Merge pull request #73 from MITLibraries/dev

cabutlermit · web-flow · commit f66f998b0bf3 · 2025-11-10T09:57:19.000-05:00
Dev-to-Stage: Create ECR Repository for timdex-embeddings
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: "v1.100.0"
+    rev: "v1.103.0"
     hooks:
       - id: terraform_fmt
         args:
@@ -12,7 +12,7 @@ repos:
       - id: terraform-docs-go
         args: ["markdown", "table", "--config", "./.terraform-docs.yaml", "--recursive", "--output-file", "README.md", "./"]
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: '3.2.471'
+    rev: '3.2.490'
     hooks:
       - id: checkov
         verbose: false
diff --git a/README.md b/README.md
@@ -130,6 +130,7 @@ This is a core infrastructure repository that defines infrastructure related to
   * [TIMDEX UI](https://github.com/MITLibraries/timdex-ui)
   * [TIMDEX Simulator](https://github.com/MITLibraries/timdex-simulator)
   * [TIMDEX Transmogrifier](https://github.com/MITLibraries/transmogrifier)
+  * [TIMDEX Embeddings](https://github.com/MITLibraries/timdex-embeddings)
 * [WCD2Reshare](https://github.com/MITLibraries/mitlib-tf-workloads-wcd2reshare)
   * [WCD2Reshare Application Container](https://github.com/MITLibraries/wcd2reshare)
 * **DEPRECATED**: [Wiley](https://github.com/MITLibraries/mitlib-tf-workloads-wiley)
@@ -139,7 +140,7 @@ This is a core infrastructure repository that defines infrastructure related to
 
 * Owner: See [CODEOWNERS](./.github/CODEOWNERS)
 * Team: See [CODEOWNERS](./.github/CODEOWNERS)
-* Last Maintenance: 2025-09
+* Last Maintenance: 2025-11
 
 ## TF markdown is automatically inserted at the bottom of this file, nothing should be written beyond this point
 
@@ -182,6 +183,7 @@ This is a core infrastructure repository that defines infrastructure related to
 | ecr\_sapinvoices\_ui | ./modules/ecr | n/a |
 | ecr\_tacos\_detectors | ./modules/ecr | n/a |
 | ecr\_timdex\_browsertrix | ./modules/ecr | n/a |
+| ecr\_timdex\_embeddings | ./modules/ecr | n/a |
 | ecr\_timdex\_geo | ./modules/ecr | n/a |
 | ecr\_timdex\_lambdas | ./modules/ecr | n/a |
 | ecr\_timdex\_tim | ./modules/ecr | n/a |
@@ -307,6 +309,10 @@ This is a core infrastructure repository that defines infrastructure related to
 | tim\_makefile | Full contents of the Makefile for the timdex-index-manager repo (allows devs to push to Dev account only) |
 | tim\_prod\_promote\_workflow | Full contents of the prod-promote.yml for the timdex-index-manager repo |
 | tim\_stage\_build\_workflow | Full contents of the stage-build.yml for the timdex-index-manager repo |
+| timdex\_embeddings\_fargate\_dev\_build\_workflow | Full contents of the dev-build.yml for the timdex-embeddings repo |
+| timdex\_embeddings\_fargate\_makefile | Full contents of the Makefile for the timdex-embeddings repo (allows devs to push to Dev account only) |
+| timdex\_embeddings\_fargate\_prod\_promote\_workflow | Full contents of the prod-promote.yml for the timdex-embeddings repo |
+| timdex\_embeddings\_fargate\_stage\_build\_workflow | Full contents of the stage-build.yml for the timdex-embeddings repo |
 | timdex\_lambdas\_dev\_build\_workflow | Full contents of the dev-build.yml for the timdex-pipeline-lambdas repo |
 | timdex\_lambdas\_makefile | Full contents of the Makefile for the timdex-pipeline-lambdas repo (allows devs to push to Dev account only) |
 | timdex\_lambdas\_prod\_promote\_workflow | Full contents of the prod-promote.yml for the timdex-pipeline-lambdas repo |
diff --git a/timdex_ecrs.tf b/timdex_ecrs.tf
@@ -365,3 +365,68 @@ output "geo_prod_promote_workflow" {
   )
   description = "Full contents of the prod-promote.yml for the geo-harvester repo"
 }
+
+
+# timdex-embeddings containers
+# This is a standard ECR for an ECS with a Fargate launch type
+module "ecr_timdex_embeddings" {
+  source            = "./modules/ecr"
+  repo_name         = "timdex-embeddings"
+  login_policy_arn  = aws_iam_policy.login.arn
+  oidc_arn          = data.aws_ssm_parameter.oidc_arn.value
+  environment       = var.environment
+  tfoutput_ssm_path = var.tfoutput_ssm_path
+  tags = {
+    app-repo = "timdex-infrastructure-timdex-embeddings"
+  }
+}
+
+## Outputs to Terraform Cloud for devs ##
+
+## For timdex-embeddings application repo and ECR repository
+# Outputs in dev
+output "timdex_embeddings_fargate_dev_build_workflow" {
+  value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/dev-build-cpu-arch.tpl", {
+    region   = var.aws_region
+    role     = module.ecr_timdex_embeddings.gha_role
+    ecr      = module.ecr_timdex_embeddings.repository_name
+    function = ""
+    }
+  )
+  description = "Full contents of the dev-build.yml for the timdex-embeddings repo"
+}
+output "timdex_embeddings_fargate_makefile" {
+  value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/makefile-cpu-arch.tpl", {
+    ecr_name = module.ecr_timdex_embeddings.repository_name
+    ecr_url  = module.ecr_timdex_embeddings.repository_url
+    function = ""
+    }
+  )
+  description = "Full contents of the Makefile for the timdex-embeddings repo (allows devs to push to Dev account only)"
+}
+
+# Outputs in stage
+output "timdex_embeddings_fargate_stage_build_workflow" {
+  value = var.environment == "prod" || var.environment == "dev" ? null : templatefile("${path.module}/files/stage-build-cpu-arch.tpl", {
+    region   = var.aws_region
+    role     = module.ecr_timdex_embeddings.gha_role
+    ecr      = module.ecr_timdex_embeddings.repository_name
+    function = ""
+    }
+  )
+  description = "Full contents of the stage-build.yml for the timdex-embeddings repo"
+}
+
+# Outputs after promotion to prod
+output "timdex_embeddings_fargate_prod_promote_workflow" {
+  value = var.environment == "stage" || var.environment == "dev" ? null : templatefile("${path.module}/files/prod-promote-cpu-arch.tpl", {
+    region     = var.aws_region
+    role_stage = "${module.ecr_timdex_embeddings.repo_name}-gha-stage"
+    role_prod  = "${module.ecr_timdex_embeddings.repo_name}-gha-prod"
+    ecr_stage  = "${module.ecr_timdex_embeddings.repo_name}-stage"
+    ecr_prod   = "${module.ecr_timdex_embeddings.repo_name}-prod"
+    function   = ""
+    }
+  )
+  description = "Full contents of the prod-promote.yml for the timdex-embeddings repo"
+}
