Merge pull request #6776 from hotosm/ci/feat/terragrunt-multi-module

Ci/feat/terragrunt multi module

Author: prabinoid

.github/workflows/terragrunt-apply.yml

@@ -1,20 +1,76 @@
 name: Terragrunt Apply
 
 on:
+  workflow_run:
+    workflows: ["Terragrunt Plan"]
+    types:
+      - completed
   workflow_dispatch:
     inputs:
       plan_file_name:
         description: "Enter Terragrunt Plan File name to run"
         required: true
 
 jobs:
+  # workaround for using GHActions environment variables feature. In future we can use ${{ github.ref_name }} directly in the workflow as INFRA_BRANCH
+  get_deployment_meta:
+    name: Get Deployment Meta
+    runs-on: ubuntu-latest
+    outputs:
+      PLAN_NAME: ${{ steps.export_meta.outputs.PLAN_NAME }}
+      INFRA_BRANCH_NAME: ${{ steps.export_triggering_wf_meta.outputs.INFRA_BRANCH_NAME }}
+      INFRA_BRANCH_URL: ${{ steps.export_triggering_wf_meta.outputs.INFRA_BRANCH_URL }}
+      INFRA_MODULE_PATH: ${{ steps.export_triggering_wf_meta.outputs.INFRA_MODULE_PATH }}
+
+    steps:
+      - name: Export Deployment Meta
+        id: export_meta
+        shell: bash
+        run: |
+          case "${{ github.event_name }}" in
+          workflow_run)
+            export PLAN_NAME=tasking-manager-${{ github.event.workflow_run.id }}-${{ github.event.workflow_run.run_attempt }}
+            ;;
+          workflow_dispatch)
+            export PLAN_NAME=${{ inputs.plan_file_name }}
+            ;;
+          esac
+          echo "PLAN_NAME=${PLAN_NAME}" >> $GITHUB_OUTPUT
+
+      - name: Get Input Params from GitHub Artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: PLAN_WORKFLOW_META.info
+          github-token: ${{ github.token }}
+          repository: ${{ github.repository }}
+          run-id: ${{ github.event.workflow_run.id }}
+
+      - name: Export triggering plan workflow meta
+        id: export_triggering_wf_meta
+        shell: bash
+        run: |
+          for line in $(cat PLAN_WORKFLOW_META);
+          do
+            echo $line >> $GITHUB_OUTPUT
+          done
+
   apply:
-    uses: naxa-developers/gh-workflows/.github/workflows/terragrunt-apply.yml@v0.4
+    name: Terragrunt Apply
+    uses: hotosm/gh-workflows/.github/workflows/terragrunt-apply.yml@3.1.0
+    permissions:
+      id-token: write
+      contents: read
+    needs:
+      - get_deployment_meta
     with:
-      working_dir: ./scripts/aws/infra/staging/purgeable/ecs/
+      working_dir: ./scripts/aws/infra/${{ needs.get_deployment_meta.outputs.INFRA_BRANCH_NAME }}/${{ needs.get_deployment_meta.outputs.INFRA_MODULE_PATH }}
       terraform_version: "1.9.5"
       terragrunt_version: "0.67.15"
-      aws_region: us-west-2
-      plan_file_name: ${{ inputs.plan_file_name }}
+      aws_region: us-east-1
+      load_env: true
+      plan_file_name: ${{ needs.get_deployment_meta.outputs.PLAN_NAME }}
       use_gh_artifacts: true
+      environment_name: ${{ needs.get_deployment_meta.outputs.INFRA_BRANCH_NAME }}
+      environment_url: ${{ needs.get_deployment_meta.outputs.INFRA_BRANCH_URL }}
+      decrypt_plan_file: true
     secrets: inherit

.github/workflows/terragrunt-plan.yml

@@ -2,14 +2,73 @@ name: Terragrunt Plan
 
 on:
   workflow_dispatch:
+    inputs:
+      module_path:
+        description: "Select Terragrunt Module to run"
+        required: true
+        type: choice
+        default: purgeable/ecs/
+        options:
+          - purgeable/ecs/
+          - purgeable/ecs-cron/
+          - non-purgeable/extras/
 
 jobs:
+  # workaround for using GHActions environment variables feature. In future we can use ${{ github.ref_name }} directly in the workflow as INFRA_BRANCH
+  get_deployment_meta:
+    name: Get Deployment Meta
+    runs-on: ubuntu-latest
+    outputs:
+      INFRA_BRANCH_NAME: ${{ steps.export_meta.outputs.INFRA_BRANCH_NAME }}
+      INFRA_BRANCH_URL: ${{ steps.export_meta.outputs.INFRA_BRANCH_URL }}
+    steps:
+      - name: Export Deployment Meta
+        id: export_meta
+        shell: bash
+        run: |
+          case "${{ github.ref }}" in
+          refs/heads/develop)
+            export INFRA_BRANCH_NAME=staging
+            export INFRA_BRANCH_URL=https://tasks-stage.hotosm.org
+            ;;
+          refs/heads/tasking-manager-fastapi)
+            export INFRA_BRANCH_NAME=staging
+            export INFRA_BRANCH_URL=https://tasks-stage.hotosm.org
+            ;;
+          esac
+          echo "INFRA_BRANCH_NAME=${INFRA_BRANCH_NAME}" >> $GITHUB_OUTPUT
+          echo "INFRA_BRANCH_URL=${INFRA_BRANCH_URL}" >> $GITHUB_OUTPUT
+
+      - name: Write Inputs as Artifacts
+        shell: bash
+        run: |
+          set -e
+          echo INFRA_BRANCH_NAME=${{ steps.export_meta.outputs.INFRA_BRANCH_NAME }} >> PLAN_WORKFLOW_META
+          echo INFRA_BRANCH_URL=${{ steps.export_meta.outputs.INFRA_BRANCH_URL }} >> PLAN_WORKFLOW_META
+          echo INFRA_MODULE_PATH=${{ inputs.module_path }} >> PLAN_WORKFLOW_META
+
+      - name: Upload Inputs as Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: PLAN_WORKFLOW_META.info
+          path: ./PLAN_WORKFLOW_META
+          retention-days: 1
+
   plan:
-    uses: naxa-developers/gh-workflows/.github/workflows/terragrunt-plan.yml@v0.4
+    name: Terragrunt Plan
+    uses: hotosm/gh-workflows/.github/workflows/terragrunt-plan.yml@3.1.0
+    permissions:
+      id-token: write
+      contents: read
+    needs:
+      - get_deployment_meta
     with:
-      working_dir: ./scripts/aws/infra/staging/purgeable/ecs/
+      working_dir: ./scripts/aws/infra/${{ needs.get_deployment_meta.outputs.INFRA_BRANCH_NAME }}/${{ github.event.inputs.module_path }}
       terraform_version: "1.9.5"
       terragrunt_version: "0.67.15"
-      aws_region: us-west-2
+      aws_region: us-east-1
       load_env: true
+      environment_name: ${{ needs.get_deployment_meta.outputs.INFRA_BRANCH_NAME }}
+      environment_url: ${{ needs.get_deployment_meta.outputs.INFRA_BRANCH_URL }}
+      encrypt_plan_file: true
     secrets: inherit

scripts/aws/infra/_envcommon/ecs-cron.hcl

@@ -0,0 +1,64 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# COMMON TERRAGRUNT CONFIGURATION
+# This is the common component configuration for mysql. The common variables for each environment to
+# deploy mysql are defined here. This configuration will be merged into the environment configuration
+# via an include block.
+# ---------------------------------------------------------------------------------------------------------------------
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder. If any environment
+# needs to deploy a different module version, it should redefine this block with a different ref to override the
+# deployed version.
+terraform {
+  source = "${local.base_source_url}?ref=tasking-manager-infra"
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# Locals are named constants that are reusable within the configuration.
+# ---------------------------------------------------------------------------------------------------------------------
+locals {
+  # Automatically load environment-level variables
+  environment_vars = read_terragrunt_config(find_in_parent_folders("deployment_env.hcl"))
+
+  # Extract out common variables for reuse
+  environment  = local.environment_vars.locals.environment
+  application  = local.environment_vars.locals.application
+  team         = local.environment_vars.locals.team
+
+  # Expose the base source URL so different versions of the module can be deployed in different environments. This will
+  # be used to construct the terraform block in the child terragrunt configurations.
+  base_source_url = "git::https://github.com/hotosm/terraform-aws-ecs/"
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# MODULE PARAMETERS
+# These are the variables we have to pass in to use the module. This defines the parameters that are common across all
+# environments.
+# ---------------------------------------------------------------------------------------------------------------------
+# Defaults,  overridden by env.hcl
+
+inputs = {
+  service_name = format("%s-%s-%s-%s", local.application, local.team, local.environment, "backend")
+
+  log_configuration = {
+    logdriver = "awslogs"
+    options = {
+      awslogs-group         = format("%s-%s-%s-%s", local.application, local.team, local.environment, "cron")
+      awslogs-region        = local.environment_vars.locals.aws_region
+      awslogs-stream-prefix = "cron"
+    }
+  }
+
+  container_settings = {
+    app_port         = 80
+    cpu_architecture = "X86_64"
+    image_url        = "ghcr.io/hotosm/tasking-manager-backend"
+    image_tag        = "fastapi"
+    service_name     = format("%s-%s-%s-%s", local.application, local.team, local.environment, "cron")
+  }
+
+  container_capacity = {
+    cpu       = 2048
+    memory_mb = 4096
+  }
+}

scripts/aws/infra/_envcommon/ecs.hcl

@@ -70,19 +70,4 @@ inputs = {
     cpu       = 2048
     memory_mb = 4096
   }
-
-  ## Scaling Policies enabled for cpu,memory in addition to ALB Count.
-  scale_by_cpu = {
-    enabled = true
-    cpu_pct = 70
-    scale_in_cooldown = 30
-    scale_out_cooldown = 60
-  }
-
-  scale_by_memory = {
-    enabled    = true
-    memory_pct = 80
-    scale_in_cooldown = 30
-    scale_out_cooldown = 30
-  }
 }

scripts/aws/infra/staging/deployment_env.hcl

@@ -2,7 +2,7 @@ locals {
   account_name    = "hotosm"
   aws_profile     = "default"
   aws_region      = "us-east-1"
-  team            = "hotosm"
+  team            = get_env("TEAM", "hotosm")
   owner           = "HOTOSM"
   environment     = "staging"
   project         = "tasking-manager"

scripts/aws/infra/staging/purgeable/common-ecs-env.hcl

@@ -0,0 +1,50 @@
+locals {
+  envs = {
+    EXTRA_CORS_ORIGINS            = get_env("EXTRA_CORS_ORIGINS" ,"[\"https://tasks-stage.hotosm.org\", \"https://tm-ecs-frontend.naxa.com.np\", \"http://localhost:3000\"]")
+    TM_SMTP_HOST                  = get_env("TM_SMTP_HOST" ,"email-smtp.us-east-1.amazonaws.com")
+    TM_SMTP_PORT                  = get_env("TM_SMTP_PORT" ,"587")
+    TM_SMTP_USE_TLS               = get_env("TM_SMTP_USE_TLS" ,"1")
+    TM_SMTP_USE_SSL               = get_env("TM_SMTP_USE_SSL" ,"0")
+    TM_EMAIL_FROM_ADDRESS         = get_env("TM_EMAIL_FROM_ADDRESS", "noreply@hotosmmail.org")
+    TM_EMAIL_CONTACT_ADDRESS      = get_env("TM_EMAIL_CONTACT_ADDRESS", "sysadmin@hotosm.org")
+    TM_APP_BASE_URL               = get_env("TM_APP_BASE_URL" ,"https://tasks-stage.hotosm.org")
+    TM_APP_API_URL                = get_env("TM_APP_API_URL" ,"https://tasking-manager-staging-api.hotosm.org/api")
+    TM_REDIRECT_URI               = get_env("TM_REDIRECT_URI" ,"https://tasks-stage.hotosm.org/authorized")
+    TM_APP_API_VERSION            = get_env("TM_APP_API_VERSION" ,"v2")
+    TM_ORG_NAME                   = get_env("TM_ORG_NAME" ,"Humanitarian OpenStreetMap Team")
+    TM_ORG_CODE                   = get_env("TM_ORG_CODE" ,"HOT")
+    TM_ORG_LOGO                   = get_env("TM_ORG_LOGO" ,"https://cdn.hotosm.org/tasking-manager/uploads/1588741335578_hot-logo.png")
+    TM_ORG_URL                    = get_env("TM_ORG_URL" ,"https://www.hotosm.org/")
+    TM_ORG_PRIVACY_POLICY_URL     = get_env("TM_ORG_PRIVACY_POLICY_URL" ,"https://www.hotosm.org/privacy")
+    TM_ORG_TWITTER                = get_env("TM_ORG_TWITTER" ,"http://twitter.com/hotosm")
+    TM_ORG_FB                     = get_env("TM_ORG_FB" ,"https://www.facebook.com/hotosm")
+    TM_ORG_INSTAGRAM              = get_env("TM_ORG_INSTAGRAM" ,"https://www.instagram.com/open.mapping.hubs/")
+    TM_ORG_YOUTUBE                = get_env("TM_ORG_YOUTUBE" ,"https://www.youtube.com/user/hotosm")
+    TM_ORG_GITHUB                 = get_env("TM_ORG_GITHUB" ,"https://github.com/hotosm")
+    OSM_SERVER_URL                = get_env("OSM_SERVER_URL" ,"https://www.openstreetmap.org")
+    OSM_SERVER_API_URL            = get_env("OSM_SERVER_API_URL" ,"https://api.openstreetmap.org")
+    OSM_NOMINATIM_SERVER_URL      = get_env("OSM_NOMINATIM_SERVER_URL" ,"https://nominatim.openstreetmap.org")
+    OSM_REGISTER_URL              = get_env("OSM_REGISTER_URL" ,"https://www.openstreetmap.org/user/new")
+    POSTGRES_TEST_DB              = get_env("POSTGRES_TEST_DB" ,"tasking-manager-test")
+    UNDERPASS_URL                 = get_env("UNDERPASS_URL" ,"https://underpass.hotosm.org")
+    TM_SEND_PROJECT_EMAIL_UPDATES = get_env("TM_SEND_PROJECT_EMAIL_UPDATES" ,"1")
+    TM_DEFAULT_LOCALE             = get_env("TM_DEFAULT_LOCALE" ,"en")
+    TM_LOG_LEVEL                  = get_env("TM_LOG_LEVEL" , "10")
+    TM_LOG_DIR                    = get_env("TM_LOG_DIR", "/var/log/tasking-manager-logs")
+    TM_SUPPORTED_LANGUAGES_CODES  = get_env("TM_SUPPORTED_LANGUAGES_CODES", "en, es")
+    TM_SUPPORTED_LANGUAGES        = get_env("TM_SUPPORTED_LANGUAGES", "English, Español")
+    TM_DEFAULT_CHANGESET_COMMENT  = get_env("TM_DEFAULT_CHANGESET_COMMENT", "#hot-tm-stage-project")
+    TM_ENVIRONMENT                = get_env("TM_ENVIRONMENT", "tasking-manager-staging")
+    NEW_RELIC_ENVIRONMENT         = get_env("TM_ENVIRONMENT", "tasking-manager-staging")
+    NEW_RELIC_CONFIG_FILE         = get_env("NEW_RELIC_CONFIG_FILE", "./scripts/aws/cloudformation/newrelic.ini")
+    USE_SENTRY                    = get_env("USE_SENTRY", "false")
+    # Uncomment the following as needed.
+    # TM_TASK_AUTOUNLOCK_AFTER    = get_env("TM_TASK_AUTOUNLOCK_AFTER", "2h")
+    # TM_MAPPER_LEVEL_INTERMEDIATE = get_env("TM_MAPPER_LEVEL_INTERMEDIATE", "250")
+    # TM_MAPPER_LEVEL_ADVANCED   = get_env("TM_MAPPER_LEVEL_ADVANCED", "500")
+    # TM_IMPORT_MAX_FILESIZE     = get_env("TM_IMPORT_MAX_FILESIZE", "1000000")
+    # TM_MAX_AOI_AREA            = get_env("TM_MAX_AOI_AREA", "5000")
+    # EXPORT_TOOL_S3_URL         = get_env("EXPORT_TOOL_S3_URL", "https://foorawdataapi.s3.amazonaws.com")
+    # ENABLE_EXPORT_TOOL         = get_env("ENABLE_EXPORT_TOOL", "1")
+  }
+}

scripts/aws/infra/staging/purgeable/ecs-cron/terragrunt.hcl

@@ -0,0 +1,95 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# TERRAGRUNT CONFIGURATION
+# This is the configuration for Terragrunt, a thin wrapper for Terraform and OpenTofu that helps keep your code DRY and
+# maintainable: https://github.com/gruntwork-io/terragrunt
+# ---------------------------------------------------------------------------------------------------------------------
+
+# Include the root `terragrunt.hcl` configuration. The root configuration contains settings that are common across all
+# components and environments, such as how to configure remote state.
+include "root" {
+  path = find_in_parent_folders("root.hcl")
+}
+
+# Include the envcommon configuration for the component. The envcommon configuration contains settings that are common
+# for the component across all environments.
+include "envcommon" {
+  path = "${dirname(find_in_parent_folders("root.hcl"))}/_envcommon/ecs-cron.hcl"
+  # We want to reference the variables from the included config in this configuration, so we expose it.
+  expose = true
+}
+
+# Configure the version of the module to use in this environment. This allows you to promote new versions one
+# environment at a time (e.g., qa -> stage -> prod).
+terraform {
+  source = "${include.envcommon.locals.base_source_url}?ref=tasking-manager-infra"
+}
+
+locals {
+  # Automatically load environment-level variables
+  environment_vars = read_terragrunt_config(find_in_parent_folders("deployment_env.hcl"))
+  common_ecs_envs = read_terragrunt_config(find_in_parent_folders("common-ecs-env.hcl"))
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# We don't need to override any of the common parameters for this environment, so we don't specify any other parameters.
+# ---------------------------------------------------------------------------------------------------------------------
+
+dependency "vpc" {
+  config_path = "../../non-purgeable/vpc"
+}
+
+dependency "alb" {
+  config_path = "../../non-purgeable/alb"
+}
+
+dependency "rds" {
+  config_path = "../../non-purgeable/rds"
+}
+
+dependency "extras" {
+  config_path = "../../non-purgeable/extras"
+}
+
+## Add in any new inputs that you want to overide.
+inputs = {
+  # Inputs from dependencies (Rarely changed)
+  service_subnets = dependency.vpc.outputs.private_subnets
+  aws_vpc_id = dependency.vpc.outputs.vpc_id
+  service_security_groups = [ dependency.alb.outputs.load_balancer_app_security_group ]
+  deployment_environment = local.environment_vars.locals.environment
+
+  task_role_arn = dependency.extras.outputs.ecs_task_role_arn
+  
+  service_security_groups = [
+    dependency.alb.outputs.load_balancer_app_security_group
+  ]
+
+  # Merge secrets with: key:ValueFrom together
+  container_secrets = concat(dependency.extras.outputs.container_secrets,
+      dependency.rds.outputs.database_config_as_ecs_secrets_inputs)
+
+  container_commands = [
+      "sh",
+      "-c",
+      "python3 backend/cron_jobs.py"
+  ]
+
+  ## Task count for ECS services.
+  tasks_count = {
+      desired_count   = 1
+      min_healthy_pct = 100
+      max_pct         = 200
+    }
+
+  ## Scaling Policy Target Values
+  scaling_target_values = {
+    container_min_count = 1
+    container_max_count = 1
+  }
+
+  # Merge non-sensetive together
+  container_envvars = merge(
+    dependency.rds.outputs.database_config_as_ecs_inputs,
+    local.common_ecs_envs.locals.envs
+    )
+}