From 88416f16863d31b5517d4daca5652457526a1fae Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 15 Mar 2024 10:28:59 -0700 Subject: [PATCH 1/6] fix: downscale ECS, staging env --- terraform/ecs/cluster.tf | 16 +++++++++++----- terraform/ecs/cluster_autoscaling.tf | 8 ++++++-- terraform/ecs/variables.tf | 10 ++++++++-- terraform/res_application.tf | 5 +++-- 4 files changed, 28 insertions(+), 11 deletions(-) diff --git a/terraform/ecs/cluster.tf b/terraform/ecs/cluster.tf index 61c416b..f43deea 100644 --- a/terraform/ecs/cluster.tf +++ b/terraform/ecs/cluster.tf @@ -2,6 +2,12 @@ locals { image = "${var.ecr_repository_url}:${var.image_version}" telemetry_port = var.port + 1 + desired_count = module.this.stage == "prod" ? var.autoscaling_desired_count : 1 + + task_cpu = module.this.stage == "prod" ? var.task_cpu : 256 + task_memory = module.this.stage == "prod" ? var.task_memory : 512 + + otel_port = var.port + 1 otel_cpu = 128 otel_memory = 128 } @@ -9,8 +15,8 @@ locals { module "ecs_cpu_mem" { source = "app.terraform.io/wallet-connect/ecs_cpu_mem/aws" version = "1.0.0" - cpu = var.task_cpu + local.otel_cpu - memory = var.task_memory + local.otel_memory + cpu = local.task_cpu + memory = local.task_memory } #------------------------------------------------------------------------------- @@ -68,8 +74,8 @@ resource "aws_ecs_task_definition" "app_task" { { name = module.this.name, image = local.image, - cpu = var.task_cpu, - memory = var.task_memory, + cpu = local.task_cpu - local.otel_cpu, + memory = local.task_memory - local.otel_memory, essential = true, environment = [ @@ -147,7 +153,7 @@ resource "aws_ecs_service" "app_service" { cluster = aws_ecs_cluster.app_cluster.id task_definition = aws_ecs_task_definition.app_task.arn launch_type = "FARGATE" - desired_count = var.min_capacity + desired_count = local.desired_count propagate_tags = "TASK_DEFINITION" # Wait for the service deployment to succeed diff --git a/terraform/ecs/cluster_autoscaling.tf b/terraform/ecs/cluster_autoscaling.tf index 2681401..41c20eb 100644 --- a/terraform/ecs/cluster_autoscaling.tf +++ b/terraform/ecs/cluster_autoscaling.tf @@ -1,3 +1,7 @@ +locals { + autoscaling_min_capacity = module.this.stage == "prod" ? var.autoscaling_min_capacity : 1 +} + resource "aws_iam_role" "ecs_autoscaling_role" { name = "${module.this.name}-ecs-scale-application" @@ -17,8 +21,8 @@ resource "aws_iam_role" "ecs_autoscaling_role" { } resource "aws_appautoscaling_target" "ecs_target" { - min_capacity = var.min_capacity - max_capacity = var.max_capacity + min_capacity = local.autoscaling_min_capacity + max_capacity = var.autoscaling_max_capacity resource_id = "service/${aws_ecs_cluster.app_cluster.name}/${aws_ecs_service.app_service.name}" scalable_dimension = "ecs:service:DesiredCount" service_namespace = "ecs" diff --git a/terraform/ecs/variables.tf b/terraform/ecs/variables.tf index 2c1bb75..6f9a8d7 100644 --- a/terraform/ecs/variables.tf +++ b/terraform/ecs/variables.tf @@ -21,13 +21,19 @@ variable "task_memory" { type = number } -variable "min_capacity" { +variable "autoscaling_desired_count" { description = "Minimum number of instances in the autoscaling group" type = number default = 2 } -variable "max_capacity" { +variable "autoscaling_min_capacity" { + description = "Minimum number of instances in the autoscaling group" + type = number + default = 2 +} + +variable "autoscaling_max_capacity" { description = "Maximum number of instances in the autoscaling group" type = number default = 8 diff --git a/terraform/res_application.tf b/terraform/res_application.tf index 00a616b..b6ec1f3 100644 --- a/terraform/res_application.tf +++ b/terraform/res_application.tf @@ -12,8 +12,9 @@ module "ecs" { image_version = var.image_version task_cpu = 512 task_memory = 1024 - min_capacity = 2 - max_capacity = 8 + autoscaling_desired_count = 2 + autoscaling_min_capacity = 2 + autoscaling_max_capacity = 8 # DNS route53_zones = local.zones From acd5ec11c958fc5f581559f9231e965b1534a58c Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 15 Mar 2024 10:38:44 -0700 Subject: [PATCH 2/6] fix: use ubuntu-latest runner --- .github/workflows/dispatch_deploy.yaml | 3 +-- .github/workflows/dispatch_publish.yaml | 6 ++---- .github/workflows/event_intake.yml | 3 +-- .github/workflows/event_pr.yaml | 9 +++------ .github/workflows/event_release.yaml | 15 +++++---------- .github/workflows/sub-app-check.yml | 9 +++------ .github/workflows/sub-app-deploy.yml | 3 +-- .github/workflows/sub-cd.yml | 3 +-- .github/workflows/sub-infra-apply.yml | 3 +-- .github/workflows/sub-infra-check.yml | 12 ++++-------- .github/workflows/sub-infra-plan.yml | 3 +-- .github/workflows/sub-publish-image.yml | 3 +-- .github/workflows/sub-validate.yml | 3 +-- 13 files changed, 25 insertions(+), 50 deletions(-) diff --git a/.github/workflows/dispatch_deploy.yaml b/.github/workflows/dispatch_deploy.yaml index 8acb226..b7067c1 100644 --- a/.github/workflows/dispatch_deploy.yaml +++ b/.github/workflows/dispatch_deploy.yaml @@ -47,8 +47,7 @@ jobs: select_version: name: Select Version if: ${{ always() && !cancelled() && !failure() }} - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 diff --git a/.github/workflows/dispatch_publish.yaml b/.github/workflows/dispatch_publish.yaml index 64e8f1b..6542172 100644 --- a/.github/workflows/dispatch_publish.yaml +++ b/.github/workflows/dispatch_publish.yaml @@ -32,8 +32,7 @@ jobs: update_version: name: Update Version - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest needs: [ci] steps: - name: Checkout @@ -53,8 +52,7 @@ jobs: released_version: name: Version ➠ ${{ needs.update_version.outputs.version }} - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest needs: [ update_version ] steps: - run: echo "Version = ${{ needs.update_version.outputs.version }}" diff --git a/.github/workflows/event_intake.yml b/.github/workflows/event_intake.yml index eee2f81..9e67f87 100644 --- a/.github/workflows/event_intake.yml +++ b/.github/workflows/event_intake.yml @@ -24,8 +24,7 @@ jobs: auto-promote: name: auto-promote if: github.event.action == 'opened' - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest steps: - name: Check Core Team membership uses: tspascoal/get-user-teams-membership@v1 diff --git a/.github/workflows/event_pr.yaml b/.github/workflows/event_pr.yaml index c6cf117..58fc438 100644 --- a/.github/workflows/event_pr.yaml +++ b/.github/workflows/event_pr.yaml @@ -26,8 +26,7 @@ permissions: jobs: check_pr: name: Check PR - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest permissions: statuses: write steps: @@ -38,8 +37,7 @@ jobs: paths_filter: name: Paths Filter - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: dorny/paths-filter@v2 @@ -65,8 +63,7 @@ jobs: merge_check: name: Merge Check - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest if: ${{ always() && !cancelled() && !failure() }} needs: [check_pr, ci] steps: diff --git a/.github/workflows/event_release.yaml b/.github/workflows/event_release.yaml index 633a5ad..0627d0e 100644 --- a/.github/workflows/event_release.yaml +++ b/.github/workflows/event_release.yaml @@ -33,8 +33,7 @@ jobs: paths_filter: name: Paths Filter - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: dorny/paths-filter@v2 @@ -51,8 +50,7 @@ jobs: update_version: name: Update Version - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest if: ${{ needs.paths_filter.outputs.app == 'true' }} needs: [paths_filter] steps: @@ -73,8 +71,7 @@ jobs: released_version: name: Release Version ➠ ${{ needs.update_version.outputs.version }} - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubutnu-latest needs: [ update_version ] steps: - run: echo "Version = ${{ needs.update_version.outputs.version }}" @@ -97,8 +94,7 @@ jobs: get_version: name: Get Version - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest needs: [ paths_filter, update_version, publish_image-staging, publish_image-prod ] if: ${{ always() && !cancelled() && !failure() }} steps: @@ -126,8 +122,7 @@ jobs: used_version: name: Version ➠ ${{ needs.get_version.outputs.version }} if: ${{ always() && !cancelled() && !failure() }} - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest needs: [ get_version ] steps: - run: echo "Version = ${{ needs.get_version.outputs.version }}" diff --git a/.github/workflows/sub-app-check.yml b/.github/workflows/sub-app-check.yml index 21037bb..665f5d2 100644 --- a/.github/workflows/sub-app-check.yml +++ b/.github/workflows/sub-app-check.yml @@ -12,8 +12,7 @@ permissions: jobs: clippy: name: Clippy - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 @@ -42,8 +41,7 @@ jobs: formatting: name: Formatting - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 @@ -66,8 +64,7 @@ jobs: tests: name: Tests - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 diff --git a/.github/workflows/sub-app-deploy.yml b/.github/workflows/sub-app-deploy.yml index 2372a86..4722dfa 100644 --- a/.github/workflows/sub-app-deploy.yml +++ b/.github/workflows/sub-app-deploy.yml @@ -27,8 +27,7 @@ permissions: jobs: deploy-app: name: Deploy App `${{ inputs.stage }}` - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest environment: name: ${{ inputs.stage }} url: ${{ inputs.environment_url }} diff --git a/.github/workflows/sub-cd.yml b/.github/workflows/sub-cd.yml index 1e40685..b072e80 100644 --- a/.github/workflows/sub-cd.yml +++ b/.github/workflows/sub-cd.yml @@ -66,8 +66,7 @@ jobs: deployment_window: name: Deployment Window if: ${{ inputs.deploy-prod }} - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest environment: name: prod url: https://${{ vars.SUBDOMAIN_NAME }}.walletconnect.com/health diff --git a/.github/workflows/sub-infra-apply.yml b/.github/workflows/sub-infra-apply.yml index 555538b..e12d655 100644 --- a/.github/workflows/sub-infra-apply.yml +++ b/.github/workflows/sub-infra-apply.yml @@ -25,8 +25,7 @@ permissions: jobs: apply-infra: name: Apply Infra `${{ inputs.stage }}` - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest environment: name: ${{ inputs.stage }} url: ${{ inputs.stage-url }} diff --git a/.github/workflows/sub-infra-check.yml b/.github/workflows/sub-infra-check.yml index 936aae9..2166623 100644 --- a/.github/workflows/sub-infra-check.yml +++ b/.github/workflows/sub-infra-check.yml @@ -17,8 +17,7 @@ permissions: jobs: check-fmt: name: Formatting - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 @@ -37,8 +36,7 @@ jobs: validate: name: Validate - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 @@ -70,8 +68,7 @@ jobs: tfsec: name: TFSec - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 @@ -102,8 +99,7 @@ jobs: tflint: name: TFLint - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 diff --git a/.github/workflows/sub-infra-plan.yml b/.github/workflows/sub-infra-plan.yml index d5c3654..1326172 100644 --- a/.github/workflows/sub-infra-plan.yml +++ b/.github/workflows/sub-infra-plan.yml @@ -30,8 +30,7 @@ concurrency: ${{ inputs.stage }} jobs: plan: name: Plan `${{ inputs.stage }}` - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest environment: name: ${{ inputs.stage }} url: ${{ inputs.stage-url }} diff --git a/.github/workflows/sub-publish-image.yml b/.github/workflows/sub-publish-image.yml index e7cd7bf..d3e0656 100644 --- a/.github/workflows/sub-publish-image.yml +++ b/.github/workflows/sub-publish-image.yml @@ -20,8 +20,7 @@ permissions: jobs: build-container: name: Build - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 diff --git a/.github/workflows/sub-validate.yml b/.github/workflows/sub-validate.yml index 6369ae7..f2af081 100644 --- a/.github/workflows/sub-validate.yml +++ b/.github/workflows/sub-validate.yml @@ -17,8 +17,7 @@ on: jobs: health-check: name: Health Check - ${{ inputs.stage }} - runs-on: - group: ${{ vars.RUN_GROUP }} + runs-on: ubuntu-latest environment: name: ${{ inputs.stage }} url: ${{ inputs.stage-url }} From a6c3ff0758bdc24edb455cb78f5fe354c9f3f2c4 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 15 Mar 2024 10:40:21 -0700 Subject: [PATCH 3/6] fix: auto-format --- justfile | 6 +++--- terraform/res_application.tf | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/justfile b/justfile index 03e0735..5295ed6 100644 --- a/justfile +++ b/justfile @@ -137,16 +137,16 @@ commit-check: echo '==> cog not found in PATH, skipping' fi -tf-lint: tf-validate tf-check-fmt tfsec tflint +tf-lint: tf-validate tf-fmt tfsec tflint # Check Terraform formating -tf-check-fmt: +tf-fmt: #!/bin/bash set -euo pipefail if command -v terraform >/dev/null; then echo '==> Checking terraform fmt' - terraform -chdir=terraform fmt -check -recursive + terraform -chdir=terraform fmt -recursive else echo '==> Terraform not found in PATH, skipping' fi diff --git a/terraform/res_application.tf b/terraform/res_application.tf index b6ec1f3..ab061e4 100644 --- a/terraform/res_application.tf +++ b/terraform/res_application.tf @@ -8,10 +8,10 @@ module "ecs" { context = module.this # Cluster - ecr_repository_url = local.ecr_repository_url - image_version = var.image_version - task_cpu = 512 - task_memory = 1024 + ecr_repository_url = local.ecr_repository_url + image_version = var.image_version + task_cpu = 512 + task_memory = 1024 autoscaling_desired_count = 2 autoscaling_min_capacity = 2 autoscaling_max_capacity = 8 From 212bfe12e2e15647ccad86d7a441e3bfa603020f Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 15 Mar 2024 10:44:28 -0700 Subject: [PATCH 4/6] fix: lint --- terraform/ecs/cluster.tf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/terraform/ecs/cluster.tf b/terraform/ecs/cluster.tf index f43deea..e734e4e 100644 --- a/terraform/ecs/cluster.tf +++ b/terraform/ecs/cluster.tf @@ -1,6 +1,5 @@ locals { image = "${var.ecr_repository_url}:${var.image_version}" - telemetry_port = var.port + 1 desired_count = module.this.stage == "prod" ? var.autoscaling_desired_count : 1 @@ -83,7 +82,7 @@ resource "aws_ecs_task_definition" "app_task" { { "name" = "LOG_LEVEL", "value" = var.log_level }, { "name" = "PROJECT_ID", "value" = var.project_id }, - { "name" = "TELEMETRY_PROMETHEUS_PORT", "value" = tostring(local.telemetry_port) }, + { "name" = "TELEMETRY_PROMETHEUS_PORT", "value" = tostring(local.otel_port) }, { "name" = "GEOIP_DB_BUCKET", "value" = var.geoip_db_bucket_name }, { "name" = "GEOIP_DB_KEY", "value" = var.geoip_db_key }, @@ -126,7 +125,7 @@ resource "aws_ecs_task_definition" "app_task" { ], environment = [ - { name : "AWS_PROMETHEUS_SCRAPING_ENDPOINT", value : "0.0.0.0:${local.telemetry_port}" }, + { name : "AWS_PROMETHEUS_SCRAPING_ENDPOINT", value : "0.0.0.0:${local.otel_port}" }, { name : "AWS_PROMETHEUS_ENDPOINT", value : "${var.prometheus_endpoint}api/v1/remote_write" }, { name = "AWS_REGION", value = module.this.region }, ], From a4ce62b86753e1456f4a3d14556afbf1d9dc4ec0 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 15 Mar 2024 10:44:53 -0700 Subject: [PATCH 5/6] chore: add comment --- terraform/ecs/cluster.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/ecs/cluster.tf b/terraform/ecs/cluster.tf index e734e4e..17c69db 100644 --- a/terraform/ecs/cluster.tf +++ b/terraform/ecs/cluster.tf @@ -95,6 +95,7 @@ resource "aws_ecs_task_definition" "app_task" { containerPort = var.port, hostPort = var.port } + # TODO do we not need otel_port here like we do in Notify Server? ], logConfiguration : { From 1f9a5f283b9b572cc2d6c5a78e8417be2b64ebcd Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 15 Mar 2024 10:47:04 -0700 Subject: [PATCH 6/6] fix: fmt --- terraform/ecs/cluster.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/ecs/cluster.tf b/terraform/ecs/cluster.tf index 17c69db..9d741c8 100644 --- a/terraform/ecs/cluster.tf +++ b/terraform/ecs/cluster.tf @@ -1,5 +1,5 @@ locals { - image = "${var.ecr_repository_url}:${var.image_version}" + image = "${var.ecr_repository_url}:${var.image_version}" desired_count = module.this.stage == "prod" ? var.autoscaling_desired_count : 1