.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source                = "hashicorp/aws"
-      version               = "5.64.0"
+      version               = "5.66.0"
       configuration_aliases = [aws.us]
     }
   }

infrastructure/applications/pretix_arm/ecr.tf

@@ -0,0 +1,13 @@
+data "aws_ecr_repository" "repo" {
+  name = "pythonit/pretix"
+}
+
+data "aws_ecr_image" "image" {
+  repository_name = data.aws_ecr_repository.repo.name
+  image_tag       = "arm-${data.external.githash.result.githash}"
+}
+
+data "external" "githash" {
+  program     = ["python", abspath("${path.module}/githash.py")]
+  working_dir = abspath("${path.root}/../../pretix")
+}

infrastructure/applications/pretix_arm/githash.py

@@ -0,0 +1,12 @@
+import json
+import subprocess
+import sys
+
+git_output = subprocess.check_output(
+    ["git", "rev-list", "-1", "HEAD", "--", "."],
+)
+githash = git_output.decode().strip()
+
+output = {"githash": githash}
+output_json = json.dumps(output)
+sys.stdout.write(output_json)

infrastructure/applications/pretix_arm/rds.tf

@@ -0,0 +1,3 @@
+data "aws_db_instance" "database" {
+  db_instance_identifier = "pythonit-${terraform.workspace}"
+}

infrastructure/applications/pretix_arm/s3.tf

@@ -0,0 +1,8 @@
+locals {
+  is_prod = terraform.workspace == "production"
+}
+
+resource "aws_s3_bucket" "media" {
+  bucket        = "${terraform.workspace}-pretix-media"
+  force_destroy = !local.is_prod
+}

infrastructure/applications/pretix_arm/secrets.tf

@@ -0,0 +1,8 @@
+module "secrets" {
+  source  = "../../components/secrets"
+  service = "pretix"
+}
+
+module "common_secrets" {
+  source = "../../components/secrets"
+}