workon dockerfile

ecs-terraform/Dockerfile

@@ -0,0 +1,3 @@
+FROM hashicorp/terraform:1.9.7 AS release
+
+COPY ../ .

ecs-terraform/Makefile

@@ -0,0 +1,75 @@
+#############
+# Constants #
+#############
+
+ORG ?= HHS
+REPO ?= simpler-grants-gov
+SPRINT_PROJECT ?= 13
+ROADMAP_PROJECT ?= 12
+OUTPUT_DIR ?= data
+SPRINT_FILE ?= $(OUTPUT_DIR)/sprint-data.json
+ROADMAP_FILE ?= $(OUTPUT_DIR)/roadmap-data.json
+ISSUE_FILE ?= $(OUTPUT_DIR)/issue-data.json
+SPRINT ?= @current
+UNIT ?= points
+ACTION ?= show-results
+MIN_TEST_COVERAGE ?= 80
+APP_NAME ?= grants-analytics
+
+# Required for CI to work properly
+SHELL = /bin/bash -o pipefail
+
+ifdef CI
+ DOCKER_EXEC_ARGS := -T -e CI -e GH_TOKEN -e ANALYTICS_SLACK_BOT_TOKEN -e ANALYTICS_REPORTING_CHANNEL_ID
+else
+ DOCKER_EXEC_ARGS := -e GH_TOKEN
+endif
+
+# By default, all python/poetry commands will run inside of the docker container
+# if you wish to run this natively, add PY_RUN_APPROACH=local to your environment vars
+# You can set this by either running `export PY_RUN_APPROACH=local` in your shell or add
+# it to your ~/.zshrc file (and run `source ~/.zshrc`)
+ifeq "$(PY_RUN_APPROACH)" "local"
+POETRY := poetry run
+GITHUB := gh
+else
+POETRY := docker compose run $(DOCKER_EXEC_ARGS) --rm $(APP_NAME) poetry run
+GITHUB := docker compose run $(DOCKER_EXEC_ARGS) --rm $(APP_NAME) gh
+endif
+
+# Docker user configuration
+# This logic is to avoid issues with permissions and mounting local volumes,
+# which should be owned by the same UID for Linux distros. Mac OS can use root,
+# but it is best practice to run things as with least permission where possible
+
+# Can be set by adding user=<username> and/ or uid=<id> after the make command
+# If variables are not set explicitly: try looking up values from current
+# environment, otherwise fixed defaults.
+# uid= defaults to 0 if user= set (which makes sense if user=root, otherwise you
+# probably want to set uid as well).
+ifeq ($(user),)
+RUN_USER ?= $(or $(strip $(USER)),nodummy)
+RUN_UID ?= $(or $(strip $(shell id -u)),4000)
+else
+RUN_USER = $(user)
+RUN_UID = $(or $(strip $(uid)),0)
+endif
+
+export RUN_USER
+export RUN_UID
+
+##################
+# Build Commands #
+##################
+
+build:
+	docker compose build
+
+release-build:
+	docker buildx build \
+		--target release \
+		--platform=linux/amd64 \
+		--build-arg RUN_USER=$(RUN_USER) \
+		--build-arg RUN_UID=$(RUN_UID) \
+		$(OPTS) \
+		.

ecs-terraform/docker-compose.yml

@@ -0,0 +1,5 @@
+services:
+  ecs-terraform:
+    build:
+      context: .
+    container_name: ecs-terraform

infra/ecs-terraform/app-config/env-config/environment-variables.tf

@@ -2,12 +2,7 @@ locals {
   # Map from environment variable name to environment variable value
   # This is a map rather than a list so that variables can be easily
   # overridden per environment using terraform's `merge` function
-  default_extra_environment_variables = {
-    # Example environment variables
-    # WORKER_THREADS_COUNT    = 4
-    # LOG_LEVEL               = "info"
-    # DB_CONNECTION_POOL_SIZE = 5
-  }
+  default_extra_environment_variables = {}
 
   # Configuration for secrets
   # List of configurations for defining environment variables that pull from SSM parameter
@@ -18,10 +13,5 @@ locals {
   #     secret_store_name = "/ssm/param/name"
   #   }
   # }
-  secrets = {
-    API_AUTH_TOKEN = {
-      manage_method     = "manual"
-      secret_store_name = "/api/${var.environment}/api-auth-token"
-    }
-  }
+  secrets = {}
 }

infra/ecs-terraform/app-config/main.tf

@@ -1,6 +1,6 @@
 locals {
-  app_name                        = "api"
-  environments                    = ["dev", "prod"]
+  app_name                        = "ecs-terraform"
+  environments                    = ["dev", "staging", "prod"]
   project_name                    = module.project_config.project_name
   has_database                    = true
   has_incident_management_service = false