Skip to content

ci: Add workflow to launch a tools container. #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 3, 2025
Merged

ci: Add workflow to launch a tools container. #30

merged 3 commits into from
Oct 3, 2025

Conversation

jamesiarmes
Copy link
Member

No description provided.

@jamesiarmes jamesiarmes requested a review from a team as a code owner October 2, 2025 21:04
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 2, 2025
edited
Loading

Plan output for service config


Note: Objects have changed outside of OpenTofu

OpenTofu detected the following changes made outside of OpenTofu since the
last "tofu apply" which may have affected this plan:

  # module.system.module.tools.docker_image.container has been deleted
  - resource "docker_image" "container" {
      - id       = "sha256:6611c9831311ce9f986dcf356df81ba1013c9cdff28ed288638aa045e615a37c207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:e712dc94c9128a3bbac1f221ff83ddb4bbe16c6c" -> null
      - name     = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:e712dc94c9128a3bbac1f221ff83ddb4bbe16c6c" -> null
        # (2 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.system.module.consumer.module.task.docker_image.container has been deleted
  - resource "docker_image" "container" {
      - id       = "sha256:f71480df2af51219fc8b262c82d341ccb816f47d2e96496957c58049eacedf06207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-dev-consumer:e712dc94c9128a3bbac1f221ff83ddb4bbe16c6c" -> null
      - name     = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-dev-consumer:e712dc94c9128a3bbac1f221ff83ddb4bbe16c6c" -> null
        # (2 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
+/- create replacement and then destroy

OpenTofu will perform the following actions:

  # module.system.module.tools.docker_image.container will be created
  + resource "docker_image" "container" {
      + id          = (known after apply)
      + image_id    = (known after apply)
      + name        = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:f95374af44e27aa75c71b59130d870fdb7bf61fa"
      + repo_digest = (known after apply)
      + triggers    = {
          + "image_tage" = "f95374af44e27aa75c71b59130d870fdb7bf61fa"
        }

      + build {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.system.module.tools.docker_registry_image.container must be replaced
+/- resource "docker_registry_image" "container" {
      ~ id                   = "sha256:09df1308566a9459ee5fefded42134dd71b9ef5a7af10c382a94b76cd427f316" -> (known after apply)
      ~ name                 = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:e712dc94c9128a3bbac1f221ff83ddb4bbe16c6c" -> "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:f95374af44e27aa75c71b59130d870fdb7bf61fa" # forces replacement
      ~ sha256_digest        = "sha256:09df1308566a9459ee5fefded42134dd71b9ef5a7af10c382a94b76cd427f316" -> (known after apply)
      ~ triggers             = { # forces replacement
          - "sha" = "sha256:6611c9831311ce9f986dcf356df81ba1013c9cdff28ed288638aa045e615a37c207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:e712dc94c9128a3bbac1f221ff83ddb4bbe16c6c"
        } -> (known after apply) # forces replacement
        # (2 unchanged attributes hidden)

      ~ auth_config {
          ~ password = (sensitive value)
            # (2 unchanged attributes hidden)
        }
    }

  # module.system.module.consumer.module.service.aws_ecs_service.main[0] will be updated in-place
  ~ resource "aws_ecs_service" "main" {
      ~ desired_count                      = 1 -> 0
        id                                 = "arn:aws:ecs:us-west-1:207495628382:service/sqs-senzing-development/sqs-senzing-development-consumer"
        name                               = "sqs-senzing-development-consumer"
        tags                               = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
      ~ task_definition                    = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-dev-consumer:18" -> (known after apply)
        # (18 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.system.module.consumer.module.task.docker_image.container will be created
  + resource "docker_image" "container" {
      + id          = (known after apply)
      + image_id    = (known after apply)
      + name        = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-dev-consumer:f95374af44e27aa75c71b59130d870fdb7bf61fa"
      + repo_digest = (known after apply)
      + triggers    = {
          + "image_tage" = "f95374af44e27aa75c71b59130d870fdb7bf61fa"
        }

      + build {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.system.module.consumer.module.task.docker_registry_image.container must be replaced
+/- resource "docker_registry_image" "container" {
      ~ id                   = "sha256:828e5e694d445018aaa23fe96b6c16c0f78f2aae44498f616c433e6eaa57db44" -> (known after apply)
      ~ name                 = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-dev-consumer:e712dc94c9128a3bbac1f221ff83ddb4bbe16c6c" -> "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-dev-consumer:f95374af44e27aa75c71b59130d870fdb7bf61fa" # forces replacement
      ~ sha256_digest        = "sha256:828e5e694d445018aaa23fe96b6c16c0f78f2aae44498f616c433e6eaa57db44" -> (known after apply)
      ~ triggers             = { # forces replacement
          - "sha" = "sha256:f71480df2af51219fc8b262c82d341ccb816f47d2e96496957c58049eacedf06207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-dev-consumer:e712dc94c9128a3bbac1f221ff83ddb4bbe16c6c"
        } -> (known after apply) # forces replacement
        # (2 unchanged attributes hidden)

      ~ auth_config {
          ~ password = (sensitive value)
            # (2 unchanged attributes hidden)
        }
    }

  # module.system.module.tools.module.ecs_task.aws_ecs_task_definition.main[0] must be replaced
+/- resource "aws_ecs_task_definition" "main" {
      ~ arn                      = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-tools:43" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-tools" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                  - mountPoints            = []
                    name                   = "otel-collector"
                  - portMappings           = []
                  - systemControls         = []
                  - volumesFrom            = []
                    # (7 unchanged attributes hidden)
                },
              ~ {
                  ~ image                  = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:e712dc94c9128a3bbac1f221ff83ddb4bbe16c6c" -> "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:f95374af44e27aa75c71b59130d870fdb7bf61fa"
                    name                   = "sqs-senzing-development-tools"
                  ~ portMappings           = [
                      ~ {
                          - hostPort      = 80
                          - protocol      = "tcp"
                            # (1 unchanged attribute hidden)
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                    # (10 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ id                       = "sqs-senzing-development-tools" -> (known after apply)
      ~ revision                 = 43 -> (known after apply)
        tags                     = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
        # (12 unchanged attributes hidden)

      - volume {
          - configure_at_launch = false -> null
          - name                = "aws-lib" -> null
        }
      - volume {
          - configure_at_launch = false -> null
          - name                = "logs" -> null
        }
      - volume {
          - configure_at_launch = false -> null
          - name                = "senzing-home" -> null
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "aws-lib"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "logs"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "senzing-home"
        }
    }

  # module.system.module.consumer.module.task.module.ecs_task.aws_ecs_task_definition.main[0] must be replaced
+/- resource "aws_ecs_task_definition" "main" {
      ~ arn                      = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-dev-consumer:18" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-dev-consumer" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                  - mountPoints            = []
                    name                   = "otel-collector"
                  - portMappings           = []
                  - systemControls         = []
                  - volumesFrom            = []
                    # (7 unchanged attributes hidden)
                },
              ~ {
                  ~ image                  = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-dev-consumer:e712dc94c9128a3bbac1f221ff83ddb4bbe16c6c" -> "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-dev-consumer:f95374af44e27aa75c71b59130d870fdb7bf61fa"
                    name                   = "sqs-senzing-dev-consumer"
                  ~ portMappings           = [
                      ~ {
                          - hostPort      = 80
                          - protocol      = "tcp"
                            # (1 unchanged attribute hidden)
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                    # (10 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ id                       = "sqs-senzing-dev-consumer" -> (known after apply)
      ~ revision                 = 18 -> (known after apply)
        tags                     = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
        # (12 unchanged attributes hidden)

      - volume {
          - configure_at_launch = false -> null
          - name                = "logs" -> null
        }
      - volume {
          - configure_at_launch = false -> null
          - name                = "senzing-home" -> null
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "logs"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "senzing-home"
        }
    }

Plan: 6 to add, 1 to change, 4 to destroy.

Changes to Outputs:
  + container_subnets      = [
      + "subnet-0b64a14539d697a4e",
      + "subnet-03dfcfff330d289fb",
    ]
  + image_tag              = "f95374af44e27aa75c71b59130d870fdb7bf61fa"
  + task_security_group_id = "sg-0f7c26de2ae898193"

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: tfplan

To perform exactly these actions, run the following command to apply:
    tofu apply "tfplan"

@jamesiarmes jamesiarmes requested a review from Copilot October 2, 2025 21:29
Copilot
Copilot AI reviewed Oct 2, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a GitHub workflow to launch a tools container within the infrastructure, alongside refactoring OpenTofu setup code and updating infrastructure configurations.

  • Adds a new GitHub workflow launch-tools.yaml for running containers in ECS environments
  • Refactors OpenTofu setup logic into a reusable GitHub action to reduce duplication
  • Updates Terraform configurations to support zero database instances and expose new outputs

Reviewed Changes

Copilot reviewed 12 out of 13 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
.github/workflows/launch-tools.yaml New workflow for launching tools containers in ECS environments
.github/actions/setup-opentofu/action.yaml New reusable action for OpenTofu setup and initialization
.github/workflows/plan.yaml Refactored to use the new setup-opentofu action
.github/workflows/deploy.yaml Refactored to use the new setup-opentofu action
tofu/modules/system/variables.tf Updated database instance count validation to allow zero instances
tofu/modules/system/outputs.tf Added task security group ID output
tofu/config/service/variables.tf Added database instance count variable with validation
tofu/config/service/outputs.tf Added multiple new outputs for container configuration
tofu/config/service/main.tf Updated to use new database instance count variable and image tag local
tofu/config/service/locals.tf New file containing image tag calculation logic
tofu/modules/ephemeral_service/versions.tf Updated Docker provider version from ~> 3.6 to ~> 3.7
tofu/modules/ephemeral_service/docker.tf Added auth_config for docker_image and reordered auth_config fields
Files not reviewed (1)
  • tofu/config/service/.terraform.lock.hcl: Language not supported

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@jamesiarmes jamesiarmes merged commit ce4d106 into main Oct 3, 2025
10 of 11 checks passed
@jamesiarmes jamesiarmes deleted the launch-tools branch October 3, 2025 00:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jamesiarmes