Add AVR terraform manifests

.circleci/config.yml

@@ -111,21 +111,16 @@ jobs:
         command: |
           echo "export AWS_ACCESS_KEY_ID=\$${DEPLOY_TAG}_AWS_ACCESS_KEY_ID" >> $BASH_ENV
           echo "export AWS_SECRET_ACCESS_KEY=\$${DEPLOY_TAG}_AWS_SECRET_ACCESS_KEY" >> $BASH_ENV
-    - aws-cli/install
     - aws-cli/setup
     - run:
-        name: Restart Elastic Beanstalk app server
+        name: Update ECS service
         environment:
           APP_NAME: avr
-        command: |
-          APP_PREFIX=$(echo $DEPLOY_TAG | cut -b 1-1)
-          APP_FULL_NAME=stack-${APP_PREFIX}-${APP_NAME}
-          APP_VERSION=$(aws elasticbeanstalk describe-application-versions --application-name ${APP_FULL_NAME} | jq -r '.ApplicationVersions[0].VersionLabel')
-          for environ in $(aws elasticbeanstalk describe-environments --application-name ${APP_FULL_NAME} | jq -r '.Environments[].EnvironmentName'); do
-            echo -n "Redeploying ${APP_FULL_NAME}/${APP_VERSION} to ${environ}..."
-            aws elasticbeanstalk update-environment --application-name ${APP_FULL_NAME} --environment-name ${environ} --version-label=${APP_VERSION} > /dev/null
-            echo ""
-          done
+          ECS_CLUSTER: avr
+          ECS_SERVICE: avr-worker
+          ECS_TASK: avr-worker
+          ECS_CONTAINER: avr
+        command: ./.circleci/scripts/update_ecs_service.sh
 workflows:
   ci:
     jobs:

.circleci/scripts/update_ecs_service.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+networkconfig=$(aws ecs describe-services --cluster ${ECS_CLUSTER} --service ${ECS_SERVICE} | jq -cM '.services[0].networkConfiguration')
+overrides='{"containerOverrides":[{"name":"'${ECS_CONTAINER}'","environment": [{"name": "CONTAINER_ROLE", "value": "migrate"}]}]}'
+aws ecs run-task --platform-version 1.4.0 --cluster ${ECS_CLUSTER} --task-definition ${ECS_TASK} --overrides "${overrides}" --launch-type FARGATE --network-configuration ${networkconfig}
+for service in $(aws ecs list-services --cluster meadow | jq -r '.serviceArns[] | split("/") | last'); do
+  aws ecs update-service --cluster ${ECS_CLUSTER} --service ${service} --force-new-deployment
+done

.dockerignore

@@ -5,7 +5,10 @@
 .env
 Dockerfile
 docker-compose.yml
+encodes
+log
 node_modules
-public/packs
+public/packs*
 tmp
-vendor/bundle
+vendor/bundle
+terraform

Dockerfile

@@ -8,7 +8,7 @@ ENV BUILD_DEPS="build-essential libpq-dev libsqlite3-dev libwrap0-dev libyaz4-de
   LANG="en_US.UTF-8"
 
 RUN useradd -m -U app && \
-  su -s /bin/bash -c "mkdir -p /home/app/current" app
+  su -s /bin/bash -c "mkdir -p /home/app" app
 
 RUN apt-get update -qq && \
   apt-get install -y $BUILD_DEPS --no-install-recommends
@@ -29,14 +29,16 @@ RUN \
   curl https://s3.amazonaws.com/nul-repo-deploy/ffmpeg-release-64bit-static.tar.xz | tar xJ && \
   cp `find . -type f -executable` /tmp/stage/bin/
 
-RUN gem install bundler:2.2.20
+RUN gem update --system \
+ && chown -R app:staff /usr/local/bundle
 
 USER app
-WORKDIR /home/app/current
+WORKDIR /home/app
 
-COPY --chown=app:app Gemfile* /home/app/current/
-RUN bundle install --jobs 20 --retry 5 --with aws:postgres:zoom --without development:test --path vendor/gems && \
-  rm -rf vendor/gems/ruby/*/cache/* vendor/gems/ruby/*/bundler/gems/*/.git
+COPY --chown=app:app Gemfile* /home/app/
+ENV BUNDLE_WITH='aws:postgres:zoom' BUNDLE_WITHOUT='development:test'
+RUN bundle install --jobs 20 --retry 5 \
+ && rm -rf /usr/local/bundle/cache/* /usr/local/bundle/bundler/gems/*/.git
 
 ####################################
 # Build the npm dependency container
@@ -45,19 +47,19 @@ FROM node:12-stretch-slim as npm-deps
 RUN apt-get update -qq && \
     apt-get install -y git
 RUN useradd -m -U app && \
-  su -s /bin/bash -c "mkdir -p /home/app/current"
-WORKDIR /home/app/current
-COPY --chown=app:app package.json yarn.lock /home/app/current/
+  su -s /bin/bash -c "mkdir -p /home/app"
+WORKDIR /home/app
+COPY --chown=app:app package.json yarn.lock /home/app/
 RUN yarn install
 
 ####################################
 # Build the Application container
 FROM ruby:2.6.6-slim-stretch as app
 
 RUN useradd -m -U app && \
-  su -s /bin/bash -c "mkdir -p /home/app/current/vendor/gems" app
+  su -s /bin/bash -c "mkdir -p /home/app/vendor/gems" app
 
-ENV RUNTIME_DEPS="git imagemagick libexif12 libexpat1 libgif7 glib-2.0 libgsf-1-114 libjpeg62-turbo libpng16-16 libpoppler-glib8 libpq5 libreoffice-core librsvg2-2 libsqlite3-0 libtiff5 libwrap0 libyaz4 locales mediainfo nodejs openjdk-8-jre-headless shared-mime-info tzdata yarn" \
+ENV RUNTIME_DEPS="git imagemagick libexif12 libexpat1 libgif7 glib-2.0 libgsf-1-114 libjpeg62-turbo libpng16-16 libpoppler-glib8 libpq5 libreoffice-core librsvg2-2 libsqlite3-0 libtiff5 libwrap0 libyaz4 locales mediainfo nodejs openjdk-8-jre-headless shared-mime-info sudo tzdata yarn" \
   DEBIAN_FRONTEND="noninteractive" \
   RAILS_ENV="production" \
   LANG="en_US.UTF-8"
@@ -88,20 +90,21 @@ RUN \
   dpkg-reconfigure --frontend=noninteractive locales && \
   update-locale LANG=en_US.UTF-8
 
-RUN gem install bundler:2.2.20
+RUN gem update --system
 
 COPY --from=ruby-deps /tmp/stage/bin/* /usr/local/bin/
 COPY --chown=app:staff --from=ruby-deps /usr/local/bundle /usr/local/bundle
-COPY --chown=app:app --from=ruby-deps /home/app/current/vendor/gems/ /home/app/current/vendor/gems/
-COPY --chown=app:app --from=npm-deps /home/app/current/node_modules/ /home/app/current/node_modules/
-COPY --chown=app:app . /home/app/current/
+COPY --chown=app:app --from=npm-deps /home/app/node_modules/ /home/app/node_modules/
+COPY --chown=app:app . /home/app/
 
 RUN mkdir /var/run/puma && chown root:app /var/run/puma && chmod 0775 /var/run/puma
 
 USER app
-WORKDIR /home/app/current
+WORKDIR /home/app
+ENV BUNDLE_WITH='aws:postgres:zoom' BUNDLE_WITHOUT='development:test'
 RUN bundle exec rake assets:precompile SECRET_KEY_BASE=$(ruby -r 'securerandom' -e 'puts SecureRandom.hex(64)')
 
 EXPOSE 3000
+ENV PATH="/home/app/bin:${PATH}"
 CMD bin/boot_container
 HEALTHCHECK --start-period=60s CMD curl -f http://localhost:3000/

bin/run

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+HOME=/home/app
+sudo -u app -E -s $@

config/application.rb

@@ -65,6 +65,14 @@ class Application < Rails::Application
       end
     end
 
+    if Settings&.active_storage&.service_configurations.present?
+      configs = Settings.active_storage.service_configurations.to_hash
+      if config.active_storage.service_configurations.kind_of?(Hash)
+        config.active_storage.service_configurations.merge!(configs)
+      else
+        config.active_storage.service_configurations = configs
+      end
+    end
     config.active_storage.service = (Settings&.active_storage&.service.presence || "local").to_sym
   end
 end

config/environments/production.rb

@@ -68,10 +68,13 @@
     logger           = ActiveSupport::Logger.new(STDOUT)
     logger.formatter = config.log_formatter
     config.logger    = ActiveSupport::TaggedLogging.new(logger)
-  else
+  end
+
+  if ENV["RAILS_LOG_WITH_LOGRAGE"].present?
     config.lograge.enabled = true
     config.lograge.custom_options = -> (event) { { time: event.time } }
     config.lograge.ignore_actions = ['CatalogController#index']
+    config.lograge.formatter = Lograge::Formatters::Json.new
   end
 
   # Use the lowest log level to ensure availability of diagnostic information

terraform/.tflint.hcl

@@ -0,0 +1,20 @@
+config {
+  module = true
+}
+
+plugin "aws" {
+  enabled = true
+  version = "0.7.1"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+
+rule "aws_resource_missing_tags" {
+  enabled   = true
+  tags      = ["Component", "Environment", "Git", "Project"]
+}
+
+rule "terraform_module_pinned_source" {
+  enabled             = false
+  style               = "flexible"
+  default_branches    = ["master"]
+}