Separate app and infra deployments #4432
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
TheOneFromNorway
force-pushed
the
separate_app_and_infra_deployments
branch
from
6a60f17 to
5aec2b4
Compare
bogsi17
reviewed
Aug 29, 2025
bogsi17
reviewed
Aug 29, 2025
thomasleese
reviewed
Aug 29, 2025
TheOneFromNorway
force-pushed
the
separate_app_and_infra_deployments
branch
4 times, most recently
from
467e3e4 to
02f42b3
Compare
tvararu
force-pushed
the
separate_app_and_infra_deployments
branch
2 times, most recently
from
8fc8c72 to
f9c0ab6
Compare
tvararu
force-pushed
the
separate_app_and_infra_deployments
branch
from
bebba7b to
2feac96
Compare
|
@thomasleese this PR will cause some minor conflicts with your #4564 because I also removed some |
tvararu
force-pushed
the
separate_app_and_infra_deployments
branch
2 times, most recently
from
29bed06 to
c9c17f5
Compare
TheOneFromNorway
temporarily deployed
to
sandbox-beta
GitHub Actions
Inactive
TheOneFromNorway
temporarily deployed
to
sandbox-beta
GitHub Actions
Inactive
TheOneFromNorway
force-pushed
the
separate_app_and_infra_deployments
branch
from
ac891d0 to
4e6a0c9
Compare
TheOneFromNorway
temporarily deployed
to
sandbox-beta
GitHub Actions
Inactive
TheOneFromNorway
temporarily deployed
to
sandbox-beta
GitHub Actions
Inactive
bogsi17
had a problem deploying
to
sandbox-beta
GitHub Actions
Failure
TheOneFromNorway
temporarily deployed
to
sandbox-beta
GitHub Actions
Inactive
TheOneFromNorway
temporarily deployed
to
sandbox-beta
GitHub Actions
Inactive
|
Successful deployments:
|
- Replace the task definition creation with a teamplate version
- The template version will be picked up and modified during the ECS deployment workflow
- Remove redundant resources/outputs
- We no longer need outputs/s3 buckets since we will be using AWS provided github actions for deployment
- Move application-specific variables into a config file (to be used in deployment)
- A new SSM resources is introduced that will allow tweaking
parameters without redeployment
- These variables have been moved to a config file to be inserted into the task definition on deploy - Modify the docker-start script to turn the comma separated key-value pairs in the ENV_VARS secret into environment variables
- Limits permission scope for production deployments - Adheres to the principle of least privilege - Separates permissions between application deployments and infrastructure changes
- The application can now be deployed independently from infrastructure changes - Create SSM parameter population script in python so it can also be used between services located in different repositories (e.g. like reporting service) - Create a new task definition based on the templated version created by infrastructure deploy - Create appspec.yaml template for handling codedeploys - Remove redundant parameters from terraform deployment
- This is required due to the new template-mechanism - Adheres to split between application and infrastructure
- Remnant from database migration
- Dashes instead of underline for github pipelines - Clear separation of concerns in account tf stack - Remove unnecessary `app_version` input
- Docker entry point is top level so this is where the environment variables must be extracted - Otherwise shelling into the container and also db:seed does not execute properly
Also format some yml whitespace using prettier.
Matches the one in .tool-versions.
The workflow always replaces the db cluster, so the check isn't necessary anymore.
Update the title, pass in `git_ref_to_deploy`, only `build-and-push-image` image if an `image_tag` isn't specified, and ensure that `yq` is installed before using it.
Skip building if an `image-tag` is passed in, and rename the `deploy-sidekiq` subtask for consistency.
Use kebab-case for variables and remove an unused env var.
We don't deploy this worker anymore.
- Agreed to change the setup to control the set of tunable variables only on infrastructure side - Parameter store locations for the variables are created, but only populated with a CHANGE_ME parameter - This is for use with non-prod systems only - The docker entry point now unsets any variables with CHANGE_ME values - Workflow updated to reflect new secret/aws variable management setup - python scripts/dependency removed as no scripting is needed for secrets in the new setup
Currently these are not set in config and must therefore be included here
- Fixes SonarQube security warnings
- Aligns deployment flows accross repositories - Ensures uniqueness and covers edge-cases for non-existance of task definitions
TheOneFromNorway
force-pushed
the
separate_app_and_infra_deployments
branch
from
43b2895 to
77765ad
Compare
|
TheOneFromNorway
added
github_actions
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Separate deployment of application and infrastructure changes
This enables separating out infrastructure components into a separate repository. Some cleanup is required post deployment, this is not done at this stage to ensure backwards compatibility of the infrastructure.
parameters without redeployment
Ticket: MAV-1657