From e6f96ba16a5c89a40dfe35af76f1582593785c8a Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Fri, 13 Sep 2024 10:30:58 +0100
Subject: [PATCH] Deploy initContainer for Entity Framework migrations (#1367)
* Multistage build for Docker InitContainer
* Updated Container App module to v1.12.0
* Update Docker Build CI workflow to test initContainer
* Build but do not deploy the initContainer
* Correctly handle appsettings overrides
* Move appsettings into ConcernsCaseWork dir
---
.github/workflows/build-and-push-image.yml | 16 +++-
.github/workflows/docker-build.yml | 25 ------
.github/workflows/docker-test.yml | 19 ++++-
Dockerfile | 81 +++++++++----------
script/set-appsettings-release-tag.sh | 2 +
script/web-docker-entrypoint.sh | 18 -----
terraform/.terraform.lock.hcl | 92 ++++++++++------------
terraform/README.md | 7 +-
terraform/container-apps-hosting.tf | 5 +-
terraform/key-vault-tfvars-secrets.tf | 2 +-
terraform/locals.tf | 3 +
terraform/variables.tf | 18 +++++
12 files changed, 145 insertions(+), 143 deletions(-)
delete mode 100644 .github/workflows/docker-build.yml
diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml
index 312e227ac..aff064a9d 100644
--- a/.github/workflows/build-and-push-image.yml
+++ b/.github/workflows/build-and-push-image.yml
@@ -77,10 +77,24 @@ jobs:
deploy-image:
name: Deploy '${{ needs.set-env.outputs.branch }}' to ${{ needs.set-env.outputs.environment }}
needs: [ set-env ]
- uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/build-push-deploy.yml@v2.2.0
+ strategy:
+ matrix:
+ stage: [
+ "final",
+ "initcontainer"
+ ]
+ include:
+ - stage: "final"
+ tag-prefix: ""
+ - stage: "initcontainer"
+ tag-prefix: "init-"
+ uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/build-push-deploy.yml@v2.5.0
with:
docker-image-name: 'amsd-app'
+ docker-build-target: ${{ matrix.stage }}
docker-build-file-name: './Dockerfile'
+ docker-tag-prefix: ${{ matrix.tag-prefix }}
+ import-without-deploy: ${{ matrix.stage == 'initcontainer' }}
environment: ${{ needs.set-env.outputs.environment }}
annotate-release: true
docker-build-args: |
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
deleted file mode 100644
index 4b1bc9a94..000000000
--- a/.github/workflows/docker-build.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-name: Run Docker build
-
-on:
- pull_request:
- paths:
- - Dockerfile
- types: [opened, synchronize]
-
-jobs:
- build:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout code
- uses: actions/checkout@v4
-
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
-
- - name: Build docker image
- uses: docker/build-push-action@v6
- with:
- secrets: github_token=${{ secrets.GITHUB_TOKEN }}
- cache-from: type=gha
- cache-to: type=gha
- push: false
diff --git a/.github/workflows/docker-test.yml b/.github/workflows/docker-test.yml
index bc9b2f96f..ad553efeb 100644
--- a/.github/workflows/docker-test.yml
+++ b/.github/workflows/docker-test.yml
@@ -1,12 +1,22 @@
-name: Scan Docker image
+name: Run Docker tests
on:
push:
branches: main
+ pull_request:
+ paths:
+ - Dockerfile
+ types: [opened, synchronize]
jobs:
scan:
runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ stage: [
+ "final",
+ "initcontainer"
+ ]
outputs:
image: ${{ steps.build.outputs.imageid }}
steps:
@@ -16,7 +26,7 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- - name: Build docker image
+ - name: Build Docker image
uses: docker/build-push-action@v6
id: build
with:
@@ -24,15 +34,16 @@ jobs:
load: true
cache-from: type=gha
cache-to: type=gha
+ target: ${{ matrix.stage }}
push: false
- name: Export docker image as tar
- run: docker save -o ${{ github.ref_name }}.tar ${{ steps.build.outputs.imageid }}
+ run: docker save -o ${{ matrix.stage }}.tar ${{ steps.build.outputs.imageid }}
- name: Scan Docker image for CVEs
uses: aquasecurity/trivy-action@0.20.0
with:
- input: ${{ github.ref_name }}.tar
+ input: ${{ matrix.stage }}.tar
format: 'sarif'
output: 'trivy-results.sarif'
limit-severities-for-sarif: true
diff --git a/Dockerfile b/Dockerfile
index 808246075..553d25c90 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,63 +1,64 @@
# Stage 1
+ARG ASPNET_SDK_TAG=8.0
ARG ASPNET_IMAGE_TAG=8.0-bookworm-slim
ARG NODEJS_IMAGE_TAG=20.15-bullseye
ARG COMMIT_SHA=not-set
-FROM mcr.microsoft.com/dotnet/sdk:8.0 AS publish
-
+# ==============================================
+# Base SDK
+# ==============================================
+FROM "mcr.microsoft.com/dotnet/sdk:${ASPNET_SDK_TAG}" AS builder
ARG COMMIT_SHA
-
WORKDIR /build
-
-ENV DEBIAN_FRONTEND=noninteractive
-
COPY ConcernsCaseWork/. .
-
RUN dotnet restore ConcernsCaseWork
RUN dotnet build ConcernsCaseWork "/p:customBuildMessage=Manifest commit SHA... ${COMMIT_SHA};" -c Release
-
-RUN dotnet new tool-manifest
-RUN dotnet tool install dotnet-ef
-
-RUN mkdir -p /app/SQL
-RUN dotnet ef migrations script --output /app/SQL/DbMigrationScript.sql --idempotent -p /build/ConcernsCaseWork.Data
-RUN touch /app/SQL/DbMigrationScript.sql /app/SQL/DbMigrationScriptOutput.txt
-
RUN dotnet publish ConcernsCaseWork -c Release -o /app --no-build
+WORKDIR /app
+COPY ./script/set-appsettings-release-tag.sh set-appsettings-release-tag.sh
+RUN chmod +x ./set-appsettings-release-tag.sh
+RUN echo "Setting appsettings releasetag=${COMMIT_SHA}"
+RUN ./set-appsettings-release-tag.sh "$COMMIT_SHA"
+RUN rm ./set-appsettings-release-tag.sh
-COPY ./script/web-docker-entrypoint.sh /app/docker-entrypoint.sh
-COPY ./script/set-appsettings-release-tag.sh /app/set-appsettings-release-tag.sh
-
-# Stage 2 - Build assets
-FROM node:${NODEJS_IMAGE_TAG} as build
-COPY --from=publish /app /app
+# ==============================================
+# Entity Framework: Migration Builder
+# ==============================================
+FROM builder AS efbuilder
+WORKDIR /build
+ENV PATH=$PATH:/root/.dotnet/tools
+RUN dotnet tool install --global dotnet-ef
+RUN mkdir /sql
+RUN dotnet ef migrations bundle -r linux-x64 --configuration Release -p ConcernsCaseWork.Data --no-build -o /sql/migratedb
+
+# ==============================================
+# Entity Framework: Migration Runner
+# ==============================================
+FROM "mcr.microsoft.com/dotnet/aspnet:${ASPNET_IMAGE_TAG}" AS initcontainer
+WORKDIR /sql
+COPY --from=efbuilder /sql /sql
+COPY --from=builder /app/appsettings* /ConcernsCaseWork/
+
+# ==============================================
+# Front End Builder
+# ==============================================
+FROM node:${NODEJS_IMAGE_TAG} AS frontend
+COPY --from=builder /app/wwwroot /app/wwwroot
WORKDIR /app/wwwroot
RUN npm install
RUN npm run build
-# Stage 3 - Final
+# ==============================================
+# Application
+# ==============================================
FROM "mcr.microsoft.com/dotnet/aspnet:${ASPNET_IMAGE_TAG}" AS final
LABEL org.opencontainers.image.source=https://github.com/DFE-Digital/record-concerns-support-trusts
-
ARG COMMIT_SHA
-
-RUN apt-get update
-RUN apt-get install unixodbc curl gnupg jq -y
-RUN curl -fsSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /usr/share/keyrings/microsoft-prod.gpg
-RUN curl https://packages.microsoft.com/keys/microsoft.asc | tee /etc/apt/trusted.gpg.d/microsoft.asc
-RUN curl https://packages.microsoft.com/config/debian/12/prod.list | tee /etc/apt/sources.list.d/mssql-release.list
-
-RUN apt-get update
-RUN ACCEPT_EULA=Y apt-get install -y msodbcsql18
-RUN ACCEPT_EULA=Y apt-get install -y mssql-tools18
-
-COPY --from=build /app /app
+COPY --from=builder /app /app
+COPY --from=frontend /app/wwwroot /app/wwwroot
+COPY ./script/web-docker-entrypoint.sh /app/docker-entrypoint.sh
WORKDIR /app
+RUN chown -R app:app /app
RUN chmod +x ./docker-entrypoint.sh
-RUN chmod +x ./set-appsettings-release-tag.sh
-RUN echo "Setting appsettings releasetag=${COMMIT_SHA}"
-RUN ./set-appsettings-release-tag.sh "$COMMIT_SHA"
-
-RUN chown app:app ./SQL/ -R
USER app
EXPOSE 8080/tcp
diff --git a/script/set-appsettings-release-tag.sh b/script/set-appsettings-release-tag.sh
index 0c8b7c98a..61200645d 100755
--- a/script/set-appsettings-release-tag.sh
+++ b/script/set-appsettings-release-tag.sh
@@ -4,6 +4,8 @@
set -e
set -o pipefail
+apt-get update && apt-get install jq -y
+
RELEASE_TAG="$1"
APP_SETTINGS_FILES=(
diff --git a/script/web-docker-entrypoint.sh b/script/web-docker-entrypoint.sh
index db02890f2..57792dacf 100755
--- a/script/web-docker-entrypoint.sh
+++ b/script/web-docker-entrypoint.sh
@@ -4,22 +4,4 @@
set -e
set -o pipefail
-ConnectionStrings__DefaultConnection=${ConnectionStrings__DefaultConnection:?}
-
-declare -A mysqlconn
-
-for keyvaluepair in $(echo "$ConnectionStrings__DefaultConnection" | sed "s/ //g; s/;/ /g")
-do
- IFS=" " read -r -a ARR <<< "${keyvaluepair//=/ }"
- mysqlconn[${ARR[0]}]=${ARR[1]}
-done
-
-echo "Running database migrations ..."
-until /opt/mssql-tools18/bin/sqlcmd -S "${mysqlconn[Server]}" -U "${mysqlconn[UserId]}" -P "${mysqlconn[Password]}" -d "${mysqlconn[Database]}" -C -I -i /app/SQL/DbMigrationScript.sql -o /app/SQL/DbMigrationScriptOutput.txt
-do
- cat /app/SQL/DbMigrationScriptOutput.txt
- echo "Retrying database migrations ..."
- sleep 5
-done
-
exec "$@"
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index 3716c98de..e04d19322 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -2,22 +2,22 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/azure/azapi" {
- version = "1.14.0"
+ version = "1.15.0"
constraints = ">= 1.13.0"
hashes = [
- "h1:8UJUnecUZ60NCW06NssnYrSB0URrFI+WL9tq5x739mY=",
- "zh:083709be750b878dfb33747ba1d326d23619a0ed654f95bce9c808e424923c90",
- "zh:261b5060297b732d97b4363ad753355bfee00e93d773fd329023a5619b964c39",
- "zh:51adfdaeb1b2c3d9e7aeba97c9c73d469712223dd125b14d90377d445d1cd3df",
- "zh:5bcbedc9eeefa5e6267042604af20f93cadceba41d8d90a91040f60f6c5e38a9",
- "zh:6da127f306083e740767f53dd0cc8787166a8af4f44519873dd8775ca981ddef",
- "zh:7604cf377b8ea31a5a44db5b8566f5eea4d73acdfaaeb8ba10fcac46cbf4a738",
- "zh:77789ef8906acabbf7eb55378e1f9c407499bb765811f193d256897d2925d66d",
- "zh:8a333c53279b3b0b65519191dbba8ef7dc390f5d96216e4e6f165cac8b3e5dc2",
- "zh:8c0dfe57dc2c29f8953db3037144d2254ce28bfa55dae537707ae4bdb4460f64",
- "zh:debdeabcbcb6b421c2cdf2093d520c67e75a11d28d357b0ba32dd748105a5460",
- "zh:e252ee062513904836fcc5e6548243429819e68aa7cfaeac7da8d816c4c4d1e8",
- "zh:f48d1fd67b463d2121516911b5d20f8a72217e43e7740bb74929a17dbd43bb59",
+ "h1:pO/phGY+TxMEKQ+ffYj+vUIvG5A1tno/sZYDb/yyA/w=",
+ "zh:0627a8bc77254debc25dc0c7b62e055138217c97b03221e593c3c56dc7550671",
+ "zh:2fe045f07070ef75d0bec4b0595a74c14394daa838ddb964e2fd23cc98c40c34",
+ "zh:343009f39c957883b2c06145a5954e524c70f93585f943f1ea3d28ef6995d0d0",
+ "zh:53fe9ab54485aaebc9b91e27a10bce2729a1c95b1399079e631dc6bb9e3f27dc",
+ "zh:63c407e7dc04d178d4798c17ad489d9cc92f7d1941d7f4a3f560b95908b6107b",
+ "zh:7d6fc2b432b264f036bb80ab2b2ba67f80a5d98da8a8c322aa097833dad598c9",
+ "zh:7ec49c0a8799d469eb6e2a1f856693f9862f1b73f5ed70adc1b346e5a4c6458d",
+ "zh:889704f10319d301d677539d788fc82a7c73608ab78cb93e1280ac2be39e6e00",
+ "zh:90b4b07405b7cde9ebae3b034cb5bb5dd18484d1b95bd250f905451f1e86ac3f",
+ "zh:92aa9c241a8cb2a6d81ad47bc007c119f8b818464a960ebaf39008766c361e6b",
+ "zh:f28fbd0a2c59e239b53067bc1adc691be444876bcb2d4f78d310f549724da6e0",
+ "zh:ffb15e0ddfa505d0e9b75341570199076ae574887124f398162b1ead9376b25f",
]
}
@@ -42,52 +42,42 @@ provider "registry.terraform.io/hashicorp/azuread" {
}
provider "registry.terraform.io/hashicorp/azurerm" {
- version = "3.114.0"
- constraints = ">= 3.52.0, >= 3.76.0"
+ version = "4.0.1"
+ constraints = ">= 3.52.0, >= 4.0.0, ~> 4.0.0, < 5.0.0"
hashes = [
- "h1:6tcVHxcgO+WJ7H/0xRaXcKbSJO/7FyRKQr0YMnD83P4=",
- "h1:9gfR0VCUpoynii31LxsLaK9fV1blcnJQi3vnjJLSiaI=",
- "h1:SI0uGtL7HOhdvXhw1QddkESJLlt1WIEuPdcdwvCX2JE=",
- "h1:WOrttwjWuml2Untt2o4oB847Z0xfHl/0aeQiabzZrFs=",
- "h1:af8gzp2nuiJVXGW2v3Ch9+W/SjbwFCTpWaylAhbiby4=",
- "h1:bO2vJYj6YkDY8wEs/jPuWNDNImnA4EstVyAO7HSUCH4=",
- "h1:cYD8LYBfKNk8wAksTZjB3oACQeIp+kbobGtF58NSZR4=",
- "h1:fIM8Lbg5w2m2HbETUx+aAYnTVtktETwOqnKZyVVajIo=",
- "h1:l9proZFVzGqrVN7sFETY9bimYmJweDn6Oe2wk64grVI=",
- "h1:leoUat4/Z1jgdSdf3d6DAPqsnAqT28bThWj5IquiXAw=",
- "h1:sP1K3rtDj2pVQqBBn50rOXe+QPFBAKRbI2uExOxnh3M=",
- "zh:016b6f4662d1cfcddbe968624e899c1a20c6df0ed5014cdeed19c3e945ea80ee",
- "zh:08448eeaaa9e9e84a2887282f9524faa2bb000fbdfcdac610c088a74e36e6911",
- "zh:17975bb18d0ad3e2530261773e4fbfae078bfc4db4e0a5458b823b3ec79642e1",
- "zh:3030ad1b13fe487ce791c851c6b5f3035af08f60b335d7be5ce6ce76af43062f",
- "zh:68b2914edae1049506aab9f2c11c5b2b2c8d01aa3e0ad53e07ce75ae58906a45",
- "zh:cffa9af324a0c621317b6d33f80a28159d01706846877d5784d37dad76635d78",
- "zh:d36d44617b890a8a6d404a016c10428c3393e072d484addfb56334183893998b",
- "zh:d5c217d7a24b32b18cb9ad47544050c5ec9e6b40ce3f34ff37be5e2d232b4dad",
- "zh:d5cd83a9701a9bcd17bbd86beb5accdc6c487fcfa472b868bc581e4d5b67d59d",
- "zh:f4ba0bd65d9a10f8185e163217e10e5fa91e386c68e6773c188881b088315477",
+ "h1:cbblXI9nw+Hp6T2E0tjfYU570kLpiqBKV+dJHQGa3a4=",
+ "zh:0e78a9200eef138d08050aab99c4fb9ab99c7c5ccbdd410592db7acc5ed421fe",
+ "zh:443157ba089ef4002817c4f3b3610654588084c2d8c8cf00f1ddf708c7c73411",
+ "zh:563595dd72b894b2ef9825226c04689ea9967113568a06077960cd863b3afa36",
+ "zh:5bef3c6bc8306b607078a09c3ab1d2ee55435e0099eedca459aca6c259c29079",
+ "zh:5eb305ca10a14a5cf5308e7225779f9f4152d5a8dd842c901fa47fc93432b346",
+ "zh:6041a5272b293ae95b46a39ceced3f14bf267a379263c10d11301c50c2e740d0",
+ "zh:7b077b9358ef6878d0520febcf17ba651eda6636c66885c925ae27d20df6d575",
+ "zh:8a140a1f8eb35a5ab5b5d3d46759d45408ad14dc5ca3f7fc9af5dc5cf1bb2133",
+ "zh:9a9d707dbd3b111a28e914a277e1e1076221a41194f7eaa0389e0b4a9b4033e4",
+ "zh:e8c42fb6cde74ecae1fe0a5fd9bb4bd804a5441f8dfec9d3cb4966af2054ede4",
+ "zh:eb018fe31c8e6f3e495bd79c7b278aa7dc51b48453f6b83bdb0e7b13459b2aa0",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- "zh:f807554e5e08e38e6526e363641219e89ad9eda0b24ec09f25e61c74eece2490",
]
}
provider "registry.terraform.io/hashicorp/null" {
- version = "3.2.2"
+ version = "3.2.3"
constraints = ">= 3.2.1"
hashes = [
- "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=",
- "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7",
- "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a",
- "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3",
- "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606",
- "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546",
- "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539",
- "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452",
+ "h1:I0Um8UkrMUb81Fxq/dxbr3HLP2cecTH2WMJiwKSrwQY=",
+ "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2",
+ "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d",
+ "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3",
+ "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f",
+ "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422",
- "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae",
- "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1",
- "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e",
+ "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301",
+ "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670",
+ "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed",
+ "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65",
+ "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd",
+ "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5",
]
}
diff --git a/terraform/README.md b/terraform/README.md
index e9b0db434..61f30d04d 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -137,8 +137,8 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.11.0 |
-| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.4.2 |
+| [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.12.0 |
+| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.5.0 |
| [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.4 |
## Resources
@@ -184,6 +184,7 @@ No resources.
| [enable\_container\_registry](#input\_enable\_container\_registry) | Set to true to create a container registry | `bool` | n/a | yes |
| [enable\_dns\_zone](#input\_enable\_dns\_zone) | Conditionally create a DNS zone | `bool` | n/a | yes |
| [enable\_event\_hub](#input\_enable\_event\_hub) | Send Azure Container App logs to an Event Hub sink | `bool` | `false` | no |
+| [enable\_init\_container](#input\_enable\_init\_container) | Deploy an Init Container. Init containers run before the primary app container and are used to perform initialization tasks such as downloading data or preparing the environment | `bool` | `false` | no |
| [enable\_logstash\_consumer](#input\_enable\_logstash\_consumer) | Create an Event Hub consumer group for Logstash | `bool` | `false` | no |
| [enable\_monitoring](#input\_enable\_monitoring) | Create App Insights monitoring groups for the container app | `bool` | n/a | yes |
| [enable\_mssql\_database](#input\_enable\_mssql\_database) | Set to true to create an Azure SQL server/database, with a private endpoint within the virtual network | `bool` | n/a | yes |
@@ -194,6 +195,8 @@ No resources.
| [existing\_network\_watcher\_name](#input\_existing\_network\_watcher\_name) | Use an existing network watcher to add flow logs. | `string` | n/a | yes |
| [existing\_network\_watcher\_resource\_group\_name](#input\_existing\_network\_watcher\_resource\_group\_name) | Existing network watcher resource group. | `string` | n/a | yes |
| [image\_name](#input\_image\_name) | Image name | `string` | n/a | yes |
+| [init\_container\_command](#input\_init\_container\_command) | Container command for the Init Container | `list(any)` | `[]` | no |
+| [init\_container\_image](#input\_init\_container\_image) | Image name for the Init Container. Leave blank to use the same Container image from the primary app | `string` | `""` | no |
| [key\_vault\_access\_ipv4](#input\_key\_vault\_access\_ipv4) | List of IPv4 Addresses that are permitted to access the Key Vault | `list(string)` | n/a | yes |
| [monitor\_email\_receivers](#input\_monitor\_email\_receivers) | A list of email addresses that will receive alerts from App Insights | `list(string)` | n/a | yes |
| [monitor\_endpoint\_healthcheck](#input\_monitor\_endpoint\_healthcheck) | Specify a route that should be monitored for a 200 OK status | `string` | n/a | yes |
diff --git a/terraform/container-apps-hosting.tf b/terraform/container-apps-hosting.tf
index 00c8cad2b..32c52f66d 100644
--- a/terraform/container-apps-hosting.tf
+++ b/terraform/container-apps-hosting.tf
@@ -1,5 +1,5 @@
module "azure_container_apps_hosting" {
- source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.11.0"
+ source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.12.0"
environment = local.environment
project_name = local.project_name
@@ -35,6 +35,9 @@ module "azure_container_apps_hosting" {
container_max_replicas = local.container_max_replicas
container_port = local.container_port
container_scale_http_concurrency = local.container_scale_http_concurrency
+ enable_init_container = local.enable_init_container
+ init_container_image = local.init_container_image
+ init_container_command = local.init_container_command
enable_redis_cache = local.enable_redis_cache
redis_cache_sku = local.redis_cache_sku
diff --git a/terraform/key-vault-tfvars-secrets.tf b/terraform/key-vault-tfvars-secrets.tf
index 539ef998a..34085a064 100644
--- a/terraform/key-vault-tfvars-secrets.tf
+++ b/terraform/key-vault-tfvars-secrets.tf
@@ -1,5 +1,5 @@
module "azurerm_key_vault" {
- source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.4.2"
+ source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.5.0"
environment = local.environment
project_name = local.project_name
diff --git a/terraform/locals.tf b/terraform/locals.tf
index d17d54067..4ba2347e7 100644
--- a/terraform/locals.tf
+++ b/terraform/locals.tf
@@ -19,6 +19,9 @@ locals {
container_min_replicas = var.container_min_replicas
container_max_replicas = var.container_max_replicas
container_scale_http_concurrency = var.container_scale_http_concurrency
+ enable_init_container = var.enable_init_container
+ init_container_image = var.init_container_image
+ init_container_command = var.init_container_command
enable_redis_cache = var.enable_redis_cache
enable_mssql_database = var.enable_mssql_database
mssql_sku_name = var.mssql_sku_name
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 4f8f606ce..49fe14e21 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -426,3 +426,21 @@ variable "enable_cdn_frontdoor_health_probe" {
type = bool
default = false
}
+
+variable "enable_init_container" {
+ description = "Deploy an Init Container. Init containers run before the primary app container and are used to perform initialization tasks such as downloading data or preparing the environment"
+ type = bool
+ default = false
+}
+
+variable "init_container_image" {
+ description = "Image name for the Init Container. Leave blank to use the same Container image from the primary app"
+ type = string
+ default = ""
+}
+
+variable "init_container_command" {
+ description = "Container command for the Init Container"
+ type = list(any)
+ default = []
+}