Skip to content

Commit

Permalink
Migrate Switch to ECR Private (#749)
Browse files Browse the repository at this point in the history
  • Loading branch information
dwilkie authored Sep 17, 2024
1 parent d5a37b3 commit 0e0561a
Show file tree
Hide file tree
Showing 12 changed files with 152 additions and 141 deletions.
86 changes: 39 additions & 47 deletions .github/workflows/switch.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,15 @@
on: push
name: Switch

env:
CI: true
ECR_REGISTRY: 324279636507.dkr.ecr.ap-southeast-1.amazonaws.com
GHCR_REGISTRY: ghcr.io/somleng
APP_REPOSITORY_NAME: switch-app
WEBSERVER_REPOSITORY_NAME: switch-webserver
FREESWITCH_REPOSITORY_NAME: freeswitch
FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME: freeswitch-events

jobs:
build:
name: Build
Expand All @@ -9,13 +18,13 @@ jobs:
matrix: ${{ steps.set-deployment-matrix.outputs.matrix }}
matrixLength: ${{ steps.set-deployment-matrix.outputs.matrixLength }}
deployMatrix: ${{ steps.set-deployment-matrix.outputs.deployMatrix }}

defaults:
run:
working-directory: components/app

env:
AHN_ENV: test
CI: true

steps:
- name: Checkout
Expand Down Expand Up @@ -62,15 +71,17 @@ jobs:
"identifier": "switch-staging",
"environment": "staging",
"branch": "develop",
"image_tag": "staging",
"friendly_image_tag": "beta",
"image_tag": "stag-${{ github.sha }}",
"ecs_service": "switch-staging",
"ecs_cluster": "somleng-switch-staging"
},
{
"identifier": "switch",
"environment": "production",
"branch": "master",
"image_tag": "latest",
"friendly_image_tag": "latest",
"image_tag": "prod-${{ github.sha }}",
"ecs_service": "switch",
"ecs_cluster": "somleng-switch"
}
Expand All @@ -88,17 +99,6 @@ jobs:
needs:
- build
if: needs.build.outputs.matrixLength > 0
env:
IMAGE_TAG: ${{ github.sha }}
ECR_PUBLIC_REGISTRY: public.ecr.aws
APP_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch
APP_GHCR_REPOSITORY_URI: ghcr.io/somleng/somleng-switch
NGINX_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-nginx
NGINX_GHCR_REPOSITORY_URI: ghcr.io/somleng/somleng-switch-nginx
FREESWITCH_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-freeswitch
FREESWITCH_GHCR_REPOSITORY_URI: ghcr.io/somleng/freeswitch
FREESWITCH_EVENT_LOGGER_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-freeswitch-event-logger
FREESWITCH_EVENT_LOGGER_GHCR_REPOSITORY_URI: ghcr.io/somleng/freeswitch-event-logger

strategy:
matrix: ${{fromJson(needs.build.outputs.matrix)}}
Expand All @@ -121,12 +121,8 @@ jobs:
role-duration-seconds: 3600
aws-region: ap-southeast-1

- name: Login to AWS Public ECR
uses: docker/login-action@v3
with:
registry: ${{ env.ECR_PUBLIC_REGISTRY }}
env:
AWS_REGION: us-east-1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to GitHub Container Registry
uses: docker/login-action@v3
Expand All @@ -135,13 +131,15 @@ jobs:
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Login to ECR
uses: docker/login-action@v3
with:
registry: ${{ env.ECR_REGISTRY }}

- name: Export Polly Voices
run: |
components/freeswitch/bin/export_tts_voices > components/freeswitch/conf/autoload_configs/tts_voices.xml
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build and push Nginx
uses: docker/build-push-action@v6
with:
Expand All @@ -151,9 +149,9 @@ jobs:
cache-from: type=gha,scope=${{ matrix.identifier }}-nginx
cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}-nginx
tags: |
${{ env.NGINX_ECR_REPOSITORY_URI }}:${{ matrix.image_tag }}
${{ env.NGINX_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
${{ env.NGINX_GHCR_REPOSITORY_URI }}:${{ matrix.image_tag }}
${{ env.ECR_REGISTRY }}/${{ env.WEBSERVER_REPOSITORY_NAME }}:${{ matrix.image_tag }}
${{ env.ECR_REGISTRY }}/${{ env.WEBSERVER_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
${{ env.GHCR_REGISTRY }}/${{ env.WEBSERVER_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
- name: Build and push FreeSWITCH
uses: docker/build-push-action@v6
Expand All @@ -166,22 +164,22 @@ jobs:
cache-from: type=gha,scope=${{ matrix.identifier }}-freeswitch
cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}-freeswitch
tags: |
${{ env.FREESWITCH_ECR_REPOSITORY_URI }}:${{ matrix.image_tag }}
${{ env.FREESWITCH_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
${{ env.FREESWITCH_GHCR_REPOSITORY_URI }}:${{ matrix.image_tag }}
${{ env.ECR_REGISTRY }}/${{ env.FREESWITCH_REPOSITORY_NAME }}:${{ matrix.image_tag }}
${{ env.ECR_REGISTRY }}/${{ env.FREESWITCH_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
${{ env.GHCR_REGISTRY }}/${{ env.FREESWITCH_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
- name: Build and push FreeSWITCH Event Logger
uses: docker/build-push-action@v6
with:
context: components/freeswitch_event_logger
push: true
platforms: linux/amd64
platforms: linux/amd64,linux/arm64
cache-from: type=gha,scope=${{ matrix.identifier }}-freeswitch-event-logger
cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}-freeswitch-event-logger
tags: |
${{ env.FREESWITCH_EVENT_LOGGER_ECR_REPOSITORY_URI }}:${{ matrix.image_tag }}
${{ env.FREESWITCH_EVENT_LOGGER_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
${{ env.FREESWITCH_EVENT_LOGGER_GHCR_REPOSITORY_URI }}:${{ matrix.image_tag }}
${{ env.ECR_REGISTRY }}/${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}:${{ matrix.image_tag }}
${{ env.ECR_REGISTRY }}/${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
${{ env.GHCR_REGISTRY }}/${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
- name: Build and push Switch App
uses: docker/build-push-action@v6
Expand All @@ -192,22 +190,16 @@ jobs:
cache-from: type=gha,scope=${{ matrix.identifier }}
cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}
tags: |
${{ env.APP_ECR_REPOSITORY_URI }}:${{ matrix.image_tag }}
${{ env.APP_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
${{ env.APP_GHCR_REPOSITORY_URI }}:${{ matrix.image_tag }}
${{ env.ECR_REGISTRY }}/${{ env.APP_REPOSITORY_NAME }}:${{ matrix.image_tag }}
${{ env.ECR_REGISTRY }}/${{ env.APP_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
${{ env.GHCR_REGISTRY }}/${{ env.APP_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
deploy:
name: Deploy
runs-on: ubuntu-latest
needs:
- build
- build-packages
env:
IMAGE_TAG: ${{ github.sha }}
APP_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch
NGINX_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-nginx
FREESWITCH_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-freeswitch
FREESWITCH_EVENT_LOGGER_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-freeswitch-event-logger

strategy:
matrix: ${{fromJSON(needs.build.outputs.deployMatrix)}}
Expand All @@ -231,37 +223,37 @@ jobs:
run: |
aws ecs describe-task-definition --task-definition "${{ matrix.identifier }}" --query 'taskDefinition' > task-definition.json
- name: Prepare NGINX task definition
- name: Prepare Webserver task definition
id: render-nginx-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: nginx
image: ${{ env.NGINX_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
image: ${{ env.ECR_REGISTRY }}/${{ env.WEBSERVER_REPOSITORY_NAME }}:${{ matrix.image_tag }}

- name: Prepare FreeSWITCH task definition
id: render-freeswitch-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ${{ steps.render-nginx-task-def.outputs.task-definition }}
container-name: freeswitch
image: ${{ env.FREESWITCH_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
image: ${{ env.ECR_REGISTRY }}/${{ env.FREESWITCH_REPOSITORY_NAME }}:${{ matrix.image_tag }}

- name: Prepare FreeSWITCH event logger task definition
id: render-freeswitch-event-logger-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ${{ steps.render-freeswitch-task-def.outputs.task-definition }}
container-name: freeswitch-event-logger
image: ${{ env.FREESWITCH_EVENT_LOGGER_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
image: ${{ env.ECR_REGISTRY }}/${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}:${{ matrix.image_tag }}

- name: Prepare App task definition
id: render-app-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ${{ steps.render-freeswitch-event-logger-task-def.outputs.task-definition }}
container-name: app
image: ${{ env.APP_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
image: ${{ env.ECR_REGISTRY }}/${{ env.APP_REPOSITORY_NAME }}:${{ matrix.image_tag }}

- name: Deploy Switch
uses: aws-actions/amazon-ecs-deploy-task-definition@v2
Expand Down
84 changes: 20 additions & 64 deletions infrastructure/core/ecr.tf
Original file line number Diff line number Diff line change
@@ -1,49 +1,3 @@
locals {
lifecycle_policy = jsonencode({
rules = [
{
rulePriority = 1
description = "Expire untagged images"
selection = {
tagStatus = "untagged"
countType = "sinceImagePushed"
countUnit = "days"
countNumber = 1
}
action = {
type = "expire"
}
},
{
rulePriority = 2
description = "Expire old production images",
selection = {
tagStatus = "tagged"
tagPrefixList = ["prod"]
countType = "imageCountMoreThan"
countNumber = 5
}
action = {
type = "expire"
}
},
{
rulePriority = 3
description = "Expire old staging images",
selection = {
tagStatus = "tagged"
tagPrefixList = ["stag"]
countType = "imageCountMoreThan"
countNumber = 5
}
action = {
type = "expire"
}
}
]
})
}

resource "aws_ecrpublic_repository" "switch" {
repository_name = "somleng-switch"
provider = aws.us-east-1
Expand Down Expand Up @@ -155,30 +109,32 @@ resource "aws_ecrpublic_repository" "gateway" {
}
}

resource "aws_ecr_repository" "s3_mpeg" {
name = "s3-mpeg"

image_scanning_configuration {
scan_on_push = true
}
module "app_ecr_repository" {
source = "../modules/ecr_repository"
name = "switch-app"
}

resource "aws_ecr_lifecycle_policy" "s3_mpeg" {
repository = aws_ecr_repository.s3_mpeg.name

policy = local.lifecycle_policy
module "webserver_ecr_repository" {
source = "../modules/ecr_repository"
name = "switch-webserver"
}

resource "aws_ecr_repository" "services" {
name = "switch-services"
module "freeswitch_ecr_repository" {
source = "../modules/ecr_repository"
name = "freeswitch"
}

image_scanning_configuration {
scan_on_push = true
}
module "freeswitch_event_logger_ecr_repository" {
source = "../modules/ecr_repository"
name = "freeswitch-events"
}

resource "aws_ecr_lifecycle_policy" "services" {
repository = aws_ecr_repository.services.name
module "s3_mpeg_ecr_repository" {
source = "../modules/ecr_repository"
name = "s3-mpeg"
}

policy = local.lifecycle_policy
module "services_ecr_repository" {
source = "../modules/ecr_repository"
name = "switch-services"
}
36 changes: 18 additions & 18 deletions infrastructure/core/outputs.tf
Original file line number Diff line number Diff line change
@@ -1,19 +1,3 @@
output "switch_ecr_repository" {
value = aws_ecrpublic_repository.switch
}

output "nginx_ecr_repository" {
value = aws_ecrpublic_repository.nginx
}

output "freeswitch_ecr_repository" {
value = aws_ecrpublic_repository.freeswitch
}

output "freeswitch_event_logger_ecr_repository" {
value = aws_ecrpublic_repository.freeswitch_event_logger
}

output "public_gateway_ecr_repository" {
value = aws_ecrpublic_repository.public_gateway
}
Expand All @@ -30,10 +14,26 @@ output "opensips_scheduler_ecr_repository" {
value = aws_ecrpublic_repository.opensips_scheduler
}

output "app_ecr_repository" {
value = module.app_ecr_repository
}

output "webserver_ecr_repository" {
value = module.webserver_ecr_repository
}

output "freeswitch_ecr_repository" {
value = module.freeswitch_ecr_repository
}

output "freeswitch_event_logger_ecr_repository" {
value = module.freeswitch_event_logger_ecr_repository
}

output "s3_mpeg_ecr_repository" {
value = aws_ecr_repository.s3_mpeg
value = module.s3_mpeg_ecr_repository
}

output "services_ecr_repository" {
value = aws_ecr_repository.services
value = module.services_ecr_repository
}
Loading

0 comments on commit 0e0561a

Please sign in to comment.