diff --git a/.github/workflows/push-rdev.yml b/.github/workflows/push-rdev.yml index e524b94455..11296cb8c5 100644 --- a/.github/workflows/push-rdev.yml +++ b/.github/workflows/push-rdev.yml @@ -15,7 +15,7 @@ env: # https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services permissions: id-token: write - contents: read + contents: write jobs: build-push-images: @@ -45,17 +45,16 @@ jobs: - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v2 with: - role-session-name: BuildAndPushRdevImage aws-region: us-west-2 - role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} - role-duration-seconds: 900 + aws-access-key-id: ${{ secrets.THEIAGEN_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.THEIAGEN_AWS_SECRET_ACCESS_KEY }} - name: Build And Push uses: chanzuckerberg/github-actions/.github/actions/docker-build-push@docker-build-push-v1.3.1 with: dockerfile: ${{ matrix.image.dockerfile }} context: ${{ matrix.image.context }} name: ${{ matrix.image.name }} - registry: ${{ secrets.ECR_REPO }} + registry: 654654542669.dkr.ecr.us-west-2.amazonaws.com create-update-rdev: runs-on: ubuntu-20.04 diff --git a/.happy/config.json b/.happy/config.json index 78b1fe6795..63e307dd05 100644 --- a/.happy/config.json +++ b/.happy/config.json @@ -65,7 +65,7 @@ }, "environments": { "rdev": { - "aws_profile": "genepi-dev", + "aws_profile": "theia", "secret_arn": "happy/env-dev-config", "terraform_directory": ".happy/terraform/envs/dev", "log_group_prefix": "/genepi/dev", @@ -73,7 +73,7 @@ "auto_run_migrations": true }, "staging": { - "aws_profile": "genepi-dev", + "aws_profile": "theia", "secret_arn": "happy/env-gestaging-config", "terraform_directory": ".happy/terraform/envs/staging", "delete_protected": true, @@ -82,7 +82,7 @@ "task_launch_type": "fargate" }, "prod": { - "aws_profile": "genepi-prod", + "aws_profile": "theia", "secret_arn": "happy/env-geprod-config", "terraform_directory": ".happy/terraform/envs/prod", "delete_protected": true, @@ -99,4 +99,4 @@ "delete_db_task_definition_arn" ] } -} +} \ No newline at end of file diff --git a/.happy/terraform/envs/dev/.terraform.lock.hcl b/.happy/terraform/envs/dev/.terraform.lock.hcl new file mode 100644 index 0000000000..0a57355378 --- /dev/null +++ b/.happy/terraform/envs/dev/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.57.0" + constraints = ">= 4.45.0" + hashes = [ + "h1:KMPhyxoRthbmc11+RbClq5bricmGDICh1NgE3nPjN7U=", + "zh:03761bedb72290599aef0040d3cefb77842f0ef4338673a7e5b53557b0ca4960", + "zh:1c70c050116370688abd239979b06f33c5c8cb7f6e59e89f60cf08ee01666064", + "zh:1cc3b259028a65b2f68ffc25df876bbb0f46d108f262b8ec7c56fc597ac697af", + "zh:3bcdf1415b37f39b71e07d4d92977cf8697f07602382d63687d5f683fee0231a", + "zh:40b1774a2cacc84002ac88ef30fb017c273009456d7a1f9f7c5a4a057041ec75", + "zh:46d51fa066c6441594a1e242c9491cc31dbb2dc85f1acf8bc54ad6faa4de524b", + "zh:550e5635b0cd5d98fa66c2afd5dbb1563a8e019be9f760bd1543fbcca763f0c1", + "zh:7acc8357b5e02ed3eb478125614d049511d6faeb9850c084d6e6519db875f0d1", + "zh:7f7367299811ddf5560a0586e525d57dd52f1a0ca37e42e2c5284308069bf2b6", + "zh:8766cc10c83b1fc2e971c4e645bc4d3c871d4758eb54b0a3216600c66e3db681", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:a1e85b1fb9004d8ffab7600304e02bce4aa14cea9f0ad77fbd7b84aae6390760", + "zh:bcf2fc83bd9e20e5a930d9d596eb813c319f2b007c620b1818e574c1702eb9a9", + "zh:d2538fcb20dc2afc04b716f67969944eef7f4fc4296410116d5b7af1811100f2", + "zh:e0e47c5d8710bbfcfe4db1cfa81c67e320056006d08063e69640cd2d492c6f64", + ] +} diff --git a/.happy/terraform/envs/dev/locals.tf.json b/.happy/terraform/envs/dev/locals.tf.json new file mode 100644 index 0000000000..1a37959bb3 --- /dev/null +++ b/.happy/terraform/envs/dev/locals.tf.json @@ -0,0 +1,5 @@ +{ + "locals": { + "image_tag": "sha-7b63b07" + } +} \ No newline at end of file diff --git a/.happy/terraform/envs/dev/main.tf b/.happy/terraform/envs/dev/main.tf index c38219a21f..246c620415 100644 --- a/.happy/terraform/envs/dev/main.tf +++ b/.happy/terraform/envs/dev/main.tf @@ -1,16 +1,16 @@ -module stack { +module "stack" { source = "./modules/ecs-stack" aws_account_id = var.aws_account_id aws_role = var.aws_role happymeta_ = var.happymeta_ happy_config_secret = var.happy_config_secret - image_tag = var.image_tag - image_tags = jsondecode(var.image_tags) + image_tag = local.image_tag + image_tags = {} priority = var.priority stack_name = var.stack_name deployment_stage = "dev" delete_protected = false - require_okta = true + require_okta = false stack_prefix = "/${var.stack_name}" sql_import_file = "db_snapshots/dev_backup.sql" diff --git a/.happy/terraform/envs/dev/providers.tf b/.happy/terraform/envs/dev/providers.tf index aa64f754aa..a5257dbe74 100644 --- a/.happy/terraform/envs/dev/providers.tf +++ b/.happy/terraform/envs/dev/providers.tf @@ -1,8 +1,5 @@ -provider aws { - version = "~> 3.63.0" - region = "us-west-2" - assume_role { - role_arn = "arn:aws:iam::${var.aws_account_id}:role/${var.aws_role}" - } +provider "aws" { + region = "us-west-2" allowed_account_ids = [var.aws_account_id] -} + +} \ No newline at end of file diff --git a/.happy/terraform/envs/dev/variables.tf b/.happy/terraform/envs/dev/variables.tf index 9543c88064..bae5a5b08b 100644 --- a/.happy/terraform/envs/dev/variables.tf +++ b/.happy/terraform/envs/dev/variables.tf @@ -1,45 +1,40 @@ -variable aws_account_id { +variable "aws_account_id" { type = string description = "AWS account ID to apply changes to" + default = "654654542669" } -variable aws_role { +variable "aws_role" { type = string description = "Name of the AWS role to assume to apply changes" + default = "" } -variable image_tag { - type = string - description = "Please provide an image tag" -} - -variable image_tags { - type = string - description = "Override the default image tags (json-encoded map)" - default = "{}" -} - -variable priority { +variable "priority" { type = number description = "Listener rule priority number within the given listener" + default = 1234 } -variable happymeta_ { +variable "happymeta_" { type = string description = "Happy Path metadata. Ignored by actual terraform." + default = "{}" } -variable stack_name { +variable "stack_name" { type = string description = "Happy Path stack name" + default = "gedevstack-jheath" } -variable happy_config_secret { +variable "happy_config_secret" { type = string description = "Happy Path configuration secret name" + default = "happy/env-dev-config" } -variable wait_for_steady_state { +variable "wait_for_steady_state" { type = bool description = "Should terraform block until ECS reaches a steady state?" default = true diff --git a/.happy/terraform/envs/dev/versions.tf b/.happy/terraform/envs/dev/versions.tf new file mode 100644 index 0000000000..3e0214e299 --- /dev/null +++ b/.happy/terraform/envs/dev/versions.tf @@ -0,0 +1,20 @@ +terraform { + required_version = ">= 1.6.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.45" + } + } + + backend "s3" { + region = "us-west-2" + bucket = "genepi-prod-s3-tf-state-prod-prod-genepi-theia-stacks-state" + key = "czgenepi-dev.tfstate" + profile = "theia" + encrypt = "true" + + dynamodb_table = "genepi-prod-s3-tf-state-prod-prod-genepi-theia-stacks-state-lock" + } +} \ No newline at end of file diff --git a/.happy/terraform/envs/prod/locals.tf.json b/.happy/terraform/envs/prod/locals.tf.json new file mode 100644 index 0000000000..5eb8235254 --- /dev/null +++ b/.happy/terraform/envs/prod/locals.tf.json @@ -0,0 +1,6 @@ +{ + "locals": { + "image_tag": "sha-7ec47ca8", + "image_tags": "{}" + } +} \ No newline at end of file diff --git a/.happy/terraform/envs/prod/main.tf b/.happy/terraform/envs/prod/main.tf index dc863faec1..5ee46d43b4 100644 --- a/.happy/terraform/envs/prod/main.tf +++ b/.happy/terraform/envs/prod/main.tf @@ -1,11 +1,11 @@ -module stack { +module "stack" { source = "./modules/ecs-stack" aws_account_id = var.aws_account_id aws_role = var.aws_role happymeta_ = var.happymeta_ happy_config_secret = var.happy_config_secret - image_tag = var.image_tag - image_tags = jsondecode(var.image_tags) + image_tag = local.image_tag + image_tags = jsondecode(local.image_tags) priority = var.priority stack_name = var.stack_name deployment_stage = "geprod" diff --git a/.happy/terraform/envs/prod/providers.tf b/.happy/terraform/envs/prod/providers.tf index aa64f754aa..19a2c2a312 100644 --- a/.happy/terraform/envs/prod/providers.tf +++ b/.happy/terraform/envs/prod/providers.tf @@ -1,6 +1,5 @@ -provider aws { - version = "~> 3.63.0" - region = "us-west-2" +provider "aws" { + region = "us-west-2" assume_role { role_arn = "arn:aws:iam::${var.aws_account_id}:role/${var.aws_role}" } diff --git a/.happy/terraform/envs/prod/variables.tf b/.happy/terraform/envs/prod/variables.tf index 9543c88064..56fd9a45db 100644 --- a/.happy/terraform/envs/prod/variables.tf +++ b/.happy/terraform/envs/prod/variables.tf @@ -1,45 +1,40 @@ -variable aws_account_id { +variable "aws_account_id" { type = string description = "AWS account ID to apply changes to" + default = "829407189049" } -variable aws_role { +variable "aws_role" { type = string description = "Name of the AWS role to assume to apply changes" + default = "tfe-si" } -variable image_tag { - type = string - description = "Please provide an image tag" -} - -variable image_tags { - type = string - description = "Override the default image tags (json-encoded map)" - default = "{}" -} - -variable priority { +variable "priority" { type = number description = "Listener rule priority number within the given listener" + default = 1251 } -variable happymeta_ { +variable "happymeta_" { type = string description = "Happy Path metadata. Ignored by actual terraform." + default = "{}" } -variable stack_name { +variable "stack_name" { type = string description = "Happy Path stack name" + default = "geprodstack" } -variable happy_config_secret { +variable "happy_config_secret" { type = string description = "Happy Path configuration secret name" + default = "happy/env-geprod-config" } -variable wait_for_steady_state { +variable "wait_for_steady_state" { type = bool description = "Should terraform block until ECS reaches a steady state?" default = true diff --git a/.happy/terraform/envs/prod/versions.tf b/.happy/terraform/envs/prod/versions.tf new file mode 100644 index 0000000000..e003ded2af --- /dev/null +++ b/.happy/terraform/envs/prod/versions.tf @@ -0,0 +1,20 @@ +terraform { + required_version = ">= 1.6.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.45" + } + } + + backend "s3" { + region = "us-west-2" + bucket = "genepi-prod-s3-tf-state-prod-prod-genepi-stacks-state" + key = "terraform.tfstate" + role_arn = "arn:aws:iam::829407189049:role/tfe-si" + encrypt = "true" + + dynamodb_table = "genepi-prod-s3-tf-state-prod-prod-genepi-stacks-state-lock" + } +} \ No newline at end of file diff --git a/.happy/terraform/envs/staging/.terraform.lock.hcl b/.happy/terraform/envs/staging/.terraform.lock.hcl new file mode 100644 index 0000000000..48e2177c53 --- /dev/null +++ b/.happy/terraform/envs/staging/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.60.0" + constraints = ">= 4.45.0" + hashes = [ + "h1:p9+40kdklLTJLQ/y7wxNjuKxUK8AVB4L9424NGNK4rY=", + "zh:08f49c9eb865e136a55dda3eb2b790f6d55cdac49f6638391dbea4b865cf307b", + "zh:090dd8b40ebf0f8e9ea05b9a142add9caeb7988d3d96c5c112e8c67c0edf566f", + "zh:30f336af1b4f0824fce2cc6e81af0986b325b135436c9d892d081e435aeed67e", + "zh:338195ca3b41249874110253412d8913f770c22294af05799ea1e343050906f5", + "zh:3a8a45b17750b01192a0fbeeed0d05c2c04840344d78d5e3233b3ecbeec17a1c", + "zh:486efe72d39f0736d9b7e00e5b889288264458a57aa0cff2d75688d6db372ee5", + "zh:5fdccc448a085fea8ecfae43ae326840abfcdf1a0aa8b8c79dd466392aa5cc3a", + "zh:9521639755cd07ec7efde86a534770e436e16a93692d070a00f6419c1038d59c", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:c2fb9240a069da9f51e7379e76c3dfaad15a97430c2e32708a7d18345434e310", + "zh:daba836b89537dfa72bb8c77e88850c20fda2a3d0f5b3803cd3d6da0ce283e3e", + "zh:db7e0755ed120ed8311f6663f49aa7157da5072b906727db3a6c47d64e0b82c6", + "zh:ea5e3fca5197639c4ad1415ca96de2924a351ecd1a885dd9184843d5eec18dbb", + "zh:f3f322951d311e45a47361f24790a90a0b8ba6d3829a00c4066a361960d2ecef", + "zh:f48b44f4887d4b51a1406057f15f1e2161cb02b271b2659349958904c678e91c", + ] +} diff --git a/.happy/terraform/envs/staging/locals.tf.json b/.happy/terraform/envs/staging/locals.tf.json new file mode 100644 index 0000000000..1a37959bb3 --- /dev/null +++ b/.happy/terraform/envs/staging/locals.tf.json @@ -0,0 +1,5 @@ +{ + "locals": { + "image_tag": "sha-7b63b07" + } +} \ No newline at end of file diff --git a/.happy/terraform/envs/staging/main.tf b/.happy/terraform/envs/staging/main.tf index a1b2dcf8e4..53c527cccc 100644 --- a/.happy/terraform/envs/staging/main.tf +++ b/.happy/terraform/envs/staging/main.tf @@ -1,19 +1,19 @@ -module stack { +module "stack" { source = "./modules/ecs-stack" aws_account_id = var.aws_account_id aws_role = var.aws_role happymeta_ = var.happymeta_ happy_config_secret = var.happy_config_secret - image_tag = var.image_tag - image_tags = jsondecode(var.image_tags) + image_tag = local.image_tag + image_tags = {} priority = var.priority stack_name = var.stack_name deployment_stage = "gestaging" delete_protected = false require_okta = false sql_import_file = "db_snapshots/dev_backup.sql" - frontend_url = "https://staging.czgenepi.org" - backend_url = "https://api.staging.czgenepi.org" + frontend_url = "https://staging.testing-theiagenepi.org" + backend_url = "https://api.staging.testing-theiagenepi.org" stack_prefix = "" wait_for_steady_state = var.wait_for_steady_state diff --git a/.happy/terraform/envs/staging/providers.tf b/.happy/terraform/envs/staging/providers.tf index aa64f754aa..32c2320920 100644 --- a/.happy/terraform/envs/staging/providers.tf +++ b/.happy/terraform/envs/staging/providers.tf @@ -1,8 +1,4 @@ -provider aws { - version = "~> 3.63.0" - region = "us-west-2" - assume_role { - role_arn = "arn:aws:iam::${var.aws_account_id}:role/${var.aws_role}" - } +provider "aws" { + region = "us-west-2" allowed_account_ids = [var.aws_account_id] } diff --git a/.happy/terraform/envs/staging/variables.tf b/.happy/terraform/envs/staging/variables.tf index 9543c88064..a0ecd2de3b 100644 --- a/.happy/terraform/envs/staging/variables.tf +++ b/.happy/terraform/envs/staging/variables.tf @@ -1,45 +1,40 @@ -variable aws_account_id { +variable "aws_account_id" { type = string description = "AWS account ID to apply changes to" + default = "654654542669" } -variable aws_role { +variable "aws_role" { type = string description = "Name of the AWS role to assume to apply changes" + default = "tfe-si" } -variable image_tag { - type = string - description = "Please provide an image tag" -} - -variable image_tags { - type = string - description = "Override the default image tags (json-encoded map)" - default = "{}" -} - -variable priority { +variable "priority" { type = number description = "Listener rule priority number within the given listener" + default = 1234 } -variable happymeta_ { +variable "happymeta_" { type = string description = "Happy Path metadata. Ignored by actual terraform." + default = "" } -variable stack_name { +variable "stack_name" { type = string description = "Happy Path stack name" + default = "gestagingstack" } -variable happy_config_secret { +variable "happy_config_secret" { type = string description = "Happy Path configuration secret name" + default = "happy/env-gestaging-config" } -variable wait_for_steady_state { +variable "wait_for_steady_state" { type = bool description = "Should terraform block until ECS reaches a steady state?" default = true diff --git a/.happy/terraform/envs/staging/versions.tf b/.happy/terraform/envs/staging/versions.tf new file mode 100644 index 0000000000..6c399e0ef4 --- /dev/null +++ b/.happy/terraform/envs/staging/versions.tf @@ -0,0 +1,20 @@ +terraform { + required_version = ">= 1.6.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.45" + } + } + + backend "s3" { + region = "us-west-2" + bucket = "genepi-prod-s3-tf-state-prod-prod-genepi-theia-stacks-state" + key = "czgenepi-staging.tfstate" + profile = "theia" + encrypt = "true" + + dynamodb_table = "genepi-prod-s3-tf-state-prod-prod-genepi-theia-stacks-state-lock" + } +} \ No newline at end of file diff --git a/.happy/terraform/modules/ecs-stack/outputs.tf b/.happy/terraform/modules/ecs-stack/outputs.tf index 829efefd82..3e21efe7b1 100644 --- a/.happy/terraform/modules/ecs-stack/outputs.tf +++ b/.happy/terraform/modules/ecs-stack/outputs.tf @@ -1,19 +1,19 @@ -output frontend_url { +output "frontend_url" { value = local.frontend_url description = "The URL endpoint for the website service" } -output backend_url { +output "backend_url" { value = local.backend_url description = "The URL endpoint for the website service" } -output delete_db_task_definition_arn { +output "delete_db_task_definition_arn" { value = try(module.delete_db[0].task_definition_arn, "") description = "ARN of the Deletion ECS Task Definition" } -output migrate_db_task_definition_arn { +output "migrate_db_task_definition_arn" { value = module.migrate_db.task_definition_arn description = "ARN of the Migration ECS Task Definition" } diff --git a/src/backend/Dockerfile.nextstrain b/src/backend/Dockerfile.nextstrain index 660f7b2bf7..001420e4a9 100644 --- a/src/backend/Dockerfile.nextstrain +++ b/src/backend/Dockerfile.nextstrain @@ -28,6 +28,7 @@ RUN apt-get -qq update && apt-get -qq -y install \ seqtk \ unzip \ build-essential \ + gcc \ && locale-gen en_US.UTF-8 # Install DB certs. diff --git a/src/cli/aspencli.py b/src/cli/aspencli.py index 8d0f5968cb..09b0dfadec 100755 --- a/src/cli/aspencli.py +++ b/src/cli/aspencli.py @@ -12,7 +12,9 @@ import keyring import requests from auth0.v3.authentication.token_verifier import ( - AsymmetricSignatureVerifier, JwksFetcher) + AsymmetricSignatureVerifier, + JwksFetcher, +) from tabulate import tabulate @@ -222,7 +224,7 @@ def post(self, path, **kwargs): class CliConfig: api_urls = { - "staging": "https://api.staging.czgenepi.org", + "staging": "https://api.staging.testing-theiagenepi.org", "prod": "https://api.czgenepi.org", "rdev": "https://{stack}-backend.dev.czgenepi.org", "local": "http://backend.genepinet.localdev:3000", diff --git a/src/frontend/.env.staging.template b/src/frontend/.env.staging.template index 11a4ddb923..8f3cc241e8 100644 --- a/src/frontend/.env.staging.template +++ b/src/frontend/.env.staging.template @@ -1,5 +1,5 @@ USERNAME=CHANGE_ME PASSWORD=CHANGE_ME -BASEAPI=https://api.staging.czgenepi.org -BASEURL=https://staging.czgenepi.org +BASEAPI=https://api.staging.testing-theiagenepi.org +BASEURL=https://staging.testing-theiagenepi.org GROUPID=74 \ No newline at end of file