Migrate Switch to ECR Private

.github/workflows/switch.yml

@@ -1,6 +1,15 @@
 on: push
 name: Switch
 
+env:
+  CI: true
+  ECR_REGISTRY: 324279636507.dkr.ecr.ap-southeast-1.amazonaws.com
+  GHCR_REGISTRY: ghcr.io/somleng
+  APP_REPOSITORY_NAME: switch-app
+  WEBSERVER_REPOSITORY_NAME: switch-webserver
+  FREESWITCH_REPOSITORY_NAME: freeswitch
+  FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME: freeswitch-events
+
 jobs:
   build:
     name: Build
@@ -9,13 +18,13 @@ jobs:
       matrix: ${{ steps.set-deployment-matrix.outputs.matrix }}
       matrixLength: ${{ steps.set-deployment-matrix.outputs.matrixLength }}
       deployMatrix: ${{ steps.set-deployment-matrix.outputs.deployMatrix }}
+
     defaults:
       run:
         working-directory: components/app
 
     env:
       AHN_ENV: test
-      CI: true
 
     steps:
       - name: Checkout
@@ -62,15 +71,17 @@ jobs:
               "identifier": "switch-staging",
               "environment": "staging",
               "branch": "develop",
-              "image_tag": "staging",
+              "friendly_image_tag": "beta",
+              "image_tag": "stag-${{ github.sha }}",
               "ecs_service": "switch-staging",
               "ecs_cluster": "somleng-switch-staging"
             },
             {
               "identifier": "switch",
               "environment": "production",
               "branch": "master",
-              "image_tag": "latest",
+              "friendly_image_tag": "latest",
+              "image_tag": "prod-${{ github.sha }}",
               "ecs_service": "switch",
               "ecs_cluster": "somleng-switch"
             }
@@ -88,17 +99,6 @@ jobs:
     needs:
       - build
     if: needs.build.outputs.matrixLength > 0
-    env:
-      IMAGE_TAG: ${{ github.sha }}
-      ECR_PUBLIC_REGISTRY: public.ecr.aws
-      APP_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch
-      APP_GHCR_REPOSITORY_URI: ghcr.io/somleng/somleng-switch
-      NGINX_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-nginx
-      NGINX_GHCR_REPOSITORY_URI: ghcr.io/somleng/somleng-switch-nginx
-      FREESWITCH_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-freeswitch
-      FREESWITCH_GHCR_REPOSITORY_URI: ghcr.io/somleng/freeswitch
-      FREESWITCH_EVENT_LOGGER_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-freeswitch-event-logger
-      FREESWITCH_EVENT_LOGGER_GHCR_REPOSITORY_URI: ghcr.io/somleng/freeswitch-event-logger
 
     strategy:
       matrix: ${{fromJson(needs.build.outputs.matrix)}}
@@ -121,12 +121,8 @@ jobs:
           role-duration-seconds: 3600
           aws-region: ap-southeast-1
 
-      - name: Login to AWS Public ECR
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.ECR_PUBLIC_REGISTRY }}
-        env:
-          AWS_REGION: us-east-1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
@@ -135,13 +131,15 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Login to ECR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.ECR_REGISTRY }}
+
       - name: Export Polly Voices
         run: |
           components/freeswitch/bin/export_tts_voices > components/freeswitch/conf/autoload_configs/tts_voices.xml
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
       - name: Build and push Nginx
         uses: docker/build-push-action@v6
         with:
@@ -151,9 +149,9 @@ jobs:
           cache-from: type=gha,scope=${{ matrix.identifier }}-nginx
           cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}-nginx
           tags: |
-            ${{ env.NGINX_ECR_REPOSITORY_URI }}:${{ matrix.image_tag }}
-            ${{ env.NGINX_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
-            ${{ env.NGINX_GHCR_REPOSITORY_URI }}:${{ matrix.image_tag }}
+            ${{ env.ECR_REGISTRY }}/${{ env.WEBSERVER_REPOSITORY_NAME }}:${{ matrix.image_tag }}
+            ${{ env.ECR_REGISTRY }}/${{ env.WEBSERVER_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
+            ${{ env.GHCR_REGISTRY }}/${{ env.WEBSERVER_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
 
       - name: Build and push FreeSWITCH
         uses: docker/build-push-action@v6
@@ -166,22 +164,22 @@ jobs:
           cache-from: type=gha,scope=${{ matrix.identifier }}-freeswitch
           cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}-freeswitch
           tags: |
-            ${{ env.FREESWITCH_ECR_REPOSITORY_URI }}:${{ matrix.image_tag }}
-            ${{ env.FREESWITCH_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
-            ${{ env.FREESWITCH_GHCR_REPOSITORY_URI }}:${{ matrix.image_tag }}
+            ${{ env.ECR_REGISTRY }}/${{ env.FREESWITCH_REPOSITORY_NAME }}:${{ matrix.image_tag }}
+            ${{ env.ECR_REGISTRY }}/${{ env.FREESWITCH_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
+            ${{ env.GHCR_REGISTRY }}/${{ env.FREESWITCH_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
 
       - name: Build and push FreeSWITCH Event Logger
         uses: docker/build-push-action@v6
         with:
           context: components/freeswitch_event_logger
           push: true
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           cache-from: type=gha,scope=${{ matrix.identifier }}-freeswitch-event-logger
           cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}-freeswitch-event-logger
           tags: |
-            ${{ env.FREESWITCH_EVENT_LOGGER_ECR_REPOSITORY_URI }}:${{ matrix.image_tag }}
-            ${{ env.FREESWITCH_EVENT_LOGGER_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
-            ${{ env.FREESWITCH_EVENT_LOGGER_GHCR_REPOSITORY_URI }}:${{ matrix.image_tag }}
+            ${{ env.ECR_REGISTRY }}/${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}:${{ matrix.image_tag }}
+            ${{ env.ECR_REGISTRY }}/${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
+            ${{ env.GHCR_REGISTRY }}/${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
 
       - name: Build and push Switch App
         uses: docker/build-push-action@v6
@@ -192,22 +190,16 @@ jobs:
           cache-from: type=gha,scope=${{ matrix.identifier }}
           cache-to: type=gha,mode=max,scope=${{ matrix.identifier }}
           tags: |
-            ${{ env.APP_ECR_REPOSITORY_URI }}:${{ matrix.image_tag }}
-            ${{ env.APP_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
-            ${{ env.APP_GHCR_REPOSITORY_URI }}:${{ matrix.image_tag }}
+            ${{ env.ECR_REGISTRY }}/${{ env.APP_REPOSITORY_NAME }}:${{ matrix.image_tag }}
+            ${{ env.ECR_REGISTRY }}/${{ env.APP_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
+            ${{ env.GHCR_REGISTRY }}/${{ env.APP_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}
 
   deploy:
     name: Deploy
     runs-on: ubuntu-latest
     needs:
       - build
       - build-packages
-    env:
-      IMAGE_TAG: ${{ github.sha }}
-      APP_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch
-      NGINX_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-nginx
-      FREESWITCH_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-freeswitch
-      FREESWITCH_EVENT_LOGGER_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-freeswitch-event-logger
 
     strategy:
       matrix: ${{fromJSON(needs.build.outputs.deployMatrix)}}
@@ -231,37 +223,37 @@ jobs:
         run: |
           aws ecs describe-task-definition --task-definition "${{ matrix.identifier }}" --query 'taskDefinition' > task-definition.json
 
-      - name: Prepare NGINX task definition
+      - name: Prepare Webserver task definition
         id: render-nginx-task-def
         uses: aws-actions/amazon-ecs-render-task-definition@v1
         with:
           task-definition: task-definition.json
           container-name: nginx
-          image: ${{ env.NGINX_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
+          image: ${{ env.ECR_REGISTRY }}/${{ env.WEBSERVER_REPOSITORY_NAME }}:${{ matrix.image_tag }}
 
       - name: Prepare FreeSWITCH task definition
         id: render-freeswitch-task-def
         uses: aws-actions/amazon-ecs-render-task-definition@v1
         with:
           task-definition: ${{ steps.render-nginx-task-def.outputs.task-definition }}
           container-name: freeswitch
-          image: ${{ env.FREESWITCH_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
+          image: ${{ env.ECR_REGISTRY }}/${{ env.FREESWITCH_REPOSITORY_NAME }}:${{ matrix.image_tag }}
 
       - name: Prepare FreeSWITCH event logger task definition
         id: render-freeswitch-event-logger-task-def
         uses: aws-actions/amazon-ecs-render-task-definition@v1
         with:
           task-definition: ${{ steps.render-freeswitch-task-def.outputs.task-definition }}
           container-name: freeswitch-event-logger
-          image: ${{ env.FREESWITCH_EVENT_LOGGER_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
+          image: ${{ env.ECR_REGISTRY }}/${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}:${{ matrix.image_tag }}
 
       - name: Prepare App task definition
         id: render-app-task-def
         uses: aws-actions/amazon-ecs-render-task-definition@v1
         with:
           task-definition: ${{ steps.render-freeswitch-event-logger-task-def.outputs.task-definition }}
           container-name: app
-          image: ${{ env.APP_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
+          image: ${{ env.ECR_REGISTRY }}/${{ env.APP_REPOSITORY_NAME }}:${{ matrix.image_tag }}
 
       - name: Deploy Switch
         uses: aws-actions/amazon-ecs-deploy-task-definition@v2

infrastructure/core/ecr.tf

@@ -1,49 +1,3 @@
-locals {
-  lifecycle_policy = jsonencode({
-    rules = [
-      {
-        rulePriority = 1
-        description  = "Expire untagged images"
-        selection = {
-          tagStatus   = "untagged"
-          countType   = "sinceImagePushed"
-          countUnit   = "days"
-          countNumber = 1
-        }
-        action = {
-          type = "expire"
-        }
-      },
-      {
-        rulePriority = 2
-        description  = "Expire old production images",
-        selection = {
-          tagStatus     = "tagged"
-          tagPrefixList = ["prod"]
-          countType     = "imageCountMoreThan"
-          countNumber   = 5
-        }
-        action = {
-          type = "expire"
-        }
-      },
-      {
-        rulePriority = 3
-        description  = "Expire old staging images",
-        selection = {
-          tagStatus     = "tagged"
-          tagPrefixList = ["stag"]
-          countType     = "imageCountMoreThan"
-          countNumber   = 5
-        }
-        action = {
-          type = "expire"
-        }
-      }
-    ]
-  })
-}
-
 resource "aws_ecrpublic_repository" "switch" {
   repository_name = "somleng-switch"
   provider        = aws.us-east-1
@@ -155,30 +109,32 @@ resource "aws_ecrpublic_repository" "gateway" {
   }
 }
 
-resource "aws_ecr_repository" "s3_mpeg" {
-  name = "s3-mpeg"
-
-  image_scanning_configuration {
-    scan_on_push = true
-  }
+module "app_ecr_repository" {
+  source = "../modules/ecr_repository"
+  name   = "switch-app"
 }
 
-resource "aws_ecr_lifecycle_policy" "s3_mpeg" {
-  repository = aws_ecr_repository.s3_mpeg.name
-
-  policy = local.lifecycle_policy
+module "webserver_ecr_repository" {
+  source = "../modules/ecr_repository"
+  name   = "switch-webserver"
 }
 
-resource "aws_ecr_repository" "services" {
-  name = "switch-services"
+module "freeswitch_ecr_repository" {
+  source = "../modules/ecr_repository"
+  name   = "freeswitch"
+}
 
-  image_scanning_configuration {
-    scan_on_push = true
-  }
+module "freeswitch_event_logger_ecr_repository" {
+  source = "../modules/ecr_repository"
+  name   = "freeswitch-events"
 }
 
-resource "aws_ecr_lifecycle_policy" "services" {
-  repository = aws_ecr_repository.services.name
+module "s3_mpeg_ecr_repository" {
+  source = "../modules/ecr_repository"
+  name   = "s3-mpeg"
+}
 
-  policy = local.lifecycle_policy
+module "services_ecr_repository" {
+  source = "../modules/ecr_repository"
+  name   = "switch-services"
 }

infrastructure/core/outputs.tf

@@ -1,19 +1,3 @@
-output "switch_ecr_repository" {
-  value = aws_ecrpublic_repository.switch
-}
-
-output "nginx_ecr_repository" {
-  value = aws_ecrpublic_repository.nginx
-}
-
-output "freeswitch_ecr_repository" {
-  value = aws_ecrpublic_repository.freeswitch
-}
-
-output "freeswitch_event_logger_ecr_repository" {
-  value = aws_ecrpublic_repository.freeswitch_event_logger
-}
-
 output "public_gateway_ecr_repository" {
   value = aws_ecrpublic_repository.public_gateway
 }
@@ -30,10 +14,26 @@ output "opensips_scheduler_ecr_repository" {
   value = aws_ecrpublic_repository.opensips_scheduler
 }
 
+output "app_ecr_repository" {
+  value = module.app_ecr_repository
+}
+
+output "webserver_ecr_repository" {
+  value = module.webserver_ecr_repository
+}
+
+output "freeswitch_ecr_repository" {
+  value = module.freeswitch_ecr_repository
+}
+
+output "freeswitch_event_logger_ecr_repository" {
+  value = module.freeswitch_event_logger_ecr_repository
+}
+
 output "s3_mpeg_ecr_repository" {
-  value = aws_ecr_repository.s3_mpeg
+  value = module.s3_mpeg_ecr_repository
 }
 
 output "services_ecr_repository" {
-  value = aws_ecr_repository.services
+  value = module.services_ecr_repository
 }