Merge branch 'bcgov:main' into feature/WFPREV-34_3

bcgov · Sep 30, 2024 · b6ac922 · b6ac922
2 parents 73e2792 + 9b0b297
commit b6ac922
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 6 deletions.
diff --git a/.github/workflows/terragrunt-deploy.yml b/.github/workflows/terragrunt-deploy.yml
@@ -118,8 +118,10 @@ jobs:
           WFPREV_API_CPU_UNITS: ${{vars.WFPREV_API_CPU_UNITS}}
           WFPREV_API_MEMORY: ${{vars.WFPREV_API_MEMORY}}
           WFPREV_API_PORT: ${{vars.WFPREV_API_PORT}}
-
+          TARGET_AWS_ACCOUNT_ID: ${{secrets.TARGET_AWS_ACCOUNT_ID}}
           # WFPREV UI
-          client_image: ${{ vars.REPOSITORY }}/${{ github.repository }}-wfprev-ui:${{ inputs.IMAGE_TAG }}
+          CLIENT_IMAGE: ${{ vars.REPOSITORY }}/${{ github.repository }}-wfprev-ui:${{ inputs.IMAGE_TAG }}
           WEBADE_OAUTH2_WFPREV_UI_CLIENT_SECRET: ${{ secrets.WEBADE_OAUTH2_WFPREV_UI_CLIENT_SECRET }}
+          WFPREV_UI_PORT: ${{vars.WFPREV_UI_PORT}}
+
         run: terragrunt apply --terragrunt-non-interactive -auto-approve
diff --git a/terraform/ecs.tf b/terraform/ecs.tf
@@ -147,7 +147,7 @@ resource "aws_ecs_task_definition" "wfprev_client" {
       essential   = true
       readonlyRootFilesystem = true
       name        = var.client_container_name
-      image       = var.client_image
+      image       = var.CLIENT_IMAGE
       cpu         = var.client_cpu_units
       memory      = var.client_memory
       networkMode = "awsvpc"
@@ -183,7 +183,15 @@ resource "aws_ecs_task_definition" "wfprev_client" {
         {
           name  = "WEBADE-OAUTH2_CHECK_TOKEN_V2_URL"
           value = var.WEBADE-OAUTH2_CHECK_TOKEN_URL
-        }
+        },
+        { //Will be phased out from prod eventually, but not yet  "https://${aws_route53_record.wfprev_nginx.name}/"
+          name  = "WFPREV_API_URL",
+          value = var.target_env == "prod" ? "https://${var.gov_api_url}/" : "https://example.com/"
+        },
+        {
+          name  = "APPLICATION_ENVIRONMENT",
+          value = var.target_env != "prod" ? var.target_env : " "
+        },
       ]
       logConfiguration = {
         logDriver = "awslogs"
@@ -282,7 +290,7 @@ resource "aws_ecs_service" "client" {
 
 
   network_configuration {
-    security_groups  = [aws_security_group.wfnews_ecs_tasks.id, data.aws_security_group.app.id]
+    security_groups  = [aws_security_group.wfprev_ecs_tasks.id, data.aws_security_group.app.id]
     subnets          = module.network.aws_subnet_ids.app.ids
     assign_public_ip = true
   }

diff --git a/terraform/terragrunt.hcl b/terraform/terragrunt.hcl
@@ -0,0 +1,62 @@
+locals {
+  tfc_hostname     = "app.terraform.io"
+  tfc_organization = "bcgov"
+}
+
+generate "remote_state" {
+  path      = "backend.tf"
+  if_exists = "overwrite"
+  contents  = <<EOF
+terraform {
+  backend "s3" {
+    bucket         = "terraform-remote-state-${get_env("TFC_PROJECT")}-${get_env("TARGET_ENV")}"    # Replace with either generated or custom bucket name
+    key            = "terraform.${get_env("TFC_PROJECT")}-${get_env("TARGET_ENV")}-state"           # Path and name of the state file within the bucket
+    region         = "ca-central-1"                   # AWS region where the bucket is located
+    dynamodb_table = "terraform-remote-state-lock-${get_env("TFC_PROJECT")}"  # Replace with either generated or custom DynamoDB table name
+    encrypt        = true                              # Enable encryption for the state file
+  }
+}
+EOF
+}
+
+generate "tfvars" {
+  path              = "terragrunt.auto.tfvars"
+  if_exists         = "overwrite"
+  disable_signature = true
+  contents          = <<-EOF
+TARGET_ENV = "${get_env("TARGET_ENV")}"
+GITHUB_USERNAME = "${get_env("GITHUB_USERNAME")}"
+GITHUB_TOKEN = "${get_env("GITHUB_TOKEN")}"
+APP_COUNT = "${get_env("APP_COUNT")}"
+LOGGING_LEVEL = "${get_env("LOGGING_LEVEL")}"
+
+# server
+WFPREV_API_NAME = "${get_env("WFPREV_API_NAME")}"
+WFPREV_API_IMAGE = "${get_env("WFPREV_API_IMAGE")}"
+WFPREV_API_CPU_UNITS = "${get_env("WFPREV_API_CPU_UNITS")}"
+WFPREV_API_MEMORY = "${get_env("WFPREV_API_MEMORY")}"
+WFPREV_API_PORT = "${get_env("WFPREV_API_PORT")}"
+DEFAULT_APPLICATION_ENVIRONMENT = "${get_env("DEFAULT_APPLICATION_ENVIRONMENT")}"
+
+TARGET_AWS_ACCOUNT_ID = "${get_env("TARGET_AWS_ACCOUNT_ID")}"
+
+# client
+WEBADE_OAUTH2_WFPREV_UI_CLIENT_SECRET = "${get_env("WEBADE_OAUTH2_WFPREV_UI_CLIENT_SECRET")}"
+CLIENT_IMAGE = "${get_env("CLIENT_IMAGE")}"
+WFPREV_UI_PORT = "${get_env("WFPREV_UI_PORT")}"
+
+EOF
+}
+
+generate "provider" {
+  path      = "provider.tf"
+  if_exists = "overwrite"
+  contents  = <<EOF
+provider "aws" {
+  region  = "ca-central-1"
+  assume_role {
+    role_arn = "arn:aws:iam::$${var.TARGET_AWS_ACCOUNT_ID}:role/Terraform_Deploy_Role"
+  }
+}
+EOF
+}
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -52,7 +52,7 @@ variable "server_container_name" {
   default     = "wfprev-server-app"
 }
 
-variable "client_image" {
+variable "CLIENT_IMAGE" {
   description = "Docker image to run in the ECS cluster. _Note_: there is a blank default value, which will cause service and task resource creation to be supressed unless an image is specified."
   type        = string
   default     = ""
@@ -183,4 +183,10 @@ variable "app_count" {
 variable "ecs_task_execution_role_name" {
   description = "ECS task execution role name"
   default     = "wfprevEcsTaskExecutionRole"
+}
+
+variable "gov_api_url" {
+  description = "domain name if using *-api.nrs.gov.bc.ca url"
+  default     = ""
+  type        = string
 }