Deploy to ecs by ecspresso

kaigionrails · Jun 15, 2024 · 873b2ef · 873b2ef
1 parent 1875f9c
commit 873b2ef
Show file tree

Hide file tree

Showing 5 changed files with 221 additions and 21 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -37,26 +37,26 @@ jobs:
           cache-to: type=gha,mode=max
           tags: ${{ steps.meta.outputs.tags }}
 
-  # deploy:
-  #   runs-on: ubuntu-latest
-  #   needs: ["build"]
-  #   permissions:
-  #     id-token: write
-  #     contents: read
-  #   env:
-  #     AWS_REGION: us-west-2
-  #   steps:
-  #     - run: sudo apt-get update && sudo apt-get install jsonnet
-  #     - uses: actions/checkout@v4
-  #     - uses: aws-actions/configure-aws-credentials@v4
-  #       with:
-  #         aws-region: us-west-2
-  #         role-skip-session-tagging: false
-  #         role-to-assume: "arn:aws:iam::861452569181:role/SponsorAppDeployer"
-  #     - uses: kayac/ecspresso@v2
-  #       with:
-  #         version: latest
-  #     - run: ecspresso run --config deploy/ecspresso.jsonnet --ext-str IMAGE_SHA=${{ github.sha }} --overrides-file deploy/runtask-db-migrate.jsonnet
-  #     - run: ecspresso deploy --config deploy/ecspresso.jsonnet --ext-str IMAGE_SHA=${{ github.sha }}
+  deploy:
+    runs-on: ubuntu-latest
+    needs: ["build"]
+    permissions:
+      id-token: write
+      contents: read
+    env:
+      AWS_REGION: us-west-2
+    steps:
+      # - run: sudo apt-get update && sudo apt-get install jsonnet
+      - uses: actions/checkout@v4
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-west-2
+          role-skip-session-tagging: false
+          role-to-assume: "arn:aws:iam::861452569181:role/SponsorAppDeployer"
+      - uses: kayac/ecspresso@v2
+        with:
+          version: latest
+      - run: ecspresso run --config deploy/ecspresso.jsonnet --ext-str IMAGE_SHA=${{ github.sha }} --overrides-file deploy/runtask-db-migrate.jsonnet
+      - run: ecspresso deploy --config deploy/ecspresso.jsonnet --ext-str IMAGE_SHA=${{ github.sha }}
   #     - run: jsonnet deploy/apprunner.jsonnet --ext-str IMAGE_SHA=${{ github.sha }} > deploy/apprunner.json
   #     - run: aws apprunner update-service --cli-input-json file://deploy/apprunner.json
diff --git a/deploy/ecspresso.jsonnet b/deploy/ecspresso.jsonnet
@@ -0,0 +1,8 @@
+{
+  region: 'us-west-2',
+  cluster: 'kor-usw2-fargate',
+  service: 'sponsor-app-worker',
+  service_definition: 'service_definition.jsonnet',
+  task_definition: 'task_definition.jsonnet',
+  timeout: '5m',
+}
diff --git a/deploy/runtask-db-migrate.jsonnet b/deploy/runtask-db-migrate.jsonnet
@@ -0,0 +1,8 @@
+{
+  containerOverrides: [
+    {
+      name: 'app',
+      command: ['bundle', 'exec', 'rails', 'db:migrate'],
+    },
+  ],
+}
diff --git a/deploy/service_definition.jsonnet b/deploy/service_definition.jsonnet
@@ -0,0 +1,25 @@
+{
+  publicSubnets:: ['subnet-0a12bdf9fec833793', 'subnet-01c36fdbe2d472874'],  // c, d
+
+  launchType: 'FARGATE',
+  platformFamily: 'LINUX',
+  platformVersion: 'LATEST',
+  serviceName: 'sponsor-app-worker',
+  deploymentConfiguration: {
+    maximumPercent: 100,
+    minimumHealthyPercent: 0,
+  },
+  tags: [
+    { key: 'Project', value: 'kaigionrails' },
+  ],
+  enableECSManagedTags: true,
+  networkConfiguration: {
+    awsvpcConfiguration: {
+      subnets: $.publicSubnets,
+      securityGroups: [
+        'sg-0a7b02c6f8ee18e6c',
+      ],
+      assignPublicIp: 'ENABLED',
+    },
+  },
+}
diff --git a/deploy/task_definition.jsonnet b/deploy/task_definition.jsonnet
@@ -0,0 +1,159 @@
+// IF YOU EDIT ENVITORONMENT VARIABLES OR SECRETS, YOU SHOULD ALSO EDIT kaigionrails/terraform/aws/sponsor-app/*.tf FILES.
+{
+  parameterStoreArn(name):: std.format('arn:aws:ssm:us-west-2:861452569180:parameter/sponsor-app/%s', name),
+
+  family: 'sponsor-app-worker',
+  runtimePlatform: { operatingSystemFamily: 'LINUX' },
+  taskRoleArn: 'arn:aws:iam::861452569180:role/SponsorApp',
+  executionRoleArn: 'arn:aws:iam::861452569180:role/EcsExecSponsorApp',
+  networkMode: 'awsvpc',
+  containerDefinitions: [
+    {
+      name: 'app',
+      image: '861452569180.dkr.ecr.us-west-2.amazonaws.com/sponsor-app:' + std.extVar('IMAGE_SHA'),
+      cpu: 0,
+      essential: true,
+      command: ['bundle', 'exec', 'sidekiq', '--queue', 'default', '--queue', 'mailers'],
+      environment: [
+        {
+          name: 'AWS_ACCESS_KEY_ID',
+          value: 'sample',
+        },
+        {
+          name: 'AWS_REGION',
+          value: 'ap-northeast-1',
+        },
+        {
+          name: 'AWS_SECRET_ACCESS_KEY',
+          value: 'sample',
+        },
+        {
+          name: 'DEFAULT_EMAIL_ADDRESS',
+          value: 'sponsorships@kaigionrails.org',
+        },
+        {
+          name: 'DETAULT_EMAIL_HOST',
+          value: 'sponsorships.kaigionrails.org',
+        },
+        {
+          name: 'DEFAULT_URL_HOST',
+          value: 'sponsorships.kaigionrails.org',
+        },
+        {
+          name: 'LANG',
+          value: 'en_US.UTF-8',
+        },
+        {
+          name: 'MAILGUN_SMTP_SERVER',
+          value: 'smtp.mailgun.org',
+        },
+        {
+          name: 'ORG_NAME',
+          value: 'Kaigi on Rails',
+        },
+        {
+          name: 'RACK_ENV',
+          value: 'production',
+        },
+        {
+          name: 'RAILS_ENV',
+          value: 'production',
+        },
+        {
+          name: 'RAILS_LOG_TO_STDOUT',
+          value: 'enabled',
+        },
+        {
+          name: 'RAILS_SERVE_STATIC_FILES',
+          value: 'enabled',
+        },
+      ],
+      secrets: [
+        {
+          name: 'DATABASE_URL',
+          valueFrom: $.parameterStoreArn('DATABASE_URL'),
+        },
+        {
+          name: 'GITHUB_APP_ID',
+          valueFrom: $.parameterStoreArn('GITHUB_APP_ID'),
+        },
+        {
+          name: 'GITHUB_CLIENT_ID',
+          valueFrom: $.parameterStoreArn('GITHUB_CLIENT_ID'),
+        },
+        {
+          name: 'GITHUB_CLIENT_PRIVATE_KEY',
+          valueFrom: $.parameterStoreArn('GITHUB_CLIENT_PRIVATE_KEY'),
+        },
+        {
+          name: 'GITHUB_CLIENT_SECRET',
+          valueFrom: $.parameterStoreArn('GITHUB_CLIENT_SECRET'),
+        },
+        {
+          name: 'GITHUB_REPO',
+          valueFrom: $.parameterStoreArn('GITHUB_REPO'),
+        },
+        {
+          name: 'GOOGLE_CLOUD_CREDENTIALS',
+          valueFrom: $.parameterStoreArn('GOOGLE_CLOUD_CREDENTIALS'),
+        },
+        {
+          name: 'MAILGUN_API_KEY',
+          valueFrom: $.parameterStoreArn('MAILGUN_API_KEY'),
+        },
+        {
+          name: 'MAILGUN_SMTP_LOGIN',
+          valueFrom: $.parameterStoreArn('MAILGUN_SMTP_LOGIN'),
+        },
+        {
+          name: 'MAILGUN_SMTP_PASSWORD',
+          valueFrom: $.parameterStoreArn('MAILGUN_SMTP_PASSWORD'),
+        },
+        {
+          name: 'MAILGUN_SMTP_PORT',
+          valueFrom: $.parameterStoreArn('MAILGUN_SMTP_PORT'),
+        },
+        {
+          name: 'REDIS_TLS_URL',
+          valueFrom: $.parameterStoreArn('REDIS_TLS_URL'),
+        },
+        {
+          name: 'REDIS_URL',
+          valueFrom: $.parameterStoreArn('REDIS_URL'),
+        },
+        {
+          name: 'S3_FILES_BUCKET',
+          valueFrom: $.parameterStoreArn('S3_FILES_BUCKET'),
+        },
+        {
+          name: 'SECRET_KEY_BASE',
+          valueFrom: $.parameterStoreArn('SECRET_KEY_BASE'),
+        },
+        {
+          name: 'SLACK_WEBHOOK_URL',
+          valueFrom: $.parameterStoreArn('SLACK_WEBHOOK_URL'),
+        },
+        {
+          name: 'TITO_API_TOKEN',
+          valueFrom: $.parameterStoreArn('TITO_API_TOKEN'),
+        },
+      ],
+      logConfiguration: {
+        logDriver: 'awslogs',
+        options: {
+          'awslogs-group': '/ecs/sponsor-app-worker',
+          'awslogs-region': 'us-west-2',
+          'awslogs-stream-prefix': 'ecs',
+        },
+      },
+    },
+  ],
+  cpu: '256',
+  memory: '512',
+  tags: [
+    {
+      key: 'Project',
+      value: 'kaigionrails',
+    },
+  ],
+}