Update Tf Outputs

cabutlermit · cabutlermit · commit fccc8c443264 · 2025-05-08T20:28:43.000-04:00
Why these changes are being introduced: Now that we have ECR Repositories in multiple regions, we need to genarate a few additional lines for each workflow and Makefile when we enable an additional region. How this addresses that need: * Create an additional template file for the Makefile add-ins * Create an additional template file for the dev-build add-ins * Create an additional template file for the stage-build add-ins * Create an additional template file for the prod-promote add-ins * Create a new Tf output for the Makefile add-ins for the bagit Lambda that is deployed in us-west-2 * Create a new Tf output for the dev-build add-ins for the bagit Lambda that is deployed in us-west-2 * Create a new Tf output for the stage-build add-ins for the bagit Lambda that is deployed in us-west-2 * Create a new Tf output for the prod-promote add-ins for the bagit Lambda that is deployed in us-west-2 Side effects of this change: None. Relevant ticket(s): * https://mitlibraries.atlassian.net/browse/IR-238
diff --git a/README.md b/README.md
@@ -270,9 +270,13 @@ This is a core infrastructure repository that defines infrastructure related to
 | ppod\_prod\_promote\_workflow | Full contents of the prod-promote.yml for the ppod repo |
 | ppod\_stage\_build\_workflow | Full contents of the stage-build.yml for the ppod repo |
 | s3\_bagit\_validator\_dev\_build\_workflow | Full contents of the dev-build.yml for the s3-bagit-validator repo |
+| s3\_bagit\_validator\_dev\_build\_workflow\_west | Additional job for the dev-build.yml for the s3-bagit-validator repo to deploy in us-west-2 |
 | s3\_bagit\_validator\_makefile | Full contents of the Makefile for the s3-bagit-validator repo (allows devs to push to Dev account only) |
+| s3\_bagit\_validator\_makefile\_west | Full contents of the Makefile for the s3-bagit-validator repo (allows devs to push to Dev account only) |
 | s3\_bagit\_validator\_prod\_promote\_workflow | Full contents of the prod-promote.yml for the s3-bagit-validator repo |
+| s3\_bagit\_validator\_prod\_promote\_workflow\_west | Additional job for the prod-promote.yml for the s3-bagit-validator repo to deploy in us-west-2 |
 | s3\_bagit\_validator\_stage\_build\_workflow | Full contents of the stage-build.yml for the s3-bagit-validator repo |
+| s3\_bagit\_validator\_stage\_build\_workflow\_west | Additional job for the stage-build.yml for the s3-bagit-validator repo to deploy in us-west-2 |
 | sapinvoices\_dev\_build\_workflow | Full contents of the dev-build.yml for the alma-sapinvoices repo |
 | sapinvoices\_makefile | Full contents of the Makefile for the alma-sapinvoices repo (allows devs to push to Dev account only) |
 | sapinvoices\_prod\_promote\_workflow | Full contents of the prod-promote.yml for the alma-sapinvoices repo |
diff --git a/cdps_ecrs_east_default.tf b/cdps_ecrs_east_default.tf
diff --git a/cdps_ecrs_west.tf b/cdps_ecrs_west.tf
@@ -17,50 +17,52 @@ module "ecr_cdps_s3_bagit_validator_west" {
   }
 }
 
-# ## For s3-bagit-validator application repo and ECR repository
-# # Outputs in dev
-# output "s3_bagit_validator_dev_build_workflow_west" {
-#   value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/dev-build.tpl", {
-#     region   = var.aws_region
-#     role     = module.ecr_cdps_s3_bagit_validator_west.gha_role
-#     ecr      = module.ecr_cdps_s3_bagit_validator_west.repository_name
-#     function = local.ecr_cdps_s3_bagit_validator_function_name
-#     }
-#   )
-#   description = "Full contents of the dev-build.yml for the s3-bagit-validator repo to deploy in us-west-2"
-# }
-# output "s3_bagit_validator_makefile_west" {
-#   value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/makefile.tpl", {
-#     ecr_name = module.ecr_cdps_s3_bagit_validator_west.repository_name
-#     ecr_url  = module.ecr_cdps_s3_bagit_validator_west.repository_url
-#     function = local.ecr_cdps_s3_bagit_validator_function_name
-#     }
-#   )
-#   description = "Full contents of the Makefile for the s3-bagit-validator repo (allows devs to push to Dev account only)"
-# }
+## For s3-bagit-validator application repo and ECR repository in us-west-2
+# Outputs in dev
+output "s3_bagit_validator_dev_build_workflow_west" {
+  value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/dev-build-extra-region.tpl", {
+    region   = "us-west-2"
+    role     = module.ecr_cdps_s3_bagit_validator.gha_role
+    ecr      = module.ecr_cdps_s3_bagit_validator_west.repository_name
+    function = local.ecr_cdps_s3_bagit_validator_function_name
+    }
+  )
+  description = "Additional job for the dev-build.yml for the s3-bagit-validator repo to deploy in us-west-2"
+}
 
-# # Outputs in stage
-# output "s3_bagit_validator_stage_build_workflow_west" {
-#   value = var.environment == "prod" || var.environment == "dev" ? null : templatefile("${path.module}/files/stage-build.tpl", {
-#     region   = var.aws_region
-#     role     = module.ecr_cdps_s3_bagit_validator_west.gha_role
-#     ecr      = module.ecr_cdps_s3_bagit_validator_west.repository_name
-#     function = local.ecr_cdps_s3_bagit_validator_function_name
-#     }
-#   )
-#   description = "Full contents of the stage-build.yml for the s3-bagit-validator repo to deploy in us-west-2"
-# }
+output "s3_bagit_validator_makefile_west" {
+  value = var.environment == "prod" || var.environment == "stage" ? null : templatefile("${path.module}/files/makefile-extra-region.tpl", {
+    region   = "us-west-2"
+    ecr_name = module.ecr_cdps_s3_bagit_validator_west.repository_name
+    ecr_url  = module.ecr_cdps_s3_bagit_validator_west.repository_url
+    function = local.ecr_cdps_s3_bagit_validator_function_name
+    }
+  )
+  description = "Full contents of the Makefile for the s3-bagit-validator repo (allows devs to push to Dev account only)"
+}
 
-# # Outputs after promotion to prod
-# output "s3_bagit_validator_prod_promote_workflow_west" {
-#   value = var.environment == "stage" || var.environment == "dev" ? null : templatefile("${path.module}/files/prod-promote.tpl", {
-#     region     = var.aws_region
-#     role_stage = "${module.ecr_cdps_s3_bagit_validator_west.repo_name}-gha-stage"
-#     role_prod  = "${module.ecr_cdps_s3_bagit_validator_west.repo_name}-gha-prod"
-#     ecr_stage  = "${module.ecr_cdps_s3_bagit_validator_west.repo_name}-stage"
-#     ecr_prod   = "${module.ecr_cdps_s3_bagit_validator_west.repo_name}-prod"
-#     function   = local.ecr_cdps_s3_bagit_validator_function_name
-#     }
-#   )
-#   description = "Full contents of the prod-promote.yml for the s3-bagit-validator repo to deploy in us-west-2"
-# }
+# Outputs in stage
+output "s3_bagit_validator_stage_build_workflow_west" {
+  value = var.environment == "prod" || var.environment == "dev" ? null : templatefile("${path.module}/files/stage-build.tpl", {
+    region   = "us-west-2"
+    role     = module.ecr_cdps_s3_bagit_validator.gha_role
+    ecr      = module.ecr_cdps_s3_bagit_validator_west.repository_name
+    function = local.ecr_cdps_s3_bagit_validator_function_name
+    }
+  )
+  description = "Additional job for the stage-build.yml for the s3-bagit-validator repo to deploy in us-west-2"
+}
+
+# Outputs after promotion to prod
+output "s3_bagit_validator_prod_promote_workflow_west" {
+  value = var.environment == "stage" || var.environment == "dev" ? null : templatefile("${path.module}/files/prod-promote.tpl", {
+    region     = "us-west-2"
+    role_stage = "${module.ecr_cdps_s3_bagit_validator_west.repo_name}-gha-stage"
+    role_prod  = "${module.ecr_cdps_s3_bagit_validator_west.repo_name}-gha-prod"
+    ecr_stage  = "${module.ecr_cdps_s3_bagit_validator_west.repo_name}-stage"
+    ecr_prod   = "${module.ecr_cdps_s3_bagit_validator_west.repo_name}-prod"
+    function   = local.ecr_cdps_s3_bagit_validator_function_name
+    }
+  )
+  description = "Additional job for the prod-promote.yml for the s3-bagit-validator repo to deploy in us-west-2"
+}
diff --git a/files/dev-build-extra-region.tpl b/files/dev-build-extra-region.tpl
@@ -0,0 +1,15 @@
+### This is the Terraform-generated extra workflow job for the
+### ${ecr} app repository.
+### This should be added to jobs section of the dev-build.yml.
+### If this is a Lambda function, uncomment the FUNCTION: line
+
+  deploy-${region}:
+    name: Dev Container Deploy ${region}
+    uses: mitlibraries/.github/.github/workflows/ecr-shared-deploy-dev.yml@main
+    secrets: inherit
+    with:
+      AWS_REGION: "${region}"
+      GHA_ROLE: "${role}"
+      ECR: "${ecr}"
+      # FUNCTION: "${function}"
+      # PREBUILD: 
diff --git a/files/makefile-extra-region.tpl b/files/makefile-extra-region.tpl
@@ -0,0 +1,19 @@
+### Add the following lines to the Makefile header:
+ECR_URL_OTHER_DEV:=${ecr_url}
+### End of Terraform-generated header
+
+
+### Add the following lines to the docker build command in the dist-dev command
+	    -t $(ECR_URL_OTHER_DEV):latest \
+		-t $(ECR_URL_OTHER_DEV):`git describe --always` \
+
+
+### Add the following lines to the publish-dev command:
+publish-dev: dist-dev ## Build, tag and push (intended for developer-based manual publish)
+	docker login -u AWS -p $$(aws ecr get-login-password --region ${region}) $(ECR_URL_OTHER_DEV)
+	docker push $(ECR_URL_OTHER_DEV):latest
+	docker push $(ECR_URL_OTHER_DEV):`git describe --always`
+
+
+### Add the following line to the update-lambda-dev command if this is a Lambda Function
+#	aws lambda update-function-code --region ${region} --function-name $(FUNCTION_DEV) --image-uri $(ECR_URL_OTHER_DEV):latest
diff --git a/files/makefile.tpl b/files/makefile.tpl
@@ -20,7 +20,7 @@ publish-dev: dist-dev ## Build, tag and push (intended for developer-based manua
 
 ### If this is a Lambda repo, uncomment the two lines below     ###
 # update-lambda-dev: ## Updates the lambda with whatever is the most recent image in the ecr (intended for developer-based manual update)
-#	aws lambda update-function-code --function-name $(FUNCTION_DEV) --image-uri $(ECR_URL_DEV):latest
+#	aws lambda update-function-code --region us-east-1 --function-name $(FUNCTION_DEV) --image-uri $(ECR_URL_DEV):latest
 
 
 ### Terraform-generated manual shortcuts for deploying to Stage. This requires  ###
diff --git a/files/prod-promote-extra-region.tpl b/files/prod-promote-extra-region.tpl
@@ -0,0 +1,15 @@
+### This should be added to jobs section of the dev-build.yml.
+### If this is a Lambda function, uncomment the FUNCTION: line
+
+  deploy-${region}:
+    name: Prod Container Promote ${region}
+    uses: mitlibraries/.github/.github/workflows/ecr-shared-promote-prod.yml@main
+    secrets: inherit
+    with:
+      AWS_REGION: "${region}"
+      GHA_ROLE_STAGE: ${role_stage}
+      GHA_ROLE_PROD: ${role_prod}
+      ECR_STAGE: "${ecr_stage}"
+      ECR_PROD: "${ecr_prod}"
+      # FUNCTION: "${function}"
+ 
diff --git a/files/stage-build-extra-region.tpl b/files/stage-build-extra-region.tpl
@@ -0,0 +1,13 @@
+### This should be added to jobs section of the stage-build.yml.
+### If this is a Lambda function, uncomment the FUNCTION: line
+
+  deploy-${region}:
+    name: Stage Container Deploy ${region}
+    uses: mitlibraries/.github/.github/workflows/ecr-shared-deploy-stage.yml@main
+    secrets: inherit
+    with:
+      AWS_REGION: "${region}"
+      GHA_ROLE: "${role}"
+      ECR: "${ecr}"
+      # FUNCTION: "${function}"
+      # PREBUILD: 
