aws-observability · harrryr · Jul 24, 2024 · Jul 24, 2024
diff --git a/.github/workflows/e2e-test-docker-image-build.yml b/.github/workflows/e2e-test-docker-image-build.yml
diff --git a/.github/workflows/github-runner-image-build.yml b/.github/workflows/github-runner-image-build.yml
@@ -0,0 +1,46 @@
+# This workflow will trigger whenever there is a new change in Terraform or Dockerfile and build new images
+# to be used by the E2E runners. This image contains pre-built dependencies so that they don't need to be built
+# everytime during E2E runs
+name: Build Github Runner Image
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - 'Dockerfile'
+      - 'terraform/**'
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  build-images:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        terraform-dir: [ { name: 'java-eks', dir: '/terraform/java/eks' },
+                         { name: 'java-ec2-default', dir: '/terraform/java/ec2/default' },
+                         { name: 'java-ec2-asg', dir: '/terraform/java/ec2/asg' },
+                         { name: 'java-k8s', dir: '/terraform/java/k8s' },
+                         { name: 'python-eks', dir: '/terraform/python/eks' },
+                         { name: 'python-ec2-default', dir: '/terraform/python/ec2/default' },
+                         { name: 'python-ec2-asg', dir: '/terraform/python/ec2/asg' },
+                         { name: 'python-k8s', dir: '/terraform/python/k8s' } ]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Build docker image
+        run: docker build -t ${{ matrix.terraform-dir.name }}:latest --build-arg TERRAFORM_DIR=${{ matrix.terraform-dir.dir }} .
+
+      - name: Save docker image as .tar
+        run: docker save ${{ matrix.terraform-dir.name }}:latest > ${{ matrix.terraform-dir.name }}.tar
+
+      - name: Upload docker image
+        uses: actions/upload-artifact@v2
+        with:
+          name: ${{ matrix.terraform-dir.name }}.tar
+          path: ${{ matrix.terraform-dir.name }}.tar
diff --git a/.github/workflows/github-runner-image-push.yml b/.github/workflows/github-runner-image-push.yml
@@ -0,0 +1,105 @@
+# This workflow will trigger when it detects that a new github runner image was built in the
+# github-runner-image-build.yml workflow. It will download the artifacts built from that workflow
+# and push it to an ECR in each region
+name: Push Github Runner Image
+
+on:
+  workflow_run:
+    workflows:
+      - "Build Github Runner Image"
+    types:
+      - "completed"
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  E2E_TEST_ACCOUNT_ID: ${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ACCOUNT_ID }}
+  E2E_TEST_ROLE_NAME: ${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ROLE_NAME }}
+  E2E_RUNNER_ECR_NAME: github-runner-image-ecr
+  RUN_ID: ${{ github.event.workflow_run.id }}
+
+jobs:
+  push-images:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        aws-region: [ 'af-south-1','ap-east-1','ap-northeast-1','ap-northeast-2','ap-northeast-3','ap-south-1','ap-south-2','ap-southeast-1',
+                      'ap-southeast-2','ap-southeast-3','ap-southeast-4','ca-central-1','eu-central-1','eu-central-2','eu-north-1',
+                      'eu-south-1','eu-south-2','eu-west-1','eu-west-2','eu-west-3','il-central-1','me-central-1','me-south-1', 'sa-east-1',
+                      'us-east-1','us-east-2','us-west-1','us-west-2' ]
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ env.E2E_TEST_ACCOUNT_ID }}:role/${{ env.E2E_TEST_ROLE_NAME }}
+          aws-region: us-east-1
+
+      - name: Retrieve account
+        uses: aws-actions/aws-secretsmanager-get-secrets@v1
+        with:
+          secret-ids: |
+            ACCOUNT_ID, region-account/${{ matrix.aws-region }}
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ env.ACCOUNT_ID }}:role/${{ env.E2E_TEST_ROLE_NAME }}
+          aws-region: us-east-1
+
+      - name: Output Public ECR Url
+        id: get-public-ecr-url
+        run: |
+          echo "public_ecr_url=$(aws ecr-public describe-repositories --repository-names ${{ env.E2E_RUNNER_ECR_NAME }} --query "repositories[0].repositoryUri" --output text)" >> $GITHUB_OUTPUT
+
+      - name: Login to Amazon ECR
+        id: login-ecr-public
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          registry-type: public
+
+      - name: Build, tag, and push image to Amazon ECR
+        id: build-image
+        env:
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REGISTRY_URL: ${{ steps.get-public-ecr-url.outputs.public_ecr_url }}
+        run: |
+          # Get list of artifacts generated by this workflow run from previous step
+          artifact_list=$(curl -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/repos/$GITHUB_REPOSITORY/actions/runs/${{ env.RUN_ID }}/artifacts)
+
+          # Filter out the artifact names from the list
+          artifact_names=$(echo "$artifact_list" | jq -r '[.artifacts[].name] | join(",")')
+          echo $artifact_names
+
+          # Iterate through each artifact to download them, then upload them to ECR
+          IFS=',' read -ra artifacts <<< "$artifact_names"
+          for artifact in "${artifacts[@]}"; do
+            echo "Processing artifact: $artifact"
+
+            artifact_url=$(echo "$artifact_list" | jq -r --arg artifact "$artifact" '.artifacts[] | select(.name == $artifact) | .archive_download_url')
+            echo "$artifact_url"
+
+            # Download the artifact
+            curl -O -J -L -H "Authorization: token $GITHUB_TOKEN" "$artifact_url"
+
+            # Unzip the downloaded artifact
+            unzip "$artifact".zip
+
+            # Remove the artifact zip to clean up disk space
+            rm "$artifact".zip
+
+            # Push artifact to ECR
+            image_name=$(echo $artifact | cut -f 1 -d '.')
+            docker load -i $artifact
+            docker tag $image_name $REGISTRY_URL:$image_name
+            docker push $REGISTRY_URL:$image_name
+
+            # Remove docker image to clean up disk space
+            docker rmi $image_name $REGISTRY_URL:$image_name
+
+            # Remove artifact to clean up disk space          
+            rm "$artifact"
+          done
diff --git a/Dockerfile b/Dockerfile
@@ -5,6 +5,9 @@ FROM openjdk:11-jdk
 ENV JAVA_HOME=/usr/local/openjdk-11
 ENV PATH="$JAVA_HOME/bin:${PATH}"
 
+# The directory of the Terraform folder that will be built
+ARG TERRAFORM_DIR
+
 # Install the neccessary commands
 RUN \
     apt-get update -y && \
@@ -55,4 +58,14 @@ ENV GRADLE_USER_HOME=/.gradle/
 RUN mkdir -p $GRADLE_USER_HOME
 
 # Copy the Gradle cache from the default location to the custom location
-RUN cp -r ~/.gradle/* $GRADLE_USER_HOME
+RUN cp -r ~/.gradle/* $GRADLE_USER_HOME
+
+COPY "$TERRAFORM_DIR" /terraform/
+RUN if echo "$TERRAFORM_DIR" | grep -q "k8s"; then \
+      terraform -chdir=/terraform/deploy init && terraform -chdir=/terraform/deploy validate ; \
+      terraform -chdir=/terraform/cleanup init && terraform -chdir=/terraform/cleanup validate ; \
+    else \
+      terraform -chdir=/terraform init && terraform -chdir=/terraform validate ; \
+    fi
+
+