updated workflow

DFE-Digital · Jun 17, 2024 · 0b54167 · 0b54167
1 parent f15d4cc
commit 0b54167
Show file tree

Hide file tree

Showing 6 changed files with 66 additions and 109 deletions.
diff --git a/.github/workflows/terraform-pr-check.yml b/.github/workflows/terraform-pr-check.yml
@@ -35,17 +35,21 @@ env:
   TF_VAR_az_app_kestrel_endpoint: ${{ vars.KESTRELENDPOINT }}
   TF_VAR_az_tag_environment: ${{ vars.AZ_TAG_ENVIRONMENT }}
   TF_VAR_az_tag_product: ${{ vars.AZ_TAG_PRODUCT }}
-  TF_VAR_registry_server: "ghcr.io"
+  TF_VAR_az_sql_admin_userid_postfix: ${{secrets.AZ_SQL_ADMIN_USERID_POSTFIX}}
+  TF_VAR_az_sql_azuread_admin_username: ${{ secrets.AZ_SERVICE_PRINCIPAL }}
+  TF_VAR_az_sql_admin_password: ${{secrets.AZ_SQL_ADMIN_PASSWORD}}
+  TF_VAR_az_sql_azuread_admin_objectid: ${{ secrets.AZ_CLIENT_ID }}
+  TF_VAR_registry_server: "ghcr.io/dfe-digital"
+  TF_VAR_image_tag: "latest"
   TF_VAR_registry_username: ${{ github.repository_owner }}
-  TF_VAR_registry_custom_image_url: "ghcr.io/dfe-digital/sts-content-and-support:latest"
   TF_VAR_registry_password: ${{ secrets.GITHUB_TOKEN }}
 
   TF_WORKING_DIRECTORY: terraform/container-app
 
 jobs:
   validate-terraform:
     name: Validate Terraform
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     defaults:
       run:
         working-directory: ${{env.TF_WORKING_DIRECTORY}}
@@ -140,7 +144,7 @@ jobs:
 
   terraform-lint:
     name: Terraform Lint
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     defaults:
       run:
         working-directory: ${{ env.TF_WORKING_DIRECTORY }}
@@ -158,7 +162,7 @@ jobs:
 
   tfsec-pr-commenter:
     name: tfsec Check
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Clone repo
         uses: actions/checkout@v4

diff --git a/terraform/container-app/.terraform.lock.hcl b/terraform/container-app/.terraform.lock.hcl
diff --git a/terraform/container-app/locals.tf b/terraform/container-app/locals.tf
@@ -2,16 +2,16 @@ locals {
   ###########
   # General #
   ###########
-  current_user_id     = coalesce(var.msi_id, data.azurerm_client_config.current.object_id)
-  project_name        = var.project_name
-  environment         = var.environment
-  azure_location      = var.azure_location
-  resource_prefix     = "${local.environment}${local.project_name}"
-  resource_group_name = module.main_hosting.azurerm_resource_group_default.name
-  registry_server     = var.registry_server
-  registry_username   = var.registry_username
-  registry_password   = var.registry_password
-
+  current_user_id           = coalesce(var.msi_id, data.azurerm_client_config.current.object_id)
+  project_name              = var.project_name
+  environment               = var.environment
+  azure_location            = var.azure_location
+  resource_prefix           = "${local.environment}${local.project_name}"
+  resource_group_name       = module.main_hosting.azurerm_resource_group_default.name
+  registry_server           = var.registry_server
+  registry_username         = var.registry_username
+  registry_password         = var.registry_password
+  registry_custom_image_url = var.registry_custom_image_url
 
   tags = {
     "Environment"      = var.az_tag_environment,
@@ -23,8 +23,12 @@ locals {
   # Container App #
   #################
   container_app_image_name = "content-support-app"
-  kestrel_endpoint         = var.az_app_kestrel_endpoint
-  container_port           = var.az_container_port
+  kestrel_endpoint               = var.az_app_kestrel_endpoint
+  container_port                 = var.az_container_port
+  image_tag                      = var.image_tag
+  container_app_min_replicas     = var.container_app_min_replicas
+  container_app_max_replicas     = var.container_app_max_replicas
+  container_app_http_concurrency = var.container_app_http_concurrency
 
   ####################
   # Managed Identity #

diff --git a/terraform/container-app/main-hosting.tf b/terraform/container-app/main-hosting.tf
@@ -1,5 +1,5 @@
 module "main_hosting" {
-  source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.6.2"
+  source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.6.4"
 
   ###########
   # General #
@@ -12,9 +12,9 @@ module "main_hosting" {
   #################
   # Container App #
   #################
-  enable_container_registry           = true
-  image_name                          = local.container_app_image_name
-  container_port                      = local.container_port
+  enable_container_registry = true
+  image_name                = local.container_app_image_name
+  container_port            = local.container_port
   container_secret_environment_variables = {
     "AZURE_CLIENT_ID" = azurerm_user_assigned_identity.user_assigned_identity.client_id,
     "KeyVaultName"    = local.kv_name
@@ -30,6 +30,10 @@ module "main_hosting" {
     identity_ids = [azurerm_user_assigned_identity.user_assigned_identity.id]
   }
 
+  container_max_replicas           = local.container_app_max_replicas
+  container_min_replicas           = local.container_app_min_replicas
+  container_scale_http_concurrency = local.container_app_http_concurrency
+
 
   ##############
   # Networking #
@@ -39,8 +43,8 @@ module "main_hosting" {
   #############################
   # Github Container Registry #
   #############################
-  registry_server           = local.registry_server
-  registry_username         = local.registry_username
-  registry_password         = local.registry_password
-
+  registry_server   = local.registry_server
+  registry_username = local.registry_username
+  registry_password = local.registry_password
+  image_tag         = local.image_tag
 }
diff --git a/terraform/container-app/scripts/state-update-terraform.sh b/terraform/container-app/scripts/state-update-terraform.sh
@@ -11,14 +11,14 @@ RESOURCE_GROUP="$3"
 STATE_CONTAINER="$4"
 STATE_FILE="$5"
 STATE_ACCOUNT="$6"
-RESOURCE_GROUP_PREFIX="${RESOURCE_GROUP%%-conentsupport}"
+RESOURCE_GROUP_PREFIX="${RESOURCE_GROUP%%-cs}"
 
 
 terraform import -var-file="$VAR_FILE" module.main_hosting.azurerm_container_app_environment.container_app_env "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.App/managedEnvironments/${RESOURCE_GROUP}containerapp"
 
 terraform state rm module.main_hosting.azapi_resource.container_app_env
 
-terraform import -var-file="$VAR_FILE" 'module.main_hosting.azurerm_container_app.container_apps["main"]' "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.App/containerApps/${RESOURCE_GROUP}-plan-tech-app"
+terraform import -var-file="$VAR_FILE" 'module.main_hosting.azurerm_container_app.container_apps["main"]' "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.App/containerApps/${RESOURCE_GROUP}-cs-app"
 
 terraform state rm module.main_hosting.azapi_resource.default
 

diff --git a/terraform/container-app/variables.tf b/terraform/container-app/variables.tf
@@ -101,6 +101,28 @@ variable "az_container_port" {
   default     = 8080
 }
 
+variable "image_tag" {
+  description = "Image tag"
+  type        = string
+}
+
+variable "container_app_min_replicas" {
+  description = "Minimum replicas for the container app"
+  type        = number
+  default     = 1
+}
+
+variable "container_app_max_replicas" {
+  description = "Maximum replicas for the container app"
+  type        = number
+  default     = 2
+}
+
+variable "container_app_http_concurrency" {
+  description = "Scale up at this number of HTTP requests"
+  type        = number
+  default     = 10
+}
 
 ##################
 # CDN/Front Door #
@@ -134,4 +156,9 @@ variable "registry_password" {
   default     = ""
 }
 
+variable "registry_custom_image_url" {
+  description = "Pass in the address to your image from your custom registry"
+  type        = string
+}
+