INFRA-1064: Create infra folder with task definition

.github/actions/build-task-definition/action.yml

@@ -57,7 +57,8 @@ runs:
       env: 
         TF_VAR_image_tag: ${{ inputs.image_tag }}
       working-directory: ${{ inputs.working_directory }}
-      run: gmake ENV=${{ inputs.environment }} TIER=${{ inputs.tier }} REGION=${{ inputs.region }} plan && AWS_REGION=${{ inputs.region }} terraform apply -auto-approve --target 'aws_ecs_task_definition.service_task'  -var-file=environments/${{ inputs.environment }}/${{ inputs.environment }}-${{ inputs.tier }}.tfvars
+      # --target 'aws_ecs_task_definition.service_task' -> in order to apply only task def changes
+      run: gmake ENV=${{ inputs.environment }} TIER=${{ inputs.tier }} REGION=${{ inputs.region }} plan && AWS_REGION=${{ inputs.region }} terraform apply -auto-approve -var-file=environments/${{ inputs.environment }}/${{ inputs.environment }}-${{ inputs.tier }}.tfvars
 
     - name: Get task definition version
       shell: bash

.github/workflows/deploy-to-stage.yml

@@ -6,7 +6,7 @@ env:
   AWS_IAM_AUTH_REGION : "us-east-1" 
   APP : "mock-warden"
   CHANNEL : "mock-warden-infra"
-  ENV : "dev"
+  ENV : "stage"
   TIER : "use1"
   REGION : "us-east-1"
   #ECS
@@ -34,34 +34,35 @@ jobs:
         image_tag: ${{ steps.version.outputs.tag }}
         server_name: ${{ env.APP }}
         dockerfile: ./Dockerfile
-    # - name: Build task definition
-    #   uses: ./.github/actions/build-task-definition
-    #   id: build-task-definition
-    #   with:
-    #     working_directory: ./infra
-    #     image_tag: ${{ steps.get-version.outputs.tag }}
-    #     github_user: ${{ secrets.A_GH_USER }}
-    #     github_token: ${{ secrets.A_GH_TOKEN }}
-    #     environment: ${{ env.ENV }}
-    #     tier: ${{ env.TIER }}
-    #     region: ${{ env.REGION }}
-    #     aws_role_to_assume: arn:aws:iam::708050157146:role/github_eb_ci_cd
 
-    # - name: Deploy to ECS
-    #   uses: ./.github/actions/deploy
-    #   with:
-    #     task_definition_version: ${{ steps.build-task-definition.outputs.task_definition_version }}
-    #     service_name: ${{ env.APP }}
-    #     region: ${{ env.REGION }}
-    #     environment: ${{ env.ENV }}
+    - name: Build task definition
+      uses: ./.github/actions/build-task-definition
+      id: build-task-definition
+      with:
+        working_directory: ./infra
+        image_tag: ${{ steps.version.outputs.tag }}
+        github_user: ${{ secrets.A_GH_USER }}
+        github_token: ${{ secrets.A_GH_TOKEN }}
+        environment: ${{ env.ENV }}
+        tier: ${{ env.TIER }}
+        region: ${{ env.REGION }}
+        aws_role_to_assume: arn:aws:iam::708050157146:role/github_eb_ci_cd
+
+    - name: Deploy to ECS
+      uses: ./.github/actions/deploy
+      with:
+        task_definition_version: ${{ steps.build-task-definition.outputs.task_definition_version }}
+        service_name: ${{ env.APP }}
+        region: ${{ env.REGION }}
+        environment: ${{ env.ENV }}
 
-    # - name: Slack Notification
-    #   if: ${{ !cancelled() }}
-    #   uses: rtCamp/action-slack-notify@v2
-    #   env:
-    #     SLACK_CHANNEL: ${{ env.CHANNEL }}
-    #     SLACK_COLOR: ${{ job.status }} # or a specific color like 'good' or '#ff00ff'
-    #     SLACK_MESSAGE: '${{ vars.ENV }}  ${{ env.APP }}  Deployed to ${{ vars.NAME }} ${{ steps.get-version.outputs.tag }} : ${{ job.status }} '
-    #     SLACK_TITLE: Status
-    #     SLACK_USERNAME: Deployer
-    #     SLACK_WEBHOOK: ${{ secrets.CI_CD_WEBHOOK }}
+    - name: Slack Notification
+      if: ${{ !cancelled() }}
+      uses: rtCamp/action-slack-notify@v2
+      env:
+        SLACK_CHANNEL: ${{ env.CHANNEL }}
+        SLACK_COLOR: ${{ job.status }} # or a specific color like 'good' or '#ff00ff'
+        SLACK_MESSAGE: '${{ env.APP }} ${{ steps.version.outputs.tag }} deployed: ${{ job.status }} '
+        SLACK_TITLE: Status
+        SLACK_USERNAME: Deployer
+        SLACK_WEBHOOK: ${{ secrets.CI_CD_WEBHOOK }}

.github/workflows/tf-plan.yml

@@ -0,0 +1,55 @@
+name: Terraform check
+on:
+  pull_request:
+    paths:
+      - "infra/**"
+env:
+  AWS_IAM_AUTH_REGION: "us-east-1"
+  AWS_IAM_AUTH_ROLE_DEV: "arn:aws:iam::708050157146:role/github_eb_ci_cd"
+  WORKING_DIR: .//infra
+permissions:
+  id-token: write
+  contents: read
+jobs:
+  plan:
+    runs-on: ubuntu-24.04
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: true
+
+    - name: Get version
+      id: version
+      uses: ./.github/actions/get-version
+
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 18
+    - uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_version: "1.5.0"
+    - name: Configure AWS credentials from dev account
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        role-to-assume: ${{env.AWS_IAM_AUTH_ROLE_DEV}}
+        role-session-name: GitHub_to_AWS_via_FederatedOIDC
+        aws-region: ${{ env.AWS_IAM_AUTH_REGION }}
+
+    # Setup the same GH credentials in use by Atlantis
+    - name: Setup infra robot credentials
+      env:
+        GIT_TOKEN: ${{ secrets.A_GH_TOKEN }}
+        GIT_USER: ${{ secrets.A_GH_USER }}
+      run: |
+        git config --global url."https://${{ env.GIT_USER }}:${{ env.GIT_TOKEN }}@github.com".insteadOf "ssh://[email protected]"
+
+    - name: STAGE Terraform plan
+      env:
+        TF_VAR_image_tag: ${{ steps.version.outputs.tag }}
+        ENVIRONMENT: stage
+        TIER: use1
+        REGION: us-east-1
+      working-directory: ${{ env.WORKING_DIR }}
+      run: gmake ENV=${{ env.ENVIRONMENT }} TIER=${{ env.TIER }} REGION=${{ env.REGION }} plan
+

deploy_detached.sh

@@ -0,0 +1,129 @@
+#!/bin/bash
+
+set -e
+# Global variable to store deployment ID
+DEPLOYMENT_ID="unset"
+
+# Function to display messages in red color
+display_error() {
+  local message="$1"
+  # Red color code
+  RED='\033[0;31m'
+  # Reset color code
+  NC='\033[0m'
+  echo -e "${RED}$message${NC}"
+}
+
+# Function to display messages in green color
+display_success() {
+  local message="$1"
+  # Green color code
+  GREEN='\033[0;32m'
+  # Reset color code
+  NC='\033[0m'
+  echo -e "${GREEN}$message${NC}"
+}
+
+# Function to display usage message
+display_usage() {
+  display_error "Usage: $0 <AWS_REGION> <ECS_CLUSTER> <IS_RC> [<TD_VERSION>]"
+  exit 1
+}
+
+
+# Function to check service events for errors
+check_service_events() {
+  local service_name="$1"
+  # Use the global variable DEPLOYMENT_ID directly without creating a local variable
+  local deployment_result=$(aws ecs describe-services --region "$AWS_REGION" --cluster "$ECS_CLUSTER" --services "$service_name" | jq -r --arg ID "$DEPLOYMENT_ID" '.services[0].deployments[] | select(.id == $ID).rolloutState')
+  # Add a loop to wait for 5 seconds if deployment_result is IN_PROGRESS in case the deployment is not finished yet
+  while [ "$deployment_result" == "IN_PROGRESS" ]; do
+    sleep 5
+    deployment_result=$(aws ecs describe-services --region "$AWS_REGION" --cluster "$ECS_CLUSTER" --services "$service_name" | jq -r --arg ID "$DEPLOYMENT_ID" '.services[0].deployments[] | select(.id == $ID).rolloutState')
+    echo deployment in progress with status: $deployment_result
+  done
+  # Add a condition to check if deployment_result is different from COMPLETED
+  if [ "$deployment_result" != "COMPLETED" ]; then
+      display_error "Deployment id: $DEPLOYMENT_ID for $first_service did not complete successfully. Exiting."
+      #If the task definition can't be deployed is deregistered to avoid possible re deployments
+      if [ -n "$TD_VERSION" ]; then
+        #prevent deregistering task temporarly
+        display_error "[disabled] Deregistering task definition revision $TD_VERSION"
+        #aws ecs deregister-task-definition --region "$AWS_REGION" --task-definition "$TD_VERSION" > /dev/null
+      fi
+      display_error "Deployment failed resulting in a rollback"
+      exit 1
+  else
+    display_success "Service $service_name deployed and validated"
+  fi
+}
+
+# Function to deploy and validate a single service
+deploy() {
+  local service_arn="$1"
+  local service=$(basename "$service_arn")
+
+
+  #Check if TD_VERSION is set
+  if [ -n "$TD_VERSION" ]; then
+    DEPLOYMENT_ID=$(aws ecs update-service --force-new-deployment --region "$AWS_REGION" --cluster "$ECS_CLUSTER" --service "$service" --task-definition "$TD_VERSION" --no-cli-pager | jq -r '.service.deployments[0].id')
+    display_success "Deploying service $service in cluster $ECS_CLUSTER from region $AWS_REGION with task definition $TD_VERSION"
+    display_success " command: aws ecs update-service --force-new-deployment --region "$AWS_REGION" --cluster "$ECS_CLUSTER" --service "$service" --task-definition "$TD_VERSION" --no-cli-pager "
+  else
+    DEPLOYMENT_ID=$(aws ecs update-service --force-new-deployment --region "$AWS_REGION" --cluster "$ECS_CLUSTER" --service "$service" --no-cli-pager | jq -r '.service.deployments[0].id')
+    display_success "Deploying service $service in cluster $ECS_CLUSTER from region $AWS_REGION without task definition"
+    display_success " command: aws ecs update-service --force-new-deployment --region "$AWS_REGION" --cluster "$ECS_CLUSTER" --service "$service" --no-cli-pager "
+  fi
+  display_success "Deployment: $DEPLOYMENT_ID"
+}
+
+# Check if the required arguments are provided
+if [ $# -ne 3 ] && [ $# -ne 4 ]; then
+  display_usage
+fi
+
+# Extract the arguments
+AWS_REGION="$1"
+ECS_CLUSTER="$2"
+IS_RC="$3"
+TD_VERSION="$4"
+
+# Record start time
+START_TIME=$(date +%s)
+if [ -n "$TD_VERSION" ]; then
+  display_success "Task definition: $TD_VERSION"
+fi
+
+if [ "$IS_RC" -eq 1 ]; then
+  display_success "Deploying RC"
+  services_array=($(aws ecs list-services --cluster "$ECS_CLUSTER" --region "$AWS_REGION" | jq -r '.serviceArns[] | select(contains("rc"))' | sort))
+else
+  display_success "Deploying Main"
+  services_array=($(aws ecs list-services --cluster "$ECS_CLUSTER" --region "$AWS_REGION" | jq -r '.serviceArns[] | select(contains("rc") | not)' | sort))
+fi
+
+# Check if services are found
+if [ ${#services_array[@]} -eq 0 ]; then
+  display_error "Error: No services found!"
+  exit 1
+fi
+  first_service=($(basename "${services_array[0]}"))
+  # Run deploy function in the background
+  deploy "$first_service"
+  #deploy first service
+  aws ecs wait services-stable --region "$AWS_REGION" --cluster "$ECS_CLUSTER" --service "$first_service" 
+  # Check service events for errors after waiting for stability
+  check_service_events "$first_service"
+
+# Deploy and validate the rest of the services services
+for service_arn in "${services_array[@]:1}"; do
+  display_success "Deploying remaining services"
+  deploy "$service_arn"
+done
+
+# Record end time
+END_TIME=$(date +%s)
+
+# Calculate and display total execution time
+TOTAL_EXECUTION_TIME=$((END_TIME - START_TIME))
+display_success "Total execution time: $TOTAL_EXECUTION_TIME seconds"

infra/.gitignore

@@ -0,0 +1,30 @@
+.DS_Store
+*.png
+*.jpg
+graph.png
+noteTOUPDATEINITwithLetsEncryptstuff
+
+#  Local .terraform directories
+**/.terraform/*
+.terraform/
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+./*.tfstate
+terraform.tfstate.d/*
+
+# .tfvars files
+*.tfvars
+./*.tfvars
+variables/*.tfvars
+!example_ENV-TIER.tfvars
+!/environments/*/*.tfvars
+
+# ignore git repos
+!/working_repos/placeholder
+/working_repos/*
+!/bare_repos/placeholder
+/bare_repos/*
+*.terraform.lock.hcl
+*.tool-versions

infra/.terraform-version

@@ -0,0 +1 @@
+1.5.0