Add Terraform Init to Dockerfile and also create ECR per region #105
Conversation
harrryr
force-pushed
the
add-terraform-to-dockerfile
branch
from
ef08e25 to
7cc27cf
Compare
Fix Adot main_build. By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
harrryr
force-pushed
the
add-terraform-to-dockerfile
branch
27 times, most recently
from
9087a36 to
d8c305d
Compare
harrryr
force-pushed
the
add-terraform-to-dockerfile
branch
10 times, most recently
from
14a1f8b to
ad10c1e
Compare
harrryr
changed the title
harrryr
force-pushed
the
add-terraform-to-dockerfile
branch
5 times, most recently
from
53768d8 to
f54725b
Compare
| - name: Upload docker image | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: ${{ matrix.terraform-dir.name }}.tar | ||
| path: ${{ matrix.terraform-dir.name }}.tar |
There was a problem hiding this comment.
To where? Not sure I understand what's happening here, where do the images built go if they're not pushed immediately?
Does this rely on GH's version of ECR?
There was a problem hiding this comment.
Github can store artifacts created by workflows. The artifacts are attached to the workflow run that created them. Not ECR, it can store any files such as .txt, .tar, etc. As you can see, we converted the image to a .tar file and uploaded it
There was a problem hiding this comment.
How do we enforce the push is run right after the build?
There was a problem hiding this comment.
Through the workflow run condition "Build Github Runner Image", type: "completed"
| - name: Output Public ECR Url | ||
| id: get-public-ecr-url | ||
| run: | | ||
| echo "public_ecr_url=$(aws ecr-public describe-repositories --repository-names ${{ env.E2E_RUNNER_ECR_NAME }} --query "repositories[0].repositoryUri" --output text)" >> $GITHUB_OUTPUT |
There was a problem hiding this comment.
I assume we can use [0] because we're specifically looking for E2E_RUNNER_ECR_NAME?
| workflows: | ||
| - "Build Github Runner Image" |
There was a problem hiding this comment.
So this runs after the other workflow or does it trigger when the other triggers? ie. are they parallelized or serialized?
There was a problem hiding this comment.
They are serialized. It get triggered when the "Build Github Runner Image" workflow run is completed on the main branch
| @@ -31,10 +31,39 @@ env: | |||
| TEST_RESOURCES_FOLDER: ${GITHUB_WORKSPACE} | |||
|
|
|||
| jobs: | |||
| get-public-ecr-url: | |||
There was a problem hiding this comment.
Can we extract this as an action?
*Issue description:* Splitting this PR into two to reduce scope: #105 This PR will cover building and releasing the image into the public ECR. Once merged and images released successfully, will make second PR for the canaries. - Testing to check if `github-runner-image-build.yml` builds images properly: [Link](https://github.com/aws-observability/aws-application-signals-test-framework/actions/runs/10012887630) - Testing to check if `github-runner-image-push.yml` pushes images if provided with the correct run_id: [Link](https://github.com/aws-observability/aws-application-signals-test-framework/actions/runs/10012993832) By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
harrryr
force-pushed
the
add-terraform-to-dockerfile
branch
from
004b7c0 to
af5bff3
Compare
harrryr
force-pushed
the
add-terraform-to-dockerfile
branch
from
b62f363 to
af5bff3
Compare
Issue description:
E2E tests pull image from ECR when workflow starts. Due to the high number of E2E tests using the same ECR, the ECR often throttles and causes the test to fail relatively frequently. This issue will become worse as we add more language and platform support, and currently requires asking for a service quota increase manually. Additionally, another top issue for E2E test failure is due to Terraform failing to initialize.
Description of changes:
We decided to allocate an ECR for each region. Since there are currently 9 canaries running, it is not possible for it to exceed the 10 request/s API limit so this should resolve the throttling issue
The
e2e-test-docker-image-build.ymlhas been seperated into two workflows:github-runner-image-build.ymlandgithub-runner-image-push.yml. The reason for this change is due to the following circumstances:github-runner-image-build.ymlwill run whenever there is a change in Terraform or Dockerfile code and build the images,github-runner-image-push.ymlwill run whenever the previous workflow run is ran, then push the images to the ECR.As mentioned above, Terraform Init is now done during docker build. However, since the build and push process takes around an hour, there is an edge case where the workflow files are updated to the latest PR but the docker image isn't updated yet with the latest Terraform. To resolve this 1 hour period, extra steps were added in the workflow file to check if there is a difference in the latest and docker's Terraform file, and if there is, then run the Terraform Init step inside the workflow.
Test
Several test runs:
github-runner-image-build.ymlbuilds images properly: Linkgithub-runner-image-push.ymlpushes images if provided with the correct run_id: Linkworkflow_runcondition only works in the main branch. Therefore, this condition was tested on forked repo: (Build Link, Push Link with correct run_idNote: Currently the images have been deployed to all the regions. However, we should run this workflow again after this PR is merged to double check that it works as expected
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.