From 0b54167baacf663feb138db876fe5f2dd8842e27 Mon Sep 17 00:00:00 2001 From: simonjfirth Date: Mon, 17 Jun 2024 16:52:28 +0100 Subject: [PATCH] updated workflow --- .github/workflows/terraform-pr-check.yml | 14 ++-- terraform/container-app/.terraform.lock.hcl | 82 ------------------- terraform/container-app/locals.tf | 28 ++++--- terraform/container-app/main-hosting.tf | 20 +++-- .../scripts/state-update-terraform.sh | 4 +- terraform/container-app/variables.tf | 27 ++++++ 6 files changed, 66 insertions(+), 109 deletions(-) delete mode 100644 terraform/container-app/.terraform.lock.hcl diff --git a/.github/workflows/terraform-pr-check.yml b/.github/workflows/terraform-pr-check.yml index 4734e34..f7615cc 100644 --- a/.github/workflows/terraform-pr-check.yml +++ b/.github/workflows/terraform-pr-check.yml @@ -35,9 +35,13 @@ env: TF_VAR_az_app_kestrel_endpoint: ${{ vars.KESTRELENDPOINT }} TF_VAR_az_tag_environment: ${{ vars.AZ_TAG_ENVIRONMENT }} TF_VAR_az_tag_product: ${{ vars.AZ_TAG_PRODUCT }} - TF_VAR_registry_server: "ghcr.io" + TF_VAR_az_sql_admin_userid_postfix: ${{secrets.AZ_SQL_ADMIN_USERID_POSTFIX}} + TF_VAR_az_sql_azuread_admin_username: ${{ secrets.AZ_SERVICE_PRINCIPAL }} + TF_VAR_az_sql_admin_password: ${{secrets.AZ_SQL_ADMIN_PASSWORD}} + TF_VAR_az_sql_azuread_admin_objectid: ${{ secrets.AZ_CLIENT_ID }} + TF_VAR_registry_server: "ghcr.io/dfe-digital" + TF_VAR_image_tag: "latest" TF_VAR_registry_username: ${{ github.repository_owner }} - TF_VAR_registry_custom_image_url: "ghcr.io/dfe-digital/sts-content-and-support:latest" TF_VAR_registry_password: ${{ secrets.GITHUB_TOKEN }} TF_WORKING_DIRECTORY: terraform/container-app @@ -45,7 +49,7 @@ env: jobs: validate-terraform: name: Validate Terraform - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 defaults: run: working-directory: ${{env.TF_WORKING_DIRECTORY}} @@ -140,7 +144,7 @@ jobs: terraform-lint: name: Terraform Lint - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 defaults: run: working-directory: ${{ env.TF_WORKING_DIRECTORY }} @@ -158,7 +162,7 @@ jobs: tfsec-pr-commenter: name: tfsec Check - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Clone repo uses: actions/checkout@v4 diff --git a/terraform/container-app/.terraform.lock.hcl b/terraform/container-app/.terraform.lock.hcl deleted file mode 100644 index ab7a8ae..0000000 --- a/terraform/container-app/.terraform.lock.hcl +++ /dev/null @@ -1,82 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/azure/azapi" { - version = "1.13.1" - constraints = ">= 1.6.0" - hashes = [ - "h1:Q10vF78s0i71/CfRYbeoRLAWuJrat2kxIrHK9/yaEYk=", - "zh:1f2aceddd67ceeb82a75c2f15dc01e54781e9aed5968507dbc29590c165b2e2b", - "zh:397f0bfbac899d48e23cecf38d362c27562150aa20b19157b5bd370b8e6801ee", - "zh:652263b7d00623684e29ef7b8ff285a17c5bd7cc8ba7d22967c66d0b3a3c568a", - "zh:652c53320a41434942877515780296a1509be03f32d54e60178f39200f960a67", - "zh:666426faf686401e54ec09fe06e9d7c06a6455ec398764f70558440c73aeb7f9", - "zh:6aa91ae8ba78f2494f99b4c99e66d15ed0b14d735cd1f77adc12ff9dfa075807", - "zh:a529e5a13c37d1805c469227f08cdbe7527d04dd64d18709d26627c6a0b588b1", - "zh:a589c049205e8e5bf94a13d56b28f400d908ad27e13e16df64408ee82eb8a0ff", - "zh:a9a50defdee230f315f74be6c77ff104fe2610a1b3ad6b87326f555e80d13b18", - "zh:ba49ef70d96e13795e2dbffd6cb2ff976dfe84e0373a5971ebe3b4c9c9b7af60", - "zh:d3ed50efe5f8c80d3d7d464ab9a13ccf82440d871c9ce3032ce476845364c6b9", - "zh:e3eb48ee8c36ee4f81850d8a21fc59b81886c729d7c3b7adece4a25f355bed2f", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.107.0" - constraints = ">= 3.76.0, >= 3.82.0" - hashes = [ - "h1:xA73PuMnVaXxtjTkpTJHE+No2IUDgXB4ELw0iKRiDHQ=", - "zh:0a5bfcdef1dad509c4f45c0ada2c8e2cc058cf9542ddec48fbee18c4097bce9e", - "zh:0b56736691e4b28ea15b381a4711ff39719ff83a40ce97cd283eb21988f471f6", - "zh:13d55030c8be466b5de4819e4a8b84da69a40b15bfa0cc2588f5270b4682fa89", - "zh:1eac398718cd0973f94015e49ff69a6ed8c860d69e4adbd192c7bea775af2941", - "zh:7b1984b60abc7f53298950680bda504eca8d70c9d0d906d6dee2aac6a827f9d6", - "zh:86f63ad98576d698c6ba8defa9165160633f086145a1f060014a93f5c2fb384e", - "zh:afc78e7e0e76b4d2593ca2ec78b064c896888d03c6cb82f2c5bd37e815e056e7", - "zh:b84997b287c673b297ede08404133279dbc72f070c8d6e4284bf62637de4bfb4", - "zh:dd1d21c8a37938082a5c2497eacd76bacb1ac459bc9d38ee782443fa87a2247d", - "zh:edcaca84c6473427d36f940748e5ce4d1d50b393012f6f6c0ec4303792f607d9", - "zh:f0892ecd0eea0c06710056048d8bb75c4c3bda74de7ba41afa60d7b9c9a3b0ca", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.2" - constraints = ">= 3.2.1" - hashes = [ - "h1:m467k2tZ9cdFFgHW7LPBK2GLPH43LC6wc3ppxr8yvoE=", - "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", - "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", - "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", - "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", - "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", - "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", - "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", - "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", - "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", - "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.6.2" - constraints = ">= 3.5.1" - hashes = [ - "h1:5lstwe/L8AZS/CP0lil2nPvmbbjAu8kCaU/ogSGNbxk=", - "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", - "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", - "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", - "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", - "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", - "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", - "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", - "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", - "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", - "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", - ] -} diff --git a/terraform/container-app/locals.tf b/terraform/container-app/locals.tf index dcd4eab..1c7f5c8 100644 --- a/terraform/container-app/locals.tf +++ b/terraform/container-app/locals.tf @@ -2,16 +2,16 @@ locals { ########### # General # ########### - current_user_id = coalesce(var.msi_id, data.azurerm_client_config.current.object_id) - project_name = var.project_name - environment = var.environment - azure_location = var.azure_location - resource_prefix = "${local.environment}${local.project_name}" - resource_group_name = module.main_hosting.azurerm_resource_group_default.name - registry_server = var.registry_server - registry_username = var.registry_username - registry_password = var.registry_password - + current_user_id = coalesce(var.msi_id, data.azurerm_client_config.current.object_id) + project_name = var.project_name + environment = var.environment + azure_location = var.azure_location + resource_prefix = "${local.environment}${local.project_name}" + resource_group_name = module.main_hosting.azurerm_resource_group_default.name + registry_server = var.registry_server + registry_username = var.registry_username + registry_password = var.registry_password + registry_custom_image_url = var.registry_custom_image_url tags = { "Environment" = var.az_tag_environment, @@ -23,8 +23,12 @@ locals { # Container App # ################# container_app_image_name = "content-support-app" - kestrel_endpoint = var.az_app_kestrel_endpoint - container_port = var.az_container_port + kestrel_endpoint = var.az_app_kestrel_endpoint + container_port = var.az_container_port + image_tag = var.image_tag + container_app_min_replicas = var.container_app_min_replicas + container_app_max_replicas = var.container_app_max_replicas + container_app_http_concurrency = var.container_app_http_concurrency #################### # Managed Identity # diff --git a/terraform/container-app/main-hosting.tf b/terraform/container-app/main-hosting.tf index 0818991..11af404 100644 --- a/terraform/container-app/main-hosting.tf +++ b/terraform/container-app/main-hosting.tf @@ -1,5 +1,5 @@ module "main_hosting" { - source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.6.2" + source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.6.4" ########### # General # @@ -12,9 +12,9 @@ module "main_hosting" { ################# # Container App # ################# - enable_container_registry = true - image_name = local.container_app_image_name - container_port = local.container_port + enable_container_registry = true + image_name = local.container_app_image_name + container_port = local.container_port container_secret_environment_variables = { "AZURE_CLIENT_ID" = azurerm_user_assigned_identity.user_assigned_identity.client_id, "KeyVaultName" = local.kv_name @@ -30,6 +30,10 @@ module "main_hosting" { identity_ids = [azurerm_user_assigned_identity.user_assigned_identity.id] } + container_max_replicas = local.container_app_max_replicas + container_min_replicas = local.container_app_min_replicas + container_scale_http_concurrency = local.container_app_http_concurrency + ############## # Networking # @@ -39,8 +43,8 @@ module "main_hosting" { ############################# # Github Container Registry # ############################# - registry_server = local.registry_server - registry_username = local.registry_username - registry_password = local.registry_password - + registry_server = local.registry_server + registry_username = local.registry_username + registry_password = local.registry_password + image_tag = local.image_tag } diff --git a/terraform/container-app/scripts/state-update-terraform.sh b/terraform/container-app/scripts/state-update-terraform.sh index 157f9ed..f138c44 100644 --- a/terraform/container-app/scripts/state-update-terraform.sh +++ b/terraform/container-app/scripts/state-update-terraform.sh @@ -11,14 +11,14 @@ RESOURCE_GROUP="$3" STATE_CONTAINER="$4" STATE_FILE="$5" STATE_ACCOUNT="$6" -RESOURCE_GROUP_PREFIX="${RESOURCE_GROUP%%-conentsupport}" +RESOURCE_GROUP_PREFIX="${RESOURCE_GROUP%%-cs}" terraform import -var-file="$VAR_FILE" module.main_hosting.azurerm_container_app_environment.container_app_env "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.App/managedEnvironments/${RESOURCE_GROUP}containerapp" terraform state rm module.main_hosting.azapi_resource.container_app_env -terraform import -var-file="$VAR_FILE" 'module.main_hosting.azurerm_container_app.container_apps["main"]' "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.App/containerApps/${RESOURCE_GROUP}-plan-tech-app" +terraform import -var-file="$VAR_FILE" 'module.main_hosting.azurerm_container_app.container_apps["main"]' "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.App/containerApps/${RESOURCE_GROUP}-cs-app" terraform state rm module.main_hosting.azapi_resource.default diff --git a/terraform/container-app/variables.tf b/terraform/container-app/variables.tf index c7904a0..9f47826 100644 --- a/terraform/container-app/variables.tf +++ b/terraform/container-app/variables.tf @@ -101,6 +101,28 @@ variable "az_container_port" { default = 8080 } +variable "image_tag" { + description = "Image tag" + type = string +} + +variable "container_app_min_replicas" { + description = "Minimum replicas for the container app" + type = number + default = 1 +} + +variable "container_app_max_replicas" { + description = "Maximum replicas for the container app" + type = number + default = 2 +} + +variable "container_app_http_concurrency" { + description = "Scale up at this number of HTTP requests" + type = number + default = 10 +} ################## # CDN/Front Door # @@ -134,4 +156,9 @@ variable "registry_password" { default = "" } +variable "registry_custom_image_url" { + description = "Pass in the address to your image from your custom registry" + type = string +} +