Adds optional Fargate-based build tasks

Allows switching build tasks between EC2 and Fargate
to enhance flexibility.

Author: Twsouza

provider/aws/builds.go

@@ -790,6 +790,75 @@ func (p *Provider) authECR(host, access, secret string) (string, string, error)
 	return parts[0], parts[1], nil
 }
 
+// Helper function to prepare launch configuration
+func (p *Provider) prepareLaunchConfiguration() (*string, *ecs.NetworkConfiguration, error) {
+	stackFargateBuild, err := p.stackParameter(p.Rack, "FargateBuild")
+	if err != nil {
+		return nil, nil, err
+	}
+
+	if stackFargateBuild != "Yes" {
+		return aws.String("EC2"), nil, nil
+	}
+
+	// Fetch subnets and security groups
+	subnets, err := p.fetchSubnets()
+	if err != nil {
+		return nil, nil, err
+	}
+	secGroups, err := p.fetchSecurityGroups()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// Configure Fargate-specific network settings
+	nc := &ecs.NetworkConfiguration{
+		AwsvpcConfiguration: &ecs.AwsVpcConfiguration{
+			Subnets:        subnets,
+			SecurityGroups: secGroups,
+		},
+	}
+
+	return aws.String("FARGATE"), nc, nil
+}
+
+// Helper function to fetch subnets
+func (p *Provider) fetchSubnets() ([]*string, error) {
+	subnets := []*string{}
+	for _, subnet := range []string{"Subnet0", "Subnet1", "SubnetPrivate0", "SubnetPrivate1"} {
+		res, _ := p.stackResource(p.Rack, subnet)
+		if res != nil && res.PhysicalResourceId != nil {
+			subnets = append(subnets, res.PhysicalResourceId)
+		}
+	}
+
+	if len(subnets) == 0 {
+		return nil, fmt.Errorf("no subnets found for Fargate")
+	}
+
+	return subnets, nil
+}
+
+// Helper function to fetch security groups
+func (p *Provider) fetchSecurityGroups() ([]*string, error) {
+	biSecGroup, _ := p.stackParameter(p.Rack, "BuildInstanceSecurityGroup")
+	if biSecGroup != "" {
+		return []*string{aws.String(biSecGroup)}, nil
+	}
+
+	iSecGroup, _ := p.stackParameter(p.Rack, "InstanceSecurityGroup")
+	if iSecGroup != "" {
+		return []*string{aws.String(iSecGroup)}, nil
+	}
+
+	is, _ := p.stackResource(p.Rack, "InstancesSecurity")
+	if is != nil && is.PhysicalResourceId != nil {
+		return []*string{is.PhysicalResourceId}, nil
+	}
+
+	return nil, fmt.Errorf("no security groups found for Fargate")
+}
+
 func (p *Provider) runBuild(build *structs.Build, burl string, opts structs.BuildCreateOptions) error {
 	log := Logger.At("runBuild").Namespace("url=%q", burl).Start()
 
@@ -864,11 +933,19 @@ func (p *Provider) runBuild(build *structs.Build, burl string, opts structs.Buil
 		}
 	}
 
+	// Determine launch type and network configuration
+	launchType, nc, err := p.prepareLaunchConfiguration()
+	if err != nil {
+		Logger.Error(err)
+		return err
+	}
+
 	req := &ecs.RunTaskInput{
 		Cluster:        aws.String(p.BuildCluster),
 		Count:          aws.Int64(1),
 		StartedBy:      aws.String(fmt.Sprintf("convox.%s", build.App)),
 		TaskDefinition: aws.String(td),
+		LaunchType:     launchType,
 		Overrides: &ecs.TaskOverride{
 			ContainerOverrides: []*ecs.ContainerOverride{
 				{
@@ -928,6 +1005,9 @@ func (p *Provider) runBuild(build *structs.Build, burl string, opts structs.Buil
 			},
 		},
 	}
+	if nc.AwsvpcConfiguration != nil {
+		req.NetworkConfiguration = nc
+	}
 
 	task, err := p.runTask(req)
 	if err != nil {

provider/aws/formation/rack.json

@@ -46,6 +46,17 @@
     "ExistingVpcAndInternetGateway": {
       "Fn::And": [ { "Condition": "ExistingVpc" }, { "Condition": "InternetGateway" } ]
     },
+    "BuildUsingFargate": {
+      "Fn::And": [
+        {
+          "Fn::Equals": [
+            { "Fn::FindInMap": [ "RegionConfig", { "Ref": "AWS::Region" }, "Fargate" ] },
+            "Yes"
+          ]
+        },
+        { "Fn::Equals": [ { "Ref": "FargateBuild" }, "Yes" ] }
+      ]
+    },
     "HighAvailability": { "Fn::Equals": [ { "Ref": "HighAvailability" }, "true" ] },
     "HttpProxy": { "Fn::Not": [ { "Fn::Equals": [ { "Ref": "HttpProxy" }, "" ] } ] },
     "InstanceARM": {
@@ -433,7 +444,7 @@
       "Value": { "Ref": "AWS::StackName" }
     },
     "RackDomain": {
-      "Value": { 
+      "Value": {
         "Fn::Join": [ ".", [
           "rack",
           { "Fn::Select": [ 0, { "Fn::Split": [ ".", { "Fn::GetAtt": [ "ApiBalancer", "DNSName" ] } ] } ] },
@@ -765,6 +776,12 @@
       "Default": "false",
       "AllowedValues": [ "true", "false" ]
     },
+    "FargateBuild": {
+      "Type": "String",
+      "Description": "Use Fargate for build instances",
+      "Default": "No",
+      "AllowedValues": [ "Yes", "No" ]
+    },
     "NoHaInstanceCount": {
       "Default": "1",
       "Description": "The number of instances in the runtime cluster for no HighAvailable racks",
@@ -3000,7 +3017,7 @@
                 { "Key": "Name", "Value": { "Ref": "AWS::StackName" }},
                 { "Key": "Rack", "Value": { "Ref": "AWS::StackName" }},
                 { "Key": "GatewayAttachment", "Value": { "Fn::If": [ "ExistingVpc", "existing",{ "Ref": "GatewayAttachment"}]}},
-                { "Key": "NatGateways", "Value": { "Fn::If": 
+                { "Key": "NatGateways", "Value": { "Fn::If":
                   [  "PrivateInstances",
                       {
                         "Fn::Join": [
@@ -3262,7 +3279,7 @@
                 { "Key": "Name", "Value": { "Ref": "AWS::StackName" }},
                 { "Key": "Rack", "Value": { "Ref": "AWS::StackName" }},
                 { "Key": "GatewayAttachment", "Value": { "Fn::If": [ "ExistingVpc", "existing",{ "Ref": "GatewayAttachment"}]}},
-                { "Key": "NatGateways", "Value": { "Fn::If": 
+                { "Key": "NatGateways", "Value": { "Fn::If":
                   [  "PrivateInstances",
                       {
                         "Fn::Join": [
@@ -3968,17 +3985,22 @@
         "DeploymentConfiguration": { "MinimumHealthyPercent": { "Fn::If": [ "HighAvailability", "50", "0" ] }, "MaximumPercent": "200" },
         "DesiredCount": { "Fn::If": [ "HighAvailability", { "Ref": "ApiCount" }, 1 ] },
         "LoadBalancers": [ { "ContainerName": "web", "ContainerPort": "5443", "TargetGroupArn": { "Ref": "ApiBalancerTargetGroup" } }],
-        "PlacementConstraints": [ { "Fn::If": ["SpotFleet", { "Type": "memberOf", "Expression": "attribute:asg == primary" }, { "Ref": "AWS::NoValue" }] } ], 
+        "PlacementConstraints": [ { "Fn::If": ["SpotFleet", { "Type": "memberOf", "Expression": "attribute:asg == primary" }, { "Ref": "AWS::NoValue" }] } ],
         "Role": { "Fn::GetAtt": [ "ServiceRole", "Arn" ] },
         "TaskDefinition": { "Ref": "ApiWebTasks" }
       }
     },
     "ApiBuildTasks": {
       "Type": "AWS::ECS::TaskDefinition",
       "Properties": {
+        "RequiresCompatibilities": [
+          { "Fn::If": [ "BuildUsingFargate", "FARGATE", "EC2" ] }
+        ],
+        "NetworkMode": { "Fn::If": [ "BuildUsingFargate", "awsvpc", "bridge" ] },
+        "Cpu": { "Ref": "BuildCpu" },
+        "Memory": { "Ref": "BuildMemory" },
         "ContainerDefinitions": [
           {
-            "Cpu": { "Ref": "BuildCpu" },
             "DockerLabels": {
               "convox.release": { "Ref": "Version" },
               "rack.ApiBalancerSecurity": { "Ref": "ApiBalancerSecurity" },
@@ -4079,14 +4101,19 @@
             "LinuxParameters": {
               "InitProcessEnabled": "true"
             },
-            "Memory": { "Ref": "BuildMemory" },
             "ReadonlyRootFilesystem": { "Fn::If": [ "EnableContainerReadonlyRootFilesystem", "true", "false" ] },
-            "MountPoints": [
-              { "SourceVolume": "config", "ContainerPath": "/etc/sysconfig/docker" },
-              { "SourceVolume": "docker", "ContainerPath": "/var/run/docker.sock" },
-              { "SourceVolume": "home", "ContainerPath": "/root/" },
-              { "SourceVolume": "temp", "ContainerPath": "/tmp/" }
-            ],
+            "MountPoints": {
+              "Fn::If": [
+                "BuildUsingFargate",
+                { "Ref": "AWS::NoValue" },
+                [
+                  { "SourceVolume": "config", "ContainerPath": "/etc/sysconfig/docker" },
+                  { "SourceVolume": "docker", "ContainerPath": "/var/run/docker.sock" },
+                  { "SourceVolume": "home", "ContainerPath": "/root/" },
+                  { "SourceVolume": "temp", "ContainerPath": "/tmp/" }
+                ]
+              ]
+            },
             "Name": "build",
             "Secrets": [{
               "Name": "PASSWORD",
@@ -4097,12 +4124,18 @@
         "ExecutionRoleArn": { "Fn::GetAtt": [ "ApiRole", "Arn" ] },
         "Family": { "Fn::Sub": "${AWS::StackName}-build" },
         "TaskRoleArn": { "Fn::GetAtt": [ "ApiRole", "Arn" ] },
-        "Volumes": [
-          { "Name": "config", "Host": { "SourcePath": "/etc/sysconfig/docker" } },
-          { "Name": "docker", "Host": { "SourcePath": "/var/run/docker.sock" } },
-          { "Name": "home" },
-          { "Name": "temp" }
-        ]
+        "Volumes": {
+          "Fn::If": [
+            "BuildUsingFargate",
+            { "Ref": "AWS::NoValue" },
+            [
+              { "Name": "config", "Host": { "SourcePath": "/etc/sysconfig/docker" } },
+              { "Name": "docker", "Host": { "SourcePath": "/var/run/docker.sock" } },
+              { "Name": "home" },
+              { "Name": "temp" }
+            ]
+          ]
+        }
       }
     },
     "ApiMonitorTasks": {
@@ -4515,7 +4548,7 @@
         "VersioningConfiguration": { "Status" : {"Ref": "EnableS3Versioning" } },
         "LifecycleConfiguration": { "Fn::If": [ "BlankLogRetention",
           { "Rules": [ { "NoncurrentVersionExpiration": { "NewerNoncurrentVersions" : 1, "NoncurrentDays" : 365 }, "Status": "Enabled" } ] },
-          { "Rules": [ 
+          { "Rules": [
             { "ExpirationInDays": { "Ref": "LogRetention" }, "Status": "Enabled" },
             { "NoncurrentVersionExpiration": { "NewerNoncurrentVersions" : 1, "NoncurrentDays" : 365 }, "Status": "Enabled" }
             ] }