Adds optional Fargate-based build tasks

Twsouza · Twsouza · commit 14b5acb93da5 · 2025-03-31T15:21:51.000-03:00
Allows switching build tasks between EC2 and Fargate
to enhance flexibility.
diff --git a/provider/aws/builds.go b/provider/aws/builds.go
@@ -864,11 +864,73 @@ func (p *Provider) runBuild(build *structs.Build, burl string, opts structs.Buil
 		}
 	}
 
+	stackFargateBuild, err := p.stackParameter(p.Rack, "FargateBuild")
+	if err != nil {
+		return err
+	}
+
+	launchType := aws.String("EC2")
+	nc := &ecs.NetworkConfiguration{}
+	if stackFargateBuild == "Yes" {
+		secGroups, subnets := []*string{}, []*string{}
+		snet0, err := p.stackResource(p.Rack, "Subnet0")
+		if err != nil {
+			log.Error(err)
+			return err
+		}
+		if snet0 != nil && snet0.PhysicalResourceId != nil {
+			subnets = append(subnets, snet0.PhysicalResourceId)
+		}
+
+		snet1, err := p.stackResource(p.Rack, "Subnet1")
+		if err != nil {
+			log.Error(err)
+			return err
+		}
+		if snet1 != nil && snet1.PhysicalResourceId != nil {
+			subnets = append(subnets, snet1.PhysicalResourceId)
+		}
+
+		pnet0, err := p.stackResource(p.Rack, "SubnetPrivate0")
+		if err != nil {
+			log.Error(err)
+			return err
+		}
+		if pnet0 != nil && pnet0.PhysicalResourceId != nil {
+			subnets = append(subnets, pnet0.PhysicalResourceId)
+		}
+
+		pnet1, err := p.stackResource(p.Rack, "SubnetPrivate1")
+		if err != nil {
+			log.Error(err)
+			return err
+		}
+		if pnet1 != nil && pnet1.PhysicalResourceId != nil {
+			subnets = append(subnets, pnet1.PhysicalResourceId)
+		}
+
+		biSecGroup, err := p.stackResource(p.Rack, "BuildInstanceSecurityGroup")
+		if err != nil {
+			log.Error(err)
+			return err
+		}
+		if biSecGroup != nil && biSecGroup.PhysicalResourceId != nil {
+			secGroups = append(secGroups, biSecGroup.PhysicalResourceId)
+		}
+
+		launchType = aws.String("FARGATE")
+		nc.AwsvpcConfiguration = &ecs.AwsVpcConfiguration{
+			Subnets:        subnets,
+			SecurityGroups: secGroups,
+		}
+	}
+
 	req := &ecs.RunTaskInput{
 		Cluster:        aws.String(p.BuildCluster),
 		Count:          aws.Int64(1),
 		StartedBy:      aws.String(fmt.Sprintf("convox.%s", build.App)),
 		TaskDefinition: aws.String(td),
+		LaunchType:     launchType,
 		Overrides: &ecs.TaskOverride{
 			ContainerOverrides: []*ecs.ContainerOverride{
 				{
@@ -928,6 +990,9 @@ func (p *Provider) runBuild(build *structs.Build, burl string, opts structs.Buil
 			},
 		},
 	}
+	if nc.AwsvpcConfiguration != nil {
+		req.NetworkConfiguration = nc
+	}
 
 	task, err := p.runTask(req)
 	if err != nil {
diff --git a/provider/aws/formation/rack.json b/provider/aws/formation/rack.json
@@ -46,6 +46,17 @@
     "ExistingVpcAndInternetGateway": {
       "Fn::And": [ { "Condition": "ExistingVpc" }, { "Condition": "InternetGateway" } ]
     },
+    "BuildUsingFargate": {
+      "Fn::And": [
+        {
+          "Fn::Equals": [
+            { "Fn::FindInMap": [ "RegionConfig", { "Ref": "AWS::Region" }, "Fargate" ] },
+            "Yes"
+          ]
+        },
+        { "Fn::Equals": [ { "Ref": "FargateBuild" }, "Yes" ] }
+      ]
+    },
     "HighAvailability": { "Fn::Equals": [ { "Ref": "HighAvailability" }, "true" ] },
     "HttpProxy": { "Fn::Not": [ { "Fn::Equals": [ { "Ref": "HttpProxy" }, "" ] } ] },
     "InstanceARM": {
@@ -433,7 +444,7 @@
       "Value": { "Ref": "AWS::StackName" }
     },
     "RackDomain": {
-      "Value": { 
+      "Value": {
         "Fn::Join": [ ".", [
           "rack",
           { "Fn::Select": [ 0, { "Fn::Split": [ ".", { "Fn::GetAtt": [ "ApiBalancer", "DNSName" ] } ] } ] },
@@ -765,6 +776,12 @@
       "Default": "false",
       "AllowedValues": [ "true", "false" ]
     },
+    "FargateBuild": {
+      "Type": "String",
+      "Description": "Use Fargate for build instances",
+      "Default": "No",
+      "AllowedValues": [ "Yes", "No" ]
+    },
     "NoHaInstanceCount": {
       "Default": "1",
       "Description": "The number of instances in the runtime cluster for no HighAvailable racks",
@@ -3000,7 +3017,7 @@
                 { "Key": "Name", "Value": { "Ref": "AWS::StackName" }},
                 { "Key": "Rack", "Value": { "Ref": "AWS::StackName" }},
                 { "Key": "GatewayAttachment", "Value": { "Fn::If": [ "ExistingVpc", "existing",{ "Ref": "GatewayAttachment"}]}},
-                { "Key": "NatGateways", "Value": { "Fn::If": 
+                { "Key": "NatGateways", "Value": { "Fn::If":
                   [  "PrivateInstances",
                       {
                         "Fn::Join": [
@@ -3262,7 +3279,7 @@
                 { "Key": "Name", "Value": { "Ref": "AWS::StackName" }},
                 { "Key": "Rack", "Value": { "Ref": "AWS::StackName" }},
                 { "Key": "GatewayAttachment", "Value": { "Fn::If": [ "ExistingVpc", "existing",{ "Ref": "GatewayAttachment"}]}},
-                { "Key": "NatGateways", "Value": { "Fn::If": 
+                { "Key": "NatGateways", "Value": { "Fn::If":
                   [  "PrivateInstances",
                       {
                         "Fn::Join": [
@@ -3968,17 +3985,22 @@
         "DeploymentConfiguration": { "MinimumHealthyPercent": { "Fn::If": [ "HighAvailability", "50", "0" ] }, "MaximumPercent": "200" },
         "DesiredCount": { "Fn::If": [ "HighAvailability", { "Ref": "ApiCount" }, 1 ] },
         "LoadBalancers": [ { "ContainerName": "web", "ContainerPort": "5443", "TargetGroupArn": { "Ref": "ApiBalancerTargetGroup" } }],
-        "PlacementConstraints": [ { "Fn::If": ["SpotFleet", { "Type": "memberOf", "Expression": "attribute:asg == primary" }, { "Ref": "AWS::NoValue" }] } ], 
+        "PlacementConstraints": [ { "Fn::If": ["SpotFleet", { "Type": "memberOf", "Expression": "attribute:asg == primary" }, { "Ref": "AWS::NoValue" }] } ],
         "Role": { "Fn::GetAtt": [ "ServiceRole", "Arn" ] },
         "TaskDefinition": { "Ref": "ApiWebTasks" }
       }
     },
     "ApiBuildTasks": {
       "Type": "AWS::ECS::TaskDefinition",
       "Properties": {
+        "RequiresCompatibilities": [
+          { "Fn::If": [ "BuildUsingFargate", "FARGATE", "EC2" ] }
+        ],
+        "NetworkMode": { "Fn::If": [ "BuildUsingFargate", "awsvpc", "bridge" ] },
+        "Cpu": { "Ref": "BuildCpu" },
+        "Memory": { "Ref": "BuildMemory" },
         "ContainerDefinitions": [
           {
-            "Cpu": { "Ref": "BuildCpu" },
             "DockerLabels": {
               "convox.release": { "Ref": "Version" },
               "rack.ApiBalancerSecurity": { "Ref": "ApiBalancerSecurity" },
@@ -4079,14 +4101,19 @@
             "LinuxParameters": {
               "InitProcessEnabled": "true"
             },
-            "Memory": { "Ref": "BuildMemory" },
             "ReadonlyRootFilesystem": { "Fn::If": [ "EnableContainerReadonlyRootFilesystem", "true", "false" ] },
-            "MountPoints": [
-              { "SourceVolume": "config", "ContainerPath": "/etc/sysconfig/docker" },
-              { "SourceVolume": "docker", "ContainerPath": "/var/run/docker.sock" },
-              { "SourceVolume": "home", "ContainerPath": "/root/" },
-              { "SourceVolume": "temp", "ContainerPath": "/tmp/" }
-            ],
+            "MountPoints": {
+              "Fn::If": [
+                "BuildUsingFargate",
+                { "Ref": "AWS::NoValue" },
+                [
+                  { "SourceVolume": "config", "ContainerPath": "/etc/sysconfig/docker" },
+                  { "SourceVolume": "docker", "ContainerPath": "/var/run/docker.sock" },
+                  { "SourceVolume": "home", "ContainerPath": "/root/" },
+                  { "SourceVolume": "temp", "ContainerPath": "/tmp/" }
+                ]
+              ]
+            },
             "Name": "build",
             "Secrets": [{
               "Name": "PASSWORD",
@@ -4097,12 +4124,18 @@
         "ExecutionRoleArn": { "Fn::GetAtt": [ "ApiRole", "Arn" ] },
         "Family": { "Fn::Sub": "${AWS::StackName}-build" },
         "TaskRoleArn": { "Fn::GetAtt": [ "ApiRole", "Arn" ] },
-        "Volumes": [
-          { "Name": "config", "Host": { "SourcePath": "/etc/sysconfig/docker" } },
-          { "Name": "docker", "Host": { "SourcePath": "/var/run/docker.sock" } },
-          { "Name": "home" },
-          { "Name": "temp" }
-        ]
+        "Volumes": {
+          "Fn::If": [
+            "BuildUsingFargate",
+            { "Ref": "AWS::NoValue" },
+            [
+              { "Name": "config", "Host": { "SourcePath": "/etc/sysconfig/docker" } },
+              { "Name": "docker", "Host": { "SourcePath": "/var/run/docker.sock" } },
+              { "Name": "home" },
+              { "Name": "temp" }
+            ]
+          ]
+        }
       }
     },
     "ApiMonitorTasks": {
@@ -4515,7 +4548,7 @@
         "VersioningConfiguration": { "Status" : {"Ref": "EnableS3Versioning" } },
         "LifecycleConfiguration": { "Fn::If": [ "BlankLogRetention",
           { "Rules": [ { "NoncurrentVersionExpiration": { "NewerNoncurrentVersions" : 1, "NoncurrentDays" : 365 }, "Status": "Enabled" } ] },
-          { "Rules": [ 
+          { "Rules": [
             { "ExpirationInDays": { "Ref": "LogRetention" }, "Status": "Enabled" },
             { "NoncurrentVersionExpiration": { "NewerNoncurrentVersions" : 1, "NoncurrentDays" : 365 }, "Status": "Enabled" }
             ] }
