From 524c20668a312de2aee0091b9b13d1fa7cf0eb3f Mon Sep 17 00:00:00 2001 From: David Wilkie Date: Fri, 13 Sep 2024 15:35:15 +0700 Subject: [PATCH 01/14] Use offical ruby lambda image for services --- .github/workflows/services.yml | 2 +- components/services/Dockerfile | 19 +++++++------------ components/services/config/app_settings.rb | 1 + .../services/config/initializers/aws_stubs.rb | 2 ++ .../services/lib/encrypted_credentials.rb | 1 + 5 files changed, 12 insertions(+), 13 deletions(-) diff --git a/.github/workflows/services.yml b/.github/workflows/services.yml index 202a478c7..426432371 100644 --- a/.github/workflows/services.yml +++ b/.github/workflows/services.yml @@ -61,7 +61,7 @@ jobs: { "identifier": "switch-services-staging", "environment": "staging", - "branch": "develop", + "branch": "use_official_aws_lambda_images", "image_tag": "staging" }, { diff --git a/components/services/Dockerfile b/components/services/Dockerfile index 8d319b935..83b8918ad 100644 --- a/components/services/Dockerfile +++ b/components/services/Dockerfile @@ -1,10 +1,9 @@ ARG FUNCTION_DIR="/function" ARG RUBY_VERSION=3.3 -FROM public.ecr.aws/docker/library/ruby:$RUBY_VERSION-alpine AS build-image +FROM public.ecr.aws/lambda/ruby:$RUBY_VERSION AS build-image -RUN apk update && \ - apk upgrade && \ - apk add --update --no-cache build-base postgresql-dev +RUN dnf update && \ + dnf -y install postgresql-devel openssl-devel gcc make RUN gem install bundler @@ -28,9 +27,9 @@ COPY app/ ${FUNCTION_DIR}/app/ COPY config/ ${FUNCTION_DIR}/config/ COPY lib/ ${FUNCTION_DIR}/lib/ -############################# +# ############################# -FROM public.ecr.aws/docker/library/ruby:$RUBY_VERSION-alpine +FROM public.ecr.aws/lambda/ruby:$RUBY_VERSION ARG FUNCTION_DIR WORKDIR ${FUNCTION_DIR} @@ -38,13 +37,9 @@ WORKDIR ${FUNCTION_DIR} ENV BUNDLE_APP_CONFIG="${FUNCTION_DIR}/.bundle" COPY --from=build-image ${FUNCTION_DIR} ${FUNCTION_DIR} -RUN apk update && \ - apk upgrade && \ - apk add --update --no-cache postgresql-dev && \ - gem install bundler && \ - gem install aws_lambda_ric +RUN dnf update && \ + dnf -y install postgresql-devel ENV RUBY_YJIT_ENABLE=true -ENTRYPOINT [ "/usr/local/bundle/bin/aws_lambda_ric" ] CMD [ "app.App::Handler.process" ] diff --git a/components/services/config/app_settings.rb b/components/services/config/app_settings.rb index 3598dd7ee..03f1bfdc7 100644 --- a/components/services/config/app_settings.rb +++ b/components/services/config/app_settings.rb @@ -1,5 +1,6 @@ require "yaml" require "erb" +require "pathname" class AppSettings DEFAULT_SETTINGS_PATH = Pathname(File.expand_path("app_settings.yml", __dir__)) diff --git a/components/services/config/initializers/aws_stubs.rb b/components/services/config/initializers/aws_stubs.rb index 8e1a688c9..6ef4ee8e1 100644 --- a/components/services/config/initializers/aws_stubs.rb +++ b/components/services/config/initializers/aws_stubs.rb @@ -1,3 +1,5 @@ +require "aws-sdk-core" + if %w[development test].include?(AppSettings.env) Aws.config[:ssm] = { stub_responses: { diff --git a/components/services/lib/encrypted_credentials.rb b/components/services/lib/encrypted_credentials.rb index b7808153f..da7e97229 100644 --- a/components/services/lib/encrypted_credentials.rb +++ b/components/services/lib/encrypted_credentials.rb @@ -2,6 +2,7 @@ require "tempfile" require "openssl" require "base64" +require "pathname" module EncryptedCredentials class EncryptedFile From 998c13fb6bcb7bbc1b1d4be28007771d82a6060f Mon Sep 17 00:00:00 2001 From: David Wilkie Date: Sat, 14 Sep 2024 13:13:09 +0700 Subject: [PATCH 02/14] WIP --- components/services/Dockerfile | 10 ++++------ components/services/config/application.rb | 3 +++ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/components/services/Dockerfile b/components/services/Dockerfile index 83b8918ad..478876681 100644 --- a/components/services/Dockerfile +++ b/components/services/Dockerfile @@ -5,8 +5,6 @@ FROM public.ecr.aws/lambda/ruby:$RUBY_VERSION AS build-image RUN dnf update && \ dnf -y install postgresql-devel openssl-devel gcc make -RUN gem install bundler - ARG FUNCTION_DIR RUN mkdir -p ${FUNCTION_DIR} COPY Gemfile Gemfile.lock ${FUNCTION_DIR}/ @@ -14,11 +12,11 @@ WORKDIR ${FUNCTION_DIR} ENV BUNDLE_APP_CONFIG="${FUNCTION_DIR}/.bundle" -RUN bundle config --local deployment true && \ +RUN gem install bundler && \ + bundle config --local deployment true && \ bundle config --local path "vendor/bundle" && \ - bundle config --local without 'development test' - -RUN bundle install --jobs 20 --retry 5 + bundle config --local without 'development test' && \ + bundle install RUN rm -rf vendor/bundle/ruby/*/cache/ && find vendor/ -name "*.o" -delete && find vendor/ -name "*.c" diff --git a/components/services/config/application.rb b/components/services/config/application.rb index d442dfc79..632f767d5 100644 --- a/components/services/config/application.rb +++ b/components/services/config/application.rb @@ -1,3 +1,6 @@ +require "bundler" +Bundler.require + require_relative "app_settings" require_relative "initializers/aws_stubs" From e30792a11e6877416178845bc3c710fb12b3f446 Mon Sep 17 00:00:00 2001 From: David Wilkie Date: Sat, 14 Sep 2024 13:14:54 +0700 Subject: [PATCH 03/14] WIP --- components/services/config/application.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/services/config/application.rb b/components/services/config/application.rb index 632f767d5..eb3dbd395 100644 --- a/components/services/config/application.rb +++ b/components/services/config/application.rb @@ -1,5 +1,5 @@ require "bundler" -Bundler.require +Bundler.require(:default) require_relative "app_settings" require_relative "initializers/aws_stubs" From 90f9df2f9ce96e7ec38fe78d0f38b20caef612fe Mon Sep 17 00:00:00 2001 From: David Wilkie Date: Sat, 14 Sep 2024 14:10:10 +0700 Subject: [PATCH 04/14] Build on codebuild --- .github/workflows/services.yml | 138 +++++++++++++++++++++++---------- 1 file changed, 98 insertions(+), 40 deletions(-) diff --git a/.github/workflows/services.yml b/.github/workflows/services.yml index 426432371..f59f415e1 100644 --- a/.github/workflows/services.yml +++ b/.github/workflows/services.yml @@ -3,6 +3,9 @@ name: Services env: CI: true + ECR_REGISTRY: 324279636507.dkr.ecr.ap-southeast-1.amazonaws.com + GHCR_REGISTRY: ghcr.io/somleng + REPOSITORY_NAME: somleng-switch-services jobs: build: @@ -11,6 +14,8 @@ jobs: outputs: matrix: ${{ steps.set-deployment-matrix.outputs.matrix }} matrixLength: ${{ steps.set-deployment-matrix.outputs.matrixLength }} + packageMatrix: ${{ steps.set-deployment-matrix.outputs.packageMatrix }} + defaults: run: working-directory: components/services @@ -62,13 +67,15 @@ jobs: "identifier": "switch-services-staging", "environment": "staging", "branch": "use_official_aws_lambda_images", - "image_tag": "staging" + "friendly_image_tag": "beta", + "image_tag": "stag-${{ github.sha }}" }, { "identifier": "switch-services", "environment": "production", "branch": "master", - "image_tag": "latest" + "friendly_image_tag": "latest", + "image_tag": "prod-${{ github.sha }}" } ] EOF @@ -76,11 +83,98 @@ jobs: matrix=$(echo $matrixSource | jq --arg branchName "$branchName" 'map(. | select((.branch==$branchName)) )') echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT echo "matrixLength=$(echo $matrix | jq length)" >> $GITHUB_OUTPUT + echo "packageMatrix={\"platform\":[\"arm64\"],\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT + + build-packages: + name: Build Packages + runs-on: ubuntu-latest + if: needs.build.outputs.matrixLength > 0 + + strategy: + matrix: ${{fromJSON(needs.build.outputs.packageMatrix)}} + fail-fast: false + + needs: + - build + + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + role-skip-session-tagging: true + role-duration-seconds: 3600 + aws-region: ap-southeast-1 + + - name: Build image + uses: aws-actions/aws-codebuild-run-build@v1 + with: + project-name: somleng-switch-${{ matrix.platform }} + buildspec-override: | + version: 0.2 + phases: + build: + steps: + - name: Build + run: | + aws ecr get-login-password --region ap-southeast-1 | docker login --username AWS --password-stdin ${{ env.ECR_REGISTRY }} + export DOCKER_BUILDKIT=1 + docker buildx --cache-from ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --tag ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --push . + docker buildx imagetools create -t ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }} -t ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.image_tag }} ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 + + publish_images: + name: Publish Images + runs-on: ubuntu-latest + + needs: + - build + - build-packages + + strategy: + matrix: ${{fromJSON(needs.build.outputs.matrix)}} + + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + role-skip-session-tagging: true + role-duration-seconds: 3600 + aws-region: ap-southeast-1 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Login to ECR + uses: docker/login-action@v3 + with: + registry: ${{ env.ECR_REGISTRY }} + + - name: Publish Images + run: | + docker image pull ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 + docker tag ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 ${{ env.GHCR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 + docker push ${{ env.GHCR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ matrix.friendly_image_tag }}-arm64 + docker buildx imagetools create -t ${{ env.GHCR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }} "${{ env.GHCR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64" deploy: name: Deploy runs-on: ubuntu-latest - needs: build + needs: + - build + - build-packages + if: needs.build.outputs.matrixLength > 0 defaults: run: @@ -90,10 +184,6 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_DEFAULT_REGION: ap-southeast-1 - ECR_REGISTRY: 324279636507.dkr.ecr.ap-southeast-1.amazonaws.com - ECR_REPOSITORY: 324279636507.dkr.ecr.ap-southeast-1.amazonaws.com/somleng-switch-services - GHCR_REPOSITORY: ghcr.io/somleng/switch-services - IMAGE_TAG: ${{ github.sha }} strategy: matrix: ${{fromJson(needs.build.outputs.matrix)}} @@ -113,42 +203,10 @@ jobs: role-duration-seconds: 3600 aws-region: ap-southeast-1 - - name: Login to AWS ECR - uses: docker/login-action@v3 - with: - registry: ${{ env.ECR_REGISTRY }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build and push - uses: docker/build-push-action@v6 - with: - push: true - provenance: false - platforms: linux/arm64 - cache-from: type=gha,scope=${{ matrix.identifier }} - cache-to: type=gha,mode=max,scope=${{ matrix.identifier }} - context: components/services - tags: | - ${{ env.ECR_REPOSITORY }}:${{ matrix.image_tag }} - ${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} - ${{ env.GHCR_REPOSITORY }}:${{ matrix.image_tag }} - - name: Deploy Lambda run: | aws lambda update-function-code --function-name ${{ matrix.identifier }} \ - --image-uri ${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} \ + --image-uri ${{ env.REPOSITORY_NAME }}:${{ matrix.image_tag }} \ --architectures "arm64" \ --publish From 45309a13ec01d86d6d57ef0d1beebfed43427054 Mon Sep 17 00:00:00 2001 From: David Wilkie Date: Sat, 14 Sep 2024 14:16:00 +0700 Subject: [PATCH 05/14] WIP --- infrastructure/core/.terraform.lock.hcl | 1 + infrastructure/core/codebuild.tf | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/infrastructure/core/.terraform.lock.hcl b/infrastructure/core/.terraform.lock.hcl index 0c5d75e51..6d9e93939 100644 --- a/infrastructure/core/.terraform.lock.hcl +++ b/infrastructure/core/.terraform.lock.hcl @@ -5,6 +5,7 @@ provider "registry.terraform.io/hashicorp/aws" { version = "5.15.0" hashes = [ "h1:3nyOhTsrJuoemeNyCu6rrhdWfJR0TCsq+9DZeErSd0g=", + "h1:CFUr3EXmKTr3G4Nl+Yxf24NnhKQQDCyeBG+SS4YFblE=", "zh:069d0037cd1f8791a27ec31a535ce47d02d4f220fe88f9c3caa8661c0a98892a", "zh:08c18e8f5f69736e86919e6c2a68c94f39f879511d51b2a8e58ad1776ee18854", "zh:41c9c95e225f72421fa4a1c3e5105f36b3b149cba1daf9bc88b0a993c1d19e07", diff --git a/infrastructure/core/codebuild.tf b/infrastructure/core/codebuild.tf index 612daa0d4..702041327 100644 --- a/infrastructure/core/codebuild.tf +++ b/infrastructure/core/codebuild.tf @@ -47,6 +47,11 @@ resource "aws_iam_role_policy_attachment" "codebuild_ecr_public" { policy_arn = "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicPowerUser" } +resource "aws_iam_role_policy_attachment" "codebuild_ecr" { + role = aws_iam_role.codebuild.name + policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser" +} + resource "aws_codebuild_project" "amd64" { name = "${local.codebuild_identifier}-amd64" From 2515d3009add5fcd0343dc1d3802e315dc0820a9 Mon Sep 17 00:00:00 2001 From: David Wilkie Date: Sat, 14 Sep 2024 14:21:23 +0700 Subject: [PATCH 06/14] WIP --- .github/workflows/services.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/services.yml b/.github/workflows/services.yml index f59f415e1..60d8a3ce7 100644 --- a/.github/workflows/services.yml +++ b/.github/workflows/services.yml @@ -121,7 +121,7 @@ jobs: run: | aws ecr get-login-password --region ap-southeast-1 | docker login --username AWS --password-stdin ${{ env.ECR_REGISTRY }} export DOCKER_BUILDKIT=1 - docker buildx --cache-from ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --tag ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --push . + docker buildx build --cache-from ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --tag ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --push . docker buildx imagetools create -t ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }} -t ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.image_tag }} ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 publish_images: From 06dfa43dc820cde9641174ded7a507c8f7e11b6d Mon Sep 17 00:00:00 2001 From: David Wilkie Date: Sat, 14 Sep 2024 14:28:02 +0700 Subject: [PATCH 07/14] WIP --- .github/workflows/services.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/services.yml b/.github/workflows/services.yml index 60d8a3ce7..2a37b3529 100644 --- a/.github/workflows/services.yml +++ b/.github/workflows/services.yml @@ -119,6 +119,7 @@ jobs: steps: - name: Build run: | + cd components/services aws ecr get-login-password --region ap-southeast-1 | docker login --username AWS --password-stdin ${{ env.ECR_REGISTRY }} export DOCKER_BUILDKIT=1 docker buildx build --cache-from ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --tag ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --push . From 8b7000cabe027ae9b77f63dba58c2cd50d431504 Mon Sep 17 00:00:00 2001 From: David Wilkie Date: Sat, 14 Sep 2024 14:36:42 +0700 Subject: [PATCH 08/14] WIP --- .github/workflows/services.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/services.yml b/.github/workflows/services.yml index 2a37b3529..1e4c4c19d 100644 --- a/.github/workflows/services.yml +++ b/.github/workflows/services.yml @@ -166,7 +166,7 @@ jobs: run: | docker image pull ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 docker tag ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 ${{ env.GHCR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 - docker push ${{ env.GHCR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ matrix.friendly_image_tag }}-arm64 + docker push ${{ env.GHCR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 docker buildx imagetools create -t ${{ env.GHCR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }} "${{ env.GHCR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64" deploy: @@ -207,7 +207,7 @@ jobs: - name: Deploy Lambda run: | aws lambda update-function-code --function-name ${{ matrix.identifier }} \ - --image-uri ${{ env.REPOSITORY_NAME }}:${{ matrix.image_tag }} \ + --image-uri ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.image_tag }} \ --architectures "arm64" \ --publish From 2194192f6cbca3a3ef52513f7f55b20660d24b83 Mon Sep 17 00:00:00 2001 From: David Wilkie Date: Sat, 14 Sep 2024 14:48:26 +0700 Subject: [PATCH 09/14] WIP --- .github/workflows/services.yml | 2 +- infrastructure/core/ecr.tf | 116 ++++++++++++++++++++++++--------- 2 files changed, 87 insertions(+), 31 deletions(-) diff --git a/.github/workflows/services.yml b/.github/workflows/services.yml index 1e4c4c19d..f7ed1f3fb 100644 --- a/.github/workflows/services.yml +++ b/.github/workflows/services.yml @@ -5,7 +5,7 @@ env: CI: true ECR_REGISTRY: 324279636507.dkr.ecr.ap-southeast-1.amazonaws.com GHCR_REGISTRY: ghcr.io/somleng - REPOSITORY_NAME: somleng-switch-services + REPOSITORY_NAME: switch-services jobs: build: diff --git a/infrastructure/core/ecr.tf b/infrastructure/core/ecr.tf index 177cccd8d..a77eb7473 100644 --- a/infrastructure/core/ecr.tf +++ b/infrastructure/core/ecr.tf @@ -1,92 +1,92 @@ resource "aws_ecrpublic_repository" "switch" { repository_name = "somleng-switch" - provider = aws.us-east-1 + provider = aws.us-east-1 catalog_data { - about_text = "Somleng Switch" - architectures = ["Linux"] - description = "SomlengSWITCH is the switch layer for Somleng. It includes an open source TwiML interpreter" + about_text = "Somleng Switch" + architectures = ["Linux"] + description = "SomlengSWITCH is the switch layer for Somleng. It includes an open source TwiML interpreter" } } resource "aws_ecrpublic_repository" "nginx" { repository_name = "somleng-switch-nginx" - provider = aws.us-east-1 + provider = aws.us-east-1 catalog_data { - about_text = "Somleng Switch Nginx" - architectures = ["Linux"] + about_text = "Somleng Switch Nginx" + architectures = ["Linux"] } } resource "aws_ecrpublic_repository" "freeswitch" { repository_name = "somleng-switch-freeswitch" - provider = aws.us-east-1 + provider = aws.us-east-1 catalog_data { - about_text = "Somleng Switch FreeSWITCH" - architectures = ["Linux"] - description = "FreeSWITCH configuration optimized for Somleng" + about_text = "Somleng Switch FreeSWITCH" + architectures = ["Linux"] + description = "FreeSWITCH configuration optimized for Somleng" } } resource "aws_ecrpublic_repository" "freeswitch_event_logger" { repository_name = "somleng-switch-freeswitch-event-logger" - provider = aws.us-east-1 + provider = aws.us-east-1 catalog_data { - about_text = "Somleng Switch FreeSWITCH Event Logger" - architectures = ["Linux"] + about_text = "Somleng Switch FreeSWITCH Event Logger" + architectures = ["Linux"] } } resource "aws_ecrpublic_repository" "public_gateway" { repository_name = "public-gateway" - provider = aws.us-east-1 + provider = aws.us-east-1 catalog_data { - about_text = "Somleng Public Gateway" - architectures = ["Linux"] + about_text = "Somleng Public Gateway" + architectures = ["Linux"] } } resource "aws_ecrpublic_repository" "client_gateway" { repository_name = "client-gateway" - provider = aws.us-east-1 + provider = aws.us-east-1 catalog_data { - about_text = "Somleng Client Gateway" - architectures = ["Linux"] + about_text = "Somleng Client Gateway" + architectures = ["Linux"] } } resource "aws_ecrpublic_repository" "media_proxy" { repository_name = "media-proxy" - provider = aws.us-east-1 + provider = aws.us-east-1 catalog_data { - about_text = "Somleng Media Proxy" - architectures = ["Linux"] + about_text = "Somleng Media Proxy" + architectures = ["Linux"] } } resource "aws_ecrpublic_repository" "opensips_scheduler" { repository_name = "opensips-scheduler" - provider = aws.us-east-1 + provider = aws.us-east-1 catalog_data { - about_text = "Somleng OpenSIPS Scheduler" - architectures = ["Linux"] + about_text = "Somleng OpenSIPS Scheduler" + architectures = ["Linux"] } } resource "aws_ecrpublic_repository" "gateway" { repository_name = "gateway" - provider = aws.us-east-1 + provider = aws.us-east-1 catalog_data { - about_text = "Somleng Gateway" - architectures = ["Linux"] + about_text = "Somleng Gateway" + architectures = ["Linux"] usage_text = < Date: Sat, 14 Sep 2024 15:02:33 +0700 Subject: [PATCH 10/14] WIP --- infrastructure/modules/services/docker.tf | 10 -- infrastructure/modules/services/iam.tf | 103 ++++++++++---------- infrastructure/modules/services/versions.tf | 1 - infrastructure/staging/.terraform.lock.hcl | 32 +++--- infrastructure/staging/terraform.tf | 10 ++ infrastructure/staging/versions.tf | 4 +- 6 files changed, 79 insertions(+), 81 deletions(-) diff --git a/infrastructure/modules/services/docker.tf b/infrastructure/modules/services/docker.tf index 41f7d95f9..577ec50cb 100644 --- a/infrastructure/modules/services/docker.tf +++ b/infrastructure/modules/services/docker.tf @@ -1,13 +1,3 @@ -data "aws_ecr_authorization_token" "token" {} - -provider "docker" { - registry_auth { - address = split("/", var.app_image)[0] - username = data.aws_ecr_authorization_token.token.user_name - password = data.aws_ecr_authorization_token.token.password - } -} - resource "docker_image" "this" { name = "${var.app_image}:latest" build { diff --git a/infrastructure/modules/services/iam.tf b/infrastructure/modules/services/iam.tf index 243c382f8..4a8169463 100644 --- a/infrastructure/modules/services/iam.tf +++ b/infrastructure/modules/services/iam.tf @@ -1,20 +1,17 @@ resource "aws_iam_role" "this" { - name = var.identifier - assume_role_policy = < Date: Sat, 14 Sep 2024 15:36:13 +0700 Subject: [PATCH 11/14] WIP --- .github/workflows/services.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/services.yml b/.github/workflows/services.yml index f7ed1f3fb..88b5fd7c6 100644 --- a/.github/workflows/services.yml +++ b/.github/workflows/services.yml @@ -14,7 +14,6 @@ jobs: outputs: matrix: ${{ steps.set-deployment-matrix.outputs.matrix }} matrixLength: ${{ steps.set-deployment-matrix.outputs.matrixLength }} - packageMatrix: ${{ steps.set-deployment-matrix.outputs.packageMatrix }} defaults: run: @@ -83,7 +82,6 @@ jobs: matrix=$(echo $matrixSource | jq --arg branchName "$branchName" 'map(. | select((.branch==$branchName)) )') echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT echo "matrixLength=$(echo $matrix | jq length)" >> $GITHUB_OUTPUT - echo "packageMatrix={\"platform\":[\"arm64\"],\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT build-packages: name: Build Packages @@ -91,8 +89,7 @@ jobs: if: needs.build.outputs.matrixLength > 0 strategy: - matrix: ${{fromJSON(needs.build.outputs.packageMatrix)}} - fail-fast: false + matrix: ${{fromJson(needs.build.outputs.matrix)}} needs: - build @@ -111,7 +108,7 @@ jobs: - name: Build image uses: aws-actions/aws-codebuild-run-build@v1 with: - project-name: somleng-switch-${{ matrix.platform }} + project-name: somleng-switch-arm64 buildspec-override: | version: 0.2 phases: @@ -122,7 +119,7 @@ jobs: cd components/services aws ecr get-login-password --region ap-southeast-1 | docker login --username AWS --password-stdin ${{ env.ECR_REGISTRY }} export DOCKER_BUILDKIT=1 - docker buildx build --cache-from ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --tag ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --push . + docker buildx build --cache-from ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --tag ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --tag ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.image_tag }}-${{ matrix.platform }} --push . docker buildx imagetools create -t ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }} -t ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.image_tag }} ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 publish_images: @@ -207,7 +204,7 @@ jobs: - name: Deploy Lambda run: | aws lambda update-function-code --function-name ${{ matrix.identifier }} \ - --image-uri ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.image_tag }} \ + --image-uri ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.image_tag }}-arm64 \ --architectures "arm64" \ --publish From 24375d3349c51c5736dfdf67baa59f0d8e1aabdd Mon Sep 17 00:00:00 2001 From: David Wilkie Date: Sat, 14 Sep 2024 15:39:11 +0700 Subject: [PATCH 12/14] WIP --- .github/workflows/services.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/services.yml b/.github/workflows/services.yml index 88b5fd7c6..96b482060 100644 --- a/.github/workflows/services.yml +++ b/.github/workflows/services.yml @@ -119,7 +119,7 @@ jobs: cd components/services aws ecr get-login-password --region ap-southeast-1 | docker login --username AWS --password-stdin ${{ env.ECR_REGISTRY }} export DOCKER_BUILDKIT=1 - docker buildx build --cache-from ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --tag ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --tag ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.image_tag }}-${{ matrix.platform }} --push . + docker buildx build --cache-from ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 --tag ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 --tag ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.image_tag }}-arm64 --push . docker buildx imagetools create -t ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }} -t ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.image_tag }} ${{ env.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 publish_images: From 1fc66111a4b58830262c3d4da0ad0311db1a43d4 Mon Sep 17 00:00:00 2001 From: David Wilkie Date: Sat, 14 Sep 2024 15:56:54 +0700 Subject: [PATCH 13/14] WIP --- .github/workflows/services.yml | 4 ++-- infrastructure/production/terraform.tf | 10 ++++++++++ infrastructure/production/versions.tf | 4 +++- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/.github/workflows/services.yml b/.github/workflows/services.yml index 96b482060..cfd6f7f21 100644 --- a/.github/workflows/services.yml +++ b/.github/workflows/services.yml @@ -65,14 +65,14 @@ jobs: { "identifier": "switch-services-staging", "environment": "staging", - "branch": "use_official_aws_lambda_images", + "branch": "develop", "friendly_image_tag": "beta", "image_tag": "stag-${{ github.sha }}" }, { "identifier": "switch-services", "environment": "production", - "branch": "master", + "branch": "use_official_aws_lambda_images", "friendly_image_tag": "latest", "image_tag": "prod-${{ github.sha }}" } diff --git a/infrastructure/production/terraform.tf b/infrastructure/production/terraform.tf index 9878a0f06..262d5080c 100644 --- a/infrastructure/production/terraform.tf +++ b/infrastructure/production/terraform.tf @@ -16,6 +16,16 @@ provider "aws" { alias = "helium" } +data "aws_ecr_authorization_token" "this" {} + +provider "docker" { + registry_auth { + address = data.aws_ecr_authorization_token.this.proxy_endpoint + username = data.aws_ecr_authorization_token.this.user_name + password = data.aws_ecr_authorization_token.this.password + } +} + data "terraform_remote_state" "core" { backend = "s3" diff --git a/infrastructure/production/versions.tf b/infrastructure/production/versions.tf index 1d23dfe5c..758f8f602 100644 --- a/infrastructure/production/versions.tf +++ b/infrastructure/production/versions.tf @@ -3,6 +3,8 @@ terraform { aws = { source = "hashicorp/aws" } + docker = { + source = "kreuzwerker/docker" + } } - required_version = ">= 0.13" } From ca81b1b2cfc0b78ef6289d745d135864d4a17f10 Mon Sep 17 00:00:00 2001 From: David Wilkie Date: Sat, 14 Sep 2024 16:04:18 +0700 Subject: [PATCH 14/14] WIP --- .github/workflows/services.yml | 2 +- infrastructure/core/ecr.tf | 8 -------- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/workflows/services.yml b/.github/workflows/services.yml index cfd6f7f21..5f1f5be35 100644 --- a/.github/workflows/services.yml +++ b/.github/workflows/services.yml @@ -72,7 +72,7 @@ jobs: { "identifier": "switch-services", "environment": "production", - "branch": "use_official_aws_lambda_images", + "branch": "master", "friendly_image_tag": "latest", "image_tag": "prod-${{ github.sha }}" } diff --git a/infrastructure/core/ecr.tf b/infrastructure/core/ecr.tf index a77eb7473..4cf9c7a36 100644 --- a/infrastructure/core/ecr.tf +++ b/infrastructure/core/ecr.tf @@ -117,14 +117,6 @@ resource "aws_ecr_repository" "s3_mpeg" { } } -resource "aws_ecr_repository" "services_legacy" { - name = "somleng-switch-services" - - image_scanning_configuration { - scan_on_push = true - } -} - resource "aws_ecr_repository" "services" { name = "switch-services"