Merge pull request #6649 from hotosm/tasking-manager-fastapi

Tasking manager fastapi

Author: dakotabenjamin

.github/workflows/ecs-deploy.yml

@@ -4,18 +4,23 @@ on:
   push:
     branches:
       - tasking-manager-fastapi
+    paths:
+      - "backend/**"
+  workflow_dispatch:
 
 env:
   REGISTRY: ghcr.io
   AWS_REGION: us-east-1
-  ECS_CLUSTER: tasking-manager
-  ECS_SERVICE: tasking-manager-fastAPI
-  CONTAINER_NAME: backend
-  IMAGE_NAME: hotosm/tasking-manager-backend # was ${{ github.repository }}
+  IMAGE_NAME: hotosm/tasking-manager-backend
+  TASK_DEFINITION: tasking-manager-hotosm-staging-fastapi
+  ECS_CLUSTER: tasking-manager-staging-cluster
+  ECS_SERVICE: tasking-manager-hotosm-staging-fastapi
+  CONTAINER_NAME: tasking-manager-hotosm-staging-fastapi
+  OIDC_ROLE_ARN: arn:aws:iam::670261699094:role/Github-AWS-OIDC
 
 jobs:
-  build-push-image:
-    name: Build Images
+  image-build-and-push:
+    name: Build Container Images
     runs-on: ubuntu-latest
     environment: production
 
@@ -24,14 +29,11 @@ jobs:
       packages: write
 
     outputs:
-      imageid: steps.build-push-image.imageid
+      image_tags: ${{ steps.meta.outputs.tags }}
 
     steps:
-      - name: Setup QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Setup Buildx
-        uses: docker/setup-buildx-action@v3
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
 
       - name: Log in to the Container registry
         uses: docker/login-action@v3
@@ -45,53 +47,55 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-
           tags: |
-            type=ref,event=branch
+            type=raw,value=fastapi
 
       - name: Build and push container image
         id: build-push-image
         uses: docker/build-push-action@v5
         with:
           context: "{{defaultContext}}"
+          target: prod
           platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
 
   deploy:
-    name: Deploy
+    name: Deploy to ECS
     runs-on: ubuntu-latest
     environment: production
 
+    needs: image-build-and-push
+
     permissions:
       contents: read
       id-token: write
 
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
+      - uses: actions/checkout@v4
 
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-region: us-east-1
-          role-to-assume: arn:aws:iam::670261699094:role/Github-AWS-OIDC
+          aws-region: ${{ env.AWS_REGION }}
+          role-to-assume: ${{ env.OIDC_ROLE_ARN }}
           role-session-name: gh-ci-ecs-deploy
 
       - name: Download task definition
         run: |
-           aws ecs describe-task-definition --task-definition tasking-manager --query taskDefinition > task-definition.json
+          aws ecs describe-task-definition --task-definition ${{ env.TASK_DEFINITION }} --query taskDefinition > task-definition.json
 
       - name: Task definition rendition
         id: task-def
         uses: aws-actions/amazon-ecs-render-task-definition@v1
         with:
           task-definition: task-definition.json
           container-name: ${{ env.CONTAINER_NAME }}
-          image: ${{ needs.build-push-image.outputs.imageid }}
+          image: ${{ needs.image-build-and-push.outputs.image_tags }}
 
       - name: Deploy task definition
-        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
         with:
           task-definition: ${{ steps.task-def.outputs.task-definition }}
           service: ${{ env.ECS_SERVICE }}

.github/workflows/terragrunt-apply.yml

@@ -0,0 +1,76 @@
+name: Terragrunt Apply
+
+on:
+  workflow_run:
+    workflows: ["Terragrunt Plan"]
+    types:
+      - completed
+  workflow_dispatch:
+    inputs:
+      plan_file_name:
+        description: "Enter Terragrunt Plan File name to run"
+        required: true
+
+jobs:
+  # workaround for using GHActions environment variables feature. In future we can use ${{ github.ref_name }} directly in the workflow as INFRA_BRANCH
+  get_deployment_meta:
+    name: Get Deployment Meta
+    runs-on: ubuntu-latest
+    outputs:
+      PLAN_NAME: ${{ steps.export_meta.outputs.PLAN_NAME }}
+      INFRA_BRANCH_NAME: ${{ steps.export_triggering_wf_meta.outputs.INFRA_BRANCH_NAME }}
+      INFRA_BRANCH_URL: ${{ steps.export_triggering_wf_meta.outputs.INFRA_BRANCH_URL }}
+      INFRA_MODULE_PATH: ${{ steps.export_triggering_wf_meta.outputs.INFRA_MODULE_PATH }}
+
+    steps:
+      - name: Export Deployment Meta
+        id: export_meta
+        shell: bash
+        run: |
+          case "${{ github.event_name }}" in
+          workflow_run)
+            export PLAN_NAME=tasking-manager-${{ github.event.workflow_run.id }}-${{ github.event.workflow_run.run_attempt }}
+            ;;
+          workflow_dispatch)
+            export PLAN_NAME=${{ inputs.plan_file_name }}
+            ;;
+          esac
+          echo "PLAN_NAME=${PLAN_NAME}" >> $GITHUB_OUTPUT
+
+      - name: Get Input Params from GitHub Artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: PLAN_WORKFLOW_META.info
+          github-token: ${{ github.token }}
+          repository: ${{ github.repository }}
+          run-id: ${{ github.event.workflow_run.id }}
+
+      - name: Export triggering plan workflow meta
+        id: export_triggering_wf_meta
+        shell: bash
+        run: |
+          for line in $(cat PLAN_WORKFLOW_META);
+          do
+            echo $line >> $GITHUB_OUTPUT
+          done
+
+  apply:
+    name: Terragrunt Apply
+    uses: hotosm/gh-workflows/.github/workflows/terragrunt-apply.yml@3.1.0
+    permissions:
+      id-token: write
+      contents: read
+    needs:
+      - get_deployment_meta
+    with:
+      working_dir: ./scripts/aws/infra/${{ needs.get_deployment_meta.outputs.INFRA_BRANCH_NAME }}/${{ needs.get_deployment_meta.outputs.INFRA_MODULE_PATH }}
+      terraform_version: "1.9.5"
+      terragrunt_version: "0.67.15"
+      aws_region: us-east-1
+      load_env: true
+      plan_file_name: ${{ needs.get_deployment_meta.outputs.PLAN_NAME }}
+      use_gh_artifacts: true
+      environment_name: ${{ needs.get_deployment_meta.outputs.INFRA_BRANCH_NAME }}
+      environment_url: ${{ needs.get_deployment_meta.outputs.INFRA_BRANCH_URL }}
+      decrypt_plan_file: true
+    secrets: inherit

.github/workflows/terragrunt-plan.yml

@@ -0,0 +1,74 @@
+name: Terragrunt Plan
+
+on:
+  workflow_dispatch:
+    inputs:
+      module_path:
+        description: "Select Terragrunt Module to run"
+        required: true
+        type: choice
+        default: purgeable/ecs/
+        options:
+          - purgeable/ecs/
+          - purgeable/ecs-cron/
+          - non-purgeable/extras/
+
+jobs:
+  # workaround for using GHActions environment variables feature. In future we can use ${{ github.ref_name }} directly in the workflow as INFRA_BRANCH
+  get_deployment_meta:
+    name: Get Deployment Meta
+    runs-on: ubuntu-latest
+    outputs:
+      INFRA_BRANCH_NAME: ${{ steps.export_meta.outputs.INFRA_BRANCH_NAME }}
+      INFRA_BRANCH_URL: ${{ steps.export_meta.outputs.INFRA_BRANCH_URL }}
+    steps:
+      - name: Export Deployment Meta
+        id: export_meta
+        shell: bash
+        run: |
+          case "${{ github.ref }}" in
+          refs/heads/develop)
+            export INFRA_BRANCH_NAME=staging
+            export INFRA_BRANCH_URL=https://tasks-stage.hotosm.org
+            ;;
+          refs/heads/tasking-manager-fastapi)
+            export INFRA_BRANCH_NAME=staging
+            export INFRA_BRANCH_URL=https://tasks-stage.hotosm.org
+            ;;
+          esac
+          echo "INFRA_BRANCH_NAME=${INFRA_BRANCH_NAME}" >> $GITHUB_OUTPUT
+          echo "INFRA_BRANCH_URL=${INFRA_BRANCH_URL}" >> $GITHUB_OUTPUT
+
+      - name: Write Inputs as Artifacts
+        shell: bash
+        run: |
+          set -e
+          echo INFRA_BRANCH_NAME=${{ steps.export_meta.outputs.INFRA_BRANCH_NAME }} >> PLAN_WORKFLOW_META
+          echo INFRA_BRANCH_URL=${{ steps.export_meta.outputs.INFRA_BRANCH_URL }} >> PLAN_WORKFLOW_META
+          echo INFRA_MODULE_PATH=${{ inputs.module_path }} >> PLAN_WORKFLOW_META
+
+      - name: Upload Inputs as Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: PLAN_WORKFLOW_META.info
+          path: ./PLAN_WORKFLOW_META
+          retention-days: 1
+
+  plan:
+    name: Terragrunt Plan
+    uses: hotosm/gh-workflows/.github/workflows/terragrunt-plan.yml@3.1.0
+    permissions:
+      id-token: write
+      contents: read
+    needs:
+      - get_deployment_meta
+    with:
+      working_dir: ./scripts/aws/infra/${{ needs.get_deployment_meta.outputs.INFRA_BRANCH_NAME }}/${{ github.event.inputs.module_path }}
+      terraform_version: "1.9.5"
+      terragrunt_version: "0.67.15"
+      aws_region: us-east-1
+      load_env: true
+      environment_name: ${{ needs.get_deployment_meta.outputs.INFRA_BRANCH_NAME }}
+      environment_url: ${{ needs.get_deployment_meta.outputs.INFRA_BRANCH_URL }}
+      encrypt_plan_file: true
+    secrets: inherit

.gitignore

@@ -1,4 +1,3 @@
-
 # Configuration files #
 tasking-manager*.env
 
@@ -65,6 +64,16 @@ htmlcov/
 
 # Terragrunt
 .terragrunt-cache
+**/.terragrunt-cache/
+**/.terragrunt-cache
+**/infra.env
 
 # Docker & Docker compose
 docker-compose.override.yml
+postgres_data/
+
+# Variables
+scripts/aws/infra/staging/variables.py
+
+# Files
+tests/test_db_dump/tm_sample_db.sql

.pre-commit-config.yaml

@@ -8,15 +8,15 @@ repos:
       entry: trailing-whitespace-fixer
       language: python
       types: [text]
-      stages: [commit, push, manual]
+      stages: [pre-commit, pre-push, manual]
 
     - id: end-of-file-fixer
       name: fix end of files
       description: ensures that a file is either empty, or ends with one newline.
       entry: end-of-file-fixer
       language: python
       types: [text]
-      stages: [commit, push, manual]
+      stages: [pre-commit, pre-push, manual]
 
     - id: detect-aws-credentials
       name: detect aws credentials
@@ -60,7 +60,7 @@ repos:
       description: prevents giant files from being committed.
       entry: check-added-large-files
       language: python
-      stages: [commit, push, manual]
+      stages: [pre-commit, pre-push, manual]
       args: ['--maxkb=10240']
 
   # Versioning: Commit messages & changelog
@@ -70,18 +70,18 @@ repos:
       - id: commitizen
         stages: [commit-msg]
 
-  # Lint / autoformat: Python code
-  - repo: https://github.com/astral-sh/ruff-pre-commit
-    # Ruff version.
-    rev: "v0.6.4"
-    hooks:
-      # Run the linter
-      - id: ruff
-        files: ^backend/(?:.*/)*.*$
-        args: [--fix, --exit-non-zero-on-fix]
-      # Run the formatter
-      - id: ruff-format
-        files: ^backend/(?:.*/)*.*$
+  # # Lint / autoformat: Python code
+  # - repo: https://github.com/astral-sh/ruff-pre-commit
+  #   # Ruff version.
+  #   rev: "v0.6.4"
+  #   hooks:
+  #     # Run the linter
+  #     - id: ruff
+  #       files: ^backend/(?:.*/)*.*$
+  #       args: [--fix, --exit-non-zero-on-fix]
+  #     # Run the formatter
+  #     - id: ruff-format
+  #       files: ^backend/(?:.*/)*.*$
 
   # INFO: Searches for code that is used or lingering around. (Disabled since there were a lot of work from dev end to remove stuff)
   # - repo: https://github.com/asottile/dead
@@ -104,3 +104,40 @@ repos:
   #           "!frontend/pnpm-lock.yaml",
   #           "!backend/tests/test_data/**",
   #         ]
+
+  - repo: https://github.com/psf/black
+    rev: 23.12.1
+    hooks:
+      - id: black
+        language_version: python3.10
+
+
+  - repo: https://github.com/PyCQA/flake8
+    rev: "7.1.2"
+    hooks:
+      - id: flake8
+        name: flake8
+        additional_dependencies: [mccabe>=0.7.0]
+        args:
+          [
+            "--max-line-length=119",
+            "--max-complexity=150",
+            "--ignore=E203,W503",
+            "--extend-exclude=migrations/*",
+          ]
+        files: '^(backend|tests|manage\.py)'
+
+  # - repo: https://github.com/psf/black
+  #   rev: "23.12.1" # Please keep this version updated, should be same as your black version
+  #   hooks:
+  #     - id: black
+  #       name: black tests
+  #       entry: black
+  #       args:
+  #         [
+  #           "--line-length=88",
+  #           "manage.py",
+  #           "backend",
+  #           "tests",
+  #           "migrations",
+  #         ]