From e6f96ba16a5c89a40dfe35af76f1582593785c8a Mon Sep 17 00:00:00 2001 From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com> Date: Fri, 13 Sep 2024 10:30:58 +0100 Subject: [PATCH] Deploy initContainer for Entity Framework migrations (#1367) * Multistage build for Docker InitContainer * Updated Container App module to v1.12.0 * Update Docker Build CI workflow to test initContainer * Build but do not deploy the initContainer * Correctly handle appsettings overrides * Move appsettings into ConcernsCaseWork dir --- .github/workflows/build-and-push-image.yml | 16 +++- .github/workflows/docker-build.yml | 25 ------ .github/workflows/docker-test.yml | 19 ++++- Dockerfile | 81 +++++++++---------- script/set-appsettings-release-tag.sh | 2 + script/web-docker-entrypoint.sh | 18 ----- terraform/.terraform.lock.hcl | 92 ++++++++++------------ terraform/README.md | 7 +- terraform/container-apps-hosting.tf | 5 +- terraform/key-vault-tfvars-secrets.tf | 2 +- terraform/locals.tf | 3 + terraform/variables.tf | 18 +++++ 12 files changed, 145 insertions(+), 143 deletions(-) delete mode 100644 .github/workflows/docker-build.yml diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml index 312e227ac..aff064a9d 100644 --- a/.github/workflows/build-and-push-image.yml +++ b/.github/workflows/build-and-push-image.yml @@ -77,10 +77,24 @@ jobs: deploy-image: name: Deploy '${{ needs.set-env.outputs.branch }}' to ${{ needs.set-env.outputs.environment }} needs: [ set-env ] - uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/build-push-deploy.yml@v2.2.0 + strategy: + matrix: + stage: [ + "final", + "initcontainer" + ] + include: + - stage: "final" + tag-prefix: "" + - stage: "initcontainer" + tag-prefix: "init-" + uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/build-push-deploy.yml@v2.5.0 with: docker-image-name: 'amsd-app' + docker-build-target: ${{ matrix.stage }} docker-build-file-name: './Dockerfile' + docker-tag-prefix: ${{ matrix.tag-prefix }} + import-without-deploy: ${{ matrix.stage == 'initcontainer' }} environment: ${{ needs.set-env.outputs.environment }} annotate-release: true docker-build-args: | diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml deleted file mode 100644 index 4b1bc9a94..000000000 --- a/.github/workflows/docker-build.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Run Docker build - -on: - pull_request: - paths: - - Dockerfile - types: [opened, synchronize] - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build docker image - uses: docker/build-push-action@v6 - with: - secrets: github_token=${{ secrets.GITHUB_TOKEN }} - cache-from: type=gha - cache-to: type=gha - push: false diff --git a/.github/workflows/docker-test.yml b/.github/workflows/docker-test.yml index bc9b2f96f..ad553efeb 100644 --- a/.github/workflows/docker-test.yml +++ b/.github/workflows/docker-test.yml @@ -1,12 +1,22 @@ -name: Scan Docker image +name: Run Docker tests on: push: branches: main + pull_request: + paths: + - Dockerfile + types: [opened, synchronize] jobs: scan: runs-on: ubuntu-latest + strategy: + matrix: + stage: [ + "final", + "initcontainer" + ] outputs: image: ${{ steps.build.outputs.imageid }} steps: @@ -16,7 +26,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Build docker image + - name: Build Docker image uses: docker/build-push-action@v6 id: build with: @@ -24,15 +34,16 @@ jobs: load: true cache-from: type=gha cache-to: type=gha + target: ${{ matrix.stage }} push: false - name: Export docker image as tar - run: docker save -o ${{ github.ref_name }}.tar ${{ steps.build.outputs.imageid }} + run: docker save -o ${{ matrix.stage }}.tar ${{ steps.build.outputs.imageid }} - name: Scan Docker image for CVEs uses: aquasecurity/trivy-action@0.20.0 with: - input: ${{ github.ref_name }}.tar + input: ${{ matrix.stage }}.tar format: 'sarif' output: 'trivy-results.sarif' limit-severities-for-sarif: true diff --git a/Dockerfile b/Dockerfile index 808246075..553d25c90 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,63 +1,64 @@ # Stage 1 +ARG ASPNET_SDK_TAG=8.0 ARG ASPNET_IMAGE_TAG=8.0-bookworm-slim ARG NODEJS_IMAGE_TAG=20.15-bullseye ARG COMMIT_SHA=not-set -FROM mcr.microsoft.com/dotnet/sdk:8.0 AS publish - +# ============================================== +# Base SDK +# ============================================== +FROM "mcr.microsoft.com/dotnet/sdk:${ASPNET_SDK_TAG}" AS builder ARG COMMIT_SHA - WORKDIR /build - -ENV DEBIAN_FRONTEND=noninteractive - COPY ConcernsCaseWork/. . - RUN dotnet restore ConcernsCaseWork RUN dotnet build ConcernsCaseWork "/p:customBuildMessage=Manifest commit SHA... ${COMMIT_SHA};" -c Release - -RUN dotnet new tool-manifest -RUN dotnet tool install dotnet-ef - -RUN mkdir -p /app/SQL -RUN dotnet ef migrations script --output /app/SQL/DbMigrationScript.sql --idempotent -p /build/ConcernsCaseWork.Data -RUN touch /app/SQL/DbMigrationScript.sql /app/SQL/DbMigrationScriptOutput.txt - RUN dotnet publish ConcernsCaseWork -c Release -o /app --no-build +WORKDIR /app +COPY ./script/set-appsettings-release-tag.sh set-appsettings-release-tag.sh +RUN chmod +x ./set-appsettings-release-tag.sh +RUN echo "Setting appsettings releasetag=${COMMIT_SHA}" +RUN ./set-appsettings-release-tag.sh "$COMMIT_SHA" +RUN rm ./set-appsettings-release-tag.sh -COPY ./script/web-docker-entrypoint.sh /app/docker-entrypoint.sh -COPY ./script/set-appsettings-release-tag.sh /app/set-appsettings-release-tag.sh - -# Stage 2 - Build assets -FROM node:${NODEJS_IMAGE_TAG} as build -COPY --from=publish /app /app +# ============================================== +# Entity Framework: Migration Builder +# ============================================== +FROM builder AS efbuilder +WORKDIR /build +ENV PATH=$PATH:/root/.dotnet/tools +RUN dotnet tool install --global dotnet-ef +RUN mkdir /sql +RUN dotnet ef migrations bundle -r linux-x64 --configuration Release -p ConcernsCaseWork.Data --no-build -o /sql/migratedb + +# ============================================== +# Entity Framework: Migration Runner +# ============================================== +FROM "mcr.microsoft.com/dotnet/aspnet:${ASPNET_IMAGE_TAG}" AS initcontainer +WORKDIR /sql +COPY --from=efbuilder /sql /sql +COPY --from=builder /app/appsettings* /ConcernsCaseWork/ + +# ============================================== +# Front End Builder +# ============================================== +FROM node:${NODEJS_IMAGE_TAG} AS frontend +COPY --from=builder /app/wwwroot /app/wwwroot WORKDIR /app/wwwroot RUN npm install RUN npm run build -# Stage 3 - Final +# ============================================== +# Application +# ============================================== FROM "mcr.microsoft.com/dotnet/aspnet:${ASPNET_IMAGE_TAG}" AS final LABEL org.opencontainers.image.source=https://github.com/DFE-Digital/record-concerns-support-trusts - ARG COMMIT_SHA - -RUN apt-get update -RUN apt-get install unixodbc curl gnupg jq -y -RUN curl -fsSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /usr/share/keyrings/microsoft-prod.gpg -RUN curl https://packages.microsoft.com/keys/microsoft.asc | tee /etc/apt/trusted.gpg.d/microsoft.asc -RUN curl https://packages.microsoft.com/config/debian/12/prod.list | tee /etc/apt/sources.list.d/mssql-release.list - -RUN apt-get update -RUN ACCEPT_EULA=Y apt-get install -y msodbcsql18 -RUN ACCEPT_EULA=Y apt-get install -y mssql-tools18 - -COPY --from=build /app /app +COPY --from=builder /app /app +COPY --from=frontend /app/wwwroot /app/wwwroot +COPY ./script/web-docker-entrypoint.sh /app/docker-entrypoint.sh WORKDIR /app +RUN chown -R app:app /app RUN chmod +x ./docker-entrypoint.sh -RUN chmod +x ./set-appsettings-release-tag.sh -RUN echo "Setting appsettings releasetag=${COMMIT_SHA}" -RUN ./set-appsettings-release-tag.sh "$COMMIT_SHA" - -RUN chown app:app ./SQL/ -R USER app EXPOSE 8080/tcp diff --git a/script/set-appsettings-release-tag.sh b/script/set-appsettings-release-tag.sh index 0c8b7c98a..61200645d 100755 --- a/script/set-appsettings-release-tag.sh +++ b/script/set-appsettings-release-tag.sh @@ -4,6 +4,8 @@ set -e set -o pipefail +apt-get update && apt-get install jq -y + RELEASE_TAG="$1" APP_SETTINGS_FILES=( diff --git a/script/web-docker-entrypoint.sh b/script/web-docker-entrypoint.sh index db02890f2..57792dacf 100755 --- a/script/web-docker-entrypoint.sh +++ b/script/web-docker-entrypoint.sh @@ -4,22 +4,4 @@ set -e set -o pipefail -ConnectionStrings__DefaultConnection=${ConnectionStrings__DefaultConnection:?} - -declare -A mysqlconn - -for keyvaluepair in $(echo "$ConnectionStrings__DefaultConnection" | sed "s/ //g; s/;/ /g") -do - IFS=" " read -r -a ARR <<< "${keyvaluepair//=/ }" - mysqlconn[${ARR[0]}]=${ARR[1]} -done - -echo "Running database migrations ..." -until /opt/mssql-tools18/bin/sqlcmd -S "${mysqlconn[Server]}" -U "${mysqlconn[UserId]}" -P "${mysqlconn[Password]}" -d "${mysqlconn[Database]}" -C -I -i /app/SQL/DbMigrationScript.sql -o /app/SQL/DbMigrationScriptOutput.txt -do - cat /app/SQL/DbMigrationScriptOutput.txt - echo "Retrying database migrations ..." - sleep 5 -done - exec "$@" diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index 3716c98de..e04d19322 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -2,22 +2,22 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/azure/azapi" { - version = "1.14.0" + version = "1.15.0" constraints = ">= 1.13.0" hashes = [ - "h1:8UJUnecUZ60NCW06NssnYrSB0URrFI+WL9tq5x739mY=", - "zh:083709be750b878dfb33747ba1d326d23619a0ed654f95bce9c808e424923c90", - "zh:261b5060297b732d97b4363ad753355bfee00e93d773fd329023a5619b964c39", - "zh:51adfdaeb1b2c3d9e7aeba97c9c73d469712223dd125b14d90377d445d1cd3df", - "zh:5bcbedc9eeefa5e6267042604af20f93cadceba41d8d90a91040f60f6c5e38a9", - "zh:6da127f306083e740767f53dd0cc8787166a8af4f44519873dd8775ca981ddef", - "zh:7604cf377b8ea31a5a44db5b8566f5eea4d73acdfaaeb8ba10fcac46cbf4a738", - "zh:77789ef8906acabbf7eb55378e1f9c407499bb765811f193d256897d2925d66d", - "zh:8a333c53279b3b0b65519191dbba8ef7dc390f5d96216e4e6f165cac8b3e5dc2", - "zh:8c0dfe57dc2c29f8953db3037144d2254ce28bfa55dae537707ae4bdb4460f64", - "zh:debdeabcbcb6b421c2cdf2093d520c67e75a11d28d357b0ba32dd748105a5460", - "zh:e252ee062513904836fcc5e6548243429819e68aa7cfaeac7da8d816c4c4d1e8", - "zh:f48d1fd67b463d2121516911b5d20f8a72217e43e7740bb74929a17dbd43bb59", + "h1:pO/phGY+TxMEKQ+ffYj+vUIvG5A1tno/sZYDb/yyA/w=", + "zh:0627a8bc77254debc25dc0c7b62e055138217c97b03221e593c3c56dc7550671", + "zh:2fe045f07070ef75d0bec4b0595a74c14394daa838ddb964e2fd23cc98c40c34", + "zh:343009f39c957883b2c06145a5954e524c70f93585f943f1ea3d28ef6995d0d0", + "zh:53fe9ab54485aaebc9b91e27a10bce2729a1c95b1399079e631dc6bb9e3f27dc", + "zh:63c407e7dc04d178d4798c17ad489d9cc92f7d1941d7f4a3f560b95908b6107b", + "zh:7d6fc2b432b264f036bb80ab2b2ba67f80a5d98da8a8c322aa097833dad598c9", + "zh:7ec49c0a8799d469eb6e2a1f856693f9862f1b73f5ed70adc1b346e5a4c6458d", + "zh:889704f10319d301d677539d788fc82a7c73608ab78cb93e1280ac2be39e6e00", + "zh:90b4b07405b7cde9ebae3b034cb5bb5dd18484d1b95bd250f905451f1e86ac3f", + "zh:92aa9c241a8cb2a6d81ad47bc007c119f8b818464a960ebaf39008766c361e6b", + "zh:f28fbd0a2c59e239b53067bc1adc691be444876bcb2d4f78d310f549724da6e0", + "zh:ffb15e0ddfa505d0e9b75341570199076ae574887124f398162b1ead9376b25f", ] } @@ -42,52 +42,42 @@ provider "registry.terraform.io/hashicorp/azuread" { } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.114.0" - constraints = ">= 3.52.0, >= 3.76.0" + version = "4.0.1" + constraints = ">= 3.52.0, >= 4.0.0, ~> 4.0.0, < 5.0.0" hashes = [ - "h1:6tcVHxcgO+WJ7H/0xRaXcKbSJO/7FyRKQr0YMnD83P4=", - "h1:9gfR0VCUpoynii31LxsLaK9fV1blcnJQi3vnjJLSiaI=", - "h1:SI0uGtL7HOhdvXhw1QddkESJLlt1WIEuPdcdwvCX2JE=", - "h1:WOrttwjWuml2Untt2o4oB847Z0xfHl/0aeQiabzZrFs=", - "h1:af8gzp2nuiJVXGW2v3Ch9+W/SjbwFCTpWaylAhbiby4=", - "h1:bO2vJYj6YkDY8wEs/jPuWNDNImnA4EstVyAO7HSUCH4=", - "h1:cYD8LYBfKNk8wAksTZjB3oACQeIp+kbobGtF58NSZR4=", - "h1:fIM8Lbg5w2m2HbETUx+aAYnTVtktETwOqnKZyVVajIo=", - "h1:l9proZFVzGqrVN7sFETY9bimYmJweDn6Oe2wk64grVI=", - "h1:leoUat4/Z1jgdSdf3d6DAPqsnAqT28bThWj5IquiXAw=", - "h1:sP1K3rtDj2pVQqBBn50rOXe+QPFBAKRbI2uExOxnh3M=", - "zh:016b6f4662d1cfcddbe968624e899c1a20c6df0ed5014cdeed19c3e945ea80ee", - "zh:08448eeaaa9e9e84a2887282f9524faa2bb000fbdfcdac610c088a74e36e6911", - "zh:17975bb18d0ad3e2530261773e4fbfae078bfc4db4e0a5458b823b3ec79642e1", - "zh:3030ad1b13fe487ce791c851c6b5f3035af08f60b335d7be5ce6ce76af43062f", - "zh:68b2914edae1049506aab9f2c11c5b2b2c8d01aa3e0ad53e07ce75ae58906a45", - "zh:cffa9af324a0c621317b6d33f80a28159d01706846877d5784d37dad76635d78", - "zh:d36d44617b890a8a6d404a016c10428c3393e072d484addfb56334183893998b", - "zh:d5c217d7a24b32b18cb9ad47544050c5ec9e6b40ce3f34ff37be5e2d232b4dad", - "zh:d5cd83a9701a9bcd17bbd86beb5accdc6c487fcfa472b868bc581e4d5b67d59d", - "zh:f4ba0bd65d9a10f8185e163217e10e5fa91e386c68e6773c188881b088315477", + "h1:cbblXI9nw+Hp6T2E0tjfYU570kLpiqBKV+dJHQGa3a4=", + "zh:0e78a9200eef138d08050aab99c4fb9ab99c7c5ccbdd410592db7acc5ed421fe", + "zh:443157ba089ef4002817c4f3b3610654588084c2d8c8cf00f1ddf708c7c73411", + "zh:563595dd72b894b2ef9825226c04689ea9967113568a06077960cd863b3afa36", + "zh:5bef3c6bc8306b607078a09c3ab1d2ee55435e0099eedca459aca6c259c29079", + "zh:5eb305ca10a14a5cf5308e7225779f9f4152d5a8dd842c901fa47fc93432b346", + "zh:6041a5272b293ae95b46a39ceced3f14bf267a379263c10d11301c50c2e740d0", + "zh:7b077b9358ef6878d0520febcf17ba651eda6636c66885c925ae27d20df6d575", + "zh:8a140a1f8eb35a5ab5b5d3d46759d45408ad14dc5ca3f7fc9af5dc5cf1bb2133", + "zh:9a9d707dbd3b111a28e914a277e1e1076221a41194f7eaa0389e0b4a9b4033e4", + "zh:e8c42fb6cde74ecae1fe0a5fd9bb4bd804a5441f8dfec9d3cb4966af2054ede4", + "zh:eb018fe31c8e6f3e495bd79c7b278aa7dc51b48453f6b83bdb0e7b13459b2aa0", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f807554e5e08e38e6526e363641219e89ad9eda0b24ec09f25e61c74eece2490", ] } provider "registry.terraform.io/hashicorp/null" { - version = "3.2.2" + version = "3.2.3" constraints = ">= 3.2.1" hashes = [ - "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=", - "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", - "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", - "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", - "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", - "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", - "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", - "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", + "h1:I0Um8UkrMUb81Fxq/dxbr3HLP2cecTH2WMJiwKSrwQY=", + "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", + "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", + "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", + "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", + "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", - "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", - "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", - "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", + "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", + "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", + "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", + "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", + "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", + "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", ] } diff --git a/terraform/README.md b/terraform/README.md index e9b0db434..61f30d04d 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -137,8 +137,8 @@ No providers. | Name | Source | Version | |------|--------|---------| -| [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.11.0 | -| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.4.2 | +| [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.12.0 | +| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.5.0 | | [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.4 | ## Resources @@ -184,6 +184,7 @@ No resources. | [enable\_container\_registry](#input\_enable\_container\_registry) | Set to true to create a container registry | `bool` | n/a | yes | | [enable\_dns\_zone](#input\_enable\_dns\_zone) | Conditionally create a DNS zone | `bool` | n/a | yes | | [enable\_event\_hub](#input\_enable\_event\_hub) | Send Azure Container App logs to an Event Hub sink | `bool` | `false` | no | +| [enable\_init\_container](#input\_enable\_init\_container) | Deploy an Init Container. Init containers run before the primary app container and are used to perform initialization tasks such as downloading data or preparing the environment | `bool` | `false` | no | | [enable\_logstash\_consumer](#input\_enable\_logstash\_consumer) | Create an Event Hub consumer group for Logstash | `bool` | `false` | no | | [enable\_monitoring](#input\_enable\_monitoring) | Create App Insights monitoring groups for the container app | `bool` | n/a | yes | | [enable\_mssql\_database](#input\_enable\_mssql\_database) | Set to true to create an Azure SQL server/database, with a private endpoint within the virtual network | `bool` | n/a | yes | @@ -194,6 +195,8 @@ No resources. | [existing\_network\_watcher\_name](#input\_existing\_network\_watcher\_name) | Use an existing network watcher to add flow logs. | `string` | n/a | yes | | [existing\_network\_watcher\_resource\_group\_name](#input\_existing\_network\_watcher\_resource\_group\_name) | Existing network watcher resource group. | `string` | n/a | yes | | [image\_name](#input\_image\_name) | Image name | `string` | n/a | yes | +| [init\_container\_command](#input\_init\_container\_command) | Container command for the Init Container | `list(any)` | `[]` | no | +| [init\_container\_image](#input\_init\_container\_image) | Image name for the Init Container. Leave blank to use the same Container image from the primary app | `string` | `""` | no | | [key\_vault\_access\_ipv4](#input\_key\_vault\_access\_ipv4) | List of IPv4 Addresses that are permitted to access the Key Vault | `list(string)` | n/a | yes | | [monitor\_email\_receivers](#input\_monitor\_email\_receivers) | A list of email addresses that will receive alerts from App Insights | `list(string)` | n/a | yes | | [monitor\_endpoint\_healthcheck](#input\_monitor\_endpoint\_healthcheck) | Specify a route that should be monitored for a 200 OK status | `string` | n/a | yes | diff --git a/terraform/container-apps-hosting.tf b/terraform/container-apps-hosting.tf index 00c8cad2b..32c52f66d 100644 --- a/terraform/container-apps-hosting.tf +++ b/terraform/container-apps-hosting.tf @@ -1,5 +1,5 @@ module "azure_container_apps_hosting" { - source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.11.0" + source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.12.0" environment = local.environment project_name = local.project_name @@ -35,6 +35,9 @@ module "azure_container_apps_hosting" { container_max_replicas = local.container_max_replicas container_port = local.container_port container_scale_http_concurrency = local.container_scale_http_concurrency + enable_init_container = local.enable_init_container + init_container_image = local.init_container_image + init_container_command = local.init_container_command enable_redis_cache = local.enable_redis_cache redis_cache_sku = local.redis_cache_sku diff --git a/terraform/key-vault-tfvars-secrets.tf b/terraform/key-vault-tfvars-secrets.tf index 539ef998a..34085a064 100644 --- a/terraform/key-vault-tfvars-secrets.tf +++ b/terraform/key-vault-tfvars-secrets.tf @@ -1,5 +1,5 @@ module "azurerm_key_vault" { - source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.4.2" + source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.5.0" environment = local.environment project_name = local.project_name diff --git a/terraform/locals.tf b/terraform/locals.tf index d17d54067..4ba2347e7 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -19,6 +19,9 @@ locals { container_min_replicas = var.container_min_replicas container_max_replicas = var.container_max_replicas container_scale_http_concurrency = var.container_scale_http_concurrency + enable_init_container = var.enable_init_container + init_container_image = var.init_container_image + init_container_command = var.init_container_command enable_redis_cache = var.enable_redis_cache enable_mssql_database = var.enable_mssql_database mssql_sku_name = var.mssql_sku_name diff --git a/terraform/variables.tf b/terraform/variables.tf index 4f8f606ce..49fe14e21 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -426,3 +426,21 @@ variable "enable_cdn_frontdoor_health_probe" { type = bool default = false } + +variable "enable_init_container" { + description = "Deploy an Init Container. Init containers run before the primary app container and are used to perform initialization tasks such as downloading data or preparing the environment" + type = bool + default = false +} + +variable "init_container_image" { + description = "Image name for the Init Container. Leave blank to use the same Container image from the primary app" + type = string + default = "" +} + +variable "init_container_command" { + description = "Container command for the Init Container" + type = list(any) + default = [] +}