diff --git a/.github/actions/api-deploy-ecs/action.yml b/.github/actions/api-deploy-ecs/action.yml index 07e5a2a924af..3c5e4633c72e 100644 --- a/.github/actions/api-deploy-ecs/action.yml +++ b/.github/actions/api-deploy-ecs/action.yml @@ -59,11 +59,19 @@ runs: aws-secret-access-key: ${{ inputs.aws_secret_access_key }} aws-region: eu-west-2 - - name: Fill in the new image ID in the Amazon ECS API task definition - id: task-def-api + - name: Render SDK API task definition + id: task-def-sdk-api uses: aws-actions/amazon-ecs-render-task-definition@v1 with: - task-definition: ${{ inputs.aws_task_definitions_directory_path }}/ecs-task-definition-web.json + task-definition: ${{ inputs.aws_task_definitions_directory_path }}/ecs-task-definition-sdk-api.json + container-name: flagsmith-api + image: ${{ inputs.api_ecr_image_url }} + + - name: Render Admin API task definition + id: task-def-admin-api + uses: aws-actions/amazon-ecs-render-task-definition@v1 + with: + task-definition: ${{ inputs.aws_task_definitions_directory_path }}/ecs-task-definition-admin-api.json container-name: flagsmith-api image: ${{ inputs.api_ecr_image_url }} @@ -93,21 +101,19 @@ runs: }}' shell: bash - - name: Deploy Amazon ECS web task definition - id: deploy-api-task-def + - name: Deploy Amazon ECS SDK API task definition uses: aws-actions/amazon-ecs-deploy-task-definition@v2 with: cluster: ${{ inputs.aws_ecs_cluster_name }} service: ${{ inputs.aws_ecs_service_name }} - task-definition: ${{ steps.task-def-api.outputs.task-definition }} + task-definition: ${{ steps.task-def-sdk-api.outputs.task-definition }} - - name: Deploy Amazon ECS SDK service with same task definition - run: | - aws ecs update-service \ - --cluster ${{ inputs.aws_ecs_cluster_name }} \ - --service ${{ inputs.aws_ecs_sdk_service_name }} \ - --task-definition ${{ steps.deploy-api-task-def.outputs.task-definition-arn }} - shell: bash + - name: Deploy Amazon ECS SDK service + uses: aws-actions/amazon-ecs-deploy-task-definition@v2 + with: + cluster: ${{ inputs.aws_ecs_cluster_name }} + service: ${{ inputs.aws_ecs_sdk_service_name }} + task-definition: ${{ steps.task-def-admin-api.outputs.task-definition }} # The DynamoDB Identity Migrator uses the same task definition as the SQL schema migrator but overrides the container definition # with the new django execute target diff --git a/infrastructure/aws/production/ecs-task-definition-admin-api.json b/infrastructure/aws/production/ecs-task-definition-admin-api.json new file mode 100644 index 000000000000..04c66e7dc104 --- /dev/null +++ b/infrastructure/aws/production/ecs-task-definition-admin-api.json @@ -0,0 +1,310 @@ +{ + "family": "flagsmith-api", + "networkMode": "awsvpc", + "executionRoleArn": "arn:aws:iam::084060095745:role/task-exec-role-741a7e3", + "taskRoleArn": "arn:aws:iam::084060095745:role/task-exec-role-741a7e3", + "containerDefinitions": [ + { + "name": "flagsmith-api", + "command": [ + "serve" + ], + "cpu": 0, + "portMappings": [ + { + "containerPort": 8000, + "hostPort": 8000, + "protocol": "tcp" + } + ], + "healthCheck": { + "command": [ + "CMD-SHELL", + "flagsmith healthcheck tcp" + ], + "interval": 10, + "timeout": 2, + "retries": 5, + "startPeriod": 5 + }, + "essential": true, + "environment": [ + { + "name": "LOG_LEVEL", + "value": "INFO" + }, + { + "name": "AWS_REGION", + "value": "eu-west-2" + }, + { + "name": "AWS_DEFAULT_REGION", + "value": "eu-west-2" + }, + { + "name": "DJANGO_ALLOWED_HOSTS", + "value": "*" + }, + { + "name": "DJANGO_SETTINGS_MODULE", + "value": "app.settings.production" + }, + { + "name": "CACHE_FLAGS_SECONDS", + "value": "10" + }, + { + "name": "CACHE_PROJECT_SEGMENTS_SECONDS", + "value": "10" + }, + { + "name": "CACHE_ENVIRONMENT_SEGMENTS_SECONDS", + "value": "30" + }, + { + "name": "CHARGEBEE_SITE", + "value": "flagsmith" + }, + { + "name": "DJANGO_SETTINGS_MODULE", + "value": "app.settings.production" + }, + { + "name": "ENABLE_CHARGEBEE", + "value": "True" + }, + { + "name": "ENABLE_TELEMETRY", + "value": "False" + }, + { + "name": "ENVIRONMENT", + "value": "production" + }, + { + "name": "ENVIRONMENTS_TABLE_NAME_DYNAMO", + "value": "flagsmith_environments" + }, + { + "name": "ENVIRONMENTS_V2_TABLE_NAME_DYNAMO", + "value": "flagsmith_environments_v2" + }, + { + "name": "ENABLE_FE_E2E", + "value": "True" + }, + { + "name": "GITHUB_CLIENT_ID", + "value": "b706a0da3e9d3115ea9d" + }, + { + "name": "GUNICORN_WORKERS", + "value": "3" + }, + { + "name": "GUNICORN_THREADS", + "value": "15" + }, + { + "name": "GUNICORN_KEEP_ALIVE", + "value": "60" + }, + { + "name": "IDENTITIES_TABLE_NAME_DYNAMO", + "value": "flagsmith_identities" + }, + { + "name": "INFLUXDB_BUCKET", + "value": "api_prod" + }, + { + "name": "INFLUXDB_ORG", + "value": "ben.rometsch@bullet-train.io" + }, + { + "name": "INFLUXDB_URL", + "value": "https://eu-central-1-1.aws.cloud2.influxdata.com" + }, + { + "name": "DEFAULT_THROTTLE_CLASSES", + "value": "core.throttling.UserRateThrottle" + }, + { + "name": "USER_THROTTLE_RATE", + "value": "10/sec" + }, + { + "name": "OAUTH_CLIENT_ID", + "value": "232959427810-br6ltnrgouktp0ngsbs04o14ueb9rch0.apps.googleusercontent.com" + }, + { + "name": "PROJECT_METADATA_TABLE_NAME_DYNAMO", + "value": "flagsmith_project_metadata" + }, + { + "name": "SECURE_PROXY_SSL_HEADER_NAME", + "value": "HTTP_CLOUDFRONT_FORWARDED_PROTO" + }, + { + "name": "SENDER_EMAIL", + "value": "Flagsmith " + }, + { + "name": "SLACK_CLIENT_ID", + "value": "937916178726.1924685747446" + }, + { + "name": "IDENTITY_MIGRATION_EVENT_BUS_NAME", + "value": "identity_migration-d46ed1a" + }, + { + "name": "ENVIRONMENTS_API_KEY_TABLE_NAME_DYNAMO", + "value": "flagsmith_environment_api_key" + }, + { + "name": "CACHE_BAD_ENVIRONMENTS_SECONDS", + "value": "60" + }, + { + "name": "FEATURE_EVALUATION_CACHE_SECONDS", + "value": "300" + }, + { + "name": "USE_CACHE_FOR_USAGE_DATA", + "value": "True" + }, + { + "name": "API_USAGE_CACHE_SECONDS", + "value": "300" + }, + { + "name": "EDGE_RELEASE_DATETIME", + "value": "2022-06-07T10:00:00Z" + }, + { + "name": "CACHE_ENVIRONMENT_DOCUMENT_SECONDS", + "value": "60" + }, + { + "name": "TASK_RUN_METHOD", + "value": "TASK_PROCESSOR" + }, + { + "name": "SSE_SERVER_BASE_URL", + "value": "https://origin.realtime.flagsmith.com" + }, + { + "name": "ENABLE_HUBSPOT_LEAD_TRACKING", + "value": "True" + }, + { + "name": "GITHUB_APP_ID", + "value": "811209" + }, + { + "name": "FLAGSMITH_ON_FLAGSMITH_SERVER_OFFLINE_MODE", + "value": "False" + }, + { + "name": "PROMETHEUS_ENABLED", + "value": "True" + }, + { + "name": "FLAGSMITH_ON_FLAGSMITH_SERVER_API_URL", + "value": "https://edge.api.flagsmith.com/api/v1/" + }, + { + "name": "SEGMENT_RULES_CONDITIONS_EXPLICIT_ORDERING_ENABLED", + "value": "True" + } + ], + "secrets": [ + { + "name": "CHARGEBEE_API_KEY", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:CHARGEBEE_API_KEY::" + }, + { + "name": "DATABASE_URL", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:DATABASE_URL::" + }, + { + "name": "DJANGO_SECRET_KEY", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:DJANGO_SECRET_KEY::" + }, + { + "name": "E2E_TEST_AUTH_TOKEN", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:E2E_TEST_AUTH_TOKEN::" + }, + { + "name": "FORCE_SENTRY_TRACE_KEY", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:FORCE_SENTRY_TRACE_KEY::" + }, + { + "name": "GITHUB_CLIENT_SECRET", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:GITHUB_CLIENT_SECRET::" + }, + { + "name": "INFLUXDB_TOKEN", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:INFLUXDB_TOKEN::" + }, + { + "name": "OAUTH_CLIENT_SECRET", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:OAUTH_CLIENT_SECRET::" + }, + { + "name": "SENDGRID_API_KEY", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:SENDGRID_API_KEY::" + }, + { + "name": "SENTRY_SDK_DSN", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:SENTRY_SDK_DSN::" + }, + { + "name": "SLACK_CLIENT_SECRET", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:SLACK_CLIENT_SECRET::" + }, + { + "name": "EDGE_REQUEST_SIGNING_KEY", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:EDGE_REQUEST_SIGNING_KEY::" + }, + { + "name": "SSE_AUTHENTICATION_TOKEN", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:SSE_AUTHENTICATION_TOKEN::" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:GITHUB_WEBHOOK_SECRET::" + }, + { + "name": "GITHUB_PEM", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:GITHUB_PEM-E1Ot8p" + }, + { + "name": "HUBSPOT_ACCESS_TOKEN", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:HUBSPOT_ACCESS_TOKEN::" + }, + { + "name": "FLAGSMITH_ON_FLAGSMITH_SERVER_KEY", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:FLAGSMITH_ON_FLAGSMITH_SERVER_KEY::" + }, + { + "name": "PYLON_IDENTITY_VERIFICATION_SECRET", + "valueFrom": "arn:aws:secretsmanager:eu-west-2:084060095745:secret:ECS-API-LxUiIQ:PYLON_IDENTITY_VERIFICATION_SECRET::" + } + ], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": "flagsmith-fargate-eu-west-2-e815bfd", + "awslogs-region": "eu-west-2", + "awslogs-stream-prefix": "awslogs-flagsmith" + } + } + } + ], + "requiresCompatibilities": [ + "FARGATE" + ], + "cpu": "1024", + "memory": "2048" +} diff --git a/infrastructure/aws/production/ecs-task-definition-web.json b/infrastructure/aws/production/ecs-task-definition-sdk-api.json similarity index 99% rename from infrastructure/aws/production/ecs-task-definition-web.json rename to infrastructure/aws/production/ecs-task-definition-sdk-api.json index a0d01e59febf..7cf36456ee1c 100644 --- a/infrastructure/aws/production/ecs-task-definition-web.json +++ b/infrastructure/aws/production/ecs-task-definition-sdk-api.json @@ -151,11 +151,11 @@ }, { "name": "SENTRY_TRACE_SAMPLE_RATE", - "value": "0.000003" + "value": "0" }, { "name": "DASHBOARD_ENDPOINTS_SENTRY_TRACE_SAMPLE_RATE", - "value": "0.002" + "value": "0" }, { "name": "SLACK_CLIENT_ID",