From 3b25e149ad93b0be1b4f04fe7a4cca884f5491df Mon Sep 17 00:00:00 2001 From: Paul Kim Date: Thu, 14 Mar 2024 14:45:57 -0400 Subject: [PATCH] Revert "Revert "Update dockerfile and actions (#732)" (#739)" (#740) This reverts commit a30245244e56210f7fc574e97efefd1c25015aeb. --- .github/workflows/dev-green.yml | 47 +++++++++++++++-------------- .github/workflows/dev.yml | 43 +++++++++++++------------- .github/workflows/docker.yml | 18 +++++++++++ .github/workflows/prod.yml | 42 ++++++++++++++++++-------- Dockerfile | 53 +++++++++++++++++---------------- config/prod.exs | 5 ++-- mix.exs | 5 ++-- 7 files changed, 126 insertions(+), 87 deletions(-) create mode 100644 .github/workflows/docker.yml diff --git a/.github/workflows/dev-green.yml b/.github/workflows/dev-green.yml index b51dda696..1f8f41397 100644 --- a/.github/workflows/dev-green.yml +++ b/.github/workflows/dev-green.yml @@ -1,35 +1,38 @@ -name: Deploy to Dev-green +name: Deploy to Dev Green on: workflow_dispatch: + push: + branches: [main] jobs: - Build: - runs-on: windows-2019 + deploy: + name: Deploy + runs-on: ubuntu-latest permissions: id-token: write - contents: read + contents: read + environment: dev-green-linux + concurrency: dev-green-linux + env: + ECS_CLUSTER: linux-staging + ECS_SERVICE: realtime-signs-dev-green steps: - - name: Checkout repository - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: mbta/actions/build-push-ecr@v2 id: build-push with: role-to-assume: ${{ secrets.AWS_ROLE_ARN }} docker-repo: ${{ secrets.DOCKER_REPO }} - deploy: - name: Deploy - needs: build - uses: mbta/workflows/.github/workflows/deploy-on-prem.yml@v2 - with: - app-name: realtime-signs - environment: dev-green - on-prem-cluster: hsctd-dev-managers - splunk-index: realtime-signs-dev-green - task-cpu: .5 - task-memory: 2048M - task-port: 8080 - secrets: - aws-role-arn: ${{ secrets.AWS_ROLE_ARN }} - docker-repo: ${{ secrets.DOCKER_REPO }} - slack-webhook: ${{ secrets.SLACK_WEBHOOK }} + - uses: mbta/actions/deploy-ecs@v2 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + ecs-cluster: ${{ env.ECS_CLUSTER }} + ecs-service: ${{ env.ECS_SERVICE }} + docker-tag: ${{ steps.build-push.outputs.docker-tag }} + launch-type: EXTERNAL + - uses: mbta/actions/notify-slack-deploy@v1 + if: ${{ !cancelled() }} + with: + webhook-url: ${{ secrets.SLACK_WEBHOOK }} + job-status: ${{ job.status }} diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 36f2f82b0..a99dfc81d 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -6,32 +6,33 @@ on: branches: [main] jobs: - Build: - runs-on: windows-2019 + deploy: + name: Deploy + runs-on: ubuntu-latest permissions: id-token: write - contents: read + contents: read + environment: dev-linux + concurrency: dev-linux + env: + ECS_CLUSTER: linux-staging + ECS_SERVICE: realtime-signs-dev steps: - - name: Checkout repository - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: mbta/actions/build-push-ecr@v2 id: build-push with: role-to-assume: ${{ secrets.AWS_ROLE_ARN }} docker-repo: ${{ secrets.DOCKER_REPO }} - deploy: - name: Deploy - needs: build - uses: mbta/workflows/.github/workflows/deploy-on-prem.yml@v2 - with: - app-name: realtime-signs - environment: dev - on-prem-cluster: hsctd-dev-managers - splunk-index: realtime-signs-dev - task-cpu: .5 - task-memory: 2048M - task-port: 80 - secrets: - aws-role-arn: ${{ secrets.AWS_ROLE_ARN }} - docker-repo: ${{ secrets.DOCKER_REPO }} - slack-webhook: ${{ secrets.SLACK_WEBHOOK }} + - uses: mbta/actions/deploy-ecs@v2 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + ecs-cluster: ${{ env.ECS_CLUSTER }} + ecs-service: ${{ env.ECS_SERVICE }} + docker-tag: ${{ steps.build-push.outputs.docker-tag }} + launch-type: EXTERNAL + - uses: mbta/actions/notify-slack-deploy@v1 + if: ${{ !cancelled() }} + with: + webhook-url: ${{ secrets.SLACK_WEBHOOK }} + job-status: ${{ job.status }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 000000000..2d86e1d0e --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,18 @@ +name: Build container + +on: + push: + branches-ignore: + - master + +concurrency: + group: docker-${{ github.ref }} + cancel-in-progress: true + +jobs: + linux: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - run: docker build . diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml index 9153294c6..e2f295fa2 100644 --- a/.github/workflows/prod.yml +++ b/.github/workflows/prod.yml @@ -6,16 +6,32 @@ on: jobs: deploy: name: Deploy - uses: mbta/workflows/.github/workflows/deploy-on-prem.yml@v2 - with: - app-name: realtime-signs - environment: prod - on-prem-cluster: hsctd-prod-managers - splunk-index: realtime-signs-prod - task-cpu: .5 - task-memory: 2048M - task-port: 80 - secrets: - aws-role-arn: ${{ secrets.AWS_ROLE_ARN }} - docker-repo: ${{ secrets.DOCKER_REPO }} - slack-webhook: ${{ secrets.SLACK_WEBHOOK }} + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + environment: prod-linux + concurrency: prod-linux + env: + ECS_CLUSTER: linux-prod + ECS_SERVICE: realtime-signs-prod + + steps: + - uses: actions/checkout@v3 + - uses: mbta/actions/build-push-ecr@v2 + id: build-push + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + docker-repo: ${{ secrets.DOCKER_REPO }} + - uses: mbta/actions/deploy-ecs@v2 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + ecs-cluster: ${{ env.ECS_CLUSTER }} + ecs-service: ${{ env.ECS_SERVICE }} + docker-tag: ${{ steps.build-push.outputs.docker-tag }} + launch-type: EXTERNAL + - uses: mbta/actions/notify-slack-deploy@v1 + if: ${{ !cancelled() }} + with: + webhook-url: ${{ secrets.SLACK_WEBHOOK }} + job-status: ${{ job.status }} diff --git a/Dockerfile b/Dockerfile index eb71ef34a..64f944837 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,51 +1,52 @@ ARG ELIXIR_VERSION=1.14.0 ARG ERLANG_VERSION=25.0.4 -ARG WINDOWS_VERSION=1809 +ARG ALPINE_VERSION=3.18.0 # See also: ERTS_VERSION in the from image below -ARG BUILD_IMAGE=mbtatools/windows-elixir:$ELIXIR_VERSION-erlang-$ERLANG_VERSION-windows-$WINDOWS_VERSION -ARG FROM_IMAGE=mcr.microsoft.com/windows/servercore:$WINDOWS_VERSION - -FROM $BUILD_IMAGE as build +FROM hexpm/elixir:${ELIXIR_VERSION}-erlang-${ERLANG_VERSION}-alpine-${ALPINE_VERSION} as build ENV MIX_ENV=prod -# log which version of Windows we're using -RUN ver +RUN mkdir /realtime_signs -RUN mkdir C:\realtime_signs +WORKDIR /realtime_signs -WORKDIR C:\\realtime_signs +RUN apk add --no-cache git +RUN mix local.hex --force && mix local.rebar --force COPY mix.exs mix.lock ./ RUN mix deps.get -COPY config/config.exs config\\config.exs -COPY config/prod.exs config\\prod.exs +COPY config/config.exs config/config.exs +COPY config/prod.exs config/prod.exs RUN mix deps.compile COPY lib lib COPY priv priv -COPY config/runtime.exs config\\runtime.exs -RUN mix release +COPY config/runtime.exs config/runtime.exs +RUN mix release linux + +# The one the elixir image was built with +FROM alpine:${ALPINE_VERSION} + +RUN apk add --no-cache libssl1.1 dumb-init libstdc++ libgcc ncurses-libs && \ + mkdir /work /realtime_signs && \ + adduser -D realtime_signs && chown realtime_signs /work -FROM $FROM_IMAGE -ARG ERTS_VERSION=13.0.4 +COPY --from=build /realtime_signs/_build/prod/rel/linux /realtime_signs -USER ContainerAdministrator -COPY --from=build C:\\Erlang\\vcredist_x64.exe vcredist_x64.exe -RUN .\vcredist_x64.exe /install /quiet /norestart \ - && del vcredist_x64.exe +RUN chown realtime_signs /realtime_signs/lib/tzdata-*/priv /realtime_signs/lib/tzdata*/priv/* -COPY --from=build C:\\realtime_signs\\_build\\prod\\rel\\realtime_signs C:\\realtime_signs +# Set exposed ports +ENV MIX_ENV=prod TERM=xterm LANG=C.UTF-8 \ + ERL_CRASH_DUMP_SECONDS=0 RELEASE_TMP=/work -WORKDIR C:\\realtime_signs +USER realtime_signs +WORKDIR /work -# Ensure Erlang can run -RUN dir && \ - erts-%ERTS_VERSION%\bin\erl -noshell -noinput +V +ENTRYPOINT ["/usr/bin/dumb-init", "--"] -EXPOSE 80 -CMD ["C:\\realtime_signs\\bin\\realtime_signs.bat", "start"] +HEALTHCHECK CMD ["/realtime_signs/bin/linux", "rpc", "1 + 1"] +CMD ["/realtime_signs/bin/linux", "start"] diff --git a/config/prod.exs b/config/prod.exs index 14f746755..6efaa5cec 100644 --- a/config/prod.exs +++ b/config/prod.exs @@ -19,8 +19,9 @@ config :realtime_signs, restart_fn: &System.restart/0 config :ex_aws, - access_key_id: [{:system, "AWS_ACCESS_KEY_ID"}, {:awscli, "default", 30}], + access_key_id: [{:system, "AWS_ACCESS_KEY_ID"}, {:awscli, "default", 30}, :instance_role], secret_access_key: [ {:system, "AWS_SECRET_ACCESS_KEY"}, - {:awscli, "default", 30} + {:awscli, "default", 30}, + :instance_role ] diff --git a/mix.exs b/mix.exs index cf9c86f99..5776d034e 100644 --- a/mix.exs +++ b/mix.exs @@ -18,9 +18,8 @@ defmodule RealtimeSigns.Mixfile do ignore_warnings: ".dialyzer.ignore-warnings" ], releases: [ - realtime_signs: [ - include_executables_for: [:windows], - applications: [runtime_tools: :permanent] + linux: [ + include_executables_for: [:unix] ] ] ]