Modularize infrastructure (#716)

.github/workflows/gateway_commons.yml

@@ -30,8 +30,8 @@ jobs:
           EOF
           )
           matrix=$(echo $matrixSource | jq --arg branchName "$branchName" 'map(. | select((.branch==$branchName)) )')
-          echo ::set-output name=matrix::{\"include\":$(echo $matrix)}\"
-          echo ::set-output name=matrixLength::$(echo $matrix | jq length)
+          echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT
+          echo "matrixLength=$(echo $matrix | jq length)" >> $GITHUB_OUTPUT
 
   deploy:
     name: Deploy Gateway Commons

.github/workflows/public_gateway.yml

@@ -33,7 +33,6 @@ jobs:
               "ecs_service": "public-gateway-staging",
               "ecs_cluster": "somleng-switch-staging",
               "deploy": false
-
             },
             {
               "identifier": "public-gateway",

.github/workflows/services.yml

@@ -74,8 +74,8 @@ jobs:
           EOF
           )
           matrix=$(echo $matrixSource | jq --arg branchName "$branchName" 'map(. | select((.branch==$branchName)) )')
-          echo ::set-output name=matrix::{\"include\":$(echo $matrix)}\"
-          echo ::set-output name=matrixLength::$(echo $matrix | jq length)
+          echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT
+          echo "matrixLength=$(echo $matrix | jq length)" >> $GITHUB_OUTPUT
 
   deploy:
     name: Deploy
@@ -102,15 +102,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Create Sentry release
-        uses: getsentry/action-release@v1
-        env:
-          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          SENTRY_ORG: somleng
-          SENTRY_PROJECT: somleng-switch-services
-        with:
-          environment: ${{ matrix.environment }}
-
       - name: Configure AWS credentials
         id: aws-login
         uses: aws-actions/configure-aws-credentials@v4
@@ -160,3 +151,12 @@ jobs:
                                           --image-uri ${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} \
                                           --architectures "arm64" \
                                           --publish
+
+      - name: Create Sentry release
+        uses: getsentry/action-release@v1
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: somleng
+          SENTRY_PROJECT: somleng-switch-services
+        with:
+          environment: ${{ matrix.environment }}

.github/workflows/switch.yml

@@ -8,6 +8,7 @@ jobs:
     outputs:
       matrix: ${{ steps.set-deployment-matrix.outputs.matrix }}
       matrixLength: ${{ steps.set-deployment-matrix.outputs.matrixLength }}
+      deployMatrix: ${{ steps.set-deployment-matrix.outputs.deployMatrix }}
     defaults:
       run:
         working-directory: components/app
@@ -77,11 +78,12 @@ jobs:
           EOF
           )
           matrix=$(echo $matrixSource | jq --arg branchName "$branchName" 'map(. | select((.branch==$branchName)) )')
-          echo ::set-output name=matrix::{\"include\":$(echo $matrix)}\"
-          echo ::set-output name=matrixLength::$(echo $matrix | jq length)
+          echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT
+          echo "matrixLength=$(echo $matrix | jq length)" >> $GITHUB_OUTPUT
+          echo "deployMatrix={\"region\":[\"ap-southeast-1\",\"us-east-1\"],\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT
 
-  deploy:
-    name: Deploy
+  build-packages:
+    name: Build Packages
     runs-on: ubuntu-latest
     needs:
       - build
@@ -105,15 +107,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Create Sentry release
-        uses: getsentry/action-release@v1
-        env:
-          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          SENTRY_ORG: somleng
-          SENTRY_PROJECT: somleng-switch
-        with:
-          environment: ${{ matrix.environment }}
-
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
 
@@ -190,7 +183,7 @@ jobs:
             ${{ env.FREESWITCH_EVENT_LOGGER_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
             ${{ env.FREESWITCH_EVENT_LOGGER_GHCR_REPOSITORY_URI }}:${{ matrix.image_tag }}
 
-      - name: Build and push App
+      - name: Build and push Switch App
         uses: docker/build-push-action@v6
         with:
           context: components/app
@@ -203,6 +196,37 @@ jobs:
             ${{ env.APP_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
             ${{ env.APP_GHCR_REPOSITORY_URI }}:${{ matrix.image_tag }}
 
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    needs:
+      - build
+      - build-packages
+    env:
+      IMAGE_TAG: ${{ github.sha }}
+      APP_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch
+      NGINX_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-nginx
+      FREESWITCH_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-freeswitch
+      FREESWITCH_EVENT_LOGGER_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-freeswitch-event-logger
+
+    strategy:
+      matrix: ${{fromJSON(needs.build.outputs.deployMatrix)}}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        id: aws-login
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-skip-session-tagging: true
+          role-duration-seconds: 3600
+          aws-region:  ${{ matrix.region }}
+
       - name: Get current task definition
         run: |
           aws ecs describe-task-definition --task-definition "${{ matrix.identifier }}" --query 'taskDefinition' > task-definition.json
@@ -239,10 +263,33 @@ jobs:
           container-name: app
           image: ${{ env.APP_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
 
-      - name: Deploy App Server
+      - name: Deploy Switch
         uses: aws-actions/amazon-ecs-deploy-task-definition@v2
         with:
           task-definition: ${{ steps.render-app-task-def.outputs.task-definition }}
           service: ${{ matrix.ecs_service }}
           cluster: ${{ matrix.ecs_cluster }}
           wait-for-service-stability: true
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    needs:
+      - build
+      - deploy
+
+    strategy:
+      matrix: ${{fromJson(needs.build.outputs.matrix)}}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Create Sentry release
+        uses: getsentry/action-release@v1
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: somleng
+          SENTRY_PROJECT: somleng-switch
+        with:
+          environment: ${{ matrix.environment }}

components/app/config/app_settings.yml

@@ -11,18 +11,19 @@ default: &default
   redis_url: <%= ENV.fetch("REDIS_URL") { "redis://localhost:6379/1" } %>
   redis_pool_size: <%= ENV.fetch('DB_POOL') { 250 } %>
   services_function_arn: <%= ENV.fetch('SERVICES_FUNCTION_ARN') { "arn:aws:lambda:ap-southeast-1:12345:function:function-name" } %>
+  services_function_region: <%= ENV.fetch('SERVICES_FUNCTION_REGION') { "ap-southeast-1" } %>
 
 production: &production
   <<: *default
   sentry_dsn: "<%= AppSettings.credentials.fetch('sentry_dsn') %>"
   ahn_core_password: "<%= ENV.fetch('AHN_CORE_PASSWORD') %>"
   ahn_http_password: "<%= AppSettings.credentials.fetch('ahn_http_password') %>"
-  call_platform_host: "https://api.internal.somleng.org"
+  call_platform_host: "https://api.somleng.org"
   call_platform_password: "<%= AppSettings.credentials.fetch('call_platform_password') %>"
 
 staging:
   <<: *production
-  call_platform_host: "https://api-staging.internal.somleng.org"
+  call_platform_host: "https://api-staging.somleng.org"
 
 development: &development
   <<: *default

components/app/config/initializers/services.rb

@@ -1,3 +1,4 @@
 Services.configure do |config|
   config.function_arn = AppSettings.fetch(:services_function_arn)
+  config.function_region = AppSettings.fetch(:services_function_region)
 end

components/app/lib/services/client.rb

@@ -2,8 +2,8 @@ module Services
   class Client
     attr_reader :lambda_client
 
-    def initialize(lambda_client: Aws::Lambda::Client.new)
-      @lambda_client = lambda_client
+    def initialize(**options)
+      @lambda_client = options.fetch(:lambda_client) { default_client }
     end
 
     def build_client_gateway_dial_string(username:, destination:)
@@ -26,5 +26,9 @@ def invoke_lambda(payload)
       )
       JSON.parse(response.payload.read)
     end
+
+    def default_client
+      Aws::Lambda::Client.new(region: Services.configuration.function_region)
+    end
   end
 end

components/app/lib/services/configuration.rb

@@ -1,5 +1,5 @@
 module Services
   class Configuration
-    attr_accessor :function_arn
+    attr_accessor :function_arn, :function_region
   end
 end

components/gateway/public_gateway/opensips.cfg

@@ -198,6 +198,11 @@ route{
     exit;
   }
 
+  if ( get_source_group( $var(group)) ) {
+    # do something with $var(group)
+    xlog("group is $var(group)\n");
+  };
+
   # Some UAC send a Route Header
   # with a local proxy IP in an initial INVITE Request
   # According to https://opensips.org/html/docs/modules/3.4.x/rr.html#func_loose_route
@@ -229,18 +234,18 @@ route{
   xlog("L_NOTICE", "Load balancing request on port $rp\n");
 
   if ($rp == "SIP_PORT") {
-    xlog("L_NOTICE", "Starting LB with resources: gw\n");
+    xlog("L_NOTICE", "Starting LB on group $var(group) with resources: gw\n");
 
-    if ( !lb_start(1,"gw")) {
+    if ( !lb_start($var(group),"gw")) {
       send_reply(500,"No Destination available");
       exit;
     }
   }
 
   if ($rp == "SIP_ALTERNATIVE_PORT") {
-    xlog("L_NOTICE", "Starting LB with resources: gwalt\n");
+    xlog("L_NOTICE", "Starting LB on group $var(group) with resources: gwalt\n");
 
-    if ( !lb_start(1,"gwalt")) {
+    if ( !lb_start($var(group),"gwalt")) {
       send_reply(500,"No Destination available");
       exit;
     }

components/services/.rubocop.yml

@@ -0,0 +1 @@
+inherit_from: ../../.rubocop.yml

components/services/Gemfile

@@ -7,6 +7,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 gem "aws-sdk-ec2"
 gem "aws-sdk-ecs"
 gem "aws-sdk-ssm"
+gem "base64"
 gem "ox" # XML parser. required by aws-sdk-s3
 gem "pg"
 gem "sentry-ruby"

components/services/Gemfile.lock

@@ -2,28 +2,29 @@ GEM
   remote: https://rubygems.org/
   specs:
     aws-eventstream (1.3.0)
-    aws-partitions (1.970.0)
-    aws-sdk-core (3.203.0)
+    aws-partitions (1.973.0)
+    aws-sdk-core (3.204.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-ec2 (1.472.0)
+    aws-sdk-ec2 (1.473.0)
       aws-sdk-core (~> 3, >= 3.203.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-ecs (1.155.0)
+    aws-sdk-ecs (1.156.0)
       aws-sdk-core (~> 3, >= 3.203.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-ssm (1.176.0)
+    aws-sdk-ssm (1.177.0)
       aws-sdk-core (~> 3, >= 3.203.0)
       aws-sigv4 (~> 1.5)
     aws-sigv4 (1.9.1)
       aws-eventstream (~> 1, >= 1.0.2)
+    base64 (0.2.0)
     bigdecimal (3.1.8)
     coderay (1.1.3)
     concurrent-ruby (1.3.4)
     diff-lcs (1.5.1)
-    docile (1.4.0)
+    docile (1.4.1)
     jmespath (1.6.2)
     method_source (1.1.0)
     ox (2.14.18)
@@ -32,15 +33,14 @@ GEM
       coderay (~> 1.1)
       method_source (~> 1.0)
     rake (13.2.1)
-    rexml (3.3.6)
-      strscan
+    rexml (3.3.7)
     rspec (3.13.0)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.0)
+    rspec-core (3.13.1)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.0)
+    rspec-expectations (3.13.3)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-mocks (3.13.1)
@@ -59,9 +59,8 @@ GEM
     simplecov-cobertura (2.1.0)
       rexml
       simplecov (~> 0.19)
-    simplecov-html (0.12.3)
+    simplecov-html (0.13.1)
     simplecov_json_formatter (0.1.4)
-    strscan (3.1.0)
 
 PLATFORMS
   ruby
@@ -70,6 +69,7 @@ DEPENDENCIES
   aws-sdk-ec2
   aws-sdk-ecs
   aws-sdk-ssm
+  base64
   ox
   pg
   pry
@@ -81,4 +81,4 @@ DEPENDENCIES
   simplecov-cobertura
 
 BUNDLED WITH
-   2.5.11
+   2.5.18

components/services/app.rb

@@ -38,7 +38,7 @@ def process
     def handle_ecs_event(event)
       case event.group
       when ENV.fetch("SWITCH_GROUP")
-        HandleSwitchEvent.call(event:)
+        HandleSwitchEvent.call(event:, regions: SomlengRegion::Region)
       when ENV.fetch("MEDIA_PROXY_GROUP")
         HandleMediaProxyEvent.call(event:)
       when ENV.fetch("CLIENT_GATEWAY_GROUP")

components/services/app/jobs/create_opensips_permission_job.rb

@@ -1,14 +1,15 @@
 class CreateOpenSIPSPermissionJob
-  attr_reader :source_ip
+  attr_reader :source_ip, :group_id
 
-  def initialize(source_ip)
+  def initialize(source_ip, options = {})
     @source_ip = source_ip
+    @group_id = options.fetch("group_id", 0)
   end
 
   def call
     return if OpenSIPSAddress.exists?(ip: source_ip, database_connection:)
 
-    OpenSIPSAddress.new(ip: source_ip, database_connection:).save!
+    OpenSIPSAddress.new(ip: source_ip, grp: group_id, database_connection:).save!
   end
 
   private