merge

.github/workflows/terraform-pr-check.yml

@@ -35,17 +35,21 @@ env:
   TF_VAR_az_app_kestrel_endpoint: ${{ vars.KESTRELENDPOINT }}
   TF_VAR_az_tag_environment: ${{ vars.AZ_TAG_ENVIRONMENT }}
   TF_VAR_az_tag_product: ${{ vars.AZ_TAG_PRODUCT }}
-  TF_VAR_registry_server: "ghcr.io"
+  TF_VAR_az_sql_admin_userid_postfix: ${{secrets.AZ_SQL_ADMIN_USERID_POSTFIX}}
+  TF_VAR_az_sql_azuread_admin_username: ${{ secrets.AZ_SERVICE_PRINCIPAL }}
+  TF_VAR_az_sql_admin_password: ${{secrets.AZ_SQL_ADMIN_PASSWORD}}
+  TF_VAR_az_sql_azuread_admin_objectid: ${{ secrets.AZ_CLIENT_ID }}
+  TF_VAR_registry_server: "ghcr.io/dfe-digital"
+  TF_VAR_image_tag: "latest"
   TF_VAR_registry_username: ${{ github.repository_owner }}
-  TF_VAR_registry_custom_image_url: "ghcr.io/dfe-digital/sts-content-and-support:latest"
   TF_VAR_registry_password: ${{ secrets.GITHUB_TOKEN }}
 
   TF_WORKING_DIRECTORY: terraform/container-app
 
 jobs:
   validate-terraform:
     name: Validate Terraform
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     defaults:
       run:
         working-directory: ${{env.TF_WORKING_DIRECTORY}}
@@ -140,7 +144,7 @@ jobs:
 
   terraform-lint:
     name: Terraform Lint
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     defaults:
       run:
         working-directory: ${{ env.TF_WORKING_DIRECTORY }}
@@ -158,7 +162,7 @@ jobs:
 
   tfsec-pr-commenter:
     name: tfsec Check
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Clone repo
         uses: actions/checkout@v4

terraform/container-app/locals.tf

@@ -20,8 +20,12 @@ locals {
   # Container App #
   #################
   container_app_image_name = "content-support-app"
-  kestrel_endpoint         = var.az_app_kestrel_endpoint
-  container_port           = var.az_container_port
+  kestrel_endpoint               = var.az_app_kestrel_endpoint
+  container_port                 = var.az_container_port
+  image_tag                      = var.image_tag
+  container_app_min_replicas     = var.container_app_min_replicas
+  container_app_max_replicas     = var.container_app_max_replicas
+  container_app_http_concurrency = var.container_app_http_concurrency
 
   ####################
   # Managed Identity #

terraform/container-app/main-hosting.tf

@@ -1,5 +1,5 @@
 module "main_hosting" {
-  source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.6.2"
+  source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.6.4"
 
   ###########
   # General #
@@ -12,9 +12,9 @@ module "main_hosting" {
   #################
   # Container App #
   #################
-  enable_container_registry           = true
-  image_name                          = local.container_app_image_name
-  container_port                      = local.container_port
+  enable_container_registry = true
+  image_name                = local.container_app_image_name
+  container_port            = local.container_port
   container_secret_environment_variables = {
     "AZURE_CLIENT_ID" = azurerm_user_assigned_identity.user_assigned_identity.client_id,
     "KeyVaultName"    = local.kv_name
@@ -30,6 +30,10 @@ module "main_hosting" {
     identity_ids = [azurerm_user_assigned_identity.user_assigned_identity.id]
   }
 
+  container_max_replicas           = local.container_app_max_replicas
+  container_min_replicas           = local.container_app_min_replicas
+  container_scale_http_concurrency = local.container_app_http_concurrency
+
 
   ##############
   # Networking #

terraform/container-app/scripts/state-update-terraform.sh

@@ -11,14 +11,14 @@ RESOURCE_GROUP="$3"
 STATE_CONTAINER="$4"
 STATE_FILE="$5"
 STATE_ACCOUNT="$6"
-RESOURCE_GROUP_PREFIX="${RESOURCE_GROUP%%-conentsupport}"
+RESOURCE_GROUP_PREFIX="${RESOURCE_GROUP%%-cs}"
 
 
 terraform import -var-file="$VAR_FILE" module.main_hosting.azurerm_container_app_environment.container_app_env "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.App/managedEnvironments/${RESOURCE_GROUP}containerapp"
 
 terraform state rm module.main_hosting.azapi_resource.container_app_env
 
-terraform import -var-file="$VAR_FILE" 'module.main_hosting.azurerm_container_app.container_apps["main"]' "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.App/containerApps/${RESOURCE_GROUP}-plan-tech-app"
+terraform import -var-file="$VAR_FILE" 'module.main_hosting.azurerm_container_app.container_apps["main"]' "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.App/containerApps/${RESOURCE_GROUP}-cs-app"
 
 terraform state rm module.main_hosting.azapi_resource.default
 

terraform/container-app/variables.tf

@@ -76,6 +76,28 @@ variable "az_container_port" {
   default     = 8080
 }
 
+variable "image_tag" {
+  description = "Image tag"
+  type        = string
+}
+
+variable "container_app_min_replicas" {
+  description = "Minimum replicas for the container app"
+  type        = number
+  default     = 1
+}
+
+variable "container_app_max_replicas" {
+  description = "Maximum replicas for the container app"
+  type        = number
+  default     = 2
+}
+
+variable "container_app_http_concurrency" {
+  description = "Scale up at this number of HTTP requests"
+  type        = number
+  default     = 10
+}
 
 ##################
 # CDN/Front Door #