ECR Repository for Archival Packaging Tool (APT)

Why these changes are being introduced:
A new archival packaging tool application is getting built and it will
run as a Fargate task, so it needs an ECR repository.

How this addresses that need:
* Create a new ECR repository along with the associate GHA roles for
automation and the Terraform outputs for the GHA workflows for the
application repository
* Update the pre-commit dependencies
* Update the README

Side effects of this change:
None.

Relevant ticket(s):
* https://mitlibraries.atlassian.net/browse/IN-1221

wip

Author: cabutlermit

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: "v1.97.4"
+    rev: "v1.98.0"
     hooks:
       - id: terraform_fmt
         args:
@@ -12,7 +12,7 @@ repos:
       - id: terraform-docs-go
         args: ["markdown", "table", "--config", "./.terraform-docs.yaml", "--recursive", "--output-file", "README.md", "./"]
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: '3.2.378'
+    rev: '3.2.395'
     hooks:
       - id: checkov
         language_version: python3.12

README.md

@@ -97,6 +97,8 @@ This is a core infrastructure repository that defines infrastructure related to
   * [Alma Webhook Lambdas](https://github.com/MITLibraries/alma-webhook-lambdas)
 * [Alma Patron Load](https://github.com/MITLibraries/mitlib-tf-workloads-patronload)
   * [Alma Patron Load Application Container](https://github.com/MITLibraries/alma-patronload)
+* [Archival Packaging Tool](https://github.com/MITLibraries/mitlib-tf-workloads-apt)
+  * [Archival Packaging Tool Application Container](https://github.com/MITLibraries/archival-packaging-tool)
 * [ASATI](https://github.com/MITLibraries/mitlib-tf-workloads-asati)
   * [ASATI Application Container](https://github.com/MITLibraries/asati)
 * [Carbon](https://github.com/MITLibraries/mitlib-tf-workloads-carbon)
@@ -153,6 +155,7 @@ This is a core infrastructure repository that defines infrastructure related to
 | Name | Source | Version |
 |------|--------|---------|
 | ecr\_alma\_webhook\_lambdas | ./modules/ecr | n/a |
+| ecr\_apt | ./modules/ecr | n/a |
 | ecr\_asati | ./modules/ecr | n/a |
 | ecr\_bursar | ./modules/ecr | n/a |
 | ecr\_carbon | ./modules/ecr | n/a |
@@ -205,6 +208,10 @@ This is a core infrastructure repository that defines infrastructure related to
 | alma\_webhook\_lambdas\_makefile | Full contents of the Makefile for the alma-webhook-lambdas repo (allows devs to push to Dev account only) |
 | alma\_webhook\_lambdas\_prod\_promote\_workflow | Full contents of the prod-promote.yml for the alma-webhook-lambdas repo |
 | alma\_webhook\_lambdas\_stage\_build\_workflow | Full contents of the stage-build.yml for the alma-webhook-lambdas repo |
+| apt\_fargate\_dev\_build\_workflow | Full contents of the dev-build.yml for the archival-packaging-tool repo |
+| apt\_fargate\_makefile | Full contents of the Makefile for the archival-packaging-tool repo (allows devs to push to Dev account only) |
+| apt\_fargate\_prod\_promote\_workflow | Full contents of the prod-promote.yml for the archival-packaging-tool repo |
+| apt\_fargate\_stage\_build\_workflow | Full contents of the stage-build.yml for the archival-packaging-tool repo |
 | asati\_fargate\_dev\_build\_workflow | Full contents of the dev-build.yml for the asati repo |
 | asati\_fargate\_makefile | Full contents of the Makefile for the asati repo (allows devs to push to Dev account only) |
 | asati\_fargate\_prod\_promote\_workflow | Full contents of the prod-promote.yml for the asati repo |

apt_ecr.tf

@@ -0,0 +1,68 @@
+# Archival Packaging Tool (apt) containers
+# A standard ECR for an ECS Fargate task
+
+locals {
+  ecr_apt = "archival-packaging-tool-${var.environment}"
+}
+
+module "ecr_apt" {
+  source            = "./modules/ecr"
+  repo_name         = "archival-packaging-tool"
+  login_policy_arn  = aws_iam_policy.login.arn
+  oidc_arn          = data.aws_ssm_parameter.oidc_arn.value
+  environment       = var.environment
+  tfoutput_ssm_path = var.tfoutput_ssm_path
+  tags = {
+    app-repo = "archival-packaging-tool"
+  }
+}
+
+## Outputs to Terraform Cloud for devs ##
+
+## For archival-packaging-tool application repo and ECR repository
+# Outputs in dev
+output "apt_fargate_dev_build_workflow" {
+  value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/dev-build.tpl", {
+    region   = var.aws_region
+    role     = module.ecr_apt.gha_role
+    ecr      = module.ecr_apt.repository_name
+    function = ""
+    }
+  )
+  description = "Full contents of the dev-build.yml for the archival-packaging-tool repo"
+}
+output "apt_fargate_makefile" {
+  value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/makefile.tpl", {
+    ecr_name = module.ecr_apt.repository_name
+    ecr_url  = module.ecr_apt.repository_url
+    function = ""
+    }
+  )
+  description = "Full contents of the Makefile for the archival-packaging-tool repo (allows devs to push to Dev account only)"
+}
+
+# Outputs in stage
+output "apt_fargate_stage_build_workflow" {
+  value = var.environment == "prod" || var.environment == "dev" ? null : templatefile("${path.module}/files/stage-build.tpl", {
+    region   = var.aws_region
+    role     = module.ecr_apt.gha_role
+    ecr      = module.ecr_apt.repository_name
+    function = ""
+    }
+  )
+  description = "Full contents of the stage-build.yml for the archival-packaging-tool repo"
+}
+
+# Outputs after promotion to prod
+output "apt_fargate_prod_promote_workflow" {
+  value = var.environment == "stage" || var.environment == "dev" ? null : templatefile("${path.module}/files/prod-promote.tpl", {
+    region     = var.aws_region
+    role_stage = "${module.ecr_apt.repo_name}-gha-stage"
+    role_prod  = "${module.ecr_apt.repo_name}-gha-prod"
+    ecr_stage  = "${module.ecr_apt.repo_name}-stage"
+    ecr_prod   = "${module.ecr_apt.repo_name}-prod"
+    function   = ""
+    }
+  )
+  description = "Full contents of the prod-promote.yml for the archival-packaging-tool repo"
+}