add efs to task definition and fix dockerfile to have a execution command

Author: Deepthi-Chand

.github/workflows/deploy-to-ecs.yml

@@ -89,13 +89,13 @@ jobs:
           docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
           echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
 
-      - name: Download current task definition
-        id: download-taskdef
+      - name: Download task definition and get EFS ID
         run: |
-          aws ecs describe-task-definition \
-            --task-definition dataspace \
-            --query taskDefinition > aws/current-task-definition.json
-          cat aws/current-task-definition.json
+          aws ecs describe-task-definition --task-definition dataspace --query taskDefinition > aws/current-task-definition.json
+          aws ecs describe-task-definition --task-definition dataspace-otel-collector --query taskDefinition > aws/current-otel-task-definition.json
+          # Get the EFS ID from CloudFormation export
+          EFS_ID=$(aws cloudformation list-exports --query "Exports[?Name=='dataspace-${{ env.ENVIRONMENT }}-MigrationsFileSystemId'].Value" --output text)
+          echo "EFS_ID=$EFS_ID" >> $GITHUB_ENV
 
       - name: Update container image only
         id: task-def-app

Dockerfile

@@ -12,10 +12,18 @@ RUN echo 'deb http://archive.debian.org/debian stretch main contrib non-free' >>
 WORKDIR /code
 COPY . /code/
 
-RUN pip install psycopg2-binary
+RUN pip install psycopg2-binary uvicorn
 RUN pip install -r requirements.txt
-#RUN python manage.py migrate
+
+# Create healthcheck script
+RUN echo '#!/bin/bash\nset -e\npython -c "import sys; import django; django.setup(); sys.exit(0)"' > /code/healthcheck.sh \
+    && chmod +x /code/healthcheck.sh
 
 
 EXPOSE 8000
-#CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]
+
+# Make entrypoint script executable
+RUN chmod +x /code/docker-entrypoint.sh
+
+ENTRYPOINT ["/code/docker-entrypoint.sh"]
+CMD ["uvicorn", "DataSpace.asgi:application", "--host", "0.0.0.0", "--port", "8000"]

aws/cloudformation/dataspace-infrastructure.yml

@@ -316,6 +316,39 @@ Resources:
       Value: !Sub 'https://dataspace-${Environment}.yourdomain.com'
       Description: URL whitelist
 
+  MigrationsFileSystem:
+    Type: AWS::EFS::FileSystem
+    Properties:
+      PerformanceMode: generalPurpose
+      Encrypted: true
+      FileSystemTags:
+        - Key: Name
+          Value: {"Fn::Sub": "${AWS::StackName}-migrations"}
+
+  MigrationsAccessPoint:
+    Type: AWS::EFS::AccessPoint
+    Properties:
+      FileSystemId: {"Ref": "MigrationsFileSystem"}
+      PosixUser:
+        Uid: "1000"
+        Gid: "1000"
+      RootDirectory:
+        Path: "/migrations"
+        CreationInfo:
+          OwnerUid: "1000"
+          OwnerGid: "1000"
+          Permissions: "755"
+
+  MigrationsFileSystemMountTarget:
+    Type: AWS::EFS::MountTarget
+    Properties:
+      FileSystemId:
+        Ref: MigrationsFileSystem
+      SubnetId:
+        "Fn::Select": [0, {"Ref": "SubnetIds"}]
+      SecurityGroups:
+        - {"Ref": "ECSSecurityGroup"}
+
 Outputs:
   ClusterName:
     Description: ECS Cluster Name
@@ -331,8 +364,16 @@ Outputs:
 
   RedisEndpoint:
     Description: Redis endpoint
-    Value: !GetAtt RedisCluster.RedisEndpoint.Address
+    Value: {"Fn::GetAtt": ["RedisCluster", "RedisEndpoint.Address"]}
 
   TaskExecutionRoleArn:
     Description: ECS Task Execution Role ARN
-    Value: !GetAtt ECSTaskExecutionRole.Arn
+    Value: {"Fn::GetAtt": ["ECSTaskExecutionRole", "Arn"]}
+    Export:
+      Name: {"Fn::Sub": "${AWS::StackName}-ECSTaskExecutionRoleArn"}
+
+  MigrationsFileSystemId:
+    Description: EFS File System ID for migrations
+    Value: {"Ref": "MigrationsFileSystem"}
+    Export:
+      Name: {"Fn::Sub": "${AWS::StackName}-MigrationsFileSystemId"}

aws/task-definition.json.template

@@ -1,10 +1,24 @@
 {
   "family": "dataspace",
   "executionRoleArn": "${ECS_EXECUTION_ROLE_ARN}",
+  "taskRoleArn": "${ECS_EXECUTION_ROLE_ARN}",
   "networkMode": "awsvpc",
   "requiresCompatibilities": ["FARGATE"],
   "cpu": "${CPU_UNITS}",
   "memory": "${MEMORY_UNITS}",
+  "volumes": [
+    {
+      "name": "migrations-volume",
+      "efsVolumeConfiguration": {
+        "fileSystemId": "${EFS_ID}",
+        "rootDirectory": "/migrations",
+        "transitEncryption": "ENABLED",
+        "authorizationConfig": {
+          "iam": "ENABLED"
+        }
+      }
+    }
+  ],
   "containerDefinitions": [
     {
       "name": "dataspace",
@@ -17,6 +31,13 @@
           "protocol": "tcp"
         }
       ],
+      "mountPoints": [
+        {
+          "sourceVolume": "migrations-volume",
+          "containerPath": "/code/api/migrations",
+          "readOnly": false
+        }
+      ],
       "environment": [
         { "name": "DEBUG", "value": "${DEBUG_MODE}" },
         { "name": "APP_PORT", "value": "${APP_PORT}" },
@@ -46,7 +67,7 @@
         }
       },
       "healthCheck": {
-        "command": ["CMD-SHELL", "curl -f http://localhost:${APP_PORT}/health/ || exit 1"],
+        "command": ["CMD-SHELL", "/code/healthcheck.sh && curl -f http://localhost:${APP_PORT}/health/ || exit 1"],
         "interval": 30,
         "timeout": 5,
         "retries": 3,