fix: use only DOCKER_IMAGE_TAG as env input for pulumi, remove unused…

… tasks, fix target name for verifier image in workflow
passportxyz · Jul 24, 2024 · b72c015 · b72c015
1 parent 14e5d0d
commit b72c015
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 35 deletions.
diff --git a/.github/workflows/build_and_deploy_generic.yml b/.github/workflows/build_and_deploy_generic.yml
@@ -98,7 +98,7 @@ jobs:
         with:
           refspec: ${{ needs.ref.outputs.refspec }}
           docker_tag: ${{ needs.ref.outputs.docker_tag }}
-          ecr_repository_name: submit-passport-lambdas
+          ecr_repository_name: passport-indexer
           aws_region: us-west-2
           aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }}
           aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }}

diff --git a/infra/aws/index.ts b/infra/aws/index.ts
@@ -29,6 +29,7 @@ import * as op from "@1password/op-js";
 //////////////////////////////////////////////////////////////
 const PROVISION_STAGING_FOR_LOADTEST =
   `${process.env["PROVISION_STAGING_FOR_LOADTEST"]}`.toLowerCase() === "true";
+export const DOCKER_IMAGE_TAG = `${process.env.DOCKER_IMAGE_TAG || ""}`;
 
 type StackType = "review" | "staging" | "production";
 export const stack: StackType = pulumi.getStack() as StackType;
@@ -54,10 +55,29 @@ const publicDataDomain =
     ? `public.scorer.${rootDomain}`
     : `public.${stack}.scorer.${rootDomain}`;
 
-const dockerGtcPassportScorerImage = `${process.env["DOCKER_GTC_PASSPORT_SCORER_IMAGE"]}`;
-const dockerGtcPassportVerifierImage = `${process.env["DOCKER_GTC_PASSPORT_VERIFIER_IMAGE"]}`;
+const current = aws.getCallerIdentity({});
+const regionData = aws.getRegion({});
+export const dockerGtcPassportScorerImage = pulumi
+  .all([current, regionData])
+  .apply(
+    ([acc, region]) =>
+      `${acc.accountId}.dkr.ecr.${region.id}.amazonaws.com/passport-scorer:${DOCKER_IMAGE_TAG}`
+  );
+
+export const dockerGtcSubmitPassportLambdaImage = pulumi
+  .all([current, regionData])
+  .apply(
+    ([acc, region]) =>
+      `${acc.accountId}.dkr.ecr.${region.id}.amazonaws.com/submit-passport-lambdas:${DOCKER_IMAGE_TAG}`
+  );
+
+export const dockerGtcStakingIndexerImage = pulumi
+  .all([current, regionData])
+  .apply(
+    ([acc, region]) =>
+      `${acc.accountId}.dkr.ecr.${region.id}.amazonaws.com/passport-indexer:${DOCKER_IMAGE_TAG}`
+  );
 
-const dockerGtcSubmitPassportLambdaImage = `${process.env["DOCKER_GTC_SUBMIT_PASSPORT_LAMBDA_IMAGE"]}`;
 const trustedIAMIssuers = op.read.parse(
   `op://DevOps/passport-scorer-${stack}-env/ci/TRUSTED_IAM_ISSUERS`
 );
@@ -715,13 +735,11 @@ const baseScorerServiceConfig: ScorerService = {
   cluster,
   alb,
   dockerImageScorer: dockerGtcPassportScorerImage,
-  dockerImageVerifier: dockerGtcPassportVerifierImage,
   executionRole: dpoppEcsRole,
   taskRole: serviceTaskRole,
   logGroup: serviceLogGroup,
   subnets: vpcPrivateSubnetIds,
   securityGroup: privateSubnetSecurityGroup,
-  needsVerifier: false,
   httpListenerArn: httpsListener.arn,
   targetGroup: targetGroupDefault,
   autoScaleMaxCapacity: 20,
@@ -1440,6 +1458,7 @@ createIndexerService(
     alertTopic: pagerdutyTopic,
     secretReferences: indexerSecrets,
     environment: indexerEnvironment,
+    dockerGtcStakingIndexerImage,
   },
   alarmConfigurations
 );

diff --git a/infra/lib/scorer/new_service.ts b/infra/lib/scorer/new_service.ts
@@ -19,14 +19,12 @@ import {
 
 export type ScorerService = {
   dockerImageScorer: Input<string>;
-  dockerImageVerifier: Input<string>;
   securityGroup: aws.ec2.SecurityGroup;
   executionRole: Role;
   taskRole: Role;
   cluster: Cluster;
   logGroup: LogGroup;
   subnets: Input<Input<string>[]>;
-  needsVerifier: boolean;
   httpListenerArn: Input<string>;
   httpListenerRulePaths?: Input<Input<string>[]>;
   listenerRulePriority?: Input<number>;
@@ -125,30 +123,6 @@ export function createScorerECSService({
     },
   };
 
-  if (config.needsVerifier) {
-    containers.verifier = {
-      name: "verifier",
-      image: config.dockerImageVerifier,
-      memory: 512,
-      links: [],
-      portMappings: [
-        {
-          containerPort: 8001,
-          hostPort: 8001,
-        },
-      ],
-      environment: [
-        {
-          name: "VERIFIER_PORT",
-          value: "8001",
-        },
-      ],
-      linuxParameters: {
-        initProcessEnabled: true,
-      },
-    };
-  }
-
   const service = new awsx.ecs.FargateService(name, {
     propagateTags: "TASK_DEFINITION",
     tags: { name: name },
@@ -591,8 +565,6 @@ export async function createScoreExportBucketAndDomain(
   };
 }
 
-export const dockerGtcStakingIndexerImage = `${process.env["DOCKER_GTC_PASSPORT_INDEXER_IMAGE"]}`;
-
 type IndexerServiceParams = {
   cluster: Cluster;
   privateSubnetIds: Output<any>;
@@ -601,6 +573,7 @@ type IndexerServiceParams = {
   alertTopic: aws.sns.Topic;
   secretReferences: pulumi.Output<secretsManager.SecretRef[]>;
   environment: secretsManager.EnvironmentVar[];
+  dockerGtcStakingIndexerImage: Input<string>;
 };
 
 export function createIndexerService(
@@ -612,6 +585,7 @@ export function createIndexerService(
     alertTopic,
     secretReferences,
     environment,
+    dockerGtcStakingIndexerImage,
   }: IndexerServiceParams,
   alarmThresholds: AlarmConfigurations
 ) {
@@ -886,7 +860,7 @@ export const createSharedLambdaResources = ({
 
 type BuildLambdaFnBaseParams = {
   name: string;
-  imageUri: string;
+  imageUri: Input<string>;
   privateSubnetSecurityGroup: SecurityGroup;
   vpcPrivateSubnetIds: Output<any>;
   environment: { name: string; value: Input<string> }[];